From bdde5827af366f669b683a4923b72d0bf40791e5 Mon Sep 17 00:00:00 2001 From: Alessandra Loro Date: Fri, 3 Mar 2023 18:58:53 +0000 Subject: [PATCH 1/6] DO NOT MERGE Revert "Hide ro.debuggable and ro.secure from ephemeral and isolated applications" This reverts commit 813483e069cb4ccd77a32cc263405a34311d80cc. Reason for revert Bug: 271263976 Change-Id: I339bfe9eed8765d9d5fdd2fdbb3814d78d596ac6 Merged-In: I916c9795d96e4a4a453f9aed5e380f11981804e9 (cherry picked from commit on googleplex-android-review.googlesource.com host: 17f38379a9b496ac606e37dc807a0b539f446c33) Merged-In: I339bfe9eed8765d9d5fdd2fdbb3814d78d596ac6 --- prebuilts/api/33.0/public/domain.te | 2 +- public/domain.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prebuilts/api/33.0/public/domain.te b/prebuilts/api/33.0/public/domain.te index 46e945686..40060754a 100644 --- a/prebuilts/api/33.0/public/domain.te +++ b/prebuilts/api/33.0/public/domain.te @@ -129,7 +129,7 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain -untrusted_app_all userdebug_or_eng(`-isolated_app -ephemeral_app') }, userdebug_or_eng_prop) +get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) diff --git a/public/domain.te b/public/domain.te index 46e945686..40060754a 100644 --- a/public/domain.te +++ b/public/domain.te @@ -129,7 +129,7 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain -untrusted_app_all userdebug_or_eng(`-isolated_app -ephemeral_app') }, userdebug_or_eng_prop) +get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) From fdb69747e6d02f41ba6e585ab24c0c9d33a31db3 Mon Sep 17 00:00:00 2001 From: Alessandra Loro Date: Fri, 3 Mar 2023 18:57:17 +0000 Subject: [PATCH 2/6] DO NOT MERGE Revert "Drop back-compatibility for hiding ro.debuggable and ro.secure" This reverts commit 8e9a03e4a3f1bb2153e4a66c7593303e98e9bc03. Reason for revert Bug: 271263976 Change-Id: I00f6323e2721a10138a503f5e300d3ddf39b93fc Merged-In: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad (cherry picked from commit on googleplex-android-review.googlesource.com host: 2518911f3dbb516c95d13ffe86f3f4c1c920d88b) Merged-In: I00f6323e2721a10138a503f5e300d3ddf39b93fc --- prebuilts/api/33.0/private/app_neverallows.te | 12 ++++++++++++ prebuilts/api/33.0/private/untrusted_app_25.te | 3 --- prebuilts/api/33.0/private/untrusted_app_27.te | 3 --- prebuilts/api/33.0/private/untrusted_app_29.te | 2 +- prebuilts/api/33.0/private/untrusted_app_30.te | 2 +- private/app_neverallows.te | 12 ++++++++++++ private/untrusted_app_25.te | 3 ++- private/untrusted_app_27.te | 2 +- private/untrusted_app_29.te | 2 +- private/untrusted_app_30.te | 2 +- 10 files changed, 31 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/33.0/private/app_neverallows.te b/prebuilts/api/33.0/private/app_neverallows.te index 304f5a209..911595252 100644 --- a/prebuilts/api/33.0/private/app_neverallows.te +++ b/prebuilts/api/33.0/private/app_neverallows.te @@ -254,3 +254,15 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; + +# Do not allow untrusted app to read hidden system proprerties +# We exclude older application for compatibility and we do not include in the exclusions other normally +# untrusted applications such as mediaprovider due to the specific logging use cases. +# Context: b/193912100 +neverallow { + untrusted_app_all + -untrusted_app_25 + -untrusted_app_27 + -untrusted_app_29 + -untrusted_app_30 +} { userdebug_or_eng_prop }:file read; diff --git a/prebuilts/api/33.0/private/untrusted_app_25.te b/prebuilts/api/33.0/private/untrusted_app_25.te index b40fad062..4235d7eba 100644 --- a/prebuilts/api/33.0/private/untrusted_app_25.te +++ b/prebuilts/api/33.0/private/untrusted_app_25.te @@ -52,6 +52,3 @@ allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop({ untrusted_app_25 userdebug_or_eng(`-untrusted_app_25') }, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_27.te b/prebuilts/api/33.0/private/untrusted_app_27.te index dd9b4a809..c747af1bb 100644 --- a/prebuilts/api/33.0/private/untrusted_app_27.te +++ b/prebuilts/api/33.0/private/untrusted_app_27.te @@ -40,6 +40,3 @@ allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop({ untrusted_app_27 userdebug_or_eng(`-untrusted_app_27') }, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_29.te b/prebuilts/api/33.0/private/untrusted_app_29.te index 0cc2bea07..036018432 100644 --- a/prebuilts/api/33.0/private/untrusted_app_29.te +++ b/prebuilts/api/33.0/private/untrusted_app_29.te @@ -20,4 +20,4 @@ allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_29 userdebug_or_eng(`-untrusted_app_29') }, userdebug_or_eng_prop) +get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_30.te b/prebuilts/api/33.0/private/untrusted_app_30.te index 7b23be743..6893acada 100644 --- a/prebuilts/api/33.0/private/untrusted_app_30.te +++ b/prebuilts/api/33.0/private/untrusted_app_30.te @@ -22,4 +22,4 @@ allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_30 userdebug_or_eng(`-untrusted_app_30') }, userdebug_or_eng_prop) +get_prop(untrusted_app_30, userdebug_or_eng_prop) diff --git a/private/app_neverallows.te b/private/app_neverallows.te index 304f5a209..911595252 100644 --- a/private/app_neverallows.te +++ b/private/app_neverallows.te @@ -254,3 +254,15 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; + +# Do not allow untrusted app to read hidden system proprerties +# We exclude older application for compatibility and we do not include in the exclusions other normally +# untrusted applications such as mediaprovider due to the specific logging use cases. +# Context: b/193912100 +neverallow { + untrusted_app_all + -untrusted_app_25 + -untrusted_app_27 + -untrusted_app_29 + -untrusted_app_30 +} { userdebug_or_eng_prop }:file read; diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te index b40fad062..51cb51448 100644 --- a/private/untrusted_app_25.te +++ b/private/untrusted_app_25.te @@ -53,5 +53,6 @@ allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; + # Allow hidden build props -get_prop({ untrusted_app_25 userdebug_or_eng(`-untrusted_app_25') }, userdebug_or_eng_prop) +get_prop(untrusted_app_25, userdebug_or_eng_prop) diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te index dd9b4a809..0dde7601c 100644 --- a/private/untrusted_app_27.te +++ b/private/untrusted_app_27.te @@ -42,4 +42,4 @@ allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_27 userdebug_or_eng(`-untrusted_app_27') }, userdebug_or_eng_prop) +get_prop(untrusted_app_27, userdebug_or_eng_prop) diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te index 0cc2bea07..036018432 100644 --- a/private/untrusted_app_29.te +++ b/private/untrusted_app_29.te @@ -20,4 +20,4 @@ allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_29 userdebug_or_eng(`-untrusted_app_29') }, userdebug_or_eng_prop) +get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te index 7b23be743..6893acada 100644 --- a/private/untrusted_app_30.te +++ b/private/untrusted_app_30.te @@ -22,4 +22,4 @@ allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_30 userdebug_or_eng(`-untrusted_app_30') }, userdebug_or_eng_prop) +get_prop(untrusted_app_30, userdebug_or_eng_prop) From 58990e5ae31ff1d3dc135409cd9929dbdff3e384 Mon Sep 17 00:00:00 2001 From: Alessandra Loro Date: Fri, 3 Mar 2023 18:56:19 +0000 Subject: [PATCH 3/6] DO NOT MERGE Revert "Disallow untrusted apps to read ro.debuggable and ro.secure" This reverts commit 9fd568871ea72e6816de3153b2fb8ae879162d8d. Reason for revert Bug: 271263976 Change-Id: Id6b62d0f315002ddef75ed0048ec705b113530d9 Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831 (cherry picked from commit on googleplex-android-review.googlesource.com host: 41904f2ca280f8a0b0bb18b5d4c5d59f76ea2fe3) Merged-In: Id6b62d0f315002ddef75ed0048ec705b113530d9 --- prebuilts/api/33.0/private/app_neverallows.te | 12 ------------ prebuilts/api/33.0/private/compat/32.0/32.0.cil | 1 - prebuilts/api/33.0/private/property_contexts | 4 ++-- prebuilts/api/33.0/private/untrusted_app_29.te | 3 --- prebuilts/api/33.0/private/untrusted_app_30.te | 3 --- prebuilts/api/33.0/public/domain.te | 2 -- prebuilts/api/33.0/public/property.te | 1 - private/app_neverallows.te | 12 ------------ private/compat/32.0/32.0.cil | 1 - private/property_contexts | 4 ++-- private/untrusted_app_25.te | 4 ---- private/untrusted_app_27.te | 3 --- private/untrusted_app_29.te | 3 --- private/untrusted_app_30.te | 3 --- public/domain.te | 2 -- public/property.te | 1 - 16 files changed, 4 insertions(+), 55 deletions(-) diff --git a/prebuilts/api/33.0/private/app_neverallows.te b/prebuilts/api/33.0/private/app_neverallows.te index 911595252..304f5a209 100644 --- a/prebuilts/api/33.0/private/app_neverallows.te +++ b/prebuilts/api/33.0/private/app_neverallows.te @@ -254,15 +254,3 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; - -# Do not allow untrusted app to read hidden system proprerties -# We exclude older application for compatibility and we do not include in the exclusions other normally -# untrusted applications such as mediaprovider due to the specific logging use cases. -# Context: b/193912100 -neverallow { - untrusted_app_all - -untrusted_app_25 - -untrusted_app_27 - -untrusted_app_29 - -untrusted_app_30 -} { userdebug_or_eng_prop }:file read; diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.cil index d916a13e0..a99b62813 100644 --- a/prebuilts/api/33.0/private/compat/32.0/32.0.cil +++ b/prebuilts/api/33.0/private/compat/32.0/32.0.cil @@ -1378,7 +1378,6 @@ (typeattributeset build_config_prop_32_0 (build_config_prop)) (typeattributeset build_odm_prop_32_0 (build_odm_prop)) (typeattributeset build_prop_32_0 (build_prop)) -(typeattributeset build_prop_32_0 (userdebug_or_eng_prop)) (typeattributeset build_vendor_prop_32_0 (build_vendor_prop)) (typeattributeset cache_backup_file_32_0 (cache_backup_file)) (typeattributeset cache_block_device_32_0 (cache_block_device)) diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts index ac288f032..3841fd5f7 100644 --- a/prebuilts/api/33.0/private/property_contexts +++ b/prebuilts/api/33.0/private/property_contexts @@ -815,7 +815,7 @@ ro.build.version.security_patch u:object_r:build_prop:s0 exact string ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool -ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool +ro.debuggable u:object_r:build_prop:s0 exact bool ro.treble.enabled u:object_r:build_prop:s0 exact bool @@ -842,7 +842,7 @@ ro.system.build.version.release_or_codename u:object_r:build_prop:s0 exact strin ro.system.build.version.sdk u:object_r:build_prop:s0 exact int ro.adb.secure u:object_r:build_prop:s0 exact bool -ro.secure u:object_r:userdebug_or_eng_prop:s0 exact int +ro.secure u:object_r:build_prop:s0 exact int ro.product.system_ext.brand u:object_r:build_prop:s0 exact string ro.product.system_ext.device u:object_r:build_prop:s0 exact string diff --git a/prebuilts/api/33.0/private/untrusted_app_29.te b/prebuilts/api/33.0/private/untrusted_app_29.te index 036018432..6bb2606f6 100644 --- a/prebuilts/api/33.0/private/untrusted_app_29.te +++ b/prebuilts/api/33.0/private/untrusted_app_29.te @@ -18,6 +18,3 @@ bluetooth_domain(untrusted_app_29) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_30.te b/prebuilts/api/33.0/private/untrusted_app_30.te index 6893acada..e0a71ef7f 100644 --- a/prebuilts/api/33.0/private/untrusted_app_30.te +++ b/prebuilts/api/33.0/private/untrusted_app_30.te @@ -20,6 +20,3 @@ bluetooth_domain(untrusted_app_30) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_30, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/public/domain.te b/prebuilts/api/33.0/public/domain.te index 40060754a..de529f5d8 100644 --- a/prebuilts/api/33.0/public/domain.te +++ b/prebuilts/api/33.0/public/domain.te @@ -129,7 +129,6 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) @@ -565,7 +564,6 @@ compatible_property_only(` neverallow { domain -init } aac_drc_prop:property_service set; neverallow { domain -init } build_prop:property_service set; -neverallow { domain -init } userdebug_or_eng_prop:property_service set; # Do not allow reading device's serial number from system properties except form # a few allowed domains. diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te index deb166b07..763a80a59 100644 --- a/prebuilts/api/33.0/public/property.te +++ b/prebuilts/api/33.0/public/property.te @@ -73,7 +73,6 @@ system_restricted_prop(device_config_vendor_system_native_boot_prop) system_restricted_prop(fingerprint_prop) system_restricted_prop(gwp_asan_prop) system_restricted_prop(hal_instrumentation_prop) -system_restricted_prop(userdebug_or_eng_prop) system_restricted_prop(hypervisor_prop) system_restricted_prop(init_service_status_prop) system_restricted_prop(libc_debug_prop) diff --git a/private/app_neverallows.te b/private/app_neverallows.te index 911595252..304f5a209 100644 --- a/private/app_neverallows.te +++ b/private/app_neverallows.te @@ -254,15 +254,3 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; - -# Do not allow untrusted app to read hidden system proprerties -# We exclude older application for compatibility and we do not include in the exclusions other normally -# untrusted applications such as mediaprovider due to the specific logging use cases. -# Context: b/193912100 -neverallow { - untrusted_app_all - -untrusted_app_25 - -untrusted_app_27 - -untrusted_app_29 - -untrusted_app_30 -} { userdebug_or_eng_prop }:file read; diff --git a/private/compat/32.0/32.0.cil b/private/compat/32.0/32.0.cil index d916a13e0..a99b62813 100644 --- a/private/compat/32.0/32.0.cil +++ b/private/compat/32.0/32.0.cil @@ -1378,7 +1378,6 @@ (typeattributeset build_config_prop_32_0 (build_config_prop)) (typeattributeset build_odm_prop_32_0 (build_odm_prop)) (typeattributeset build_prop_32_0 (build_prop)) -(typeattributeset build_prop_32_0 (userdebug_or_eng_prop)) (typeattributeset build_vendor_prop_32_0 (build_vendor_prop)) (typeattributeset cache_backup_file_32_0 (cache_backup_file)) (typeattributeset cache_block_device_32_0 (cache_block_device)) diff --git a/private/property_contexts b/private/property_contexts index ac288f032..3841fd5f7 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -815,7 +815,7 @@ ro.build.version.security_patch u:object_r:build_prop:s0 exact string ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool -ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool +ro.debuggable u:object_r:build_prop:s0 exact bool ro.treble.enabled u:object_r:build_prop:s0 exact bool @@ -842,7 +842,7 @@ ro.system.build.version.release_or_codename u:object_r:build_prop:s0 exact strin ro.system.build.version.sdk u:object_r:build_prop:s0 exact int ro.adb.secure u:object_r:build_prop:s0 exact bool -ro.secure u:object_r:userdebug_or_eng_prop:s0 exact int +ro.secure u:object_r:build_prop:s0 exact int ro.product.system_ext.brand u:object_r:build_prop:s0 exact string ro.product.system_ext.device u:object_r:build_prop:s0 exact string diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te index 51cb51448..4235d7eba 100644 --- a/private/untrusted_app_25.te +++ b/private/untrusted_app_25.te @@ -52,7 +52,3 @@ allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; - - -# Allow hidden build props -get_prop(untrusted_app_25, userdebug_or_eng_prop) diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te index 0dde7601c..c747af1bb 100644 --- a/private/untrusted_app_27.te +++ b/private/untrusted_app_27.te @@ -40,6 +40,3 @@ allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_27, userdebug_or_eng_prop) diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te index 036018432..6bb2606f6 100644 --- a/private/untrusted_app_29.te +++ b/private/untrusted_app_29.te @@ -18,6 +18,3 @@ bluetooth_domain(untrusted_app_29) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te index 6893acada..e0a71ef7f 100644 --- a/private/untrusted_app_30.te +++ b/private/untrusted_app_30.te @@ -20,6 +20,3 @@ bluetooth_domain(untrusted_app_30) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_30, userdebug_or_eng_prop) diff --git a/public/domain.te b/public/domain.te index 40060754a..de529f5d8 100644 --- a/public/domain.te +++ b/public/domain.te @@ -129,7 +129,6 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) @@ -565,7 +564,6 @@ compatible_property_only(` neverallow { domain -init } aac_drc_prop:property_service set; neverallow { domain -init } build_prop:property_service set; -neverallow { domain -init } userdebug_or_eng_prop:property_service set; # Do not allow reading device's serial number from system properties except form # a few allowed domains. diff --git a/public/property.te b/public/property.te index deb166b07..763a80a59 100644 --- a/public/property.te +++ b/public/property.te @@ -73,7 +73,6 @@ system_restricted_prop(device_config_vendor_system_native_boot_prop) system_restricted_prop(fingerprint_prop) system_restricted_prop(gwp_asan_prop) system_restricted_prop(hal_instrumentation_prop) -system_restricted_prop(userdebug_or_eng_prop) system_restricted_prop(hypervisor_prop) system_restricted_prop(init_service_status_prop) system_restricted_prop(libc_debug_prop) From a358f3d9599c0169674908935b06ae83bb2b7c5c Mon Sep 17 00:00:00 2001 From: Alessandra Loro Date: Fri, 3 Mar 2023 18:58:53 +0000 Subject: [PATCH 4/6] DO NOT MERGE Revert "Hide ro.debuggable and ro.secure from ephemeral and isolated applications" This reverts commit 813483e069cb4ccd77a32cc263405a34311d80cc. Reason for revert Bug: 271263976 Change-Id: I339bfe9eed8765d9d5fdd2fdbb3814d78d596ac6 Merged-In: I916c9795d96e4a4a453f9aed5e380f11981804e9 (cherry picked from commit on googleplex-android-review.googlesource.com host: 17f38379a9b496ac606e37dc807a0b539f446c33) Merged-In: I339bfe9eed8765d9d5fdd2fdbb3814d78d596ac6 --- prebuilts/api/33.0/public/domain.te | 2 +- public/domain.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prebuilts/api/33.0/public/domain.te b/prebuilts/api/33.0/public/domain.te index 46e945686..40060754a 100644 --- a/prebuilts/api/33.0/public/domain.te +++ b/prebuilts/api/33.0/public/domain.te @@ -129,7 +129,7 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain -untrusted_app_all userdebug_or_eng(`-isolated_app -ephemeral_app') }, userdebug_or_eng_prop) +get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) diff --git a/public/domain.te b/public/domain.te index 46e945686..40060754a 100644 --- a/public/domain.te +++ b/public/domain.te @@ -129,7 +129,7 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain -untrusted_app_all userdebug_or_eng(`-isolated_app -ephemeral_app') }, userdebug_or_eng_prop) +get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) From 8a23781ffcc5847ff0f734f699ad653a65b89c9b Mon Sep 17 00:00:00 2001 From: Alessandra Loro Date: Fri, 3 Mar 2023 18:57:17 +0000 Subject: [PATCH 5/6] DO NOT MERGE Revert "Drop back-compatibility for hiding ro.debuggable and ro.secure" This reverts commit 8e9a03e4a3f1bb2153e4a66c7593303e98e9bc03. Reason for revert Bug: 271263976 Change-Id: I00f6323e2721a10138a503f5e300d3ddf39b93fc Merged-In: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad (cherry picked from commit on googleplex-android-review.googlesource.com host: 2518911f3dbb516c95d13ffe86f3f4c1c920d88b) Merged-In: I00f6323e2721a10138a503f5e300d3ddf39b93fc --- prebuilts/api/33.0/private/app_neverallows.te | 12 ++++++++++++ prebuilts/api/33.0/private/untrusted_app_25.te | 3 --- prebuilts/api/33.0/private/untrusted_app_27.te | 3 --- prebuilts/api/33.0/private/untrusted_app_29.te | 2 +- prebuilts/api/33.0/private/untrusted_app_30.te | 2 +- private/app_neverallows.te | 12 ++++++++++++ private/untrusted_app_25.te | 3 ++- private/untrusted_app_27.te | 2 +- private/untrusted_app_29.te | 2 +- private/untrusted_app_30.te | 2 +- 10 files changed, 31 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/33.0/private/app_neverallows.te b/prebuilts/api/33.0/private/app_neverallows.te index 304f5a209..911595252 100644 --- a/prebuilts/api/33.0/private/app_neverallows.te +++ b/prebuilts/api/33.0/private/app_neverallows.te @@ -254,3 +254,15 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; + +# Do not allow untrusted app to read hidden system proprerties +# We exclude older application for compatibility and we do not include in the exclusions other normally +# untrusted applications such as mediaprovider due to the specific logging use cases. +# Context: b/193912100 +neverallow { + untrusted_app_all + -untrusted_app_25 + -untrusted_app_27 + -untrusted_app_29 + -untrusted_app_30 +} { userdebug_or_eng_prop }:file read; diff --git a/prebuilts/api/33.0/private/untrusted_app_25.te b/prebuilts/api/33.0/private/untrusted_app_25.te index b40fad062..4235d7eba 100644 --- a/prebuilts/api/33.0/private/untrusted_app_25.te +++ b/prebuilts/api/33.0/private/untrusted_app_25.te @@ -52,6 +52,3 @@ allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop({ untrusted_app_25 userdebug_or_eng(`-untrusted_app_25') }, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_27.te b/prebuilts/api/33.0/private/untrusted_app_27.te index dd9b4a809..c747af1bb 100644 --- a/prebuilts/api/33.0/private/untrusted_app_27.te +++ b/prebuilts/api/33.0/private/untrusted_app_27.te @@ -40,6 +40,3 @@ allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop({ untrusted_app_27 userdebug_or_eng(`-untrusted_app_27') }, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_29.te b/prebuilts/api/33.0/private/untrusted_app_29.te index 0cc2bea07..036018432 100644 --- a/prebuilts/api/33.0/private/untrusted_app_29.te +++ b/prebuilts/api/33.0/private/untrusted_app_29.te @@ -20,4 +20,4 @@ allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_29 userdebug_or_eng(`-untrusted_app_29') }, userdebug_or_eng_prop) +get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_30.te b/prebuilts/api/33.0/private/untrusted_app_30.te index 7b23be743..6893acada 100644 --- a/prebuilts/api/33.0/private/untrusted_app_30.te +++ b/prebuilts/api/33.0/private/untrusted_app_30.te @@ -22,4 +22,4 @@ allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_30 userdebug_or_eng(`-untrusted_app_30') }, userdebug_or_eng_prop) +get_prop(untrusted_app_30, userdebug_or_eng_prop) diff --git a/private/app_neverallows.te b/private/app_neverallows.te index 304f5a209..911595252 100644 --- a/private/app_neverallows.te +++ b/private/app_neverallows.te @@ -254,3 +254,15 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; + +# Do not allow untrusted app to read hidden system proprerties +# We exclude older application for compatibility and we do not include in the exclusions other normally +# untrusted applications such as mediaprovider due to the specific logging use cases. +# Context: b/193912100 +neverallow { + untrusted_app_all + -untrusted_app_25 + -untrusted_app_27 + -untrusted_app_29 + -untrusted_app_30 +} { userdebug_or_eng_prop }:file read; diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te index b40fad062..51cb51448 100644 --- a/private/untrusted_app_25.te +++ b/private/untrusted_app_25.te @@ -53,5 +53,6 @@ allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; + # Allow hidden build props -get_prop({ untrusted_app_25 userdebug_or_eng(`-untrusted_app_25') }, userdebug_or_eng_prop) +get_prop(untrusted_app_25, userdebug_or_eng_prop) diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te index dd9b4a809..0dde7601c 100644 --- a/private/untrusted_app_27.te +++ b/private/untrusted_app_27.te @@ -42,4 +42,4 @@ allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_27 userdebug_or_eng(`-untrusted_app_27') }, userdebug_or_eng_prop) +get_prop(untrusted_app_27, userdebug_or_eng_prop) diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te index 0cc2bea07..036018432 100644 --- a/private/untrusted_app_29.te +++ b/private/untrusted_app_29.te @@ -20,4 +20,4 @@ allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_29 userdebug_or_eng(`-untrusted_app_29') }, userdebug_or_eng_prop) +get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te index 7b23be743..6893acada 100644 --- a/private/untrusted_app_30.te +++ b/private/untrusted_app_30.te @@ -22,4 +22,4 @@ allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; # Allow hidden build props -get_prop({ untrusted_app_30 userdebug_or_eng(`-untrusted_app_30') }, userdebug_or_eng_prop) +get_prop(untrusted_app_30, userdebug_or_eng_prop) From 09247c635d9ea3427928048766ef0d50275175a4 Mon Sep 17 00:00:00 2001 From: Alessandra Loro Date: Fri, 3 Mar 2023 18:56:19 +0000 Subject: [PATCH 6/6] DO NOT MERGE Revert "Disallow untrusted apps to read ro.debuggable and ro.secure" This reverts commit 9fd568871ea72e6816de3153b2fb8ae879162d8d. Reason for revert Bug: 271263976 Change-Id: Id6b62d0f315002ddef75ed0048ec705b113530d9 Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831 (cherry picked from commit on googleplex-android-review.googlesource.com host: 41904f2ca280f8a0b0bb18b5d4c5d59f76ea2fe3) Merged-In: Id6b62d0f315002ddef75ed0048ec705b113530d9 --- prebuilts/api/33.0/private/app_neverallows.te | 12 ------------ prebuilts/api/33.0/private/compat/32.0/32.0.cil | 1 - prebuilts/api/33.0/private/property_contexts | 4 ++-- prebuilts/api/33.0/private/untrusted_app_29.te | 3 --- prebuilts/api/33.0/private/untrusted_app_30.te | 3 --- prebuilts/api/33.0/public/domain.te | 2 -- prebuilts/api/33.0/public/property.te | 1 - private/app_neverallows.te | 12 ------------ private/compat/32.0/32.0.cil | 1 - private/property_contexts | 4 ++-- private/untrusted_app_25.te | 4 ---- private/untrusted_app_27.te | 3 --- private/untrusted_app_29.te | 3 --- private/untrusted_app_30.te | 3 --- public/domain.te | 2 -- public/property.te | 1 - 16 files changed, 4 insertions(+), 55 deletions(-) diff --git a/prebuilts/api/33.0/private/app_neverallows.te b/prebuilts/api/33.0/private/app_neverallows.te index 911595252..304f5a209 100644 --- a/prebuilts/api/33.0/private/app_neverallows.te +++ b/prebuilts/api/33.0/private/app_neverallows.te @@ -254,15 +254,3 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; - -# Do not allow untrusted app to read hidden system proprerties -# We exclude older application for compatibility and we do not include in the exclusions other normally -# untrusted applications such as mediaprovider due to the specific logging use cases. -# Context: b/193912100 -neverallow { - untrusted_app_all - -untrusted_app_25 - -untrusted_app_27 - -untrusted_app_29 - -untrusted_app_30 -} { userdebug_or_eng_prop }:file read; diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.cil index d916a13e0..a99b62813 100644 --- a/prebuilts/api/33.0/private/compat/32.0/32.0.cil +++ b/prebuilts/api/33.0/private/compat/32.0/32.0.cil @@ -1378,7 +1378,6 @@ (typeattributeset build_config_prop_32_0 (build_config_prop)) (typeattributeset build_odm_prop_32_0 (build_odm_prop)) (typeattributeset build_prop_32_0 (build_prop)) -(typeattributeset build_prop_32_0 (userdebug_or_eng_prop)) (typeattributeset build_vendor_prop_32_0 (build_vendor_prop)) (typeattributeset cache_backup_file_32_0 (cache_backup_file)) (typeattributeset cache_block_device_32_0 (cache_block_device)) diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts index ac288f032..3841fd5f7 100644 --- a/prebuilts/api/33.0/private/property_contexts +++ b/prebuilts/api/33.0/private/property_contexts @@ -815,7 +815,7 @@ ro.build.version.security_patch u:object_r:build_prop:s0 exact string ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool -ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool +ro.debuggable u:object_r:build_prop:s0 exact bool ro.treble.enabled u:object_r:build_prop:s0 exact bool @@ -842,7 +842,7 @@ ro.system.build.version.release_or_codename u:object_r:build_prop:s0 exact strin ro.system.build.version.sdk u:object_r:build_prop:s0 exact int ro.adb.secure u:object_r:build_prop:s0 exact bool -ro.secure u:object_r:userdebug_or_eng_prop:s0 exact int +ro.secure u:object_r:build_prop:s0 exact int ro.product.system_ext.brand u:object_r:build_prop:s0 exact string ro.product.system_ext.device u:object_r:build_prop:s0 exact string diff --git a/prebuilts/api/33.0/private/untrusted_app_29.te b/prebuilts/api/33.0/private/untrusted_app_29.te index 036018432..6bb2606f6 100644 --- a/prebuilts/api/33.0/private/untrusted_app_29.te +++ b/prebuilts/api/33.0/private/untrusted_app_29.te @@ -18,6 +18,3 @@ bluetooth_domain(untrusted_app_29) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/private/untrusted_app_30.te b/prebuilts/api/33.0/private/untrusted_app_30.te index 6893acada..e0a71ef7f 100644 --- a/prebuilts/api/33.0/private/untrusted_app_30.te +++ b/prebuilts/api/33.0/private/untrusted_app_30.te @@ -20,6 +20,3 @@ bluetooth_domain(untrusted_app_30) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_30, userdebug_or_eng_prop) diff --git a/prebuilts/api/33.0/public/domain.te b/prebuilts/api/33.0/public/domain.te index 40060754a..de529f5d8 100644 --- a/prebuilts/api/33.0/public/domain.te +++ b/prebuilts/api/33.0/public/domain.te @@ -129,7 +129,6 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) @@ -565,7 +564,6 @@ compatible_property_only(` neverallow { domain -init } aac_drc_prop:property_service set; neverallow { domain -init } build_prop:property_service set; -neverallow { domain -init } userdebug_or_eng_prop:property_service set; # Do not allow reading device's serial number from system properties except form # a few allowed domains. diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te index deb166b07..763a80a59 100644 --- a/prebuilts/api/33.0/public/property.te +++ b/prebuilts/api/33.0/public/property.te @@ -73,7 +73,6 @@ system_restricted_prop(device_config_vendor_system_native_boot_prop) system_restricted_prop(fingerprint_prop) system_restricted_prop(gwp_asan_prop) system_restricted_prop(hal_instrumentation_prop) -system_restricted_prop(userdebug_or_eng_prop) system_restricted_prop(hypervisor_prop) system_restricted_prop(init_service_status_prop) system_restricted_prop(libc_debug_prop) diff --git a/private/app_neverallows.te b/private/app_neverallows.te index 911595252..304f5a209 100644 --- a/private/app_neverallows.te +++ b/private/app_neverallows.te @@ -254,15 +254,3 @@ neverallow { # Only privileged apps may find the incident service neverallow all_untrusted_apps incident_service:service_manager find; - -# Do not allow untrusted app to read hidden system proprerties -# We exclude older application for compatibility and we do not include in the exclusions other normally -# untrusted applications such as mediaprovider due to the specific logging use cases. -# Context: b/193912100 -neverallow { - untrusted_app_all - -untrusted_app_25 - -untrusted_app_27 - -untrusted_app_29 - -untrusted_app_30 -} { userdebug_or_eng_prop }:file read; diff --git a/private/compat/32.0/32.0.cil b/private/compat/32.0/32.0.cil index d916a13e0..a99b62813 100644 --- a/private/compat/32.0/32.0.cil +++ b/private/compat/32.0/32.0.cil @@ -1378,7 +1378,6 @@ (typeattributeset build_config_prop_32_0 (build_config_prop)) (typeattributeset build_odm_prop_32_0 (build_odm_prop)) (typeattributeset build_prop_32_0 (build_prop)) -(typeattributeset build_prop_32_0 (userdebug_or_eng_prop)) (typeattributeset build_vendor_prop_32_0 (build_vendor_prop)) (typeattributeset cache_backup_file_32_0 (cache_backup_file)) (typeattributeset cache_block_device_32_0 (cache_block_device)) diff --git a/private/property_contexts b/private/property_contexts index ac288f032..3841fd5f7 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -815,7 +815,7 @@ ro.build.version.security_patch u:object_r:build_prop:s0 exact string ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool -ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool +ro.debuggable u:object_r:build_prop:s0 exact bool ro.treble.enabled u:object_r:build_prop:s0 exact bool @@ -842,7 +842,7 @@ ro.system.build.version.release_or_codename u:object_r:build_prop:s0 exact strin ro.system.build.version.sdk u:object_r:build_prop:s0 exact int ro.adb.secure u:object_r:build_prop:s0 exact bool -ro.secure u:object_r:userdebug_or_eng_prop:s0 exact int +ro.secure u:object_r:build_prop:s0 exact int ro.product.system_ext.brand u:object_r:build_prop:s0 exact string ro.product.system_ext.device u:object_r:build_prop:s0 exact string diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te index 51cb51448..4235d7eba 100644 --- a/private/untrusted_app_25.te +++ b/private/untrusted_app_25.te @@ -52,7 +52,3 @@ allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh; - - -# Allow hidden build props -get_prop(untrusted_app_25, userdebug_or_eng_prop) diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te index 0dde7601c..c747af1bb 100644 --- a/private/untrusted_app_27.te +++ b/private/untrusted_app_27.te @@ -40,6 +40,3 @@ allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms; # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_27, userdebug_or_eng_prop) diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te index 036018432..6bb2606f6 100644 --- a/private/untrusted_app_29.te +++ b/private/untrusted_app_29.te @@ -18,6 +18,3 @@ bluetooth_domain(untrusted_app_29) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_29, userdebug_or_eng_prop) diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te index 6893acada..e0a71ef7f 100644 --- a/private/untrusted_app_30.te +++ b/private/untrusted_app_30.te @@ -20,6 +20,3 @@ bluetooth_domain(untrusted_app_30) # allow sending RTM_GETNEIGH{TBL} messages. allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh; - -# Allow hidden build props -get_prop(untrusted_app_30, userdebug_or_eng_prop) diff --git a/public/domain.te b/public/domain.te index 40060754a..de529f5d8 100644 --- a/public/domain.te +++ b/public/domain.te @@ -129,7 +129,6 @@ get_prop(domain, soc_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) get_prop(domain, telephony_status_prop) -get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) @@ -565,7 +564,6 @@ compatible_property_only(` neverallow { domain -init } aac_drc_prop:property_service set; neverallow { domain -init } build_prop:property_service set; -neverallow { domain -init } userdebug_or_eng_prop:property_service set; # Do not allow reading device's serial number from system properties except form # a few allowed domains. diff --git a/public/property.te b/public/property.te index deb166b07..763a80a59 100644 --- a/public/property.te +++ b/public/property.te @@ -73,7 +73,6 @@ system_restricted_prop(device_config_vendor_system_native_boot_prop) system_restricted_prop(fingerprint_prop) system_restricted_prop(gwp_asan_prop) system_restricted_prop(hal_instrumentation_prop) -system_restricted_prop(userdebug_or_eng_prop) system_restricted_prop(hypervisor_prop) system_restricted_prop(init_service_status_prop) system_restricted_prop(libc_debug_prop)