From c450759e8e67caa7a77ca078b1478b018a9b848b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 24 Apr 2015 16:59:43 +0000
Subject: [PATCH] Revert "SELinux policy changes for re-execing init."

shamu isn't booting.

This reverts commit 46e832f5624e21ab155deb35c52b8127a2c678ae.

Change-Id: Ib697745a9a1618061bc72f8fddd7ee88c1ac5eca
---
 domain.te     |  3 +--
 file_contexts |  2 +-
 init.te       | 29 ++++++-----------------------
 kernel.te     | 28 +++++++++++++++++++++-------
 4 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/domain.te b/domain.te
index 7bc2292d5..c7fe3be7a 100644
--- a/domain.te
+++ b/domain.te
@@ -299,8 +299,7 @@ neverallow { domain -init } property_data_file:file no_w_file_perms;
 
 # Only recovery should be doing writes to /system
 neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
-    { create write setattr relabelfrom append unlink link rename };
-neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto;
+    { create write setattr relabelfrom relabelto append unlink link rename };
 
 # Don't allow mounting on top of /system files or directories
 neverallow domain { system_file exec_type }:dir_file_class_set mounton;
diff --git a/file_contexts b/file_contexts
index 0fc096dcb..e36a6c384 100644
--- a/file_contexts
+++ b/file_contexts
@@ -12,7 +12,7 @@
 
 # Executables
 /charger		u:object_r:rootfs:s0
-/init			u:object_r:init_exec:s0
+/init			u:object_r:rootfs:s0
 /sbin(/.*)?		u:object_r:rootfs:s0
 
 # Empty directories
diff --git a/init.te b/init.te
index 9f68bb85d..78f460a4d 100644
--- a/init.te
+++ b/init.te
@@ -1,22 +1,7 @@
-# init is its own domain.
+# init switches to init domain (via init.rc).
 type init, domain, mlstrustedsubject;
 tmpfs_domain(init)
 
-# The init domain is entered by execing init.
-type init_exec, exec_type, file_type;
-
-# /dev/__null__ node created by init.
-allow init tmpfs:chr_file create_file_perms;
-
-#
-# init direct restorecon calls.
-#
-# /dev/socket
-allow init { device socket_device }:dir relabelto;
-# /dev/__properties__
-allow init tmpfs:file relabelfrom;
-allow init properties_device:file relabelto;
-
 # setrlimit
 allow init self:capability sys_resource;
 
@@ -45,8 +30,6 @@ allow init self:capability sys_admin;
 allow init rootfs:dir create_dir_perms;
 allow init rootfs:dir mounton;
 
-allow init proc:dir mounton;
-
 # Mount on /dev/usb-ffs/adb.
 allow init device:dir mounton;
 
@@ -161,8 +144,8 @@ recovery_only(`
   domain_trans(init, rootfs, recovery)
 ')
 domain_trans(init, shell_exec, shell)
-domain_trans(init, init_exec, ueventd)
-domain_trans(init, init_exec, watchdogd)
+domain_trans(init, rootfs, ueventd)
+domain_trans(init, rootfs, watchdogd)
 
 # Support "adb shell stop"
 allow init self:capability kill;
@@ -274,9 +257,9 @@ unix_socket_connect(init, vold, vold)
 
 # The init domain is only entered via setcon from the kernel domain,
 # never via an exec-based transition.
-neverallow domain init:process dyntransition;
-neverallow { domain -kernel} init:process transition;
-neverallow init { file_type fs_type -init_exec }:file entrypoint;
+neverallow { domain -kernel} init:process dyntransition;
+neverallow domain init:process transition;
+neverallow init { file_type fs_type }:file entrypoint;
 
 # Never read/follow symlinks created by shell or untrusted apps.
 neverallow init shell_data_file:lnk_file read;
diff --git a/kernel.te b/kernel.te
index 72325c2f3..f570ac21c 100644
--- a/kernel.te
+++ b/kernel.te
@@ -3,11 +3,15 @@ type kernel, domain, mlstrustedsubject;
 
 allow kernel self:capability sys_nice;
 
-# Allow init relabel itself.
-allow kernel rootfs:file relabelfrom;
-allow kernel init_exec:file relabelto;
-# TODO: investigate why we need this.
-allow kernel init:process share;
+# Run /init before we have switched domains.
+allow kernel rootfs:file execute_no_trans;
+
+# /dev/__null__ node created by init prior to policy load.
+allow kernel tmpfs:chr_file rw_file_perms;
+
+# setcon to init domain.
+allow kernel self:process setcurrent;
+allow kernel init:process dyntransition;
 
 # cgroup filesystem initialization prior to setting the cgroup root directory label.
 allow kernel unlabeled:dir search;
@@ -16,6 +20,18 @@ allow kernel unlabeled:dir search;
 allow kernel usbfs:filesystem mount;
 allow kernel usbfs:dir search;
 
+# init direct restorecon calls prior to switching to init domain
+# /dev and /dev/socket
+allow kernel tmpfs:dir relabelfrom;
+allow kernel { device socket_device }:dir relabelto;
+# /dev/__properties__
+allow kernel tmpfs:file relabelfrom;
+allow kernel properties_device:file relabelto;
+# /sys
+allow kernel sysfs:{ dir file lnk_file } relabelfrom;
+allow kernel sysfs_type:{ dir file lnk_file } relabelto;
+allow kernel sysfs_type:dir r_dir_perms;
+
 # Initial setenforce by init prior to switching to init domain.
 # We use dontaudit instead of allow to prevent a kernel spawned userspace
 # process from turning off SELinux once enabled.
@@ -42,8 +58,6 @@ allow kernel vold:fd use;
 allow kernel app_data_file:file read;
 allow kernel asec_image_file:file read;
 
-domain_auto_trans(kernel, init_exec, init)
-
 ###
 ### neverallow rules
 ###
-- 
GitLab