Add neverallow rules to restrict reading radio_prop This CL will allow only specific components to read radio_prop. Bug: 72459527 Test: tested with walleye Change-Id: I6b6c90870987de976187ff675005c5d964b48cda

commit: 52059055688ddd4d697ef9f59eea9c388ef7a1d0 [log] [tgz]
author: Jaekyun Seok <jaekyun@google.com> Tue Jan 30 11:18:47 2018 +0900
committer: Jaekyun Seok <jaekyun@google.com> Wed Jan 31 13:23:08 2018 +0900
tree: b218064070bc4ecf160c5a1176b7f414ae62d22b
parent: 6a60cb3e69241da4274aaa535acc770edf3cc136 [diff]
diff --git a/public/property.te b/public/property.te
index f5ca4d8..5c34264 100644
--- a/public/property.te
+++ b/public/property.te

@@ -183,10 +183,19 @@
     exported3_default_prop
     exported3_system_prop
     -debug_prop
-    -fingerprint_prop
     -logd_prop
     -nfc_prop
     -powerctl_prop
     -radio_prop
   }:file no_rw_file_perms;
+
+  neverallow {
+    domain
+    -coredomain
+    -appdomain
+    -rild
+    -vendor_init
+  } {
+    radio_prop
+  }:file no_rw_file_perms;
 ')
commit	52059055688ddd4d697ef9f59eea9c388ef7a1d0	[log] [tgz]
author	Jaekyun Seok <jaekyun@google.com>	Tue Jan 30 11:18:47 2018 +0900
committer	Jaekyun Seok <jaekyun@google.com>	Wed Jan 31 13:23:08 2018 +0900
tree	b218064070bc4ecf160c5a1176b7f414ae62d22b
parent	6a60cb3e69241da4274aaa535acc770edf3cc136 [diff]