Merge "Set apex. property as "system_restricted""
This commit is contained in:
commit
3047b2ca12
4 changed files with 6 additions and 1 deletions
|
@ -5,6 +5,7 @@
|
|||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
apex_ready_prop
|
||||
artd
|
||||
device_config_memory_safety_native_prop
|
||||
device_config_vendor_system_native_prop
|
||||
|
|
|
@ -47,7 +47,6 @@ system_internal_prop(ctl_mediatranscoding_prop)
|
|||
system_internal_prop(ctl_odsign_prop)
|
||||
system_internal_prop(virtualizationservice_prop)
|
||||
system_internal_prop(ctl_apex_load_prop)
|
||||
system_internal_prop(apex_ready_prop)
|
||||
|
||||
# Properties which can't be written outside system
|
||||
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
||||
|
@ -655,6 +654,7 @@ neverallow {
|
|||
-coredomain
|
||||
-dumpstate
|
||||
-apexd
|
||||
-vendor_init
|
||||
} apex_ready_prop:file no_rw_file_perms;
|
||||
|
||||
neverallow {
|
||||
|
|
|
@ -12,6 +12,9 @@ set_prop(vendor_init, adbd_config_prop)
|
|||
# Let vendor_init react to AVF device config changes
|
||||
get_prop(vendor_init, device_config_virtualization_framework_native_prop)
|
||||
|
||||
# Let vendor_init use apex.<name>.ready to start services from vendor APEX
|
||||
get_prop(vendor_init, apex_ready_prop)
|
||||
|
||||
# chown/chmod on devices, e.g. /dev/ttyHS0
|
||||
allow vendor_init {
|
||||
dev_type
|
||||
|
|
|
@ -52,6 +52,7 @@ compatible_property_only(`
|
|||
|
||||
# Properties which can't be written outside system
|
||||
system_restricted_prop(aac_drc_prop)
|
||||
system_restricted_prop(apex_ready_prop)
|
||||
system_restricted_prop(arm64_memtag_prop)
|
||||
system_restricted_prop(binder_cache_bluetooth_server_prop)
|
||||
system_restricted_prop(binder_cache_system_server_prop)
|
||||
|
|
Loading…
Reference in a new issue