2018-11-01 12:05:20 +01:00
|
|
|
type apexd_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type audio_prop, property_type, core_property_type;
|
2016-12-14 04:50:36 +01:00
|
|
|
type boottime_prop, property_type;
|
2018-04-09 05:07:32 +02:00
|
|
|
type bluetooth_a2dp_offload_prop, property_type;
|
2019-03-18 04:07:32 +01:00
|
|
|
type bluetooth_audio_hal_prop, property_type;
|
2016-12-28 03:05:46 +01:00
|
|
|
type bluetooth_prop, property_type;
|
2019-01-11 14:32:45 +01:00
|
|
|
type bpf_progs_loaded_prop, property_type;
|
2017-08-14 23:25:10 +02:00
|
|
|
type bootloader_boot_reason_prop, property_type;
|
2019-07-08 19:57:46 +02:00
|
|
|
type charger_prop, property_type;
|
2019-06-18 18:53:51 +02:00
|
|
|
type cold_boot_done_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type config_prop, property_type, core_property_type;
|
|
|
|
type cppreopt_prop, property_type, core_property_type;
|
2018-11-06 00:03:16 +01:00
|
|
|
type cpu_variant_prop, property_type;
|
2018-06-26 21:52:21 +02:00
|
|
|
type ctl_adbd_prop, property_type;
|
2019-06-13 02:45:05 +02:00
|
|
|
type ctl_apexd_prop, property_type;
|
2015-12-09 17:47:02 +01:00
|
|
|
type ctl_bootanim_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type ctl_bugreport_prop, property_type;
|
|
|
|
type ctl_console_prop, property_type;
|
2015-12-09 17:47:02 +01:00
|
|
|
type ctl_default_prop, property_type;
|
|
|
|
type ctl_dumpstate_prop, property_type;
|
|
|
|
type ctl_fuse_prop, property_type;
|
2019-02-28 03:31:11 +01:00
|
|
|
type ctl_gsid_prop, property_type;
|
Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
2018-05-04 02:00:16 +02:00
|
|
|
type ctl_interface_restart_prop, property_type;
|
|
|
|
type ctl_interface_start_prop, property_type;
|
|
|
|
type ctl_interface_stop_prop, property_type;
|
2015-12-09 17:47:02 +01:00
|
|
|
type ctl_mdnsd_prop, property_type;
|
Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
2018-05-04 02:00:16 +02:00
|
|
|
type ctl_restart_prop, property_type;
|
2015-12-09 17:47:02 +01:00
|
|
|
type ctl_rildaemon_prop, property_type;
|
Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
2018-05-04 02:00:16 +02:00
|
|
|
type ctl_sigstop_prop, property_type;
|
|
|
|
type ctl_start_prop, property_type;
|
|
|
|
type ctl_stop_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type dalvik_prop, property_type, core_property_type;
|
|
|
|
type debuggerd_prop, property_type, core_property_type;
|
|
|
|
type debug_prop, property_type, core_property_type;
|
|
|
|
type default_prop, property_type, core_property_type;
|
2019-01-17 22:30:05 +01:00
|
|
|
type device_config_activity_manager_native_boot_prop, property_type;
|
2018-10-26 05:09:55 +02:00
|
|
|
type device_config_boot_count_prop, property_type;
|
2018-11-09 01:46:19 +01:00
|
|
|
type device_config_reset_performed_prop, property_type;
|
2019-01-14 23:18:38 +01:00
|
|
|
type device_config_input_native_boot_prop, property_type;
|
2018-12-27 11:01:25 +01:00
|
|
|
type device_config_netd_native_prop, property_type;
|
2019-02-01 22:43:11 +01:00
|
|
|
type device_config_runtime_native_boot_prop, property_type;
|
2019-01-29 18:57:11 +01:00
|
|
|
type device_config_runtime_native_prop, property_type;
|
2019-01-31 00:28:31 +01:00
|
|
|
type device_config_media_native_prop, property_type;
|
2019-04-05 17:41:30 +02:00
|
|
|
type device_config_sys_traced_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type device_logging_prop, property_type;
|
|
|
|
type dhcp_prop, property_type, core_property_type;
|
|
|
|
type dumpstate_options_prop, property_type;
|
|
|
|
type dumpstate_prop, property_type, core_property_type;
|
2019-04-26 10:14:52 +02:00
|
|
|
type dynamic_system_prop, property_type;
|
2018-03-16 00:10:37 +01:00
|
|
|
type exported_secure_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type ffs_prop, property_type, core_property_type;
|
|
|
|
type fingerprint_prop, property_type, core_property_type;
|
2016-12-27 23:05:46 +01:00
|
|
|
type firstboot_prop, property_type;
|
2019-02-07 22:14:20 +01:00
|
|
|
type gsid_prop, property_type;
|
2018-12-10 17:20:20 +01:00
|
|
|
type heapprofd_enabled_prop, property_type;
|
2018-11-08 14:58:13 +01:00
|
|
|
type heapprofd_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type hwservicemanager_prop, property_type;
|
2019-07-25 20:29:17 +02:00
|
|
|
type init_svc_debug_prop, property_type;
|
2017-08-14 23:25:10 +02:00
|
|
|
type last_boot_reason_prop, property_type;
|
2018-07-25 02:04:18 +02:00
|
|
|
type system_lmk_prop, property_type;
|
2019-08-09 07:20:34 +02:00
|
|
|
type linker_prop, property_type;
|
2018-08-08 01:03:47 +02:00
|
|
|
type llkd_prop, property_type;
|
2015-12-08 23:45:50 +01:00
|
|
|
type logd_prop, property_type, core_property_type;
|
2016-06-06 21:18:46 +02:00
|
|
|
type logpersistd_logging_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type log_prop, property_type, log_property_type;
|
|
|
|
type log_tag_prop, property_type, log_property_type;
|
2017-09-26 21:58:29 +02:00
|
|
|
type lowpan_prop, property_type;
|
2019-03-14 23:45:03 +01:00
|
|
|
type lpdumpd_prop, property_type;
|
2016-02-04 19:55:43 +01:00
|
|
|
type mmc_prop, property_type;
|
2017-02-10 01:08:11 +01:00
|
|
|
type net_dns_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type net_radio_prop, property_type, core_property_type;
|
2017-07-11 02:43:19 +02:00
|
|
|
type netd_stable_secret_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type nfc_prop, property_type, core_property_type;
|
2019-04-02 16:34:16 +02:00
|
|
|
type nnapi_ext_deny_product_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type overlay_prop, property_type;
|
2015-12-08 23:45:50 +01:00
|
|
|
type pan_result_prop, property_type, core_property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type persist_debug_prop, property_type, core_property_type;
|
2017-03-01 04:21:31 +01:00
|
|
|
type persistent_properties_ready_prop, property_type;
|
2017-11-16 06:28:14 +01:00
|
|
|
type pm_prop, property_type;
|
2015-12-08 23:45:50 +01:00
|
|
|
type powerctl_prop, property_type, core_property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type radio_prop, property_type, core_property_type;
|
|
|
|
type restorecon_prop, property_type, core_property_type;
|
2016-02-06 00:42:32 +01:00
|
|
|
type safemode_prop, property_type;
|
2016-12-21 00:31:37 +01:00
|
|
|
type serialno_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type shell_prop, property_type, core_property_type;
|
2017-08-14 23:25:10 +02:00
|
|
|
type system_boot_reason_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type system_prop, property_type, core_property_type;
|
|
|
|
type system_radio_prop, property_type, core_property_type;
|
2019-02-01 23:52:02 +01:00
|
|
|
type system_trace_prop, property_type;
|
2015-10-25 01:20:18 +02:00
|
|
|
type test_boot_reason_prop, property_type;
|
2019-01-15 22:39:30 +01:00
|
|
|
type test_harness_prop, property_type;
|
2019-06-15 02:00:16 +02:00
|
|
|
type theme_prop, property_type;
|
2018-06-25 16:36:51 +02:00
|
|
|
type time_prop, property_type;
|
2018-04-20 20:09:45 +02:00
|
|
|
type traced_enabled_prop, property_type;
|
2019-03-13 19:22:23 +01:00
|
|
|
type traced_lazy_prop, property_type;
|
2019-01-31 23:43:57 +01:00
|
|
|
type use_memfd_prop, property_type;
|
2019-07-25 22:28:19 +02:00
|
|
|
type virtual_ab_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type vold_prop, property_type, core_property_type;
|
|
|
|
type wifi_log_prop, property_type, log_property_type;
|
|
|
|
type wifi_prop, property_type;
|
2018-04-10 21:38:45 +02:00
|
|
|
type vendor_security_patch_level_prop, property_type;
|
2015-12-02 01:58:27 +01:00
|
|
|
|
2017-10-19 09:54:49 +02:00
|
|
|
# Properties for whitelisting
|
2018-06-20 23:08:02 +02:00
|
|
|
type exported_audio_prop, property_type;
|
2018-04-09 05:07:32 +02:00
|
|
|
type exported_bluetooth_prop, property_type;
|
2017-10-19 09:54:49 +02:00
|
|
|
type exported_config_prop, property_type;
|
|
|
|
type exported_dalvik_prop, property_type;
|
|
|
|
type exported_default_prop, property_type;
|
|
|
|
type exported_dumpstate_prop, property_type;
|
|
|
|
type exported_ffs_prop, property_type;
|
2018-01-12 02:19:48 +01:00
|
|
|
type exported_fingerprint_prop, property_type;
|
2017-10-19 09:54:49 +02:00
|
|
|
type exported_overlay_prop, property_type;
|
|
|
|
type exported_pm_prop, property_type;
|
|
|
|
type exported_radio_prop, property_type;
|
|
|
|
type exported_system_prop, property_type;
|
|
|
|
type exported_system_radio_prop, property_type;
|
|
|
|
type exported_vold_prop, property_type;
|
2018-04-09 05:07:32 +02:00
|
|
|
type exported_wifi_prop, property_type;
|
2017-10-19 09:54:49 +02:00
|
|
|
type exported2_config_prop, property_type;
|
|
|
|
type exported2_default_prop, property_type;
|
|
|
|
type exported2_radio_prop, property_type;
|
|
|
|
type exported2_system_prop, property_type;
|
|
|
|
type exported2_vold_prop, property_type;
|
|
|
|
type exported3_default_prop, property_type;
|
2018-03-27 06:41:47 +02:00
|
|
|
type exported3_radio_prop, property_type;
|
2017-10-19 09:54:49 +02:00
|
|
|
type exported3_system_prop, property_type;
|
|
|
|
type vendor_default_prop, property_type;
|
|
|
|
|
2015-12-02 01:58:27 +01:00
|
|
|
allow property_type tmpfs:filesystem associate;
|
2016-12-14 00:59:33 +01:00
|
|
|
|
|
|
|
###
|
|
|
|
### Neverallow rules
|
|
|
|
###
|
|
|
|
|
2018-10-10 18:02:12 +02:00
|
|
|
# There is no need to perform ioctl or advisory locking operations on
|
|
|
|
# property files. If this neverallow is being triggered, it is
|
|
|
|
# likely that the policy is using r_file_perms directly instead of
|
|
|
|
# the get_prop() macro.
|
|
|
|
neverallow domain property_type:file { ioctl lock };
|
|
|
|
|
2016-12-14 00:59:33 +01:00
|
|
|
# core_property_type should not be used for new properties or
|
|
|
|
# device specific properties. Properties with this attribute
|
|
|
|
# are readable to everyone, which is overly broad and should
|
|
|
|
# be avoided.
|
|
|
|
# New properties should have appropriate read / write access
|
|
|
|
# control rules written.
|
|
|
|
|
|
|
|
neverallow * {
|
|
|
|
core_property_type
|
|
|
|
-audio_prop
|
|
|
|
-config_prop
|
|
|
|
-cppreopt_prop
|
|
|
|
-dalvik_prop
|
|
|
|
-debuggerd_prop
|
|
|
|
-debug_prop
|
|
|
|
-default_prop
|
|
|
|
-dhcp_prop
|
|
|
|
-dumpstate_prop
|
|
|
|
-ffs_prop
|
|
|
|
-fingerprint_prop
|
|
|
|
-logd_prop
|
|
|
|
-net_radio_prop
|
|
|
|
-nfc_prop
|
|
|
|
-pan_result_prop
|
|
|
|
-persist_debug_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
-restorecon_prop
|
|
|
|
-shell_prop
|
|
|
|
-system_prop
|
|
|
|
-system_radio_prop
|
|
|
|
-vold_prop
|
|
|
|
}:file no_rw_file_perms;
|
2017-10-19 09:54:49 +02:00
|
|
|
|
Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
2018-05-04 02:00:16 +02:00
|
|
|
# sigstop property is only used for debugging; should only be set by su which is permissive
|
|
|
|
# for userdebug/eng
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-init
|
|
|
|
-vendor_init
|
|
|
|
} ctl_sigstop_prop:property_service set;
|
|
|
|
|
|
|
|
# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
|
|
|
|
# in the audit log
|
|
|
|
dontaudit domain {
|
|
|
|
ctl_bootanim_prop
|
|
|
|
ctl_bugreport_prop
|
|
|
|
ctl_console_prop
|
|
|
|
ctl_default_prop
|
|
|
|
ctl_dumpstate_prop
|
|
|
|
ctl_fuse_prop
|
|
|
|
ctl_mdnsd_prop
|
|
|
|
ctl_rildaemon_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
2019-08-09 07:20:34 +02:00
|
|
|
# Do now allow to modify linker properties except shell and init
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-init
|
|
|
|
userdebug_or_eng(`-shell')
|
|
|
|
} linker_prop:property_service set;
|
|
|
|
|
2019-07-25 20:29:17 +02:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-init
|
|
|
|
} init_svc_debug_prop:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-init
|
|
|
|
-dumpstate
|
|
|
|
userdebug_or_eng(`-su')
|
|
|
|
} init_svc_debug_prop:file no_rw_file_perms;
|
|
|
|
|
2017-10-19 09:54:49 +02:00
|
|
|
compatible_property_only(`
|
2018-01-24 20:20:35 +01:00
|
|
|
# Prevent properties from being set
|
2017-10-19 09:54:49 +02:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
core_property_type
|
2018-05-30 10:38:09 +02:00
|
|
|
extended_core_property_type
|
2017-10-19 09:54:49 +02:00
|
|
|
exported_config_prop
|
|
|
|
exported_dalvik_prop
|
|
|
|
exported_default_prop
|
|
|
|
exported_dumpstate_prop
|
|
|
|
exported_ffs_prop
|
2018-01-12 02:19:48 +01:00
|
|
|
exported_fingerprint_prop
|
2017-10-19 09:54:49 +02:00
|
|
|
exported_system_prop
|
|
|
|
exported_system_radio_prop
|
|
|
|
exported_vold_prop
|
|
|
|
exported2_config_prop
|
|
|
|
exported2_default_prop
|
|
|
|
exported2_system_prop
|
|
|
|
exported2_vold_prop
|
|
|
|
exported3_default_prop
|
|
|
|
exported3_system_prop
|
2018-01-24 20:20:35 +01:00
|
|
|
-nfc_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
2018-01-30 09:23:58 +01:00
|
|
|
-hal_nfc_server
|
2018-01-24 20:20:35 +01:00
|
|
|
} {
|
|
|
|
nfc_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
2018-03-12 18:12:09 +01:00
|
|
|
-hal_telephony_server
|
2018-01-24 20:20:35 +01:00
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
exported_radio_prop
|
2018-03-27 06:41:47 +02:00
|
|
|
exported3_radio_prop
|
2018-04-18 04:24:15 +02:00
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-hal_telephony_server
|
|
|
|
} {
|
|
|
|
exported2_radio_prop
|
2018-01-24 20:20:35 +01:00
|
|
|
radio_prop
|
|
|
|
}:property_service set;
|
2017-10-19 09:54:49 +02:00
|
|
|
|
2018-04-18 04:24:15 +02:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-bluetooth
|
2018-05-23 16:21:32 +02:00
|
|
|
-hal_bluetooth_server
|
2018-04-18 04:24:15 +02:00
|
|
|
} {
|
|
|
|
bluetooth_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-bluetooth
|
2018-05-23 16:21:32 +02:00
|
|
|
-hal_bluetooth_server
|
2018-04-18 04:24:15 +02:00
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
exported_bluetooth_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
2018-05-23 16:21:32 +02:00
|
|
|
-hal_wifi_server
|
2018-04-18 04:24:15 +02:00
|
|
|
-wificond
|
|
|
|
} {
|
|
|
|
wifi_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
2018-05-23 16:21:32 +02:00
|
|
|
-hal_wifi_server
|
2018-04-18 04:24:15 +02:00
|
|
|
-wificond
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
exported_wifi_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
2018-01-24 20:20:35 +01:00
|
|
|
# Prevent properties from being read
|
2017-10-19 09:54:49 +02:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
core_property_type
|
2018-05-30 10:38:09 +02:00
|
|
|
extended_core_property_type
|
2017-10-19 09:54:49 +02:00
|
|
|
exported_dalvik_prop
|
|
|
|
exported_ffs_prop
|
|
|
|
exported_system_radio_prop
|
|
|
|
exported2_config_prop
|
|
|
|
exported2_system_prop
|
|
|
|
exported2_vold_prop
|
|
|
|
exported3_default_prop
|
|
|
|
exported3_system_prop
|
|
|
|
-debug_prop
|
|
|
|
-logd_prop
|
|
|
|
-nfc_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
}:file no_rw_file_perms;
|
2018-01-30 03:18:47 +01:00
|
|
|
|
2018-01-30 09:23:58 +01:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-hal_nfc_server
|
|
|
|
} {
|
|
|
|
nfc_prop
|
|
|
|
}:file no_rw_file_perms;
|
|
|
|
|
2018-01-30 03:18:47 +01:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
2018-03-12 18:12:09 +01:00
|
|
|
-hal_telephony_server
|
2018-01-30 03:18:47 +01:00
|
|
|
} {
|
|
|
|
radio_prop
|
|
|
|
}:file no_rw_file_perms;
|
2018-04-18 04:24:15 +02:00
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-bluetooth
|
2018-05-23 16:21:32 +02:00
|
|
|
-hal_bluetooth_server
|
2018-04-18 04:24:15 +02:00
|
|
|
} {
|
|
|
|
bluetooth_prop
|
|
|
|
}:file no_rw_file_perms;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
2018-05-23 16:21:32 +02:00
|
|
|
-hal_wifi_server
|
2018-04-18 04:24:15 +02:00
|
|
|
-wificond
|
|
|
|
} {
|
|
|
|
wifi_prop
|
|
|
|
}:file no_rw_file_perms;
|
2017-10-19 09:54:49 +02:00
|
|
|
')
|
2018-06-01 18:36:51 +02:00
|
|
|
|
|
|
|
compatible_property_only(`
|
|
|
|
# Neverallow coredomain to set vendor properties
|
|
|
|
neverallow {
|
|
|
|
coredomain
|
|
|
|
-init
|
|
|
|
-system_writes_vendor_properties_violators
|
|
|
|
} {
|
|
|
|
property_type
|
2018-11-01 12:05:20 +01:00
|
|
|
-apexd_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-audio_prop
|
|
|
|
-bluetooth_a2dp_offload_prop
|
2019-03-18 04:07:32 +01:00
|
|
|
-bluetooth_audio_hal_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-bluetooth_prop
|
|
|
|
-bootloader_boot_reason_prop
|
|
|
|
-boottime_prop
|
2019-01-11 14:32:45 +01:00
|
|
|
-bpf_progs_loaded_prop
|
2019-06-18 18:53:51 +02:00
|
|
|
-cold_boot_done_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-config_prop
|
|
|
|
-cppreopt_prop
|
2018-06-26 21:52:21 +02:00
|
|
|
-ctl_adbd_prop
|
2019-06-13 02:45:05 +02:00
|
|
|
-ctl_apexd_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-ctl_bootanim_prop
|
|
|
|
-ctl_bugreport_prop
|
|
|
|
-ctl_console_prop
|
|
|
|
-ctl_default_prop
|
|
|
|
-ctl_dumpstate_prop
|
|
|
|
-ctl_fuse_prop
|
2019-02-28 03:31:11 +01:00
|
|
|
-ctl_gsid_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-ctl_interface_restart_prop
|
|
|
|
-ctl_interface_start_prop
|
|
|
|
-ctl_interface_stop_prop
|
|
|
|
-ctl_mdnsd_prop
|
|
|
|
-ctl_restart_prop
|
|
|
|
-ctl_rildaemon_prop
|
|
|
|
-ctl_sigstop_prop
|
|
|
|
-ctl_start_prop
|
|
|
|
-ctl_stop_prop
|
|
|
|
-dalvik_prop
|
|
|
|
-debug_prop
|
|
|
|
-debuggerd_prop
|
|
|
|
-default_prop
|
|
|
|
-device_logging_prop
|
|
|
|
-dhcp_prop
|
|
|
|
-dumpstate_options_prop
|
|
|
|
-dumpstate_prop
|
|
|
|
-exported2_config_prop
|
|
|
|
-exported2_default_prop
|
|
|
|
-exported2_radio_prop
|
|
|
|
-exported2_system_prop
|
|
|
|
-exported2_vold_prop
|
|
|
|
-exported3_default_prop
|
|
|
|
-exported3_radio_prop
|
|
|
|
-exported3_system_prop
|
|
|
|
-exported_bluetooth_prop
|
|
|
|
-exported_config_prop
|
|
|
|
-exported_dalvik_prop
|
|
|
|
-exported_default_prop
|
|
|
|
-exported_dumpstate_prop
|
|
|
|
-exported_ffs_prop
|
|
|
|
-exported_fingerprint_prop
|
|
|
|
-exported_overlay_prop
|
|
|
|
-exported_pm_prop
|
|
|
|
-exported_radio_prop
|
|
|
|
-exported_secure_prop
|
|
|
|
-exported_system_prop
|
|
|
|
-exported_system_radio_prop
|
|
|
|
-exported_vold_prop
|
|
|
|
-exported_wifi_prop
|
|
|
|
-extended_core_property_type
|
|
|
|
-ffs_prop
|
|
|
|
-fingerprint_prop
|
|
|
|
-firstboot_prop
|
2019-01-17 22:30:05 +01:00
|
|
|
-device_config_activity_manager_native_boot_prop
|
2018-11-09 01:46:19 +01:00
|
|
|
-device_config_reset_performed_prop
|
2018-10-26 05:09:55 +02:00
|
|
|
-device_config_boot_count_prop
|
2019-01-14 23:18:38 +01:00
|
|
|
-device_config_input_native_boot_prop
|
2018-12-27 11:01:25 +01:00
|
|
|
-device_config_netd_native_prop
|
2019-02-01 22:43:11 +01:00
|
|
|
-device_config_runtime_native_boot_prop
|
2019-01-29 18:57:11 +01:00
|
|
|
-device_config_runtime_native_prop
|
2019-01-31 00:28:31 +01:00
|
|
|
-device_config_media_native_prop
|
2019-04-05 17:41:30 +02:00
|
|
|
-device_config_sys_traced_prop
|
2019-04-26 10:14:52 +02:00
|
|
|
-dynamic_system_prop
|
2019-02-07 22:14:20 +01:00
|
|
|
-gsid_prop
|
2018-12-10 17:20:20 +01:00
|
|
|
-heapprofd_enabled_prop
|
2018-11-08 14:58:13 +01:00
|
|
|
-heapprofd_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-hwservicemanager_prop
|
|
|
|
-last_boot_reason_prop
|
2018-07-25 02:04:18 +02:00
|
|
|
-system_lmk_prop
|
2019-08-09 07:20:34 +02:00
|
|
|
-linker_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-log_prop
|
|
|
|
-log_tag_prop
|
|
|
|
-logd_prop
|
|
|
|
-logpersistd_logging_prop
|
|
|
|
-lowpan_prop
|
2019-03-14 23:45:03 +01:00
|
|
|
-lpdumpd_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-mmc_prop
|
|
|
|
-net_dns_prop
|
|
|
|
-net_radio_prop
|
|
|
|
-netd_stable_secret_prop
|
|
|
|
-nfc_prop
|
|
|
|
-overlay_prop
|
|
|
|
-pan_result_prop
|
|
|
|
-persist_debug_prop
|
|
|
|
-persistent_properties_ready_prop
|
|
|
|
-pm_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
-restorecon_prop
|
|
|
|
-safemode_prop
|
|
|
|
-serialno_prop
|
|
|
|
-shell_prop
|
|
|
|
-system_boot_reason_prop
|
|
|
|
-system_prop
|
|
|
|
-system_radio_prop
|
2019-02-01 23:52:02 +01:00
|
|
|
-system_trace_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-test_boot_reason_prop
|
2019-01-15 22:39:30 +01:00
|
|
|
-test_harness_prop
|
2019-06-15 02:00:16 +02:00
|
|
|
-theme_prop
|
2018-06-25 16:36:51 +02:00
|
|
|
-time_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-traced_enabled_prop
|
2019-03-13 19:22:23 +01:00
|
|
|
-traced_lazy_prop
|
2018-06-01 18:36:51 +02:00
|
|
|
-vendor_default_prop
|
|
|
|
-vendor_security_patch_level_prop
|
|
|
|
-vold_prop
|
|
|
|
-wifi_log_prop
|
|
|
|
-wifi_prop
|
|
|
|
}:property_service set;
|
|
|
|
')
|