Add sepolicy for the Thread Network property This CL adds sepolicy for the system property threadnetwork.country_code. This system property is set by init and be read by the ThreadNetworkService. Bug: b/309357909 Test: Configure the system property in ini.product.rc and check the configured country code via the command `dumpsys thread_network`. Change-Id: I6f067ced24842755f2c5519169ba9a94df17829f

commit: 1d75b43704c4592fce2c150f6e11d83b0814a12b [log] [tgz]
author: Zhanglong Xia <zhanglongxia@google.com> Thu Jan 11 22:59:51 2024 +0800
committer: Zhanglong Xia <zhanglongxia@google.com> Mon Jan 15 11:48:20 2024 +0800
tree: f8635aa5b8edbe34d91ab0daab463460ee94de6d
parent: 582f3b2e34e81f915926ec24a773a63278adbfc2 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index decabe1..6ba7d4a 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1565,3 +1565,14 @@
 # Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
 set_prop(system_server, game_manager_config_prop)
 
+# ThreadNetworkService reads Thread Network properties
+get_prop(system_server, threadnetwork_config_prop)
+
+# Do not allow any domain other than init and system server to set the property
+neverallow {
+  domain
+  -init
+  -vendor_init
+  -dumpstate
+  -system_server
+} threadnetwork_config_prop:file no_rw_file_perms;
commit	1d75b43704c4592fce2c150f6e11d83b0814a12b	[log] [tgz]
author	Zhanglong Xia <zhanglongxia@google.com>	Thu Jan 11 22:59:51 2024 +0800
committer	Zhanglong Xia <zhanglongxia@google.com>	Mon Jan 15 11:48:20 2024 +0800
tree	f8635aa5b8edbe34d91ab0daab463460ee94de6d
parent	582f3b2e34e81f915926ec24a773a63278adbfc2 [diff] [blame]