platform_system_sepolicy/public/property.te
Neil Fuller c5980699a4 Limit processes that can change settings sysprops
Limit processes that can change global settings system properties.

Only system server and shell (for tests) should be able to set the
affected system properties.

Bug: 248307936
Test: treehugger only
Change-Id: I20b40cbedc9ad5277d08d033fc9d3ff6df7b7919
2022-09-27 16:08:59 +00:00

357 lines
14 KiB
Text

# Properties used only in /system
#
# DO NOT ADD system_internal_prop here.
# Instead, add to private/property.te.
# TODO(b/150331497): move these to private/property.te
system_internal_prop(apexd_prop)
system_internal_prop(bootloader_boot_reason_prop)
system_internal_prop(device_config_activity_manager_native_boot_prop)
system_internal_prop(device_config_boot_count_prop)
system_internal_prop(device_config_input_native_boot_prop)
system_internal_prop(device_config_media_native_prop)
system_internal_prop(device_config_netd_native_prop)
system_internal_prop(device_config_reset_performed_prop)
system_internal_prop(firstboot_prop)
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
system_internal_prop(boottime_prop)
system_internal_prop(charger_prop)
system_internal_prop(cold_boot_done_prop)
system_internal_prop(ctl_adbd_prop)
system_internal_prop(ctl_apexd_prop)
system_internal_prop(ctl_bootanim_prop)
system_internal_prop(ctl_bugreport_prop)
system_internal_prop(ctl_console_prop)
system_internal_prop(ctl_dumpstate_prop)
system_internal_prop(ctl_fuse_prop)
system_internal_prop(ctl_gsid_prop)
system_internal_prop(ctl_interface_restart_prop)
system_internal_prop(ctl_interface_stop_prop)
system_internal_prop(ctl_mdnsd_prop)
system_internal_prop(ctl_restart_prop)
system_internal_prop(ctl_rildaemon_prop)
system_internal_prop(ctl_sigstop_prop)
system_internal_prop(dynamic_system_prop)
system_internal_prop(heapprofd_enabled_prop)
system_internal_prop(llkd_prop)
system_internal_prop(lpdumpd_prop)
system_internal_prop(mmc_prop)
system_internal_prop(mock_ota_prop)
system_internal_prop(net_dns_prop)
system_internal_prop(overlay_prop)
system_internal_prop(persistent_properties_ready_prop)
system_internal_prop(safemode_prop)
system_internal_prop(system_lmk_prop)
system_internal_prop(system_trace_prop)
system_internal_prop(test_boot_reason_prop)
system_internal_prop(time_prop)
system_internal_prop(traced_enabled_prop)
system_internal_prop(traced_lazy_prop)
')
# Properties which can't be written outside system
system_restricted_prop(aac_drc_prop)
system_restricted_prop(apex_ready_prop)
system_restricted_prop(arm64_memtag_prop)
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
system_restricted_prop(binder_cache_telephony_server_prop)
system_restricted_prop(boot_status_prop)
system_restricted_prop(bootanim_system_prop)
system_restricted_prop(bootloader_prop)
system_restricted_prop(boottime_public_prop)
system_restricted_prop(bq_config_prop)
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(device_config_nnapi_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(device_config_surface_flinger_native_boot_prop)
system_restricted_prop(device_config_vendor_system_native_prop)
system_restricted_prop(device_config_vendor_system_native_boot_prop)
system_restricted_prop(fingerprint_prop)
system_restricted_prop(gwp_asan_prop)
system_restricted_prop(hal_instrumentation_prop)
system_restricted_prop(userdebug_or_eng_prop)
system_restricted_prop(hypervisor_prop)
system_restricted_prop(init_service_status_prop)
system_restricted_prop(libc_debug_prop)
system_restricted_prop(locale_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
system_restricted_prop(persist_wm_debug_prop)
system_restricted_prop(power_debug_prop)
system_restricted_prop(property_service_version_prop)
system_restricted_prop(provisioned_prop)
system_restricted_prop(restorecon_prop)
system_restricted_prop(retaildemo_prop)
system_restricted_prop(servicemanager_prop)
system_restricted_prop(smart_idle_maint_enabled_prop)
system_restricted_prop(socket_hook_prop)
system_restricted_prop(sqlite_log_prop)
system_restricted_prop(surfaceflinger_display_prop)
system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop)
system_restricted_prop(timezone_prop)
system_restricted_prop(ab_update_gki_prop)
system_restricted_prop(usb_prop)
system_restricted_prop(userspace_reboot_exported_prop)
system_restricted_prop(vold_status_prop)
system_restricted_prop(vts_status_prop)
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
system_restricted_prop(config_prop)
system_restricted_prop(cppreopt_prop)
system_restricted_prop(dalvik_prop)
system_restricted_prop(debuggerd_prop)
system_restricted_prop(device_logging_prop)
system_restricted_prop(dhcp_prop)
system_restricted_prop(dumpstate_prop)
system_restricted_prop(exported3_system_prop)
system_restricted_prop(exported_dumpstate_prop)
system_restricted_prop(exported_secure_prop)
system_restricted_prop(heapprofd_prop)
system_restricted_prop(net_radio_prop)
system_restricted_prop(pan_result_prop)
system_restricted_prop(persist_debug_prop)
system_restricted_prop(shell_prop)
system_restricted_prop(test_harness_prop)
system_restricted_prop(theme_prop)
system_restricted_prop(use_memfd_prop)
system_restricted_prop(vold_prop)
')
# Properties which can be written only by vendor_init
system_vendor_config_prop(apexd_config_prop)
system_vendor_config_prop(apexd_select_prop)
system_vendor_config_prop(aaudio_config_prop)
system_vendor_config_prop(apk_verity_prop)
system_vendor_config_prop(audio_config_prop)
system_vendor_config_prop(bootanim_config_prop)
system_vendor_config_prop(bluetooth_config_prop)
system_vendor_config_prop(build_config_prop)
system_vendor_config_prop(build_odm_prop)
system_vendor_config_prop(build_vendor_prop)
system_vendor_config_prop(camera_calibration_prop)
system_vendor_config_prop(camera_config_prop)
system_vendor_config_prop(camera2_extensions_prop)
system_vendor_config_prop(camerax_extensions_prop)
system_vendor_config_prop(charger_config_prop)
system_vendor_config_prop(codec2_config_prop)
system_vendor_config_prop(cpu_variant_prop)
system_vendor_config_prop(dalvik_config_prop)
system_vendor_config_prop(debugfs_restriction_prop)
system_vendor_config_prop(drm_service_config_prop)
system_vendor_config_prop(exported_camera_prop)
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(ffs_config_prop)
system_vendor_config_prop(framework_watchdog_config_prop)
system_vendor_config_prop(graphics_config_prop)
system_vendor_config_prop(hdmi_config_prop)
system_vendor_config_prop(hw_timeout_multiplier_prop)
system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(keyguard_config_prop)
system_vendor_config_prop(keystore_config_prop)
system_vendor_config_prop(lmkd_config_prop)
system_vendor_config_prop(media_config_prop)
system_vendor_config_prop(media_variant_prop)
system_vendor_config_prop(mediadrm_config_prop)
system_vendor_config_prop(mm_events_config_prop)
system_vendor_config_prop(oem_unlock_prop)
system_vendor_config_prop(packagemanager_config_prop)
system_vendor_config_prop(recovery_config_prop)
system_vendor_config_prop(sendbug_config_prop)
system_vendor_config_prop(soc_prop)
system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(storagemanager_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(suspend_prop)
system_vendor_config_prop(systemsound_config_prop)
system_vendor_config_prop(telephony_config_prop)
system_vendor_config_prop(tombstone_config_prop)
system_vendor_config_prop(usb_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)
system_vendor_config_prop(vehicle_hal_prop)
system_vendor_config_prop(vendor_security_patch_level_prop)
system_vendor_config_prop(vendor_socket_hook_prop)
system_vendor_config_prop(virtual_ab_prop)
system_vendor_config_prop(vndk_prop)
system_vendor_config_prop(vts_config_prop)
system_vendor_config_prop(vold_config_prop)
system_vendor_config_prop(wifi_config_prop)
system_vendor_config_prop(zram_config_prop)
system_vendor_config_prop(zygote_config_prop)
system_vendor_config_prop(dck_prop)
system_vendor_config_prop(tuner_config_prop)
# Properties with no restrictions
system_public_prop(adbd_config_prop)
system_public_prop(audio_prop)
system_public_prop(bluetooth_a2dp_offload_prop)
system_public_prop(bluetooth_audio_hal_prop)
system_public_prop(bluetooth_prop)
system_public_prop(bpf_progs_loaded_prop)
system_public_prop(charger_status_prop)
system_public_prop(ctl_default_prop)
system_public_prop(ctl_interface_start_prop)
system_public_prop(ctl_start_prop)
system_public_prop(ctl_stop_prop)
system_public_prop(dalvik_runtime_prop)
system_public_prop(debug_prop)
system_public_prop(device_config_memory_safety_native_prop)
system_public_prop(dumpstate_options_prop)
system_public_prop(exported_system_prop)
system_public_prop(exported_bluetooth_prop)
system_public_prop(exported_overlay_prop)
system_public_prop(exported_pm_prop)
system_public_prop(ffs_control_prop)
system_public_prop(framework_status_prop)
system_public_prop(gesture_prop)
system_public_prop(hal_dumpstate_config_prop)
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
system_public_prop(lmkd_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
system_public_prop(log_prop)
system_public_prop(log_tag_prop)
system_public_prop(lowpan_prop)
system_public_prop(nfc_prop)
system_public_prop(ota_prop)
system_public_prop(permissive_mte_prop)
system_public_prop(powerctl_prop)
system_public_prop(qemu_hw_prop)
system_public_prop(qemu_sf_lcd_density_prop)
system_public_prop(radio_control_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
system_public_prop(system_user_mode_emulation_prop)
system_public_prop(telephony_status_prop)
system_public_prop(usb_control_prop)
system_public_prop(vold_post_fs_data_prop)
system_public_prop(wifi_hal_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
system_public_prop(zram_control_prop)
# Properties which don't have entries on property_contexts
system_internal_prop(default_prop)
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
# Properties used in the default Face HAL implementations
vendor_internal_prop(virtual_face_hal_prop)
# Properties used in the default Fingerprint HAL implementations
vendor_internal_prop(virtual_fingerprint_hal_prop)
vendor_public_prop(persist_vendor_debug_wifi_prop)
# Properties which are public for devices launching with Android O or earlier
# This should not be used for any new properties.
not_compatible_property(`
# DO NOT ADD ANY PROPERTIES HERE
system_public_prop(boottime_prop)
system_public_prop(charger_prop)
system_public_prop(cold_boot_done_prop)
system_public_prop(ctl_adbd_prop)
system_public_prop(ctl_apexd_prop)
system_public_prop(ctl_bootanim_prop)
system_public_prop(ctl_bugreport_prop)
system_public_prop(ctl_console_prop)
system_public_prop(ctl_dumpstate_prop)
system_public_prop(ctl_fuse_prop)
system_public_prop(ctl_gsid_prop)
system_public_prop(ctl_interface_restart_prop)
system_public_prop(ctl_interface_stop_prop)
system_public_prop(ctl_mdnsd_prop)
system_public_prop(ctl_restart_prop)
system_public_prop(ctl_rildaemon_prop)
system_public_prop(ctl_sigstop_prop)
system_public_prop(dynamic_system_prop)
system_public_prop(heapprofd_enabled_prop)
system_public_prop(llkd_prop)
system_public_prop(lpdumpd_prop)
system_public_prop(mmc_prop)
system_public_prop(mock_ota_prop)
system_public_prop(net_dns_prop)
system_public_prop(overlay_prop)
system_public_prop(persistent_properties_ready_prop)
system_public_prop(safemode_prop)
system_public_prop(system_lmk_prop)
system_public_prop(system_trace_prop)
system_public_prop(test_boot_reason_prop)
system_public_prop(time_prop)
system_public_prop(traced_enabled_prop)
system_public_prop(traced_lazy_prop)
system_public_prop(config_prop)
system_public_prop(cppreopt_prop)
system_public_prop(dalvik_prop)
system_public_prop(debuggerd_prop)
system_public_prop(device_logging_prop)
system_public_prop(dhcp_prop)
system_public_prop(dumpstate_prop)
system_public_prop(exported3_system_prop)
system_public_prop(exported_dumpstate_prop)
system_public_prop(exported_secure_prop)
system_public_prop(heapprofd_prop)
system_public_prop(net_radio_prop)
system_public_prop(pan_result_prop)
system_public_prop(persist_debug_prop)
system_public_prop(shell_prop)
system_public_prop(test_harness_prop)
system_public_prop(theme_prop)
system_public_prop(use_memfd_prop)
system_public_prop(vold_prop)
')
not_compatible_property(`
vendor_public_prop(vendor_default_prop)
')
compatible_property_only(`
vendor_internal_prop(vendor_default_prop)
')
typeattribute log_prop log_property_type;
typeattribute log_tag_prop log_property_type;
typeattribute wifi_log_prop log_property_type;
allow property_type tmpfs:filesystem associate;
# core_property_type should not be used for new properties or
# device specific properties. Properties with this attribute
# are readable to everyone, which is overly broad and should
# be avoided.
# New properties should have appropriate read / write access
# control rules written.
typeattribute audio_prop core_property_type;
typeattribute config_prop core_property_type;
typeattribute cppreopt_prop core_property_type;
typeattribute dalvik_prop core_property_type;
typeattribute debuggerd_prop core_property_type;
typeattribute debug_prop core_property_type;
typeattribute dhcp_prop core_property_type;
typeattribute dumpstate_prop core_property_type;
typeattribute logd_prop core_property_type;
typeattribute net_radio_prop core_property_type;
typeattribute nfc_prop core_property_type;
typeattribute ota_prop core_property_type;
typeattribute pan_result_prop core_property_type;
typeattribute persist_debug_prop core_property_type;
typeattribute powerctl_prop core_property_type;
typeattribute radio_prop core_property_type;
typeattribute restorecon_prop core_property_type;
typeattribute shell_prop core_property_type;
typeattribute system_prop core_property_type;
typeattribute usb_prop core_property_type;
typeattribute vold_prop core_property_type;