Merge "Adds new policy for init_svc_debug_prop."

am: 95c9b61d3c

Change-Id: I866f58e08fd58226d209f15e8ea341cbd5c53261
This commit is contained in:
Daniel Norman 2019-08-02 15:21:59 -07:00 committed by android-build-merger
commit ee5547dca8
4 changed files with 16 additions and 0 deletions

View file

@ -12,6 +12,7 @@
device_config_sys_traced_prop
hal_can_bus_hwservice
hal_can_controller_hwservice
init_svc_debug_prop
ota_metadata_file
runtime_apex_dir
system_ashmem_hwservice

View file

@ -35,6 +35,7 @@ debug. u:object_r:debug_prop:s0
debug.db. u:object_r:debuggerd_prop:s0
dumpstate. u:object_r:dumpstate_prop:s0
dumpstate.options u:object_r:dumpstate_options_prop:s0
init.svc_debug_pid. u:object_r:init_svc_debug_prop:s0
llk. u:object_r:llkd_prop:s0
khungtask. u:object_r:llkd_prop:s0
ro.llk. u:object_r:llkd_prop:s0

View file

@ -55,6 +55,7 @@ type gsid_prop, property_type;
type heapprofd_enabled_prop, property_type;
type heapprofd_prop, property_type;
type hwservicemanager_prop, property_type;
type init_svc_debug_prop, property_type;
type last_boot_reason_prop, property_type;
type system_lmk_prop, property_type;
type llkd_prop, property_type;
@ -190,6 +191,18 @@ dontaudit domain {
ctl_rildaemon_prop
}:property_service set;
neverallow {
domain
-init
} init_svc_debug_prop:property_service set;
neverallow {
domain
-init
-dumpstate
userdebug_or_eng(`-su')
} init_svc_debug_prop:file no_rw_file_perms;
compatible_property_only(`
# Prevent properties from being set
neverallow {

View file

@ -217,6 +217,7 @@ not_compatible_property(`
-apexd_prop
-gsid_prop
-nnapi_ext_deny_product_prop
-init_svc_debug_prop
})
')