From cbfe879fe6f78602bbb0af82f46040b19c814a34 Mon Sep 17 00:00:00 2001 From: Robin Lee Date: Mon, 6 Jan 2020 13:25:00 +0100 Subject: [PATCH] vendor_init can set config.disable_cameraservice This had been settable by vendors up to and including Q release by making config_prop avendor_init writeable. We don't allow this any more. This should be a real vendor settable property now. Bug: 143755062 Test: adb logcat -b all | grep cameraservice Test: atest CtsCameraTestCases Change-Id: Id583e899a906da8a8e8d71391ff2159a9510a630 --- private/compat/29.0/29.0.ignore.cil | 1 + private/domain.te | 1 + public/property.te | 11 +++++++++++ public/property_contexts | 1 + public/vendor_init.te | 1 + 5 files changed, 15 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index fe622bbdc..93e4f4614 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -20,6 +20,7 @@ dataloader_manager_service device_config_storage_native_boot_prop device_config_sys_traced_prop + exported_camera_prop file_integrity_service gmscore_app hal_can_bus_hwservice diff --git a/private/domain.te b/private/domain.te index 8a0a8e5ef..defe99de0 100644 --- a/private/domain.te +++ b/private/domain.te @@ -76,6 +76,7 @@ compatible_property_only(` get_prop({coredomain appdomain shell}, exported3_default_prop) get_prop({coredomain appdomain shell}, exported3_radio_prop) get_prop({coredomain appdomain shell}, exported3_system_prop) + get_prop({coredomain appdomain shell}, exported_camera_prop) get_prop({coredomain shell}, userspace_reboot_exported_prop) get_prop({coredomain shell}, userspace_reboot_prop) get_prop({domain -coredomain -appdomain}, vendor_default_prop) diff --git a/public/property.te b/public/property.te index 188178a26..bfb78c406 100644 --- a/public/property.te +++ b/public/property.te @@ -120,6 +120,7 @@ system_public_prop(exported3_default_prop) system_public_prop(exported3_radio_prop) system_public_prop(exported_audio_prop) system_public_prop(exported_bluetooth_prop) +system_public_prop(exported_camera_prop) system_public_prop(exported_config_prop) system_public_prop(exported_dalvik_prop) system_public_prop(exported_default_prop) @@ -450,6 +451,16 @@ compatible_property_only(` exported_bluetooth_prop }:property_service set; + neverallow { + domain + -coredomain + -hal_camera_server + -cameraserver + -vendor_init + } { + exported_camera_prop + }:property_service set; + neverallow { domain -coredomain diff --git a/public/property_contexts b/public/property_contexts index 7e49e9c73..e2b2c0030 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -298,6 +298,7 @@ aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int +config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool persist.rcs.supported u:object_r:exported_default_prop:s0 exact int diff --git a/public/vendor_init.te b/public/vendor_init.te index 823095742..0bdfc4a0d 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -238,6 +238,7 @@ set_prop(vendor_init, cpu_variant_prop) set_prop(vendor_init, debug_prop) set_prop(vendor_init, exported_audio_prop) set_prop(vendor_init, exported_bluetooth_prop) +set_prop(vendor_init, exported_camera_prop) set_prop(vendor_init, exported_config_prop) set_prop(vendor_init, exported_dalvik_prop) set_prop(vendor_init, exported_default_prop)