Refine rules for accessing /dev/__properties__

Don't allow processes to list out the contents of the directory /dev/__properties__. This is an implementation specific detail that shouldn't be visible to processes. Test: Device boots and no problems reading individual properties. Test: ls -la /dev/__properties__ fails Change-Id: I4df6a829b0d22e30fb2c38030c690fc4a356f6a3

Refine rules for accessing /dev/properties
32c4a27c · Nick Kralevich · 804547bc · 32c4a27c
Commit 32c4a27c authored 8 years ago by Nick Kralevich
--- a/public/domain.te
+++ b/public/domain.te
@@ -77,7 +77,7 @@ allow { domain -servicemanager } hwbinder_device:chr_file rw_file_perms;
 allow domain ptmx_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
 allow domain random_device:chr_file rw_file_perms;
-allow domain properties_device:dir r_dir_perms;
+allow domain properties_device:dir { search getattr };
 allow domain properties_serial:file r_file_perms;

 # For now, everyone can access core property files