Merge "Revert "Further restrict access to Binder services from vendor"" into oc-dev am: d7a2f60d

am: 134c7182 Change-Id: I23e7aa2a87f34a4adc5fd5eac85710db6238d9db

Merge "Revert "Further restrict access to Binder services from vendor"" into oc-dev am: d7a2f60d
dee8e4fd · Ian Pedowitz · android-build-merger · 49358a58 · 134c7182 · dee8e4fd
Commit dee8e4fd authored 7 years ago by Ian Pedowitz Committed by android-build-merger 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -442,36 +442,19 @@ full_treble_only(`
    -appdomain
    -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
  } binder_device:chr_file rw_file_perms;
-  neverallow {
-    domain
-    -coredomain
-    -appdomain # restrictions for vendor apps are declared lower down
-    -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
-  } service_manager_type:service_manager find;
-  # Vendor apps are permited to use only stable public services. If they were to use arbitrary
-  # services which can change any time framework/core is updated, breakage is likely.
-  neverallow {
-    appdomain
-    -coredomain
-  } {
-    service_manager_type
-    -app_api_service
-    -ephemeral_app_api_service
-  }:service_manager find;
  neverallow {
    domain
    -coredomain
    -appdomain
    -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
  } servicemanager:binder { call transfer };
-')

-##
-# On full TREBLE devices core android components and vendor components may
-# not directly access each other's data types. All communication must occur
-# over HW binder. Open file descriptors may be passed and read/write/stat
-# operations my be performed on those FDs. Disallow all other operations.
-full_treble_only(`
+  ##
+  # On full TREBLE devices core android components and vendor components may
+  # not directly access each other data types. All communication must occur
+  # over HW binder. Open file descriptors may be passed and read/write/stat
+  # operations my be performed on those FDs. Disallow all other operations.
+  #
  # do not allow vendor component access to coredomains data types
  neverallow {
    domain
@@ -496,6 +479,7 @@ full_treble_only(`
    -appdomain
    -coredata_in_vendor_violators
  } system_data_file:dir ~search;
+
 ')

 # On full TREBLE devices, socket communications between core components and vendor components are