Fix broken neverallow rules
neverallow rules with allowlist should look like:
neverallow { domain -allow1 -allow2 } ...
Bug: 181744894
Test: m selinux_policy
Test: pcregrep -M -r "neverallow\s+{(\s*#.*\s*)*\s+-" .
Change-Id: Ibab72ccc1fbacb99b62fe127b4122e1ac22b938a
diff --git a/private/charger.te b/private/charger.te
index 693fd3a..8be113f 100644
--- a/private/charger.te
+++ b/private/charger.te
@@ -15,6 +15,7 @@
compatible_property_only(`
neverallow {
+ domain
-init
-dumpstate
-charger
@@ -22,6 +23,7 @@
')
neverallow {
+ domain
-init
-dumpstate
-vendor_init
diff --git a/private/init.te b/private/init.te
index 4e8289a..c652603 100644
--- a/private/init.te
+++ b/private/init.te
@@ -70,19 +70,19 @@
# Only init can write vts.native_server.on
set_prop(init, vts_status_prop)
-neverallow { -init } vts_status_prop:property_service set;
+neverallow { domain -init } vts_status_prop:property_service set;
# Only init can write normal ro.boot. properties
-neverallow { -init } bootloader_prop:property_service set;
+neverallow { domain -init } bootloader_prop:property_service set;
# Only init can write hal.instrumentation.enable
-neverallow { -init } hal_instrumentation_prop:property_service set;
+neverallow { domain -init } hal_instrumentation_prop:property_service set;
# Only init can write ro.property_service.version
-neverallow { -init } property_service_version_prop:property_service set;
+neverallow { domain -init } property_service_version_prop:property_service set;
# Only init can set keystore.boot_level
-neverallow { -init } keystore_listen_prop:property_service set;
+neverallow { domain -init } keystore_listen_prop:property_service set;
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
allow init debugfs_bootreceiver_tracing:file w_file_perms;
diff --git a/private/lmkd.te b/private/lmkd.te
index 1e7bbde..fef3a89 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -8,4 +8,4 @@
# Set lmkd.* properties.
set_prop(lmkd, lmkd_prop)
-neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set;
+neverallow { domain -init -lmkd -vendor_init } lmkd_prop:property_service set;
diff --git a/private/property.te b/private/property.te
index 88f3ec0..f177631 100644
--- a/private/property.te
+++ b/private/property.te
@@ -317,6 +317,7 @@
')
neverallow {
+ domain
-coredomain
-vendor_init
} {
@@ -325,6 +326,7 @@
}:file no_rw_file_perms;
neverallow {
+ domain
-init
-system_server
} {
@@ -333,6 +335,7 @@
neverallow {
# Only allow init and system_server to set system_adbd_prop
+ domain
-init
-system_server
} {
@@ -341,6 +344,7 @@
# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port
neverallow {
+ domain
-init
-vendor_init
-adbd
@@ -351,6 +355,7 @@
neverallow {
# Only allow init and adbd to set adbd_prop
+ domain
-init
-adbd
} {
@@ -359,6 +364,7 @@
neverallow {
# Only allow init and shell to set userspace_reboot_test_prop
+ domain
-init
-shell
} {
@@ -366,6 +372,7 @@
}:property_service set;
neverallow {
+ domain
-init
-system_server
-vendor_init
@@ -374,6 +381,7 @@
}:property_service set;
neverallow {
+ domain
-init
} {
libc_debug_prop
@@ -382,6 +390,7 @@
# Allow the shell to set MTE props, so that non-root users with adb shell
# access can control the settings on their device.
neverallow {
+ domain
-init
-shell
} {
@@ -389,18 +398,21 @@
}:property_service set;
neverallow {
+ domain
-init
-system_server
-vendor_init
} zram_control_prop:property_service set;
neverallow {
+ domain
-init
-system_server
-vendor_init
} dalvik_runtime_prop:property_service set;
neverallow {
+ domain
-coredomain
-vendor_init
} {
@@ -409,6 +421,7 @@
}:property_service set;
neverallow {
+ domain
-init
-system_server
} {
@@ -417,6 +430,7 @@
}:property_service set;
neverallow {
+ domain
-coredomain
-vendor_init
} {
@@ -425,6 +439,7 @@
}:file no_rw_file_perms;
neverallow {
+ domain
-init
} {
init_service_status_private_prop
@@ -432,6 +447,7 @@
}:property_service set;
neverallow {
+ domain
-init
-radio
-appdomain
@@ -440,6 +456,7 @@
} telephony_status_prop:property_service set;
neverallow {
+ domain
-init
-vendor_init
} {
@@ -447,6 +464,7 @@
}:property_service set;
neverallow {
+ domain
-init
-surfaceflinger
} {
@@ -454,23 +472,27 @@
}:property_service set;
neverallow {
+ domain
-coredomain
-appdomain
-vendor_init
} packagemanager_config_prop:file no_rw_file_perms;
neverallow {
+ domain
-coredomain
-vendor_init
} keyguard_config_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
} {
localization_prop
}:property_service set;
neverallow {
+ domain
-init
-vendor_init
-dumpstate
@@ -478,11 +500,13 @@
} oem_unlock_prop:file no_rw_file_perms;
neverallow {
+ domain
-coredomain
-vendor_init
} storagemanager_config_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
-vendor_init
-dumpstate
@@ -490,6 +514,7 @@
} sendbug_config_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
-vendor_init
-dumpstate
@@ -497,6 +522,7 @@
} camera_calibration_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
-dumpstate
-hal_dumpstate_server
@@ -504,6 +530,7 @@
} hal_dumpstate_config_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
userdebug_or_eng(`-traced_probes')
userdebug_or_eng(`-traced_perf')
@@ -513,6 +540,7 @@
# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
neverallow {
+ domain
-init
-dumpstate
-system_app
@@ -521,36 +549,43 @@
} keystore2_enable_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
} zygote_wrap_prop:property_service set;
neverallow {
+ domain
-init
} verity_status_prop:property_service set;
neverallow {
+ domain
-init
} setupwizard_prop:property_service set;
# ro.product.property_source_order is useless after initialization of ro.product.* props.
# So making it accessible only from init and vendor_init.
neverallow {
+ domain
-init
-dumpstate
-vendor_init
} build_config_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
-shell
} sqlite_log_prop:property_service set;
neverallow {
+ domain
-coredomain
-appdomain
} sqlite_log_prop:file no_rw_file_perms;
neverallow {
+ domain
-init
} default_prop:property_service set;
@@ -560,6 +595,7 @@
neverallow {
# Only allow init and shell to set rollback_test_prop
+ domain
-init
-shell
} rollback_test_prop:property_service set;
diff --git a/private/system_server.te b/private/system_server.te
index 05a6e48..e84c6ee 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1324,6 +1324,7 @@
neverallow { domain -init -system_server } boot_status_prop:property_service set;
neverallow {
+ domain
-init
-vendor_init
-dumpstate
diff --git a/private/tombstoned.te b/private/tombstoned.te
index ca9a0aa..b6dfd1e 100644
--- a/private/tombstoned.te
+++ b/private/tombstoned.te
@@ -5,6 +5,7 @@
get_prop(tombstoned, tombstone_config_prop)
neverallow {
+ domain
-init
-vendor_init
-dumpstate
diff --git a/public/system_server.te b/public/system_server.te
index 09421cc..edefadf 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -10,6 +10,7 @@
set_prop(system_server, power_debug_prop)
neverallow {
+ domain
-init
-vendor_init
-system_server