07e631d2e0
This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:
1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
net_stable_secret_vendor_prop) and applying it to
persist.netd.stable_secret results in the device not booting
due to attempting to apply two different contexts to the same
property.
Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.
Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.
This reverts commit abb1ba6532.
Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
113 lines
4.8 KiB
Text
113 lines
4.8 KiB
Text
##########################
|
|
# property service keys
|
|
#
|
|
#
|
|
net.rmnet u:object_r:net_radio_prop:s0
|
|
net.gprs u:object_r:net_radio_prop:s0
|
|
net.ppp u:object_r:net_radio_prop:s0
|
|
net.qmi u:object_r:net_radio_prop:s0
|
|
net.lte u:object_r:net_radio_prop:s0
|
|
net.cdma u:object_r:net_radio_prop:s0
|
|
net.dns u:object_r:net_dns_prop:s0
|
|
sys.usb.config u:object_r:system_radio_prop:s0
|
|
ril. u:object_r:radio_prop:s0
|
|
ro.ril. u:object_r:radio_prop:s0
|
|
gsm. u:object_r:radio_prop:s0
|
|
persist.radio u:object_r:radio_prop:s0
|
|
|
|
net. u:object_r:system_prop:s0
|
|
dev. u:object_r:system_prop:s0
|
|
ro.runtime. u:object_r:system_prop:s0
|
|
ro.runtime.firstboot u:object_r:firstboot_prop:s0
|
|
hw. u:object_r:system_prop:s0
|
|
ro.hw. u:object_r:system_prop:s0
|
|
sys. u:object_r:system_prop:s0
|
|
sys.cppreopt u:object_r:cppreopt_prop:s0
|
|
sys.powerctl u:object_r:powerctl_prop:s0
|
|
sys.usb.ffs. u:object_r:ffs_prop:s0
|
|
service. u:object_r:system_prop:s0
|
|
dhcp. u:object_r:dhcp_prop:s0
|
|
dhcp.bt-pan.result u:object_r:pan_result_prop:s0
|
|
bluetooth. u:object_r:bluetooth_prop:s0
|
|
|
|
debug. u:object_r:debug_prop:s0
|
|
debug.db. u:object_r:debuggerd_prop:s0
|
|
dumpstate. u:object_r:dumpstate_prop:s0
|
|
dumpstate.options u:object_r:dumpstate_options_prop:s0
|
|
log. u:object_r:log_prop:s0
|
|
log.tag u:object_r:log_tag_prop:s0
|
|
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
|
|
security.perf_harden u:object_r:shell_prop:s0
|
|
service.adb.root u:object_r:shell_prop:s0
|
|
service.adb.tcp.port u:object_r:shell_prop:s0
|
|
|
|
persist.audio. u:object_r:audio_prop:s0
|
|
persist.bluetooth. u:object_r:bluetooth_prop:s0
|
|
persist.debug. u:object_r:persist_debug_prop:s0
|
|
persist.logd. u:object_r:logd_prop:s0
|
|
persist.logd.security u:object_r:device_logging_prop:s0
|
|
persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
|
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
|
persist.log.tag u:object_r:log_tag_prop:s0
|
|
persist.mmc. u:object_r:mmc_prop:s0
|
|
persist.sys. u:object_r:system_prop:s0
|
|
persist.sys.safemode u:object_r:safemode_prop:s0
|
|
ro.sys.safemode u:object_r:safemode_prop:s0
|
|
persist.sys.audit_safemode u:object_r:safemode_prop:s0
|
|
persist.service. u:object_r:system_prop:s0
|
|
persist.service.bdroid. u:object_r:bluetooth_prop:s0
|
|
persist.security. u:object_r:system_prop:s0
|
|
persist.vendor.overlay. u:object_r:overlay_prop:s0
|
|
ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
|
|
ro.boottime. u:object_r:boottime_prop:s0
|
|
ro.serialno u:object_r:serialno_prop:s0
|
|
ro.boot.btmacaddr u:object_r:bluetooth_prop:s0
|
|
ro.boot.serialno u:object_r:serialno_prop:s0
|
|
ro.bt. u:object_r:bluetooth_prop:s0
|
|
|
|
# Boolean property set by system server upon boot indicating
|
|
# if device owner is provisioned.
|
|
ro.device_owner u:object_r:device_logging_prop:s0
|
|
|
|
# selinux non-persistent properties
|
|
selinux.restorecon_recursive u:object_r:restorecon_prop:s0
|
|
|
|
# default property context
|
|
* u:object_r:default_prop:s0
|
|
|
|
# data partition encryption properties
|
|
vold. u:object_r:vold_prop:s0
|
|
ro.crypto. u:object_r:vold_prop:s0
|
|
|
|
# ro.build.fingerprint is either set in /system/build.prop, or is
|
|
# set at runtime by system_server.
|
|
ro.build.fingerprint u:object_r:fingerprint_prop:s0
|
|
|
|
ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
|
|
|
|
# ctl properties
|
|
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
|
|
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
|
|
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
|
|
ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
|
|
ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0
|
|
ctl.bugreport u:object_r:ctl_bugreport_prop:s0
|
|
ctl.console u:object_r:ctl_console_prop:s0
|
|
ctl. u:object_r:ctl_default_prop:s0
|
|
|
|
# NFC properties
|
|
nfc. u:object_r:nfc_prop:s0
|
|
|
|
# These properties are not normally set by processes other than init.
|
|
# They are only distinguished here for setting by qemu-props on the
|
|
# emulator/goldfish.
|
|
config. u:object_r:config_prop:s0
|
|
ro.config. u:object_r:config_prop:s0
|
|
dalvik. u:object_r:dalvik_prop:s0
|
|
ro.dalvik. u:object_r:dalvik_prop:s0
|
|
|
|
# Shared between system server and wificond
|
|
wlan. u:object_r:wifi_prop:s0
|
|
|
|
# hwservicemanager properties
|
|
hwservicemanager. u:object_r:hwservicemanager_prop:s0
|