bb9a388840
system/core commit 331cf2fb7c16b5b25064f8d2f00284105a9b413f created a number of new properties of the form: [ro.boottime.init]: [5294587604] [ro.boottime.InputEventFind]: [10278767840] [ro.boottime.adbd]: [8359267180] ... These properties were assigned the default_prop SELinux label because a better label did not exist. Properties labeled with the default_prop label are readable to any SELinux domain, which is overly broad. bullhead:/ $ getprop -Z ro.boottime.adbd u:object_r:default_prop:s0 Instead, create a new label for the ro.boottime.* properties so we can apply more fine grain read access control to these properties. bullhead:/ $ getprop -Z ro.boottime.adbd u:object_r:boottime_prop:s0 New SELinux property labels have minimal permissions by default. As a result, after this change, ro.boottime.* properties will only be readable to system_server, bootstat, init (because it manages the property space), and "adb root" (because no SELinux permissions are enforced there). Additional read access can be granted as-needed. This is part of a larger effort to implement fine-grain access control on the properties managed by init. Test: Device boots and no SELinux denials on boot. Change-Id: Ibf981cb81898f4356fdc5c1b6f15dd93c0d6d84d
85 lines
2.8 KiB
Text
85 lines
2.8 KiB
Text
type audio_prop, property_type, core_property_type;
|
|
type boottime_prop, property_type;
|
|
type bluetooth_prop, property_type, core_property_type;
|
|
type config_prop, property_type, core_property_type;
|
|
type cppreopt_prop, property_type, core_property_type;
|
|
type ctl_bootanim_prop, property_type;
|
|
type ctl_bugreport_prop, property_type;
|
|
type ctl_console_prop, property_type;
|
|
type ctl_default_prop, property_type;
|
|
type ctl_dumpstate_prop, property_type;
|
|
type ctl_fuse_prop, property_type;
|
|
type ctl_mdnsd_prop, property_type;
|
|
type ctl_rildaemon_prop, property_type;
|
|
type dalvik_prop, property_type, core_property_type;
|
|
type debuggerd_prop, property_type, core_property_type;
|
|
type debug_prop, property_type, core_property_type;
|
|
type default_prop, property_type, core_property_type;
|
|
type device_logging_prop, property_type;
|
|
type dhcp_prop, property_type, core_property_type;
|
|
type dumpstate_options_prop, property_type;
|
|
type dumpstate_prop, property_type, core_property_type;
|
|
type ffs_prop, property_type, core_property_type;
|
|
type fingerprint_prop, property_type, core_property_type;
|
|
type hwservicemanager_prop, property_type;
|
|
type logd_prop, property_type, core_property_type;
|
|
type logpersistd_logging_prop, property_type;
|
|
type log_prop, property_type, log_property_type;
|
|
type log_tag_prop, property_type, log_property_type;
|
|
type mmc_prop, property_type;
|
|
type net_radio_prop, property_type, core_property_type;
|
|
type nfc_prop, property_type, core_property_type;
|
|
type overlay_prop, property_type;
|
|
type pan_result_prop, property_type, core_property_type;
|
|
type persist_debug_prop, property_type, core_property_type;
|
|
type powerctl_prop, property_type, core_property_type;
|
|
type radio_prop, property_type, core_property_type;
|
|
type restorecon_prop, property_type, core_property_type;
|
|
type safemode_prop, property_type;
|
|
type shell_prop, property_type, core_property_type;
|
|
type system_prop, property_type, core_property_type;
|
|
type system_radio_prop, property_type, core_property_type;
|
|
type vold_prop, property_type, core_property_type;
|
|
type wifi_log_prop, property_type, log_property_type;
|
|
type wifi_prop, property_type;
|
|
|
|
allow property_type tmpfs:filesystem associate;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
|
|
# core_property_type should not be used for new properties or
|
|
# device specific properties. Properties with this attribute
|
|
# are readable to everyone, which is overly broad and should
|
|
# be avoided.
|
|
# New properties should have appropriate read / write access
|
|
# control rules written.
|
|
|
|
neverallow * {
|
|
core_property_type
|
|
-audio_prop
|
|
-bluetooth_prop
|
|
-config_prop
|
|
-cppreopt_prop
|
|
-dalvik_prop
|
|
-debuggerd_prop
|
|
-debug_prop
|
|
-default_prop
|
|
-dhcp_prop
|
|
-dumpstate_prop
|
|
-ffs_prop
|
|
-fingerprint_prop
|
|
-logd_prop
|
|
-net_radio_prop
|
|
-nfc_prop
|
|
-pan_result_prop
|
|
-persist_debug_prop
|
|
-powerctl_prop
|
|
-radio_prop
|
|
-restorecon_prop
|
|
-shell_prop
|
|
-system_prop
|
|
-system_radio_prop
|
|
-vold_prop
|
|
}:file no_rw_file_perms;
|