Remove exported2_default_prop
This cleans up remaining exported2_default_prop. Three properties are
changed.
- ro.arch
It becomes build_prop.
- hal.instrumentation.enable
It becomes hal_instrumentation_prop.
- ro.property_service.version
It becomes property_service_version_prop.
Bug: 155844385
Test: selinux denial test on Pixel devices
Change-Id: I7ee0bd8c522cc09ee82ef89e6a13bbbf65291291
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index c26b2ed..f4c2ae1 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -97,6 +97,7 @@
hal_confirmationui_hwservice
hal_evs_hwservice
hal_health_storage_hwservice
+ hal_instrumentation_prop
hal_lowpan_hwservice
hal_secure_element_hwservice
hal_usb_gadget_hwservice
@@ -149,6 +150,7 @@
perfetto_tmpfs
perfetto_traces_data_file
property_info
+ property_service_version_prop
provisioned_prop
recovery_config_prop
recovery_socket
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 7f96179..7aea10f 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -8,6 +8,7 @@
(type exported_vold_prop)
(type exported_wifi_prop)
(type exported2_config_prop)
+(type exported2_default_prop)
(type exported2_radio_prop)
(type exported2_vold_prop)
(type exported3_default_prop)
@@ -1350,8 +1351,10 @@
aac_drc_prop
bootloader_prop
build_prop
+ hal_instrumentation_prop
init_service_status_prop
- libc_debug_prop))
+ libc_debug_prop
+ property_service_version_prop))
(typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
(typeattributeset exported2_system_prop_30_0
( exported2_system_prop
diff --git a/private/init.te b/private/init.te
index 453e8a4..1f7ce25 100644
--- a/private/init.te
+++ b/private/init.te
@@ -66,3 +66,9 @@
# Only init can write normal ro.boot. properties
neverallow { -init } bootloader_prop:property_service set;
+
+# Only init can write hal.instrumentation.enable
+neverallow { -init } hal_instrumentation_prop:property_service set;
+
+# Only init can write ro.property_service.version
+neverallow { -init } property_service_version_prop:property_service set;
diff --git a/private/property.te b/private/property.te
index 566c7f1..cabd06b 100644
--- a/private/property.te
+++ b/private/property.te
@@ -140,7 +140,6 @@
exported_default_prop
exported_dumpstate_prop
exported_system_prop
- exported2_default_prop
exported2_system_prop
exported3_system_prop
usb_control_prop
diff --git a/private/property_contexts b/private/property_contexts
index db18b2f..157750c 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -514,7 +514,7 @@
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
-hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+hal.instrumentation.enable u:object_r:hal_instrumentation_prop:s0 exact bool
# default contexts only accessible by coredomain
init.svc. u:object_r:init_service_status_private_prop:s0 prefix string
@@ -539,7 +539,7 @@
persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
-ro.arch u:object_r:exported2_default_prop:s0 exact string
+ro.arch u:object_r:build_prop:s0 exact string
# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned.
ro.boot. u:object_r:bootloader_prop:s0
@@ -647,7 +647,7 @@
ro.crypto.state u:object_r:vold_status_prop:s0 exact enum encrypted unencrypted unsupported
ro.crypto.type u:object_r:vold_status_prop:s0 exact enum block file none
-ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
+ro.property_service.version u:object_r:property_service_version_prop:s0 exact int
ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool