type audio_prop, property_type, core_property_type; type boottime_prop, property_type; type bluetooth_prop, property_type; type bootloader_boot_reason_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; type ctl_bootanim_prop, property_type; type ctl_bugreport_prop, property_type; type ctl_console_prop, property_type; type ctl_default_prop, property_type; type ctl_dumpstate_prop, property_type; type ctl_fuse_prop, property_type; type ctl_mdnsd_prop, property_type; type ctl_rildaemon_prop, property_type; type dalvik_prop, property_type, core_property_type; type debuggerd_prop, property_type, core_property_type; type debug_prop, property_type, core_property_type; type default_prop, property_type, core_property_type; type device_logging_prop, property_type; type dhcp_prop, property_type, core_property_type; type dumpstate_options_prop, property_type; type dumpstate_prop, property_type, core_property_type; type ffs_prop, property_type, core_property_type; type fingerprint_prop, property_type, core_property_type; type firstboot_prop, property_type; type hwservicemanager_prop, property_type; type last_boot_reason_prop, property_type; type logd_prop, property_type, core_property_type; type logpersistd_logging_prop, property_type; type log_prop, property_type, log_property_type; type log_tag_prop, property_type, log_property_type; type lowpan_prop, property_type; type mmc_prop, property_type; type net_dns_prop, property_type; type net_radio_prop, property_type, core_property_type; type netd_stable_secret_prop, property_type; type nfc_prop, property_type, core_property_type; type overlay_prop, property_type; type pan_result_prop, property_type, core_property_type; type persist_debug_prop, property_type, core_property_type; type persistent_properties_ready_prop, property_type; type pm_prop, property_type; type powerctl_prop, property_type, core_property_type; type radio_prop, property_type, core_property_type; type restorecon_prop, property_type, core_property_type; type safemode_prop, property_type; type serialno_prop, property_type; type shell_prop, property_type, core_property_type; type system_boot_reason_prop, property_type; type system_prop, property_type, core_property_type; type system_radio_prop, property_type, core_property_type; type vold_prop, property_type, core_property_type; type wifi_log_prop, property_type, log_property_type; type wifi_prop, property_type; # Properties for whitelisting type exported_config_prop, property_type; type exported_dalvik_prop, property_type; type exported_default_prop, property_type; type exported_dumpstate_prop, property_type; type exported_ffs_prop, property_type; type exported_fingerprint_prop, property_type; type exported_overlay_prop, property_type; type exported_pm_prop, property_type; type exported_radio_prop, property_type; type exported_system_prop, property_type; type exported_system_radio_prop, property_type; type exported_vold_prop, property_type; type exported2_config_prop, property_type; type exported2_default_prop, property_type; type exported2_radio_prop, property_type; type exported2_system_prop, property_type; type exported2_vold_prop, property_type; type exported3_default_prop, property_type; type exported3_system_prop, property_type; type vendor_default_prop, property_type; allow property_type tmpfs:filesystem associate; ### ### Neverallow rules ### # core_property_type should not be used for new properties or # device specific properties. Properties with this attribute # are readable to everyone, which is overly broad and should # be avoided. # New properties should have appropriate read / write access # control rules written. neverallow * { core_property_type -audio_prop -config_prop -cppreopt_prop -dalvik_prop -debuggerd_prop -debug_prop -default_prop -dhcp_prop -dumpstate_prop -ffs_prop -fingerprint_prop -logd_prop -net_radio_prop -nfc_prop -pan_result_prop -persist_debug_prop -powerctl_prop -radio_prop -restorecon_prop -shell_prop -system_prop -system_radio_prop -vold_prop }:file no_rw_file_perms; compatible_property_only(` # Prevent properties from being set neverallow { domain -coredomain -appdomain -vendor_init } { core_property_type exported_config_prop exported_dalvik_prop exported_default_prop exported_dumpstate_prop exported_ffs_prop exported_fingerprint_prop exported_system_prop exported_system_radio_prop exported_vold_prop exported2_config_prop exported2_default_prop exported2_system_prop exported2_vold_prop exported3_default_prop exported3_system_prop -nfc_prop -powerctl_prop -radio_prop }:property_service set; neverallow { domain -coredomain -appdomain -hal_nfc -vendor_init } { nfc_prop }:property_service set; neverallow { domain -coredomain -appdomain -rild -vendor_init } { exported_radio_prop exported2_radio_prop radio_prop }:property_service set; # Prevent properties from being read neverallow { domain -coredomain -appdomain -vendor_init } { core_property_type exported_dalvik_prop exported_ffs_prop exported_system_radio_prop exported2_config_prop exported2_system_prop exported2_vold_prop exported3_default_prop exported3_system_prop -debug_prop -logd_prop -nfc_prop -powerctl_prop -radio_prop }:file no_rw_file_perms; neverallow { domain -coredomain -appdomain -rild -vendor_init } { radio_prop }:file no_rw_file_perms; ')