1# Properties used only in /system 2system_internal_prop(adbd_prop) 3system_internal_prop(ctl_snapuserd_prop) 4system_internal_prop(device_config_profcollect_native_boot_prop) 5system_internal_prop(device_config_statsd_native_prop) 6system_internal_prop(device_config_statsd_native_boot_prop) 7system_internal_prop(device_config_storage_native_boot_prop) 8system_internal_prop(device_config_sys_traced_prop) 9system_internal_prop(device_config_window_manager_native_boot_prop) 10system_internal_prop(device_config_configuration_prop) 11system_internal_prop(device_config_connectivity_prop) 12system_internal_prop(device_config_swcodec_native_prop) 13system_internal_prop(fastbootd_protocol_prop) 14system_internal_prop(gsid_prop) 15system_internal_prop(init_perf_lsm_hooks_prop) 16system_internal_prop(init_service_status_private_prop) 17system_internal_prop(init_svc_debug_prop) 18system_internal_prop(keystore_crash_prop) 19system_internal_prop(keystore_listen_prop) 20system_internal_prop(last_boot_reason_prop) 21system_internal_prop(localization_prop) 22system_internal_prop(lower_kptr_restrict_prop) 23system_internal_prop(net_464xlat_fromvendor_prop) 24system_internal_prop(net_connectivity_prop) 25system_internal_prop(netd_stable_secret_prop) 26system_internal_prop(odsign_prop) 27system_internal_prop(perf_drop_caches_prop) 28system_internal_prop(pm_prop) 29system_internal_prop(profcollectd_node_id_prop) 30system_internal_prop(radio_cdma_ecm_prop) 31system_internal_prop(rollback_test_prop) 32system_internal_prop(setupwizard_prop) 33system_internal_prop(system_adbd_prop) 34system_internal_prop(traced_perf_enabled_prop) 35system_internal_prop(userspace_reboot_log_prop) 36system_internal_prop(userspace_reboot_test_prop) 37system_internal_prop(verity_status_prop) 38system_internal_prop(zygote_wrap_prop) 39system_internal_prop(ctl_mediatranscoding_prop) 40system_internal_prop(ctl_odsign_prop) 41 42### 43### Neverallow rules 44### 45 46treble_sysprop_neverallow(` 47 48enforce_sysprop_owner(` 49 neverallow domain { 50 property_type 51 -system_property_type 52 -product_property_type 53 -vendor_property_type 54 }:file no_rw_file_perms; 55') 56 57neverallow { domain -coredomain } { 58 system_property_type 59 system_internal_property_type 60 -system_restricted_property_type 61 -system_public_property_type 62}:file no_rw_file_perms; 63 64neverallow { domain -coredomain } { 65 system_property_type 66 -system_public_property_type 67}:property_service set; 68 69# init is in coredomain, but should be able to read/write all props. 70# dumpstate is also in coredomain, but should be able to read all props. 71neverallow { coredomain -init -dumpstate } { 72 vendor_property_type 73 vendor_internal_property_type 74 -vendor_restricted_property_type 75 -vendor_public_property_type 76}:file no_rw_file_perms; 77 78neverallow { coredomain -init } { 79 vendor_property_type 80 -vendor_public_property_type 81}:property_service set; 82 83') 84 85# There is no need to perform ioctl or advisory locking operations on 86# property files. If this neverallow is being triggered, it is 87# likely that the policy is using r_file_perms directly instead of 88# the get_prop() macro. 89neverallow domain property_type:file { ioctl lock }; 90 91neverallow * { 92 core_property_type 93 -audio_prop 94 -config_prop 95 -cppreopt_prop 96 -dalvik_prop 97 -debuggerd_prop 98 -debug_prop 99 -dhcp_prop 100 -dumpstate_prop 101 -fingerprint_prop 102 -logd_prop 103 -net_radio_prop 104 -nfc_prop 105 -ota_prop 106 -pan_result_prop 107 -persist_debug_prop 108 -powerctl_prop 109 -radio_prop 110 -restorecon_prop 111 -shell_prop 112 -system_prop 113 -usb_prop 114 -vold_prop 115}:file no_rw_file_perms; 116 117# sigstop property is only used for debugging; should only be set by su which is permissive 118# for userdebug/eng 119neverallow { 120 domain 121 -init 122 -vendor_init 123} ctl_sigstop_prop:property_service set; 124 125# Don't audit legacy ctl. property handling. We only want the newer permission check to appear 126# in the audit log 127dontaudit domain { 128 ctl_bootanim_prop 129 ctl_bugreport_prop 130 ctl_console_prop 131 ctl_default_prop 132 ctl_dumpstate_prop 133 ctl_fuse_prop 134 ctl_mdnsd_prop 135 ctl_rildaemon_prop 136}:property_service set; 137 138neverallow { 139 domain 140 -init 141} init_svc_debug_prop:property_service set; 142 143neverallow { 144 domain 145 -init 146 -dumpstate 147 userdebug_or_eng(`-su') 148} init_svc_debug_prop:file no_rw_file_perms; 149 150compatible_property_only(` 151# Prevent properties from being set 152 neverallow { 153 domain 154 -coredomain 155 -appdomain 156 -vendor_init 157 } { 158 core_property_type 159 extended_core_property_type 160 exported_config_prop 161 exported_default_prop 162 exported_dumpstate_prop 163 exported_system_prop 164 exported3_system_prop 165 usb_control_prop 166 -nfc_prop 167 -powerctl_prop 168 -radio_prop 169 }:property_service set; 170 171 neverallow { 172 domain 173 -coredomain 174 -appdomain 175 -hal_nfc_server 176 } { 177 nfc_prop 178 }:property_service set; 179 180 neverallow { 181 domain 182 -coredomain 183 -appdomain 184 -hal_telephony_server 185 -vendor_init 186 } { 187 radio_control_prop 188 }:property_service set; 189 190 neverallow { 191 domain 192 -coredomain 193 -appdomain 194 -hal_telephony_server 195 } { 196 radio_prop 197 }:property_service set; 198 199 neverallow { 200 domain 201 -coredomain 202 -bluetooth 203 -hal_bluetooth_server 204 } { 205 bluetooth_prop 206 }:property_service set; 207 208 neverallow { 209 domain 210 -coredomain 211 -bluetooth 212 -hal_bluetooth_server 213 -vendor_init 214 } { 215 exported_bluetooth_prop 216 }:property_service set; 217 218 neverallow { 219 domain 220 -coredomain 221 -hal_camera_server 222 -cameraserver 223 -vendor_init 224 } { 225 exported_camera_prop 226 }:property_service set; 227 228 neverallow { 229 domain 230 -coredomain 231 -hal_wifi_server 232 -wificond 233 } { 234 wifi_prop 235 }:property_service set; 236 237 neverallow { 238 domain 239 -init 240 -dumpstate 241 -hal_wifi_server 242 -wificond 243 -vendor_init 244 } { 245 wifi_hal_prop 246 }:property_service set; 247 248# Prevent properties from being read 249 neverallow { 250 domain 251 -coredomain 252 -appdomain 253 -vendor_init 254 } { 255 core_property_type 256 dalvik_config_prop 257 extended_core_property_type 258 exported3_system_prop 259 systemsound_config_prop 260 -debug_prop 261 -logd_prop 262 -nfc_prop 263 -powerctl_prop 264 -radio_prop 265 }:file no_rw_file_perms; 266 267 neverallow { 268 domain 269 -coredomain 270 -appdomain 271 -hal_nfc_server 272 } { 273 nfc_prop 274 }:file no_rw_file_perms; 275 276 neverallow { 277 domain 278 -coredomain 279 -appdomain 280 -hal_telephony_server 281 } { 282 radio_prop 283 }:file no_rw_file_perms; 284 285 neverallow { 286 domain 287 -coredomain 288 -bluetooth 289 -hal_bluetooth_server 290 } { 291 bluetooth_prop 292 }:file no_rw_file_perms; 293 294 neverallow { 295 domain 296 -coredomain 297 -hal_wifi_server 298 -wificond 299 } { 300 wifi_prop 301 }:file no_rw_file_perms; 302 303 neverallow { 304 domain 305 -coredomain 306 -vendor_init 307 } { 308 suspend_prop 309 }:property_service set; 310') 311 312compatible_property_only(` 313 # Neverallow coredomain to set vendor properties 314 neverallow { 315 coredomain 316 -init 317 -system_writes_vendor_properties_violators 318 } { 319 property_type 320 -system_property_type 321 -extended_core_property_type 322 }:property_service set; 323') 324 325neverallow { 326 domain 327 -coredomain 328 -vendor_init 329} { 330 ffs_config_prop 331 ffs_control_prop 332}:file no_rw_file_perms; 333 334neverallow { 335 domain 336 -init 337 -system_server 338} { 339 userspace_reboot_log_prop 340}:property_service set; 341 342neverallow { 343 # Only allow init and system_server to set system_adbd_prop 344 domain 345 -init 346 -system_server 347} { 348 system_adbd_prop 349}:property_service set; 350 351# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port 352neverallow { 353 domain 354 -init 355 -vendor_init 356 -adbd 357 -system_server 358} { 359 adbd_config_prop 360}:property_service set; 361 362neverallow { 363 # Only allow init and adbd to set adbd_prop 364 domain 365 -init 366 -adbd 367} { 368 adbd_prop 369}:property_service set; 370 371neverallow { 372 # Only allow init and shell to set userspace_reboot_test_prop 373 domain 374 -init 375 -shell 376} { 377 userspace_reboot_test_prop 378}:property_service set; 379 380neverallow { 381 domain 382 -init 383 -system_server 384 -vendor_init 385} { 386 surfaceflinger_color_prop 387}:property_service set; 388 389neverallow { 390 domain 391 -init 392} { 393 libc_debug_prop 394}:property_service set; 395 396# Allow the shell to set MTE props, so that non-root users with adb shell 397# access can control the settings on their device. 398# Allow system apps to set MTE props, so Developer Options can set them. 399neverallow { 400 domain 401 -init 402 -shell 403 -system_app 404} { 405 arm64_memtag_prop 406}:property_service set; 407 408neverallow { 409 domain 410 -init 411 -system_server 412 -vendor_init 413} zram_control_prop:property_service set; 414 415neverallow { 416 domain 417 -init 418 -system_server 419 -vendor_init 420} dalvik_runtime_prop:property_service set; 421 422neverallow { 423 domain 424 -coredomain 425 -vendor_init 426} { 427 usb_config_prop 428 usb_control_prop 429}:property_service set; 430 431neverallow { 432 domain 433 -init 434 -system_server 435} { 436 provisioned_prop 437 retaildemo_prop 438}:property_service set; 439 440neverallow { 441 domain 442 -coredomain 443 -vendor_init 444} { 445 provisioned_prop 446 retaildemo_prop 447}:file no_rw_file_perms; 448 449neverallow { 450 domain 451 -init 452} { 453 init_service_status_private_prop 454 init_service_status_prop 455}:property_service set; 456 457neverallow { 458 domain 459 -init 460 -radio 461 -appdomain 462 -hal_telephony_server 463 not_compatible_property(`-vendor_init') 464} telephony_status_prop:property_service set; 465 466neverallow { 467 domain 468 -init 469 -vendor_init 470} { 471 graphics_config_prop 472}:property_service set; 473 474neverallow { 475 domain 476 -init 477 -surfaceflinger 478} { 479 surfaceflinger_display_prop 480}:property_service set; 481 482neverallow { 483 domain 484 -coredomain 485 -appdomain 486 -vendor_init 487} packagemanager_config_prop:file no_rw_file_perms; 488 489neverallow { 490 domain 491 -coredomain 492 -vendor_init 493} keyguard_config_prop:file no_rw_file_perms; 494 495neverallow { 496 domain 497 -init 498} { 499 localization_prop 500}:property_service set; 501 502neverallow { 503 domain 504 -init 505 -vendor_init 506 -dumpstate 507 -system_app 508} oem_unlock_prop:file no_rw_file_perms; 509 510neverallow { 511 domain 512 -coredomain 513 -vendor_init 514} storagemanager_config_prop:file no_rw_file_perms; 515 516neverallow { 517 domain 518 -init 519 -vendor_init 520 -dumpstate 521 -appdomain 522} sendbug_config_prop:file no_rw_file_perms; 523 524neverallow { 525 domain 526 -init 527 -vendor_init 528 -dumpstate 529 -appdomain 530} camera_calibration_prop:file no_rw_file_perms; 531 532neverallow { 533 domain 534 -init 535 -dumpstate 536 -hal_dumpstate_server 537 not_compatible_property(`-vendor_init') 538} hal_dumpstate_config_prop:file no_rw_file_perms; 539 540neverallow { 541 domain 542 -init 543 userdebug_or_eng(`-profcollectd') 544 userdebug_or_eng(`-traced_probes') 545 userdebug_or_eng(`-traced_perf') 546} { 547 lower_kptr_restrict_prop 548}:property_service set; 549 550neverallow { 551 domain 552 -init 553} zygote_wrap_prop:property_service set; 554 555neverallow { 556 domain 557 -init 558} verity_status_prop:property_service set; 559 560neverallow { 561 domain 562 -init 563} setupwizard_prop:property_service set; 564 565# ro.product.property_source_order is useless after initialization of ro.product.* props. 566# So making it accessible only from init and vendor_init. 567neverallow { 568 domain 569 -init 570 -dumpstate 571 -vendor_init 572} build_config_prop:file no_rw_file_perms; 573 574neverallow { 575 domain 576 -init 577 -shell 578} sqlite_log_prop:property_service set; 579 580neverallow { 581 domain 582 -coredomain 583 -appdomain 584} sqlite_log_prop:file no_rw_file_perms; 585 586neverallow { 587 domain 588 -init 589} default_prop:property_service set; 590 591# Only one of system_property_type and vendor_property_type can be assigned. 592# Property types having both attributes won't be accessible from anywhere. 593neverallow domain system_and_vendor_property_type:{file property_service} *; 594 595neverallow { 596 # Only allow init and shell to set rollback_test_prop 597 domain 598 -init 599 -shell 600} rollback_test_prop:property_service set; 601 602neverallow { 603 # Only allow init and profcollectd to access profcollectd_node_id_prop 604 domain 605 -init 606 -dumpstate 607 -profcollectd 608} profcollectd_node_id_prop:file r_file_perms; 609 610