misctrl: add a property misctrl can set properties which can be injected into bugreports. Limit visibility of these properties so that no device code can branch based off these properties. Bug: 317262681 Test: bugreport Change-Id: I74f6f240b08b2681540bca262dcc76bcdca9cdad

commit: 9f41fc081fd282948ba2257bf025803f5868b8c0 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Fri Feb 16 22:38:26 2024 +0000
committer: Steven Moreland <smoreland@google.com> Wed Feb 21 18:16:49 2024 +0000
tree: 9cb4e6bf5ddbd24a0f563357bbe44d300b94ee95
parent: b4f42d449b803df11b9f62e9968fce25096ecd5b [diff] [blame]
diff --git a/private/property.te b/private/property.te
index d21df55..2d030ab 100644
--- a/private/property.te
+++ b/private/property.te

@@ -35,6 +35,7 @@
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(next_boot_prop)
 system_internal_prop(odsign_prop)
+system_internal_prop(misctrl_prop)
 system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
 system_internal_prop(profcollectd_node_id_prop)
@@ -185,6 +186,21 @@
   userdebug_or_eng(`-su')
 } init_svc_debug_prop:file no_rw_file_perms;
 
+# DO NOT ADD: compat risk
+neverallow {
+  domain
+  -init
+  -dumpstate
+  -misctrl
+  userdebug_or_eng(`-su')
+} misctrl_prop:file no_rw_file_perms;
+neverallow {
+  domain
+  -init
+  -misctrl
+  userdebug_or_eng(`-su')
+} misctrl_prop:property_service set;
+
 compatible_property_only(`
 # Prevent properties from being set
   neverallow {
commit	9f41fc081fd282948ba2257bf025803f5868b8c0	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Fri Feb 16 22:38:26 2024 +0000
committer	Steven Moreland <smoreland@google.com>	Wed Feb 21 18:16:49 2024 +0000
tree	9cb4e6bf5ddbd24a0f563357bbe44d300b94ee95
parent	b4f42d449b803df11b9f62e9968fce25096ecd5b [diff] [blame]