Skip to content
Snippets Groups Projects
Normal view Permalink
property.te 6.81 KiB
Newer Older
  • Learn to ignore specific revisions
    • Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    1 
    type audio_prop, property_type, core_property_type;
    Nick Kralevich's avatar
    Assign a label to the ro.boottime.* properties  
    Nick Kralevich committed
    2 
    type boottime_prop, property_type;
    Jaekyun Seok's avatar
    Whitelist vendor-init-settable bluetooth_prop and wifi_prop  
    Jaekyun Seok committed
    3 
    type bluetooth_a2dp_offload_prop, property_type;
    Alex Klyubin's avatar
    Restrict access to Bluetooth system properties  
    Alex Klyubin committed
    4 
    type bluetooth_prop, property_type;
    Mark Salyzyn's avatar
    Switch /data/misc/reboot/last_reboot_reason to persistent property  
    Mark Salyzyn committed
    5 
    type bootloader_boot_reason_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    6 7 
    type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
    Nick Kralevich's avatar
    Remove core_property_type from ctl_* properties  
    Nick Kralevich committed
    8 
    type ctl_bootanim_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    9 10 
    type ctl_bugreport_prop, property_type;
type ctl_console_prop, property_type;
    Nick Kralevich's avatar
    Remove core_property_type from ctl_* properties  
    Nick Kralevich committed
    11 12 13 14 15 
    type ctl_default_prop, property_type;
type ctl_dumpstate_prop, property_type;
type ctl_fuse_prop, property_type;
type ctl_mdnsd_prop, property_type;
type ctl_rildaemon_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    16 17 18 19 20 21 22 23 
    type dalvik_prop, property_type, core_property_type;
type debuggerd_prop, property_type, core_property_type;
type debug_prop, property_type, core_property_type;
type default_prop, property_type, core_property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
type dumpstate_prop, property_type, core_property_type;
    Jaekyun Seok's avatar
    Allow only public-readable to ro.secure and ro.adb.secure  
    Jaekyun Seok committed
    24 
    type exported_secure_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    25 26 
    type ffs_prop, property_type, core_property_type;
type fingerprint_prop, property_type, core_property_type;
    Alex Klyubin's avatar
    Remove access to ro.runtime.firstboot from apps  
    Alex Klyubin committed
    27 
    type firstboot_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    28 
    type hwservicemanager_prop, property_type;
    Mark Salyzyn's avatar
    Switch /data/misc/reboot/last_reboot_reason to persistent property  
    Mark Salyzyn committed
    29 
    type last_boot_reason_prop, property_type;
    Nick Kralevich's avatar
    Remove property read access for non-core properties  
    Nick Kralevich committed
    30 
    type logd_prop, property_type, core_property_type;
    Mark Salyzyn's avatar
    logpersist: reserve persist.logd.logpersistd  
    Mark Salyzyn committed
    31 
    type logpersistd_logging_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    32 33 
    type log_prop, property_type, log_property_type;
type log_tag_prop, property_type, log_property_type;
    Dan Cashman's avatar
    Sync internal master and AOSP sepolicy.  
    Dan Cashman committed
    34 
    type lowpan_prop, property_type;
    Mark Salyzyn's avatar
    persist.mmc.* only set in init  
    Mark Salyzyn committed
    35 
    type mmc_prop, property_type;
    Nick Kralevich's avatar
    Move net.dns* to it's own label.  
    Nick Kralevich committed
    36 
    type net_dns_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    37 
    type net_radio_prop, property_type, core_property_type;
    Lorenzo Colitti's avatar
    Revert "Temporarily revert the SELinux policy for persist.netd.stable_secret."  
    Lorenzo Colitti committed
    38 
    type netd_stable_secret_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    39 40 
    type nfc_prop, property_type, core_property_type;
type overlay_prop, property_type;
    Nick Kralevich's avatar
    Remove property read access for non-core properties  
    Nick Kralevich committed
    41 
    type pan_result_prop, property_type, core_property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    42 
    type persist_debug_prop, property_type, core_property_type;
    Keun-young Park's avatar
    make ro.persistent_properties.ready accessible for hidl client  
    Keun-young Park committed
    43 
    type persistent_properties_ready_prop, property_type;
    Calin Juravle's avatar
    Revert "Revert "Put pm.* property in new pm_prop context""  
    Calin Juravle committed
    44 
    type pm_prop, property_type;
    Nick Kralevich's avatar
    Remove property read access for non-core properties  
    Nick Kralevich committed
    45 
    type powerctl_prop, property_type, core_property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    46 47 
    type radio_prop, property_type, core_property_type;
type restorecon_prop, property_type, core_property_type;
    Sami Tolvanen's avatar
    Allow logd.auditd to reboot to safe mode  
    Sami Tolvanen committed
    48 
    type safemode_prop, property_type;
    Alex Klyubin's avatar
    Restrict access to ro.serialno and ro.boot.serialno  
    Alex Klyubin committed
    49 
    type serialno_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    50 
    type shell_prop, property_type, core_property_type;
    Mark Salyzyn's avatar
    Switch /data/misc/reboot/last_reboot_reason to persistent property  
    Mark Salyzyn committed
    51 
    type system_boot_reason_prop, property_type;
    Nick Kralevich's avatar
    property.te: sort entries  
    Nick Kralevich committed
    52 53 54 55 56 
    type system_prop, property_type, core_property_type;
type system_radio_prop, property_type, core_property_type;
type vold_prop, property_type, core_property_type;
type wifi_log_prop, property_type, log_property_type;
type wifi_prop, property_type;
    Tom Cherry's avatar
    Support fine grain read access control for properties  
    Tom Cherry committed
    57
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    58 
    # Properties for whitelisting
    Jaekyun Seok's avatar
    Whitelist vendor-init-settable bluetooth_prop and wifi_prop  
    Jaekyun Seok committed
    59 
    type exported_bluetooth_prop, property_type;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    60 61 62 63 64 
    type exported_config_prop, property_type;
type exported_dalvik_prop, property_type;
type exported_default_prop, property_type;
type exported_dumpstate_prop, property_type;
type exported_ffs_prop, property_type;
    Jaekyun Seok's avatar
    Fix TODOs of duplicate property names for prefix and exact matching  
    Jaekyun Seok committed
    65 
    type exported_fingerprint_prop, property_type;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    66 67 68 69 70 71 
    type exported_overlay_prop, property_type;
type exported_pm_prop, property_type;
type exported_radio_prop, property_type;
type exported_system_prop, property_type;
type exported_system_radio_prop, property_type;
type exported_vold_prop, property_type;
    Jaekyun Seok's avatar
    Whitelist vendor-init-settable bluetooth_prop and wifi_prop  
    Jaekyun Seok committed
    72 
    type exported_wifi_prop, property_type;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    73 74 75 76 77 78 
    type exported2_config_prop, property_type;
type exported2_default_prop, property_type;
type exported2_radio_prop, property_type;
type exported2_system_prop, property_type;
type exported2_vold_prop, property_type;
type exported3_default_prop, property_type;
    Jaekyun Seok's avatar
    Allow vendor-init-settable to persist.radio.multisim.config  
    Jaekyun Seok committed
    79 
    type exported3_radio_prop, property_type;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    80 81 82 
    type exported3_system_prop, property_type;
type vendor_default_prop, property_type;
    Tom Cherry's avatar
    Support fine grain read access control for properties  
    Tom Cherry committed
    83 
    allow property_type tmpfs:filesystem associate;
    Nick Kralevich's avatar
    Do not allow new additions to core_property_type  
    Nick Kralevich committed
    84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 
    
###
### Neverallow rules
###

# core_property_type should not be used for new properties or
# device specific properties. Properties with this attribute
# are readable to everyone, which is overly broad and should
# be avoided.
# New properties should have appropriate read / write access
# control rules written.

neverallow * {
  core_property_type
  -audio_prop
  -config_prop
  -cppreopt_prop
  -dalvik_prop
  -debuggerd_prop
  -debug_prop
  -default_prop
  -dhcp_prop
  -dumpstate_prop
  -ffs_prop
  -fingerprint_prop
  -logd_prop
  -net_radio_prop
  -nfc_prop
  -pan_result_prop
  -persist_debug_prop
  -powerctl_prop
  -radio_prop
  -restorecon_prop
  -shell_prop
  -system_prop
  -system_radio_prop
  -vold_prop
}:file no_rw_file_perms;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    122 123 
    
compatible_property_only(`
    Tom Cherry's avatar
    Fix compatible property neverallows  
    Tom Cherry committed
    124 
    # Prevent properties from being set
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    125 126 127 128 129 130 131 132 133 134 135 136 
      neverallow {
    domain
    -coredomain
    -appdomain
    -vendor_init
  } {
    core_property_type
    exported_config_prop
    exported_dalvik_prop
    exported_default_prop
    exported_dumpstate_prop
    exported_ffs_prop
    Jaekyun Seok's avatar
    Fix TODOs of duplicate property names for prefix and exact matching  
    Jaekyun Seok committed
    137 
        exported_fingerprint_prop
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    138 139 140 141 142 143 144 145 146 
        exported_system_prop
    exported_system_radio_prop
    exported_vold_prop
    exported2_config_prop
    exported2_default_prop
    exported2_system_prop
    exported2_vold_prop
    exported3_default_prop
    exported3_system_prop
    Tom Cherry's avatar
    Fix compatible property neverallows  
    Tom Cherry committed
    147 148 149 150 151 152 153 154 155 
        -nfc_prop
    -powerctl_prop
    -radio_prop
  }:property_service set;

  neverallow {
    domain
    -coredomain
    -appdomain
    Jaekyun Seok's avatar
    Add tests for compatible property (1/2)  
    Jaekyun Seok committed
    156 
        -hal_nfc_server
    Tom Cherry's avatar
    Fix compatible property neverallows  
    Tom Cherry committed
    157 158 159 160 161 162 163 164 
      } {
    nfc_prop
  }:property_service set;

  neverallow {
    domain
    -coredomain
    -appdomain
    Amit Mahajan's avatar
    Revert "Revert "Move rild from public to vendor.""  
    Amit Mahajan committed
    165 
        -hal_telephony_server
    Tom Cherry's avatar
    Fix compatible property neverallows  
    Tom Cherry committed
    166 167 168 
        -vendor_init
  } {
    exported_radio_prop
    Jaekyun Seok's avatar
    Allow vendor-init-settable to persist.radio.multisim.config  
    Jaekyun Seok committed
    169 
        exported3_radio_prop
    Jaekyun Seok's avatar
    Neverallow unexpected domains to access bluetooth_prop and wifi_prop  
    Jaekyun Seok committed
    170 171 172 173 174 175 176 177 178 
      }:property_service set;

  neverallow {
    domain
    -coredomain
    -appdomain
    -hal_telephony_server
  } {
    exported2_radio_prop
    Tom Cherry's avatar
    Fix compatible property neverallows  
    Tom Cherry committed
    179 180 
        radio_prop
  }:property_service set;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    181
    Jaekyun Seok's avatar
    Neverallow unexpected domains to access bluetooth_prop and wifi_prop  
    Jaekyun Seok committed
    182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 
      neverallow {
    domain
    -coredomain
    -bluetooth
    -hal_bluetooth
  } {
    bluetooth_prop
  }:property_service set;

  neverallow {
    domain
    -coredomain
    -bluetooth
    -hal_bluetooth
    -vendor_init
  } {
    exported_bluetooth_prop
  }:property_service set;

  neverallow {
    domain
    -coredomain
    -hal_wifi
    -wificond
  } {
    wifi_prop
  }:property_service set;

  neverallow {
    domain
    -coredomain
    -hal_wifi
    -wificond
    -vendor_init
  } {
    exported_wifi_prop
  }:property_service set;
    Tom Cherry's avatar
    Fix compatible property neverallows  
    Tom Cherry committed
    220 
    # Prevent properties from being read
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 
      neverallow {
    domain
    -coredomain
    -appdomain
    -vendor_init
  } {
    core_property_type
    exported_dalvik_prop
    exported_ffs_prop
    exported_system_radio_prop
    exported2_config_prop
    exported2_system_prop
    exported2_vold_prop
    exported3_default_prop
    exported3_system_prop
    -debug_prop
    -logd_prop
    -nfc_prop
    -powerctl_prop
    -radio_prop
  }:file no_rw_file_perms;
    Jaekyun Seok's avatar
    Add neverallow rules to restrict reading radio_prop  
    Jaekyun Seok committed
    242
    Jaekyun Seok's avatar
    Add tests for compatible property (1/2)  
    Jaekyun Seok committed
    243 244 245 246 247 248 249 250 251 
      neverallow {
    domain
    -coredomain
    -appdomain
    -hal_nfc_server
  } {
    nfc_prop
  }:file no_rw_file_perms;
    Jaekyun Seok's avatar
    Add neverallow rules to restrict reading radio_prop  
    Jaekyun Seok committed
    252 253 254 255 
      neverallow {
    domain
    -coredomain
    -appdomain
    Amit Mahajan's avatar
    Revert "Revert "Move rild from public to vendor.""  
    Amit Mahajan committed
    256 
        -hal_telephony_server
    Jaekyun Seok's avatar
    Add neverallow rules to restrict reading radio_prop  
    Jaekyun Seok committed
    257 258 259 
      } {
    radio_prop
  }:file no_rw_file_perms;
    Jaekyun Seok's avatar
    Neverallow unexpected domains to access bluetooth_prop and wifi_prop  
    Jaekyun Seok committed
    260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 
    
  neverallow {
    domain
    -coredomain
    -bluetooth
    -hal_bluetooth
  } {
    bluetooth_prop
  }:file no_rw_file_perms;

  neverallow {
    domain
    -coredomain
    -hal_wifi
    -wificond
  } {
    wifi_prop
  }:file no_rw_file_perms;
    Jaekyun Seok's avatar
    Whitelist exported platform properties  
    Jaekyun Seok committed
    278 
    ')