Merge "Prevent non-system apps from read ro.usb.uvc.enabled" am: 36c4d512be

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2415830 Change-Id: Ie3acb6f962e05a3f9ddc6036590e3ec67ed650d3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-02-03 20:31:11 +00:00 · 2023-02-03 20:31:11 +00:00 · b95f1e539a
commit b95f1e539a
parent 6fb804af4e 36c4d512be
1 changed files with 7 additions and 0 deletions
--- a/private/property.te
+++ b/private/property.te
@ -687,3 +687,10 @@ neverallow {
  -init
  -vendor_init
 } usb_uvc_enabled_prop:property_service set;
+
+# Disallow non system apps from reading ro.usb.uvc.enabled
+neverallow {
+  appdomain
+  -system_app
+  -device_as_webcam
+} usb_uvc_enabled_prop:file no_rw_file_perms;