platform_system_sepolicy/public/property.te

# Properties used only in /system
#
# DO NOT ADD system_internal_prop here.
# Instead, add to private/property.te.
# TODO(b/150331497): move these to private/property.te
system_internal_prop(apexd_prop)
system_internal_prop(bootloader_boot_reason_prop)
system_internal_prop(device_config_activity_manager_native_boot_prop)
system_internal_prop(device_config_boot_count_prop)
system_internal_prop(device_config_input_native_boot_prop)
system_internal_prop(device_config_media_native_prop)
system_internal_prop(device_config_netd_native_prop)
system_internal_prop(device_config_reset_performed_prop)
system_internal_prop(firstboot_prop)

compatible_property_only(`
    # DO NOT ADD ANY PROPERTIES HERE
    system_internal_prop(boottime_prop)
    system_internal_prop(bpf_progs_loaded_prop)
    system_internal_prop(charger_prop)
    system_internal_prop(cold_boot_done_prop)
    system_internal_prop(ctl_adbd_prop)
    system_internal_prop(ctl_apexd_prop)
    system_internal_prop(ctl_bootanim_prop)
    system_internal_prop(ctl_bugreport_prop)
    system_internal_prop(ctl_console_prop)
    system_internal_prop(ctl_dumpstate_prop)
    system_internal_prop(ctl_fuse_prop)
    system_internal_prop(ctl_gsid_prop)
    system_internal_prop(ctl_interface_restart_prop)
    system_internal_prop(ctl_interface_stop_prop)
    system_internal_prop(ctl_mdnsd_prop)
    system_internal_prop(ctl_restart_prop)
    system_internal_prop(ctl_rildaemon_prop)
    system_internal_prop(ctl_sigstop_prop)
    system_internal_prop(dynamic_system_prop)
    system_internal_prop(heapprofd_enabled_prop)
    system_internal_prop(llkd_prop)
    system_internal_prop(lpdumpd_prop)
    system_internal_prop(mmc_prop)
    system_internal_prop(mock_ota_prop)
    system_internal_prop(net_dns_prop)
    system_internal_prop(overlay_prop)
    system_internal_prop(persistent_properties_ready_prop)
    system_internal_prop(safemode_prop)
    system_internal_prop(system_lmk_prop)
    system_internal_prop(system_trace_prop)
    system_internal_prop(test_boot_reason_prop)
    system_internal_prop(time_prop)
    system_internal_prop(traced_enabled_prop)
    system_internal_prop(traced_lazy_prop)
')

# Properties which can't be written outside system
system_restricted_prop(aac_drc_prop)
system_restricted_prop(arm64_memtag_prop)
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
system_restricted_prop(binder_cache_telephony_server_prop)
system_restricted_prop(boot_status_prop)
system_restricted_prop(bootanim_system_prop)
system_restricted_prop(bootloader_prop)
system_restricted_prop(boottime_public_prop)
system_restricted_prop(bq_config_prop)
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(charger_status_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(fingerprint_prop)
system_restricted_prop(hal_instrumentation_prop)
system_restricted_prop(hypervisor_prop)
system_restricted_prop(init_service_status_prop)
system_restricted_prop(libc_debug_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
system_restricted_prop(power_debug_prop)
system_restricted_prop(property_service_version_prop)
system_restricted_prop(provisioned_prop)
system_restricted_prop(restorecon_prop)
system_restricted_prop(retaildemo_prop)
system_restricted_prop(socket_hook_prop)
system_restricted_prop(sqlite_log_prop)
system_restricted_prop(surfaceflinger_display_prop)
system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop)
system_restricted_prop(ab_update_gki_prop)
system_restricted_prop(usb_prop)
system_restricted_prop(userspace_reboot_exported_prop)
system_restricted_prop(vold_status_prop)
system_restricted_prop(vts_status_prop)

compatible_property_only(`
    # DO NOT ADD ANY PROPERTIES HERE
    system_restricted_prop(config_prop)
    system_restricted_prop(cppreopt_prop)
    system_restricted_prop(dalvik_prop)
    system_restricted_prop(debuggerd_prop)
    system_restricted_prop(device_logging_prop)
    system_restricted_prop(dhcp_prop)
    system_restricted_prop(dumpstate_prop)
    system_restricted_prop(exported3_system_prop)
    system_restricted_prop(exported_dumpstate_prop)
    system_restricted_prop(exported_secure_prop)
    system_restricted_prop(heapprofd_prop)
    system_restricted_prop(net_radio_prop)
    system_restricted_prop(pan_result_prop)
    system_restricted_prop(persist_debug_prop)
    system_restricted_prop(shell_prop)
    system_restricted_prop(test_harness_prop)
    system_restricted_prop(theme_prop)
    system_restricted_prop(use_memfd_prop)
    system_restricted_prop(vold_prop)
')

# Properties which can be written only by vendor_init
system_vendor_config_prop(apexd_config_prop)
system_vendor_config_prop(aaudio_config_prop)
system_vendor_config_prop(apk_verity_prop)
system_vendor_config_prop(audio_config_prop)
system_vendor_config_prop(bootanim_config_prop)
system_vendor_config_prop(build_config_prop)
system_vendor_config_prop(build_odm_prop)
system_vendor_config_prop(build_vendor_prop)
system_vendor_config_prop(camera_calibration_prop)
system_vendor_config_prop(camera_config_prop)
system_vendor_config_prop(camera2_extensions_prop)
system_vendor_config_prop(camerax_extensions_prop)
system_vendor_config_prop(charger_config_prop)
system_vendor_config_prop(codec2_config_prop)
system_vendor_config_prop(cpu_variant_prop)
system_vendor_config_prop(dalvik_config_prop)
system_vendor_config_prop(debugfs_restriction_prop)
system_vendor_config_prop(drm_service_config_prop)
system_vendor_config_prop(exported_camera_prop)
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(ffs_config_prop)
system_vendor_config_prop(framework_watchdog_config_prop)
system_vendor_config_prop(graphics_config_prop)
system_vendor_config_prop(hdmi_config_prop)
system_vendor_config_prop(hw_timeout_multiplier_prop)
system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(keyguard_config_prop)
system_vendor_config_prop(lmkd_config_prop)
system_vendor_config_prop(media_config_prop)
system_vendor_config_prop(media_variant_prop)
system_vendor_config_prop(mediadrm_config_prop)
system_vendor_config_prop(mm_events_config_prop)
system_vendor_config_prop(oem_unlock_prop)
system_vendor_config_prop(packagemanager_config_prop)
system_vendor_config_prop(recovery_config_prop)
system_vendor_config_prop(sendbug_config_prop)
system_vendor_config_prop(soc_prop)
system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(storagemanager_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(suspend_prop)
system_vendor_config_prop(systemsound_config_prop)
system_vendor_config_prop(telephony_config_prop)
system_vendor_config_prop(tombstone_config_prop)
system_vendor_config_prop(usb_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)
system_vendor_config_prop(vehicle_hal_prop)
system_vendor_config_prop(vendor_security_patch_level_prop)
system_vendor_config_prop(vendor_socket_hook_prop)
system_vendor_config_prop(virtual_ab_prop)
system_vendor_config_prop(vndk_prop)
system_vendor_config_prop(vts_config_prop)
system_vendor_config_prop(vold_config_prop)
system_vendor_config_prop(wifi_config_prop)
system_vendor_config_prop(zram_config_prop)
system_vendor_config_prop(zygote_config_prop)
system_vendor_config_prop(dck_prop)

# Properties with no restrictions
system_public_prop(adbd_config_prop)
system_public_prop(audio_prop)
system_public_prop(bluetooth_a2dp_offload_prop)
system_public_prop(bluetooth_audio_hal_prop)
system_public_prop(bluetooth_prop)
system_public_prop(ctl_default_prop)
system_public_prop(ctl_interface_start_prop)
system_public_prop(ctl_start_prop)
system_public_prop(ctl_stop_prop)
system_public_prop(dalvik_runtime_prop)
system_public_prop(debug_prop)
system_public_prop(dumpstate_options_prop)
system_public_prop(exported_system_prop)
system_public_prop(exported_bluetooth_prop)
system_public_prop(exported_overlay_prop)
system_public_prop(exported_pm_prop)
system_public_prop(ffs_control_prop)
system_public_prop(hal_dumpstate_config_prop)
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
system_public_prop(lmkd_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
system_public_prop(log_prop)
system_public_prop(log_tag_prop)
system_public_prop(lowpan_prop)
system_public_prop(nfc_prop)
system_public_prop(ota_prop)
system_public_prop(powerctl_prop)
system_public_prop(qemu_hw_prop)
system_public_prop(qemu_sf_lcd_density_prop)
system_public_prop(radio_control_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
system_public_prop(telephony_status_prop)
system_public_prop(usb_control_prop)
system_public_prop(vold_post_fs_data_prop)
system_public_prop(wifi_hal_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
system_public_prop(zram_control_prop)

# Properties which don't have entries on property_contexts
system_internal_prop(default_prop)

# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)

vendor_public_prop(persist_vendor_debug_wifi_prop)

# Properties which are public for devices launching with Android O or earlier
# This should not be used for any new properties.
not_compatible_property(`
    # DO NOT ADD ANY PROPERTIES HERE
    system_public_prop(boottime_prop)
    system_public_prop(bpf_progs_loaded_prop)
    system_public_prop(charger_prop)
    system_public_prop(cold_boot_done_prop)
    system_public_prop(ctl_adbd_prop)
    system_public_prop(ctl_apexd_prop)
    system_public_prop(ctl_bootanim_prop)
    system_public_prop(ctl_bugreport_prop)
    system_public_prop(ctl_console_prop)
    system_public_prop(ctl_dumpstate_prop)
    system_public_prop(ctl_fuse_prop)
    system_public_prop(ctl_gsid_prop)
    system_public_prop(ctl_interface_restart_prop)
    system_public_prop(ctl_interface_stop_prop)
    system_public_prop(ctl_mdnsd_prop)
    system_public_prop(ctl_restart_prop)
    system_public_prop(ctl_rildaemon_prop)
    system_public_prop(ctl_sigstop_prop)
    system_public_prop(dynamic_system_prop)
    system_public_prop(heapprofd_enabled_prop)
    system_public_prop(llkd_prop)
    system_public_prop(lpdumpd_prop)
    system_public_prop(mmc_prop)
    system_public_prop(mock_ota_prop)
    system_public_prop(net_dns_prop)
    system_public_prop(overlay_prop)
    system_public_prop(persistent_properties_ready_prop)
    system_public_prop(safemode_prop)
    system_public_prop(system_lmk_prop)
    system_public_prop(system_trace_prop)
    system_public_prop(test_boot_reason_prop)
    system_public_prop(time_prop)
    system_public_prop(traced_enabled_prop)
    system_public_prop(traced_lazy_prop)

    system_public_prop(config_prop)
    system_public_prop(cppreopt_prop)
    system_public_prop(dalvik_prop)
    system_public_prop(debuggerd_prop)
    system_public_prop(device_logging_prop)
    system_public_prop(dhcp_prop)
    system_public_prop(dumpstate_prop)
    system_public_prop(exported3_system_prop)
    system_public_prop(exported_dumpstate_prop)
    system_public_prop(exported_secure_prop)
    system_public_prop(heapprofd_prop)
    system_public_prop(net_radio_prop)
    system_public_prop(pan_result_prop)
    system_public_prop(persist_debug_prop)
    system_public_prop(shell_prop)
    system_public_prop(test_harness_prop)
    system_public_prop(theme_prop)
    system_public_prop(use_memfd_prop)
    system_public_prop(vold_prop)
')

not_compatible_property(`
    vendor_public_prop(vendor_default_prop)
')

compatible_property_only(`
    vendor_internal_prop(vendor_default_prop)
')

typeattribute log_prop log_property_type;
typeattribute log_tag_prop log_property_type;
typeattribute wifi_log_prop log_property_type;

allow property_type tmpfs:filesystem associate;

# core_property_type should not be used for new properties or
# device specific properties. Properties with this attribute
# are readable to everyone, which is overly broad and should
# be avoided.
# New properties should have appropriate read / write access
# control rules written.

typeattribute audio_prop         core_property_type;
typeattribute config_prop        core_property_type;
typeattribute cppreopt_prop      core_property_type;
typeattribute dalvik_prop        core_property_type;
typeattribute debuggerd_prop     core_property_type;
typeattribute debug_prop         core_property_type;
typeattribute dhcp_prop          core_property_type;
typeattribute dumpstate_prop     core_property_type;
typeattribute logd_prop          core_property_type;
typeattribute net_radio_prop     core_property_type;
typeattribute nfc_prop           core_property_type;
typeattribute ota_prop           core_property_type;
typeattribute pan_result_prop    core_property_type;
typeattribute persist_debug_prop core_property_type;
typeattribute powerctl_prop      core_property_type;
typeattribute radio_prop         core_property_type;
typeattribute restorecon_prop    core_property_type;
typeattribute shell_prop         core_property_type;
typeattribute system_prop        core_property_type;
typeattribute usb_prop           core_property_type;
typeattribute vold_prop          core_property_type;