Revert "Make default_prop only readable from coredomain"
This reverts commit 082ced1951ed27dd480eeef7c6108b755a9bf5af.
Reason for revert: b/176784961
Change-Id: Ia85667216d63084e9e23aefe1d3bfd7942d51a2a
diff --git a/private/coredomain.te b/private/coredomain.te
index ceda5f2..fe3e1ae 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -24,9 +24,6 @@
get_prop(coredomain, vts_status_prop)
get_prop(coredomain, zygote_wrap_prop)
-# TODO(b/170590987): remove this after cleaning up default_prop
-get_prop(coredomain, default_prop)
-
full_treble_only(`
neverallow {
coredomain
diff --git a/private/property.te b/private/property.te
index 7ebfb02..1163a3c 100644
--- a/private/property.te
+++ b/private/property.te
@@ -87,6 +87,7 @@
-dalvik_prop
-debuggerd_prop
-debug_prop
+ -default_prop
-dhcp_prop
-dumpstate_prop
-fingerprint_prop
@@ -537,10 +538,6 @@
-appdomain
} sqlite_log_prop:file no_rw_file_perms;
-neverallow {
- -init
-} default_prop:property_service set;
-
# Only one of system_property_type and vendor_property_type can be assigned.
# Property types having both attributes won't be accessible from anywhere.
neverallow domain system_and_vendor_property_type:{file property_service} *;
diff --git a/public/domain.te b/public/domain.te
index 108b05d..d4274e1 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -549,10 +549,12 @@
# Require that domains explicitly label unknown properties, and do not allow
# anyone but init to modify unknown properties.
+neverallow { domain -init -vendor_init } default_prop:property_service set;
neverallow { domain -init -vendor_init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } vndk_prop:property_service set;
compatible_property_only(`
+ neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
neverallow { domain -init } exported_secure_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index c949cd7..4afc2a0 100644
--- a/public/property.te
+++ b/public/property.te
@@ -93,6 +93,7 @@
system_restricted_prop(cppreopt_prop)
system_restricted_prop(dalvik_prop)
system_restricted_prop(debuggerd_prop)
+ system_restricted_prop(default_prop)
system_restricted_prop(device_logging_prop)
system_restricted_prop(dhcp_prop)
system_restricted_prop(dumpstate_prop)
@@ -201,9 +202,6 @@
system_public_prop(wifi_prop)
system_public_prop(zram_control_prop)
-# Properties which don't have entries on property_contexts
-system_internal_prop(default_prop)
-
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
@@ -252,6 +250,7 @@
system_public_prop(cppreopt_prop)
system_public_prop(dalvik_prop)
system_public_prop(debuggerd_prop)
+ system_public_prop(default_prop)
system_public_prop(device_logging_prop)
system_public_prop(dhcp_prop)
system_public_prop(dumpstate_prop)
@@ -296,6 +295,7 @@
typeattribute dalvik_prop core_property_type;
typeattribute debuggerd_prop core_property_type;
typeattribute debug_prop core_property_type;
+typeattribute default_prop core_property_type;
typeattribute dhcp_prop core_property_type;
typeattribute dumpstate_prop core_property_type;
typeattribute logd_prop core_property_type;