wahoo: Make vendor script use vendor shell and vendor toybox

This also enables us to remove the vendor_executes_system_violator
attribute from all the vendor scripts launched from init.

Bug: 37914554
Test: Build and boot and ensure all services exited with status 0.

Change-Id: If692b17b45f91ff128608c3f6e9524847c1af69f
Signed-off-by: Sandeep Patil <sspatil@google.com>

init.insmod.sh

@@ -1,4 +1,4 @@
-#!/system/bin/sh
+#! /vendor/bin/sh
 
 #########################################
 ### init.insmod.cfg format:           ###

init.power.sh

@@ -1,4 +1,4 @@
-#!/system/bin/sh
+#! /vendor/bin/sh
 
 ################################################################################
 # helper functions to allow Android init like script

init.qcom.devstart.sh

@@ -1,4 +1,4 @@
-#!/system/bin/sh
+#! /vendor/bin/sh
 
 echo 1 > /sys/kernel/boot_adsp/boot
 echo 1 > /sys/kernel/boot_slpi/boot

init.qcom.ipastart.sh

@@ -1,3 +1,3 @@
-#!/system/bin/sh
+#! /vendor/bin/sh
 
 echo 1 > /dev/ipa

init.radio.sh

@@ -1,4 +1,4 @@
-#!/system/bin/sh
+#! /vendor/bin/sh
 
 #
 # Copy qcril.db if needed for RIL

sepolicy/vendor/init-devstart-sh.te

@@ -1,12 +1,10 @@
-type init-qcom-devstart-sh, domain, vendor_executes_system_violators;
+type init-qcom-devstart-sh, domain;
 type init-qcom-devstart-sh_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(init-qcom-devstart-sh)
 
-allow init-qcom-devstart-sh shell_exec:file rx_file_perms;
-
-# execute toybox/toolbox
-allow init-qcom-devstart-sh toolbox_exec:file rx_file_perms;
+allow init-qcom-devstart-sh vendor_shell_exec:file rx_file_perms;
+allow init-qcom-devstart-sh vendor_toolbox_exec:file rx_file_perms;
 
 # Set the sys.qcom.devup property
 set_prop(init-qcom-devstart-sh, system_prop)

sepolicy/vendor/init-insmod-sh.te

@@ -1,12 +1,10 @@
-type init-insmod-sh, domain, vendor_executes_system_violators;
+type init-insmod-sh, domain;
 type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(init-insmod-sh)
 
-allow init-insmod-sh shell_exec:file rx_file_perms;
-
-# execute toybox/toolbox
-allow init-insmod-sh toolbox_exec:file rx_file_perms;
+allow init-insmod-sh vendor_shell_exec:file rx_file_perms;
+allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms;
 
 # Set the sys.touch.modules.ready property
 set_prop(init-insmod-sh, system_prop)

sepolicy/vendor/init-ipastart-sh.te

@@ -1,9 +1,10 @@
-type init-qcom-ipastart-sh, domain, vendor_executes_system_violators;
+type init-qcom-ipastart-sh, domain;
 type init-qcom-ipastart-sh_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(init-qcom-ipastart-sh)
 
-allow init-qcom-ipastart-sh shell_exec:file rx_file_perms;
+allow init-qcom-ipastart-sh vendor_shell_exec:file rx_file_perms;
+allow init-qcom-ipastart-sh vendor_toolbox_exec:file rx_file_perms;
 
 # Set /dev/ipa to 1
 allow init-qcom-ipastart-sh ipa_dev:chr_file w_file_perms;

sepolicy/vendor/init_power.te

@@ -1,12 +1,12 @@
-type init_power, domain, vendor_executes_system_violators;
+type init_power, domain;
 type init_power_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(init_power)
 
 set_prop(init_power, post_boot_prop)
 
-allow init_power shell_exec:file rx_file_perms;
-allow init_power toolbox_exec:file rx_file_perms;
+allow init_power vendor_shell_exec:file rx_file_perms;
+allow init_power vendor_toolbox_exec:file rx_file_perms;
 
 r_dir_file(init_power, sysfs_msm_subsys)
 

sepolicy/vendor/init_radio.te

@@ -1,11 +1,11 @@
 # /vendor/bin/init.radio.sh
-type init_radio, domain, vendor_executes_system_violators;
+type init_radio, domain;
 type init_radio_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(init_radio)
 
-allow init_radio shell_exec:file r_file_perms;
-allow init_radio toolbox_exec:file rx_file_perms;
+allow init_radio vendor_shell_exec:file rx_file_perms;
+allow init_radio vendor_toolbox_exec:file rx_file_perms;
 
 allow init_radio radio_data_file:dir create_dir_perms;
 allow init_radio radio_data_file:file create_file_perms;