Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 09bb944221a1e3adeed14eb110895fca2f9b347d / . / private / property.te
blob: 575785d8f1413b6d2dd8c69c16e0e51b5d5d7823 [file] [log] [blame]
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]1# Properties used only in /system
2system_internal_prop(adbd_prop)
David Anderson09bb9442020-11-13 00:45:59 -0800[diff] [blame^]3system_internal_prop(ctl_snapuserd_prop)
Yi Kong0ac00722020-10-27 02:29:52 +0800[diff] [blame]4system_internal_prop(device_config_profcollect_native_boot_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]5system_internal_prop(device_config_storage_native_boot_prop)
6system_internal_prop(device_config_sys_traced_prop)
7system_internal_prop(device_config_window_manager_native_boot_prop)
8system_internal_prop(device_config_configuration_prop)
Hongguang Chen91a5f4e2020-04-23 23:43:13 -0700[diff] [blame]9system_internal_prop(fastbootd_protocol_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]10system_internal_prop(gsid_prop)
11system_internal_prop(init_perf_lsm_hooks_prop)
Inseob Kim15e5e0a2020-05-14 19:43:08 +0900[diff] [blame]12system_internal_prop(init_service_status_private_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]13system_internal_prop(init_svc_debug_prop)
14system_internal_prop(last_boot_reason_prop)
Alexander Mishkovetsf0be89b2020-07-08 23:11:03 +0200[diff] [blame]15system_internal_prop(localization_prop)
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]16system_internal_prop(lower_kptr_restrict_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]17system_internal_prop(netd_stable_secret_prop)
18system_internal_prop(pm_prop)
Inseob Kimd5a04482020-11-05 22:17:26 +0900[diff] [blame]19system_internal_prop(setupwizard_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]20system_internal_prop(system_adbd_prop)
Benjamin Schwartz3e4d97b2020-10-30 13:55:21 -0700[diff] [blame]21system_internal_prop(suspend_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]22system_internal_prop(traced_perf_enabled_prop)
23system_internal_prop(userspace_reboot_log_prop)
24system_internal_prop(userspace_reboot_test_prop)
Inseob Kimd5a04482020-11-05 22:17:26 +0900[diff] [blame]25system_internal_prop(verity_status_prop)
26system_internal_prop(zygote_wrap_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]27
Janis Danisevskis202e8632020-10-23 11:16:34 -0700[diff] [blame]28# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
29system_internal_prop(keystore2_enable_prop)
30
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]31###
32### Neverallow rules
33###
34
35treble_sysprop_neverallow(`
36
Inseob Kimafc09932020-09-28 13:32:43 +0900[diff] [blame]37enforce_sysprop_owner(`
38 neverallow domain {
39 property_type
40 -system_property_type
41 -product_property_type
42 -vendor_property_type
43 }:file no_rw_file_perms;
44')
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]45
46neverallow { domain -coredomain } {
47 system_property_type
48 system_internal_property_type
49 -system_restricted_property_type
50 -system_public_property_type
51}:file no_rw_file_perms;
52
53neverallow { domain -coredomain } {
54 system_property_type
55 -system_public_property_type
56}:property_service set;
57
58# init is in coredomain, but should be able to read/write all props.
59# dumpstate is also in coredomain, but should be able to read all props.
60neverallow { coredomain -init -dumpstate } {
61 vendor_property_type
62 vendor_internal_property_type
63 -vendor_restricted_property_type
64 -vendor_public_property_type
65}:file no_rw_file_perms;
66
67neverallow { coredomain -init } {
68 vendor_property_type
69 -vendor_public_property_type
70}:property_service set;
71
72')
73
74# There is no need to perform ioctl or advisory locking operations on
75# property files. If this neverallow is being triggered, it is
76# likely that the policy is using r_file_perms directly instead of
77# the get_prop() macro.
78neverallow domain property_type:file { ioctl lock };
79
80neverallow * {
81 core_property_type
82 -audio_prop
83 -config_prop
84 -cppreopt_prop
85 -dalvik_prop
86 -debuggerd_prop
87 -debug_prop
88 -default_prop
89 -dhcp_prop
90 -dumpstate_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]91 -fingerprint_prop
92 -logd_prop
93 -net_radio_prop
94 -nfc_prop
95 -ota_prop
96 -pan_result_prop
97 -persist_debug_prop
98 -powerctl_prop
99 -radio_prop
100 -restorecon_prop
101 -shell_prop
102 -system_prop
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]103 -usb_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]104 -vold_prop
105}:file no_rw_file_perms;
106
107# sigstop property is only used for debugging; should only be set by su which is permissive
108# for userdebug/eng
109neverallow {
110 domain
111 -init
112 -vendor_init
113} ctl_sigstop_prop:property_service set;
114
115# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
116# in the audit log
117dontaudit domain {
118 ctl_bootanim_prop
119 ctl_bugreport_prop
120 ctl_console_prop
121 ctl_default_prop
122 ctl_dumpstate_prop
123 ctl_fuse_prop
124 ctl_mdnsd_prop
125 ctl_rildaemon_prop
126}:property_service set;
127
128neverallow {
129 domain
130 -init
131} init_svc_debug_prop:property_service set;
132
133neverallow {
134 domain
135 -init
136 -dumpstate
137 userdebug_or_eng(`-su')
138} init_svc_debug_prop:file no_rw_file_perms;
139
140compatible_property_only(`
141# Prevent properties from being set
142 neverallow {
143 domain
144 -coredomain
145 -appdomain
146 -vendor_init
147 } {
148 core_property_type
149 extended_core_property_type
150 exported_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]151 exported_default_prop
152 exported_dumpstate_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]153 exported_system_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]154 exported3_system_prop
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]155 usb_control_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]156 -nfc_prop
157 -powerctl_prop
158 -radio_prop
159 }:property_service set;
160
161 neverallow {
162 domain
163 -coredomain
164 -appdomain
165 -hal_nfc_server
166 } {
167 nfc_prop
168 }:property_service set;
169
170 neverallow {
171 domain
172 -coredomain
173 -appdomain
174 -hal_telephony_server
175 -vendor_init
176 } {
Inseob Kimacd02fc2020-07-28 15:17:24 +0900[diff] [blame]177 radio_control_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]178 }:property_service set;
179
180 neverallow {
181 domain
182 -coredomain
183 -appdomain
184 -hal_telephony_server
185 } {
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]186 radio_prop
187 }:property_service set;
188
189 neverallow {
190 domain
191 -coredomain
192 -bluetooth
193 -hal_bluetooth_server
194 } {
195 bluetooth_prop
196 }:property_service set;
197
198 neverallow {
199 domain
200 -coredomain
201 -bluetooth
202 -hal_bluetooth_server
203 -vendor_init
204 } {
205 exported_bluetooth_prop
206 }:property_service set;
207
208 neverallow {
209 domain
210 -coredomain
211 -hal_camera_server
212 -cameraserver
213 -vendor_init
214 } {
215 exported_camera_prop
216 }:property_service set;
217
218 neverallow {
219 domain
220 -coredomain
221 -hal_wifi_server
222 -wificond
223 } {
224 wifi_prop
225 }:property_service set;
226
227 neverallow {
228 domain
Inseob Kim3dbf3d82020-06-25 21:20:42 +0900[diff] [blame]229 -init
230 -dumpstate
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]231 -hal_wifi_server
232 -wificond
233 -vendor_init
234 } {
Inseob Kim3dbf3d82020-06-25 21:20:42 +0900[diff] [blame]235 wifi_hal_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]236 }:property_service set;
237
238# Prevent properties from being read
239 neverallow {
240 domain
241 -coredomain
242 -appdomain
243 -vendor_init
244 } {
245 core_property_type
Inseob Kimd8c39d92020-04-20 19:36:33 +0900[diff] [blame]246 dalvik_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]247 extended_core_property_type
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]248 exported3_system_prop
Inseob Kimfd2d6ec2020-04-01 10:01:16 +0900[diff] [blame]249 systemsound_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]250 -debug_prop
251 -logd_prop
252 -nfc_prop
253 -powerctl_prop
254 -radio_prop
255 }:file no_rw_file_perms;
256
257 neverallow {
258 domain
259 -coredomain
260 -appdomain
261 -hal_nfc_server
262 } {
263 nfc_prop
264 }:file no_rw_file_perms;
265
266 neverallow {
267 domain
268 -coredomain
269 -appdomain
270 -hal_telephony_server
271 } {
272 radio_prop
273 }:file no_rw_file_perms;
274
275 neverallow {
276 domain
277 -coredomain
278 -bluetooth
279 -hal_bluetooth_server
280 } {
281 bluetooth_prop
282 }:file no_rw_file_perms;
283
284 neverallow {
285 domain
286 -coredomain
287 -hal_wifi_server
288 -wificond
289 } {
290 wifi_prop
291 }:file no_rw_file_perms;
Benjamin Schwartz3e4d97b2020-10-30 13:55:21 -0700[diff] [blame]292
293 neverallow {
294 domain
295 -init
296 } {
297 suspend_prop
298 }:property_service set;
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]299')
300
301compatible_property_only(`
302 # Neverallow coredomain to set vendor properties
303 neverallow {
304 coredomain
305 -init
306 -system_writes_vendor_properties_violators
307 } {
308 property_type
309 -system_property_type
310 -extended_core_property_type
311 }:property_service set;
312')
313
314neverallow {
Inseob Kimbfb37082020-04-27 23:49:15 +0900[diff] [blame]315 -coredomain
316 -vendor_init
317} {
318 ffs_config_prop
319 ffs_control_prop
320}:file no_rw_file_perms;
321
322neverallow {
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]323 -init
324 -system_server
325} {
326 userspace_reboot_log_prop
327}:property_service set;
328
329neverallow {
330 # Only allow init and system_server to set system_adbd_prop
331 -init
332 -system_server
333} {
334 system_adbd_prop
335}:property_service set;
336
Josh Gao0cac6fd2020-10-28 13:56:23 -0700[diff] [blame]337# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port
338neverallow {
339 -init
340 -vendor_init
341 -adbd
342 -system_server
343} {
344 adbd_config_prop
345}:property_service set;
346
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]347neverallow {
348 # Only allow init and adbd to set adbd_prop
349 -init
350 -adbd
351} {
352 adbd_prop
353}:property_service set;
354
355neverallow {
356 # Only allow init and shell to set userspace_reboot_test_prop
357 -init
358 -shell
359} {
360 userspace_reboot_test_prop
361}:property_service set;
Inseob Kim721d9212020-04-24 21:25:17 +0900[diff] [blame]362
363neverallow {
364 -init
365 -system_server
366 -vendor_init
367} {
368 surfaceflinger_color_prop
369}:property_service set;
Inseob Kim9add20f2020-05-06 22:20:35 +0900[diff] [blame]370
371neverallow {
372 -init
373} {
374 libc_debug_prop
375}:property_service set;
Inseob Kim36aeb162020-05-08 20:42:25 +0900[diff] [blame]376
377neverallow {
378 -init
379 -system_server
380 -vendor_init
381} zram_control_prop:property_service set;
Inseob Kim1337e152020-05-12 22:51:48 +0900[diff] [blame]382
383neverallow {
384 -init
385 -system_server
386 -vendor_init
387} dalvik_runtime_prop:property_service set;
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]388
389neverallow {
390 -coredomain
391 -vendor_init
392} {
393 usb_config_prop
394 usb_control_prop
395}:property_service set;
Inseob Kim3b82aec2020-05-14 01:38:40 +0900[diff] [blame]396
397neverallow {
398 -init
399 -system_server
400} {
401 provisioned_prop
402 retaildemo_prop
403}:property_service set;
404
405neverallow {
406 -coredomain
407 -vendor_init
408} {
409 provisioned_prop
410 retaildemo_prop
411}:file no_rw_file_perms;
Inseob Kim15e5e0a2020-05-14 19:43:08 +0900[diff] [blame]412
413neverallow {
414 -init
415} {
416 init_service_status_private_prop
417 init_service_status_prop
418}:property_service set;
Inseob Kimad631702020-05-14 21:47:43 +0900[diff] [blame]419
420neverallow {
421 -init
422 -radio
423 -appdomain
424 -hal_telephony_server
Inseob Kim285da2f2020-06-04 20:29:43 +0900[diff] [blame]425 not_compatible_property(`-vendor_init')
Inseob Kimad631702020-05-14 21:47:43 +0900[diff] [blame]426} telephony_status_prop:property_service set;
Peiyong Lin37dea072020-06-03 12:20:41 -0700[diff] [blame]427
428neverallow {
429 -init
430 -vendor_init
431} {
432 graphics_config_prop
433}:property_service set;
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]434
435neverallow {
Amy Hsu0f352fb2020-06-15 17:04:12 +0800[diff] [blame]436 -init
Midas Chien0d0391f2020-06-17 22:13:21 +0800[diff] [blame]437 -surfaceflinger
Amy Hsu0f352fb2020-06-15 17:04:12 +0800[diff] [blame]438} {
439 surfaceflinger_display_prop
440}:property_service set;
441
Inseob Kim072b0142020-06-16 20:00:41 +0900[diff] [blame]442neverallow {
Inseob Kim5eacf722020-07-01 01:27:49 +0900[diff] [blame]443 -coredomain
444 -appdomain
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]445 -vendor_init
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]446} packagemanager_config_prop:file no_rw_file_perms;
Inseob Kim04f435c2020-07-07 12:46:24 +0900[diff] [blame]447
448neverallow {
449 -coredomain
450 -vendor_init
451} keyguard_config_prop:file no_rw_file_perms;
Alexander Mishkovetsf0be89b2020-07-08 23:11:03 +0200[diff] [blame]452
453neverallow {
454 -init
455} {
456 localization_prop
457}:property_service set;
Inseob Kimc80b0242020-07-16 22:25:47 +0900[diff] [blame]458
459neverallow {
460 -init
461 -vendor_init
462 -dumpstate
463 -system_app
464} oem_unlock_prop:file no_rw_file_perms;
465
466neverallow {
467 -coredomain
468 -vendor_init
469} storagemanager_config_prop:file no_rw_file_perms;
470
471neverallow {
472 -init
473 -vendor_init
474 -dumpstate
475 -appdomain
476} sendbug_config_prop:file no_rw_file_perms;
Inseob Kimc97a97c2020-07-20 20:26:07 +0900[diff] [blame]477
478neverallow {
479 -init
480 -vendor_init
481 -dumpstate
482 -appdomain
483} camera_calibration_prop:file no_rw_file_perms;
Inseob Kim46dd4be2020-08-18 11:25:32 +0900[diff] [blame]484
485neverallow {
486 -init
487 -dumpstate
Jeff Vander Stoep684d25b2020-08-25 11:41:00 +0200[diff] [blame]488 -hal_dumpstate_server
Inseob Kim46dd4be2020-08-18 11:25:32 +0900[diff] [blame]489 not_compatible_property(`-vendor_init')
490} hal_dumpstate_config_prop:file no_rw_file_perms;
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]491
492neverallow {
493 -init
494 userdebug_or_eng(`-traced_probes')
Florian Mayer167407d2020-11-11 11:01:36 +0000[diff] [blame]495 userdebug_or_eng(`-traced_perf')
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]496} {
497 lower_kptr_restrict_prop
498}:property_service set;
Janis Danisevskis202e8632020-10-23 11:16:34 -0700[diff] [blame]499
500# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
501neverallow {
502 -init
503 -dumpstate
504 -system_app
505 -system_server
506 -zygote
507} keystore2_enable_prop:file no_rw_file_perms;
Inseob Kimd5a04482020-11-05 22:17:26 +0900[diff] [blame]508
509neverallow {
510 -init
511} zygote_wrap_prop:property_service set;
512
513neverallow {
514 -init
515} verity_status_prop:property_service set;
516
517neverallow {
518 -init
519} setupwizard_prop:property_service set;
Inseob Kim99855662020-11-12 22:21:51 +0900[diff] [blame]520
521# ro.product.property_source_order is useless after initialization of ro.product.* props.
522# So making it accessible only from init and vendor_init.
523neverallow {
524 -init
525 -dumpstate
526 -vendor_init
527} build_config_prop:file no_rw_file_perms;
Inseob Kim0cef0fe2020-11-17 13:54:52 +0900[diff] [blame]528
529neverallow {
530 -init
531 -shell
532} sqlite_log_prop:property_service set;
533
534neverallow {
535 -coredomain
536 -appdomain
537} sqlite_log_prop:file no_rw_file_perms;