Skip to content
Snippets Groups Projects
Commit cdb1624c authored by Tom Cherry's avatar Tom Cherry Committed by Jiyong Park
Browse files

neverallow coredomain from writing vendor properties

System properties can be abused to get around Treble requirements of
having a clean system/vendor split.  This CL seeks to prevent that by
neverallowing coredomain from writing vendor properties.

Bug: 78598545
Test: build 2017/2018 Pixels
Test: build aosp_arm64
Change-Id: I5e06894150ba121624d753228e550ba9b81f7677
parent 4c2e89ba
No related branches found
No related tags found
No related merge requests found
...@@ -166,6 +166,12 @@ expandattribute data_between_core_and_vendor_violators false; ...@@ -166,6 +166,12 @@ expandattribute data_between_core_and_vendor_violators false;
attribute system_executes_vendor_violators; attribute system_executes_vendor_violators;
expandattribute system_executes_vendor_violators false; expandattribute system_executes_vendor_violators false;
# All system domains which violate the requirement of not writing vendor
# properties.
# TODO(b/78598545): Remove this once there are no violations
attribute system_writes_vendor_properties_violators;
expandattribute system_writes_vendor_properties_violators false;
# hwservices that are accessible from untrusted applications # hwservices that are accessible from untrusted applications
# WARNING: Use of this attribute should be avoided unless # WARNING: Use of this attribute should be avoided unless
# absolutely necessary. It is a temporary allowance to aid the # absolutely necessary. It is a temporary allowance to aid the
......
...@@ -279,3 +279,96 @@ compatible_property_only(` ...@@ -279,3 +279,96 @@ compatible_property_only(`
wifi_prop wifi_prop
}:file no_rw_file_perms; }:file no_rw_file_perms;
') ')
compatible_property_only(`
# Neverallow coredomain to set vendor properties
neverallow {
coredomain
-init
-system_writes_vendor_properties_violators
} {
property_type
-audio_prop
-bluetooth_a2dp_offload_prop
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
-config_prop
-cppreopt_prop
-ctl_bootanim_prop
-ctl_bugreport_prop
-ctl_console_prop
-ctl_default_prop
-ctl_dumpstate_prop
-ctl_fuse_prop
-ctl_mdnsd_prop
-ctl_rildaemon_prop
-dalvik_prop
-debug_prop
-debuggerd_prop
-default_prop
-device_logging_prop
-dhcp_prop
-dumpstate_options_prop
-dumpstate_prop
-exported2_config_prop
-exported2_default_prop
-exported2_radio_prop
-exported2_system_prop
-exported2_vold_prop
-exported3_default_prop
-exported3_radio_prop
-exported3_system_prop
-exported_bluetooth_prop
-exported_config_prop
-exported_dalvik_prop
-exported_default_prop
-exported_dumpstate_prop
-exported_ffs_prop
-exported_fingerprint_prop
-exported_overlay_prop
-exported_pm_prop
-exported_radio_prop
-exported_secure_prop
-exported_system_prop
-exported_system_radio_prop
-exported_vold_prop
-exported_wifi_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
-hwservicemanager_prop
-last_boot_reason_prop
-log_prop
-log_tag_prop
-logd_prop
-logpersistd_logging_prop
-lowpan_prop
-mmc_prop
-net_dns_prop
-net_radio_prop
-netd_stable_secret_prop
-nfc_prop
-overlay_prop
-pan_result_prop
-persist_debug_prop
-persistent_properties_ready_prop
-pm_prop
-powerctl_prop
-radio_prop
-restorecon_prop
-safemode_prop
-serialno_prop
-shell_prop
-system_boot_reason_prop
-system_prop
-system_radio_prop
-test_boot_reason_prop
-traced_enabled_prop
-vendor_default_prop
-vendor_security_patch_level_prop
-vold_prop
-wifi_log_prop
-wifi_prop
}:property_service set;
')
...@@ -166,6 +166,12 @@ expandattribute data_between_core_and_vendor_violators false; ...@@ -166,6 +166,12 @@ expandattribute data_between_core_and_vendor_violators false;
attribute system_executes_vendor_violators; attribute system_executes_vendor_violators;
expandattribute system_executes_vendor_violators false; expandattribute system_executes_vendor_violators false;
# All system domains which violate the requirement of not writing vendor
# properties.
# TODO(b/78598545): Remove this once there are no violations
attribute system_writes_vendor_properties_violators;
expandattribute system_writes_vendor_properties_violators false;
# hwservices that are accessible from untrusted applications # hwservices that are accessible from untrusted applications
# WARNING: Use of this attribute should be avoided unless # WARNING: Use of this attribute should be avoided unless
# absolutely necessary. It is a temporary allowance to aid the # absolutely necessary. It is a temporary allowance to aid the
......
...@@ -279,3 +279,96 @@ compatible_property_only(` ...@@ -279,3 +279,96 @@ compatible_property_only(`
wifi_prop wifi_prop
}:file no_rw_file_perms; }:file no_rw_file_perms;
') ')
compatible_property_only(`
# Neverallow coredomain to set vendor properties
neverallow {
coredomain
-init
-system_writes_vendor_properties_violators
} {
property_type
-audio_prop
-bluetooth_a2dp_offload_prop
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
-config_prop
-cppreopt_prop
-ctl_bootanim_prop
-ctl_bugreport_prop
-ctl_console_prop
-ctl_default_prop
-ctl_dumpstate_prop
-ctl_fuse_prop
-ctl_mdnsd_prop
-ctl_rildaemon_prop
-dalvik_prop
-debug_prop
-debuggerd_prop
-default_prop
-device_logging_prop
-dhcp_prop
-dumpstate_options_prop
-dumpstate_prop
-exported2_config_prop
-exported2_default_prop
-exported2_radio_prop
-exported2_system_prop
-exported2_vold_prop
-exported3_default_prop
-exported3_radio_prop
-exported3_system_prop
-exported_bluetooth_prop
-exported_config_prop
-exported_dalvik_prop
-exported_default_prop
-exported_dumpstate_prop
-exported_ffs_prop
-exported_fingerprint_prop
-exported_overlay_prop
-exported_pm_prop
-exported_radio_prop
-exported_secure_prop
-exported_system_prop
-exported_system_radio_prop
-exported_vold_prop
-exported_wifi_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
-hwservicemanager_prop
-last_boot_reason_prop
-log_prop
-log_tag_prop
-logd_prop
-logpersistd_logging_prop
-lowpan_prop
-mmc_prop
-net_dns_prop
-net_radio_prop
-netd_stable_secret_prop
-nfc_prop
-overlay_prop
-pan_result_prop
-persist_debug_prop
-persistent_properties_ready_prop
-pm_prop
-powerctl_prop
-radio_prop
-restorecon_prop
-safemode_prop
-serialno_prop
-shell_prop
-system_boot_reason_prop
-system_prop
-system_radio_prop
-test_boot_reason_prop
-traced_enabled_prop
-vendor_default_prop
-vendor_security_patch_level_prop
-vold_prop
-wifi_log_prop
-wifi_prop
}:property_service set;
')
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment