Merge "Add external_storage properties." into rvc-dev
This commit is contained in:
Martijn Coenen
Android (Google) Code Review
commit
c2e570f8dd
8 changed files with 14 additions and 0 deletions
|
|
@ -88,6 +88,7 @@
|
|||
snapshotctl_log_data_file
|
||||
socket_hook_prop
|
||||
soundtrigger_middleware_service
|
||||
storage_config_prop
|
||||
sysfs_dm_verity
|
||||
system_adbd_prop
|
||||
system_config_service
|
||||
|
|
|
|||
|
|
@ -566,6 +566,10 @@ neverallow {
|
|||
-system_app
|
||||
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
|
||||
|
||||
|
||||
# Don't allow apps access to storage configuration properties.
|
||||
neverallow appdomain storage_config_prop:file no_rw_file_perms;
|
||||
|
||||
# Apps cannot access proc_uid_time_in_state
|
||||
neverallow appdomain proc_uid_time_in_state:file *;
|
||||
|
||||
|
|
|
|||
|
|
@ -530,6 +530,7 @@ compatible_property_only(`
|
|||
neverallow { domain -init } exported2_default_prop:property_service set;
|
||||
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
|
||||
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
|
||||
neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
|
||||
')
|
||||
|
||||
# Only core domains are allowed to access package_manager properties
|
||||
|
|
|
|||
|
|
@ -118,6 +118,7 @@ system_vendor_config_prop(exported_config_prop)
|
|||
system_vendor_config_prop(exported_default_prop)
|
||||
system_vendor_config_prop(exported3_default_prop)
|
||||
system_vendor_config_prop(media_variant_prop)
|
||||
system_vendor_config_prop(storage_config_prop)
|
||||
system_vendor_config_prop(userspace_reboot_config_prop)
|
||||
system_vendor_config_prop(vehicle_hal_prop)
|
||||
system_vendor_config_prop(vendor_security_patch_level_prop)
|
||||
|
|
|
|||
|
|
@ -70,6 +70,8 @@ dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
|
|||
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
|
||||
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
|
||||
external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||
external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
|
||||
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
|
||||
media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
|
||||
|
|
|
|||
|
|
@ -125,6 +125,9 @@ recovery_only(`
|
|||
# Read ro.boot.bootreason
|
||||
get_prop(recovery, bootloader_boot_reason_prop)
|
||||
|
||||
# Read storage properties (for correctly formatting filesystems)
|
||||
get_prop(recovery, storage_config_prop)
|
||||
|
||||
# Use setfscreatecon() to label files for OTA updates.
|
||||
allow recovery self:process setfscreate;
|
||||
|
||||
|
|
|
|||
|
|
@ -233,6 +233,7 @@ set_prop(vendor_init, log_tag_prop)
|
|||
set_prop(vendor_init, log_prop)
|
||||
set_prop(vendor_init, rebootescrow_hal_prop)
|
||||
set_prop(vendor_init, serialno_prop)
|
||||
set_prop(vendor_init, storage_config_prop)
|
||||
set_prop(vendor_init, userspace_reboot_config_prop)
|
||||
set_prop(vendor_init, vehicle_hal_prop)
|
||||
set_prop(vendor_init, vendor_default_prop)
|
||||
|
|
|
|||
|
|
@ -201,6 +201,7 @@ set_prop(vold, restorecon_prop)
|
|||
set_prop(vold, ota_prop)
|
||||
set_prop(vold, boottime_prop)
|
||||
set_prop(vold, boottime_public_prop)
|
||||
get_prop(vold, storage_config_prop)
|
||||
|
||||
# ASEC
|
||||
allow vold asec_image_file:file create_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue