b84133555a
The module is getting renamed, so rename all the policy
relating to it at the same time.
Bug: 137191822
Test: presubmit
Change-Id: Ia9d966ca9884ce068bd96cf5734e4a459158c85b
Merged-In: Ia9d966ca9884ce068bd96cf5734e4a459158c85b
(cherry picked from commit 6505573c36
)
230 lines
10 KiB
Text
230 lines
10 KiB
Text
##########################
|
|
# property service keys
|
|
#
|
|
#
|
|
net.rmnet u:object_r:net_radio_prop:s0
|
|
net.gprs u:object_r:net_radio_prop:s0
|
|
net.ppp u:object_r:net_radio_prop:s0
|
|
net.qmi u:object_r:net_radio_prop:s0
|
|
net.lte u:object_r:net_radio_prop:s0
|
|
net.cdma u:object_r:net_radio_prop:s0
|
|
net.dns u:object_r:net_dns_prop:s0
|
|
sys.usb.config u:object_r:system_radio_prop:s0
|
|
ril. u:object_r:radio_prop:s0
|
|
ro.ril. u:object_r:radio_prop:s0
|
|
gsm. u:object_r:radio_prop:s0
|
|
persist.radio u:object_r:radio_prop:s0
|
|
|
|
net. u:object_r:system_prop:s0
|
|
dev. u:object_r:system_prop:s0
|
|
ro.runtime. u:object_r:system_prop:s0
|
|
ro.runtime.firstboot u:object_r:firstboot_prop:s0
|
|
hw. u:object_r:system_prop:s0
|
|
ro.hw. u:object_r:system_prop:s0
|
|
sys. u:object_r:system_prop:s0
|
|
sys.init.userspace_reboot u:object_r:userspace_reboot_prop:s0
|
|
sys.cppreopt u:object_r:cppreopt_prop:s0
|
|
sys.linker. u:object_r:linker_prop:s0
|
|
sys.lpdumpd u:object_r:lpdumpd_prop:s0
|
|
sys.powerctl u:object_r:powerctl_prop:s0
|
|
sys.usb.ffs. u:object_r:ffs_prop:s0
|
|
service. u:object_r:system_prop:s0
|
|
dhcp. u:object_r:dhcp_prop:s0
|
|
dhcp.bt-pan.result u:object_r:pan_result_prop:s0
|
|
bluetooth. u:object_r:bluetooth_prop:s0
|
|
|
|
debug. u:object_r:debug_prop:s0
|
|
debug.db. u:object_r:debuggerd_prop:s0
|
|
dumpstate. u:object_r:dumpstate_prop:s0
|
|
dumpstate.options u:object_r:dumpstate_options_prop:s0
|
|
init.svc_debug_pid. u:object_r:init_svc_debug_prop:s0
|
|
llk. u:object_r:llkd_prop:s0
|
|
khungtask. u:object_r:llkd_prop:s0
|
|
ro.llk. u:object_r:llkd_prop:s0
|
|
ro.khungtask. u:object_r:llkd_prop:s0
|
|
log. u:object_r:log_prop:s0
|
|
log.tag u:object_r:log_tag_prop:s0
|
|
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
|
|
security.perf_harden u:object_r:shell_prop:s0
|
|
service.adb.root u:object_r:shell_prop:s0
|
|
service.adb.tcp.port u:object_r:shell_prop:s0
|
|
|
|
persist.audio. u:object_r:audio_prop:s0
|
|
persist.bluetooth. u:object_r:bluetooth_prop:s0
|
|
persist.debug. u:object_r:persist_debug_prop:s0
|
|
persist.logd. u:object_r:logd_prop:s0
|
|
ro.logd. u:object_r:logd_prop:s0
|
|
persist.logd.security u:object_r:device_logging_prop:s0
|
|
persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
|
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
|
persist.log.tag u:object_r:log_tag_prop:s0
|
|
persist.mmc. u:object_r:mmc_prop:s0
|
|
persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0
|
|
persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0
|
|
persist.sys. u:object_r:system_prop:s0
|
|
persist.sys.safemode u:object_r:safemode_prop:s0
|
|
persist.sys.theme u:object_r:theme_prop:s0
|
|
persist.sys.fflag.override.settings_dynamic_system u:object_r:dynamic_system_prop:s0
|
|
ro.sys.safemode u:object_r:safemode_prop:s0
|
|
persist.sys.audit_safemode u:object_r:safemode_prop:s0
|
|
persist.sys.dalvik.jvmtiagent u:object_r:system_jvmti_agent_prop:s0
|
|
persist.service. u:object_r:system_prop:s0
|
|
persist.service.bdroid. u:object_r:bluetooth_prop:s0
|
|
persist.security. u:object_r:system_prop:s0
|
|
persist.traced.enable u:object_r:traced_enabled_prop:s0
|
|
traced.lazy. u:object_r:traced_lazy_prop:s0
|
|
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
|
|
persist.vendor.overlay. u:object_r:overlay_prop:s0
|
|
ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
|
|
ro.boottime. u:object_r:boottime_prop:s0
|
|
ro.serialno u:object_r:serialno_prop:s0
|
|
ro.boot.btmacaddr u:object_r:bluetooth_prop:s0
|
|
ro.boot.serialno u:object_r:serialno_prop:s0
|
|
ro.bt. u:object_r:bluetooth_prop:s0
|
|
ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
|
|
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
|
|
sys.boot.reason u:object_r:system_boot_reason_prop:s0
|
|
sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
|
|
pm. u:object_r:pm_prop:s0
|
|
test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
|
|
sys.lmk. u:object_r:system_lmk_prop:s0
|
|
sys.trace. u:object_r:system_trace_prop:s0
|
|
|
|
# Boolean property set by system server upon boot indicating
|
|
# if device owner is provisioned.
|
|
ro.device_owner u:object_r:device_logging_prop:s0
|
|
|
|
# selinux non-persistent properties
|
|
selinux.restorecon_recursive u:object_r:restorecon_prop:s0
|
|
|
|
# default property context
|
|
* u:object_r:default_prop:s0
|
|
|
|
# data partition encryption properties
|
|
vold. u:object_r:vold_prop:s0
|
|
ro.crypto. u:object_r:vold_prop:s0
|
|
|
|
# ro.build.fingerprint is either set in /system/build.prop, or is
|
|
# set at runtime by system_server.
|
|
ro.build.fingerprint u:object_r:fingerprint_prop:s0
|
|
|
|
ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
|
|
|
|
# ctl properties
|
|
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
|
|
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
|
|
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
|
|
ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
|
|
ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0
|
|
ctl.bugreport u:object_r:ctl_bugreport_prop:s0
|
|
ctl.console u:object_r:ctl_console_prop:s0
|
|
ctl. u:object_r:ctl_default_prop:s0
|
|
|
|
# Don't allow blind access to all services
|
|
ctl.sigstop_on$ u:object_r:ctl_sigstop_prop:s0
|
|
ctl.sigstop_off$ u:object_r:ctl_sigstop_prop:s0
|
|
ctl.start$ u:object_r:ctl_start_prop:s0
|
|
ctl.stop$ u:object_r:ctl_stop_prop:s0
|
|
ctl.restart$ u:object_r:ctl_restart_prop:s0
|
|
ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
|
|
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
|
|
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
|
|
|
|
# Restrict access to starting/stopping adbd
|
|
ctl.start$adbd u:object_r:ctl_adbd_prop:s0
|
|
ctl.stop$adbd u:object_r:ctl_adbd_prop:s0
|
|
ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
|
|
|
|
# Restrict access to starting/stopping gsid.
|
|
ctl.start$gsid u:object_r:ctl_gsid_prop:s0
|
|
ctl.stop$gsid u:object_r:ctl_gsid_prop:s0
|
|
ctl.restart$gsid u:object_r:ctl_gsid_prop:s0
|
|
|
|
# Restrict access to stopping apexd.
|
|
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
|
|
|
|
# Restrict access to restart dumpstate
|
|
ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
|
|
|
|
# NFC properties
|
|
nfc. u:object_r:nfc_prop:s0
|
|
|
|
# These properties are not normally set by processes other than init.
|
|
# They are only distinguished here for setting by qemu-props on the
|
|
# emulator/goldfish.
|
|
config. u:object_r:config_prop:s0
|
|
ro.config. u:object_r:config_prop:s0
|
|
dalvik. u:object_r:dalvik_prop:s0
|
|
ro.dalvik. u:object_r:dalvik_prop:s0
|
|
|
|
# Shared between system server and wificond
|
|
wlan. u:object_r:wifi_prop:s0
|
|
|
|
# Lowpan properties
|
|
lowpan. u:object_r:lowpan_prop:s0
|
|
ro.lowpan. u:object_r:lowpan_prop:s0
|
|
|
|
# heapprofd properties
|
|
heapprofd. u:object_r:heapprofd_prop:s0
|
|
|
|
# hwservicemanager properties
|
|
hwservicemanager. u:object_r:hwservicemanager_prop:s0
|
|
|
|
# Common default properties for vendor and odm.
|
|
init.svc.odm. u:object_r:vendor_default_prop:s0
|
|
init.svc.vendor. u:object_r:vendor_default_prop:s0
|
|
ro.hardware. u:object_r:vendor_default_prop:s0
|
|
ro.odm. u:object_r:vendor_default_prop:s0
|
|
ro.vendor. u:object_r:vendor_default_prop:s0
|
|
odm. u:object_r:vendor_default_prop:s0
|
|
persist.odm. u:object_r:vendor_default_prop:s0
|
|
persist.vendor. u:object_r:vendor_default_prop:s0
|
|
vendor. u:object_r:vendor_default_prop:s0
|
|
# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned.
|
|
ro.boot. u:object_r:exported2_default_prop:s0
|
|
|
|
# Properties that relate to time / time zone detection behavior.
|
|
persist.time. u:object_r:time_prop:s0
|
|
|
|
# Properties that relate to server configurable flags
|
|
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
|
|
persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0
|
|
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
|
|
persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
|
|
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
|
|
persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0
|
|
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0
|
|
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
|
|
persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0
|
|
|
|
# Properties that relate to legacy server configurable flags
|
|
persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
|
|
|
|
apexd. u:object_r:apexd_prop:s0
|
|
persist.apexd. u:object_r:apexd_prop:s0
|
|
|
|
bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0
|
|
|
|
gsid. u:object_r:gsid_prop:s0
|
|
ro.gsid. u:object_r:gsid_prop:s0
|
|
|
|
# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
|
|
# which can't use NNAPI vendor extensions).
|
|
ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
|
|
|
|
# Property that is set once ueventd finishes cold boot.
|
|
ro.cold_boot_done u:object_r:cold_boot_done_prop:s0
|
|
|
|
# Charger properties
|
|
ro.charger. u:object_r:charger_prop:s0
|
|
|
|
# Virtual A/B properties
|
|
ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0
|
|
ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0
|
|
|
|
# Property to set/clear the warm reset flag after an OTA update.
|
|
ota.warm_reset u:object_r:ota_prop:s0
|
|
|
|
# Module properties
|
|
com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
|
|
persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
|