commit e49714542ee846a7b14c8edb78303ec94cb4836e
author Jaekyun Seok <jaekyun@google.com> Thu Oct 19 16:54:49 2017 +0900
committer Jeffrey Vander Stoep <jeffv@google.com> Wed Jan 10 16:15:25 2018 +0000
tree d215371716907651c154c87f323e25bc2c16ccb7
parent c80f9e037bedb09d08a261f255f87ea105fa371b

Whitelist exported platform properties

This CL lists all the exported platform properties in
private/exported_property_contexts.

Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.

Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e

private/adbd.te

diff --git a/private/adbd.te b/private/adbd.te
index 2f6a450..9dcfc81 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -55,6 +55,7 @@
 set_prop(adbd, shell_prop)
 set_prop(adbd, powerctl_prop)
 set_prop(adbd, ffs_prop)
+set_prop(adbd, exported_ffs_prop)
 
 # Access device logging gating property
 get_prop(adbd, device_logging_prop)

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index f70cb7c..1d3e27b 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -10,6 +10,24 @@
     crossprofileapps_service
     e2fs
     e2fs_exec
+    exported_config_prop
+    exported_dalvik_prop
+    exported_default_prop
+    exported_dumpstate_prop
+    exported_ffs_prop
+    exported_overlay_prop
+    exported_pm_prop
+    exported_radio_prop
+    exported_system_prop
+    exported_system_radio_prop
+    exported_vold_prop
+    exported2_config_prop
+    exported2_default_prop
+    exported2_radio_prop
+    exported2_system_prop
+    exported2_vold_prop
+    exported3_default_prop
+    exported3_system_prop
     fs_bpf
     hal_broadcastradio_hwservice
     hal_cas_hwservice
@@ -64,6 +82,7 @@
     traced_producer_socket
     traced_tmpfs
     update_engine_log_data_file
+    vendor_default_prop
     vendor_init
     vold_prepare_subdirs
     vold_prepare_subdirs_exec

private/coredomain.te

diff --git a/private/coredomain.te b/private/coredomain.te
index 0ca4913..244c83c 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1 +1,2 @@
 get_prop(coredomain, pm_prop)
+get_prop(coredomain, exported_pm_prop)

private/mediaprovider.te

diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 2c4a809..99c09da 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -37,3 +37,4 @@
 
 # MtpServer sets sys.usb.ffs.mtp.ready
 set_prop(mediaprovider, ffs_prop)
+set_prop(mediaprovider, exported_ffs_prop)

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 1706224..de9fce1 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -9,7 +9,10 @@
 net.lte                 u:object_r:net_radio_prop:s0
 net.cdma                u:object_r:net_radio_prop:s0
 net.dns                 u:object_r:net_dns_prop:s0
-sys.usb.config          u:object_r:system_radio_prop:s0
+# TODO(b/36001741): Rename to sys.usb.config when exact match is supported and
+# so an exact-matching spec isn't considered as a duplicate of a
+# prefix-matching spec having the same property name.
+sys.usb.conf            u:object_r:system_radio_prop:s0
 ril.                    u:object_r:radio_prop:s0
 ro.ril.                 u:object_r:radio_prop:s0
 gsm.                    u:object_r:radio_prop:s0
@@ -45,6 +48,7 @@
 persist.bluetooth.      u:object_r:bluetooth_prop:s0
 persist.debug.          u:object_r:persist_debug_prop:s0
 persist.logd.           u:object_r:logd_prop:s0
+ro.logd.                u:object_r:logd_prop:s0
 persist.logd.security   u:object_r:device_logging_prop:s0
 persist.logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
@@ -86,6 +90,9 @@
 
 # ro.build.fingerprint is either set in /system/build.prop, or is
 # set at runtime by system_server.
+# TODO(b/36001741): Copy into exported_property_contexts when exact match is
+# supported and so an exact-matching spec isn't considered as a duplicate of a
+# prefix-matching spec having the same property name.
 ro.build.fingerprint    u:object_r:fingerprint_prop:s0
 
 ro.persistent_properties.ready  u:object_r:persistent_properties_ready_prop:s0
@@ -120,3 +127,10 @@
 
 # hwservicemanager properties
 hwservicemanager.       u:object_r:hwservicemanager_prop:s0
+
+# Common vendor default properties.
+init.svc.vendor.        u:object_r:vendor_default_prop:s0
+ro.hardware.            u:object_r:vendor_default_prop:s0
+ro.vendor.              u:object_r:vendor_default_prop:s0
+persist.vendor.         u:object_r:vendor_default_prop:s0
+vendor.                 u:object_r:vendor_default_prop:s0

private/surfaceflinger.te

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index f28e3fe..694bb2f 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -46,6 +46,9 @@
 
 # Set properties.
 set_prop(surfaceflinger, system_prop)
+set_prop(surfaceflinger, exported_system_prop)
+set_prop(surfaceflinger, exported2_system_prop)
+set_prop(surfaceflinger, exported3_system_prop)
 set_prop(surfaceflinger, ctl_bootanim_prop)
 
 # Use open files supplied by an app.

private/system_app.te

diff --git a/private/system_app.te b/private/system_app.te
index 0381c4f..7b8f3bf 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -34,13 +34,18 @@
 set_prop(system_app, bluetooth_prop)
 set_prop(system_app, debug_prop)
 set_prop(system_app, system_prop)
+set_prop(system_app, exported_system_prop)
+set_prop(system_app, exported2_system_prop)
+set_prop(system_app, exported3_system_prop)
 set_prop(system_app, logd_prop)
 set_prop(system_app, net_radio_prop)
 set_prop(system_app, system_radio_prop)
+set_prop(system_app, exported_system_radio_prop)
 set_prop(system_app, log_tag_prop)
 userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
 auditallow system_app net_radio_prop:property_service set;
 auditallow system_app system_radio_prop:property_service set;
+auditallow system_app exported_system_radio_prop:property_service set;
 
 # ctl interface
 set_prop(system_app, ctl_default_prop)

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index df24104..e917c89 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -468,18 +468,24 @@
 
 # Property Service write
 set_prop(system_server, system_prop)
+set_prop(system_server, exported_system_prop)
+set_prop(system_server, exported2_system_prop)
+set_prop(system_server, exported3_system_prop)
 set_prop(system_server, safemode_prop)
 set_prop(system_server, dhcp_prop)
 set_prop(system_server, net_radio_prop)
 set_prop(system_server, net_dns_prop)
 set_prop(system_server, system_radio_prop)
+set_prop(system_server, exported_system_radio_prop)
 set_prop(system_server, debug_prop)
 set_prop(system_server, powerctl_prop)
 set_prop(system_server, fingerprint_prop)
 set_prop(system_server, device_logging_prop)
 set_prop(system_server, dumpstate_options_prop)
 set_prop(system_server, overlay_prop)
+set_prop(system_server, exported_overlay_prop)
 set_prop(system_server, pm_prop)
+set_prop(system_server, exported_pm_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface

private/zygote.te

diff --git a/private/zygote.te b/private/zygote.te
index 9ec0e4a..b592591 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -110,6 +110,7 @@
 
 # Let the zygote access overlays so it can initialize the AssetManager.
 get_prop(zygote, overlay_prop)
+get_prop(zygote, exported_overlay_prop)
 
 ###
 ### neverallow rules