commit bfb3708234115e1e4fe387df44a8d19ac8d9f247
author Inseob Kim <inseob@google.com> Mon Apr 27 23:49:15 2020 +0900
committer Inseob Kim <inseob@google.com> Mon May 11 21:23:37 2020 +0900
tree 12d17df814196338c45ed3f9d378ec4d9ac968d4
parent ace36abec5d12c687e1b22cbac683b6d143c76eb

Rename contexts of ffs props

Bug: 71814576
Bug: 154885206
Test: m sepolicy_test
Change-Id: Idacc3635851b14b833bccca177d784f4bb92c763

private/adbd.te

diff --git a/private/adbd.te b/private/adbd.te
index cd3d8f3..b03c62e 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -84,8 +84,8 @@
 # Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
 set_prop(adbd, shell_prop)
 set_prop(adbd, powerctl_prop)
-set_prop(adbd, ffs_prop)
-set_prop(adbd, exported_ffs_prop)
+get_prop(adbd, ffs_config_prop)
+set_prop(adbd, ffs_control_prop)
 
 # Set service.adb.tls.port, persist.adb.wifi. properties
 set_prop(adbd, adbd_prop)

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3a1fa58..98c023f 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -70,6 +70,8 @@
     exported_vold_prop
     exported_wifi_prop
     fastbootd
+    ffs_config_prop
+    ffs_control_prop
     flags_health_check
     flags_health_check_exec
     fingerprint_vendor_data_file

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 5e4ac9c..a7378bb 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1,9 +1,11 @@
 ;; types removed from current policy
 (type exported_audio_prop)
 (type exported_dalvik_prop)
+(type exported_ffs_prop)
 (type exported_vold_prop)
 (type exported2_config_prop)
 (type exported2_vold_prop)
+(type ffs_prop)
 
 (expandtypeattribute (DockObserver_service_30_0) true)
 (expandtypeattribute (IProxyService_service_30_0) true)
@@ -1355,7 +1357,10 @@
   ( exported_default_prop
     surfaceflinger_prop))
 (typeattributeset exported_dumpstate_prop_30_0 (exported_dumpstate_prop))
-(typeattributeset exported_ffs_prop_30_0 (exported_ffs_prop))
+(typeattributeset exported_ffs_prop_30_0
+  ( exported_ffs_prop
+    ffs_config_prop
+    ffs_control_prop))
 (typeattributeset exported_fingerprint_prop_30_0 (exported_fingerprint_prop))
 (typeattributeset exported_overlay_prop_30_0 (exported_overlay_prop))
 (typeattributeset exported_pm_prop_30_0 (exported_pm_prop))

private/coredomain.te

diff --git a/private/coredomain.te b/private/coredomain.te
index de58a33..435e48c 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1,5 +1,6 @@
 get_prop(coredomain, pm_prop)
 get_prop(coredomain, exported_pm_prop)
+get_prop(coredomain, ffs_config_prop)
 get_prop(coredomain, lmkd_config_prop)
 
 full_treble_only(`

private/domain.te

diff --git a/private/domain.te b/private/domain.te
index 9eed3db..433a791 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -75,7 +75,6 @@
     get_prop(domain, boot_status_prop)
     get_prop(domain, core_property_type)
     get_prop(domain, dalvik_config_prop)
-    get_prop(domain, exported_ffs_prop)
     get_prop(domain, exported_system_radio_prop)
     get_prop(domain, exported2_radio_prop)
     get_prop(domain, exported2_system_prop)
@@ -91,7 +90,6 @@
     get_prop({coredomain appdomain shell}, boot_status_prop)
     get_prop({coredomain appdomain shell}, core_property_type)
     get_prop({coredomain appdomain shell}, dalvik_config_prop)
-    get_prop({coredomain appdomain shell}, exported_ffs_prop)
     get_prop({coredomain appdomain shell}, exported_system_radio_prop)
     get_prop({coredomain appdomain shell}, exported2_radio_prop)
     get_prop({coredomain appdomain shell}, exported2_system_prop)

private/fastbootd.te

diff --git a/private/fastbootd.te b/private/fastbootd.te
index 49994b7..1655f00 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -10,8 +10,8 @@
   get_prop(fastbootd, serialno_prop)
 
   # Set sys.usb.ffs.ready.
-  set_prop(fastbootd, ffs_prop)
-  set_prop(fastbootd, exported_ffs_prop)
+  get_prop(fastbootd, ffs_config_prop)
+  set_prop(fastbootd, ffs_control_prop)
 
   userdebug_or_eng(`
     get_prop(fastbootd, persistent_properties_ready_prop)

private/mediaprovider.te

diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 249fee1..9991725 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -40,5 +40,5 @@
 allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
 
 # MtpServer sets sys.usb.ffs.mtp.ready
-set_prop(mediaprovider, ffs_prop)
-set_prop(mediaprovider, exported_ffs_prop)
+get_prop(mediaprovider, ffs_config_prop)
+set_prop(mediaprovider, ffs_control_prop)

private/property.te

diff --git a/private/property.te b/private/property.te
index d479502..9170a7e 100644
--- a/private/property.te
+++ b/private/property.te
@@ -74,7 +74,6 @@
   -default_prop
   -dhcp_prop
   -dumpstate_prop
-  -ffs_prop
   -fingerprint_prop
   -logd_prop
   -net_radio_prop
@@ -137,7 +136,6 @@
     exported_config_prop
     exported_default_prop
     exported_dumpstate_prop
-    exported_ffs_prop
     exported_fingerprint_prop
     exported_system_prop
     exported_system_radio_prop
@@ -238,7 +236,6 @@
     core_property_type
     dalvik_config_prop
     extended_core_property_type
-    exported_ffs_prop
     exported_system_radio_prop
     exported2_system_prop
     exported3_default_prop
@@ -302,6 +299,14 @@
 ')
 
 neverallow {
+  -coredomain
+  -vendor_init
+} {
+  ffs_config_prop
+  ffs_control_prop
+}:file no_rw_file_perms;
+
+neverallow {
   -init
   -system_server
 } {

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 0d26d4d..69875e0 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -27,7 +27,6 @@
 sys.cppreopt            u:object_r:cppreopt_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
 sys.powerctl            u:object_r:powerctl_prop:s0
-sys.usb.ffs.            u:object_r:ffs_prop:s0
 service.                u:object_r:system_prop:s0
 dhcp.                   u:object_r:dhcp_prop:s0
 dhcp.bt-pan.result      u:object_r:pan_result_prop:s0
@@ -480,13 +479,16 @@
 sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
 
 sys.usb.controller      u:object_r:exported2_system_prop:s0 exact string
-sys.usb.ffs.max_read    u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.max_write   u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.ready       u:object_r:exported_ffs_prop:s0 exact bool
 sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
-sys.usb.ffs.mtp.ready   u:object_r:exported_ffs_prop:s0 exact bool
 sys.usb.state           u:object_r:exported2_system_prop:s0 exact string
 
+sys.usb.ffs.aio_compat u:object_r:ffs_config_prop:s0 exact bool
+sys.usb.ffs.max_read   u:object_r:ffs_config_prop:s0 exact int
+sys.usb.ffs.max_write  u:object_r:ffs_config_prop:s0 exact int
+
+sys.usb.ffs.ready     u:object_r:ffs_control_prop:s0 exact bool
+sys.usb.ffs.mtp.ready u:object_r:ffs_control_prop:s0 exact bool
+
 telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
 telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int
 

private/recovery.te

diff --git a/private/recovery.te b/private/recovery.te
index b522230..e1151a4 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -10,8 +10,8 @@
   get_prop(recovery, serialno_prop)
 
   # Set sys.usb.ffs.ready when starting minadbd for sideload.
-  set_prop(recovery, ffs_prop)
-  set_prop(recovery, exported_ffs_prop)
+  get_prop(recovery, ffs_config_prop)
+  set_prop(recovery, ffs_control_prop)
 
   # Set sys.usb.config when switching into fastboot.
   set_prop(recovery, system_radio_prop)