Merge "Add attributes for exported properties"
diff --git a/public/attributes b/public/attributes
index afd303f..da4cd3f 100644
--- a/public/attributes
+++ b/public/attributes
@@ -86,6 +86,41 @@
# These properties are not accessible from device-specific domains
attribute extended_core_property_type;
+# Properties used for representing ownership. All properties should have one
+# of: system_property_type, product_property_type, or vendor_property_type.
+
+# All properties defined by /system.
+attribute system_property_type;
+
+# All /system-defined properties used only in /system.
+attribute system_internal_property_type;
+
+# All /system-defined properties which can't be written outside /system.
+attribute system_restricted_property_type;
+
+# All /system-defined properties with no restrictions.
+attribute system_public_property_type;
+
+# All properties defined by /product.
+# Currently there are no enforcements between /system and /product, so for now
+# /product attributes are just replaced to /system attributes.
+define(`product_property_type', `system_property_type')
+define(`product_internal_type', `system_internal_property_type')
+define(`product_restricted_type', `system_restricted_property_type')
+define(`product_public_type', `system_public_property_type')
+
+# All properties defined by /vendor.
+attribute vendor_property_type;
+
+# All /vendor-defined properties used only in /vendor.
+attribute vendor_internal_property_type;
+
+# All /vendor-defined properties which can't be written outside /vendor.
+attribute vendor_restricted_property_type;
+
+# All /vendor-defined properties with no restrictions.
+attribute vendor_public_property_type;
+
# All service_manager types created by system_server
attribute system_server_service;
diff --git a/public/property.te b/public/property.te
index 4f4adec..10be0ba 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,137 +1,187 @@
-type apexd_prop, property_type;
-type audio_prop, property_type, core_property_type;
-type boottime_prop, property_type;
-type bluetooth_a2dp_offload_prop, property_type;
-type bluetooth_audio_hal_prop, property_type;
-type bluetooth_prop, property_type;
-type bpf_progs_loaded_prop, property_type;
-type bootloader_boot_reason_prop, property_type;
-type charger_prop, property_type;
-type cold_boot_done_prop, property_type;
-type config_prop, property_type, core_property_type;
-type cppreopt_prop, property_type, core_property_type;
-type cpu_variant_prop, property_type;
-type ctl_adbd_prop, property_type;
-type ctl_apexd_prop, property_type;
-type ctl_bootanim_prop, property_type;
-type ctl_bugreport_prop, property_type;
-type ctl_console_prop, property_type;
-type ctl_default_prop, property_type;
-type ctl_dumpstate_prop, property_type;
-type ctl_fuse_prop, property_type;
-type ctl_gsid_prop, property_type;
-type ctl_interface_restart_prop, property_type;
-type ctl_interface_start_prop, property_type;
-type ctl_interface_stop_prop, property_type;
-type ctl_mdnsd_prop, property_type;
-type ctl_restart_prop, property_type;
-type ctl_rildaemon_prop, property_type;
-type ctl_sigstop_prop, property_type;
-type ctl_start_prop, property_type;
-type ctl_stop_prop, property_type;
-type dalvik_prop, property_type, core_property_type;
-type debuggerd_prop, property_type, core_property_type;
-type debug_prop, property_type, core_property_type;
-type default_prop, property_type, core_property_type;
-type device_config_activity_manager_native_boot_prop, property_type;
-type device_config_boot_count_prop, property_type;
-type device_config_reset_performed_prop, property_type;
-type device_config_input_native_boot_prop, property_type;
-type device_config_netd_native_prop, property_type;
-type device_config_runtime_native_boot_prop, property_type;
-type device_config_runtime_native_prop, property_type;
-type device_config_media_native_prop, property_type;
-type device_config_sys_traced_prop, property_type;
-type device_logging_prop, property_type;
-type dhcp_prop, property_type, core_property_type;
-type dumpstate_options_prop, property_type;
-type dumpstate_prop, property_type, core_property_type;
-type dynamic_system_prop, property_type;
-type exported_secure_prop, property_type;
-type ffs_prop, property_type, core_property_type;
-type fingerprint_prop, property_type, core_property_type;
-type firstboot_prop, property_type;
-type gsid_prop, property_type;
-type heapprofd_enabled_prop, property_type;
-type heapprofd_prop, property_type;
-type hwservicemanager_prop, property_type;
-type init_svc_debug_prop, property_type;
-type last_boot_reason_prop, property_type;
-type system_lmk_prop, property_type;
-type linker_prop, property_type;
-type llkd_prop, property_type;
-type logd_prop, property_type, core_property_type;
-type logpersistd_logging_prop, property_type;
-type log_prop, property_type, log_property_type;
-type log_tag_prop, property_type, log_property_type;
-type lowpan_prop, property_type;
-type lpdumpd_prop, property_type;
-type mmc_prop, property_type;
-type net_dns_prop, property_type;
-type net_radio_prop, property_type, core_property_type;
-type netd_stable_secret_prop, property_type;
-type nfc_prop, property_type, core_property_type;
-type nnapi_ext_deny_product_prop, property_type;
-type overlay_prop, property_type;
-type pan_result_prop, property_type, core_property_type;
-type persist_debug_prop, property_type, core_property_type;
-type persistent_properties_ready_prop, property_type;
-type pm_prop, property_type;
-type powerctl_prop, property_type, core_property_type;
-type radio_prop, property_type, core_property_type;
-type restorecon_prop, property_type, core_property_type;
-type safemode_prop, property_type;
-type serialno_prop, property_type;
-type shell_prop, property_type, core_property_type;
-type system_boot_reason_prop, property_type;
-type system_prop, property_type, core_property_type;
-type system_radio_prop, property_type, core_property_type;
-type system_trace_prop, property_type;
-type test_boot_reason_prop, property_type;
-type test_harness_prop, property_type;
-type theme_prop, property_type;
-type time_prop, property_type;
-type traced_enabled_prop, property_type;
-type traced_lazy_prop, property_type;
-type use_memfd_prop, property_type;
-type virtual_ab_prop, property_type;
-type vold_prop, property_type, core_property_type;
-type wifi_log_prop, property_type, log_property_type;
-type wifi_prop, property_type;
-type vendor_security_patch_level_prop, property_type;
+# Properties used only in /system
+system_internal_prop(apexd_prop)
+system_internal_prop(bootloader_boot_reason_prop)
+system_internal_prop(boottime_prop)
+system_internal_prop(bpf_progs_loaded_prop)
+system_internal_prop(charger_prop)
+system_internal_prop(cold_boot_done_prop)
+system_internal_prop(ctl_adbd_prop)
+system_internal_prop(ctl_apexd_prop)
+system_internal_prop(ctl_bootanim_prop)
+system_internal_prop(ctl_bugreport_prop)
+system_internal_prop(ctl_console_prop)
+system_internal_prop(ctl_dumpstate_prop)
+system_internal_prop(ctl_fuse_prop)
+system_internal_prop(ctl_gsid_prop)
+system_internal_prop(ctl_interface_restart_prop)
+system_internal_prop(ctl_interface_stop_prop)
+system_internal_prop(ctl_mdnsd_prop)
+system_internal_prop(ctl_restart_prop)
+system_internal_prop(ctl_rildaemon_prop)
+system_internal_prop(ctl_sigstop_prop)
+system_internal_prop(device_config_activity_manager_native_boot_prop)
+system_internal_prop(device_config_boot_count_prop)
+system_internal_prop(device_config_input_native_boot_prop)
+system_internal_prop(device_config_media_native_prop)
+system_internal_prop(device_config_netd_native_prop)
+system_internal_prop(device_config_reset_performed_prop)
+system_internal_prop(device_config_runtime_native_boot_prop)
+system_internal_prop(device_config_runtime_native_prop)
+system_internal_prop(device_config_sys_traced_prop)
+system_internal_prop(dynamic_system_prop)
+system_internal_prop(firstboot_prop)
+system_internal_prop(gsid_prop)
+system_internal_prop(heapprofd_enabled_prop)
+system_internal_prop(init_svc_debug_prop)
+system_internal_prop(last_boot_reason_prop)
+system_internal_prop(llkd_prop)
+system_internal_prop(lpdumpd_prop)
+system_internal_prop(mmc_prop)
+system_internal_prop(net_dns_prop)
+system_internal_prop(netd_stable_secret_prop)
+system_internal_prop(overlay_prop)
+system_internal_prop(persistent_properties_ready_prop)
+system_internal_prop(pm_prop)
+system_internal_prop(safemode_prop)
+system_internal_prop(system_lmk_prop)
+system_internal_prop(system_trace_prop)
+system_internal_prop(test_boot_reason_prop)
+system_internal_prop(time_prop)
+system_internal_prop(traced_enabled_prop)
+system_internal_prop(traced_lazy_prop)
+system_internal_prop(virtual_ab_prop)
-# Properties for whitelisting
-type exported_audio_prop, property_type;
-type exported_bluetooth_prop, property_type;
-type exported_config_prop, property_type;
-type exported_dalvik_prop, property_type;
-type exported_default_prop, property_type;
-type exported_dumpstate_prop, property_type;
-type exported_ffs_prop, property_type;
-type exported_fingerprint_prop, property_type;
-type exported_overlay_prop, property_type;
-type exported_pm_prop, property_type;
-type exported_radio_prop, property_type;
-type exported_system_prop, property_type;
-type exported_system_radio_prop, property_type;
-type exported_vold_prop, property_type;
-type exported_wifi_prop, property_type;
-type exported2_config_prop, property_type;
-type exported2_default_prop, property_type;
-type exported2_radio_prop, property_type;
-type exported2_system_prop, property_type;
-type exported2_vold_prop, property_type;
-type exported3_default_prop, property_type;
-type exported3_radio_prop, property_type;
-type exported3_system_prop, property_type;
+# Properties which can't be written outside system
+system_restricted_prop(config_prop)
+system_restricted_prop(cppreopt_prop)
+system_restricted_prop(dalvik_prop)
+system_restricted_prop(debuggerd_prop)
+system_restricted_prop(default_prop)
+system_restricted_prop(device_logging_prop)
+system_restricted_prop(dhcp_prop)
+system_restricted_prop(dumpstate_prop)
+system_restricted_prop(exported2_default_prop)
+system_restricted_prop(exported3_system_prop)
+system_restricted_prop(exported_dumpstate_prop)
+system_restricted_prop(exported_fingerprint_prop)
+system_restricted_prop(exported_secure_prop)
+system_restricted_prop(exported_vold_prop)
+system_restricted_prop(ffs_prop)
+system_restricted_prop(fingerprint_prop)
+system_restricted_prop(heapprofd_prop)
+system_restricted_prop(linker_prop)
+system_restricted_prop(net_radio_prop)
+system_restricted_prop(nnapi_ext_deny_product_prop)
+system_restricted_prop(pan_result_prop)
+system_restricted_prop(persist_debug_prop)
+system_restricted_prop(restorecon_prop)
+system_restricted_prop(shell_prop)
+system_restricted_prop(system_boot_reason_prop)
+system_restricted_prop(system_radio_prop)
+system_restricted_prop(test_harness_prop)
+system_restricted_prop(theme_prop)
+system_restricted_prop(use_memfd_prop)
+system_restricted_prop(vold_prop)
+
+# Properties with no restrictions
+system_public_prop(audio_prop)
+system_public_prop(bluetooth_a2dp_offload_prop)
+system_public_prop(bluetooth_audio_hal_prop)
+system_public_prop(bluetooth_prop)
+system_public_prop(cpu_variant_prop)
+system_public_prop(ctl_default_prop)
+system_public_prop(ctl_interface_start_prop)
+system_public_prop(ctl_start_prop)
+system_public_prop(ctl_stop_prop)
+system_public_prop(debug_prop)
+system_public_prop(dumpstate_options_prop)
+system_public_prop(exported_system_prop)
+system_public_prop(exported2_config_prop)
+system_public_prop(exported2_radio_prop)
+system_public_prop(exported2_system_prop)
+system_public_prop(exported2_vold_prop)
+system_public_prop(exported3_default_prop)
+system_public_prop(exported3_radio_prop)
+system_public_prop(exported_audio_prop)
+system_public_prop(exported_bluetooth_prop)
+system_public_prop(exported_config_prop)
+system_public_prop(exported_dalvik_prop)
+system_public_prop(exported_default_prop)
+system_public_prop(exported_ffs_prop)
+system_public_prop(exported_overlay_prop)
+system_public_prop(exported_pm_prop)
+system_public_prop(exported_radio_prop)
+system_public_prop(exported_system_radio_prop)
+system_public_prop(exported_wifi_prop)
+system_public_prop(hwservicemanager_prop)
+system_public_prop(logd_prop)
+system_public_prop(logpersistd_logging_prop)
+system_public_prop(log_prop)
+system_public_prop(log_tag_prop)
+system_public_prop(lowpan_prop)
+system_public_prop(nfc_prop)
+system_public_prop(powerctl_prop)
+system_public_prop(radio_prop)
+system_public_prop(serialno_prop)
+system_public_prop(system_prop)
+system_public_prop(vendor_security_patch_level_prop)
+system_public_prop(wifi_log_prop)
+system_public_prop(wifi_prop)
+
type vendor_default_prop, property_type;
+typeattribute log_prop log_property_type;
+typeattribute log_tag_prop log_property_type;
+typeattribute wifi_log_prop log_property_type;
+
allow property_type tmpfs:filesystem associate;
###
### Neverallow rules
###
+compatible_property_only(`
+
+# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
+# neverallow * {
+# property_type
+# -system_property_type
+# -product_property_type
+# -vendor_property_type
+# }:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ -system_restricted_property_type
+ -system_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ -system_public_property_type
+}:property_service set;
+
+neverallow { domain -coredomain } {
+ system_internal_property_type
+}:file no_rw_file_perms;
+
+neverallow coredomain {
+ vendor_property_type
+ -vendor_restricted_property_type
+ -vendor_public_property_type
+}:file no_rw_file_perms;
+
+neverallow coredomain {
+ vendor_property_type
+ -vendor_public_property_type
+}:property_service set;
+
+neverallow coredomain {
+ vendor_internal_property_type
+}:file no_rw_file_perms;
+
+')
+
# There is no need to perform ioctl or advisory locking operations on
# property files. If this neverallow is being triggered, it is
# likely that the policy is using r_file_perms directly instead of
@@ -145,6 +195,30 @@
# New properties should have appropriate read / write access
# control rules written.
+typeattribute audio_prop core_property_type;
+typeattribute config_prop core_property_type;
+typeattribute cppreopt_prop core_property_type;
+typeattribute dalvik_prop core_property_type;
+typeattribute debuggerd_prop core_property_type;
+typeattribute debug_prop core_property_type;
+typeattribute default_prop core_property_type;
+typeattribute dhcp_prop core_property_type;
+typeattribute dumpstate_prop core_property_type;
+typeattribute ffs_prop core_property_type;
+typeattribute fingerprint_prop core_property_type;
+typeattribute logd_prop core_property_type;
+typeattribute net_radio_prop core_property_type;
+typeattribute nfc_prop core_property_type;
+typeattribute pan_result_prop core_property_type;
+typeattribute persist_debug_prop core_property_type;
+typeattribute powerctl_prop core_property_type;
+typeattribute radio_prop core_property_type;
+typeattribute restorecon_prop core_property_type;
+typeattribute shell_prop core_property_type;
+typeattribute system_prop core_property_type;
+typeattribute system_radio_prop core_property_type;
+typeattribute vold_prop core_property_type;
+
neverallow * {
core_property_type
-audio_prop
diff --git a/public/te_macros b/public/te_macros
index 1187320..cb0ebd1 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -723,3 +723,65 @@
allow $1_server dumpstate:fifo_file write;
allow $1_server dumpstate:fd use;
')
+
+###########################################
+# define_prop(name, owner, scope)
+# Define a property with given owner and scope
+#
+define(`define_prop', `
+ type $1, property_type, $2_property_type, $2_$3_property_type;
+')
+
+###########################################
+# system_internal_prop(name)
+# Define a /system-owned property used only in /system
+#
+define(`system_internal_prop', `define_prop($1, system, internal)')
+
+###########################################
+# system_restricted_prop(name)
+# Define a /system-owned property which can't be written outside /system
+#
+define(`system_restricted_prop', `define_prop($1, system, restricted)')
+
+###########################################
+# system_public_prop(name)
+# Define a /system-owned property with no restrictions
+#
+define(`system_public_prop', `define_prop($1, system, public)')
+
+###########################################
+# product_internal_prop(name)
+# Define a /product-owned property used only in /product
+#
+define(`product_internal_prop', `define_prop($1, product, internal)')
+
+###########################################
+# product_restricted_prop(name)
+# Define a /product-owned property which can't be written outside /product
+#
+define(`product_restricted_prop', `define_prop($1, product, restricted)')
+
+###########################################
+# product_public_prop(name)
+# Define a /product-owned property with no restrictions
+#
+define(`product_public_prop', `define_prop($1, product, public)')
+
+###########################################
+# vendor_internal_prop(name)
+# Define a /vendor-owned property used only in /vendor
+#
+define(`vendor_internal_prop', `define_prop($1, vendor, internal)')
+
+###########################################
+# vendor_restricted_prop(name)
+# Define a /vendor-owned property which can't be written outside /vendor
+#
+define(`vendor_restricted_prop', `define_prop($1, vendor, restricted)')
+
+###########################################
+# vendor_public_prop(name)
+# Define a /vendor-owned property with no restrictions
+#
+define(`vendor_public_prop', `define_prop($1, vendor, public)')