Merge "Allow vendor_init without compatible_property to write most properties"

873d6ad6 · Tom Cherry · Gerrit Code Review · 0a1c9a94 · 6473ae83 · 873d6ad6
Commit 873d6ad6 authored 7 years ago by Tom Cherry Committed by Gerrit Code Review 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -506,10 +506,12 @@ neverallow * hidl_base_hwservice:hwservice_manager find;

 # Require that domains explicitly label unknown properties, and do not allow
 # anyone but init to modify unknown properties.
-neverallow { domain -init } default_prop:property_service set;
-neverallow { domain -init } mmc_prop:property_service set;
+neverallow { domain -init -vendor_init } default_prop:property_service set;
+neverallow { domain -init -vendor_init } mmc_prop:property_service set;

 compatible_property_only(`
+    neverallow { domain -init } default_prop:property_service set;
+    neverallow { domain -init } mmc_prop:property_service set;
    neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
    neverallow { domain -init -vendor_init } exported2_default_prop:property_service set;
    neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -218,6 +218,19 @@ allow vendor_init serialno_prop:file { getattr open read };
 # Vendor init can perform operations on trusted and security Extended Attributes
 allow vendor_init self:global_capability_class_set sys_admin;

+not_compatible_property(`
+    set_prop(vendor_init, {
+      property_type
+      -restorecon_prop
+      -netd_stable_secret_prop
+      -firstboot_prop
+      -pm_prop
+      -system_boot_reason_prop
+      -bootloader_boot_reason_prop
+      -last_boot_reason_prop
+    })
+')
+
 set_prop(vendor_init, debug_prop)
 set_prop(vendor_init, exported_config_prop)
 set_prop(vendor_init, exported_dalvik_prop)