Move more properties out of exported3_default_prop
This is to remove exported3_default_prop. Contexts of these properties
are changed.
- ro.boot.wificountrycode
This becomes wifi_config_prop
- ro.opengles.version
This becomes graphics_config_prop. Also it's read by various domains, so
graphics_config_prop is now readable from coredomain.
- persist.config.calibration_fac
This becomes camera_calibration_prop. It's only readable by appdomain.
Bug: 155844385
Test: no denials on Pixel devices
Test: connect wifi
Change-Id: If2b6c10fa124e29d1612a8f94ae18b223849e2a9
diff --git a/private/system_server.te b/private/system_server.te
index 81988fd..fc4ba0d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -886,9 +886,6 @@
# Set persist.adb.tls_server.enable property
set_prop(system_server, system_adbd_prop)
-# Read ro.gfx.* properties
-get_prop(system_server, graphics_config_prop)
-
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
@@ -992,6 +989,8 @@
# on low memory kills.
get_prop(system_server, system_lmk_prop)
+get_prop(system_server, wifi_config_prop)
+
###
### Neverallow rules
###
@@ -1196,3 +1195,10 @@
neverallow { domain -init -system_server } socket_hook_prop:property_service set;
neverallow { domain -init -system_server } boot_status_prop:property_service set;
+
+neverallow {
+ -init
+ -vendor_init
+ -dumpstate
+ -system_server
+} wifi_config_prop:file no_rw_file_perms;