Skip to content
Snippets Groups Projects
Commit 4c1bbc30 authored by Nick Kralevich's avatar Nick Kralevich Committed by android-build-merger
Browse files

Remove property read access for non-core properties 

am: 5a570a4b

* commit '5a570a4b':
  Remove property read access for non-core properties
parents 4cf49a91 5a570a4b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
attributes
+ 4
0
View file @ 4c1bbc30
...@@ -55,6 +55,10 @@ attribute port_type; ...@@ -55,6 +55,10 @@ attribute port_type;
# All types used for property service # All types used for property service
attribute property_type; attribute property_type;
# All properties defined in core SELinux policy. Should not be
# used by device specific properties
attribute core_property_type;
# All service_manager types created by system_server # All service_manager types created by system_server
attribute system_server_service; attribute system_server_service;
......
domain.te
+ 3
2
View file @ 4c1bbc30
...@@ -79,8 +79,9 @@ allow domain random_device:chr_file rw_file_perms; ...@@ -79,8 +79,9 @@ allow domain random_device:chr_file rw_file_perms;
allow domain properties_device:dir r_dir_perms; allow domain properties_device:dir r_dir_perms;
allow domain properties_serial:file r_file_perms; allow domain properties_serial:file r_file_perms;
# For now, everyone can access all property files # For now, everyone can access core property files
get_prop(domain, property_type) # Device specific properties are not granted by default
get_prop(domain, core_property_type)
dontaudit domain property_type:file audit_access; dontaudit domain property_type:file audit_access;
allow domain property_contexts:file r_file_perms; allow domain property_contexts:file r_file_perms;
......
property.te
+ 33
33
View file @ 4c1bbc30
type default_prop, property_type; type default_prop, property_type, core_property_type;
type shell_prop, property_type; type shell_prop, property_type, core_property_type;
type debug_prop, property_type; type debug_prop, property_type, core_property_type;
type dumpstate_prop, property_type; type dumpstate_prop, property_type, core_property_type;
type persist_debug_prop, property_type; type persist_debug_prop, property_type, core_property_type;
type debuggerd_prop, property_type; type debuggerd_prop, property_type, core_property_type;
type dhcp_prop, property_type; type dhcp_prop, property_type, core_property_type;
type fingerprint_prop, property_type; type fingerprint_prop, property_type, core_property_type;
type ffs_prop, property_type; type ffs_prop, property_type, core_property_type;
type radio_prop, property_type; type radio_prop, property_type, core_property_type;
type net_radio_prop, property_type; type net_radio_prop, property_type, core_property_type;
type system_radio_prop, property_type; type system_radio_prop, property_type, core_property_type;
type system_prop, property_type; type system_prop, property_type, core_property_type;
type vold_prop, property_type; type vold_prop, property_type, core_property_type;
type ctl_bootanim_prop, property_type; type ctl_bootanim_prop, property_type, core_property_type;
type ctl_default_prop, property_type; type ctl_default_prop, property_type, core_property_type;
type ctl_dhcp_pan_prop, property_type; type ctl_dhcp_pan_prop, property_type, core_property_type;
type ctl_dumpstate_prop, property_type; type ctl_dumpstate_prop, property_type, core_property_type;
type ctl_fuse_prop, property_type; type ctl_fuse_prop, property_type, core_property_type;
type ctl_mdnsd_prop, property_type; type ctl_mdnsd_prop, property_type, core_property_type;
type ctl_rildaemon_prop, property_type; type ctl_rildaemon_prop, property_type, core_property_type;
type ctl_bugreport_prop, property_type; type ctl_bugreport_prop, property_type, core_property_type;
type ctl_console_prop, property_type; type ctl_console_prop, property_type, core_property_type;
type audio_prop, property_type; type audio_prop, property_type, core_property_type;
type logd_prop, property_type; type logd_prop, property_type, core_property_type;
type restorecon_prop, property_type; type restorecon_prop, property_type, core_property_type;
type security_prop, property_type; type security_prop, property_type, core_property_type;
type bluetooth_prop, property_type; type bluetooth_prop, property_type, core_property_type;
type pan_result_prop, property_type; type pan_result_prop, property_type, core_property_type;
type powerctl_prop, property_type; type powerctl_prop, property_type, core_property_type;
type nfc_prop, property_type; type nfc_prop, property_type, core_property_type;
type dalvik_prop, property_type; type dalvik_prop, property_type, core_property_type;
type config_prop, property_type; type config_prop, property_type, core_property_type;
allow property_type tmpfs:filesystem associate; allow property_type tmpfs:filesystem associate;
te_macros
+ 1
0
View file @ 4c1bbc30
...@@ -150,6 +150,7 @@ allow $1 $3:unix_stream_socket connectto; ...@@ -150,6 +150,7 @@ allow $1 $3:unix_stream_socket connectto;
define(`set_prop', ` define(`set_prop', `
__unix_socket_connect__($1, property, init) __unix_socket_connect__($1, property, init)
allow $1 $2:property_service set; allow $1 $2:property_service set;
get_prop($1, $2)
') ')
##################################### #####################################
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment