bb1432b61b
system properties must not be used as a communication channel in between system and vendor processes. However, there has been no enforcement on this: system process could write system properties that are owned and read by vendor processes and vice versa. Such communication should be done over hwbinder and should be formally specified in HIDL. Until we finish migrating the existing use cases of sysprops to HIDL, whitelisting them in system_writes_vendor_properties_violators so that the violators are clearly tracked. These violators are allowed only for P, but not for Q. Bug: 78598545 Test: m -j selinux_policy when choosecombo'ed to aosp_arm64 Change-Id: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b
5 lines
205 B
Text
5 lines
205 B
Text
allow surfaceflinger self:process execmem;
|
|
allow surfaceflinger ashmem_device:chr_file execute;
|
|
|
|
typeattribute surfaceflinger system_writes_vendor_properties_violators;
|
|
set_prop(surfaceflinger, qemu_prop)
|