From ca4c4e57b2db4b856f0cb28ff2f02b7a1da614b8 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@google.com>
Date: Tue, 30 Jan 2018 10:54:33 -0500
Subject: [PATCH] Remove rules for starting the webview_zygote as a child of
 init.

The webview_zygote is now launched as a child-zygote process from the
main zygote process.

Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
      renders correctly via the WebView.
Change-Id: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
---
 private/compat/26.0/26.0.cil |  1 +
 private/file_contexts        |  3 ---
 private/isolated_app.te      |  2 +-
 private/system_server.te     |  4 +++-
 private/webview_zygote.te    | 11 +++++------
 public/domain.te             |  2 +-
 public/file.te               |  1 -
 7 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 84a34cfb8..4cffaab00 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -11,6 +11,7 @@
 (type tracing_shell_writable)
 (type tracing_shell_writable_debug)
 (type vold_socket)
+(type webview_zygote_socket)
 
 (typeattributeset accessibility_service_26_0 (accessibility_service))
 (typeattributeset account_service_26_0 (account_service))
diff --git a/private/file_contexts b/private/file_contexts
index 540757d97..7450f9894 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -155,7 +155,6 @@
 /dev/socket/traced_producer	u:object_r:traced_producer_socket:s0
 /dev/socket/traced_consumer	u:object_r:traced_consumer_socket:s0
 /dev/socket/uncrypt	u:object_r:uncrypt_socket:s0
-/dev/socket/webview_zygote	u:object_r:webview_zygote_socket:s0
 /dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
 /dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
 /dev/socket/zygote	u:object_r:zygote_socket:s0
@@ -274,8 +273,6 @@
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
 /system/bin/storaged             u:object_r:storaged_exec:s0
 /system/bin/thermalserviced      u:object_r:thermalserviced_exec:s0
-/system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
-/system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/bin/wpantund             u:object_r:wpantund_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 06ed2c82c..a6276b38c 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -108,7 +108,7 @@ neverallow isolated_app sdcard_type:file ~{ read write append getattr lock };
 neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
 
 # Restrict the webview_zygote control socket.
-neverallow isolated_app webview_zygote_socket:sock_file write;
+neverallow isolated_app webview_zygote:sock_file write;
 
 # Limit the /sys files which isolated_app can access. This is important
 # for controlling isolated_app attack surface.
diff --git a/private/system_server.te b/private/system_server.te
index 6d485ff1a..02d01f4ff 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -152,7 +152,6 @@ allow system_server self:tun_socket create_socket_perms_no_ioctl;
 unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, mtpd, mtp)
 unix_socket_connect(system_server, netd, netd)
-unix_socket_connect(system_server, webview_zygote, webview_zygote)
 unix_socket_connect(system_server, zygote, zygote)
 unix_socket_connect(system_server, racoon, racoon)
 unix_socket_connect(system_server, uncrypt, uncrypt)
@@ -160,6 +159,9 @@ unix_socket_connect(system_server, uncrypt, uncrypt)
 # Communicate over a socket created by surfaceflinger.
 allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 
+# Communicate over a socket created by webview_zygote.
+allow system_server webview_zygote:unix_stream_socket { read write connectto setopt };
+
 # Perform Binder IPC.
 binder_use(system_server)
 binder_call(system_server, appdomain)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index e0921127b..a637a8b04 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -6,9 +6,9 @@ typeattribute webview_zygote coredomain;
 # The webview_zygote needs to be able to transition domains.
 typeattribute webview_zygote mlstrustedsubject;
 
-# When init launches the WebView zygote's executable, transition the
-# resulting process into webview_zygote domain.
-init_daemon_domain(webview_zygote)
+# Allow access to temporary files, which is normally permitted through
+# a domain macro.
+tmpfs_domain(webview_zygote);
 
 # Allow reading/executing installed binaries to enable preloading the
 # installed WebView implementation.
@@ -84,9 +84,8 @@ neverallow webview_zygote { domain -crash_dump }:process transition;
 # Having said that, exec() above is not allowed.
 neverallow webview_zygote *:file execute_no_trans;
 
-# The only way to enter this domain is for init to exec() us or the zygote
-# to fork a new webview_zygote child.
-neverallow { domain -init } webview_zygote:process transition;
+# The only way to enter this domain is for the zygote to fork a new
+# webview_zygote child.
 neverallow { domain -zygote } webview_zygote:process dyntransition;
 
 # Disallow write access to properties.
diff --git a/public/domain.te b/public/domain.te
index 0cc29fb17..07accc558 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -993,7 +993,7 @@ neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto
 neverallow { domain -system_server } zygote_socket:sock_file write;
 
 neverallow { domain -system_server -webview_zygote } webview_zygote:unix_stream_socket connectto;
-neverallow { domain -system_server } webview_zygote_socket:sock_file write;
+neverallow { domain -system_server } webview_zygote:sock_file write;
 
 neverallow {
   domain
diff --git a/public/file.te b/public/file.te
index 8d56331eb..cf1dcae62 100644
--- a/public/file.te
+++ b/public/file.te
@@ -332,7 +332,6 @@ type tombstoned_intercept_socket, file_type, coredomain_socket;
 type traced_producer_socket, file_type, coredomain_socket;
 type traced_consumer_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
-type webview_zygote_socket, file_type, coredomain_socket;
 type wpa_socket, file_type, data_file_type, core_data_file_type;
 type zygote_socket, file_type, coredomain_socket;
 # UART (for GPS) control proc file
-- 
GitLab