# Properties used only in /system system_internal_prop(apexd_prop) system_internal_prop(bootloader_boot_reason_prop) system_internal_prop(device_config_activity_manager_native_boot_prop) system_internal_prop(device_config_boot_count_prop) system_internal_prop(device_config_input_native_boot_prop) system_internal_prop(device_config_media_native_prop) system_internal_prop(device_config_netd_native_prop) system_internal_prop(device_config_reset_performed_prop) system_internal_prop(device_config_runtime_native_boot_prop) system_internal_prop(device_config_runtime_native_prop) system_internal_prop(device_config_sys_traced_prop) system_internal_prop(firstboot_prop) system_internal_prop(gsid_prop) system_internal_prop(init_svc_debug_prop) system_internal_prop(last_boot_reason_prop) system_internal_prop(netd_stable_secret_prop) system_internal_prop(pm_prop) compatible_property_only(` # DO NOT ADD ANY PROPERTIES HERE system_internal_prop(boottime_prop) system_internal_prop(bpf_progs_loaded_prop) system_internal_prop(charger_prop) system_internal_prop(cold_boot_done_prop) system_internal_prop(ctl_adbd_prop) system_internal_prop(ctl_apexd_prop) system_internal_prop(ctl_bootanim_prop) system_internal_prop(ctl_bugreport_prop) system_internal_prop(ctl_console_prop) system_internal_prop(ctl_dumpstate_prop) system_internal_prop(ctl_fuse_prop) system_internal_prop(ctl_gsid_prop) system_internal_prop(ctl_interface_restart_prop) system_internal_prop(ctl_interface_stop_prop) system_internal_prop(ctl_mdnsd_prop) system_internal_prop(ctl_restart_prop) system_internal_prop(ctl_rildaemon_prop) system_internal_prop(ctl_sigstop_prop) system_internal_prop(dynamic_system_prop) system_internal_prop(heapprofd_enabled_prop) system_internal_prop(llkd_prop) system_internal_prop(lpdumpd_prop) system_internal_prop(mmc_prop) system_internal_prop(mock_ota_prop) system_internal_prop(net_dns_prop) system_internal_prop(overlay_prop) system_internal_prop(persistent_properties_ready_prop) system_internal_prop(safemode_prop) system_internal_prop(system_lmk_prop) system_internal_prop(system_trace_prop) system_internal_prop(test_boot_reason_prop) system_internal_prop(time_prop) system_internal_prop(traced_enabled_prop) system_internal_prop(traced_lazy_prop) system_internal_prop(virtual_ab_prop) ') # Properties which can't be written outside system system_restricted_prop(linker_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(system_boot_reason_prop) compatible_property_only(` # DO NOT ADD ANY PROPERTIES HERE system_restricted_prop(config_prop) system_restricted_prop(cppreopt_prop) system_restricted_prop(dalvik_prop) system_restricted_prop(debuggerd_prop) system_restricted_prop(default_prop) system_restricted_prop(device_logging_prop) system_restricted_prop(dhcp_prop) system_restricted_prop(dumpstate_prop) system_restricted_prop(exported2_default_prop) system_restricted_prop(exported3_system_prop) system_restricted_prop(exported_dumpstate_prop) system_restricted_prop(exported_fingerprint_prop) system_restricted_prop(exported_secure_prop) system_restricted_prop(exported_vold_prop) system_restricted_prop(ffs_prop) system_restricted_prop(fingerprint_prop) system_restricted_prop(heapprofd_prop) system_restricted_prop(net_radio_prop) system_restricted_prop(pan_result_prop) system_restricted_prop(persist_debug_prop) system_restricted_prop(shell_prop) system_restricted_prop(system_radio_prop) system_restricted_prop(test_harness_prop) system_restricted_prop(theme_prop) system_restricted_prop(use_memfd_prop) system_restricted_prop(vold_prop) ') # Properties with no restrictions system_public_prop(audio_prop) system_public_prop(bluetooth_a2dp_offload_prop) system_public_prop(bluetooth_audio_hal_prop) system_public_prop(bluetooth_prop) system_public_prop(cpu_variant_prop) system_public_prop(ctl_default_prop) system_public_prop(ctl_interface_start_prop) system_public_prop(ctl_start_prop) system_public_prop(ctl_stop_prop) system_public_prop(debug_prop) system_public_prop(dumpstate_options_prop) system_public_prop(exported_system_prop) system_public_prop(exported2_config_prop) system_public_prop(exported2_radio_prop) system_public_prop(exported2_system_prop) system_public_prop(exported2_vold_prop) system_public_prop(exported3_default_prop) system_public_prop(exported3_radio_prop) system_public_prop(exported_audio_prop) system_public_prop(exported_bluetooth_prop) system_public_prop(exported_config_prop) system_public_prop(exported_dalvik_prop) system_public_prop(exported_default_prop) system_public_prop(exported_ffs_prop) system_public_prop(exported_overlay_prop) system_public_prop(exported_pm_prop) system_public_prop(exported_radio_prop) system_public_prop(exported_system_radio_prop) system_public_prop(exported_wifi_prop) system_public_prop(hwservicemanager_prop) system_public_prop(logd_prop) system_public_prop(logpersistd_logging_prop) system_public_prop(log_prop) system_public_prop(log_tag_prop) system_public_prop(lowpan_prop) system_public_prop(nfc_prop) system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) system_public_prop(system_prop) system_public_prop(vendor_security_patch_level_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) # Properties which are public for devices launching with Android O or earlier # This should not be used for any new properties. not_compatible_property(` # DO NOT ADD ANY PROPERTIES HERE system_public_prop(boottime_prop) system_public_prop(bpf_progs_loaded_prop) system_public_prop(charger_prop) system_public_prop(cold_boot_done_prop) system_public_prop(ctl_adbd_prop) system_public_prop(ctl_apexd_prop) system_public_prop(ctl_bootanim_prop) system_public_prop(ctl_bugreport_prop) system_public_prop(ctl_console_prop) system_public_prop(ctl_dumpstate_prop) system_public_prop(ctl_fuse_prop) system_public_prop(ctl_gsid_prop) system_public_prop(ctl_interface_restart_prop) system_public_prop(ctl_interface_stop_prop) system_public_prop(ctl_mdnsd_prop) system_public_prop(ctl_restart_prop) system_public_prop(ctl_rildaemon_prop) system_public_prop(ctl_sigstop_prop) system_public_prop(dynamic_system_prop) system_public_prop(heapprofd_enabled_prop) system_public_prop(llkd_prop) system_public_prop(lpdumpd_prop) system_public_prop(mmc_prop) system_public_prop(mock_ota_prop) system_public_prop(net_dns_prop) system_public_prop(overlay_prop) system_public_prop(persistent_properties_ready_prop) system_public_prop(safemode_prop) system_public_prop(system_lmk_prop) system_public_prop(system_trace_prop) system_public_prop(test_boot_reason_prop) system_public_prop(time_prop) system_public_prop(traced_enabled_prop) system_public_prop(traced_lazy_prop) system_public_prop(virtual_ab_prop) system_public_prop(config_prop) system_public_prop(cppreopt_prop) system_public_prop(dalvik_prop) system_public_prop(debuggerd_prop) system_public_prop(default_prop) system_public_prop(device_logging_prop) system_public_prop(dhcp_prop) system_public_prop(dumpstate_prop) system_public_prop(exported2_default_prop) system_public_prop(exported3_system_prop) system_public_prop(exported_dumpstate_prop) system_public_prop(exported_fingerprint_prop) system_public_prop(exported_secure_prop) system_public_prop(exported_vold_prop) system_public_prop(ffs_prop) system_public_prop(fingerprint_prop) system_public_prop(heapprofd_prop) system_public_prop(net_radio_prop) system_public_prop(pan_result_prop) system_public_prop(persist_debug_prop) system_public_prop(shell_prop) system_public_prop(system_radio_prop) system_public_prop(test_harness_prop) system_public_prop(theme_prop) system_public_prop(use_memfd_prop) system_public_prop(vold_prop) ') type vendor_default_prop, property_type; typeattribute log_prop log_property_type; typeattribute log_tag_prop log_property_type; typeattribute wifi_log_prop log_property_type; allow property_type tmpfs:filesystem associate; ### ### Neverallow rules ### treble_sysprop_neverallow(` # TODO(b/131162102): uncomment these after assigning ownership attributes to all properties # neverallow domain { # property_type # -system_property_type # -product_property_type # -vendor_property_type # }:file no_rw_file_perms; neverallow { domain -coredomain } { system_property_type -system_restricted_property_type -system_public_property_type }:file no_rw_file_perms; neverallow { domain -coredomain } { system_property_type -system_public_property_type }:property_service set; neverallow { domain -coredomain } { system_internal_property_type }:file no_rw_file_perms; neverallow coredomain { vendor_property_type -vendor_restricted_property_type -vendor_public_property_type }:file no_rw_file_perms; neverallow coredomain { vendor_property_type -vendor_public_property_type }:property_service set; neverallow coredomain { vendor_internal_property_type }:file no_rw_file_perms; ') # There is no need to perform ioctl or advisory locking operations on # property files. If this neverallow is being triggered, it is # likely that the policy is using r_file_perms directly instead of # the get_prop() macro. neverallow domain property_type:file { ioctl lock }; # core_property_type should not be used for new properties or # device specific properties. Properties with this attribute # are readable to everyone, which is overly broad and should # be avoided. # New properties should have appropriate read / write access # control rules written. typeattribute audio_prop core_property_type; typeattribute config_prop core_property_type; typeattribute cppreopt_prop core_property_type; typeattribute dalvik_prop core_property_type; typeattribute debuggerd_prop core_property_type; typeattribute debug_prop core_property_type; typeattribute default_prop core_property_type; typeattribute dhcp_prop core_property_type; typeattribute dumpstate_prop core_property_type; typeattribute ffs_prop core_property_type; typeattribute fingerprint_prop core_property_type; typeattribute logd_prop core_property_type; typeattribute net_radio_prop core_property_type; typeattribute nfc_prop core_property_type; typeattribute pan_result_prop core_property_type; typeattribute persist_debug_prop core_property_type; typeattribute powerctl_prop core_property_type; typeattribute radio_prop core_property_type; typeattribute restorecon_prop core_property_type; typeattribute shell_prop core_property_type; typeattribute system_prop core_property_type; typeattribute system_radio_prop core_property_type; typeattribute vold_prop core_property_type; neverallow * { core_property_type -audio_prop -config_prop -cppreopt_prop -dalvik_prop -debuggerd_prop -debug_prop -default_prop -dhcp_prop -dumpstate_prop -ffs_prop -fingerprint_prop -logd_prop -net_radio_prop -nfc_prop -pan_result_prop -persist_debug_prop -powerctl_prop -radio_prop -restorecon_prop -shell_prop -system_prop -system_radio_prop -vold_prop }:file no_rw_file_perms; # sigstop property is only used for debugging; should only be set by su which is permissive # for userdebug/eng neverallow { domain -init -vendor_init } ctl_sigstop_prop:property_service set; # Don't audit legacy ctl. property handling. We only want the newer permission check to appear # in the audit log dontaudit domain { ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_default_prop ctl_dumpstate_prop ctl_fuse_prop ctl_mdnsd_prop ctl_rildaemon_prop }:property_service set; # Do now allow to modify linker properties except shell and init neverallow { domain -init userdebug_or_eng(`-shell') } linker_prop:property_service set; neverallow { domain -init } init_svc_debug_prop:property_service set; neverallow { domain -init -dumpstate userdebug_or_eng(`-su') } init_svc_debug_prop:file no_rw_file_perms; compatible_property_only(` # Prevent properties from being set neverallow { domain -coredomain -appdomain -vendor_init } { core_property_type extended_core_property_type exported_config_prop exported_dalvik_prop exported_default_prop exported_dumpstate_prop exported_ffs_prop exported_fingerprint_prop exported_system_prop exported_system_radio_prop exported_vold_prop exported2_config_prop exported2_default_prop exported2_system_prop exported2_vold_prop exported3_default_prop exported3_system_prop -nfc_prop -powerctl_prop -radio_prop }:property_service set; neverallow { domain -coredomain -appdomain -hal_nfc_server } { nfc_prop }:property_service set; neverallow { domain -coredomain -appdomain -hal_telephony_server -vendor_init } { exported_radio_prop exported3_radio_prop }:property_service set; neverallow { domain -coredomain -appdomain -hal_telephony_server } { exported2_radio_prop radio_prop }:property_service set; neverallow { domain -coredomain -bluetooth -hal_bluetooth_server } { bluetooth_prop }:property_service set; neverallow { domain -coredomain -bluetooth -hal_bluetooth_server -vendor_init } { exported_bluetooth_prop }:property_service set; neverallow { domain -coredomain -hal_wifi_server -wificond } { wifi_prop }:property_service set; neverallow { domain -coredomain -hal_wifi_server -wificond -vendor_init } { exported_wifi_prop }:property_service set; # Prevent properties from being read neverallow { domain -coredomain -appdomain -vendor_init } { core_property_type extended_core_property_type exported_dalvik_prop exported_ffs_prop exported_system_radio_prop exported2_config_prop exported2_system_prop exported2_vold_prop exported3_default_prop exported3_system_prop -debug_prop -logd_prop -nfc_prop -powerctl_prop -radio_prop }:file no_rw_file_perms; neverallow { domain -coredomain -appdomain -hal_nfc_server } { nfc_prop }:file no_rw_file_perms; neverallow { domain -coredomain -appdomain -hal_telephony_server } { radio_prop }:file no_rw_file_perms; neverallow { domain -coredomain -bluetooth -hal_bluetooth_server } { bluetooth_prop }:file no_rw_file_perms; neverallow { domain -coredomain -hal_wifi_server -wificond } { wifi_prop }:file no_rw_file_perms; ') compatible_property_only(` # Neverallow coredomain to set vendor properties neverallow { coredomain -init -system_writes_vendor_properties_violators } { property_type -apexd_prop -audio_prop -bluetooth_a2dp_offload_prop -bluetooth_audio_hal_prop -bluetooth_prop -bootloader_boot_reason_prop -boottime_prop -bpf_progs_loaded_prop -cold_boot_done_prop -config_prop -cppreopt_prop -ctl_adbd_prop -ctl_apexd_prop -ctl_bootanim_prop -ctl_bugreport_prop -ctl_console_prop -ctl_default_prop -ctl_dumpstate_prop -ctl_fuse_prop -ctl_gsid_prop -ctl_interface_restart_prop -ctl_interface_start_prop -ctl_interface_stop_prop -ctl_mdnsd_prop -ctl_restart_prop -ctl_rildaemon_prop -ctl_sigstop_prop -ctl_start_prop -ctl_stop_prop -dalvik_prop -debug_prop -debuggerd_prop -default_prop -device_logging_prop -dhcp_prop -dumpstate_options_prop -dumpstate_prop -exported2_config_prop -exported2_default_prop -exported2_radio_prop -exported2_system_prop -exported2_vold_prop -exported3_default_prop -exported3_radio_prop -exported3_system_prop -exported_bluetooth_prop -exported_config_prop -exported_dalvik_prop -exported_default_prop -exported_dumpstate_prop -exported_ffs_prop -exported_fingerprint_prop -exported_overlay_prop -exported_pm_prop -exported_radio_prop -exported_secure_prop -exported_system_prop -exported_system_radio_prop -exported_vold_prop -exported_wifi_prop -extended_core_property_type -ffs_prop -fingerprint_prop -firstboot_prop -device_config_activity_manager_native_boot_prop -device_config_reset_performed_prop -device_config_boot_count_prop -device_config_input_native_boot_prop -device_config_netd_native_prop -device_config_runtime_native_boot_prop -device_config_runtime_native_prop -device_config_media_native_prop -device_config_sys_traced_prop -dynamic_system_prop -gsid_prop -heapprofd_enabled_prop -heapprofd_prop -hwservicemanager_prop -last_boot_reason_prop -system_lmk_prop -linker_prop -log_prop -log_tag_prop -logd_prop -logpersistd_logging_prop -lowpan_prop -lpdumpd_prop -mmc_prop -mock_ota_prop -net_dns_prop -net_radio_prop -netd_stable_secret_prop -nfc_prop -overlay_prop -pan_result_prop -persist_debug_prop -persistent_properties_ready_prop -pm_prop -powerctl_prop -radio_prop -restorecon_prop -safemode_prop -serialno_prop -shell_prop -system_boot_reason_prop -system_prop -system_radio_prop -system_trace_prop -test_boot_reason_prop -test_harness_prop -theme_prop -time_prop -traced_enabled_prop -traced_lazy_prop -vendor_default_prop -vendor_security_patch_level_prop -vold_prop -wifi_log_prop -wifi_prop }:property_service set; ')