67c3688497
adbd and apps (SystemUI and CTS test apps) need to read it. BUG: 162205386 Test: Connect to device which sets service.adb.tcp.port in vendor partition through TCP adb. Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
60 lines
2.6 KiB
Text
60 lines
2.6 KiB
Text
# Allow apps to read the Test Harness Mode property. This property is used in
|
|
# the implementation of ActivityManager.isDeviceInTestHarnessMode()
|
|
get_prop(appdomain, test_harness_prop)
|
|
|
|
get_prop(appdomain, boot_status_prop)
|
|
get_prop(appdomain, dalvik_config_prop)
|
|
get_prop(appdomain, media_config_prop)
|
|
get_prop(appdomain, packagemanager_config_prop)
|
|
get_prop(appdomain, surfaceflinger_color_prop)
|
|
get_prop(appdomain, systemsound_config_prop)
|
|
get_prop(appdomain, telephony_config_prop)
|
|
get_prop(appdomain, userspace_reboot_config_prop)
|
|
get_prop(appdomain, vold_config_prop)
|
|
get_prop(appdomain, adbd_config_prop)
|
|
|
|
userdebug_or_eng(`perfetto_producer({ appdomain })')
|
|
|
|
# Prevent apps from causing presubmit failures.
|
|
# Apps can cause selinux denials by accessing CE storage
|
|
# and/or external storage. In either case, the selinux denial is
|
|
# not the cause of the failure, but just a symptom that
|
|
# storage isn't ready. Many apps handle the failure appropriately.
|
|
#
|
|
# Apps cannot access external storage before it becomes available.
|
|
dontaudit appdomain storage_stub_file:dir getattr;
|
|
# Attempts to write to system_data_file is generally a sign
|
|
# that apps are attempting to access encrypted storage before
|
|
# the ACTION_USER_UNLOCKED intent is delivered. Apps are not
|
|
# allowed to write to CE storage before it's available.
|
|
# Attempting to do so will be blocked by both selinux and unix
|
|
# permissions.
|
|
dontaudit appdomain system_data_file:dir write;
|
|
# Apps should not be reading vendor-defined properties.
|
|
dontaudit appdomain vendor_default_prop:file read;
|
|
|
|
neverallow appdomain system_server:udp_socket {
|
|
accept append bind create ioctl listen lock name_bind
|
|
relabelfrom relabelto setattr shutdown };
|
|
|
|
# Transition to a non-app domain.
|
|
# Exception for the shell and su domains, can transition to runas, etc.
|
|
# Exception for crash_dump to allow for app crash reporting.
|
|
# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
|
|
# to allow renderscript to create privileged executable files.
|
|
neverallow { appdomain -shell userdebug_or_eng(`-su') }
|
|
{ domain -appdomain -crash_dump -rs }:process { transition };
|
|
neverallow { appdomain -shell userdebug_or_eng(`-su') }
|
|
{ domain -appdomain }:process { dyntransition };
|
|
|
|
# Don't allow regular apps access to storage configuration properties.
|
|
neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
|
|
|
|
# Allow to read sendbug.preferred.domain
|
|
get_prop(appdomain, sendbug_config_prop)
|
|
|
|
# Allow to read graphics related properties.
|
|
get_prop(appdomain, graphics_config_prop)
|
|
|
|
# Allow to read persist.config.calibration_fac
|
|
get_prop(appdomain, camera_calibration_prop)
|