Blame - microdroid/system/private/property.te - android_system_sepolicy

blob: 733bb330c8f9fe68303c184d21c327ba1ebddcd3 [file] [log] [blame]

Inseob Kim	fa4c5bf	2022-07-13 18:57:55 +0900	[diff] [blame]	1	system_internal_prop(ctl_tombstoned_prop)
				2
Victor Hsieh	a62b3ff	2022-05-02 09:47:11 -0700	[diff] [blame]	3	system_restricted_prop(boot_status_prop)
				4
Victor Hsieh	b415c73	2021-12-14 11:06:23 -0800	[diff] [blame]	5	# Declare ART properties for CompOS
				6	system_public_prop(dalvik_config_prop)
				7	system_restricted_prop(device_config_runtime_native_prop)
Victor Hsieh	3423bc4	2022-05-10 16:14:30 -0700	[diff] [blame]	8	system_restricted_prop(device_config_runtime_native_boot_prop)
Victor Hsieh	b415c73	2021-12-14 11:06:23 -0800	[diff] [blame]	9
Inseob Kim	5ee61a7	2021-09-17 19:31:45 +0900	[diff] [blame]	10	# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
				11	# in the audit log
				12	dontaudit domain {
				13	ctl_console_prop
				14	ctl_default_prop
				15	ctl_fuse_prop
				16	}:property_service set;
				17
Inseob Kim	e138997	2021-07-19 07:48:34 +0000	[diff] [blame]	18	###
				19	### Neverallow rules
				20	###
				21
Jiyong Park	27bb6c6	2021-09-06 15:39:31 +0900	[diff] [blame]	22	# microdroid_manager_roothash_prop can only be set by microdroid_manager
				23	# and read by apkdmverity
				24	neverallow {
				25	domain
				26	-init
				27	-microdroid_manager
				28	} microdroid_manager_roothash_prop:property_service set;
				29
				30	neverallow {
				31	domain
				32	-init
				33	-microdroid_manager
				34	-apkdmverity
				35	} microdroid_manager_roothash_prop:file no_rw_file_perms;
Richard Fung	0c7c267	2021-11-08 20:09:54 +0000	[diff] [blame]	36
				37	# apexd_payload_metadata_prop can only set by init
				38	neverallow {
				39	domain
				40	-init
				41	} apexd_payload_metadata_prop:property_service set;
Nikita Ioffe	1cf4d77	2022-11-27 01:11:39 +0000	[diff] [blame^]	42
				43	# Only microdroid_manager and init can set the microdroid_config_prop sysprops
				44	neverallow {
				45	domain
				46	-init
				47	-microdroid_manager
				48	} microdroid_config_prop:property_service set;
				49
				50	neverallow {
				51	domain
				52	-init
				53	-microdroid_manager
				54	} microdroid_config_prop:file no_rw_file_perms;