From dc88dca115791053d00354785be37a38259b3781 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 12 Mar 2014 13:31:14 -0400
Subject: [PATCH] Get rid of separate platform_app_data_file type.

The original concept was to allow separation between /data/data/<pkgdir>
files of "platform" apps (signed by one of the four build keys) and
untrusted apps.  But we had to allow read/write to support passing of
open files via Binder or local socket for compatibilty, and it seems
that direct open by pathname is in fact used in Android as well,
only passing the pathname via Binder or local socket.  So there is no
real benefit to keeping it as a separate type.

Retain a type alias for platform_app_data_file to app_data_file until
restorecon /data/data support is in place to provide compatibility.

Change-Id: Ic15066f48765322ad40500b2ba2801bb3ced5489
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te               | 4 ----
 drmserver.te         | 1 -
 file.te              | 3 ++-
 installd.te          | 1 -
 media_app.te         | 2 +-
 mediaserver.te       | 1 -
 platformappdomain.te | 9 ++-------
 seapp_contexts       | 8 ++++----
 surfaceflinger.te    | 1 -
 9 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/app.te b/app.te
index 3081f5388..11e5f3366 100644
--- a/app.te
+++ b/app.te
@@ -48,10 +48,6 @@ allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr ge
 allow appdomain app_data_file:dir create_dir_perms;
 allow appdomain app_data_file:notdevfile_class_set create_file_perms;
 
-# Read/write data files created by the platform apps if they
-# were passed to the app via binder or local IPC.  Do not allow open.
-allow appdomain platform_app_data_file:file { getattr read write };
-
 # lib subdirectory of /data/data dir is system-owned.
 allow appdomain system_data_file:dir r_dir_perms;
 allow appdomain system_data_file:file { execute execute_no_trans open };
diff --git a/drmserver.te b/drmserver.te
index a11700c1b..b4191118d 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -20,7 +20,6 @@ allow drmserver sdcard_type:dir search;
 allow drmserver drm_data_file:dir create_dir_perms;
 allow drmserver drm_data_file:file create_file_perms;
 allow drmserver tee_device:chr_file rw_file_perms;
-allow drmserver platform_app_data_file:file { read write getattr };
 allow drmserver app_data_file:file { read write getattr };
 allow drmserver sdcard_type:file { read write getattr };
 r_dir_file(drmserver, efs_file)
diff --git a/file.te b/file.te
index f1bcafdbd..3d85bcf72 100644
--- a/file.te
+++ b/file.te
@@ -76,7 +76,8 @@ type zoneinfo_data_file, file_type, data_file_type;
 typealias audio_data_file alias audio_firmware_file;
 # /data/data subdirectories - app sandboxes
 type app_data_file, file_type, data_file_type;
-type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
+# Compatibility with type name used in Android 4.3 and 4.4.
+typealias app_data_file alias platform_app_data_file;
 # Default type for anything under /cache
 type cache_file, file_type, mlstrustedobject;
 # Type for /cache/.*\.{data|restore} and default
diff --git a/installd.te b/installd.te
index 7c7215871..b9c212572 100644
--- a/installd.te
+++ b/installd.te
@@ -24,7 +24,6 @@ selinux_check_context(installd)
 # Read /seapp_contexts and /data/security/seapp_contexts
 security_access_policy(installd)
 # ASEC
-allow installd platform_app_data_file:lnk_file { create setattr };
 allow installd app_data_file:lnk_file { create setattr };
 allow installd asec_apk_file:file r_file_perms;
 allow installd bluetooth_data_file:lnk_file { create setattr };
diff --git a/media_app.te b/media_app.te
index 099e0a6ff..cebf79ce4 100644
--- a/media_app.te
+++ b/media_app.te
@@ -18,7 +18,7 @@ allow media_app download_file:dir rw_dir_perms;
 allow media_app download_file:file create_file_perms;
 # Allow platform apps to mark platform app data files as download files
 relabelto_domain(media_app)
-allow media_app platform_app_data_file:dir relabelfrom;
+allow media_app app_data_file:dir relabelfrom;
 allow media_app download_file:dir relabelto;
 
 # inherits from platformappdomain.te
diff --git a/mediaserver.te b/mediaserver.te
index 1019fc729..faec50dad 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -22,7 +22,6 @@ allow mediaserver media_data_file:dir create_dir_perms;
 allow mediaserver media_data_file:file create_file_perms;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file rw_file_perms;
-allow mediaserver platform_app_data_file:file { getattr read };
 allow mediaserver sdcard_type:file write;
 allow mediaserver { gpu_device graphics_device }:chr_file rw_file_perms;
 allow mediaserver video_device:dir r_dir_perms;
diff --git a/platformappdomain.te b/platformappdomain.te
index 701a63694..5ba86017b 100644
--- a/platformappdomain.te
+++ b/platformappdomain.te
@@ -3,19 +3,14 @@
 # These rules are inherited by any domain that includes platform_app_domain().
 # Presently this consists of the four app domains corresponding to apps
 # signed by one of the four build keys: platform_app, shared_app, media_app,
-# release_app.  These app domains use platform_app_data_file rather
-# than app_data_file for their /data/data directories (as specified via
-# type= in seapp_contexts) and have greater permissions to specific
+# release_app.  These app domains have greater permissions to specific
 # directories owned by groups that are restricted to apps with
 # Android permissions that are signature|system.
 
-# App sandbox file accesses.
-allow platformappdomain platform_app_data_file:dir create_dir_perms;
-allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_perms;
-allow platformappdomain platform_app_data_file:file execute;
 # Access to /data/media.
 allow platformappdomain media_rw_data_file:dir create_dir_perms;
 allow platformappdomain media_rw_data_file:file create_file_perms;
+
 # Write to /cache.
 allow platformappdomain cache_file:dir create_dir_perms;
 allow platformappdomain cache_file:file create_file_perms;
diff --git a/seapp_contexts b/seapp_contexts
index 0a7809511..05f048692 100644
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -40,10 +40,10 @@ user=bluetooth domain=bluetooth type=bluetooth_data_file
 user=nfc domain=nfc type=nfc_data_file
 user=radio domain=radio type=radio_data_file
 user=_app domain=untrusted_app type=app_data_file
-user=_app seinfo=platform domain=platform_app type=platform_app_data_file
-user=_app seinfo=shared domain=shared_app type=platform_app_data_file
-user=_app seinfo=media domain=media_app type=platform_app_data_file
+user=_app seinfo=platform domain=platform_app type=app_data_file
+user=_app seinfo=shared domain=shared_app type=app_data_file
+user=_app seinfo=media domain=media_app type=app_data_file
 user=_app seinfo=media name=com.android.providers.downloads path=cache* type=download_file
-user=_app seinfo=release domain=release_app type=platform_app_data_file
+user=_app seinfo=release domain=release_app type=app_data_file
 user=_isolated domain=isolated_app
 user=shell domain=shell type=shell_data_file
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 126824791..cb67855ba 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -42,7 +42,6 @@ allow surfaceflinger ctl_default_prop:property_service set;
 
 # Use open files supplied by an app.
 allow surfaceflinger appdomain:fd use;
-allow surfaceflinger platform_app_data_file:file { read write };
 allow surfaceflinger app_data_file:file { read write };
 
 # Use open file provided by bootanim.
-- 
GitLab