Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 0cac6fd17a341cc64e9aca2e9b402234b08264d8 / . / private / property.te
blob: 53f4284cb19c70407644820c0efebfaea0900487 [file] [log] [blame]
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]1# Properties used only in /system
2system_internal_prop(adbd_prop)
Yi Kong0ac00722020-10-27 02:29:52 +0800[diff] [blame]3system_internal_prop(device_config_profcollect_native_boot_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]4system_internal_prop(device_config_storage_native_boot_prop)
5system_internal_prop(device_config_sys_traced_prop)
6system_internal_prop(device_config_window_manager_native_boot_prop)
7system_internal_prop(device_config_configuration_prop)
Hongguang Chen91a5f4e2020-04-23 23:43:13 -0700[diff] [blame]8system_internal_prop(fastbootd_protocol_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]9system_internal_prop(gsid_prop)
10system_internal_prop(init_perf_lsm_hooks_prop)
Inseob Kim15e5e0a2020-05-14 19:43:08 +0900[diff] [blame]11system_internal_prop(init_service_status_private_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]12system_internal_prop(init_svc_debug_prop)
13system_internal_prop(last_boot_reason_prop)
Alexander Mishkovetsf0be89b2020-07-08 23:11:03 +0200[diff] [blame]14system_internal_prop(localization_prop)
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]15system_internal_prop(lower_kptr_restrict_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]16system_internal_prop(netd_stable_secret_prop)
17system_internal_prop(pm_prop)
18system_internal_prop(system_adbd_prop)
19system_internal_prop(traced_perf_enabled_prop)
20system_internal_prop(userspace_reboot_log_prop)
21system_internal_prop(userspace_reboot_test_prop)
22
Janis Danisevskis202e8632020-10-23 11:16:34 -0700[diff] [blame]23# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
24system_internal_prop(keystore2_enable_prop)
25
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]26###
27### Neverallow rules
28###
29
30treble_sysprop_neverallow(`
31
Inseob Kimafc09932020-09-28 13:32:43 +0900[diff] [blame]32enforce_sysprop_owner(`
33 neverallow domain {
34 property_type
35 -system_property_type
36 -product_property_type
37 -vendor_property_type
38 }:file no_rw_file_perms;
39')
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]40
41neverallow { domain -coredomain } {
42 system_property_type
43 system_internal_property_type
44 -system_restricted_property_type
45 -system_public_property_type
46}:file no_rw_file_perms;
47
48neverallow { domain -coredomain } {
49 system_property_type
50 -system_public_property_type
51}:property_service set;
52
53# init is in coredomain, but should be able to read/write all props.
54# dumpstate is also in coredomain, but should be able to read all props.
55neverallow { coredomain -init -dumpstate } {
56 vendor_property_type
57 vendor_internal_property_type
58 -vendor_restricted_property_type
59 -vendor_public_property_type
60}:file no_rw_file_perms;
61
62neverallow { coredomain -init } {
63 vendor_property_type
64 -vendor_public_property_type
65}:property_service set;
66
67')
68
69# There is no need to perform ioctl or advisory locking operations on
70# property files. If this neverallow is being triggered, it is
71# likely that the policy is using r_file_perms directly instead of
72# the get_prop() macro.
73neverallow domain property_type:file { ioctl lock };
74
75neverallow * {
76 core_property_type
77 -audio_prop
78 -config_prop
79 -cppreopt_prop
80 -dalvik_prop
81 -debuggerd_prop
82 -debug_prop
83 -default_prop
84 -dhcp_prop
85 -dumpstate_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]86 -fingerprint_prop
87 -logd_prop
88 -net_radio_prop
89 -nfc_prop
90 -ota_prop
91 -pan_result_prop
92 -persist_debug_prop
93 -powerctl_prop
94 -radio_prop
95 -restorecon_prop
96 -shell_prop
97 -system_prop
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]98 -usb_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]99 -vold_prop
100}:file no_rw_file_perms;
101
102# sigstop property is only used for debugging; should only be set by su which is permissive
103# for userdebug/eng
104neverallow {
105 domain
106 -init
107 -vendor_init
108} ctl_sigstop_prop:property_service set;
109
110# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
111# in the audit log
112dontaudit domain {
113 ctl_bootanim_prop
114 ctl_bugreport_prop
115 ctl_console_prop
116 ctl_default_prop
117 ctl_dumpstate_prop
118 ctl_fuse_prop
119 ctl_mdnsd_prop
120 ctl_rildaemon_prop
121}:property_service set;
122
123neverallow {
124 domain
125 -init
126} init_svc_debug_prop:property_service set;
127
128neverallow {
129 domain
130 -init
131 -dumpstate
132 userdebug_or_eng(`-su')
133} init_svc_debug_prop:file no_rw_file_perms;
134
135compatible_property_only(`
136# Prevent properties from being set
137 neverallow {
138 domain
139 -coredomain
140 -appdomain
141 -vendor_init
142 } {
143 core_property_type
144 extended_core_property_type
145 exported_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]146 exported_default_prop
147 exported_dumpstate_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]148 exported_system_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]149 exported3_system_prop
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]150 usb_control_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]151 -nfc_prop
152 -powerctl_prop
153 -radio_prop
154 }:property_service set;
155
156 neverallow {
157 domain
158 -coredomain
159 -appdomain
160 -hal_nfc_server
161 } {
162 nfc_prop
163 }:property_service set;
164
165 neverallow {
166 domain
167 -coredomain
168 -appdomain
169 -hal_telephony_server
170 -vendor_init
171 } {
Inseob Kimacd02fc2020-07-28 15:17:24 +0900[diff] [blame]172 radio_control_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]173 }:property_service set;
174
175 neverallow {
176 domain
177 -coredomain
178 -appdomain
179 -hal_telephony_server
180 } {
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]181 radio_prop
182 }:property_service set;
183
184 neverallow {
185 domain
186 -coredomain
187 -bluetooth
188 -hal_bluetooth_server
189 } {
190 bluetooth_prop
191 }:property_service set;
192
193 neverallow {
194 domain
195 -coredomain
196 -bluetooth
197 -hal_bluetooth_server
198 -vendor_init
199 } {
200 exported_bluetooth_prop
201 }:property_service set;
202
203 neverallow {
204 domain
205 -coredomain
206 -hal_camera_server
207 -cameraserver
208 -vendor_init
209 } {
210 exported_camera_prop
211 }:property_service set;
212
213 neverallow {
214 domain
215 -coredomain
216 -hal_wifi_server
217 -wificond
218 } {
219 wifi_prop
220 }:property_service set;
221
222 neverallow {
223 domain
Inseob Kim3dbf3d82020-06-25 21:20:42 +0900[diff] [blame]224 -init
225 -dumpstate
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]226 -hal_wifi_server
227 -wificond
228 -vendor_init
229 } {
Inseob Kim3dbf3d82020-06-25 21:20:42 +0900[diff] [blame]230 wifi_hal_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]231 }:property_service set;
232
233# Prevent properties from being read
234 neverallow {
235 domain
236 -coredomain
237 -appdomain
238 -vendor_init
239 } {
240 core_property_type
Inseob Kimd8c39d92020-04-20 19:36:33 +0900[diff] [blame]241 dalvik_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]242 extended_core_property_type
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]243 exported3_system_prop
Inseob Kimfd2d6ec2020-04-01 10:01:16 +0900[diff] [blame]244 systemsound_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]245 -debug_prop
246 -logd_prop
247 -nfc_prop
248 -powerctl_prop
249 -radio_prop
250 }:file no_rw_file_perms;
251
252 neverallow {
253 domain
254 -coredomain
255 -appdomain
256 -hal_nfc_server
257 } {
258 nfc_prop
259 }:file no_rw_file_perms;
260
261 neverallow {
262 domain
263 -coredomain
264 -appdomain
265 -hal_telephony_server
266 } {
267 radio_prop
268 }:file no_rw_file_perms;
269
270 neverallow {
271 domain
272 -coredomain
273 -bluetooth
274 -hal_bluetooth_server
275 } {
276 bluetooth_prop
277 }:file no_rw_file_perms;
278
279 neverallow {
280 domain
281 -coredomain
282 -hal_wifi_server
283 -wificond
284 } {
285 wifi_prop
286 }:file no_rw_file_perms;
287')
288
289compatible_property_only(`
290 # Neverallow coredomain to set vendor properties
291 neverallow {
292 coredomain
293 -init
294 -system_writes_vendor_properties_violators
295 } {
296 property_type
297 -system_property_type
298 -extended_core_property_type
299 }:property_service set;
300')
301
302neverallow {
Inseob Kimbfb37082020-04-27 23:49:15 +0900[diff] [blame]303 -coredomain
304 -vendor_init
305} {
306 ffs_config_prop
307 ffs_control_prop
308}:file no_rw_file_perms;
309
310neverallow {
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]311 -init
312 -system_server
313} {
314 userspace_reboot_log_prop
315}:property_service set;
316
317neverallow {
318 # Only allow init and system_server to set system_adbd_prop
319 -init
320 -system_server
321} {
322 system_adbd_prop
323}:property_service set;
324
Josh Gao0cac6fd2020-10-28 13:56:23 -0700[diff] [blame^]325# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port
326neverallow {
327 -init
328 -vendor_init
329 -adbd
330 -system_server
331} {
332 adbd_config_prop
333}:property_service set;
334
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]335neverallow {
336 # Only allow init and adbd to set adbd_prop
337 -init
338 -adbd
339} {
340 adbd_prop
341}:property_service set;
342
343neverallow {
344 # Only allow init and shell to set userspace_reboot_test_prop
345 -init
346 -shell
347} {
348 userspace_reboot_test_prop
349}:property_service set;
Inseob Kim721d9212020-04-24 21:25:17 +0900[diff] [blame]350
351neverallow {
352 -init
353 -system_server
354 -vendor_init
355} {
356 surfaceflinger_color_prop
357}:property_service set;
Inseob Kim9add20f2020-05-06 22:20:35 +0900[diff] [blame]358
359neverallow {
360 -init
361} {
362 libc_debug_prop
363}:property_service set;
Inseob Kim36aeb162020-05-08 20:42:25 +0900[diff] [blame]364
365neverallow {
366 -init
367 -system_server
368 -vendor_init
369} zram_control_prop:property_service set;
Inseob Kim1337e152020-05-12 22:51:48 +0900[diff] [blame]370
371neverallow {
372 -init
373 -system_server
374 -vendor_init
375} dalvik_runtime_prop:property_service set;
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]376
377neverallow {
378 -coredomain
379 -vendor_init
380} {
381 usb_config_prop
382 usb_control_prop
383}:property_service set;
Inseob Kim3b82aec2020-05-14 01:38:40 +0900[diff] [blame]384
385neverallow {
386 -init
387 -system_server
388} {
389 provisioned_prop
390 retaildemo_prop
391}:property_service set;
392
393neverallow {
394 -coredomain
395 -vendor_init
396} {
397 provisioned_prop
398 retaildemo_prop
399}:file no_rw_file_perms;
Inseob Kim15e5e0a2020-05-14 19:43:08 +0900[diff] [blame]400
401neverallow {
402 -init
403} {
404 init_service_status_private_prop
405 init_service_status_prop
406}:property_service set;
Inseob Kimad631702020-05-14 21:47:43 +0900[diff] [blame]407
408neverallow {
409 -init
410 -radio
411 -appdomain
412 -hal_telephony_server
Inseob Kim285da2f2020-06-04 20:29:43 +0900[diff] [blame]413 not_compatible_property(`-vendor_init')
Inseob Kimad631702020-05-14 21:47:43 +0900[diff] [blame]414} telephony_status_prop:property_service set;
Peiyong Lin37dea072020-06-03 12:20:41 -0700[diff] [blame]415
416neverallow {
417 -init
418 -vendor_init
419} {
420 graphics_config_prop
421}:property_service set;
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]422
423neverallow {
Amy Hsu0f352fb2020-06-15 17:04:12 +0800[diff] [blame]424 -init
Midas Chien0d0391f2020-06-17 22:13:21 +0800[diff] [blame]425 -surfaceflinger
Amy Hsu0f352fb2020-06-15 17:04:12 +0800[diff] [blame]426} {
427 surfaceflinger_display_prop
428}:property_service set;
429
Inseob Kim072b0142020-06-16 20:00:41 +0900[diff] [blame]430neverallow {
Inseob Kim5eacf722020-07-01 01:27:49 +0900[diff] [blame]431 -coredomain
432 -appdomain
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]433 -vendor_init
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]434} packagemanager_config_prop:file no_rw_file_perms;
Inseob Kim04f435c2020-07-07 12:46:24 +0900[diff] [blame]435
436neverallow {
437 -coredomain
438 -vendor_init
439} keyguard_config_prop:file no_rw_file_perms;
Alexander Mishkovetsf0be89b2020-07-08 23:11:03 +0200[diff] [blame]440
441neverallow {
442 -init
443} {
444 localization_prop
445}:property_service set;
Inseob Kimc80b0242020-07-16 22:25:47 +0900[diff] [blame]446
447neverallow {
448 -init
449 -vendor_init
450 -dumpstate
451 -system_app
452} oem_unlock_prop:file no_rw_file_perms;
453
454neverallow {
455 -coredomain
456 -vendor_init
457} storagemanager_config_prop:file no_rw_file_perms;
458
459neverallow {
460 -init
461 -vendor_init
462 -dumpstate
463 -appdomain
464} sendbug_config_prop:file no_rw_file_perms;
Inseob Kimc97a97c2020-07-20 20:26:07 +0900[diff] [blame]465
466neverallow {
467 -init
468 -vendor_init
469 -dumpstate
470 -appdomain
471} camera_calibration_prop:file no_rw_file_perms;
Inseob Kim46dd4be2020-08-18 11:25:32 +0900[diff] [blame]472
473neverallow {
474 -init
475 -dumpstate
Jeff Vander Stoep684d25b2020-08-25 11:41:00 +0200[diff] [blame]476 -hal_dumpstate_server
Inseob Kim46dd4be2020-08-18 11:25:32 +0900[diff] [blame]477 not_compatible_property(`-vendor_init')
478} hal_dumpstate_config_prop:file no_rw_file_perms;
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]479
480neverallow {
481 -init
482 userdebug_or_eng(`-traced_probes')
483} {
484 lower_kptr_restrict_prop
485}:property_service set;
Janis Danisevskis202e8632020-10-23 11:16:34 -0700[diff] [blame]486
487# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
488neverallow {
489 -init
490 -dumpstate
491 -system_app
492 -system_server
493 -zygote
494} keystore2_enable_prop:file no_rw_file_perms;