am 42fb824c: Refactor the shell domains.

* commit '42fb824c': Refactor the shell domains.

am 42fb824c: Refactor the shell domains.
d352fba1 · Stephen Smalley · Android Git Automerger · 0bcbc6c4 · 42fb824c · d352fba1
Commit d352fba1 authored 10 years ago by Stephen Smalley Committed by Android Git Automerger 10 years ago
--- a/app.te
+++ b/app.te
@@ -316,7 +316,7 @@ neverallow { appdomain -unconfineddomain }
 # Access to syslog(2) or /proc/kmsg.
 neverallow { appdomain -system_app }
    kernel:system { syslog_mod syslog_console };
-neverallow { appdomain -system_app -shelldomain }
+neverallow { appdomain -system_app -shell }
    kernel:system syslog_read;

 # Ability to perform any filesystem operation other than statfs(2).

--- a/attributes
+++ b/attributes
@@ -50,9 +50,6 @@ attribute mlstrustedobject;
 # Domains that are allowed all permissions ("unconfined").
 attribute unconfineddomain;

-# All domains used for shells.
-attribute shelldomain;
-
 # All domains used for apps.
 attribute appdomain;


--- a/domain.te
+++ b/domain.te
@@ -248,7 +248,7 @@ neverallow {
    domain
    -appdomain
    -dumpstate
-    -shelldomain
+    -shell
    userdebug_or_eng(`-su')
    -system_server
    -zygote

--- a/init_shell.te
+++ b/init_shell.te
 # Restricted domain for shell processes spawned by init.
 # Normally these are shell commands or scripts invoked via sh
 # from an init*.rc file.  No service should ever run in this domain.
-type init_shell, domain, shelldomain;
+type init_shell, domain;
 domain_auto_trans(init, shell_exec, init_shell)
-unconfined_domain(init_shell)
-
-# inherits from shelldomain.te
+permissive_or_unconfined(init_shell)
--- a/shell.te
+++ b/shell.te
 # Domain for shell processes spawned by ADB or console service.
-type shell, domain, shelldomain, mlstrustedsubject;
+type shell, domain, mlstrustedsubject;
 type shell_exec, exec_type, file_type;

 # Create and use network sockets.
@@ -17,4 +17,38 @@ control_logd(shell)
 allow shell anr_data_file:dir r_dir_perms;
 allow shell anr_data_file:file r_file_perms;

-# inherits from shelldomain.te
+# Access /data/local/tmp.
+allow shell shell_data_file:dir create_dir_perms;
+allow shell shell_data_file:file create_file_perms;
+allow shell shell_data_file:file rx_file_perms;
+
+# adb bugreport
+unix_socket_connect(shell, dumpstate, dumpstate)
+
+allow shell rootfs:dir r_dir_perms;
+allow shell devpts:chr_file rw_file_perms;
+allow shell tty_device:chr_file rw_file_perms;
+allow shell console_device:chr_file rw_file_perms;
+allow shell input_device:chr_file rw_file_perms;
+allow shell system_file:file x_file_perms;
+allow shell shell_exec:file rx_file_perms;
+allow shell zygote_exec:file rx_file_perms;
+
+r_dir_file(shell, apk_data_file)
+
+# Set properties.
+unix_socket_connect(shell, property, init)
+allow shell shell_prop:property_service set;
+allow shell ctl_dumpstate_prop:property_service set;
+allow shell debug_prop:property_service set;
+allow shell powerctl_prop:property_service set;
+
+# systrace support - allow atrace to run
+# debugfs doesn't support labeling individual files, so we have
+# to grant read access to all of /sys/kernel/debug.
+# Directory read access and file write access is already granted
+# in domain.te.
+allow shell debugfs:file r_file_perms;
+
+# allow shell to run dmesg
+allow shell kernel:system syslog_read;
--- a/shelldomain.te
+++ b/shelldomain.te
-# Rules for all shell domains (e.g. console service and adb shell).
-
-# Access /data/local/tmp.
-allow shelldomain shell_data_file:dir create_dir_perms;
-allow shelldomain shell_data_file:file create_file_perms;
-allow shelldomain shell_data_file:file rx_file_perms;
-
-# adb bugreport
-unix_socket_connect(shelldomain, dumpstate, dumpstate)
-
-allow shelldomain rootfs:dir r_dir_perms;
-allow shelldomain devpts:chr_file rw_file_perms;
-allow shelldomain tty_device:chr_file rw_file_perms;
-allow shelldomain console_device:chr_file rw_file_perms;
-allow shelldomain input_device:chr_file rw_file_perms;
-allow shelldomain system_file:file x_file_perms;
-allow shelldomain shell_exec:file rx_file_perms;
-allow shelldomain zygote_exec:file rx_file_perms;
-
-r_dir_file(shelldomain, apk_data_file)
-
-# Set properties.
-unix_socket_connect(shelldomain, property, init)
-allow shelldomain shell_prop:property_service set;
-allow shelldomain ctl_dumpstate_prop:property_service set;
-allow shelldomain debug_prop:property_service set;
-allow shelldomain powerctl_prop:property_service set;
-
-# systrace support - allow atrace to run
-# debugfs doesn't support labeling individual files, so we have
-# to grant read access to all of /sys/kernel/debug.
-# Directory read access and file write access is already granted
-# in domain.te.
-allow shelldomain debugfs:file r_file_perms;
-
-# allow shell to run dmesg
-allow shelldomain kernel:system syslog_read;