From da17402c8d17a0a9af3e3d2c92690da87f0ac00e Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 13 Dec 2016 15:59:33 -0800
Subject: [PATCH] Do not allow new additions to core_property_type
core_property_type is an attribute which was given to all existing
properties known to core SELinux policy. Any property with this label is
readable to all SELinux domains, which is overly broad. The long term
goal is to remove the core_property_type attribute entirely.
Add a neverallow rule prohibiting the introduction of new properties
with the core_property_type attribute. Device specific properties, or
new properties in core SELinux policy, should not have this attribute.
(cherry picked from commit d310df20bdc6599d326806859fa8b7bdd31a4358)
Test: policy compiles
Bug: 33620117
Change-Id: I61d18c126bca722002f41a5cc4728318878f46c6
---
public/property.te | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/public/property.te b/public/property.te
index e4b8d6e43..e64ebcd2a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -43,3 +43,42 @@ type wifi_log_prop, property_type, log_property_type;
type wifi_prop, property_type;
allow property_type tmpfs:filesystem associate;
+
+###
+### Neverallow rules
+###
+
+# core_property_type should not be used for new properties or
+# device specific properties. Properties with this attribute
+# are readable to everyone, which is overly broad and should
+# be avoided.
+# New properties should have appropriate read / write access
+# control rules written.
+
+neverallow * {
+ core_property_type
+ -audio_prop
+ -bluetooth_prop
+ -config_prop
+ -cppreopt_prop
+ -dalvik_prop
+ -debuggerd_prop
+ -debug_prop
+ -default_prop
+ -dhcp_prop
+ -dumpstate_prop
+ -ffs_prop
+ -fingerprint_prop
+ -logd_prop
+ -net_radio_prop
+ -nfc_prop
+ -pan_result_prop
+ -persist_debug_prop
+ -powerctl_prop
+ -radio_prop
+ -restorecon_prop
+ -shell_prop
+ -system_prop
+ -system_radio_prop
+ -vold_prop
+}:file no_rw_file_perms;
--
GitLab