Merge "Set apex. property as "system_restricted""

This commit is contained in:
Treehugger Robot 2022-09-02 12:46:03 +00:00 committed by Gerrit Code Review
commit 3047b2ca12
4 changed files with 6 additions and 1 deletions

View file

@ -5,6 +5,7 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
apex_ready_prop
artd
device_config_memory_safety_native_prop
device_config_vendor_system_native_prop

View file

@ -47,7 +47,6 @@ system_internal_prop(ctl_mediatranscoding_prop)
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
system_internal_prop(ctl_apex_load_prop)
system_internal_prop(apex_ready_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
@ -655,6 +654,7 @@ neverallow {
-coredomain
-dumpstate
-apexd
-vendor_init
} apex_ready_prop:file no_rw_file_perms;
neverallow {

View file

@ -12,6 +12,9 @@ set_prop(vendor_init, adbd_config_prop)
# Let vendor_init react to AVF device config changes
get_prop(vendor_init, device_config_virtualization_framework_native_prop)
# Let vendor_init use apex.<name>.ready to start services from vendor APEX
get_prop(vendor_init, apex_ready_prop)
# chown/chmod on devices, e.g. /dev/ttyHS0
allow vendor_init {
dev_type

View file

@ -52,6 +52,7 @@ compatible_property_only(`
# Properties which can't be written outside system
system_restricted_prop(aac_drc_prop)
system_restricted_prop(apex_ready_prop)
system_restricted_prop(arm64_memtag_prop)
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)