xref: /aosp_15_r20/system/sepolicy/prebuilts/api/31.0/private/property.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290)
1# Properties used only in /system
2system_internal_prop(adbd_prop)
3system_internal_prop(ctl_snapuserd_prop)
4system_internal_prop(device_config_profcollect_native_boot_prop)
5system_internal_prop(device_config_statsd_native_prop)
6system_internal_prop(device_config_statsd_native_boot_prop)
7system_internal_prop(device_config_storage_native_boot_prop)
8system_internal_prop(device_config_sys_traced_prop)
9system_internal_prop(device_config_window_manager_native_boot_prop)
10system_internal_prop(device_config_configuration_prop)
11system_internal_prop(device_config_connectivity_prop)
12system_internal_prop(device_config_swcodec_native_prop)
13system_internal_prop(fastbootd_protocol_prop)
14system_internal_prop(gsid_prop)
15system_internal_prop(init_perf_lsm_hooks_prop)
16system_internal_prop(init_service_status_private_prop)
17system_internal_prop(init_svc_debug_prop)
18system_internal_prop(keystore_crash_prop)
19system_internal_prop(keystore_listen_prop)
20system_internal_prop(last_boot_reason_prop)
21system_internal_prop(localization_prop)
22system_internal_prop(lower_kptr_restrict_prop)
23system_internal_prop(net_464xlat_fromvendor_prop)
24system_internal_prop(net_connectivity_prop)
25system_internal_prop(netd_stable_secret_prop)
26system_internal_prop(odsign_prop)
27system_internal_prop(perf_drop_caches_prop)
28system_internal_prop(pm_prop)
29system_internal_prop(profcollectd_node_id_prop)
30system_internal_prop(radio_cdma_ecm_prop)
31system_internal_prop(rollback_test_prop)
32system_internal_prop(setupwizard_prop)
33system_internal_prop(system_adbd_prop)
34system_internal_prop(traced_perf_enabled_prop)
35system_internal_prop(userspace_reboot_log_prop)
36system_internal_prop(userspace_reboot_test_prop)
37system_internal_prop(verity_status_prop)
38system_internal_prop(zygote_wrap_prop)
39system_internal_prop(ctl_mediatranscoding_prop)
40system_internal_prop(ctl_odsign_prop)
41
42###
43### Neverallow rules
44###
45
46treble_sysprop_neverallow(`
47
48enforce_sysprop_owner(`
49  neverallow domain {
50    property_type
51    -system_property_type
52    -product_property_type
53    -vendor_property_type
54  }:file no_rw_file_perms;
55')
56
57neverallow { domain -coredomain } {
58  system_property_type
59  system_internal_property_type
60  -system_restricted_property_type
61  -system_public_property_type
62}:file no_rw_file_perms;
63
64neverallow { domain -coredomain } {
65  system_property_type
66  -system_public_property_type
67}:property_service set;
68
69# init is in coredomain, but should be able to read/write all props.
70# dumpstate is also in coredomain, but should be able to read all props.
71neverallow { coredomain -init -dumpstate } {
72  vendor_property_type
73  vendor_internal_property_type
74  -vendor_restricted_property_type
75  -vendor_public_property_type
76}:file no_rw_file_perms;
77
78neverallow { coredomain -init } {
79  vendor_property_type
80  -vendor_public_property_type
81}:property_service set;
82
83')
84
85# There is no need to perform ioctl or advisory locking operations on
86# property files. If this neverallow is being triggered, it is
87# likely that the policy is using r_file_perms directly instead of
88# the get_prop() macro.
89neverallow domain property_type:file { ioctl lock };
90
91neverallow * {
92  core_property_type
93  -audio_prop
94  -config_prop
95  -cppreopt_prop
96  -dalvik_prop
97  -debuggerd_prop
98  -debug_prop
99  -dhcp_prop
100  -dumpstate_prop
101  -fingerprint_prop
102  -logd_prop
103  -net_radio_prop
104  -nfc_prop
105  -ota_prop
106  -pan_result_prop
107  -persist_debug_prop
108  -powerctl_prop
109  -radio_prop
110  -restorecon_prop
111  -shell_prop
112  -system_prop
113  -usb_prop
114  -vold_prop
115}:file no_rw_file_perms;
116
117# sigstop property is only used for debugging; should only be set by su which is permissive
118# for userdebug/eng
119neverallow {
120  domain
121  -init
122  -vendor_init
123} ctl_sigstop_prop:property_service set;
124
125# Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
126# in the audit log
127dontaudit domain {
128  ctl_bootanim_prop
129  ctl_bugreport_prop
130  ctl_console_prop
131  ctl_default_prop
132  ctl_dumpstate_prop
133  ctl_fuse_prop
134  ctl_mdnsd_prop
135  ctl_rildaemon_prop
136}:property_service set;
137
138neverallow {
139  domain
140  -init
141} init_svc_debug_prop:property_service set;
142
143neverallow {
144  domain
145  -init
146  -dumpstate
147  userdebug_or_eng(`-su')
148} init_svc_debug_prop:file no_rw_file_perms;
149
150compatible_property_only(`
151# Prevent properties from being set
152  neverallow {
153    domain
154    -coredomain
155    -appdomain
156    -vendor_init
157  } {
158    core_property_type
159    extended_core_property_type
160    exported_config_prop
161    exported_default_prop
162    exported_dumpstate_prop
163    exported_system_prop
164    exported3_system_prop
165    usb_control_prop
166    -nfc_prop
167    -powerctl_prop
168    -radio_prop
169  }:property_service set;
170
171  neverallow {
172    domain
173    -coredomain
174    -appdomain
175    -hal_nfc_server
176  } {
177    nfc_prop
178  }:property_service set;
179
180  neverallow {
181    domain
182    -coredomain
183    -appdomain
184    -hal_telephony_server
185    -vendor_init
186  } {
187    radio_control_prop
188  }:property_service set;
189
190  neverallow {
191    domain
192    -coredomain
193    -appdomain
194    -hal_telephony_server
195  } {
196    radio_prop
197  }:property_service set;
198
199  neverallow {
200    domain
201    -coredomain
202    -bluetooth
203    -hal_bluetooth_server
204  } {
205    bluetooth_prop
206  }:property_service set;
207
208  neverallow {
209    domain
210    -coredomain
211    -bluetooth
212    -hal_bluetooth_server
213    -vendor_init
214  } {
215    exported_bluetooth_prop
216  }:property_service set;
217
218  neverallow {
219    domain
220    -coredomain
221    -hal_camera_server
222    -cameraserver
223    -vendor_init
224  } {
225    exported_camera_prop
226  }:property_service set;
227
228  neverallow {
229    domain
230    -coredomain
231    -hal_wifi_server
232    -wificond
233  } {
234    wifi_prop
235  }:property_service set;
236
237  neverallow {
238    domain
239    -init
240    -dumpstate
241    -hal_wifi_server
242    -wificond
243    -vendor_init
244  } {
245    wifi_hal_prop
246  }:property_service set;
247
248# Prevent properties from being read
249  neverallow {
250    domain
251    -coredomain
252    -appdomain
253    -vendor_init
254  } {
255    core_property_type
256    dalvik_config_prop
257    extended_core_property_type
258    exported3_system_prop
259    systemsound_config_prop
260    -debug_prop
261    -logd_prop
262    -nfc_prop
263    -powerctl_prop
264    -radio_prop
265  }:file no_rw_file_perms;
266
267  neverallow {
268    domain
269    -coredomain
270    -appdomain
271    -hal_nfc_server
272  } {
273    nfc_prop
274  }:file no_rw_file_perms;
275
276  neverallow {
277    domain
278    -coredomain
279    -appdomain
280    -hal_telephony_server
281  } {
282    radio_prop
283  }:file no_rw_file_perms;
284
285  neverallow {
286    domain
287    -coredomain
288    -bluetooth
289    -hal_bluetooth_server
290  } {
291    bluetooth_prop
292  }:file no_rw_file_perms;
293
294  neverallow {
295    domain
296    -coredomain
297    -hal_wifi_server
298    -wificond
299  } {
300    wifi_prop
301  }:file no_rw_file_perms;
302
303  neverallow {
304    domain
305    -coredomain
306    -vendor_init
307  } {
308    suspend_prop
309  }:property_service set;
310')
311
312compatible_property_only(`
313  # Neverallow coredomain to set vendor properties
314  neverallow {
315    coredomain
316    -init
317    -system_writes_vendor_properties_violators
318  } {
319    property_type
320    -system_property_type
321    -extended_core_property_type
322  }:property_service set;
323')
324
325neverallow {
326  domain
327  -coredomain
328  -vendor_init
329} {
330  ffs_config_prop
331  ffs_control_prop
332}:file no_rw_file_perms;
333
334neverallow {
335  domain
336  -init
337  -system_server
338} {
339  userspace_reboot_log_prop
340}:property_service set;
341
342neverallow {
343  # Only allow init and system_server to set system_adbd_prop
344  domain
345  -init
346  -system_server
347} {
348  system_adbd_prop
349}:property_service set;
350
351# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port
352neverallow {
353  domain
354  -init
355  -vendor_init
356  -adbd
357  -system_server
358} {
359  adbd_config_prop
360}:property_service set;
361
362neverallow {
363  # Only allow init and adbd to set adbd_prop
364  domain
365  -init
366  -adbd
367} {
368  adbd_prop
369}:property_service set;
370
371neverallow {
372  # Only allow init and shell to set userspace_reboot_test_prop
373  domain
374  -init
375  -shell
376} {
377  userspace_reboot_test_prop
378}:property_service set;
379
380neverallow {
381  domain
382  -init
383  -system_server
384  -vendor_init
385} {
386  surfaceflinger_color_prop
387}:property_service set;
388
389neverallow {
390  domain
391  -init
392} {
393  libc_debug_prop
394}:property_service set;
395
396# Allow the shell to set MTE props, so that non-root users with adb shell
397# access can control the settings on their device.
398# Allow system apps to set MTE props, so Developer Options can set them.
399neverallow {
400  domain
401  -init
402  -shell
403  -system_app
404} {
405  arm64_memtag_prop
406}:property_service set;
407
408neverallow {
409  domain
410  -init
411  -system_server
412  -vendor_init
413} zram_control_prop:property_service set;
414
415neverallow {
416  domain
417  -init
418  -system_server
419  -vendor_init
420} dalvik_runtime_prop:property_service set;
421
422neverallow {
423  domain
424  -coredomain
425  -vendor_init
426} {
427  usb_config_prop
428  usb_control_prop
429}:property_service set;
430
431neverallow {
432  domain
433  -init
434  -system_server
435} {
436  provisioned_prop
437  retaildemo_prop
438}:property_service set;
439
440neverallow {
441  domain
442  -coredomain
443  -vendor_init
444} {
445  provisioned_prop
446  retaildemo_prop
447}:file no_rw_file_perms;
448
449neverallow {
450  domain
451  -init
452} {
453  init_service_status_private_prop
454  init_service_status_prop
455}:property_service set;
456
457neverallow {
458  domain
459  -init
460  -radio
461  -appdomain
462  -hal_telephony_server
463  not_compatible_property(`-vendor_init')
464} telephony_status_prop:property_service set;
465
466neverallow {
467  domain
468  -init
469  -vendor_init
470} {
471  graphics_config_prop
472}:property_service set;
473
474neverallow {
475  domain
476  -init
477  -surfaceflinger
478} {
479  surfaceflinger_display_prop
480}:property_service set;
481
482neverallow {
483  domain
484  -coredomain
485  -appdomain
486  -vendor_init
487} packagemanager_config_prop:file no_rw_file_perms;
488
489neverallow {
490  domain
491  -coredomain
492  -vendor_init
493} keyguard_config_prop:file no_rw_file_perms;
494
495neverallow {
496  domain
497  -init
498} {
499  localization_prop
500}:property_service set;
501
502neverallow {
503  domain
504  -init
505  -vendor_init
506  -dumpstate
507  -system_app
508} oem_unlock_prop:file no_rw_file_perms;
509
510neverallow {
511  domain
512  -coredomain
513  -vendor_init
514} storagemanager_config_prop:file no_rw_file_perms;
515
516neverallow {
517  domain
518  -init
519  -vendor_init
520  -dumpstate
521  -appdomain
522} sendbug_config_prop:file no_rw_file_perms;
523
524neverallow {
525  domain
526  -init
527  -vendor_init
528  -dumpstate
529  -appdomain
530} camera_calibration_prop:file no_rw_file_perms;
531
532neverallow {
533  domain
534  -init
535  -dumpstate
536  -hal_dumpstate_server
537  not_compatible_property(`-vendor_init')
538} hal_dumpstate_config_prop:file no_rw_file_perms;
539
540neverallow {
541  domain
542  -init
543  userdebug_or_eng(`-profcollectd')
544  userdebug_or_eng(`-traced_probes')
545  userdebug_or_eng(`-traced_perf')
546} {
547  lower_kptr_restrict_prop
548}:property_service set;
549
550neverallow {
551  domain
552  -init
553} zygote_wrap_prop:property_service set;
554
555neverallow {
556  domain
557  -init
558} verity_status_prop:property_service set;
559
560neverallow {
561  domain
562  -init
563} setupwizard_prop:property_service set;
564
565# ro.product.property_source_order is useless after initialization of ro.product.* props.
566# So making it accessible only from init and vendor_init.
567neverallow {
568  domain
569  -init
570  -dumpstate
571  -vendor_init
572} build_config_prop:file no_rw_file_perms;
573
574neverallow {
575  domain
576  -init
577  -shell
578} sqlite_log_prop:property_service set;
579
580neverallow {
581  domain
582  -coredomain
583  -appdomain
584} sqlite_log_prop:file no_rw_file_perms;
585
586neverallow {
587  domain
588  -init
589} default_prop:property_service set;
590
591# Only one of system_property_type and vendor_property_type can be assigned.
592# Property types having both attributes won't be accessible from anywhere.
593neverallow domain system_and_vendor_property_type:{file property_service} *;
594
595neverallow {
596  # Only allow init and shell to set rollback_test_prop
597  domain
598  -init
599  -shell
600} rollback_test_prop:property_service set;
601
602neverallow {
603  # Only allow init and profcollectd to access profcollectd_node_id_prop
604  domain
605  -init
606  -dumpstate
607  -profcollectd
608} profcollectd_node_id_prop:file r_file_perms;
609
610