Merge "Label kprobes and restrict access"
diff --git a/mac_permissions.mk b/mac_permissions.mk
index 3bcff95..3cc0151 100644
--- a/mac_permissions.mk
+++ b/mac_permissions.mk
@@ -122,7 +122,8 @@
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(all_vendor_mac_perms_files)
@mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
+ $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
+ $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
vendor_mac_perms_keys.tmp :=
all_vendor_mac_perms_files :=
diff --git a/prebuilts/api/29.0/private/system_server.te b/prebuilts/api/29.0/private/system_server.te
index 51cbd28..73891c9 100644
--- a/prebuilts/api/29.0/private/system_server.te
+++ b/prebuilts/api/29.0/private/system_server.te
@@ -847,6 +847,7 @@
r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
+ proc_cmdline
proc_loadavg
proc_meminfo
proc_pagetypeinfo
diff --git a/prebuilts/api/29.0/public/adbd.te b/prebuilts/api/29.0/public/adbd.te
index 68a176c..4a1f633 100644
--- a/prebuilts/api/29.0/public/adbd.te
+++ b/prebuilts/api/29.0/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index 3090490..5c6b31f 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -11,11 +11,13 @@
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -33,6 +35,7 @@
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -404,3 +407,4 @@
ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
diff --git a/prebuilts/api/29.0/public/vendor_misc_writer.te b/prebuilts/api/29.0/public/vendor_misc_writer.te
index 7093fec..dee9941 100644
--- a/prebuilts/api/29.0/public/vendor_misc_writer.te
+++ b/prebuilts/api/29.0/public/vendor_misc_writer.te
@@ -6,6 +6,8 @@
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
allow vendor_misc_writer block_device:dir r_dir_perms;
-# Silence the denial when calling libfstab's ReadDefaultFstab.
+# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to
+# load DT fstab.
dontaudit vendor_misc_writer proc_cmdline:file read;
dontaudit vendor_misc_writer metadata_file:dir search;
+dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search;
diff --git a/prebuilts/api/30.0/private/adbd.te b/prebuilts/api/30.0/private/adbd.te
index cd3d8f3..89fa1f9 100644
--- a/prebuilts/api/30.0/private/adbd.te
+++ b/prebuilts/api/30.0/private/adbd.te
@@ -90,9 +90,6 @@
# Set service.adb.tls.port, persist.adb.wifi. properties
set_prop(adbd, adbd_prop)
-# Allow adbd start/stop mdnsd via ctl.start
-set_prop(adbd, ctl_mdnsd_prop)
-
# Access device logging gating property
get_prop(adbd, device_logging_prop)
@@ -183,11 +180,6 @@
allow adbd rootfs:dir r_dir_perms;
-# Allow killing child "perfetto" binary processes, which auto-transition to
-# their own domain. Allows propagating termination of "adb shell perfetto ..."
-# invocations.
-allow adbd perfetto:process signal;
-
# Allow to pull Perfetto traces.
allow adbd perfetto_traces_data_file:file r_file_perms;
allow adbd perfetto_traces_data_file:dir r_dir_perms;
diff --git a/prebuilts/api/30.0/private/apexd.te b/prebuilts/api/30.0/private/apexd.te
index c03790c..9e702dd 100644
--- a/prebuilts/api/30.0/private/apexd.te
+++ b/prebuilts/api/30.0/private/apexd.te
@@ -155,7 +155,3 @@
neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms;
-
-# only apexd can set apexd sysprop
-set_prop(apexd, apexd_prop)
-neverallow { domain -apexd -init } apexd_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te
index a03bcb0..9882d8f 100644
--- a/prebuilts/api/30.0/private/app.te
+++ b/prebuilts/api/30.0/private/app.te
@@ -35,3 +35,9 @@
{ domain -appdomain -crash_dump -rs }:process { transition };
neverallow { appdomain -shell userdebug_or_eng(`-su') }
{ domain -appdomain }:process { dyntransition };
+
+# Don't allow regular apps access to storage configuration properties.
+neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)
diff --git a/prebuilts/api/30.0/private/app_neverallows.te b/prebuilts/api/30.0/private/app_neverallows.te
index 66e9f69..1157187 100644
--- a/prebuilts/api/30.0/private/app_neverallows.te
+++ b/prebuilts/api/30.0/private/app_neverallows.te
@@ -257,3 +257,6 @@
-untrusted_app_25
-untrusted_app_27
} mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/asan_extract.te b/prebuilts/api/30.0/private/asan_extract.te
index 69bcd50..1c20d78 100644
--- a/prebuilts/api/30.0/private/asan_extract.te
+++ b/prebuilts/api/30.0/private/asan_extract.te
@@ -3,9 +3,6 @@
# Technically not a daemon but we do want the transition from init domain to
# asan_extract to occur.
with_asan(`
- typeattribute asan_extract coredomain;
- init_daemon_domain(asan_extract)
-
- # We need to signal a reboot when done.
- set_prop(asan_extract, powerctl_prop)
+typeattribute asan_extract coredomain;
+init_daemon_domain(asan_extract)
')
diff --git a/prebuilts/api/30.0/private/blank_screen.te b/prebuilts/api/30.0/private/blank_screen.te
index 20d50cc..51310d1 100644
--- a/prebuilts/api/30.0/private/blank_screen.te
+++ b/prebuilts/api/30.0/private/blank_screen.te
@@ -3,5 +3,4 @@
init_daemon_domain(blank_screen)
-# hal_light_client has access to hal_light_server
hal_client_domain(blank_screen, hal_light)
diff --git a/prebuilts/api/30.0/private/bootanim.te b/prebuilts/api/30.0/private/bootanim.te
index 41c9179..4740560 100644
--- a/prebuilts/api/30.0/private/bootanim.te
+++ b/prebuilts/api/30.0/private/bootanim.te
@@ -7,6 +7,3 @@
# Bootanim should not be reading default vendor-defined properties.
dontaudit bootanim vendor_default_prop:file read;
-
-# Read ro.boot.bootreason b/30654343
-get_prop(bootanim, bootloader_boot_reason_prop)
diff --git a/prebuilts/api/30.0/private/bootstat.te b/prebuilts/api/30.0/private/bootstat.te
index 016292e..806144c 100644
--- a/prebuilts/api/30.0/private/bootstat.te
+++ b/prebuilts/api/30.0/private/bootstat.te
@@ -1,34 +1,3 @@
typeattribute bootstat coredomain;
init_daemon_domain(bootstat)
-
-# Collect metrics on boot time created by init
-get_prop(bootstat, boottime_prop)
-
-# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
-set_prop(bootstat, bootloader_boot_reason_prop)
-set_prop(bootstat, system_boot_reason_prop)
-set_prop(bootstat, last_boot_reason_prop)
-
-neverallow {
- domain
- -bootanim
- -bootstat
- -dumpstate
- userdebug_or_eng(`-incidentd')
- -init
- -recovery
- -shell
- -system_server
-} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
-# ... and refine, as these components should not set the last boot reason
-neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
-
-neverallow {
- domain
- -bootstat
- -init
- -system_server
-} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
-# ... and refine ... for a ro propertly no less ... keep this _tight_
-neverallow system_server bootloader_boot_reason_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/bug_map b/prebuilts/api/30.0/private/bug_map
index eaa1593..60c2f15 100644
--- a/prebuilts/api/30.0/private/bug_map
+++ b/prebuilts/api/30.0/private/bug_map
@@ -23,13 +23,11 @@
netd untrusted_app unix_stream_socket b/77870037
netd untrusted_app_25 unix_stream_socket b/77870037
netd untrusted_app_27 unix_stream_socket b/77870037
-netd untrusted_app_29 unix_stream_socket b/77870037
platform_app nfc_data_file dir b/74331887
system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826
system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
-untrusted_app untrusted_app netlink_route_socket b/155595000
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
diff --git a/prebuilts/api/30.0/private/charger.te b/prebuilts/api/30.0/private/charger.te
index 13d1b14..65109de 100644
--- a/prebuilts/api/30.0/private/charger.te
+++ b/prebuilts/api/30.0/private/charger.te
@@ -1,10 +1 @@
typeattribute charger coredomain;
-
-# charger needs to tell init to continue the boot
-# process when running in charger mode.
-set_prop(charger, system_prop)
-set_prop(charger, exported_system_prop)
-set_prop(charger, exported2_system_prop)
-set_prop(charger, exported3_system_prop)
-
-get_prop(charger, charger_prop)
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
index f84e922..f69037c 100644
--- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
@@ -43,9 +43,12 @@
device_config_configuration_prop
emergency_affordance_service
exported_camera_prop
+ fastbootd_protocol_prop
file_integrity_service
fwk_automotive_display_hwservice
+ fusectlfs
gmscore_app
+ graphics_config_prop
hal_can_bus_hwservice
hal_can_controller_hwservice
hal_identity_service
@@ -55,6 +58,7 @@
hal_tv_tuner_hwservice
hal_vibrator_service
incremental_control_file
+ incremental_prop
incremental_service
init_perf_lsm_hooks_prop
init_svc_debug_prop
@@ -73,6 +77,7 @@
mirror_data_file
light_service
linkerconfig_file
+ lmkd_prop
media_variant_prop
metadata_bootstat_file
mnt_pass_through_file
diff --git a/prebuilts/api/30.0/private/dhcp.te b/prebuilts/api/30.0/private/dhcp.te
index 8ec9111..b2f8ac7 100644
--- a/prebuilts/api/30.0/private/dhcp.te
+++ b/prebuilts/api/30.0/private/dhcp.te
@@ -2,6 +2,3 @@
init_daemon_domain(dhcp)
type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
-
-set_prop(dhcp, dhcp_prop)
-set_prop(dhcp, pan_result_prop)
diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te
index 9d5a63f..1a8ce50 100644
--- a/prebuilts/api/30.0/private/domain.te
+++ b/prebuilts/api/30.0/private/domain.te
@@ -73,10 +73,13 @@
# Device specific properties are not granted by default
not_compatible_property(`
get_prop(domain, core_property_type)
+ get_prop(domain, exported_dalvik_prop)
get_prop(domain, exported_ffs_prop)
get_prop(domain, exported_system_radio_prop)
+ get_prop(domain, exported2_config_prop)
get_prop(domain, exported2_radio_prop)
get_prop(domain, exported2_system_prop)
+ get_prop(domain, exported2_vold_prop)
get_prop(domain, exported3_default_prop)
get_prop(domain, exported3_radio_prop)
get_prop(domain, exported3_system_prop)
@@ -84,10 +87,13 @@
')
compatible_property_only(`
get_prop({coredomain appdomain shell}, core_property_type)
+ get_prop({coredomain appdomain shell}, exported_dalvik_prop)
get_prop({coredomain appdomain shell}, exported_ffs_prop)
get_prop({coredomain appdomain shell}, exported_system_radio_prop)
+ get_prop({coredomain appdomain shell}, exported2_config_prop)
get_prop({coredomain appdomain shell}, exported2_radio_prop)
get_prop({coredomain appdomain shell}, exported2_system_prop)
+ get_prop({coredomain appdomain shell}, exported2_vold_prop)
get_prop({coredomain appdomain shell}, exported3_default_prop)
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
@@ -203,7 +209,7 @@
# do not change between system_server staging the files and apexd processing
# the files.
neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file:dir *;
-neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename } staging_data_file:file *;
+neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *;
neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
# except for `link` and `unlink`.
@@ -363,10 +369,3 @@
# This property is being removed. Remove remaining access.
neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set;
neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read;
-
-# Only core domains are allowed to access package_manager properties
-neverallow { domain -init -system_server } pm_prop:property_service set;
-neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
-
-# Do not allow reading the last boot timestamp from system properties
-neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
diff --git a/prebuilts/api/30.0/private/dumpstate.te b/prebuilts/api/30.0/private/dumpstate.te
index 0eff540..72e508e 100644
--- a/prebuilts/api/30.0/private/dumpstate.te
+++ b/prebuilts/api/30.0/private/dumpstate.te
@@ -50,17 +50,6 @@
# For comminucating with the system process to do confirmation ui.
binder_call(dumpstate, incidentcompanion_service)
-# Set properties.
-# dumpstate_prop is used to share state with the Shell app.
-set_prop(dumpstate, dumpstate_prop)
-set_prop(dumpstate, exported_dumpstate_prop)
-
-# dumpstate_options_prop is used to pass extra command-line args.
-set_prop(dumpstate, dumpstate_options_prop)
-
-# Allow dumpstate to kill vendor dumpstate service by init
-set_prop(dumpstate, ctl_dumpstate_prop)
-
# For dumping dynamic partition information.
set_prop(dumpstate, lpdumpd_prop)
binder_call(dumpstate, lpdumpd)
diff --git a/prebuilts/api/30.0/private/ephemeral_app.te b/prebuilts/api/30.0/private/ephemeral_app.te
index e004891..56d4747 100644
--- a/prebuilts/api/30.0/private/ephemeral_app.te
+++ b/prebuilts/api/30.0/private/ephemeral_app.te
@@ -44,6 +44,10 @@
allow ephemeral_app drmserver_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;
+allow ephemeral_app gpu_service:service_manager find;
+
+# Allow ephemeral apps to interact with gpuservice
+binder_call(ephemeral_app, gpuservice)
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
diff --git a/prebuilts/api/30.0/private/fastbootd.te b/prebuilts/api/30.0/private/fastbootd.te
index 49994b7..29a9157 100644
--- a/prebuilts/api/30.0/private/fastbootd.te
+++ b/prebuilts/api/30.0/private/fastbootd.te
@@ -1,25 +1 @@
typeattribute fastbootd coredomain;
-
-# The allow rules are only included in the recovery policy.
-# Otherwise fastbootd is only allowed the domain rules.
-recovery_only(`
- # Reboot the device
- set_prop(fastbootd, powerctl_prop)
-
- # Read serial number of the device from system properties
- get_prop(fastbootd, serialno_prop)
-
- # Set sys.usb.ffs.ready.
- set_prop(fastbootd, ffs_prop)
- set_prop(fastbootd, exported_ffs_prop)
-
- userdebug_or_eng(`
- get_prop(fastbootd, persistent_properties_ready_prop)
- ')
-
- set_prop(fastbootd, gsid_prop)
-
- # Determine allocation scheme (whether B partitions needs to be
- # at the second half of super.
- get_prop(fastbootd, virtual_ab_prop)
-')
diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts
index 2d689c4..b86d9a2 100644
--- a/prebuilts/api/30.0/private/file_contexts
+++ b/prebuilts/api/30.0/private/file_contexts
@@ -212,7 +212,6 @@
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
/system/bin/tcpdump -- u:object_r:tcpdump_exec:s0
/system/bin/tune2fs -- u:object_r:fsck_exec:s0
-/system/bin/resize2fs -- u:object_r:fsck_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
/system/bin/toybox -- u:object_r:toolbox_exec:s0
/system/bin/ld\.mc u:object_r:rs_exec:s0
@@ -257,6 +256,8 @@
/system/bin/keystore u:object_r:keystore_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
+/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0
+/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0
/system/bin/tombstoned u:object_r:tombstoned_exec:s0
/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0
/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
@@ -514,7 +515,7 @@
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
-/data/misc/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
@@ -607,8 +608,8 @@
# Apex data directories
/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
-/data/misc_de/[0-9]+/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
-/data/misc_ce/[0-9]+/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
diff --git a/prebuilts/api/30.0/private/flags_health_check.te b/prebuilts/api/30.0/private/flags_health_check.te
index 18dde09..fb41aff 100644
--- a/prebuilts/api/30.0/private/flags_health_check.te
+++ b/prebuilts/api/30.0/private/flags_health_check.te
@@ -1,27 +1,3 @@
typeattribute flags_health_check coredomain;
init_daemon_domain(flags_health_check)
-
-set_prop(flags_health_check, device_config_boot_count_prop)
-set_prop(flags_health_check, device_config_reset_performed_prop)
-set_prop(flags_health_check, device_config_runtime_native_boot_prop)
-set_prop(flags_health_check, device_config_runtime_native_prop)
-set_prop(flags_health_check, device_config_input_native_boot_prop)
-set_prop(flags_health_check, device_config_netd_native_prop)
-set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
-set_prop(flags_health_check, device_config_media_native_prop)
-set_prop(flags_health_check, device_config_storage_native_boot_prop)
-set_prop(flags_health_check, device_config_sys_traced_prop)
-set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
-set_prop(flags_health_check, device_config_configuration_prop)
-
-# system property device_config_boot_count_prop is used for deciding when to perform server
-# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
-# wrong timing, trigger server configurable flag related disaster recovery, which will override
-# server configured values of all flags with default values.
-neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set;
-
-# system property device_config_reset_performed_prop is used for indicating whether server
-# configurable flags have been reset during booting. Mistakenly modified by unrelated components can
-# cause bad server configurable flags synced back to device.
-neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/fs_use b/prebuilts/api/30.0/private/fs_use
index 93d7f1b..6fcc2cc 100644
--- a/prebuilts/api/30.0/private/fs_use
+++ b/prebuilts/api/30.0/private/fs_use
@@ -11,7 +11,6 @@
fs_use_xattr overlay u:object_r:labeledfs:s0;
fs_use_xattr erofs u:object_r:labeledfs:s0;
fs_use_xattr incremental-fs u:object_r:labeledfs:s0;
-fs_use_xattr virtiofs u:object_r:labeledfs:s0;
# Label inodes from task label.
fs_use_task pipefs u:object_r:pipefs:s0;
diff --git a/prebuilts/api/30.0/private/gatekeeperd.te b/prebuilts/api/30.0/private/gatekeeperd.te
index 2fb88a3..5e4d0a2 100644
--- a/prebuilts/api/30.0/private/gatekeeperd.te
+++ b/prebuilts/api/30.0/private/gatekeeperd.te
@@ -1,6 +1,3 @@
typeattribute gatekeeperd coredomain;
init_daemon_domain(gatekeeperd)
-
-# For checking whether GSI is running
-get_prop(gatekeeperd, gsid_prop)
diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts
index b423e64..51f2ce7 100644
--- a/prebuilts/api/30.0/private/genfs_contexts
+++ b/prebuilts/api/30.0/private/genfs_contexts
@@ -98,6 +98,8 @@
genfscon proc /vmstat u:object_r:proc_vmstat:s0
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
+genfscon fusectl / u:object_r:fusectlfs:s0
+
# selinuxfs booleans can be individually labeled.
genfscon selinuxfs / u:object_r:selinuxfs:s0
genfscon cgroup / u:object_r:cgroup:s0
diff --git a/prebuilts/api/30.0/private/gmscore_app.te b/prebuilts/api/30.0/private/gmscore_app.te
index b70a397..2355326 100644
--- a/prebuilts/api/30.0/private/gmscore_app.te
+++ b/prebuilts/api/30.0/private/gmscore_app.te
@@ -56,6 +56,7 @@
dontaudit gmscore_app wifi_prop:file r_file_perms;
dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
dontaudit gmscore_app mirror_data_file:dir search;
+dontaudit gmscore_app mnt_vendor_file:dir search;
# Access the network
net_domain(gmscore_app)
diff --git a/prebuilts/api/30.0/private/healthd.te b/prebuilts/api/30.0/private/healthd.te
index 921d33f..20d0791 100644
--- a/prebuilts/api/30.0/private/healthd.te
+++ b/prebuilts/api/30.0/private/healthd.te
@@ -4,10 +4,3 @@
# Allow healthd to serve health HAL
hal_server_domain(healthd, hal_health)
-
-# Healthd needs to tell init to continue the boot
-# process when running in charger mode.
-set_prop(healthd, system_prop)
-set_prop(healthd, exported_system_prop)
-set_prop(healthd, exported2_system_prop)
-set_prop(healthd, exported3_system_prop)
diff --git a/prebuilts/api/30.0/private/hwservicemanager.te b/prebuilts/api/30.0/private/hwservicemanager.te
index e1fde43..0705cc7 100644
--- a/prebuilts/api/30.0/private/hwservicemanager.te
+++ b/prebuilts/api/30.0/private/hwservicemanager.te
@@ -6,4 +6,3 @@
add_hwservice(hwservicemanager, hidl_token_hwservice)
set_prop(hwservicemanager, ctl_interface_start_prop)
-set_prop(hwservicemanager, hwservicemanager_prop)
diff --git a/prebuilts/api/30.0/private/incidentd.te b/prebuilts/api/30.0/private/incidentd.te
index 405684a..656f69f 100644
--- a/prebuilts/api/30.0/private/incidentd.te
+++ b/prebuilts/api/30.0/private/incidentd.te
@@ -179,21 +179,6 @@
###
### neverallow rules
###
-
-# only specific domains can find the incident service
-neverallow {
- domain
- -dumpstate
- -incident
- -incidentd
- -perfetto
- -permissioncontroller_app
- -priv_app
- -statsd
- -system_app
- -system_server
-} incident_service:service_manager find;
-
# only incidentd and the other root services in limited circumstances
# can get to the files in /data/misc/incidents
#
diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te
index 7246051..e51cddb 100644
--- a/prebuilts/api/30.0/private/lmkd.te
+++ b/prebuilts/api/30.0/private/lmkd.te
@@ -2,5 +2,7 @@
init_daemon_domain(lmkd)
-# Set sys.lmk.* properties.
-set_prop(lmkd, system_lmk_prop)
+# Set lmkd.* properties.
+set_prop(lmkd, lmkd_prop)
+
+neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/logd.te b/prebuilts/api/30.0/private/logd.te
index 7112c4f..ca92e20 100644
--- a/prebuilts/api/30.0/private/logd.te
+++ b/prebuilts/api/30.0/private/logd.te
@@ -2,9 +2,6 @@
init_daemon_domain(logd)
-# Access device logging gating property
-get_prop(logd, device_logging_prop)
-
# logd is not allowed to write anywhere other than /data/misc/logd, and then
# only on userdebug or eng builds
neverallow logd {
diff --git a/prebuilts/api/30.0/private/mediaextractor.te b/prebuilts/api/30.0/private/mediaextractor.te
index 7f626c4..2e654d6 100644
--- a/prebuilts/api/30.0/private/mediaextractor.te
+++ b/prebuilts/api/30.0/private/mediaextractor.te
@@ -5,5 +5,3 @@
allow mediaextractor appdomain_tmpfs:file { getattr map read write };
allow mediaextractor mediaserver_tmpfs:file { getattr map read write };
allow mediaextractor system_server_tmpfs:file { getattr map read write };
-
-get_prop(mediaextractor, device_config_media_native_prop)
diff --git a/prebuilts/api/30.0/private/mediaprovider_app.te b/prebuilts/api/30.0/private/mediaprovider_app.te
index fea903e..335c1b6 100644
--- a/prebuilts/api/30.0/private/mediaprovider_app.te
+++ b/prebuilts/api/30.0/private/mediaprovider_app.te
@@ -6,7 +6,7 @@
app_domain(mediaprovider_app)
# Access to /mnt/pass_through.
-r_dir_file(mediaprovider_app, mnt_pass_through_file)
+allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms;
# Allow MediaProvider to host a FUSE daemon for external storage
allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr };
@@ -39,7 +39,7 @@
FS_IOC_SETFLAGS
};
-# Access external sdcards through /mnt/media_rw
-allow mediaprovider_app { mnt_media_rw_file }:dir search;
-
allow mediaprovider_app proc_filesystems:file r_file_perms;
+
+#Allow MediaProvider to see if sdcardfs is in use
+get_prop(mediaprovider_app, storage_config_prop)
diff --git a/prebuilts/api/30.0/private/mediaserver.te b/prebuilts/api/30.0/private/mediaserver.te
index 32dfc00..c55e54a 100644
--- a/prebuilts/api/30.0/private/mediaserver.te
+++ b/prebuilts/api/30.0/private/mediaserver.te
@@ -12,5 +12,3 @@
hal_client_domain(mediaserver, hal_codec2)
allow mediaserver mediatranscoding_service:service_manager find;
-
-set_prop(mediaserver, audio_prop)
diff --git a/prebuilts/api/30.0/private/mediaswcodec.te b/prebuilts/api/30.0/private/mediaswcodec.te
index cef802d..50f5698 100644
--- a/prebuilts/api/30.0/private/mediaswcodec.te
+++ b/prebuilts/api/30.0/private/mediaswcodec.te
@@ -2,4 +2,3 @@
init_daemon_domain(mediaswcodec)
-get_prop(mediaswcodec, device_config_media_native_prop)
diff --git a/prebuilts/api/30.0/private/netd.te b/prebuilts/api/30.0/private/netd.te
index 27663d3..41473b7 100644
--- a/prebuilts/api/30.0/private/netd.te
+++ b/prebuilts/api/30.0/private/netd.te
@@ -17,12 +17,7 @@
# TODO: Remove this permission when 4.9 kernel is deprecated.
allow netd self:key_socket create;
-set_prop(netd, ctl_mdnsd_prop)
-set_prop(netd, netd_stable_secret_prop)
-
get_prop(netd, bpf_progs_loaded_prop)
-get_prop(netd, hwservicemanager_prop)
-get_prop(netd, device_config_netd_native_prop)
# Allow netd to write to statsd.
unix_socket_send(netd, statsdw, statsd)
@@ -33,11 +28,3 @@
# Allow netd to send dump info to dumpstate
allow netd dumpstate:fd use;
allow netd dumpstate:fifo_file { getattr write };
-
-# persist.netd.stable_secret contains RFC 7217 secret key which should never be
-# leaked to other processes. Make sure it never leaks.
-neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms;
-
-# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
-# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
-neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te
index 25c70d2..06e4ed1 100644
--- a/prebuilts/api/30.0/private/perfetto.te
+++ b/prebuilts/api/30.0/private/perfetto.te
@@ -47,14 +47,6 @@
allow perfetto incident_service:service_manager find;
binder_call(perfetto, incidentd)
-# perfetto log formatter calls isatty() on its stderr. Denial when running
-# under adbd is harmless. Avoid generating denial logs.
-dontaudit perfetto adbd:unix_stream_socket getattr;
-dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
-# As above, when adbd is running in "su" domain (only the ioctl is denied in
-# practice).
-dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
-
###
### Neverallow rules
###
diff --git a/prebuilts/api/30.0/private/permissioncontroller_app.te b/prebuilts/api/30.0/private/permissioncontroller_app.te
index 8a6f6aa..41185e3 100644
--- a/prebuilts/api/30.0/private/permissioncontroller_app.te
+++ b/prebuilts/api/30.0/private/permissioncontroller_app.te
@@ -27,6 +27,7 @@
allow permissioncontroller_app IProxyService_service:service_manager find;
allow permissioncontroller_app location_service:service_manager find;
allow permissioncontroller_app media_session_service:service_manager find;
+allow permissioncontroller_app radio_service:service_manager find;
allow permissioncontroller_app surfaceflinger_service:service_manager find;
allow permissioncontroller_app telecom_service:service_manager find;
allow permissioncontroller_app trust_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/platform_app.te b/prebuilts/api/30.0/private/platform_app.te
index ba6de5b..3beec38 100644
--- a/prebuilts/api/30.0/private/platform_app.te
+++ b/prebuilts/api/30.0/private/platform_app.te
@@ -66,8 +66,12 @@
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
+allow platform_app gpu_service:service_manager find;
allow platform_app stats_service:service_manager find;
+# Allow platform apps to interact with gpuservice
+binder_call(platform_app, gpuservice)
+
# Allow platform apps to log via statsd.
binder_call(platform_app, statsd)
diff --git a/prebuilts/api/30.0/private/priv_app.te b/prebuilts/api/30.0/private/priv_app.te
index 2325716..44c81ee 100644
--- a/prebuilts/api/30.0/private/priv_app.te
+++ b/prebuilts/api/30.0/private/priv_app.te
@@ -46,6 +46,10 @@
allow priv_app recovery_service:service_manager find;
allow priv_app stats_service:service_manager find;
+# Allow privileged apps to interact with gpuservice
+binder_call(priv_app, gpuservice)
+allow priv_app gpu_service:service_manager find;
+
# Write to /cache.
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
@@ -153,6 +157,10 @@
# on the Incremental File System.
allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL;
+# Required for Phonesky to be able to read APEX files under /data/apex/active/.
+allow priv_app apex_data_file:dir search;
+allow priv_app staging_data_file:file r_file_perms;
+
###
### neverallow rules
###
diff --git a/prebuilts/api/30.0/private/property.te b/prebuilts/api/30.0/private/property.te
deleted file mode 100644
index 139c978..0000000
--- a/prebuilts/api/30.0/private/property.te
+++ /dev/null
@@ -1,331 +0,0 @@
-# Properties used only in /system
-system_internal_prop(adbd_prop)
-system_internal_prop(device_config_storage_native_boot_prop)
-system_internal_prop(device_config_sys_traced_prop)
-system_internal_prop(device_config_window_manager_native_boot_prop)
-system_internal_prop(device_config_configuration_prop)
-system_internal_prop(gsid_prop)
-system_internal_prop(init_perf_lsm_hooks_prop)
-system_internal_prop(init_svc_debug_prop)
-system_internal_prop(last_boot_reason_prop)
-system_internal_prop(netd_stable_secret_prop)
-system_internal_prop(pm_prop)
-system_internal_prop(system_adbd_prop)
-system_internal_prop(traced_perf_enabled_prop)
-system_internal_prop(userspace_reboot_log_prop)
-system_internal_prop(userspace_reboot_test_prop)
-
-###
-### Neverallow rules
-###
-
-treble_sysprop_neverallow(`
-
-# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
-# neverallow domain {
-# property_type
-# -system_property_type
-# -product_property_type
-# -vendor_property_type
-# }:file no_rw_file_perms;
-
-neverallow { domain -coredomain } {
- system_property_type
- system_internal_property_type
- -system_restricted_property_type
- -system_public_property_type
-}:file no_rw_file_perms;
-
-neverallow { domain -coredomain } {
- system_property_type
- -system_public_property_type
-}:property_service set;
-
-# init is in coredomain, but should be able to read/write all props.
-# dumpstate is also in coredomain, but should be able to read all props.
-neverallow { coredomain -init -dumpstate } {
- vendor_property_type
- vendor_internal_property_type
- -vendor_restricted_property_type
- -vendor_public_property_type
-}:file no_rw_file_perms;
-
-neverallow { coredomain -init } {
- vendor_property_type
- -vendor_public_property_type
-}:property_service set;
-
-')
-
-# There is no need to perform ioctl or advisory locking operations on
-# property files. If this neverallow is being triggered, it is
-# likely that the policy is using r_file_perms directly instead of
-# the get_prop() macro.
-neverallow domain property_type:file { ioctl lock };
-
-neverallow * {
- core_property_type
- -audio_prop
- -config_prop
- -cppreopt_prop
- -dalvik_prop
- -debuggerd_prop
- -debug_prop
- -default_prop
- -dhcp_prop
- -dumpstate_prop
- -ffs_prop
- -fingerprint_prop
- -logd_prop
- -net_radio_prop
- -nfc_prop
- -ota_prop
- -pan_result_prop
- -persist_debug_prop
- -powerctl_prop
- -radio_prop
- -restorecon_prop
- -shell_prop
- -system_prop
- -system_radio_prop
- -vold_prop
-}:file no_rw_file_perms;
-
-# sigstop property is only used for debugging; should only be set by su which is permissive
-# for userdebug/eng
-neverallow {
- domain
- -init
- -vendor_init
-} ctl_sigstop_prop:property_service set;
-
-# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
-# in the audit log
-dontaudit domain {
- ctl_bootanim_prop
- ctl_bugreport_prop
- ctl_console_prop
- ctl_default_prop
- ctl_dumpstate_prop
- ctl_fuse_prop
- ctl_mdnsd_prop
- ctl_rildaemon_prop
-}:property_service set;
-
-neverallow {
- domain
- -init
-} init_svc_debug_prop:property_service set;
-
-neverallow {
- domain
- -init
- -dumpstate
- userdebug_or_eng(`-su')
-} init_svc_debug_prop:file no_rw_file_perms;
-
-compatible_property_only(`
-# Prevent properties from being set
- neverallow {
- domain
- -coredomain
- -appdomain
- -vendor_init
- } {
- core_property_type
- extended_core_property_type
- exported_config_prop
- exported_default_prop
- exported_dumpstate_prop
- exported_ffs_prop
- exported_fingerprint_prop
- exported_system_prop
- exported_system_radio_prop
- exported2_default_prop
- exported2_system_prop
- exported3_default_prop
- exported3_system_prop
- -nfc_prop
- -powerctl_prop
- -radio_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -appdomain
- -hal_nfc_server
- } {
- nfc_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -appdomain
- -hal_telephony_server
- -vendor_init
- } {
- exported_radio_prop
- exported3_radio_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -appdomain
- -hal_telephony_server
- } {
- exported2_radio_prop
- radio_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -bluetooth
- -hal_bluetooth_server
- } {
- bluetooth_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -bluetooth
- -hal_bluetooth_server
- -vendor_init
- } {
- exported_bluetooth_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -hal_camera_server
- -cameraserver
- -vendor_init
- } {
- exported_camera_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -hal_wifi_server
- -wificond
- } {
- wifi_prop
- }:property_service set;
-
- neverallow {
- domain
- -coredomain
- -hal_wifi_server
- -wificond
- -vendor_init
- } {
- exported_wifi_prop
- }:property_service set;
-
-# Prevent properties from being read
- neverallow {
- domain
- -coredomain
- -appdomain
- -vendor_init
- } {
- core_property_type
- extended_core_property_type
- exported_ffs_prop
- exported_system_radio_prop
- exported2_system_prop
- exported3_default_prop
- exported3_system_prop
- -debug_prop
- -logd_prop
- -nfc_prop
- -powerctl_prop
- -radio_prop
- }:file no_rw_file_perms;
-
- neverallow {
- domain
- -coredomain
- -appdomain
- -hal_nfc_server
- } {
- nfc_prop
- }:file no_rw_file_perms;
-
- neverallow {
- domain
- -coredomain
- -appdomain
- -hal_telephony_server
- } {
- radio_prop
- }:file no_rw_file_perms;
-
- neverallow {
- domain
- -coredomain
- -bluetooth
- -hal_bluetooth_server
- } {
- bluetooth_prop
- }:file no_rw_file_perms;
-
- neverallow {
- domain
- -coredomain
- -hal_wifi_server
- -wificond
- } {
- wifi_prop
- }:file no_rw_file_perms;
-')
-
-compatible_property_only(`
- # Neverallow coredomain to set vendor properties
- neverallow {
- coredomain
- -init
- -system_writes_vendor_properties_violators
- } {
- property_type
- -system_property_type
- -extended_core_property_type
- }:property_service set;
-')
-
-neverallow {
- -init
- -system_server
-} {
- userspace_reboot_log_prop
-}:property_service set;
-
-neverallow {
- # Only allow init and system_server to set system_adbd_prop
- -init
- -system_server
-} {
- system_adbd_prop
-}:property_service set;
-
-neverallow {
- # Only allow init and adbd to set adbd_prop
- -init
- -adbd
-} {
- adbd_prop
-}:property_service set;
-
-neverallow {
- # Only allow init and shell to set userspace_reboot_test_prop
- -init
- -shell
-} {
- userspace_reboot_test_prop
-}:property_service set;
diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts
index b489f13..1a5471f 100644
--- a/prebuilts/api/30.0/private/property_contexts
+++ b/prebuilts/api/30.0/private/property_contexts
@@ -42,6 +42,7 @@
khungtask. u:object_r:llkd_prop:s0
ro.llk. u:object_r:llkd_prop:s0
ro.khungtask. u:object_r:llkd_prop:s0
+lmkd.reinit u:object_r:lmkd_prop:s0 exact int
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
@@ -96,6 +97,9 @@
sys.lmk. u:object_r:system_lmk_prop:s0
sys.trace. u:object_r:system_trace_prop:s0
+# Fastbootd protocol control property
+fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
+
# Boolean property set by system server upon boot indicating
# if device is fully owned by organization instead of being
# a personal device.
@@ -249,423 +253,8 @@
# history size.
ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
-persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool
-
-af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
-
-audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
-audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
-audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
-audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int
-
-camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
-camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
-
-drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
-
-keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
-
-media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
-
-media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
-media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
-
-persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
-persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
-persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
-persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
-
-persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
-
-persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-
-persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
-
-persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
-persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
-persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
-
-pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
-pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
-pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
-
-ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
-
-ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
-
-ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
-
-ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
-
-ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
-ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
-
-ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
-
-ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
-ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool
-
-ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
-ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
-
-ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
-
-ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
-
-ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
-
-external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
-external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
-
-ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
-
-ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
-ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool
-
-ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
-ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
-
-ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.low u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.swap_util_max u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
-
-ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string
-ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string
-ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string
-
-ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
-ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
-ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
-
-ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
-
-ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
-
-ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
-
-ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
-
-ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
-
-ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
-
-ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
-
-ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
-ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
-ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
-
-ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
-
-ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
-
-ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
-ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
-ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
-
-ro.zygote u:object_r:exported3_default_prop:s0 exact string
-
-sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
-
-sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
-sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool
-sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
-sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
-sys.usb.state u:object_r:exported2_system_prop:s0 exact string
-
-telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
-
-tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
-
-vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
-
-wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
-
-zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
-
-apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
-
-persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
-persist.sys.theme u:object_r:theme_prop:s0 exact string
-persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
-
-sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
-sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
-sys.vdso u:object_r:exported3_system_prop:s0 exact string
-
-persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
-
-sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
-sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
-
-aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
-aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
-aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
-aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
-aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
-
-build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
-
-ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
-
-drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
-
-dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
-dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
-
-hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
-
-init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string
-init.svc.console u:object_r:exported2_default_prop:s0 exact string
-init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string
-init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string
-init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
-init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
-init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
-
-libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
-libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
-libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
-
-net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
-
-persist.sys.locale u:object_r:exported_system_prop:s0 exact string
-persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
-persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
-
-ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool
-
-ro.arch u:object_r:exported2_default_prop:s0 exact string
-
-ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
-
-ro.baseband u:object_r:exported2_default_prop:s0 exact string
-
-ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
-ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
-ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
-ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
-ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
-ro.boot.console u:object_r:exported2_default_prop:s0 exact string
-ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
-ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
-ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
-ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
-ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
-ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
-ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
-ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
-ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string
-ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string
-
-ro.bootloader u:object_r:exported2_default_prop:s0 exact string
-
-ro.build.date u:object_r:exported2_default_prop:s0 exact string
-ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
-ro.build.description u:object_r:exported2_default_prop:s0 exact string
-ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
-ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string
-ro.build.host u:object_r:exported2_default_prop:s0 exact string
-ro.build.id u:object_r:exported2_default_prop:s0 exact string
-ro.build.product u:object_r:exported2_default_prop:s0 exact string
-ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
-ro.build.tags u:object_r:exported2_default_prop:s0 exact string
-ro.build.user u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
-ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
-ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
-
-ro.debuggable u:object_r:exported2_default_prop:s0 exact int
-
-ro.hardware u:object_r:exported2_default_prop:s0 exact string
-
-ro.product.brand u:object_r:exported2_default_prop:s0 exact string
-ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
-ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
-ro.product.device u:object_r:exported2_default_prop:s0 exact string
-ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
-ro.product.model u:object_r:exported2_default_prop:s0 exact string
-ro.product.name u:object_r:exported2_default_prop:s0 exact string
-
-ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
-
-ro.revision u:object_r:exported2_default_prop:s0 exact string
-
-ro.secure u:object_r:exported_secure_prop:s0 exact int
-
-ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
-
-service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
-
-sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
-sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
-sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
-
-aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
-aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
-aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
-aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
-aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
-aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
-
-config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
-
-gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
-
-media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
-
-persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
-
-rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
-
-ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
-ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
-ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
-ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
-
-ro.board.platform u:object_r:exported_default_prop:s0 exact string
-
-ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
-ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
-ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
-ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string
-ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
-
-ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string
-ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int
-ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-
-ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
-
-ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
-ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string
-ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
-
-ro.carrier u:object_r:exported_default_prop:s0 exact string
-
-ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool
-ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
-
-ro.frp.pst u:object_r:exported_default_prop:s0 exact string
-
-ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
-ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
-ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
-ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
-ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
-ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
-ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
-ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
-ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
-ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
-ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
-ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
-ro.hardware.input u:object_r:exported_default_prop:s0 exact string
-ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
-ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string
-ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
-ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
-ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
-ro.hardware.power u:object_r:exported_default_prop:s0 exact string
-ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
-ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
-ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
-ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
-ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
-ro.hardware.type u:object_r:exported_default_prop:s0 exact string
-ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
-ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
-ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
-ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
-
-ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool
-
-ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
-ro.kernel.qemu. u:object_r:exported_default_prop:s0
-ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
-ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool
-
-ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
-ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
-ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
-
-ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
-
-ro.product.board u:object_r:exported_default_prop:s0 exact string
-ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
-ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
-ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
-ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.device u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.model u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.name u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
-ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
-
-ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
-
-ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
-ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
-ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
-
-ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
-ro.vndk.version u:object_r:vndk_prop:s0 exact string
-
-ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
-
-wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
-wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string
-wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
-wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
-wifi.interface u:object_r:exported_default_prop:s0 exact string
-
-ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+# Property to enable incremental feature
+ro.incremental.enable u:object_r:incremental_prop:s0
# Properties to configure userspace reboot.
init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
@@ -674,28 +263,3 @@
init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
-
-ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
-
-ro.bootmode u:object_r:exported2_default_prop:s0 exact string
-
-ro.build.type u:object_r:exported2_default_prop:s0 exact string
-
-sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
-
-# Binder cache properties. These are world-readable
-cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
-cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
-cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0
-cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0
-cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
-cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
-cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
-
-cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
-cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
-cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
diff --git a/prebuilts/api/30.0/private/radio.te b/prebuilts/api/30.0/private/radio.te
index db9820d..00a5cda 100644
--- a/prebuilts/api/30.0/private/radio.te
+++ b/prebuilts/api/30.0/private/radio.te
@@ -4,16 +4,6 @@
read_runtime_log_tags(radio)
-# Property service
-set_prop(radio, radio_prop)
-set_prop(radio, exported_radio_prop)
-set_prop(radio, exported2_radio_prop)
-set_prop(radio, exported3_radio_prop)
-set_prop(radio, net_radio_prop)
-
-# ctl interface
-set_prop(radio, ctl_rildaemon_prop)
-
# Telephony code contains time / time zone detection logic so it reads the associated properties.
get_prop(radio, time_prop)
@@ -26,11 +16,10 @@
allow radio emergency_data_file:dir r_dir_perms;
allow radio emergency_data_file:file r_file_perms;
+# allow sending pulled atoms to statsd
+binder_call(radio, statsd)
+
# allow telephony to access related cache properties
set_prop(radio, binder_cache_telephony_server_prop);
neverallow { domain -radio -init }
binder_cache_telephony_server_prop:property_service set;
-
-# allow sending pulled atoms to statsd
-binder_call(radio, statsd)
-
diff --git a/prebuilts/api/30.0/private/recovery.te b/prebuilts/api/30.0/private/recovery.te
index b522230..2a7fdc7 100644
--- a/prebuilts/api/30.0/private/recovery.te
+++ b/prebuilts/api/30.0/private/recovery.te
@@ -1,27 +1 @@
typeattribute recovery coredomain;
-
-# The allow rules are only included in the recovery policy.
-# Otherwise recovery is only allowed the domain rules.
-recovery_only(`
- # Reboot the device
- set_prop(recovery, powerctl_prop)
-
- # Read serial number of the device from system properties
- get_prop(recovery, serialno_prop)
-
- # Set sys.usb.ffs.ready when starting minadbd for sideload.
- set_prop(recovery, ffs_prop)
- set_prop(recovery, exported_ffs_prop)
-
- # Set sys.usb.config when switching into fastboot.
- set_prop(recovery, system_radio_prop)
- set_prop(recovery, exported_system_radio_prop)
-
- # Read ro.boot.bootreason
- get_prop(recovery, bootloader_boot_reason_prop)
-
- # Read storage properties (for correctly formatting filesystems)
- get_prop(recovery, storage_config_prop)
-
- set_prop(recovery, gsid_prop)
-')
diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts
index 12e46dc..1bad9c1 100644
--- a/prebuilts/api/30.0/private/seapp_contexts
+++ b/prebuilts/api/30.0/private/seapp_contexts
@@ -153,12 +153,12 @@
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
user=_isolated domain=isolated_app levelFrom=all
user=_app seinfo=app_zygote domain=app_zygote levelFrom=all
-user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
+user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
-user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
diff --git a/prebuilts/api/30.0/private/service_contexts b/prebuilts/api/30.0/private/service_contexts
index 0b362c2..e01dcc1 100644
--- a/prebuilts/api/30.0/private/service_contexts
+++ b/prebuilts/api/30.0/private/service_contexts
@@ -242,6 +242,7 @@
wifip2p u:object_r:wifip2p_service:s0
wifiscanner u:object_r:wifiscanner_service:s0
wifi u:object_r:wifi_service:s0
+wifinl80211 u:object_r:wifinl80211_service:s0
wifiaware u:object_r:wifiaware_service:s0
wifirtt u:object_r:rttmanager_service:s0
window u:object_r:window_service:s0
diff --git a/prebuilts/api/30.0/private/shell.te b/prebuilts/api/30.0/private/shell.te
index 63757eb..fd78763 100644
--- a/prebuilts/api/30.0/private/shell.te
+++ b/prebuilts/api/30.0/private/shell.te
@@ -1,4 +1,3 @@
-
typeattribute shell coredomain;
# allow shell input injection
@@ -92,51 +91,5 @@
allow shell self:perf_event { open read write kernel };
neverallow shell self:perf_event ~{ open read write kernel };
-# Set properties.
-set_prop(shell, shell_prop)
-set_prop(shell, ctl_bugreport_prop)
-set_prop(shell, ctl_dumpstate_prop)
-set_prop(shell, dumpstate_prop)
-set_prop(shell, exported_dumpstate_prop)
-set_prop(shell, debug_prop)
-set_prop(shell, powerctl_prop)
-set_prop(shell, log_tag_prop)
-set_prop(shell, wifi_log_prop)
-# Allow shell to start/stop traced via the persist.traced.enable
-# property (which also takes care of /data/misc initialization).
-set_prop(shell, traced_enabled_prop)
-# adjust is_loggable properties
-userdebug_or_eng(`set_prop(shell, log_prop)')
-# logpersist script
-userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
-# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
-# property.
-set_prop(shell, heapprofd_enabled_prop)
-# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
-# property.
-set_prop(shell, traced_perf_enabled_prop)
-# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
-set_prop(shell, ctl_gsid_prop)
-# Allow shell to enable Dynamic System Update
-set_prop(shell, dynamic_system_prop)
-# Allow shell to mock an OTA using persist.pm.mock-upgrade
-set_prop(shell, mock_ota_prop)
-
-# Read device's serial number from system properties
-get_prop(shell, serialno_prop)
-
-# Allow shell to read the vendor security patch level for CTS
-get_prop(shell, vendor_security_patch_level_prop)
-
-# Read state of logging-related properties
-get_prop(shell, device_logging_prop)
-
-# Read state of boot reason properties
-get_prop(shell, bootloader_boot_reason_prop)
-get_prop(shell, last_boot_reason_prop)
-get_prop(shell, system_boot_reason_prop)
-
-# Allow reading the outcome of perf_event_open LSM support test for CTS.
-get_prop(shell, init_perf_lsm_hooks_prop)
-
-userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
+# Allow to read graphics related properties.
+get_prop(shell, graphics_config_prop)
diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te
index 973350e..cf709df 100644
--- a/prebuilts/api/30.0/private/surfaceflinger.te
+++ b/prebuilts/api/30.0/private/surfaceflinger.te
@@ -54,6 +54,7 @@
# Set properties.
set_prop(surfaceflinger, system_prop)
set_prop(surfaceflinger, exported_system_prop)
+set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te
index 73acb95..0b77bb3 100644
--- a/prebuilts/api/30.0/private/system_app.te
+++ b/prebuilts/api/30.0/private/system_app.te
@@ -84,6 +84,9 @@
# Allow system apps to interact with incidentd
binder_call(system_app, incidentd)
+# Allow system apps to interact with gpuservice
+binder_call(system_app, gpuservice)
+
# Allow system app to interact with Dumpstate HAL
hal_client_domain(system_app, hal_dumpstate)
diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te
index 27bbd53..8c7afab 100644
--- a/prebuilts/api/30.0/private/system_server.te
+++ b/prebuilts/api/30.0/private/system_server.te
@@ -678,6 +678,9 @@
# Read wifi.interface
get_prop(system_server, wifi_prop)
+# Read the vendor property that indicates if Incremental features is enabled
+get_prop(system_server, incremental_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
@@ -777,6 +780,7 @@
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
allow system_server vold_service:service_manager find;
+allow system_server wifinl80211_service:service_manager find;
add_service(system_server, batteryproperties_service)
diff --git a/prebuilts/api/30.0/private/traceur_app.te b/prebuilts/api/30.0/private/traceur_app.te
index b7e58ba..94841df 100644
--- a/prebuilts/api/30.0/private/traceur_app.te
+++ b/prebuilts/api/30.0/private/traceur_app.te
@@ -20,8 +20,3 @@
unix_socket_connect(traceur_app, traced_consumer, traced)
dontaudit traceur_app debugfs_tracing_debug:file audit_access;
-
-# Allow Traceur to enable traced if necessary.
-set_prop(traceur_app, traced_enabled_prop)
-
-set_prop(traceur_app, debug_prop)
diff --git a/prebuilts/api/30.0/private/ueventd.te b/prebuilts/api/30.0/private/ueventd.te
index 8bcdbf9..1bd6773 100644
--- a/prebuilts/api/30.0/private/ueventd.te
+++ b/prebuilts/api/30.0/private/ueventd.te
@@ -1,7 +1,3 @@
typeattribute ueventd coredomain;
tmpfs_domain(ueventd)
-
-# ueventd can set properties, particularly it sets ro.cold_boot_done to signal
-# to init that cold boot has completed.
-set_prop(ueventd, cold_boot_done_prop)
diff --git a/prebuilts/api/30.0/private/uncrypt.te b/prebuilts/api/30.0/private/uncrypt.te
index 1a94cd1..e4e9224 100644
--- a/prebuilts/api/30.0/private/uncrypt.te
+++ b/prebuilts/api/30.0/private/uncrypt.te
@@ -1,6 +1,3 @@
typeattribute uncrypt coredomain;
init_daemon_domain(uncrypt)
-
-# Set a property to reboot the device.
-set_prop(uncrypt, powerctl_prop)
diff --git a/prebuilts/api/30.0/private/untrusted_app_all.te b/prebuilts/api/30.0/private/untrusted_app_all.te
index 4acc0e8..d9fd5a1 100644
--- a/prebuilts/api/30.0/private/untrusted_app_all.te
+++ b/prebuilts/api/30.0/private/untrusted_app_all.te
@@ -98,6 +98,10 @@
allow untrusted_app_all radio_service:service_manager find;
allow untrusted_app_all app_api_service:service_manager find;
allow untrusted_app_all vr_manager_service:service_manager find;
+allow untrusted_app_all gpu_service:service_manager find;
+
+# Allow untrusted apps to interact with gpuservice
+binder_call(untrusted_app_all, gpuservice)
# gdbserver for ndk-gdb ptrace attaches to app process.
allow untrusted_app_all self:process ptrace;
diff --git a/prebuilts/api/30.0/private/update_engine.te b/prebuilts/api/30.0/private/update_engine.te
index 539399e..e4e7009 100644
--- a/prebuilts/api/30.0/private/update_engine.te
+++ b/prebuilts/api/30.0/private/update_engine.te
@@ -5,12 +5,3 @@
# Allow to talk to gsid.
allow update_engine gsi_service:service_manager find;
binder_call(update_engine, gsid)
-
-# Allow to start gsid service.
-set_prop(update_engine, ctl_gsid_prop)
-
-# Allow to set the OTA related properties, e.g. ota.warm_reset.
-set_prop(update_engine, ota_prop)
-
-# Allow to get the DSU status
-get_prop(update_engine, gsid_prop)
diff --git a/prebuilts/api/30.0/private/update_verifier.te b/prebuilts/api/30.0/private/update_verifier.te
index 5e1b27b..1b934d9 100644
--- a/prebuilts/api/30.0/private/update_verifier.te
+++ b/prebuilts/api/30.0/private/update_verifier.te
@@ -1,9 +1,3 @@
typeattribute update_verifier coredomain;
init_daemon_domain(update_verifier)
-
-# Allow update_verifier to reboot the device.
-set_prop(update_verifier, powerctl_prop)
-
-# Allow to set the OTA related properties e.g. ota.warm_reset.
-set_prop(update_verifier, ota_prop)
diff --git a/prebuilts/api/30.0/private/usbd.te b/prebuilts/api/30.0/private/usbd.te
index 42f2324..13a0ad7 100644
--- a/prebuilts/api/30.0/private/usbd.te
+++ b/prebuilts/api/30.0/private/usbd.te
@@ -10,6 +10,3 @@
# start adbd during boot if adb is enabled
set_prop(usbd, ctl_default_prop)
-
-# Start/stop adbd via ctl.start adbd
-set_prop(usbd, ctl_adbd_prop)
diff --git a/prebuilts/api/30.0/private/vold.te b/prebuilts/api/30.0/private/vold.te
index b0398b1..dea24a5 100644
--- a/prebuilts/api/30.0/private/vold.te
+++ b/prebuilts/api/30.0/private/vold.te
@@ -17,13 +17,3 @@
# from accidentally writing when the mount point isn't present.
type_transition vold storage_file:dir storage_stub_file;
type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;
-
-# Property Service
-get_prop(vold, storage_config_prop);
-
-set_prop(vold, vold_prop)
-set_prop(vold, powerctl_prop)
-set_prop(vold, ctl_fuse_prop)
-set_prop(vold, restorecon_prop)
-set_prop(vold, ota_prop)
-set_prop(vold, boottime_prop)
diff --git a/prebuilts/api/30.0/private/wificond.te b/prebuilts/api/30.0/private/wificond.te
index 1912256..5476e33 100644
--- a/prebuilts/api/30.0/private/wificond.te
+++ b/prebuilts/api/30.0/private/wificond.te
@@ -1,9 +1,3 @@
typeattribute wificond coredomain;
-set_prop(wificond, exported_wifi_prop)
-set_prop(wificond, wifi_prop)
-set_prop(wificond, ctl_default_prop)
-
-get_prop(wificond, hwservicemanager_prop)
-
init_daemon_domain(wificond)
diff --git a/prebuilts/api/30.0/public/adbd.te b/prebuilts/api/30.0/public/adbd.te
index 68a176c..4a1f633 100644
--- a/prebuilts/api/30.0/public/adbd.te
+++ b/prebuilts/api/30.0/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/prebuilts/api/30.0/public/apexd.te b/prebuilts/api/30.0/public/apexd.te
index 429791f..93c257f 100644
--- a/prebuilts/api/30.0/public/apexd.te
+++ b/prebuilts/api/30.0/public/apexd.te
@@ -4,8 +4,12 @@
binder_use(apexd)
add_service(apexd, apex_service)
+set_prop(apexd, apexd_prop)
neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call;
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
+
+# only apexd can set apexd sysprop
+neverallow { domain -apexd -init } apexd_prop:property_service set;
diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te
index 2c8e335..e5b9fd6 100644
--- a/prebuilts/api/30.0/public/app.te
+++ b/prebuilts/api/30.0/public/app.te
@@ -219,8 +219,6 @@
binder_call(appdomain, appdomain)
# Perform binder IPC to ephemeral apps.
binder_call(appdomain, ephemeral_app)
-# Perform binder IPC to gpuservice.
-binder_call({ appdomain -isolated_app }, gpuservice)
# Talk with graphics composer fences
allow appdomain hal_graphics_composer:fd use;
@@ -568,9 +566,6 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
-# Don't allow apps access to storage configuration properties.
-neverallow appdomain storage_config_prop:file no_rw_file_perms;
-
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/prebuilts/api/30.0/public/asan_extract.te b/prebuilts/api/30.0/public/asan_extract.te
index d8a1b73..15c5a09 100644
--- a/prebuilts/api/30.0/public/asan_extract.te
+++ b/prebuilts/api/30.0/public/asan_extract.te
@@ -5,7 +5,7 @@
with_asan(`
type asan_extract, domain, coredomain;
- type asan_extract_exec, exec_type, file_type, system_file_type;
+ type asan_extract_exec, exec_type, file_type;
# Allow asan_extract to execute itself using #!/system/bin/sh
allow asan_extract shell_exec:file rx_file_perms;
@@ -30,4 +30,7 @@
# Restorecon will actually already try to run with sanitized libraries (libpackagelistparser).
allow asan_extract system_data_file:file execute;
+
+ # We need to signal a reboot when done.
+ set_prop(asan_extract, powerctl_prop)
')
diff --git a/prebuilts/api/30.0/public/bootanim.te b/prebuilts/api/30.0/public/bootanim.te
index eb3eba5..bd2bec6 100644
--- a/prebuilts/api/30.0/public/bootanim.te
+++ b/prebuilts/api/30.0/public/bootanim.te
@@ -23,6 +23,7 @@
allow bootanim audioserver_service:service_manager find;
allow bootanim surfaceflinger_service:service_manager find;
+allow bootanim surfaceflinger:unix_stream_socket { read write };
# Allow access to ion memory allocation device
allow bootanim ion_device:chr_file rw_file_perms;
@@ -36,3 +37,7 @@
# System file accesses.
allow bootanim system_file:dir r_dir_perms;
+
+# Read ro.boot.bootreason b/30654343
+get_prop(bootanim, bootloader_boot_reason_prop)
+
diff --git a/prebuilts/api/30.0/public/bootstat.te b/prebuilts/api/30.0/public/bootstat.te
index 5079c28..e91f2a5 100644
--- a/prebuilts/api/30.0/public/bootstat.te
+++ b/prebuilts/api/30.0/public/bootstat.te
@@ -8,6 +8,13 @@
allow bootstat bootstat_data_file:dir rw_dir_perms;
allow bootstat bootstat_data_file:file create_file_perms;
+# Collect metrics on boot time created by init
+get_prop(bootstat, boottime_prop)
+
+# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
+set_prop(bootstat, bootloader_boot_reason_prop)
+set_prop(bootstat, system_boot_reason_prop)
+set_prop(bootstat, last_boot_reason_prop)
allow bootstat metadata_file:dir search;
allow bootstat metadata_bootstat_file:dir rw_dir_perms;
allow bootstat metadata_bootstat_file:file create_file_perms;
@@ -25,6 +32,31 @@
# Allow bootstat write to statsd.
unix_socket_send(bootstat, statsdw, statsd)
+# ToDo: end
+
+neverallow {
+ domain
+ -bootanim
+ -bootstat
+ -dumpstate
+ userdebug_or_eng(`-incidentd')
+ -init
+ -recovery
+ -shell
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
+# ... and refine, as these components should not set the last boot reason
+neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
+# ... and refine ... for a ro propertly no less ... keep this _tight_
+neverallow system_server bootloader_boot_reason_prop:property_service set;
+
neverallow {
domain
-bootstat
diff --git a/prebuilts/api/30.0/public/charger.te b/prebuilts/api/30.0/public/charger.te
index f57853a..4b341ea 100644
--- a/prebuilts/api/30.0/public/charger.te
+++ b/prebuilts/api/30.0/public/charger.te
@@ -36,4 +36,13 @@
allow charger tty_device:chr_file rw_file_perms;
allow charger proc_sysrq:file rw_file_perms;
+# charger needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(charger, system_prop)
+set_prop(charger, exported_system_prop)
+set_prop(charger, exported2_system_prop)
+set_prop(charger, exported3_system_prop)
+
+get_prop(charger, charger_prop)
+
hal_client_domain(charger, hal_health)
diff --git a/prebuilts/api/30.0/public/dhcp.te b/prebuilts/api/30.0/public/dhcp.te
index 67fd038..4f2369d 100644
--- a/prebuilts/api/30.0/public/dhcp.te
+++ b/prebuilts/api/30.0/public/dhcp.te
@@ -17,6 +17,9 @@
# For /proc/sys/net/ipv4/conf/*/promote_secondaries
allow dhcp proc_net_type:file write;
+set_prop(dhcp, dhcp_prop)
+set_prop(dhcp, pan_result_prop)
+
allow dhcp dhcp_data_file:dir create_dir_perms;
allow dhcp dhcp_data_file:file create_file_perms;
diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te
index 6d0faa4..ed4aded 100644
--- a/prebuilts/api/30.0/public/domain.te
+++ b/prebuilts/api/30.0/public/domain.te
@@ -102,6 +102,7 @@
get_prop(domain, exported_radio_prop)
get_prop(domain, exported_secure_prop)
get_prop(domain, exported_system_prop)
+get_prop(domain, exported_vold_prop)
get_prop(domain, exported2_default_prop)
get_prop(domain, logd_prop)
get_prop(domain, socket_hook_prop)
@@ -533,6 +534,10 @@
neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
')
+# Only core domains are allowed to access package_manager properties
+neverallow { domain -init -system_server } pm_prop:property_service set;
+neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
+
compatible_property_only(`
neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set;
neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
@@ -558,6 +563,9 @@
-vendor_init
} serialno_prop:file r_file_perms;
+# Do not allow reading the last boot timestamp from system properties
+neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
+
neverallow {
domain
-init
@@ -946,23 +954,6 @@
')
full_treble_only(`
- # Do not allow coredomain to access entrypoint for files other
- # than system_file_type and postinstall_file
- neverallow coredomain {
- file_type
- -system_file_type
- -postinstall_file
- }:file entrypoint;
- # Do not allow domains other than coredomain to access entrypoint
- # for anything but vendor_file_type and init_exec for vendor_init.
- neverallow { domain -coredomain } {
- file_type
- -vendor_file_type
- -init_exec
- }:file entrypoint;
-')
-
-full_treble_only(`
# Do not allow system components to execute files from vendor
# except for the ones whitelisted here.
neverallow {
@@ -1295,6 +1286,9 @@
# Do not allow executable files in debugfs.
neverallow domain debugfs_type:file { execute execute_no_trans };
+# Don't allow access to the FUSE control filesystem, except to vold and init's
+neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms;
+
# Profiles contain untrusted data and profman parses that. We should only run
# in from installd forked processes.
neverallow {
diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te
index fd68bc7..c305175 100644
--- a/prebuilts/api/30.0/public/dumpstate.te
+++ b/prebuilts/api/30.0/public/dumpstate.te
@@ -256,6 +256,13 @@
allow dumpstate devpts:chr_file rw_file_perms;
+# Set properties.
+# dumpstate_prop is used to share state with the Shell app.
+set_prop(dumpstate, dumpstate_prop)
+set_prop(dumpstate, exported_dumpstate_prop)
+# dumpstate_options_prop is used to pass extra command-line args.
+set_prop(dumpstate, dumpstate_options_prop)
+
# Read any system properties
get_prop(dumpstate, property_type)
@@ -323,6 +330,9 @@
allow hal_rebootescrow_server dumpstate:fifo_file write;
allow hal_rebootescrow_server dumpstate:fd use;
+# Allow dumpstate to kill vendor dumpstate service by init
+set_prop(dumpstate, ctl_dumpstate_prop)
+
#Access /data/misc/snapshotctl_log
allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
allow dumpstate snapshotctl_log_data_file:file r_file_perms;
diff --git a/prebuilts/api/30.0/public/fastbootd.te b/prebuilts/api/30.0/public/fastbootd.te
index fb3e953..8787817 100644
--- a/prebuilts/api/30.0/public/fastbootd.te
+++ b/prebuilts/api/30.0/public/fastbootd.te
@@ -23,12 +23,22 @@
allow fastbootd device:dir r_dir_perms;
+ # Reboot the device
+ set_prop(fastbootd, powerctl_prop)
+
+ # Read serial number of the device from system properties
+ get_prop(fastbootd, serialno_prop)
+
# For dev/block/by-name dir
allow fastbootd block_device:dir r_dir_perms;
# Needed for DM_DEV_CREATE ioctl call
allow fastbootd self:capability sys_admin;
+ # Set sys.usb.ffs.ready.
+ set_prop(fastbootd, ffs_prop)
+ set_prop(fastbootd, exported_ffs_prop)
+
unix_socket_connect(fastbootd, recovery, recovery)
# Required for flashing
@@ -98,12 +108,26 @@
}:{ file lnk_file } unlink;
allow fastbootd tmpfs:dir rw_dir_perms;
allow fastbootd labeledfs:filesystem { mount unmount };
+ get_prop(fastbootd, persistent_properties_ready_prop)
')
# Allow using libfiemap/gsid directly (no binder in recovery).
+ set_prop(fastbootd, gsid_prop)
allow fastbootd gsi_metadata_file:dir search;
allow fastbootd ota_metadata_file:dir rw_dir_perms;
allow fastbootd ota_metadata_file:file create_file_perms;
+
+ # Determine allocation scheme (whether B partitions needs to be
+ # at the second half of super.
+ get_prop(fastbootd, virtual_ab_prop)
+
+ # Needed for TCP protocol
+ allow fastbootd node:tcp_socket node_bind;
+ allow fastbootd port:tcp_socket name_bind;
+ allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
+
+ # Get fastbootd protocol property
+ get_prop(fastbootd, fastbootd_protocol_prop)
')
###
diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te
index d6bd897..dffa5a3 100644
--- a/prebuilts/api/30.0/public/file.te
+++ b/prebuilts/api/30.0/public/file.te
@@ -75,6 +75,7 @@
type proc_vmstat, fs_type, proc_type;
type proc_zoneinfo, fs_type, proc_type;
type selinuxfs, fs_type, mlstrustedobject;
+type fusectlfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type cgroup_bpf, fs_type;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
diff --git a/prebuilts/api/30.0/public/flags_health_check.te b/prebuilts/api/30.0/public/flags_health_check.te
index 25a7768..6315d44 100644
--- a/prebuilts/api/30.0/public/flags_health_check.te
+++ b/prebuilts/api/30.0/public/flags_health_check.te
@@ -2,9 +2,33 @@
type flags_health_check, domain, coredomain;
type flags_health_check_exec, system_file_type, exec_type, file_type;
+set_prop(flags_health_check, device_config_boot_count_prop)
+set_prop(flags_health_check, device_config_reset_performed_prop)
+set_prop(flags_health_check, device_config_runtime_native_boot_prop)
+set_prop(flags_health_check, device_config_runtime_native_prop)
+set_prop(flags_health_check, device_config_input_native_boot_prop)
+set_prop(flags_health_check, device_config_netd_native_prop)
+set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_media_native_prop)
+set_prop(flags_health_check, device_config_storage_native_boot_prop)
+set_prop(flags_health_check, device_config_sys_traced_prop)
+set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_configuration_prop)
+
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
+# system property device_config_boot_count_prop is used for deciding when to perform server
+# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
+# wrong timing, trigger server configurable flag related disaster recovery, which will override
+# server configured values of all flags with default values.
+neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set;
+
+# system property device_config_reset_performed_prop is used for indicating whether server
+# configurable flags have been reset during booting. Mistakenly modified by unrelated components can
+# cause bad server configurable flags synced back to device.
+neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set;
+
# server_configurable_flags_data_file is used for storing whether server configurable flags which
# have been reset during current booting. Mistakenly modified by unrelated components can
# cause bad server configurable flags synced back to device.
diff --git a/prebuilts/api/30.0/public/gatekeeperd.te b/prebuilts/api/30.0/public/gatekeeperd.te
index e1739c2..dc46d07 100644
--- a/prebuilts/api/30.0/public/gatekeeperd.te
+++ b/prebuilts/api/30.0/public/gatekeeperd.te
@@ -35,4 +35,7 @@
# For hardware properties retrieval
allow gatekeeperd hardware_properties_service:service_manager find;
+# For checking whether GSI is running
+get_prop(gatekeeperd, gsid_prop)
+
r_dir_file(gatekeeperd, cgroup)
diff --git a/prebuilts/api/30.0/public/hal_light.te b/prebuilts/api/30.0/public/hal_light.te
index 4aa824a..7054d7b 100644
--- a/prebuilts/api/30.0/public/hal_light.te
+++ b/prebuilts/api/30.0/public/hal_light.te
@@ -4,14 +4,14 @@
hal_attribute_hwservice(hal_light, hal_light_hwservice)
-# server adds itself via service_manager
-add_service(hal_light_server, hal_light_service)
-binder_call(hal_light_server, servicemanager)
-
# client finds and uses server via service_manager
allow hal_light_client hal_light_service:service_manager find;
binder_use(hal_light_client)
+# server adds itself via service_manager
+add_service(hal_light_server, hal_light_service)
+binder_call(hal_light_server, servicemanager)
+
allow hal_light_server dumpstate:fifo_file write;
allow hal_light sysfs_leds:lnk_file read;
diff --git a/prebuilts/api/30.0/public/healthd.te b/prebuilts/api/30.0/public/healthd.te
index 8673846..7ea23e1 100644
--- a/prebuilts/api/30.0/public/healthd.te
+++ b/prebuilts/api/30.0/public/healthd.te
@@ -47,3 +47,10 @@
allow healthd tty_device:chr_file rw_file_perms;
allow healthd ashmem_device:chr_file execute;
allow healthd proc_sysrq:file rw_file_perms;
+
+# Healthd needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(healthd, system_prop)
+set_prop(healthd, exported_system_prop)
+set_prop(healthd, exported2_system_prop)
+set_prop(healthd, exported3_system_prop)
diff --git a/prebuilts/api/30.0/public/hwservicemanager.te b/prebuilts/api/30.0/public/hwservicemanager.te
index 7ec1872..7f03815 100644
--- a/prebuilts/api/30.0/public/hwservicemanager.te
+++ b/prebuilts/api/30.0/public/hwservicemanager.te
@@ -10,6 +10,8 @@
# to do this is granted in the hwbinder_use macro.
allow hwservicemanager self:binder set_context_mgr;
+set_prop(hwservicemanager, hwservicemanager_prop)
+
# Scan through /system/lib64/hw looking for installed HALs
allow hwservicemanager system_file:dir r_dir_perms;
diff --git a/prebuilts/api/30.0/public/kernel.te b/prebuilts/api/30.0/public/kernel.te
index 35018e9..42fe2c4 100644
--- a/prebuilts/api/30.0/public/kernel.te
+++ b/prebuilts/api/30.0/public/kernel.te
@@ -65,10 +65,10 @@
allow kernel { app_data_file privapp_data_file }:file read;
allow kernel asec_image_file:file read;
-# Allow mounting loop device in update_engine_unittests. (b/28319454)
+# Allow reading loop device in update_engine_unittests. (b/28319454)
# and for LTP kernel tests (b/73220071)
userdebug_or_eng(`
- allow kernel update_engine_data_file:file { read write };
+ allow kernel update_engine_data_file:file read;
allow kernel nativetest_data_file:file { read write };
')
diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te
index 7c1e741..67e93e1 100644
--- a/prebuilts/api/30.0/public/lmkd.te
+++ b/prebuilts/api/30.0/public/lmkd.te
@@ -36,6 +36,9 @@
allow lmkd proc_zoneinfo:file r_file_perms;
allow lmkd proc_vmstat:file r_file_perms;
+# Set sys.lmk.* properties.
+set_prop(lmkd, system_lmk_prop)
+
# live lock watchdog process allowed to look through /proc/
allow lmkd domain:dir { search open read };
allow lmkd domain:file { open read };
@@ -57,6 +60,9 @@
# Read/Write /proc/pressure/memory
allow lmkd proc_pressure_mem:file rw_file_perms;
+# Allow lmkd to connect during reinit.
+allow lmkd lmkd_socket:sock_file write;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/prebuilts/api/30.0/public/logd.te b/prebuilts/api/30.0/public/logd.te
index f8dd164..57e29d9 100644
--- a/prebuilts/api/30.0/public/logd.te
+++ b/prebuilts/api/30.0/public/logd.te
@@ -23,6 +23,9 @@
')
allow logd runtime_event_log_tags_file:file rw_file_perms;
+# Access device logging gating property
+get_prop(logd, device_logging_prop)
+
r_dir_file(logd, domain)
allow logd kernel:system syslog_mod;
diff --git a/prebuilts/api/30.0/public/mediaextractor.te b/prebuilts/api/30.0/public/mediaextractor.te
index 1f34030..859ec9c 100644
--- a/prebuilts/api/30.0/public/mediaextractor.te
+++ b/prebuilts/api/30.0/public/mediaextractor.te
@@ -40,6 +40,8 @@
# scan extractor library directory to dynamically load extractors
allow mediaextractor system_file:dir { read open };
+get_prop(mediaextractor, device_config_media_native_prop)
+
###
### neverallow rules
###
diff --git a/prebuilts/api/30.0/public/mediaserver.te b/prebuilts/api/30.0/public/mediaserver.te
index 86db99c..52d3581 100644
--- a/prebuilts/api/30.0/public/mediaserver.te
+++ b/prebuilts/api/30.0/public/mediaserver.te
@@ -34,6 +34,8 @@
allow mediaserver video_device:dir r_dir_perms;
allow mediaserver video_device:chr_file rw_file_perms;
+set_prop(mediaserver, audio_prop)
+
# Read resources from open apk files passed over Binder.
allow mediaserver apk_data_file:file { read getattr };
allow mediaserver asec_apk_file:file { read getattr };
diff --git a/prebuilts/api/30.0/public/mediaswcodec.te b/prebuilts/api/30.0/public/mediaswcodec.te
index 992baab..2acdeea 100644
--- a/prebuilts/api/30.0/public/mediaswcodec.te
+++ b/prebuilts/api/30.0/public/mediaswcodec.te
@@ -11,6 +11,8 @@
hal_client_domain(mediaswcodec, hal_allocator)
hal_client_domain(mediaswcodec, hal_graphics_allocator)
+get_prop(mediaswcodec, device_config_media_native_prop)
+
crash_dump_fallback(mediaswcodec)
# mediaswcodec_server should never execute any executable without a
diff --git a/prebuilts/api/30.0/public/mediatranscoding.te b/prebuilts/api/30.0/public/mediatranscoding.te
index 5b64083..386535b 100644
--- a/prebuilts/api/30.0/public/mediatranscoding.te
+++ b/prebuilts/api/30.0/public/mediatranscoding.te
@@ -3,13 +3,11 @@
type mediatranscoding_exec, system_file_type, exec_type, file_type;
binder_use(mediatranscoding)
-binder_call(mediatranscoding, binderservicedomain)
binder_service(mediatranscoding)
add_service(mediatranscoding, mediatranscoding_service)
allow mediatranscoding system_server:fd use;
-allow mediatranscoding activity_service:service_manager find;
# mediatranscoding should never execute any executable without a
# domain transition
diff --git a/prebuilts/api/30.0/public/netd.te b/prebuilts/api/30.0/public/netd.te
index a020a57..8005406 100644
--- a/prebuilts/api/30.0/public/netd.te
+++ b/prebuilts/api/30.0/public/netd.te
@@ -81,6 +81,9 @@
# Allow netd to spawn dnsmasq in it's own domain
allow netd dnsmasq:process signal;
+set_prop(netd, ctl_mdnsd_prop)
+set_prop(netd, netd_stable_secret_prop)
+
# Allow netd to publish a binder service and make binder calls.
binder_use(netd)
add_service(netd, netd_service)
@@ -110,6 +113,8 @@
# Allow netd to register as hal server.
add_hwservice(netd, system_net_netd_hwservice)
hwbinder_use(netd)
+get_prop(netd, hwservicemanager_prop)
+get_prop(netd, device_config_netd_native_prop)
###
### Neverallow rules
@@ -152,6 +157,14 @@
neverallow { appdomain -network_stack } netd:binder call;
neverallow netd { appdomain -network_stack userdebug_or_eng(`-su') }:binder call;
+# persist.netd.stable_secret contains RFC 7217 secret key which should never be
+# leaked to other processes. Make sure it never leaks.
+neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms;
+
+# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
+# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
+neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
+
# If an already existing file is opened with O_CREATE, the kernel might generate
# a false report of a create denial. Silence these denials and make sure that
# inappropriate permissions are not granted.
diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te
index e4627f7..5f817ff 100644
--- a/prebuilts/api/30.0/public/property.te
+++ b/prebuilts/api/30.0/public/property.te
@@ -1,8 +1,4 @@
# Properties used only in /system
-#
-# DO NOT ADD system_internal_prop here.
-# Instead, add to private/property.te.
-# TODO(b/150331497): move these to private/property.te
system_internal_prop(apexd_prop)
system_internal_prop(bootloader_boot_reason_prop)
system_internal_prop(device_config_activity_manager_native_boot_prop)
@@ -13,7 +9,23 @@
system_internal_prop(device_config_reset_performed_prop)
system_internal_prop(device_config_runtime_native_boot_prop)
system_internal_prop(device_config_runtime_native_prop)
+system_internal_prop(device_config_storage_native_boot_prop)
+system_internal_prop(device_config_sys_traced_prop)
+system_internal_prop(device_config_window_manager_native_boot_prop)
+system_internal_prop(device_config_configuration_prop)
system_internal_prop(firstboot_prop)
+system_internal_prop(fastbootd_protocol_prop)
+system_internal_prop(gsid_prop)
+system_internal_prop(init_perf_lsm_hooks_prop)
+system_internal_prop(init_svc_debug_prop)
+system_internal_prop(last_boot_reason_prop)
+system_internal_prop(netd_stable_secret_prop)
+system_internal_prop(pm_prop)
+system_internal_prop(userspace_reboot_log_prop)
+system_internal_prop(userspace_reboot_test_prop)
+system_internal_prop(system_adbd_prop)
+system_internal_prop(adbd_prop)
+system_internal_prop(traced_perf_enabled_prop)
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
@@ -54,6 +66,8 @@
')
# Properties which can't be written outside system
+
+# Properties used by binder caches
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
system_restricted_prop(binder_cache_telephony_server_prop)
@@ -104,6 +118,7 @@
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(graphics_config_prop)
system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(media_variant_prop)
system_vendor_config_prop(storage_config_prop)
@@ -111,8 +126,8 @@
system_vendor_config_prop(vehicle_hal_prop)
system_vendor_config_prop(vendor_security_patch_level_prop)
system_vendor_config_prop(vendor_socket_hook_prop)
-system_vendor_config_prop(virtual_ab_prop)
system_vendor_config_prop(vndk_prop)
+system_vendor_config_prop(virtual_ab_prop)
# Properties with no restrictions
system_public_prop(audio_prop)
@@ -234,6 +249,54 @@
allow property_type tmpfs:filesystem associate;
+###
+### Neverallow rules
+###
+
+treble_sysprop_neverallow(`
+
+# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
+# neverallow domain {
+# property_type
+# -system_property_type
+# -product_property_type
+# -vendor_property_type
+# }:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ system_internal_property_type
+ -system_restricted_property_type
+ -system_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ -system_public_property_type
+}:property_service set;
+
+# init is in coredomain, but should be able to read/write all props.
+# dumpstate is also in coredomain, but should be able to read all props.
+neverallow { coredomain -init -dumpstate } {
+ vendor_property_type
+ vendor_internal_property_type
+ -vendor_restricted_property_type
+ -vendor_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { coredomain -init } {
+ vendor_property_type
+ -vendor_public_property_type
+}:property_service set;
+
+')
+
+# There is no need to perform ioctl or advisory locking operations on
+# property files. If this neverallow is being triggered, it is
+# likely that the policy is using r_file_perms directly instead of
+# the get_prop() macro.
+neverallow domain property_type:file { ioctl lock };
+
# core_property_type should not be used for new properties or
# device specific properties. Properties with this attribute
# are readable to everyone, which is overly broad and should
@@ -265,3 +328,277 @@
typeattribute system_prop core_property_type;
typeattribute system_radio_prop core_property_type;
typeattribute vold_prop core_property_type;
+
+neverallow * {
+ core_property_type
+ -audio_prop
+ -config_prop
+ -cppreopt_prop
+ -dalvik_prop
+ -debuggerd_prop
+ -debug_prop
+ -default_prop
+ -dhcp_prop
+ -dumpstate_prop
+ -ffs_prop
+ -fingerprint_prop
+ -logd_prop
+ -net_radio_prop
+ -nfc_prop
+ -ota_prop
+ -pan_result_prop
+ -persist_debug_prop
+ -powerctl_prop
+ -radio_prop
+ -restorecon_prop
+ -shell_prop
+ -system_prop
+ -system_radio_prop
+ -vold_prop
+}:file no_rw_file_perms;
+
+# sigstop property is only used for debugging; should only be set by su which is permissive
+# for userdebug/eng
+neverallow {
+ domain
+ -init
+ -vendor_init
+} ctl_sigstop_prop:property_service set;
+
+# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
+# in the audit log
+dontaudit domain {
+ ctl_bootanim_prop
+ ctl_bugreport_prop
+ ctl_console_prop
+ ctl_default_prop
+ ctl_dumpstate_prop
+ ctl_fuse_prop
+ ctl_mdnsd_prop
+ ctl_rildaemon_prop
+}:property_service set;
+
+neverallow {
+ domain
+ -init
+} init_svc_debug_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -dumpstate
+ userdebug_or_eng(`-su')
+} init_svc_debug_prop:file no_rw_file_perms;
+
+compatible_property_only(`
+# Prevent properties from being set
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_init
+ } {
+ core_property_type
+ extended_core_property_type
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_fingerprint_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported2_config_prop
+ exported2_default_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
+ -nfc_prop
+ -powerctl_prop
+ -radio_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_nfc_server
+ } {
+ nfc_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_telephony_server
+ -vendor_init
+ } {
+ exported_radio_prop
+ exported3_radio_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_telephony_server
+ } {
+ exported2_radio_prop
+ radio_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -bluetooth
+ -hal_bluetooth_server
+ } {
+ bluetooth_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -bluetooth
+ -hal_bluetooth_server
+ -vendor_init
+ } {
+ exported_bluetooth_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_camera_server
+ -cameraserver
+ -vendor_init
+ } {
+ exported_camera_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_wifi_server
+ -wificond
+ } {
+ wifi_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_wifi_server
+ -wificond
+ -vendor_init
+ } {
+ exported_wifi_prop
+ }:property_service set;
+
+# Prevent properties from being read
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_init
+ } {
+ core_property_type
+ extended_core_property_type
+ exported_dalvik_prop
+ exported_ffs_prop
+ exported_system_radio_prop
+ exported2_config_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
+ -debug_prop
+ -logd_prop
+ -nfc_prop
+ -powerctl_prop
+ -radio_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_nfc_server
+ } {
+ nfc_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_telephony_server
+ } {
+ radio_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -bluetooth
+ -hal_bluetooth_server
+ } {
+ bluetooth_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_wifi_server
+ -wificond
+ } {
+ wifi_prop
+ }:file no_rw_file_perms;
+')
+
+compatible_property_only(`
+ # Neverallow coredomain to set vendor properties
+ neverallow {
+ coredomain
+ -init
+ -system_writes_vendor_properties_violators
+ } {
+ property_type
+ -system_property_type
+ -extended_core_property_type
+ }:property_service set;
+')
+
+neverallow {
+ -init
+ -system_server
+} {
+ userspace_reboot_log_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and system_server to set system_adbd_prop
+ -init
+ -system_server
+} {
+ system_adbd_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and adbd to set adbd_prop
+ -init
+ -adbd
+} {
+ adbd_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and shell to set userspace_reboot_test_prop
+ -init
+ -shell
+} {
+ userspace_reboot_test_prop
+}:property_service set;
diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts
new file mode 100644
index 0000000..2f04b17
--- /dev/null
+++ b/prebuilts/api/30.0/public/property_contexts
@@ -0,0 +1,468 @@
+# vendor-init-readable
+persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool
+
+# vendor-init-settable
+af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
+audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int
+camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
+camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
+dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.dex2oat64.enabled u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
+drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
+keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
+media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
+media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
+persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
+persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
+persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
+persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
+persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
+persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
+persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
+persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
+persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
+pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
+pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
+pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
+ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
+ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
+ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
+ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
+ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
+ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
+ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
+ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool
+ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
+ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
+ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
+ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
+ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
+ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
+ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
+ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
+ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
+ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int
+ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
+ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string
+ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
+ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
+ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool
+ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.low u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
+ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
+ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
+ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
+ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
+ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
+ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
+ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
+ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
+ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
+ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
+ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
+ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
+ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
+ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string
+ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
+ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
+ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
+ro.zygote u:object_r:exported3_default_prop:s0 exact string
+sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
+sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
+sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool
+sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
+sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
+sys.usb.state u:object_r:exported2_system_prop:s0 exact string
+telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
+telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int
+tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
+vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
+wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
+zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
+
+# vendor-init-readable
+apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
+dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
+persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
+persist.sys.theme u:object_r:theme_prop:s0 exact string
+persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
+sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
+sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
+sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
+sys.vdso u:object_r:exported3_system_prop:s0 exact string
+
+# vendor-init-settable
+persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
+sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
+sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
+
+# public-readable
+aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
+aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
+aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
+aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
+aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
+drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
+dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
+dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
+hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string
+init.svc.console u:object_r:exported2_default_prop:s0 exact string
+init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string
+init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string
+init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
+init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
+init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
+libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
+persist.sys.locale u:object_r:exported_system_prop:s0 exact string
+persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
+ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool
+ro.arch u:object_r:exported2_default_prop:s0 exact string
+ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
+ro.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boot.console u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
+ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
+ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
+ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string
+ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string
+ro.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.build.date u:object_r:exported2_default_prop:s0 exact string
+ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
+ro.build.description u:object_r:exported2_default_prop:s0 exact string
+ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string
+ro.build.host u:object_r:exported2_default_prop:s0 exact string
+ro.build.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.product u:object_r:exported2_default_prop:s0 exact string
+ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
+ro.build.tags u:object_r:exported2_default_prop:s0 exact string
+ro.build.user u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
+ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported
+ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none
+ro.debuggable u:object_r:exported2_default_prop:s0 exact int
+ro.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.product.brand u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
+ro.product.device u:object_r:exported2_default_prop:s0 exact string
+ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
+ro.product.model u:object_r:exported2_default_prop:s0 exact string
+ro.product.name u:object_r:exported2_default_prop:s0 exact string
+ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
+ro.revision u:object_r:exported2_default_prop:s0 exact string
+ro.secure u:object_r:exported_secure_prop:s0 exact int
+ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
+service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
+sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
+sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
+vold.decrypt u:object_r:exported_vold_prop:s0 exact string
+
+# vendor-init-settable|public-readable
+aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
+gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
+media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
+persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
+rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
+ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.board.platform u:object_r:exported_default_prop:s0 exact string
+ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
+ro.boot.fstab_suffix u:object_r:exported_default_prop:s0 exact string
+ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
+ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string
+ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
+ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
+ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string
+ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
+ro.carrier u:object_r:exported_default_prop:s0 exact string
+ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool
+ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
+ro.frp.pst u:object_r:exported_default_prop:s0 exact string
+ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
+ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
+ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
+ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
+ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
+ro.hardware.input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string
+ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
+ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
+ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
+ro.hardware.power u:object_r:exported_default_prop:s0 exact string
+ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
+ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
+ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.type u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
+ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
+ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool
+ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
+ro.kernel.qemu. u:object_r:exported_default_prop:s0
+ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool
+ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
+ro.product.board u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
+ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
+ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.device u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.model u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
+ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
+ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
+ro.vndk.version u:object_r:vndk_prop:s0 exact string
+ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
+wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
+wifi.interface u:object_r:exported_default_prop:s0 exact string
+ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+
+# public-readable
+ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
+ro.bootmode u:object_r:exported2_default_prop:s0 exact string
+ro.build.type u:object_r:exported2_default_prop:s0 exact string
+sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
+
+# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int
+ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact enum ORIENTATION_0 ORIENTATION_180 ORIENTATION_270 ORIENTATION_90
+ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties. These are world-readable
+cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
+cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0
+cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0
+cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
+cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
+
+cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
+cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
+cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
diff --git a/prebuilts/api/30.0/public/radio.te b/prebuilts/api/30.0/public/radio.te
index 6ec0086..34eaf83 100644
--- a/prebuilts/api/30.0/public/radio.te
+++ b/prebuilts/api/30.0/public/radio.te
@@ -16,6 +16,16 @@
allow radio net_data_file:dir search;
allow radio net_data_file:file r_file_perms;
+# Property service
+set_prop(radio, radio_prop)
+set_prop(radio, exported_radio_prop)
+set_prop(radio, exported2_radio_prop)
+set_prop(radio, exported3_radio_prop)
+set_prop(radio, net_radio_prop)
+
+# ctl interface
+set_prop(radio, ctl_rildaemon_prop)
+
add_service(radio, radio_service)
allow radio audioserver_service:service_manager find;
allow radio cameraserver_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/recovery.te b/prebuilts/api/30.0/public/recovery.te
index fd3c82a..63a9cea 100644
--- a/prebuilts/api/30.0/public/recovery.te
+++ b/prebuilts/api/30.0/public/recovery.te
@@ -108,6 +108,26 @@
# Read files on /oem.
r_dir_file(recovery, oemfs);
+ # Reboot the device
+ set_prop(recovery, powerctl_prop)
+
+ # Read serial number of the device from system properties
+ get_prop(recovery, serialno_prop)
+
+ # Set sys.usb.ffs.ready when starting minadbd for sideload.
+ set_prop(recovery, ffs_prop)
+ set_prop(recovery, exported_ffs_prop)
+
+ # Set sys.usb.config when switching into fastboot.
+ set_prop(recovery, system_radio_prop)
+ set_prop(recovery, exported_system_radio_prop)
+
+ # Read ro.boot.bootreason
+ get_prop(recovery, bootloader_boot_reason_prop)
+
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;
@@ -127,12 +147,22 @@
allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
# Allow using libfiemap/gsid directly (no binder in recovery).
+ set_prop(recovery, gsid_prop)
allow recovery gsi_metadata_file:dir search;
allow recovery ota_metadata_file:dir rw_dir_perms;
allow recovery ota_metadata_file:file create_file_perms;
# Allow mounting /metadata for writing update states
allow recovery metadata_file:dir { getattr mounton };
+
+ # These are needed to allow recovery to manage network
+ allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read };
+ allow recovery self:global_capability_class_set net_admin;
+ allow recovery self:tcp_socket { create ioctl };
+ allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS };
+
+ # Set fastbootd protocol property
+ set_prop(recovery, fastbootd_protocol_prop)
')
###
diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te
index 4746fd2..968e523 100644
--- a/prebuilts/api/30.0/public/service.te
+++ b/prebuilts/api/30.0/public/service.te
@@ -11,7 +11,7 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
+type gpu_service, app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
@@ -197,7 +197,7 @@
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
type wifi_service, app_api_service, system_server_service, service_manager_type;
-type wifinl80211_service, app_api_service, system_server_service, service_manager_type;
+type wifinl80211_service, service_manager_type;
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te
index 10347d9..85777f5 100644
--- a/prebuilts/api/30.0/public/servicemanager.te
+++ b/prebuilts/api/30.0/public/servicemanager.te
@@ -22,6 +22,8 @@
not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
add_service(servicemanager, service_manager_service)
+allow servicemanager dumpstate:fd use;
+allow servicemanager dumpstate:fifo_file write;
# Check SELinux permissions.
selinux_check_access(servicemanager)
diff --git a/prebuilts/api/30.0/public/sgdisk.te b/prebuilts/api/30.0/public/sgdisk.te
index 9d71249..e5a9152 100644
--- a/prebuilts/api/30.0/public/sgdisk.te
+++ b/prebuilts/api/30.0/public/sgdisk.te
@@ -17,6 +17,8 @@
allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE };
# Force a re-read of the partition table.
allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART };
+# Allow reading of the physical block size.
+allowxperm sgdisk vold_device:blk_file ioctl { BLKPBSZGET };
# Inherit and use pty created by android_fork_execvp()
allow sgdisk devpts:chr_file { read write ioctl getattr };
diff --git a/prebuilts/api/30.0/public/shell.te b/prebuilts/api/30.0/public/shell.te
index 822f4ca..c0412eb 100644
--- a/prebuilts/api/30.0/public/shell.te
+++ b/prebuilts/api/30.0/public/shell.te
@@ -58,12 +58,60 @@
r_dir_file(shell, apk_data_file)
+# Set properties.
+set_prop(shell, shell_prop)
+set_prop(shell, ctl_bugreport_prop)
+set_prop(shell, ctl_dumpstate_prop)
+set_prop(shell, dumpstate_prop)
+set_prop(shell, exported_dumpstate_prop)
+set_prop(shell, debug_prop)
+set_prop(shell, powerctl_prop)
+set_prop(shell, log_tag_prop)
+set_prop(shell, wifi_log_prop)
+# Allow shell to start/stop traced via the persist.traced.enable
+# property (which also takes care of /data/misc initialization).
+set_prop(shell, traced_enabled_prop)
+# adjust is_loggable properties
+userdebug_or_eng(`set_prop(shell, log_prop)')
+# logpersist script
+userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
+# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
+# property.
+set_prop(shell, heapprofd_enabled_prop)
+# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
+# property.
+set_prop(shell, traced_perf_enabled_prop)
+# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
+set_prop(shell, ctl_gsid_prop)
+# Allow shell to enable Dynamic System Update
+set_prop(shell, dynamic_system_prop)
+# Allow shell to mock an OTA using persist.pm.mock-upgrade
+set_prop(shell, mock_ota_prop)
+
userdebug_or_eng(`
# "systrace --boot" support - allow boottrace service to run
allow shell boottrace_data_file:dir rw_dir_perms;
allow shell boottrace_data_file:file create_file_perms;
+ set_prop(shell, persist_debug_prop)
')
+# Read device's serial number from system properties
+get_prop(shell, serialno_prop)
+
+# Allow shell to read the vendor security patch level for CTS
+get_prop(shell, vendor_security_patch_level_prop)
+
+# Read state of logging-related properties
+get_prop(shell, device_logging_prop)
+
+# Read state of boot reason properties
+get_prop(shell, bootloader_boot_reason_prop)
+get_prop(shell, last_boot_reason_prop)
+get_prop(shell, system_boot_reason_prop)
+
+# Allow reading the outcome of perf_event_open LSM support test for CTS.
+get_prop(shell, init_perf_lsm_hooks_prop)
+
# allow shell access to services
allow shell servicemanager:service_manager list;
# don't allow shell to access GateKeeper service
diff --git a/prebuilts/api/30.0/public/traceur_app.te b/prebuilts/api/30.0/public/traceur_app.te
index ce9b844..7e2cc84 100644
--- a/prebuilts/api/30.0/public/traceur_app.te
+++ b/prebuilts/api/30.0/public/traceur_app.te
@@ -3,6 +3,11 @@
allow traceur_app servicemanager:service_manager list;
allow traceur_app hwservicemanager:hwservice_manager list;
+# Allow Traceur to enable traced if necessary.
+set_prop(traceur_app, traced_enabled_prop)
+
+set_prop(traceur_app, debug_prop)
+
allow traceur_app {
service_manager_type
-apex_service
diff --git a/prebuilts/api/30.0/public/ueventd.te b/prebuilts/api/30.0/public/ueventd.te
index 1d75080..fc503b8 100644
--- a/prebuilts/api/30.0/public/ueventd.te
+++ b/prebuilts/api/30.0/public/ueventd.te
@@ -59,6 +59,10 @@
allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
+# ueventd can set properties, particularly it sets ro.cold_boot_done to signal
+# to init that cold boot has completed.
+set_prop(ueventd, cold_boot_done_prop)
+
# Allow ueventd to run shell scripts from vendor
allow ueventd vendor_shell_exec:file execute;
diff --git a/prebuilts/api/30.0/public/uncrypt.te b/prebuilts/api/30.0/public/uncrypt.te
index 75765f3..28dc3f2 100644
--- a/prebuilts/api/30.0/public/uncrypt.te
+++ b/prebuilts/api/30.0/public/uncrypt.te
@@ -22,6 +22,9 @@
# Write to /dev/socket/uncrypt
unix_socket_connect(uncrypt, uncrypt, uncrypt)
+# Set a property to reboot the device.
+set_prop(uncrypt, powerctl_prop)
+
# Raw writes to block device
allow uncrypt self:global_capability_class_set sys_rawio;
allow uncrypt misc_block_device:blk_file w_file_perms;
diff --git a/prebuilts/api/30.0/public/update_engine.te b/prebuilts/api/30.0/public/update_engine.te
index ba2f3cf..8b767be 100644
--- a/prebuilts/api/30.0/public/update_engine.te
+++ b/prebuilts/api/30.0/public/update_engine.te
@@ -63,6 +63,15 @@
# read directories on /system and /vendor
allow update_engine system_file:dir r_dir_perms;
+# Allow to start gsid service.
+set_prop(update_engine, ctl_gsid_prop)
+
+# Allow to set the OTA related properties, e.g. ota.warm_reset.
+set_prop(update_engine, ota_prop)
+
+# Allow to get the DSU status
+get_prop(update_engine, gsid_prop)
+
# update_engine tries to determine the parent path for all devices (e.g.
# /dev/block/by-name) by reading the default fstab and looking for the misc
# device. ReadDefaultFstab() checks whether a GSI is running by checking
diff --git a/prebuilts/api/30.0/public/update_verifier.te b/prebuilts/api/30.0/public/update_verifier.te
index 68b43f0..f881aeb 100644
--- a/prebuilts/api/30.0/public/update_verifier.te
+++ b/prebuilts/api/30.0/public/update_verifier.te
@@ -24,6 +24,12 @@
# Write to kernel message.
allow update_verifier kmsg_device:chr_file { getattr w_file_perms };
+# Allow update_verifier to reboot the device.
+set_prop(update_verifier, powerctl_prop)
+
+# Allow to set the OTA related properties e.g. ota.warm_reset.
+set_prop(update_verifier, ota_prop)
+
# Use Boot Control HAL
hal_client_domain(update_verifier, hal_bootctl)
diff --git a/prebuilts/api/30.0/public/usbd.te b/prebuilts/api/30.0/public/usbd.te
index 6f34954..991e7be 100644
--- a/prebuilts/api/30.0/public/usbd.te
+++ b/prebuilts/api/30.0/public/usbd.te
@@ -1,2 +1,5 @@
type usbd, domain;
type usbd_exec, system_file_type, exec_type, file_type;
+
+# Start/stop adbd via ctl.start adbd
+set_prop(usbd, ctl_adbd_prop)
diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te
index dd74005..12a360e 100644
--- a/prebuilts/api/30.0/public/vendor_init.te
+++ b/prebuilts/api/30.0/public/vendor_init.te
@@ -215,6 +215,7 @@
set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_camera_prop)
set_prop(vendor_init, exported_config_prop)
+set_prop(vendor_init, exported_dalvik_prop)
set_prop(vendor_init, exported_default_prop)
set_prop(vendor_init, exported_ffs_prop)
set_prop(vendor_init, exported_overlay_prop)
@@ -222,14 +223,19 @@
set_prop(vendor_init, exported_radio_prop)
set_prop(vendor_init, exported_system_radio_prop)
set_prop(vendor_init, exported_wifi_prop)
+set_prop(vendor_init, exported2_config_prop)
set_prop(vendor_init, exported2_system_prop)
+set_prop(vendor_init, exported2_vold_prop)
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, incremental_prop)
+set_prop(vendor_init, lmkd_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, storage_config_prop)
set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te
index 400e32a..6c5ff78 100644
--- a/prebuilts/api/30.0/public/vold.te
+++ b/prebuilts/api/30.0/public/vold.te
@@ -191,6 +191,18 @@
# Set scheduling policy of kernel processes
allow vold kernel:process setsched;
+# Property Service
+set_prop(vold, vold_prop)
+set_prop(vold, exported_vold_prop)
+set_prop(vold, exported2_vold_prop)
+set_prop(vold, powerctl_prop)
+set_prop(vold, ctl_fuse_prop)
+set_prop(vold, restorecon_prop)
+set_prop(vold, ota_prop)
+set_prop(vold, boottime_prop)
+get_prop(vold, storage_config_prop)
+get_prop(vold, incremental_prop)
+
# ASEC
allow vold asec_image_file:file create_file_perms;
allow vold asec_image_file:dir rw_dir_perms;
@@ -202,6 +214,10 @@
allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
allow vold unlabeled:file { r_file_perms setattr relabelfrom };
+# Access to FUSE control filesystem to hard-abort FUSE mounts
+allow vold fusectlfs:file rw_file_perms;
+allow vold fusectlfs:dir rw_dir_perms;
+
# Handle wake locks (used for device encryption)
wakelock_use(vold)
diff --git a/prebuilts/api/30.0/public/wificond.te b/prebuilts/api/30.0/public/wificond.te
index b5a4784..b429884 100644
--- a/prebuilts/api/30.0/public/wificond.te
+++ b/prebuilts/api/30.0/public/wificond.te
@@ -6,6 +6,12 @@
binder_call(wificond, system_server)
binder_call(wificond, keystore)
+add_service(wificond, wifinl80211_service)
+
+set_prop(wificond, exported_wifi_prop)
+set_prop(wificond, wifi_prop)
+set_prop(wificond, ctl_default_prop)
+
# create sockets to set interfaces up and down
allow wificond self:udp_socket create_socket_perms;
# setting interface state up/down is a privileged ioctl
@@ -27,6 +33,7 @@
#### Offer the Wifi Keystore HwBinder service ###
hwbinder_use(wificond)
+get_prop(wificond, hwservicemanager_prop)
typeattribute wificond wifi_keystore_service_server;
add_hwservice(wificond, system_wifi_keystore_hwservice)
diff --git a/private/access_vectors b/private/access_vectors
index 4144be8..f41eadd 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -138,6 +138,7 @@
wake_alarm
block_suspend
audit_read
+ perfmon
}
#
diff --git a/private/app.te b/private/app.te
index 3dff8fe..27ef097 100644
--- a/private/app.te
+++ b/private/app.te
@@ -46,3 +46,6 @@
# Don't allow regular apps access to storage configuration properties.
neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)
diff --git a/private/bpfloader.te b/private/bpfloader.te
index 249f3df..b31fe18 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -27,8 +27,8 @@
neverallow domain fs_bpf:file { rename unlink };
neverallow { domain -bpfloader } *:bpf { map_create prog_load };
-neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run;
-neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write };
+neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -system_server } *:bpf prog_run;
+neverallow { domain -bpfloader -gpuservice -netd -system_server } *:bpf { map_read map_write };
neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index ed41f76..a3b05ad 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -46,8 +46,10 @@
fastbootd_protocol_prop
file_integrity_service
fwk_automotive_display_hwservice
+ fusectlfs
gmscore_app
gnss_device
+ graphics_config_prop
hal_can_bus_hwservice
hal_can_controller_hwservice
hal_identity_service
diff --git a/private/coredomain.te b/private/coredomain.te
index 065036c..92efa47 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -147,6 +147,7 @@
coredomain
-atrace
-dumpstate
+ -gpuservice
-init
-traced_probes
-shell
diff --git a/private/file_contexts_asan b/private/file_contexts_asan
index b37f086..fd083c2 100644
--- a/private/file_contexts_asan
+++ b/private/file_contexts_asan
@@ -6,6 +6,8 @@
/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0
/data/asan/product/lib(/.*)? u:object_r:system_lib_file:s0
/data/asan/product/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/system/system_ext/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/system/system_ext/lib64(/.*)? u:object_r:system_lib_file:s0
/system/asan.options u:object_r:system_asan_options_file:s0
/system/bin/asan_extract u:object_r:asan_extract_exec:s0
/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 25de730..d0fe0d0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -98,6 +98,8 @@
genfscon proc /vmstat u:object_r:proc_vmstat:s0
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
+genfscon fusectl / u:object_r:fusectlfs:s0
+
# selinuxfs booleans can be individually labeled.
genfscon selinuxfs / u:object_r:selinuxfs:s0
genfscon cgroup / u:object_r:cgroup:s0
@@ -248,6 +250,7 @@
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
diff --git a/private/gpuservice.te b/private/gpuservice.te
index a4d84ea..31ad788 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -42,6 +42,21 @@
# TODO(b/146461633): remove this once native pullers talk to StatsManagerService
binder_call(gpuservice, statsd);
+# Needed for reading tracepoint ids in order to attach bpf programs.
+allow gpuservice debugfs_tracing:file r_file_perms;
+allow gpuservice self:perf_event { cpu kernel open write };
+neverallow gpuservice self:perf_event ~{ cpu kernel open write };
+
+# Needed for interact with bpf fs.
+allow gpuservice fs_bpf:dir search;
+allow gpuservice fs_bpf:file read;
+
+# Needed for enable the bpf program and read the map.
+allow gpuservice bpfloader:bpf { map_read prog_run };
+
+# Needed for getting a prop to ensure bpf programs loaded.
+get_prop(gpuservice, bpf_progs_loaded_prop)
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/private/init.te b/private/init.te
index b0e7f80..7a2e0b3 100644
--- a/private/init.te
+++ b/private/init.te
@@ -51,6 +51,7 @@
# kernels that precede the perf_event_open hooks (Android common kernels 4.4
# and 4.9).
allow init self:perf_event { open cpu };
+allow init self:global_capability2_class_set perfmon;
neverallow init self:perf_event { kernel tracepoint read write };
dontaudit init self:perf_event { kernel tracepoint read write };
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 4c6c5aa..33b5219 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -74,6 +74,9 @@
# Isolated apps should not directly open app data files themselves.
neverallow isolated_app { app_data_file privapp_data_file }:file open;
+# Isolated aps should not be directly accessing system directories
+neverallow isolated_app system_data_file:dir search;
+
# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
# TODO: are there situations where isolated_apps write to this file?
# TODO: should we tighten these restrictions further?
diff --git a/private/property.te b/private/property.te
index 64c8af1..1aa4ddf 100644
--- a/private/property.te
+++ b/private/property.te
@@ -399,3 +399,10 @@
-hal_telephony_server
not_compatible_property(`-vendor_init')
} telephony_status_prop:property_service set;
+
+neverallow {
+ -init
+ -vendor_init
+} {
+ graphics_config_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 4793437..41eb3c8 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -851,3 +851,7 @@
persist.dbg.volte_avail_ovr u:object_r:telephony_config_prop:s0 exact int
persist.dbg.vt_avail_ovr u:object_r:telephony_config_prop:s0 exact int
persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int
+
+# Graphics related properties
+graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool
+graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string
diff --git a/private/shell.te b/private/shell.te
index 63757eb..2a2af0f 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -140,3 +140,6 @@
get_prop(shell, init_perf_lsm_hooks_prop)
userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
+
+# Allow to read graphics related properties.
+get_prop(shell, graphics_config_prop)
diff --git a/public/domain.te b/public/domain.te
index 9106952..3baf482 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -229,10 +229,12 @@
allow domain system_data_file:dir getattr;
')
allow { coredomain appdomain } system_data_file:dir getattr;
-# /data has the label system_data_root_file. Vendor components need the search
-# permission on system_data_root_file for path traversal to /data/vendor.
+# /data has the label system_data_root_file. Many components need search
+# permission on system_data_root_file for path traversal.
allow domain system_data_root_file:dir { search getattr } ;
-allow domain system_data_file:dir search;
+# Isolated apps have no need to traverse system_data_file dirs
+allow { domain -isolated_app } system_data_file:dir search;
+# Vendor components need access to /dara/vendor
# TODO restrict this to non-coredomain
allow domain vendor_data_file:dir { getattr search };
@@ -1305,6 +1307,9 @@
# Do not allow executable files in debugfs.
neverallow domain debugfs_type:file { execute execute_no_trans };
+# Don't allow access to the FUSE control filesystem, except to vold and init's
+neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms;
+
# Profiles contain untrusted data and profman parses that. We should only run
# in from installd forked processes.
neverallow {
diff --git a/public/file.te b/public/file.te
index e70fdec..523390c 100644
--- a/public/file.te
+++ b/public/file.te
@@ -75,6 +75,7 @@
type proc_vmstat, fs_type, proc_type;
type proc_zoneinfo, fs_type, proc_type;
type selinuxfs, fs_type, mlstrustedobject;
+type fusectlfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type cgroup_bpf, fs_type;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
diff --git a/public/property.te b/public/property.te
index 227384b..0fe8e91 100644
--- a/public/property.te
+++ b/public/property.te
@@ -114,6 +114,7 @@
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
system_vendor_config_prop(ffs_config_prop)
+system_vendor_config_prop(graphics_config_prop)
system_vendor_config_prop(hdmi_config_prop)
system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(lmkd_config_prop)
diff --git a/public/vold.te b/public/vold.te
index 400e32a..c1e8e07 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -202,6 +202,10 @@
allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
allow vold unlabeled:file { r_file_perms setattr relabelfrom };
+# Access to FUSE control filesystem to hard-abort FUSE mounts
+allow vold fusectlfs:file rw_file_perms;
+allow vold fusectlfs:dir rw_dir_perms;
+
# Handle wake locks (used for device encryption)
wakelock_use(vold)
diff --git a/vendor/keys.conf b/vendor/keys.conf
new file mode 100644
index 0000000..71ad2c9
--- /dev/null
+++ b/vendor/keys.conf
@@ -0,0 +1,19 @@
+#
+# Maps an arbitrary tag [TAGNAME] with the string contents found in
+# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and
+# name it after the base file name of the pem file.
+#
+# Each tag (section) then allows one to specify any string found in
+# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another
+# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string.
+#
+
+# Some vendor apps are using platform key for signing.
+# This moves them to untrusted_app domain when the system partition is
+# switched to a Generic System Image (GSI), because the value of platform's
+# seinfo in /system/etc/selinux/plat_mac_permissions.xml has been changed.
+# Duplicating the device-specific platform seinfo into
+# /vendor/etc/selinux/vendor_mac_permissions.xml to make it self-contained
+# within the vendor partition.
+[@PLATFORM]
+ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml
new file mode 100644
index 0000000..2d6fab0
--- /dev/null
+++ b/vendor/mac_permissions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag. The signature can
+ either appear as a set of attached cert child tags or as an attribute.
+ * A signer tag must contain a seinfo tag XOR multiple package stanzas.
+ * Each signer/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process as well as the apps data directory.
+ * seinfo assignments are made according to the following rules:
+ - Stanzas with package name refinements will be checked first.
+ - Stanzas w/o package name refinements will be checked second.
+ - The "default" seinfo label is automatically applied.
+
+ * valid stanzas can take one of the following forms:
+
+ // single cert protecting seinfo
+ <signer signature="@PLATFORM" >
+ <seinfo value="platform" />
+ </signer>
+
+ // multiple certs protecting seinfo (all contained certs must match)
+ <signer>
+ <cert signature="@PLATFORM1"/>
+ <cert signature="@PLATFORM2"/>
+ <seinfo value="platform" />
+ </signer>
+
+ // single cert protecting explicitly named app
+ <signer signature="@PLATFORM" >
+ <package name="com.android.foo">
+ <seinfo value="bar" />
+ </package>
+ </signer>
+
+ // multiple certs protecting explicitly named app (all certs must match)
+ <signer>
+ <cert signature="@PLATFORM1"/>
+ <cert signature="@PLATFORM2"/>
+ <package name="com.android.foo">
+ <seinfo value="bar" />
+ </package>
+ </signer>
+-->
+
+ <!-- Vendor dev key in AOSP -->
+ <signer signature="@PLATFORM" >
+ <seinfo value="platform" />
+ </signer>
+</policy>