Merge "Revert^2 "Make default_prop only readable from coredomain""
diff --git a/private/coredomain.te b/private/coredomain.te
index 4e3d6fd..516b49c 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -24,6 +24,9 @@
get_prop(coredomain, vts_status_prop)
get_prop(coredomain, zygote_wrap_prop)
+# TODO(b/170590987): remove this after cleaning up default_prop
+get_prop(coredomain, default_prop)
+
full_treble_only(`
neverallow {
coredomain
diff --git a/private/property.te b/private/property.te
index c949a72..0885b91 100644
--- a/private/property.te
+++ b/private/property.te
@@ -87,7 +87,6 @@
-dalvik_prop
-debuggerd_prop
-debug_prop
- -default_prop
-dhcp_prop
-dumpstate_prop
-fingerprint_prop
@@ -547,6 +546,10 @@
-appdomain
} sqlite_log_prop:file no_rw_file_perms;
+neverallow {
+ -init
+} default_prop:property_service set;
+
# Only one of system_property_type and vendor_property_type can be assigned.
# Property types having both attributes won't be accessible from anywhere.
neverallow domain system_and_vendor_property_type:{file property_service} *;
diff --git a/public/domain.te b/public/domain.te
index 3801631..a530267 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -551,12 +551,10 @@
# Require that domains explicitly label unknown properties, and do not allow
# anyone but init to modify unknown properties.
-neverallow { domain -init -vendor_init } default_prop:property_service set;
neverallow { domain -init -vendor_init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } vndk_prop:property_service set;
compatible_property_only(`
- neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
neverallow { domain -init } exported_secure_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index 32c5c46..151983f 100644
--- a/public/property.te
+++ b/public/property.te
@@ -94,7 +94,6 @@
system_restricted_prop(cppreopt_prop)
system_restricted_prop(dalvik_prop)
system_restricted_prop(debuggerd_prop)
- system_restricted_prop(default_prop)
system_restricted_prop(device_logging_prop)
system_restricted_prop(dhcp_prop)
system_restricted_prop(dumpstate_prop)
@@ -203,6 +202,9 @@
system_public_prop(wifi_prop)
system_public_prop(zram_control_prop)
+# Properties which don't have entries on property_contexts
+system_internal_prop(default_prop)
+
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
@@ -251,7 +253,6 @@
system_public_prop(cppreopt_prop)
system_public_prop(dalvik_prop)
system_public_prop(debuggerd_prop)
- system_public_prop(default_prop)
system_public_prop(device_logging_prop)
system_public_prop(dhcp_prop)
system_public_prop(dumpstate_prop)
@@ -296,7 +297,6 @@
typeattribute dalvik_prop core_property_type;
typeattribute debuggerd_prop core_property_type;
typeattribute debug_prop core_property_type;
-typeattribute default_prop core_property_type;
typeattribute dhcp_prop core_property_type;
typeattribute dumpstate_prop core_property_type;
typeattribute logd_prop core_property_type;