Add contexts for exported telephony props
To remove bad context names, two contexts are added.
- telephony_config_prop
- telephony_status_prop
exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.
Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 42b1ef0..9605e34 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -174,6 +174,8 @@
system_lmk_prop
system_update_service
systemsound_config_prop
+ telephony_config_prop
+ telephony_status_prop
test_boot_reason_prop
time_prop
timedetector_service
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index b49c173..8efa6cb 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -4,8 +4,10 @@
(type exported_ffs_prop)
(type exported_fingerprint_prop)
(type exported_system_radio_prop)
+(type exported_radio_prop)
(type exported_vold_prop)
(type exported2_config_prop)
+(type exported2_radio_prop)
(type exported2_vold_prop)
(type ffs_prop)
(type system_radio_prop)
@@ -1360,6 +1362,7 @@
hdmi_config_prop
lmkd_config_prop
media_config_prop
+ telephony_config_prop
zram_config_prop))
(typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop))
(typeattributeset exported3_system_prop_30_0
@@ -1385,7 +1388,7 @@
(typeattributeset exported_fingerprint_prop_30_0 (exported_fingerprint_prop fingerprint_prop))
(typeattributeset exported_overlay_prop_30_0 (exported_overlay_prop))
(typeattributeset exported_pm_prop_30_0 (exported_pm_prop))
-(typeattributeset exported_radio_prop_30_0 (exported_radio_prop))
+(typeattributeset exported_radio_prop_30_0 (exported_radio_prop telephony_status_prop))
(typeattributeset exported_secure_prop_30_0 (exported_secure_prop))
(typeattributeset exported_system_prop_30_0 (exported_system_prop))
(typeattributeset exported_system_radio_prop_30_0
diff --git a/private/coredomain.te b/private/coredomain.te
index d8b278c..065036c 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -10,6 +10,8 @@
get_prop(coredomain, pm_prop)
get_prop(coredomain, surfaceflinger_color_prop)
get_prop(coredomain, systemsound_config_prop)
+get_prop(coredomain, telephony_config_prop)
+
get_prop(coredomain, usb_config_prop)
get_prop(coredomain, usb_control_prop)
get_prop(coredomain, userspace_reboot_config_prop)
diff --git a/private/domain.te b/private/domain.te
index 84184e6..d563267 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -74,7 +74,6 @@
not_compatible_property(`
# DO NOT ADD ANY PROPERTIES HERE
get_prop(domain, core_property_type)
- get_prop(domain, exported2_radio_prop)
get_prop(domain, exported2_system_prop)
get_prop(domain, exported3_default_prop)
get_prop(domain, exported3_radio_prop)
@@ -84,7 +83,6 @@
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
get_prop({coredomain appdomain shell}, core_property_type)
- get_prop({coredomain appdomain shell}, exported2_radio_prop)
get_prop({coredomain appdomain shell}, exported2_system_prop)
get_prop({coredomain appdomain shell}, exported3_default_prop)
get_prop({coredomain appdomain shell}, exported3_radio_prop)
diff --git a/private/property.te b/private/property.te
index ecbfff3..93545b5 100644
--- a/private/property.te
+++ b/private/property.te
@@ -165,7 +165,6 @@
-hal_telephony_server
-vendor_init
} {
- exported_radio_prop
exported3_radio_prop
}:property_service set;
@@ -175,7 +174,6 @@
-appdomain
-hal_telephony_server
} {
- exported2_radio_prop
radio_prop
}:property_service set;
@@ -393,3 +391,10 @@
init_service_status_private_prop
init_service_status_prop
}:property_service set;
+
+neverallow {
+ -init
+ -radio
+ -appdomain
+ -hal_telephony_server
+} telephony_status_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 10f086c..c4b5533 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -250,8 +250,6 @@
# history size.
ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
-persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool
-
af.fast_track_multiplier u:object_r:audio_config_prop:s0 exact int
ro.af.client_heap_size_kbyte u:object_r:audio_config_prop:s0 exact int
@@ -358,10 +356,6 @@
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
-persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-
persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
persist.sys.hdmi.keep_awake u:object_r:hdmi_config_prop:s0 exact bool
@@ -389,9 +383,6 @@
ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
-ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
-ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
-
ro.config.alarm_alert u:object_r:systemsound_config_prop:s0 exact string
ro.config.alarm_vol_default u:object_r:systemsound_config_prop:s0 exact int
ro.config.alarm_vol_steps u:object_r:systemsound_config_prop:s0 exact int
@@ -462,18 +453,12 @@
ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
-ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
-
ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
-ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
-ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
-ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
-
ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
@@ -506,9 +491,6 @@
sys.usb.ffs.ready u:object_r:ffs_control_prop:s0 exact bool
sys.usb.ffs.mtp.ready u:object_r:ffs_control_prop:s0 exact bool
-telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
-telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int
-
tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int
@@ -685,8 +667,6 @@
aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
-gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
-
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
@@ -770,8 +750,6 @@
ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
-ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
-
ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
ro.vndk.version u:object_r:vndk_prop:s0 exact string
@@ -860,3 +838,19 @@
cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
+
+gsm.sim.operator.numeric u:object_r:telephony_status_prop:s0 exact string
+persist.radio.airplane_mode_on u:object_r:telephony_status_prop:s0 exact bool
+
+ro.com.android.dataroaming u:object_r:telephony_config_prop:s0 exact bool
+ro.com.android.prov_mobiledata u:object_r:telephony_config_prop:s0 exact bool
+ro.radio.noril u:object_r:telephony_config_prop:s0 exact string
+ro.telephony.call_ring.multiple u:object_r:telephony_config_prop:s0 exact bool
+ro.telephony.default_cdma_sub u:object_r:telephony_config_prop:s0 exact int
+ro.telephony.default_network u:object_r:telephony_config_prop:s0 exact string
+ro.telephony.iwlan_operation_mode u:object_r:telephony_config_prop:s0 exact enum default legacy AP-assisted
+telephony.active_modems.max_count u:object_r:telephony_config_prop:s0 exact int
+telephony.lteOnCdmaDevice u:object_r:telephony_config_prop:s0 exact int
+persist.dbg.volte_avail_ovr u:object_r:telephony_config_prop:s0 exact int
+persist.dbg.vt_avail_ovr u:object_r:telephony_config_prop:s0 exact int
+persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int
diff --git a/private/radio.te b/private/radio.te
index db9820d..fad6174 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -6,10 +6,9 @@
# Property service
set_prop(radio, radio_prop)
-set_prop(radio, exported_radio_prop)
-set_prop(radio, exported2_radio_prop)
set_prop(radio, exported3_radio_prop)
set_prop(radio, net_radio_prop)
+set_prop(radio, telephony_status_prop)
# ctl interface
set_prop(radio, ctl_rildaemon_prop)