From 5a570a4b6b89a2226970de93887f25a10a2e4548 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 8 Dec 2015 14:45:50 -0800
Subject: [PATCH] Remove property read access for non-core properties

Instead of allowing global read access to all properties,
only allow read access to the properties which are part of
core SELinux policy. Device-specific policies are no longer
readable by default and need to be granted in device-specific
policy.

Grant read-access to any property where the person has write
access. In most cases, anyone who wants to write a property
needs read access to that property.

Change-Id: I2bd24583067b79f31b3bb0940b4c07fc33d09918
---
 attributes  |  4 ++++
 domain.te   |  5 ++--
 property.te | 66 ++++++++++++++++++++++++++---------------------------
 te_macros   |  1 +
 4 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/attributes b/attributes
index e9f51ee29..3f4d5ef15 100644
--- a/attributes
+++ b/attributes
@@ -55,6 +55,10 @@ attribute port_type;
 # All types used for property service
 attribute property_type;
 
+# All properties defined in core SELinux policy. Should not be
+# used by device specific properties
+attribute core_property_type;
+
 # All service_manager types created by system_server
 attribute system_server_service;
 
diff --git a/domain.te b/domain.te
index 2e38e92b2..aaf2d0a04 100644
--- a/domain.te
+++ b/domain.te
@@ -79,8 +79,9 @@ allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:dir r_dir_perms;
 allow domain properties_serial:file r_file_perms;
 
-# For now, everyone can access all property files
-get_prop(domain, property_type)
+# For now, everyone can access core property files
+# Device specific properties are not granted by default
+get_prop(domain, core_property_type)
 dontaudit domain property_type:file audit_access;
 allow domain property_contexts:file r_file_perms;
 
diff --git a/property.te b/property.te
index a9c5fe6dc..2c4084f14 100644
--- a/property.te
+++ b/property.te
@@ -1,35 +1,35 @@
-type default_prop, property_type;
-type shell_prop, property_type;
-type debug_prop, property_type;
-type dumpstate_prop, property_type;
-type persist_debug_prop, property_type;
-type debuggerd_prop, property_type;
-type dhcp_prop, property_type;
-type fingerprint_prop, property_type;
-type ffs_prop, property_type;
-type radio_prop, property_type;
-type net_radio_prop, property_type;
-type system_radio_prop, property_type;
-type system_prop, property_type;
-type vold_prop, property_type;
-type ctl_bootanim_prop, property_type;
-type ctl_default_prop, property_type;
-type ctl_dhcp_pan_prop, property_type;
-type ctl_dumpstate_prop, property_type;
-type ctl_fuse_prop, property_type;
-type ctl_mdnsd_prop, property_type;
-type ctl_rildaemon_prop, property_type;
-type ctl_bugreport_prop, property_type;
-type ctl_console_prop, property_type;
-type audio_prop, property_type;
-type logd_prop, property_type;
-type restorecon_prop, property_type;
-type security_prop, property_type;
-type bluetooth_prop, property_type;
-type pan_result_prop, property_type;
-type powerctl_prop, property_type;
-type nfc_prop, property_type;
-type dalvik_prop, property_type;
-type config_prop, property_type;
+type default_prop, property_type, core_property_type;
+type shell_prop, property_type, core_property_type;
+type debug_prop, property_type, core_property_type;
+type dumpstate_prop, property_type, core_property_type;
+type persist_debug_prop, property_type, core_property_type;
+type debuggerd_prop, property_type, core_property_type;
+type dhcp_prop, property_type, core_property_type;
+type fingerprint_prop, property_type, core_property_type;
+type ffs_prop, property_type, core_property_type;
+type radio_prop, property_type, core_property_type;
+type net_radio_prop, property_type, core_property_type;
+type system_radio_prop, property_type, core_property_type;
+type system_prop, property_type, core_property_type;
+type vold_prop, property_type, core_property_type;
+type ctl_bootanim_prop, property_type, core_property_type;
+type ctl_default_prop, property_type, core_property_type;
+type ctl_dhcp_pan_prop, property_type, core_property_type;
+type ctl_dumpstate_prop, property_type, core_property_type;
+type ctl_fuse_prop, property_type, core_property_type;
+type ctl_mdnsd_prop, property_type, core_property_type;
+type ctl_rildaemon_prop, property_type, core_property_type;
+type ctl_bugreport_prop, property_type, core_property_type;
+type ctl_console_prop, property_type, core_property_type;
+type audio_prop, property_type, core_property_type;
+type logd_prop, property_type, core_property_type;
+type restorecon_prop, property_type, core_property_type;
+type security_prop, property_type, core_property_type;
+type bluetooth_prop, property_type, core_property_type;
+type pan_result_prop, property_type, core_property_type;
+type powerctl_prop, property_type, core_property_type;
+type nfc_prop, property_type, core_property_type;
+type dalvik_prop, property_type, core_property_type;
+type config_prop, property_type, core_property_type;
 
 allow property_type tmpfs:filesystem associate;
diff --git a/te_macros b/te_macros
index 37b33a90b..6d918354b 100644
--- a/te_macros
+++ b/te_macros
@@ -150,6 +150,7 @@ allow $1 $3:unix_stream_socket connectto;
 define(`set_prop', `
 __unix_socket_connect__($1, property, init)
 allow $1 $2:property_service set;
+get_prop($1, $2)
 ')
 
 #####################################
-- 
GitLab