Explicitly list "pm.dexopt." sysprops.
Bug: 256639711 Test: m Change-Id: I5e6bd4fd8ec516a23f4e3a5658a651f04d40412c
This commit is contained in:
Jiakai Zhang
parent
347a7d5c3c
commit
9bbc1c0e72
4 changed files with 35 additions and 22 deletions
|
|
@ -51,4 +51,5 @@
|
|||
hal_fastboot_service
|
||||
hal_can_controller_service
|
||||
zoned_block_device
|
||||
future_pm_prop
|
||||
))
|
||||
|
|
|
|||
|
|
@ -592,29 +592,32 @@ ro.hdmi.wake_on_hotplug u:object_r:hd
|
|||
ro.hdmi.cec.source.send_standby_on_sleep u:object_r:hdmi_config_prop:s0 exact enum to_tv broadcast none
|
||||
ro.hdmi.cec.source.playback_device_action_on_routing_control u:object_r:hdmi_config_prop:s0 exact enum none wake_up_only wake_up_and_send_active_source
|
||||
|
||||
# This is the namespace of all system properties used by ART Service.
|
||||
# As ART Service is in the updatable ART module, we need the prefix to allow us
|
||||
# to add new properties.
|
||||
pm.dexopt. u:object_r:exported_pm_prop:s0 prefix
|
||||
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.bg-dexopt.concurrency u:object_r:exported_pm_prop:s0 exact int
|
||||
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.first-boot.concurrency u:object_r:exported_pm_prop:s0 exact int
|
||||
pm.dexopt.boot-after-ota u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.boot-after-ota.concurrency u:object_r:exported_pm_prop:s0 exact int
|
||||
pm.dexopt.boot-after-mainline-update u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.boot-after-mainline-update.concurrency u:object_r:exported_pm_prop:s0 exact int
|
||||
|
||||
# A set of pm.dexopt properties that we should keep supporting for Treble
|
||||
# compatibility. We explicitly list them here to discourage renaming or
|
||||
# disregarding them.
|
||||
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.cmdline u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
|
||||
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
|
||||
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-fast u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk-secondary u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk-downgraded u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk-secondary-downgraded u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.post-boot u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.cmdline u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-fast u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk-secondary u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk-downgraded u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install-bulk-secondary-downgraded u:object_r:exported_pm_prop:s0 exact string
|
||||
|
||||
pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
|
||||
|
||||
pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
|
||||
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
|
||||
|
||||
pm.dexopt. u:object_r:future_pm_prop:s0 prefix
|
||||
|
||||
ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
|
||||
|
||||
|
|
|
|||
|
|
@ -537,6 +537,14 @@ compatible_property_only(`
|
|||
neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
# New "pm.dexopt." sysprops should be explicitly listed as exported_pm_prop.
|
||||
neverallow { domain -init -dumpstate -vendor_init } future_pm_prop:property_service set;
|
||||
neverallow { domain -init -dumpstate -vendor_init } future_pm_prop:file no_rw_file_perms;
|
||||
|
||||
# ART may introduce new sysprops. SELinux denials due to reading new sysprops on
|
||||
# old platforms shouldn't be regarded as a problem.
|
||||
dontaudit domain future_pm_prop:file read;
|
||||
|
||||
neverallow { domain -init } aac_drc_prop:property_service set;
|
||||
neverallow { domain -init } build_prop:property_service set;
|
||||
neverallow { domain -init } userdebug_or_eng_prop:property_service set;
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@ system_public_prop(exported_system_prop)
|
|||
system_public_prop(exported_bluetooth_prop)
|
||||
system_public_prop(exported_overlay_prop)
|
||||
system_public_prop(exported_pm_prop)
|
||||
system_public_prop(future_pm_prop)
|
||||
system_public_prop(ffs_control_prop)
|
||||
system_public_prop(framework_status_prop)
|
||||
system_public_prop(gesture_prop)
|
||||
|
|
|
|||
Loading…
Reference in a new issue