Disallow untrusted apps to read ro.debuggable and ro.secure ro.secure and ro.debuggable system properties are not intended to be visible via Android SDK. This change blocks untrusted apps from reading these properties. Test: android.security.SELinuxTargetSdkTest Bug: 193912100 Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831

commit: d0e108fbbef339063893f3eca0aaabdd3dbe00a6 [log] [tgz]
author: Alessandra Loro <aloro@google.com> Thu Jul 14 11:52:21 2022 +0000
committer: Alessandra Loro <aloro@google.com> Tue Aug 16 14:24:27 2022 +0000
tree: 70004630d6f72cffb000ac7134895de2c62bf223
parent: 9c0d804b455dfb1c7e210fb6314c08a274e531a4 [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index f716367..0d6d42c 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -255,3 +255,15 @@
 
 # Only privileged apps may find the incident service
 neverallow all_untrusted_apps incident_service:service_manager find;
+
+# Do not allow untrusted app to read hidden system proprerties
+# We exclude older application for compatibility and we do not include in the exclusions other normally
+# untrusted applications such as mediaprovider due to the specific logging use cases.
+# Context: b/193912100
+neverallow {
+  untrusted_app_all
+  -untrusted_app_25
+  -untrusted_app_27
+  -untrusted_app_29
+  -untrusted_app_30
+} { userdebug_or_eng_prop }:file read;
commit	d0e108fbbef339063893f3eca0aaabdd3dbe00a6	[log] [tgz]
author	Alessandra Loro <aloro@google.com>	Thu Jul 14 11:52:21 2022 +0000
committer	Alessandra Loro <aloro@google.com>	Tue Aug 16 14:24:27 2022 +0000
tree	70004630d6f72cffb000ac7134895de2c62bf223
parent	9c0d804b455dfb1c7e210fb6314c08a274e531a4 [diff] [blame]