From b373dd0df20b9bc5cd22bbebbb10e846d938f318 Mon Sep 17 00:00:00 2001
From: Nazanin <nazaninb@google.com>
Date: Thu, 29 Apr 2021 21:52:42 -0700
Subject: [PATCH] make ril.cdma.inecmmode system property internal so that it
 cannot reveal a system api that requires READ_PRIVILEGED_PHONE_STATE

Bug: 183410189
Bug: 197722115
Test: adb shell getprop -Z
Change-Id: I65f4121fc300447af7d516676166bc8b0b53b727
Merged-In: I65f4121fc300447af7d516676166bc8b0b53b727
---
 private/app_neverallows.te | 3 +++
 private/property.te        | 1 +
 private/property_contexts  | 1 +
 private/radio.te           | 1 +
 4 files changed, 6 insertions(+)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index f33cff929..304f5a209 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -46,6 +46,9 @@ neverallow { all_untrusted_apps -mediaprovider } property_type:property_service
 # net.dns properties are not a public API. Disallow untrusted apps from reading this property.
 neverallow { all_untrusted_apps } net_dns_prop:file read;
 
+# radio_cdma_ecm_prop properties are not a public API. Disallow untrusted apps from reading this property.
+neverallow { all_untrusted_apps } radio_cdma_ecm_prop:file read;
+
 # Shared libraries created by trusted components within an app home
 # directory can be dlopen()ed. To maintain the W^X property, these files
 # must never be writable to the app.
diff --git a/private/property.te b/private/property.te
index 3ee6650ba..878f3e8fb 100644
--- a/private/property.te
+++ b/private/property.te
@@ -29,6 +29,7 @@ system_internal_prop(odsign_prop)
 system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
 system_internal_prop(profcollectd_node_id_prop)
+system_internal_prop(radio_cdma_ecm_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
 system_internal_prop(snapuserd_prop)
diff --git a/private/property_contexts b/private/property_contexts
index ba0d55702..5356978b5 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -82,6 +82,7 @@ persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
 persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
 persist.vendor.debug.wifi. u:object_r:persist_vendor_debug_wifi_prop:s0
 persist.vendor.overlay.  u:object_r:overlay_prop:s0
+ril.cdma.inecmmode      u:object_r:radio_cdma_ecm_prop:s0 exact bool
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0
 ro.serialno             u:object_r:serialno_prop:s0
diff --git a/private/radio.te b/private/radio.te
index 275828959..08365f05d 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -9,6 +9,7 @@ set_prop(radio, radio_control_prop)
 set_prop(radio, radio_prop)
 set_prop(radio, net_radio_prop)
 set_prop(radio, telephony_status_prop)
+set_prop(radio, radio_cdma_ecm_prop)
 
 # ctl interface
 set_prop(radio, ctl_rildaemon_prop)