1# Properties used only in /system 2system_internal_prop(adbd_prop) 3system_internal_prop(ctl_snapuserd_prop) 4system_internal_prop(device_config_lmkd_native_prop) 5system_internal_prop(device_config_profcollect_native_boot_prop) 6system_internal_prop(device_config_statsd_native_prop) 7system_internal_prop(device_config_statsd_native_boot_prop) 8system_internal_prop(device_config_storage_native_boot_prop) 9system_internal_prop(device_config_sys_traced_prop) 10system_internal_prop(device_config_window_manager_native_boot_prop) 11system_internal_prop(device_config_configuration_prop) 12system_internal_prop(device_config_connectivity_prop) 13system_internal_prop(device_config_swcodec_native_prop) 14system_internal_prop(fastbootd_protocol_prop) 15system_internal_prop(gsid_prop) 16system_internal_prop(init_perf_lsm_hooks_prop) 17system_internal_prop(init_service_status_private_prop) 18system_internal_prop(init_svc_debug_prop) 19system_internal_prop(keystore_crash_prop) 20system_internal_prop(keystore_listen_prop) 21system_internal_prop(last_boot_reason_prop) 22system_internal_prop(localization_prop) 23system_internal_prop(lower_kptr_restrict_prop) 24system_internal_prop(net_464xlat_fromvendor_prop) 25system_internal_prop(net_connectivity_prop) 26system_internal_prop(netd_stable_secret_prop) 27system_internal_prop(odsign_prop) 28system_internal_prop(perf_drop_caches_prop) 29system_internal_prop(pm_prop) 30system_internal_prop(profcollectd_node_id_prop) 31system_internal_prop(radio_cdma_ecm_prop) 32system_internal_prop(rollback_test_prop) 33system_internal_prop(setupwizard_prop) 34system_internal_prop(system_adbd_prop) 35system_internal_prop(traced_perf_enabled_prop) 36system_internal_prop(userspace_reboot_log_prop) 37system_internal_prop(userspace_reboot_test_prop) 38system_internal_prop(verity_status_prop) 39system_internal_prop(zygote_wrap_prop) 40system_internal_prop(ctl_mediatranscoding_prop) 41system_internal_prop(ctl_odsign_prop) 42 43### 44### Neverallow rules 45### 46 47treble_sysprop_neverallow(` 48 49enforce_sysprop_owner(` 50 neverallow domain { 51 property_type 52 -system_property_type 53 -product_property_type 54 -vendor_property_type 55 }:file no_rw_file_perms; 56') 57 58neverallow { domain -coredomain } { 59 system_property_type 60 system_internal_property_type 61 -system_restricted_property_type 62 -system_public_property_type 63}:file no_rw_file_perms; 64 65neverallow { domain -coredomain } { 66 system_property_type 67 -system_public_property_type 68}:property_service set; 69 70# init is in coredomain, but should be able to read/write all props. 71# dumpstate is also in coredomain, but should be able to read all props. 72neverallow { coredomain -init -dumpstate } { 73 vendor_property_type 74 vendor_internal_property_type 75 -vendor_restricted_property_type 76 -vendor_public_property_type 77}:file no_rw_file_perms; 78 79neverallow { coredomain -init } { 80 vendor_property_type 81 -vendor_public_property_type 82}:property_service set; 83 84') 85 86# There is no need to perform ioctl or advisory locking operations on 87# property files. If this neverallow is being triggered, it is 88# likely that the policy is using r_file_perms directly instead of 89# the get_prop() macro. 90neverallow domain property_type:file { ioctl lock }; 91 92neverallow * { 93 core_property_type 94 -audio_prop 95 -config_prop 96 -cppreopt_prop 97 -dalvik_prop 98 -debuggerd_prop 99 -debug_prop 100 -dhcp_prop 101 -dumpstate_prop 102 -fingerprint_prop 103 -logd_prop 104 -net_radio_prop 105 -nfc_prop 106 -ota_prop 107 -pan_result_prop 108 -persist_debug_prop 109 -powerctl_prop 110 -radio_prop 111 -restorecon_prop 112 -shell_prop 113 -system_prop 114 -usb_prop 115 -vold_prop 116}:file no_rw_file_perms; 117 118# sigstop property is only used for debugging; should only be set by su which is permissive 119# for userdebug/eng 120neverallow { 121 domain 122 -init 123 -vendor_init 124} ctl_sigstop_prop:property_service set; 125 126# Don't audit legacy ctl. property handling. We only want the newer permission check to appear 127# in the audit log 128dontaudit domain { 129 ctl_bootanim_prop 130 ctl_bugreport_prop 131 ctl_console_prop 132 ctl_default_prop 133 ctl_dumpstate_prop 134 ctl_fuse_prop 135 ctl_mdnsd_prop 136 ctl_rildaemon_prop 137}:property_service set; 138 139neverallow { 140 domain 141 -init 142} init_svc_debug_prop:property_service set; 143 144neverallow { 145 domain 146 -init 147 -dumpstate 148 userdebug_or_eng(`-su') 149} init_svc_debug_prop:file no_rw_file_perms; 150 151compatible_property_only(` 152# Prevent properties from being set 153 neverallow { 154 domain 155 -coredomain 156 -appdomain 157 -vendor_init 158 } { 159 core_property_type 160 extended_core_property_type 161 exported_config_prop 162 exported_default_prop 163 exported_dumpstate_prop 164 exported_system_prop 165 exported3_system_prop 166 usb_control_prop 167 -nfc_prop 168 -powerctl_prop 169 -radio_prop 170 }:property_service set; 171 172 neverallow { 173 domain 174 -coredomain 175 -appdomain 176 -hal_nfc_server 177 } { 178 nfc_prop 179 }:property_service set; 180 181 neverallow { 182 domain 183 -coredomain 184 -appdomain 185 -hal_telephony_server 186 -vendor_init 187 } { 188 radio_control_prop 189 }:property_service set; 190 191 neverallow { 192 domain 193 -coredomain 194 -appdomain 195 -hal_telephony_server 196 } { 197 radio_prop 198 }:property_service set; 199 200 neverallow { 201 domain 202 -coredomain 203 -bluetooth 204 -hal_bluetooth_server 205 } { 206 bluetooth_prop 207 }:property_service set; 208 209 neverallow { 210 domain 211 -coredomain 212 -bluetooth 213 -hal_bluetooth_server 214 -vendor_init 215 } { 216 exported_bluetooth_prop 217 }:property_service set; 218 219 neverallow { 220 domain 221 -coredomain 222 -hal_camera_server 223 -cameraserver 224 -vendor_init 225 } { 226 exported_camera_prop 227 }:property_service set; 228 229 neverallow { 230 domain 231 -coredomain 232 -hal_wifi_server 233 -wificond 234 } { 235 wifi_prop 236 }:property_service set; 237 238 neverallow { 239 domain 240 -init 241 -dumpstate 242 -hal_wifi_server 243 -wificond 244 -vendor_init 245 } { 246 wifi_hal_prop 247 }:property_service set; 248 249# Prevent properties from being read 250 neverallow { 251 domain 252 -coredomain 253 -appdomain 254 -vendor_init 255 } { 256 core_property_type 257 dalvik_config_prop 258 extended_core_property_type 259 exported3_system_prop 260 systemsound_config_prop 261 -debug_prop 262 -logd_prop 263 -nfc_prop 264 -powerctl_prop 265 -radio_prop 266 }:file no_rw_file_perms; 267 268 neverallow { 269 domain 270 -coredomain 271 -appdomain 272 -hal_nfc_server 273 } { 274 nfc_prop 275 }:file no_rw_file_perms; 276 277 neverallow { 278 domain 279 -coredomain 280 -appdomain 281 -hal_telephony_server 282 } { 283 radio_prop 284 }:file no_rw_file_perms; 285 286 neverallow { 287 domain 288 -coredomain 289 -bluetooth 290 -hal_bluetooth_server 291 } { 292 bluetooth_prop 293 }:file no_rw_file_perms; 294 295 neverallow { 296 domain 297 -coredomain 298 -hal_wifi_server 299 -wificond 300 } { 301 wifi_prop 302 }:file no_rw_file_perms; 303 304 neverallow { 305 domain 306 -coredomain 307 -vendor_init 308 } { 309 suspend_prop 310 }:property_service set; 311') 312 313compatible_property_only(` 314 # Neverallow coredomain to set vendor properties 315 neverallow { 316 coredomain 317 -init 318 -system_writes_vendor_properties_violators 319 } { 320 property_type 321 -system_property_type 322 -extended_core_property_type 323 }:property_service set; 324') 325 326neverallow { 327 domain 328 -coredomain 329 -vendor_init 330} { 331 ffs_config_prop 332 ffs_control_prop 333}:file no_rw_file_perms; 334 335neverallow { 336 domain 337 -init 338 -system_server 339} { 340 userspace_reboot_log_prop 341}:property_service set; 342 343neverallow { 344 # Only allow init and system_server to set system_adbd_prop 345 domain 346 -init 347 -system_server 348} { 349 system_adbd_prop 350}:property_service set; 351 352# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port 353neverallow { 354 domain 355 -init 356 -vendor_init 357 -adbd 358 -system_server 359} { 360 adbd_config_prop 361}:property_service set; 362 363neverallow { 364 # Only allow init and adbd to set adbd_prop 365 domain 366 -init 367 -adbd 368} { 369 adbd_prop 370}:property_service set; 371 372neverallow { 373 # Only allow init and shell to set userspace_reboot_test_prop 374 domain 375 -init 376 -shell 377} { 378 userspace_reboot_test_prop 379}:property_service set; 380 381neverallow { 382 domain 383 -init 384 -system_server 385 -vendor_init 386} { 387 surfaceflinger_color_prop 388}:property_service set; 389 390neverallow { 391 domain 392 -init 393} { 394 libc_debug_prop 395}:property_service set; 396 397# Allow the shell to set MTE props, so that non-root users with adb shell 398# access can control the settings on their device. 399# Allow system apps to set MTE props, so Developer Options can set them. 400neverallow { 401 domain 402 -init 403 -shell 404 -system_app 405} { 406 arm64_memtag_prop 407}:property_service set; 408 409neverallow { 410 domain 411 -init 412 -system_server 413 -vendor_init 414} zram_control_prop:property_service set; 415 416neverallow { 417 domain 418 -init 419 -system_server 420 -vendor_init 421} dalvik_runtime_prop:property_service set; 422 423neverallow { 424 domain 425 -coredomain 426 -vendor_init 427} { 428 usb_config_prop 429 usb_control_prop 430}:property_service set; 431 432neverallow { 433 domain 434 -init 435 -system_server 436} { 437 provisioned_prop 438 retaildemo_prop 439}:property_service set; 440 441neverallow { 442 domain 443 -coredomain 444 -vendor_init 445} { 446 provisioned_prop 447 retaildemo_prop 448}:file no_rw_file_perms; 449 450neverallow { 451 domain 452 -init 453} { 454 init_service_status_private_prop 455 init_service_status_prop 456}:property_service set; 457 458neverallow { 459 domain 460 -init 461 -radio 462 -appdomain 463 -hal_telephony_server 464 not_compatible_property(`-vendor_init') 465} telephony_status_prop:property_service set; 466 467neverallow { 468 domain 469 -init 470 -vendor_init 471} { 472 graphics_config_prop 473}:property_service set; 474 475neverallow { 476 domain 477 -init 478 -surfaceflinger 479} { 480 surfaceflinger_display_prop 481}:property_service set; 482 483neverallow { 484 domain 485 -coredomain 486 -appdomain 487 -vendor_init 488} packagemanager_config_prop:file no_rw_file_perms; 489 490neverallow { 491 domain 492 -coredomain 493 -vendor_init 494} keyguard_config_prop:file no_rw_file_perms; 495 496neverallow { 497 domain 498 -init 499} { 500 localization_prop 501}:property_service set; 502 503neverallow { 504 domain 505 -init 506 -vendor_init 507 -dumpstate 508 -system_app 509} oem_unlock_prop:file no_rw_file_perms; 510 511neverallow { 512 domain 513 -coredomain 514 -vendor_init 515} storagemanager_config_prop:file no_rw_file_perms; 516 517neverallow { 518 domain 519 -init 520 -vendor_init 521 -dumpstate 522 -appdomain 523} sendbug_config_prop:file no_rw_file_perms; 524 525neverallow { 526 domain 527 -init 528 -vendor_init 529 -dumpstate 530 -appdomain 531} camera_calibration_prop:file no_rw_file_perms; 532 533neverallow { 534 domain 535 -init 536 -dumpstate 537 -hal_dumpstate_server 538 not_compatible_property(`-vendor_init') 539} hal_dumpstate_config_prop:file no_rw_file_perms; 540 541neverallow { 542 domain 543 -init 544 userdebug_or_eng(`-profcollectd') 545 userdebug_or_eng(`-traced_probes') 546 userdebug_or_eng(`-traced_perf') 547} { 548 lower_kptr_restrict_prop 549}:property_service set; 550 551neverallow { 552 domain 553 -init 554} zygote_wrap_prop:property_service set; 555 556neverallow { 557 domain 558 -init 559} verity_status_prop:property_service set; 560 561neverallow { 562 domain 563 -init 564} setupwizard_prop:property_service set; 565 566# ro.product.property_source_order is useless after initialization of ro.product.* props. 567# So making it accessible only from init and vendor_init. 568neverallow { 569 domain 570 -init 571 -dumpstate 572 -vendor_init 573} build_config_prop:file no_rw_file_perms; 574 575neverallow { 576 domain 577 -init 578 -shell 579} sqlite_log_prop:property_service set; 580 581neverallow { 582 domain 583 -coredomain 584 -appdomain 585} sqlite_log_prop:file no_rw_file_perms; 586 587neverallow { 588 domain 589 -init 590} default_prop:property_service set; 591 592# Only one of system_property_type and vendor_property_type can be assigned. 593# Property types having both attributes won't be accessible from anywhere. 594neverallow domain system_and_vendor_property_type:{file property_service} *; 595 596neverallow { 597 # Only allow init and shell to set rollback_test_prop 598 domain 599 -init 600 -shell 601} rollback_test_prop:property_service set; 602 603neverallow { 604 # Only allow init and profcollectd to access profcollectd_node_id_prop 605 domain 606 -init 607 -dumpstate 608 -profcollectd 609} profcollectd_node_id_prop:file r_file_perms; 610 611