Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9add20f31e2207a8e37f2ed62b438d2b92a8337d^! / . / private
commit9add20f31e2207a8e37f2ed62b438d2b92a8337d[log] [tgz]
authorInseob Kim <inseob@google.com>Wed May 06 22:20:35 2020 +0900
committerInseob Kim <inseob@google.com>Mon May 11 21:29:26 2020 +0900
treeaa86970db91402472adf9f7008bc032bf67c8fff
parentace36abec5d12c687e1b22cbac683b6d143c76eb [diff]
Move libc.debug. props to libc_debug_prop

Bug: 155844385
Test: sepolicy_tests
Change-Id: I15421ada0c58c3c8d07d824e83cf44f6c4590ca8

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3a1fa58..307cac7 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -98,6 +98,7 @@
     iorapd_service
     iorapd_tmpfs
     last_boot_reason_prop
+    libc_debug_prop
     llkd
     llkd_exec
     llkd_prop

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 5e4ac9c..c53807f 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil

@@ -1337,7 +1337,7 @@
 (typeattributeset ethernet_service_30_0 (ethernet_service))
 (typeattributeset exfat_30_0 (exfat))
 (typeattributeset exported2_config_prop_30_0 (exported2_config_prop systemsound_config_prop))
-(typeattributeset exported2_default_prop_30_0 (exported2_default_prop))
+(typeattributeset exported2_default_prop_30_0 (exported2_default_prop libc_debug_prop))
 (typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
 (typeattributeset exported2_system_prop_30_0
   ( exported2_system_prop

diff --git a/private/property.te b/private/property.te
index d479502..7591b85 100644
--- a/private/property.te
+++ b/private/property.te

@@ -339,3 +339,9 @@
 } {
   surfaceflinger_color_prop
 }:property_service set;
+
+neverallow {
+  -init
+} {
+  libc_debug_prop
+}:property_service set;

diff --git a/private/property_contexts b/private/property_contexts
index 0d26d4d..dcf0a68 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -543,9 +543,9 @@
 init.svc.tombstoned     u:object_r:exported2_default_prop:s0 exact string
 init.svc.zygote         u:object_r:exported2_default_prop:s0 exact string
 
-libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
-libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
-libc.debug.hooks.enable   u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.options u:object_r:libc_debug_prop:s0 exact string
+libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
+libc.debug.hooks.enable   u:object_r:libc_debug_prop:s0 exact string
 
 net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool