From f24bfe8ca3703d0013735e67ddb942b05f893034 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 7 Oct 2024 03:48:06 +0000
Subject: [PATCH] ban hal_dumpstate_default from execute_no_trans

It keeps people from using my domain to do random things,
which causes VTS failure like b/364989823.

Bug: 371497180
Test: build pass and adb bugreport
build fail when ag/28359861 is around.

Change-Id: I438bf2b026718a46bb841ab5e656d11eec630960
---
 gear/dumpstate/sepolicy/hal_dumpstate_default.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gear/dumpstate/sepolicy/hal_dumpstate_default.te b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
index 06ebb75..e0f0b09 100644
--- a/gear/dumpstate/sepolicy/hal_dumpstate_default.te
+++ b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
@@ -5,3 +5,8 @@ allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
 allow hal_dumpstate_default shell_data_file:file getattr;
 set_prop(hal_dumpstate_default, vendor_logger_prop)
 
+# All dumps that are executed via hal_dumpstate_default should use their
+# own domain to request their permissions to achieve compartmentalization.
+# go/pixel-bugreport has examples on how to do that.
+neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans;
+