Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 81a4dd40d69e26ca6a5f62c71b3ae742d86d9ac3 / . / private / property.te
blob: 1ffb8ee4eb07c26595d7d8d3c363b315c2dfcdea [file] [log] [blame]
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]1# Properties used only in /system
2system_internal_prop(adbd_prop)
David Anderson09bb9442020-11-13 00:45:59 -0800[diff] [blame]3system_internal_prop(ctl_snapuserd_prop)
Yi Kong0ac00722020-10-27 02:29:52 +0800[diff] [blame]4system_internal_prop(device_config_profcollect_native_boot_prop)
Tej Singhdd0988f2020-11-17 19:26:23 -0800[diff] [blame]5system_internal_prop(device_config_statsd_native_prop)
6system_internal_prop(device_config_statsd_native_boot_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]7system_internal_prop(device_config_storage_native_boot_prop)
8system_internal_prop(device_config_sys_traced_prop)
9system_internal_prop(device_config_window_manager_native_boot_prop)
10system_internal_prop(device_config_configuration_prop)
Xiao Ma2d6c9f02021-02-02 10:27:38 +0000[diff] [blame]11system_internal_prop(device_config_connectivity_prop)
Nick Chalko81a4dd42021-02-11 09:12:51 -0800[diff] [blame^]12system_internal_prop(device_config_swcodec_native_prop)
Hongguang Chen91a5f4e2020-04-23 23:43:13 -0700[diff] [blame]13system_internal_prop(fastbootd_protocol_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]14system_internal_prop(gsid_prop)
15system_internal_prop(init_perf_lsm_hooks_prop)
Inseob Kim15e5e0a2020-05-14 19:43:08 +0900[diff] [blame]16system_internal_prop(init_service_status_private_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]17system_internal_prop(init_svc_debug_prop)
18system_internal_prop(last_boot_reason_prop)
Alexander Mishkovetsf0be89b2020-07-08 23:11:03 +0200[diff] [blame]19system_internal_prop(localization_prop)
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]20system_internal_prop(lower_kptr_restrict_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]21system_internal_prop(netd_stable_secret_prop)
22system_internal_prop(pm_prop)
Inseob Kimd5a04482020-11-05 22:17:26 +0900[diff] [blame]23system_internal_prop(setupwizard_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]24system_internal_prop(system_adbd_prop)
Benjamin Schwartz3e4d97b2020-10-30 13:55:21 -0700[diff] [blame]25system_internal_prop(suspend_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]26system_internal_prop(traced_perf_enabled_prop)
27system_internal_prop(userspace_reboot_log_prop)
28system_internal_prop(userspace_reboot_test_prop)
Inseob Kimd5a04482020-11-05 22:17:26 +0900[diff] [blame]29system_internal_prop(verity_status_prop)
30system_internal_prop(zygote_wrap_prop)
Inseob Kimbbae4a92020-03-19 17:49:08 +0900[diff] [blame]31
Janis Danisevskis202e8632020-10-23 11:16:34 -0700[diff] [blame]32# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
33system_internal_prop(keystore2_enable_prop)
34
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]35###
36### Neverallow rules
37###
38
39treble_sysprop_neverallow(`
40
Inseob Kimafc09932020-09-28 13:32:43 +0900[diff] [blame]41enforce_sysprop_owner(`
42 neverallow domain {
43 property_type
44 -system_property_type
45 -product_property_type
46 -vendor_property_type
47 }:file no_rw_file_perms;
48')
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]49
50neverallow { domain -coredomain } {
51 system_property_type
52 system_internal_property_type
53 -system_restricted_property_type
54 -system_public_property_type
55}:file no_rw_file_perms;
56
57neverallow { domain -coredomain } {
58 system_property_type
59 -system_public_property_type
60}:property_service set;
61
62# init is in coredomain, but should be able to read/write all props.
63# dumpstate is also in coredomain, but should be able to read all props.
64neverallow { coredomain -init -dumpstate } {
65 vendor_property_type
66 vendor_internal_property_type
67 -vendor_restricted_property_type
68 -vendor_public_property_type
69}:file no_rw_file_perms;
70
71neverallow { coredomain -init } {
72 vendor_property_type
73 -vendor_public_property_type
74}:property_service set;
75
76')
77
78# There is no need to perform ioctl or advisory locking operations on
79# property files. If this neverallow is being triggered, it is
80# likely that the policy is using r_file_perms directly instead of
81# the get_prop() macro.
82neverallow domain property_type:file { ioctl lock };
83
84neverallow * {
85 core_property_type
86 -audio_prop
87 -config_prop
88 -cppreopt_prop
89 -dalvik_prop
90 -debuggerd_prop
91 -debug_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]92 -dhcp_prop
93 -dumpstate_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]94 -fingerprint_prop
95 -logd_prop
96 -net_radio_prop
97 -nfc_prop
98 -ota_prop
99 -pan_result_prop
100 -persist_debug_prop
101 -powerctl_prop
102 -radio_prop
103 -restorecon_prop
104 -shell_prop
105 -system_prop
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]106 -usb_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]107 -vold_prop
108}:file no_rw_file_perms;
109
110# sigstop property is only used for debugging; should only be set by su which is permissive
111# for userdebug/eng
112neverallow {
113 domain
114 -init
115 -vendor_init
116} ctl_sigstop_prop:property_service set;
117
118# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
119# in the audit log
120dontaudit domain {
121 ctl_bootanim_prop
122 ctl_bugreport_prop
123 ctl_console_prop
124 ctl_default_prop
125 ctl_dumpstate_prop
126 ctl_fuse_prop
127 ctl_mdnsd_prop
128 ctl_rildaemon_prop
129}:property_service set;
130
131neverallow {
132 domain
133 -init
134} init_svc_debug_prop:property_service set;
135
136neverallow {
137 domain
138 -init
139 -dumpstate
140 userdebug_or_eng(`-su')
141} init_svc_debug_prop:file no_rw_file_perms;
142
143compatible_property_only(`
144# Prevent properties from being set
145 neverallow {
146 domain
147 -coredomain
148 -appdomain
149 -vendor_init
150 } {
151 core_property_type
152 extended_core_property_type
153 exported_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]154 exported_default_prop
155 exported_dumpstate_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]156 exported_system_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]157 exported3_system_prop
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]158 usb_control_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]159 -nfc_prop
160 -powerctl_prop
161 -radio_prop
162 }:property_service set;
163
164 neverallow {
165 domain
166 -coredomain
167 -appdomain
168 -hal_nfc_server
169 } {
170 nfc_prop
171 }:property_service set;
172
173 neverallow {
174 domain
175 -coredomain
176 -appdomain
177 -hal_telephony_server
178 -vendor_init
179 } {
Inseob Kimacd02fc2020-07-28 15:17:24 +0900[diff] [blame]180 radio_control_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]181 }:property_service set;
182
183 neverallow {
184 domain
185 -coredomain
186 -appdomain
187 -hal_telephony_server
188 } {
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]189 radio_prop
190 }:property_service set;
191
192 neverallow {
193 domain
194 -coredomain
195 -bluetooth
196 -hal_bluetooth_server
197 } {
198 bluetooth_prop
199 }:property_service set;
200
201 neverallow {
202 domain
203 -coredomain
204 -bluetooth
205 -hal_bluetooth_server
206 -vendor_init
207 } {
208 exported_bluetooth_prop
209 }:property_service set;
210
211 neverallow {
212 domain
213 -coredomain
214 -hal_camera_server
215 -cameraserver
216 -vendor_init
217 } {
218 exported_camera_prop
219 }:property_service set;
220
221 neverallow {
222 domain
223 -coredomain
224 -hal_wifi_server
225 -wificond
226 } {
227 wifi_prop
228 }:property_service set;
229
230 neverallow {
231 domain
Inseob Kim3dbf3d82020-06-25 21:20:42 +0900[diff] [blame]232 -init
233 -dumpstate
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]234 -hal_wifi_server
235 -wificond
236 -vendor_init
237 } {
Inseob Kim3dbf3d82020-06-25 21:20:42 +0900[diff] [blame]238 wifi_hal_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]239 }:property_service set;
240
241# Prevent properties from being read
242 neverallow {
243 domain
244 -coredomain
245 -appdomain
246 -vendor_init
247 } {
248 core_property_type
Inseob Kimd8c39d92020-04-20 19:36:33 +0900[diff] [blame]249 dalvik_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]250 extended_core_property_type
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]251 exported3_system_prop
Inseob Kimfd2d6ec2020-04-01 10:01:16 +0900[diff] [blame]252 systemsound_config_prop
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]253 -debug_prop
254 -logd_prop
255 -nfc_prop
256 -powerctl_prop
257 -radio_prop
258 }:file no_rw_file_perms;
259
260 neverallow {
261 domain
262 -coredomain
263 -appdomain
264 -hal_nfc_server
265 } {
266 nfc_prop
267 }:file no_rw_file_perms;
268
269 neverallow {
270 domain
271 -coredomain
272 -appdomain
273 -hal_telephony_server
274 } {
275 radio_prop
276 }:file no_rw_file_perms;
277
278 neverallow {
279 domain
280 -coredomain
281 -bluetooth
282 -hal_bluetooth_server
283 } {
284 bluetooth_prop
285 }:file no_rw_file_perms;
286
287 neverallow {
288 domain
289 -coredomain
290 -hal_wifi_server
291 -wificond
292 } {
293 wifi_prop
294 }:file no_rw_file_perms;
Benjamin Schwartz3e4d97b2020-10-30 13:55:21 -0700[diff] [blame]295
296 neverallow {
297 domain
298 -init
299 } {
300 suspend_prop
301 }:property_service set;
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]302')
303
304compatible_property_only(`
305 # Neverallow coredomain to set vendor properties
306 neverallow {
307 coredomain
308 -init
309 -system_writes_vendor_properties_violators
310 } {
311 property_type
312 -system_property_type
313 -extended_core_property_type
314 }:property_service set;
315')
316
317neverallow {
Inseob Kimbfb37082020-04-27 23:49:15 +0900[diff] [blame]318 -coredomain
319 -vendor_init
320} {
321 ffs_config_prop
322 ffs_control_prop
323}:file no_rw_file_perms;
324
325neverallow {
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]326 -init
327 -system_server
328} {
329 userspace_reboot_log_prop
330}:property_service set;
331
332neverallow {
333 # Only allow init and system_server to set system_adbd_prop
334 -init
335 -system_server
336} {
337 system_adbd_prop
338}:property_service set;
339
Josh Gao0cac6fd2020-10-28 13:56:23 -0700[diff] [blame]340# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port
341neverallow {
342 -init
343 -vendor_init
344 -adbd
345 -system_server
346} {
347 adbd_config_prop
348}:property_service set;
349
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]350neverallow {
351 # Only allow init and adbd to set adbd_prop
352 -init
353 -adbd
354} {
355 adbd_prop
356}:property_service set;
357
358neverallow {
359 # Only allow init and shell to set userspace_reboot_test_prop
360 -init
361 -shell
362} {
363 userspace_reboot_test_prop
364}:property_service set;
Inseob Kim721d9212020-04-24 21:25:17 +0900[diff] [blame]365
366neverallow {
367 -init
368 -system_server
369 -vendor_init
370} {
371 surfaceflinger_color_prop
372}:property_service set;
Inseob Kim9add20f2020-05-06 22:20:35 +0900[diff] [blame]373
374neverallow {
375 -init
376} {
377 libc_debug_prop
378}:property_service set;
Inseob Kim36aeb162020-05-08 20:42:25 +0900[diff] [blame]379
Mitch Phillipseaf14042020-12-03 17:23:06 -0800[diff] [blame]380# Allow the shell to set MTE props, so that non-root users with adb shell
381# access can control the settings on their device.
382neverallow {
383 -init
384 -shell
385} {
386 arm64_memtag_prop
387}:property_service set;
388
Inseob Kim36aeb162020-05-08 20:42:25 +0900[diff] [blame]389neverallow {
390 -init
391 -system_server
392 -vendor_init
393} zram_control_prop:property_service set;
Inseob Kim1337e152020-05-12 22:51:48 +0900[diff] [blame]394
395neverallow {
396 -init
397 -system_server
398 -vendor_init
399} dalvik_runtime_prop:property_service set;
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]400
401neverallow {
402 -coredomain
403 -vendor_init
404} {
405 usb_config_prop
406 usb_control_prop
407}:property_service set;
Inseob Kim3b82aec2020-05-14 01:38:40 +0900[diff] [blame]408
409neverallow {
410 -init
411 -system_server
412} {
413 provisioned_prop
414 retaildemo_prop
415}:property_service set;
416
417neverallow {
418 -coredomain
419 -vendor_init
420} {
421 provisioned_prop
422 retaildemo_prop
423}:file no_rw_file_perms;
Inseob Kim15e5e0a2020-05-14 19:43:08 +0900[diff] [blame]424
425neverallow {
426 -init
427} {
428 init_service_status_private_prop
429 init_service_status_prop
430}:property_service set;
Inseob Kimad631702020-05-14 21:47:43 +0900[diff] [blame]431
432neverallow {
433 -init
434 -radio
435 -appdomain
436 -hal_telephony_server
Inseob Kim285da2f2020-06-04 20:29:43 +0900[diff] [blame]437 not_compatible_property(`-vendor_init')
Inseob Kimad631702020-05-14 21:47:43 +0900[diff] [blame]438} telephony_status_prop:property_service set;
Peiyong Lin37dea072020-06-03 12:20:41 -0700[diff] [blame]439
440neverallow {
441 -init
442 -vendor_init
443} {
444 graphics_config_prop
445}:property_service set;
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]446
447neverallow {
Amy Hsu0f352fb2020-06-15 17:04:12 +0800[diff] [blame]448 -init
Midas Chien0d0391f2020-06-17 22:13:21 +0800[diff] [blame]449 -surfaceflinger
Amy Hsu0f352fb2020-06-15 17:04:12 +0800[diff] [blame]450} {
451 surfaceflinger_display_prop
452}:property_service set;
453
Inseob Kim072b0142020-06-16 20:00:41 +0900[diff] [blame]454neverallow {
Inseob Kim5eacf722020-07-01 01:27:49 +0900[diff] [blame]455 -coredomain
456 -appdomain
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]457 -vendor_init
Inseob Kim6ffdf1b2020-06-16 20:00:41 +0900[diff] [blame]458} packagemanager_config_prop:file no_rw_file_perms;
Inseob Kim04f435c2020-07-07 12:46:24 +0900[diff] [blame]459
460neverallow {
461 -coredomain
462 -vendor_init
463} keyguard_config_prop:file no_rw_file_perms;
Alexander Mishkovetsf0be89b2020-07-08 23:11:03 +0200[diff] [blame]464
465neverallow {
466 -init
467} {
468 localization_prop
469}:property_service set;
Inseob Kimc80b0242020-07-16 22:25:47 +0900[diff] [blame]470
471neverallow {
472 -init
473 -vendor_init
474 -dumpstate
475 -system_app
476} oem_unlock_prop:file no_rw_file_perms;
477
478neverallow {
479 -coredomain
480 -vendor_init
481} storagemanager_config_prop:file no_rw_file_perms;
482
483neverallow {
484 -init
485 -vendor_init
486 -dumpstate
487 -appdomain
488} sendbug_config_prop:file no_rw_file_perms;
Inseob Kimc97a97c2020-07-20 20:26:07 +0900[diff] [blame]489
490neverallow {
491 -init
492 -vendor_init
493 -dumpstate
494 -appdomain
495} camera_calibration_prop:file no_rw_file_perms;
Inseob Kim46dd4be2020-08-18 11:25:32 +0900[diff] [blame]496
497neverallow {
498 -init
499 -dumpstate
Jeff Vander Stoep684d25b2020-08-25 11:41:00 +0200[diff] [blame]500 -hal_dumpstate_server
Inseob Kim46dd4be2020-08-18 11:25:32 +0900[diff] [blame]501 not_compatible_property(`-vendor_init')
502} hal_dumpstate_config_prop:file no_rw_file_perms;
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]503
504neverallow {
505 -init
506 userdebug_or_eng(`-traced_probes')
Florian Mayer167407d2020-11-11 11:01:36 +0000[diff] [blame]507 userdebug_or_eng(`-traced_perf')
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]508} {
509 lower_kptr_restrict_prop
510}:property_service set;
Janis Danisevskis202e8632020-10-23 11:16:34 -0700[diff] [blame]511
512# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
513neverallow {
514 -init
515 -dumpstate
516 -system_app
517 -system_server
518 -zygote
519} keystore2_enable_prop:file no_rw_file_perms;
Inseob Kimd5a04482020-11-05 22:17:26 +0900[diff] [blame]520
521neverallow {
522 -init
523} zygote_wrap_prop:property_service set;
524
525neverallow {
526 -init
527} verity_status_prop:property_service set;
528
529neverallow {
530 -init
531} setupwizard_prop:property_service set;
Inseob Kim99855662020-11-12 22:21:51 +0900[diff] [blame]532
533# ro.product.property_source_order is useless after initialization of ro.product.* props.
534# So making it accessible only from init and vendor_init.
535neverallow {
536 -init
537 -dumpstate
538 -vendor_init
539} build_config_prop:file no_rw_file_perms;
Inseob Kim0cef0fe2020-11-17 13:54:52 +0900[diff] [blame]540
541neverallow {
542 -init
543 -shell
544} sqlite_log_prop:property_service set;
545
546neverallow {
547 -coredomain
548 -appdomain
549} sqlite_log_prop:file no_rw_file_perms;
Inseob Kim4c110ff2020-11-26 21:50:23 +0900[diff] [blame]550
Inseob Kim5c011e52021-01-14 04:08:16 +0000[diff] [blame]551neverallow {
552 -init
553} default_prop:property_service set;
554
Inseob Kim4c110ff2020-11-26 21:50:23 +0900[diff] [blame]555# Only one of system_property_type and vendor_property_type can be assigned.
556# Property types having both attributes won't be accessible from anywhere.
557neverallow domain system_and_vendor_property_type:{file property_service} *;