Update binder-related policy.
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.
Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/te_macros b/te_macros
index 6354496..7883c40 100644
--- a/te_macros
+++ b/te_macros
@@ -152,10 +152,8 @@
# binder_use(domain)
# Allow domain to use Binder IPC.
define(`binder_use', `
-# Get Binder references from the servicemanager.
-allow $1 servicemanager:binder call;
-# Transfer and receive own Binder references.
-allow $1 self:binder { transfer receive };
+# Call the servicemanager and transfer references to it.
+allow $1 servicemanager:binder { call transfer };
# Map /dev/ashmem with PROT_EXEC.
allow $1 ashmem_device:chr_file execute;
# rw access to /dev/binder and /dev/ashmem is presently granted to
@@ -166,20 +164,15 @@
# binder_call(clientdomain, serverdomain)
# Allow clientdomain to perform binder IPC to serverdomain.
define(`binder_call', `
-# First we receive a Binder ref to the server, then we call it.
-allow $1 $2:binder { receive call };
+# Call the server domain and optionally transfer references to it.
+allow $1 $2:binder { call transfer };
+# Allow the serverdomain to transfer references to the client on the reply.
+allow $2 $1:binder transfer;
# Receive and use open files from the server.
allow $1 $2:fd use;
')
#####################################
-# binder_transfer(clientdomain, serverdomain)
-# Allow clientdomain to transfer Binder references created by serverdomain.
-define(`binder_transfer', `
-allow $1 $2:binder transfer;
-')
-
-#####################################
# binder_service(domain)
# Mark a domain as being a Binder service domain.
# Used to allow binder IPC to the various system services.