Something went wrong on our end
-
Lorenzo Colitti authoredThis change did not make it into core sepolicy in time for O. The revert allows devices to define these selinux policies in vendor-specific sepolicy instead of core sepolicy. It is necessary because: 1. It is too late to change property_contexts in O. 2. Adding the netd_stable_secret prop to vendor sepolicy results in a duplicate definition error at compile time. 3. Defining a new vendor-specific context (such as net_stable_secret_vendor_prop) and applying it to persist.netd.stable_secret results in the device not booting due to attempting to apply two different contexts to the same property. Lack of the sepolicy no longer breaks wifi connectivity now that IpManager no longer considers failure to set the stable secret to be a fatal error. Once all interested devices have adopted the vendor sepolicy, this policy can safely be reinstated by reverting said vendor sepolicies in internal master. This reverts commit abb1ba65. Bug: 17613910 Test: bullhead builds, boots, connects to wifi Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
Lorenzo Colitti authoredThis change did not make it into core sepolicy in time for O. The revert allows devices to define these selinux policies in vendor-specific sepolicy instead of core sepolicy. It is necessary because: 1. It is too late to change property_contexts in O. 2. Adding the netd_stable_secret prop to vendor sepolicy results in a duplicate definition error at compile time. 3. Defining a new vendor-specific context (such as net_stable_secret_vendor_prop) and applying it to persist.netd.stable_secret results in the device not booting due to attempting to apply two different contexts to the same property. Lack of the sepolicy no longer breaks wifi connectivity now that IpManager no longer considers failure to set the stable secret to be a fatal error. Once all interested devices have adopted the vendor sepolicy, this policy can safely be reinstated by reverting said vendor sepolicies in internal master. This reverts commit abb1ba65. Bug: 17613910 Test: bullhead builds, boots, connects to wifi Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
property.te 2.96 KiB
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
type ctl_bootanim_prop, property_type;
type ctl_bugreport_prop, property_type;
type ctl_console_prop, property_type;
type ctl_default_prop, property_type;
type ctl_dumpstate_prop, property_type;
type ctl_fuse_prop, property_type;
type ctl_mdnsd_prop, property_type;
type ctl_rildaemon_prop, property_type;
type dalvik_prop, property_type, core_property_type;
type debuggerd_prop, property_type, core_property_type;
type debug_prop, property_type, core_property_type;
type default_prop, property_type, core_property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
type dumpstate_prop, property_type, core_property_type;
type ffs_prop, property_type, core_property_type;
type fingerprint_prop, property_type, core_property_type;
type firstboot_prop, property_type;
type hwservicemanager_prop, property_type;
type logd_prop, property_type, core_property_type;
type logpersistd_logging_prop, property_type;
type log_prop, property_type, log_property_type;
type log_tag_prop, property_type, log_property_type;
type mmc_prop, property_type;
type net_dns_prop, property_type;
type net_radio_prop, property_type, core_property_type;
type nfc_prop, property_type, core_property_type;
type overlay_prop, property_type;
type pan_result_prop, property_type, core_property_type;
type persist_debug_prop, property_type, core_property_type;
type persistent_properties_ready_prop, property_type;
type powerctl_prop, property_type, core_property_type;
type radio_prop, property_type, core_property_type;
type restorecon_prop, property_type, core_property_type;
type safemode_prop, property_type;
type serialno_prop, property_type;
type shell_prop, property_type, core_property_type;
type system_prop, property_type, core_property_type;
type system_radio_prop, property_type, core_property_type;
type vold_prop, property_type, core_property_type;
type wifi_log_prop, property_type, log_property_type;
type wifi_prop, property_type;
allow property_type tmpfs:filesystem associate;
###
### Neverallow rules
###
# core_property_type should not be used for new properties or
# device specific properties. Properties with this attribute
# are readable to everyone, which is overly broad and should
# be avoided.
# New properties should have appropriate read / write access
# control rules written.
neverallow * {
core_property_type
-audio_prop
-config_prop
-cppreopt_prop
-dalvik_prop
-debuggerd_prop
-debug_prop -default_prop
-dhcp_prop
-dumpstate_prop
-ffs_prop
-fingerprint_prop
-logd_prop
-net_radio_prop
-nfc_prop
-pan_result_prop
-persist_debug_prop
-powerctl_prop
-radio_prop
-restorecon_prop
-shell_prop
-system_prop
-system_radio_prop
-vold_prop
}:file no_rw_file_perms;