2016-11-11 11:43:08 +01:00
|
|
|
type audio_prop, property_type, core_property_type;
|
2016-12-14 04:50:36 +01:00
|
|
|
type boottime_prop, property_type;
|
2016-12-28 03:05:46 +01:00
|
|
|
type bluetooth_prop, property_type;
|
2017-08-14 23:25:10 +02:00
|
|
|
type bootloader_boot_reason_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type config_prop, property_type, core_property_type;
|
|
|
|
type cppreopt_prop, property_type, core_property_type;
|
2015-12-09 17:47:02 +01:00
|
|
|
type ctl_bootanim_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type ctl_bugreport_prop, property_type;
|
|
|
|
type ctl_console_prop, property_type;
|
2015-12-09 17:47:02 +01:00
|
|
|
type ctl_default_prop, property_type;
|
|
|
|
type ctl_dumpstate_prop, property_type;
|
|
|
|
type ctl_fuse_prop, property_type;
|
|
|
|
type ctl_mdnsd_prop, property_type;
|
|
|
|
type ctl_rildaemon_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type dalvik_prop, property_type, core_property_type;
|
|
|
|
type debuggerd_prop, property_type, core_property_type;
|
|
|
|
type debug_prop, property_type, core_property_type;
|
|
|
|
type default_prop, property_type, core_property_type;
|
|
|
|
type device_logging_prop, property_type;
|
|
|
|
type dhcp_prop, property_type, core_property_type;
|
|
|
|
type dumpstate_options_prop, property_type;
|
|
|
|
type dumpstate_prop, property_type, core_property_type;
|
|
|
|
type ffs_prop, property_type, core_property_type;
|
|
|
|
type fingerprint_prop, property_type, core_property_type;
|
2016-12-27 23:05:46 +01:00
|
|
|
type firstboot_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type hwservicemanager_prop, property_type;
|
2017-08-14 23:25:10 +02:00
|
|
|
type last_boot_reason_prop, property_type;
|
2015-12-08 23:45:50 +01:00
|
|
|
type logd_prop, property_type, core_property_type;
|
2016-06-06 21:18:46 +02:00
|
|
|
type logpersistd_logging_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type log_prop, property_type, log_property_type;
|
|
|
|
type log_tag_prop, property_type, log_property_type;
|
2017-09-26 21:58:29 +02:00
|
|
|
type lowpan_prop, property_type;
|
2016-02-04 19:55:43 +01:00
|
|
|
type mmc_prop, property_type;
|
2017-02-10 01:08:11 +01:00
|
|
|
type net_dns_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type net_radio_prop, property_type, core_property_type;
|
2017-07-11 02:43:19 +02:00
|
|
|
type netd_stable_secret_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type nfc_prop, property_type, core_property_type;
|
|
|
|
type overlay_prop, property_type;
|
2015-12-08 23:45:50 +01:00
|
|
|
type pan_result_prop, property_type, core_property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type persist_debug_prop, property_type, core_property_type;
|
2017-03-01 04:21:31 +01:00
|
|
|
type persistent_properties_ready_prop, property_type;
|
2017-11-16 06:28:14 +01:00
|
|
|
type pm_prop, property_type;
|
2015-12-08 23:45:50 +01:00
|
|
|
type powerctl_prop, property_type, core_property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type radio_prop, property_type, core_property_type;
|
|
|
|
type restorecon_prop, property_type, core_property_type;
|
2016-02-06 00:42:32 +01:00
|
|
|
type safemode_prop, property_type;
|
2016-12-21 00:31:37 +01:00
|
|
|
type serialno_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type shell_prop, property_type, core_property_type;
|
2017-08-14 23:25:10 +02:00
|
|
|
type system_boot_reason_prop, property_type;
|
2016-11-11 11:43:08 +01:00
|
|
|
type system_prop, property_type, core_property_type;
|
|
|
|
type system_radio_prop, property_type, core_property_type;
|
|
|
|
type vold_prop, property_type, core_property_type;
|
|
|
|
type wifi_log_prop, property_type, log_property_type;
|
|
|
|
type wifi_prop, property_type;
|
2015-12-02 01:58:27 +01:00
|
|
|
|
2017-10-19 09:54:49 +02:00
|
|
|
# Properties for whitelisting
|
|
|
|
type exported_config_prop, property_type;
|
|
|
|
type exported_dalvik_prop, property_type;
|
|
|
|
type exported_default_prop, property_type;
|
|
|
|
type exported_dumpstate_prop, property_type;
|
|
|
|
type exported_ffs_prop, property_type;
|
2018-01-12 02:19:48 +01:00
|
|
|
type exported_fingerprint_prop, property_type;
|
2017-10-19 09:54:49 +02:00
|
|
|
type exported_overlay_prop, property_type;
|
|
|
|
type exported_pm_prop, property_type;
|
|
|
|
type exported_radio_prop, property_type;
|
|
|
|
type exported_system_prop, property_type;
|
|
|
|
type exported_system_radio_prop, property_type;
|
|
|
|
type exported_vold_prop, property_type;
|
|
|
|
type exported2_config_prop, property_type;
|
|
|
|
type exported2_default_prop, property_type;
|
|
|
|
type exported2_radio_prop, property_type;
|
|
|
|
type exported2_system_prop, property_type;
|
|
|
|
type exported2_vold_prop, property_type;
|
|
|
|
type exported3_default_prop, property_type;
|
|
|
|
type exported3_system_prop, property_type;
|
|
|
|
type vendor_default_prop, property_type;
|
|
|
|
|
2015-12-02 01:58:27 +01:00
|
|
|
allow property_type tmpfs:filesystem associate;
|
2016-12-14 00:59:33 +01:00
|
|
|
|
|
|
|
###
|
|
|
|
### Neverallow rules
|
|
|
|
###
|
|
|
|
|
|
|
|
# core_property_type should not be used for new properties or
|
|
|
|
# device specific properties. Properties with this attribute
|
|
|
|
# are readable to everyone, which is overly broad and should
|
|
|
|
# be avoided.
|
|
|
|
# New properties should have appropriate read / write access
|
|
|
|
# control rules written.
|
|
|
|
|
|
|
|
neverallow * {
|
|
|
|
core_property_type
|
|
|
|
-audio_prop
|
|
|
|
-config_prop
|
|
|
|
-cppreopt_prop
|
|
|
|
-dalvik_prop
|
|
|
|
-debuggerd_prop
|
|
|
|
-debug_prop
|
|
|
|
-default_prop
|
|
|
|
-dhcp_prop
|
|
|
|
-dumpstate_prop
|
|
|
|
-ffs_prop
|
|
|
|
-fingerprint_prop
|
|
|
|
-logd_prop
|
|
|
|
-net_radio_prop
|
|
|
|
-nfc_prop
|
|
|
|
-pan_result_prop
|
|
|
|
-persist_debug_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
-restorecon_prop
|
|
|
|
-shell_prop
|
|
|
|
-system_prop
|
|
|
|
-system_radio_prop
|
|
|
|
-vold_prop
|
|
|
|
}:file no_rw_file_perms;
|
2017-10-19 09:54:49 +02:00
|
|
|
|
|
|
|
compatible_property_only(`
|
2018-01-24 20:20:35 +01:00
|
|
|
# Prevent properties from being set
|
2017-10-19 09:54:49 +02:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
core_property_type
|
|
|
|
exported_config_prop
|
|
|
|
exported_dalvik_prop
|
|
|
|
exported_default_prop
|
|
|
|
exported_dumpstate_prop
|
|
|
|
exported_ffs_prop
|
2018-01-12 02:19:48 +01:00
|
|
|
exported_fingerprint_prop
|
2017-10-19 09:54:49 +02:00
|
|
|
exported_system_prop
|
|
|
|
exported_system_radio_prop
|
|
|
|
exported_vold_prop
|
|
|
|
exported2_config_prop
|
|
|
|
exported2_default_prop
|
|
|
|
exported2_system_prop
|
|
|
|
exported2_vold_prop
|
|
|
|
exported3_default_prop
|
|
|
|
exported3_system_prop
|
2018-01-24 20:20:35 +01:00
|
|
|
-nfc_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-hal_nfc
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
nfc_prop
|
|
|
|
}:property_service set;
|
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-rild
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
exported_radio_prop
|
|
|
|
exported2_radio_prop
|
|
|
|
radio_prop
|
|
|
|
}:property_service set;
|
2017-10-19 09:54:49 +02:00
|
|
|
|
2018-01-24 20:20:35 +01:00
|
|
|
# Prevent properties from being read
|
2017-10-19 09:54:49 +02:00
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
core_property_type
|
|
|
|
exported_dalvik_prop
|
|
|
|
exported_ffs_prop
|
|
|
|
exported_system_radio_prop
|
|
|
|
exported2_config_prop
|
|
|
|
exported2_system_prop
|
|
|
|
exported2_vold_prop
|
|
|
|
exported3_default_prop
|
|
|
|
exported3_system_prop
|
|
|
|
-debug_prop
|
|
|
|
-logd_prop
|
|
|
|
-nfc_prop
|
|
|
|
-powerctl_prop
|
|
|
|
-radio_prop
|
|
|
|
}:file no_rw_file_perms;
|
2018-01-30 03:18:47 +01:00
|
|
|
|
|
|
|
neverallow {
|
|
|
|
domain
|
|
|
|
-coredomain
|
|
|
|
-appdomain
|
|
|
|
-rild
|
|
|
|
-vendor_init
|
|
|
|
} {
|
|
|
|
radio_prop
|
|
|
|
}:file no_rw_file_perms;
|
2017-10-19 09:54:49 +02:00
|
|
|
')
|