Make default_prop only readable from coredomain
default_prop has been readable from coredomain and appdomain. It's too
broad, because default_prop is a context for properties which don't have
matching property_contexts entries.
From now on, only coredomain can read default_prop. It's still broad,
but at least random apps can't read default_prop anymore.
Bug: 170590987
Test: SELinux denial boot test for internal devices
Change-Id: Ieed7e60d7e4448705c70e4f1725b2290e4fbcb4a
diff --git a/private/coredomain.te b/private/coredomain.te
index fe3e1ae..ceda5f2 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -24,6 +24,9 @@
get_prop(coredomain, vts_status_prop)
get_prop(coredomain, zygote_wrap_prop)
+# TODO(b/170590987): remove this after cleaning up default_prop
+get_prop(coredomain, default_prop)
+
full_treble_only(`
neverallow {
coredomain
diff --git a/private/property.te b/private/property.te
index 1163a3c..7ebfb02 100644
--- a/private/property.te
+++ b/private/property.te
@@ -87,7 +87,6 @@
-dalvik_prop
-debuggerd_prop
-debug_prop
- -default_prop
-dhcp_prop
-dumpstate_prop
-fingerprint_prop
@@ -538,6 +537,10 @@
-appdomain
} sqlite_log_prop:file no_rw_file_perms;
+neverallow {
+ -init
+} default_prop:property_service set;
+
# Only one of system_property_type and vendor_property_type can be assigned.
# Property types having both attributes won't be accessible from anywhere.
neverallow domain system_and_vendor_property_type:{file property_service} *;
diff --git a/public/domain.te b/public/domain.te
index d4274e1..108b05d 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -549,12 +549,10 @@
# Require that domains explicitly label unknown properties, and do not allow
# anyone but init to modify unknown properties.
-neverallow { domain -init -vendor_init } default_prop:property_service set;
neverallow { domain -init -vendor_init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } vndk_prop:property_service set;
compatible_property_only(`
- neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
neverallow { domain -init } exported_secure_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index 4afc2a0..c949cd7 100644
--- a/public/property.te
+++ b/public/property.te
@@ -93,7 +93,6 @@
system_restricted_prop(cppreopt_prop)
system_restricted_prop(dalvik_prop)
system_restricted_prop(debuggerd_prop)
- system_restricted_prop(default_prop)
system_restricted_prop(device_logging_prop)
system_restricted_prop(dhcp_prop)
system_restricted_prop(dumpstate_prop)
@@ -202,6 +201,9 @@
system_public_prop(wifi_prop)
system_public_prop(zram_control_prop)
+# Properties which don't have entries on property_contexts
+system_internal_prop(default_prop)
+
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
@@ -250,7 +252,6 @@
system_public_prop(cppreopt_prop)
system_public_prop(dalvik_prop)
system_public_prop(debuggerd_prop)
- system_public_prop(default_prop)
system_public_prop(device_logging_prop)
system_public_prop(dhcp_prop)
system_public_prop(dumpstate_prop)
@@ -295,7 +296,6 @@
typeattribute dalvik_prop core_property_type;
typeattribute debuggerd_prop core_property_type;
typeattribute debug_prop core_property_type;
-typeattribute default_prop core_property_type;
typeattribute dhcp_prop core_property_type;
typeattribute dumpstate_prop core_property_type;
typeattribute logd_prop core_property_type;