Merge "Allow vendor_init without compatible_property to write most properties"

public/domain.te

@@ -506,10 +506,12 @@ neverallow * hidl_base_hwservice:hwservice_manager find;
 
 # Require that domains explicitly label unknown properties, and do not allow
 # anyone but init to modify unknown properties.
-neverallow { domain -init } default_prop:property_service set;
+neverallow { domain -init -vendor_init } default_prop:property_service set;
-neverallow { domain -init } mmc_prop:property_service set;
+neverallow { domain -init -vendor_init } mmc_prop:property_service set;
 
 compatible_property_only(`
+    neverallow { domain -init } default_prop:property_service set;
+    neverallow { domain -init } mmc_prop:property_service set;
     neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
     neverallow { domain -init -vendor_init } exported2_default_prop:property_service set;
     neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;

public/vendor_init.te

@@ -218,6 +218,19 @@ allow vendor_init serialno_prop:file { getattr open read };
 # Vendor init can perform operations on trusted and security Extended Attributes
 allow vendor_init self:global_capability_class_set sys_admin;
 
+not_compatible_property(`
+    set_prop(vendor_init, {
+      property_type
+      -restorecon_prop
+      -netd_stable_secret_prop
+      -firstboot_prop
+      -pm_prop
+      -system_boot_reason_prop
+      -bootloader_boot_reason_prop
+      -last_boot_reason_prop
+    })
+')
+
 set_prop(vendor_init, debug_prop)
 set_prop(vendor_init, exported_config_prop)
 set_prop(vendor_init, exported_dalvik_prop)