1*e4a36f41SAndroid Build Coastguard Worker# Properties used only in /system 2*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(adbd_prop) 3*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(apexd_payload_metadata_prop) 4*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(ctl_snapuserd_prop) 5*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_lmkd_native_prop) 6*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_mglru_native_prop) 7*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_profcollect_native_boot_prop) 8*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_statsd_native_prop) 9*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_statsd_native_boot_prop) 10*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_storage_native_boot_prop) 11*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_sys_traced_prop) 12*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_window_manager_native_boot_prop) 13*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_configuration_prop) 14*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_connectivity_prop) 15*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(device_config_swcodec_native_prop) 16*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(dmesgd_start_prop) 17*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(fastbootd_protocol_prop) 18*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(gsid_prop) 19*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(init_perf_lsm_hooks_prop) 20*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(init_service_status_private_prop) 21*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(init_svc_debug_prop) 22*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(keystore_crash_prop) 23*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(keystore_listen_prop) 24*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(last_boot_reason_prop) 25*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(localization_prop) 26*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(lower_kptr_restrict_prop) 27*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(net_464xlat_fromvendor_prop) 28*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(net_connectivity_prop) 29*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(netd_stable_secret_prop) 30*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(odsign_prop) 31*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(perf_drop_caches_prop) 32*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(pm_prop) 33*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(profcollectd_node_id_prop) 34*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(radio_cdma_ecm_prop) 35*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(remote_prov_prop) 36*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(rollback_test_prop) 37*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(setupwizard_prop) 38*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(snapuserd_prop) 39*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(system_adbd_prop) 40*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(traced_perf_enabled_prop) 41*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(userspace_reboot_log_prop) 42*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(userspace_reboot_test_prop) 43*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(verity_status_prop) 44*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(zygote_wrap_prop) 45*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(ctl_mediatranscoding_prop) 46*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(ctl_odsign_prop) 47*e4a36f41SAndroid Build Coastguard Workersystem_internal_prop(virtualizationservice_prop) 48*e4a36f41SAndroid Build Coastguard Worker 49*e4a36f41SAndroid Build Coastguard Worker# Properties which can't be written outside system 50*e4a36f41SAndroid Build Coastguard Workersystem_restricted_prop(device_config_virtualization_framework_native_prop) 51*e4a36f41SAndroid Build Coastguard Workersystem_restricted_prop(system_user_mode_emulation_prop) 52*e4a36f41SAndroid Build Coastguard Worker 53*e4a36f41SAndroid Build Coastguard Worker### 54*e4a36f41SAndroid Build Coastguard Worker### Neverallow rules 55*e4a36f41SAndroid Build Coastguard Worker### 56*e4a36f41SAndroid Build Coastguard Worker 57*e4a36f41SAndroid Build Coastguard Workertreble_sysprop_neverallow(` 58*e4a36f41SAndroid Build Coastguard Worker 59*e4a36f41SAndroid Build Coastguard Workerenforce_sysprop_owner(` 60*e4a36f41SAndroid Build Coastguard Worker neverallow domain { 61*e4a36f41SAndroid Build Coastguard Worker property_type 62*e4a36f41SAndroid Build Coastguard Worker -system_property_type 63*e4a36f41SAndroid Build Coastguard Worker -product_property_type 64*e4a36f41SAndroid Build Coastguard Worker -vendor_property_type 65*e4a36f41SAndroid Build Coastguard Worker }:file no_rw_file_perms; 66*e4a36f41SAndroid Build Coastguard Worker') 67*e4a36f41SAndroid Build Coastguard Worker 68*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -coredomain } { 69*e4a36f41SAndroid Build Coastguard Worker system_property_type 70*e4a36f41SAndroid Build Coastguard Worker system_internal_property_type 71*e4a36f41SAndroid Build Coastguard Worker -system_restricted_property_type 72*e4a36f41SAndroid Build Coastguard Worker -system_public_property_type 73*e4a36f41SAndroid Build Coastguard Worker}:file no_rw_file_perms; 74*e4a36f41SAndroid Build Coastguard Worker 75*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -coredomain } { 76*e4a36f41SAndroid Build Coastguard Worker system_property_type 77*e4a36f41SAndroid Build Coastguard Worker -system_public_property_type 78*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 79*e4a36f41SAndroid Build Coastguard Worker 80*e4a36f41SAndroid Build Coastguard Worker# init is in coredomain, but should be able to read/write all props. 81*e4a36f41SAndroid Build Coastguard Worker# dumpstate is also in coredomain, but should be able to read all props. 82*e4a36f41SAndroid Build Coastguard Workerneverallow { coredomain -init -dumpstate } { 83*e4a36f41SAndroid Build Coastguard Worker vendor_property_type 84*e4a36f41SAndroid Build Coastguard Worker vendor_internal_property_type 85*e4a36f41SAndroid Build Coastguard Worker -vendor_restricted_property_type 86*e4a36f41SAndroid Build Coastguard Worker -vendor_public_property_type 87*e4a36f41SAndroid Build Coastguard Worker}:file no_rw_file_perms; 88*e4a36f41SAndroid Build Coastguard Worker 89*e4a36f41SAndroid Build Coastguard Workerneverallow { coredomain -init } { 90*e4a36f41SAndroid Build Coastguard Worker vendor_property_type 91*e4a36f41SAndroid Build Coastguard Worker -vendor_public_property_type 92*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 93*e4a36f41SAndroid Build Coastguard Worker 94*e4a36f41SAndroid Build Coastguard Worker') 95*e4a36f41SAndroid Build Coastguard Worker 96*e4a36f41SAndroid Build Coastguard Worker# There is no need to perform ioctl or advisory locking operations on 97*e4a36f41SAndroid Build Coastguard Worker# property files. If this neverallow is being triggered, it is 98*e4a36f41SAndroid Build Coastguard Worker# likely that the policy is using r_file_perms directly instead of 99*e4a36f41SAndroid Build Coastguard Worker# the get_prop() macro. 100*e4a36f41SAndroid Build Coastguard Workerneverallow domain property_type:file { ioctl lock }; 101*e4a36f41SAndroid Build Coastguard Worker 102*e4a36f41SAndroid Build Coastguard Workerneverallow * { 103*e4a36f41SAndroid Build Coastguard Worker core_property_type 104*e4a36f41SAndroid Build Coastguard Worker -audio_prop 105*e4a36f41SAndroid Build Coastguard Worker -config_prop 106*e4a36f41SAndroid Build Coastguard Worker -cppreopt_prop 107*e4a36f41SAndroid Build Coastguard Worker -dalvik_prop 108*e4a36f41SAndroid Build Coastguard Worker -debuggerd_prop 109*e4a36f41SAndroid Build Coastguard Worker -debug_prop 110*e4a36f41SAndroid Build Coastguard Worker -dhcp_prop 111*e4a36f41SAndroid Build Coastguard Worker -dumpstate_prop 112*e4a36f41SAndroid Build Coastguard Worker -fingerprint_prop 113*e4a36f41SAndroid Build Coastguard Worker -logd_prop 114*e4a36f41SAndroid Build Coastguard Worker -net_radio_prop 115*e4a36f41SAndroid Build Coastguard Worker -nfc_prop 116*e4a36f41SAndroid Build Coastguard Worker -ota_prop 117*e4a36f41SAndroid Build Coastguard Worker -pan_result_prop 118*e4a36f41SAndroid Build Coastguard Worker -persist_debug_prop 119*e4a36f41SAndroid Build Coastguard Worker -powerctl_prop 120*e4a36f41SAndroid Build Coastguard Worker -radio_prop 121*e4a36f41SAndroid Build Coastguard Worker -restorecon_prop 122*e4a36f41SAndroid Build Coastguard Worker -shell_prop 123*e4a36f41SAndroid Build Coastguard Worker -system_prop 124*e4a36f41SAndroid Build Coastguard Worker -system_user_mode_emulation_prop 125*e4a36f41SAndroid Build Coastguard Worker -usb_prop 126*e4a36f41SAndroid Build Coastguard Worker -vold_prop 127*e4a36f41SAndroid Build Coastguard Worker}:file no_rw_file_perms; 128*e4a36f41SAndroid Build Coastguard Worker 129*e4a36f41SAndroid Build Coastguard Worker# sigstop property is only used for debugging; should only be set by su which is permissive 130*e4a36f41SAndroid Build Coastguard Worker# for userdebug/eng 131*e4a36f41SAndroid Build Coastguard Workerneverallow { 132*e4a36f41SAndroid Build Coastguard Worker domain 133*e4a36f41SAndroid Build Coastguard Worker -init 134*e4a36f41SAndroid Build Coastguard Worker -vendor_init 135*e4a36f41SAndroid Build Coastguard Worker} ctl_sigstop_prop:property_service set; 136*e4a36f41SAndroid Build Coastguard Worker 137*e4a36f41SAndroid Build Coastguard Worker# Don't audit legacy ctl. property handling. We only want the newer permission check to appear 138*e4a36f41SAndroid Build Coastguard Worker# in the audit log 139*e4a36f41SAndroid Build Coastguard Workerdontaudit domain { 140*e4a36f41SAndroid Build Coastguard Worker ctl_bootanim_prop 141*e4a36f41SAndroid Build Coastguard Worker ctl_bugreport_prop 142*e4a36f41SAndroid Build Coastguard Worker ctl_console_prop 143*e4a36f41SAndroid Build Coastguard Worker ctl_default_prop 144*e4a36f41SAndroid Build Coastguard Worker ctl_dumpstate_prop 145*e4a36f41SAndroid Build Coastguard Worker ctl_fuse_prop 146*e4a36f41SAndroid Build Coastguard Worker ctl_mdnsd_prop 147*e4a36f41SAndroid Build Coastguard Worker ctl_rildaemon_prop 148*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 149*e4a36f41SAndroid Build Coastguard Worker 150*e4a36f41SAndroid Build Coastguard Workerneverallow { 151*e4a36f41SAndroid Build Coastguard Worker domain 152*e4a36f41SAndroid Build Coastguard Worker -init 153*e4a36f41SAndroid Build Coastguard Worker} init_svc_debug_prop:property_service set; 154*e4a36f41SAndroid Build Coastguard Worker 155*e4a36f41SAndroid Build Coastguard Workerneverallow { 156*e4a36f41SAndroid Build Coastguard Worker domain 157*e4a36f41SAndroid Build Coastguard Worker -init 158*e4a36f41SAndroid Build Coastguard Worker -dumpstate 159*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-su') 160*e4a36f41SAndroid Build Coastguard Worker} init_svc_debug_prop:file no_rw_file_perms; 161*e4a36f41SAndroid Build Coastguard Worker 162*e4a36f41SAndroid Build Coastguard Workercompatible_property_only(` 163*e4a36f41SAndroid Build Coastguard Worker# Prevent properties from being set 164*e4a36f41SAndroid Build Coastguard Worker neverallow { 165*e4a36f41SAndroid Build Coastguard Worker domain 166*e4a36f41SAndroid Build Coastguard Worker -coredomain 167*e4a36f41SAndroid Build Coastguard Worker -appdomain 168*e4a36f41SAndroid Build Coastguard Worker -vendor_init 169*e4a36f41SAndroid Build Coastguard Worker } { 170*e4a36f41SAndroid Build Coastguard Worker core_property_type 171*e4a36f41SAndroid Build Coastguard Worker extended_core_property_type 172*e4a36f41SAndroid Build Coastguard Worker exported_config_prop 173*e4a36f41SAndroid Build Coastguard Worker exported_default_prop 174*e4a36f41SAndroid Build Coastguard Worker exported_dumpstate_prop 175*e4a36f41SAndroid Build Coastguard Worker exported_system_prop 176*e4a36f41SAndroid Build Coastguard Worker exported3_system_prop 177*e4a36f41SAndroid Build Coastguard Worker usb_control_prop 178*e4a36f41SAndroid Build Coastguard Worker -nfc_prop 179*e4a36f41SAndroid Build Coastguard Worker -powerctl_prop 180*e4a36f41SAndroid Build Coastguard Worker -radio_prop 181*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 182*e4a36f41SAndroid Build Coastguard Worker 183*e4a36f41SAndroid Build Coastguard Worker neverallow { 184*e4a36f41SAndroid Build Coastguard Worker domain 185*e4a36f41SAndroid Build Coastguard Worker -coredomain 186*e4a36f41SAndroid Build Coastguard Worker -appdomain 187*e4a36f41SAndroid Build Coastguard Worker -hal_nfc_server 188*e4a36f41SAndroid Build Coastguard Worker } { 189*e4a36f41SAndroid Build Coastguard Worker nfc_prop 190*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 191*e4a36f41SAndroid Build Coastguard Worker 192*e4a36f41SAndroid Build Coastguard Worker neverallow { 193*e4a36f41SAndroid Build Coastguard Worker domain 194*e4a36f41SAndroid Build Coastguard Worker -coredomain 195*e4a36f41SAndroid Build Coastguard Worker -appdomain 196*e4a36f41SAndroid Build Coastguard Worker -hal_telephony_server 197*e4a36f41SAndroid Build Coastguard Worker -vendor_init 198*e4a36f41SAndroid Build Coastguard Worker } { 199*e4a36f41SAndroid Build Coastguard Worker radio_control_prop 200*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 201*e4a36f41SAndroid Build Coastguard Worker 202*e4a36f41SAndroid Build Coastguard Worker neverallow { 203*e4a36f41SAndroid Build Coastguard Worker domain 204*e4a36f41SAndroid Build Coastguard Worker -coredomain 205*e4a36f41SAndroid Build Coastguard Worker -appdomain 206*e4a36f41SAndroid Build Coastguard Worker -hal_telephony_server 207*e4a36f41SAndroid Build Coastguard Worker } { 208*e4a36f41SAndroid Build Coastguard Worker radio_prop 209*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 210*e4a36f41SAndroid Build Coastguard Worker 211*e4a36f41SAndroid Build Coastguard Worker neverallow { 212*e4a36f41SAndroid Build Coastguard Worker domain 213*e4a36f41SAndroid Build Coastguard Worker -coredomain 214*e4a36f41SAndroid Build Coastguard Worker -bluetooth 215*e4a36f41SAndroid Build Coastguard Worker -hal_bluetooth_server 216*e4a36f41SAndroid Build Coastguard Worker } { 217*e4a36f41SAndroid Build Coastguard Worker bluetooth_prop 218*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 219*e4a36f41SAndroid Build Coastguard Worker 220*e4a36f41SAndroid Build Coastguard Worker neverallow { 221*e4a36f41SAndroid Build Coastguard Worker domain 222*e4a36f41SAndroid Build Coastguard Worker -coredomain 223*e4a36f41SAndroid Build Coastguard Worker -bluetooth 224*e4a36f41SAndroid Build Coastguard Worker -hal_bluetooth_server 225*e4a36f41SAndroid Build Coastguard Worker -vendor_init 226*e4a36f41SAndroid Build Coastguard Worker } { 227*e4a36f41SAndroid Build Coastguard Worker exported_bluetooth_prop 228*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 229*e4a36f41SAndroid Build Coastguard Worker 230*e4a36f41SAndroid Build Coastguard Worker neverallow { 231*e4a36f41SAndroid Build Coastguard Worker domain 232*e4a36f41SAndroid Build Coastguard Worker -coredomain 233*e4a36f41SAndroid Build Coastguard Worker -hal_camera_server 234*e4a36f41SAndroid Build Coastguard Worker -cameraserver 235*e4a36f41SAndroid Build Coastguard Worker -vendor_init 236*e4a36f41SAndroid Build Coastguard Worker } { 237*e4a36f41SAndroid Build Coastguard Worker exported_camera_prop 238*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 239*e4a36f41SAndroid Build Coastguard Worker 240*e4a36f41SAndroid Build Coastguard Worker neverallow { 241*e4a36f41SAndroid Build Coastguard Worker domain 242*e4a36f41SAndroid Build Coastguard Worker -coredomain 243*e4a36f41SAndroid Build Coastguard Worker -hal_wifi_server 244*e4a36f41SAndroid Build Coastguard Worker -wificond 245*e4a36f41SAndroid Build Coastguard Worker } { 246*e4a36f41SAndroid Build Coastguard Worker wifi_prop 247*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 248*e4a36f41SAndroid Build Coastguard Worker 249*e4a36f41SAndroid Build Coastguard Worker neverallow { 250*e4a36f41SAndroid Build Coastguard Worker domain 251*e4a36f41SAndroid Build Coastguard Worker -init 252*e4a36f41SAndroid Build Coastguard Worker -dumpstate 253*e4a36f41SAndroid Build Coastguard Worker -hal_wifi_server 254*e4a36f41SAndroid Build Coastguard Worker -wificond 255*e4a36f41SAndroid Build Coastguard Worker -vendor_init 256*e4a36f41SAndroid Build Coastguard Worker } { 257*e4a36f41SAndroid Build Coastguard Worker wifi_hal_prop 258*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 259*e4a36f41SAndroid Build Coastguard Worker 260*e4a36f41SAndroid Build Coastguard Worker# Prevent properties from being read 261*e4a36f41SAndroid Build Coastguard Worker neverallow { 262*e4a36f41SAndroid Build Coastguard Worker domain 263*e4a36f41SAndroid Build Coastguard Worker -coredomain 264*e4a36f41SAndroid Build Coastguard Worker -appdomain 265*e4a36f41SAndroid Build Coastguard Worker -vendor_init 266*e4a36f41SAndroid Build Coastguard Worker } { 267*e4a36f41SAndroid Build Coastguard Worker core_property_type 268*e4a36f41SAndroid Build Coastguard Worker dalvik_config_prop 269*e4a36f41SAndroid Build Coastguard Worker extended_core_property_type 270*e4a36f41SAndroid Build Coastguard Worker exported3_system_prop 271*e4a36f41SAndroid Build Coastguard Worker systemsound_config_prop 272*e4a36f41SAndroid Build Coastguard Worker -debug_prop 273*e4a36f41SAndroid Build Coastguard Worker -logd_prop 274*e4a36f41SAndroid Build Coastguard Worker -nfc_prop 275*e4a36f41SAndroid Build Coastguard Worker -powerctl_prop 276*e4a36f41SAndroid Build Coastguard Worker -radio_prop 277*e4a36f41SAndroid Build Coastguard Worker }:file no_rw_file_perms; 278*e4a36f41SAndroid Build Coastguard Worker 279*e4a36f41SAndroid Build Coastguard Worker neverallow { 280*e4a36f41SAndroid Build Coastguard Worker domain 281*e4a36f41SAndroid Build Coastguard Worker -coredomain 282*e4a36f41SAndroid Build Coastguard Worker -appdomain 283*e4a36f41SAndroid Build Coastguard Worker -hal_nfc_server 284*e4a36f41SAndroid Build Coastguard Worker } { 285*e4a36f41SAndroid Build Coastguard Worker nfc_prop 286*e4a36f41SAndroid Build Coastguard Worker }:file no_rw_file_perms; 287*e4a36f41SAndroid Build Coastguard Worker 288*e4a36f41SAndroid Build Coastguard Worker neverallow { 289*e4a36f41SAndroid Build Coastguard Worker domain 290*e4a36f41SAndroid Build Coastguard Worker -coredomain 291*e4a36f41SAndroid Build Coastguard Worker -appdomain 292*e4a36f41SAndroid Build Coastguard Worker -hal_telephony_server 293*e4a36f41SAndroid Build Coastguard Worker } { 294*e4a36f41SAndroid Build Coastguard Worker radio_prop 295*e4a36f41SAndroid Build Coastguard Worker }:file no_rw_file_perms; 296*e4a36f41SAndroid Build Coastguard Worker 297*e4a36f41SAndroid Build Coastguard Worker neverallow { 298*e4a36f41SAndroid Build Coastguard Worker domain 299*e4a36f41SAndroid Build Coastguard Worker -coredomain 300*e4a36f41SAndroid Build Coastguard Worker -bluetooth 301*e4a36f41SAndroid Build Coastguard Worker -hal_bluetooth_server 302*e4a36f41SAndroid Build Coastguard Worker } { 303*e4a36f41SAndroid Build Coastguard Worker bluetooth_prop 304*e4a36f41SAndroid Build Coastguard Worker }:file no_rw_file_perms; 305*e4a36f41SAndroid Build Coastguard Worker 306*e4a36f41SAndroid Build Coastguard Worker neverallow { 307*e4a36f41SAndroid Build Coastguard Worker domain 308*e4a36f41SAndroid Build Coastguard Worker -coredomain 309*e4a36f41SAndroid Build Coastguard Worker -hal_wifi_server 310*e4a36f41SAndroid Build Coastguard Worker -wificond 311*e4a36f41SAndroid Build Coastguard Worker } { 312*e4a36f41SAndroid Build Coastguard Worker wifi_prop 313*e4a36f41SAndroid Build Coastguard Worker }:file no_rw_file_perms; 314*e4a36f41SAndroid Build Coastguard Worker 315*e4a36f41SAndroid Build Coastguard Worker neverallow { 316*e4a36f41SAndroid Build Coastguard Worker domain 317*e4a36f41SAndroid Build Coastguard Worker -coredomain 318*e4a36f41SAndroid Build Coastguard Worker -vendor_init 319*e4a36f41SAndroid Build Coastguard Worker } { 320*e4a36f41SAndroid Build Coastguard Worker suspend_prop 321*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 322*e4a36f41SAndroid Build Coastguard Worker') 323*e4a36f41SAndroid Build Coastguard Worker 324*e4a36f41SAndroid Build Coastguard Workercompatible_property_only(` 325*e4a36f41SAndroid Build Coastguard Worker # Neverallow coredomain to set vendor properties 326*e4a36f41SAndroid Build Coastguard Worker neverallow { 327*e4a36f41SAndroid Build Coastguard Worker coredomain 328*e4a36f41SAndroid Build Coastguard Worker -init 329*e4a36f41SAndroid Build Coastguard Worker -system_writes_vendor_properties_violators 330*e4a36f41SAndroid Build Coastguard Worker } { 331*e4a36f41SAndroid Build Coastguard Worker property_type 332*e4a36f41SAndroid Build Coastguard Worker -system_property_type 333*e4a36f41SAndroid Build Coastguard Worker -extended_core_property_type 334*e4a36f41SAndroid Build Coastguard Worker }:property_service set; 335*e4a36f41SAndroid Build Coastguard Worker') 336*e4a36f41SAndroid Build Coastguard Worker 337*e4a36f41SAndroid Build Coastguard Workerneverallow { 338*e4a36f41SAndroid Build Coastguard Worker domain 339*e4a36f41SAndroid Build Coastguard Worker -coredomain 340*e4a36f41SAndroid Build Coastguard Worker -vendor_init 341*e4a36f41SAndroid Build Coastguard Worker} { 342*e4a36f41SAndroid Build Coastguard Worker ffs_config_prop 343*e4a36f41SAndroid Build Coastguard Worker ffs_control_prop 344*e4a36f41SAndroid Build Coastguard Worker}:file no_rw_file_perms; 345*e4a36f41SAndroid Build Coastguard Worker 346*e4a36f41SAndroid Build Coastguard Workerneverallow { 347*e4a36f41SAndroid Build Coastguard Worker domain 348*e4a36f41SAndroid Build Coastguard Worker -init 349*e4a36f41SAndroid Build Coastguard Worker -system_server 350*e4a36f41SAndroid Build Coastguard Worker} { 351*e4a36f41SAndroid Build Coastguard Worker userspace_reboot_log_prop 352*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 353*e4a36f41SAndroid Build Coastguard Worker 354*e4a36f41SAndroid Build Coastguard Workerneverallow { 355*e4a36f41SAndroid Build Coastguard Worker # Only allow init and system_server to set system_adbd_prop 356*e4a36f41SAndroid Build Coastguard Worker domain 357*e4a36f41SAndroid Build Coastguard Worker -init 358*e4a36f41SAndroid Build Coastguard Worker -system_server 359*e4a36f41SAndroid Build Coastguard Worker} { 360*e4a36f41SAndroid Build Coastguard Worker system_adbd_prop 361*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 362*e4a36f41SAndroid Build Coastguard Worker 363*e4a36f41SAndroid Build Coastguard Worker# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port 364*e4a36f41SAndroid Build Coastguard Workerneverallow { 365*e4a36f41SAndroid Build Coastguard Worker domain 366*e4a36f41SAndroid Build Coastguard Worker -init 367*e4a36f41SAndroid Build Coastguard Worker -vendor_init 368*e4a36f41SAndroid Build Coastguard Worker -adbd 369*e4a36f41SAndroid Build Coastguard Worker -system_server 370*e4a36f41SAndroid Build Coastguard Worker} { 371*e4a36f41SAndroid Build Coastguard Worker adbd_config_prop 372*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 373*e4a36f41SAndroid Build Coastguard Worker 374*e4a36f41SAndroid Build Coastguard Workerneverallow { 375*e4a36f41SAndroid Build Coastguard Worker # Only allow init and adbd to set adbd_prop 376*e4a36f41SAndroid Build Coastguard Worker domain 377*e4a36f41SAndroid Build Coastguard Worker -init 378*e4a36f41SAndroid Build Coastguard Worker -adbd 379*e4a36f41SAndroid Build Coastguard Worker} { 380*e4a36f41SAndroid Build Coastguard Worker adbd_prop 381*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 382*e4a36f41SAndroid Build Coastguard Worker 383*e4a36f41SAndroid Build Coastguard Workerneverallow { 384*e4a36f41SAndroid Build Coastguard Worker # Only allow init to set apexd_payload_metadata_prop 385*e4a36f41SAndroid Build Coastguard Worker domain 386*e4a36f41SAndroid Build Coastguard Worker -init 387*e4a36f41SAndroid Build Coastguard Worker} { 388*e4a36f41SAndroid Build Coastguard Worker apexd_payload_metadata_prop 389*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 390*e4a36f41SAndroid Build Coastguard Worker 391*e4a36f41SAndroid Build Coastguard Worker 392*e4a36f41SAndroid Build Coastguard Workerneverallow { 393*e4a36f41SAndroid Build Coastguard Worker # Only allow init and shell to set userspace_reboot_test_prop 394*e4a36f41SAndroid Build Coastguard Worker domain 395*e4a36f41SAndroid Build Coastguard Worker -init 396*e4a36f41SAndroid Build Coastguard Worker -shell 397*e4a36f41SAndroid Build Coastguard Worker} { 398*e4a36f41SAndroid Build Coastguard Worker userspace_reboot_test_prop 399*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 400*e4a36f41SAndroid Build Coastguard Worker 401*e4a36f41SAndroid Build Coastguard Workerneverallow { 402*e4a36f41SAndroid Build Coastguard Worker domain 403*e4a36f41SAndroid Build Coastguard Worker -init 404*e4a36f41SAndroid Build Coastguard Worker -system_server 405*e4a36f41SAndroid Build Coastguard Worker -vendor_init 406*e4a36f41SAndroid Build Coastguard Worker} { 407*e4a36f41SAndroid Build Coastguard Worker surfaceflinger_color_prop 408*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 409*e4a36f41SAndroid Build Coastguard Worker 410*e4a36f41SAndroid Build Coastguard Workerneverallow { 411*e4a36f41SAndroid Build Coastguard Worker domain 412*e4a36f41SAndroid Build Coastguard Worker -init 413*e4a36f41SAndroid Build Coastguard Worker} { 414*e4a36f41SAndroid Build Coastguard Worker libc_debug_prop 415*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 416*e4a36f41SAndroid Build Coastguard Worker 417*e4a36f41SAndroid Build Coastguard Worker# Allow the shell to set MTE & GWP-ASan props, so that non-root users with adb 418*e4a36f41SAndroid Build Coastguard Worker# shell access can control the settings on their device. Allow system apps to 419*e4a36f41SAndroid Build Coastguard Worker# set MTE props, so Developer Options can set them. 420*e4a36f41SAndroid Build Coastguard Workerneverallow { 421*e4a36f41SAndroid Build Coastguard Worker domain 422*e4a36f41SAndroid Build Coastguard Worker -init 423*e4a36f41SAndroid Build Coastguard Worker -shell 424*e4a36f41SAndroid Build Coastguard Worker -system_app 425*e4a36f41SAndroid Build Coastguard Worker} { 426*e4a36f41SAndroid Build Coastguard Worker arm64_memtag_prop 427*e4a36f41SAndroid Build Coastguard Worker gwp_asan_prop 428*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 429*e4a36f41SAndroid Build Coastguard Worker 430*e4a36f41SAndroid Build Coastguard Workerneverallow { 431*e4a36f41SAndroid Build Coastguard Worker domain 432*e4a36f41SAndroid Build Coastguard Worker -init 433*e4a36f41SAndroid Build Coastguard Worker -system_server 434*e4a36f41SAndroid Build Coastguard Worker -vendor_init 435*e4a36f41SAndroid Build Coastguard Worker} zram_control_prop:property_service set; 436*e4a36f41SAndroid Build Coastguard Worker 437*e4a36f41SAndroid Build Coastguard Workerneverallow { 438*e4a36f41SAndroid Build Coastguard Worker domain 439*e4a36f41SAndroid Build Coastguard Worker -init 440*e4a36f41SAndroid Build Coastguard Worker -system_server 441*e4a36f41SAndroid Build Coastguard Worker -vendor_init 442*e4a36f41SAndroid Build Coastguard Worker} dalvik_runtime_prop:property_service set; 443*e4a36f41SAndroid Build Coastguard Worker 444*e4a36f41SAndroid Build Coastguard Workerneverallow { 445*e4a36f41SAndroid Build Coastguard Worker domain 446*e4a36f41SAndroid Build Coastguard Worker -coredomain 447*e4a36f41SAndroid Build Coastguard Worker -vendor_init 448*e4a36f41SAndroid Build Coastguard Worker} { 449*e4a36f41SAndroid Build Coastguard Worker usb_config_prop 450*e4a36f41SAndroid Build Coastguard Worker usb_control_prop 451*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 452*e4a36f41SAndroid Build Coastguard Worker 453*e4a36f41SAndroid Build Coastguard Workerneverallow { 454*e4a36f41SAndroid Build Coastguard Worker domain 455*e4a36f41SAndroid Build Coastguard Worker -init 456*e4a36f41SAndroid Build Coastguard Worker -system_server 457*e4a36f41SAndroid Build Coastguard Worker} { 458*e4a36f41SAndroid Build Coastguard Worker provisioned_prop 459*e4a36f41SAndroid Build Coastguard Worker retaildemo_prop 460*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 461*e4a36f41SAndroid Build Coastguard Worker 462*e4a36f41SAndroid Build Coastguard Workerneverallow { 463*e4a36f41SAndroid Build Coastguard Worker domain 464*e4a36f41SAndroid Build Coastguard Worker -coredomain 465*e4a36f41SAndroid Build Coastguard Worker -vendor_init 466*e4a36f41SAndroid Build Coastguard Worker} { 467*e4a36f41SAndroid Build Coastguard Worker provisioned_prop 468*e4a36f41SAndroid Build Coastguard Worker retaildemo_prop 469*e4a36f41SAndroid Build Coastguard Worker}:file no_rw_file_perms; 470*e4a36f41SAndroid Build Coastguard Worker 471*e4a36f41SAndroid Build Coastguard Workerneverallow { 472*e4a36f41SAndroid Build Coastguard Worker domain 473*e4a36f41SAndroid Build Coastguard Worker -init 474*e4a36f41SAndroid Build Coastguard Worker} { 475*e4a36f41SAndroid Build Coastguard Worker init_service_status_private_prop 476*e4a36f41SAndroid Build Coastguard Worker init_service_status_prop 477*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 478*e4a36f41SAndroid Build Coastguard Worker 479*e4a36f41SAndroid Build Coastguard Workerneverallow { 480*e4a36f41SAndroid Build Coastguard Worker domain 481*e4a36f41SAndroid Build Coastguard Worker -init 482*e4a36f41SAndroid Build Coastguard Worker -radio 483*e4a36f41SAndroid Build Coastguard Worker -appdomain 484*e4a36f41SAndroid Build Coastguard Worker -hal_telephony_server 485*e4a36f41SAndroid Build Coastguard Worker not_compatible_property(`-vendor_init') 486*e4a36f41SAndroid Build Coastguard Worker} telephony_status_prop:property_service set; 487*e4a36f41SAndroid Build Coastguard Worker 488*e4a36f41SAndroid Build Coastguard Workerneverallow { 489*e4a36f41SAndroid Build Coastguard Worker domain 490*e4a36f41SAndroid Build Coastguard Worker -init 491*e4a36f41SAndroid Build Coastguard Worker -vendor_init 492*e4a36f41SAndroid Build Coastguard Worker} { 493*e4a36f41SAndroid Build Coastguard Worker graphics_config_prop 494*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 495*e4a36f41SAndroid Build Coastguard Worker 496*e4a36f41SAndroid Build Coastguard Workerneverallow { 497*e4a36f41SAndroid Build Coastguard Worker domain 498*e4a36f41SAndroid Build Coastguard Worker -init 499*e4a36f41SAndroid Build Coastguard Worker -surfaceflinger 500*e4a36f41SAndroid Build Coastguard Worker} { 501*e4a36f41SAndroid Build Coastguard Worker surfaceflinger_display_prop 502*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 503*e4a36f41SAndroid Build Coastguard Worker 504*e4a36f41SAndroid Build Coastguard Workerneverallow { 505*e4a36f41SAndroid Build Coastguard Worker domain 506*e4a36f41SAndroid Build Coastguard Worker -coredomain 507*e4a36f41SAndroid Build Coastguard Worker -appdomain 508*e4a36f41SAndroid Build Coastguard Worker -vendor_init 509*e4a36f41SAndroid Build Coastguard Worker} packagemanager_config_prop:file no_rw_file_perms; 510*e4a36f41SAndroid Build Coastguard Worker 511*e4a36f41SAndroid Build Coastguard Workerneverallow { 512*e4a36f41SAndroid Build Coastguard Worker domain 513*e4a36f41SAndroid Build Coastguard Worker -coredomain 514*e4a36f41SAndroid Build Coastguard Worker -vendor_init 515*e4a36f41SAndroid Build Coastguard Worker} keyguard_config_prop:file no_rw_file_perms; 516*e4a36f41SAndroid Build Coastguard Worker 517*e4a36f41SAndroid Build Coastguard Workerneverallow { 518*e4a36f41SAndroid Build Coastguard Worker domain 519*e4a36f41SAndroid Build Coastguard Worker -init 520*e4a36f41SAndroid Build Coastguard Worker} { 521*e4a36f41SAndroid Build Coastguard Worker localization_prop 522*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 523*e4a36f41SAndroid Build Coastguard Worker 524*e4a36f41SAndroid Build Coastguard Workerneverallow { 525*e4a36f41SAndroid Build Coastguard Worker domain 526*e4a36f41SAndroid Build Coastguard Worker -init 527*e4a36f41SAndroid Build Coastguard Worker -vendor_init 528*e4a36f41SAndroid Build Coastguard Worker -dumpstate 529*e4a36f41SAndroid Build Coastguard Worker -system_app 530*e4a36f41SAndroid Build Coastguard Worker} oem_unlock_prop:file no_rw_file_perms; 531*e4a36f41SAndroid Build Coastguard Worker 532*e4a36f41SAndroid Build Coastguard Workerneverallow { 533*e4a36f41SAndroid Build Coastguard Worker domain 534*e4a36f41SAndroid Build Coastguard Worker -coredomain 535*e4a36f41SAndroid Build Coastguard Worker -vendor_init 536*e4a36f41SAndroid Build Coastguard Worker} storagemanager_config_prop:file no_rw_file_perms; 537*e4a36f41SAndroid Build Coastguard Worker 538*e4a36f41SAndroid Build Coastguard Workerneverallow { 539*e4a36f41SAndroid Build Coastguard Worker domain 540*e4a36f41SAndroid Build Coastguard Worker -init 541*e4a36f41SAndroid Build Coastguard Worker -vendor_init 542*e4a36f41SAndroid Build Coastguard Worker -dumpstate 543*e4a36f41SAndroid Build Coastguard Worker -appdomain 544*e4a36f41SAndroid Build Coastguard Worker} sendbug_config_prop:file no_rw_file_perms; 545*e4a36f41SAndroid Build Coastguard Worker 546*e4a36f41SAndroid Build Coastguard Workerneverallow { 547*e4a36f41SAndroid Build Coastguard Worker domain 548*e4a36f41SAndroid Build Coastguard Worker -init 549*e4a36f41SAndroid Build Coastguard Worker -vendor_init 550*e4a36f41SAndroid Build Coastguard Worker -dumpstate 551*e4a36f41SAndroid Build Coastguard Worker -appdomain 552*e4a36f41SAndroid Build Coastguard Worker} camera_calibration_prop:file no_rw_file_perms; 553*e4a36f41SAndroid Build Coastguard Worker 554*e4a36f41SAndroid Build Coastguard Workerneverallow { 555*e4a36f41SAndroid Build Coastguard Worker domain 556*e4a36f41SAndroid Build Coastguard Worker -init 557*e4a36f41SAndroid Build Coastguard Worker -dumpstate 558*e4a36f41SAndroid Build Coastguard Worker -hal_dumpstate_server 559*e4a36f41SAndroid Build Coastguard Worker not_compatible_property(`-vendor_init') 560*e4a36f41SAndroid Build Coastguard Worker} hal_dumpstate_config_prop:file no_rw_file_perms; 561*e4a36f41SAndroid Build Coastguard Worker 562*e4a36f41SAndroid Build Coastguard Workerneverallow { 563*e4a36f41SAndroid Build Coastguard Worker domain 564*e4a36f41SAndroid Build Coastguard Worker -init 565*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-profcollectd') 566*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-simpleperf_boot') 567*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-traced_probes') 568*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-traced_perf') 569*e4a36f41SAndroid Build Coastguard Worker} { 570*e4a36f41SAndroid Build Coastguard Worker lower_kptr_restrict_prop 571*e4a36f41SAndroid Build Coastguard Worker}:property_service set; 572*e4a36f41SAndroid Build Coastguard Worker 573*e4a36f41SAndroid Build Coastguard Workerneverallow { 574*e4a36f41SAndroid Build Coastguard Worker domain 575*e4a36f41SAndroid Build Coastguard Worker -init 576*e4a36f41SAndroid Build Coastguard Worker} zygote_wrap_prop:property_service set; 577*e4a36f41SAndroid Build Coastguard Worker 578*e4a36f41SAndroid Build Coastguard Workerneverallow { 579*e4a36f41SAndroid Build Coastguard Worker domain 580*e4a36f41SAndroid Build Coastguard Worker -init 581*e4a36f41SAndroid Build Coastguard Worker} verity_status_prop:property_service set; 582*e4a36f41SAndroid Build Coastguard Worker 583*e4a36f41SAndroid Build Coastguard Workerneverallow { 584*e4a36f41SAndroid Build Coastguard Worker domain 585*e4a36f41SAndroid Build Coastguard Worker -init 586*e4a36f41SAndroid Build Coastguard Worker} setupwizard_prop:property_service set; 587*e4a36f41SAndroid Build Coastguard Worker 588*e4a36f41SAndroid Build Coastguard Worker# ro.product.property_source_order is useless after initialization of ro.product.* props. 589*e4a36f41SAndroid Build Coastguard Worker# So making it accessible only from init and vendor_init. 590*e4a36f41SAndroid Build Coastguard Workerneverallow { 591*e4a36f41SAndroid Build Coastguard Worker domain 592*e4a36f41SAndroid Build Coastguard Worker -init 593*e4a36f41SAndroid Build Coastguard Worker -dumpstate 594*e4a36f41SAndroid Build Coastguard Worker -vendor_init 595*e4a36f41SAndroid Build Coastguard Worker} build_config_prop:file no_rw_file_perms; 596*e4a36f41SAndroid Build Coastguard Worker 597*e4a36f41SAndroid Build Coastguard Workerneverallow { 598*e4a36f41SAndroid Build Coastguard Worker domain 599*e4a36f41SAndroid Build Coastguard Worker -init 600*e4a36f41SAndroid Build Coastguard Worker -shell 601*e4a36f41SAndroid Build Coastguard Worker} sqlite_log_prop:property_service set; 602*e4a36f41SAndroid Build Coastguard Worker 603*e4a36f41SAndroid Build Coastguard Workerneverallow { 604*e4a36f41SAndroid Build Coastguard Worker domain 605*e4a36f41SAndroid Build Coastguard Worker -coredomain 606*e4a36f41SAndroid Build Coastguard Worker -appdomain 607*e4a36f41SAndroid Build Coastguard Worker} sqlite_log_prop:file no_rw_file_perms; 608*e4a36f41SAndroid Build Coastguard Worker 609*e4a36f41SAndroid Build Coastguard Workerneverallow { 610*e4a36f41SAndroid Build Coastguard Worker domain 611*e4a36f41SAndroid Build Coastguard Worker -init 612*e4a36f41SAndroid Build Coastguard Worker} default_prop:property_service set; 613*e4a36f41SAndroid Build Coastguard Worker 614*e4a36f41SAndroid Build Coastguard Worker# Only one of system_property_type and vendor_property_type can be assigned. 615*e4a36f41SAndroid Build Coastguard Worker# Property types having both attributes won't be accessible from anywhere. 616*e4a36f41SAndroid Build Coastguard Workerneverallow domain system_and_vendor_property_type:{file property_service} *; 617*e4a36f41SAndroid Build Coastguard Worker 618*e4a36f41SAndroid Build Coastguard Workerneverallow { 619*e4a36f41SAndroid Build Coastguard Worker # Only init and the remote provisioner can set the ro.remote_provisioning.* props 620*e4a36f41SAndroid Build Coastguard Worker domain 621*e4a36f41SAndroid Build Coastguard Worker -init 622*e4a36f41SAndroid Build Coastguard Worker -remote_prov_app 623*e4a36f41SAndroid Build Coastguard Worker} remote_prov_prop:property_service set; 624*e4a36f41SAndroid Build Coastguard Worker 625*e4a36f41SAndroid Build Coastguard Workerneverallow { 626*e4a36f41SAndroid Build Coastguard Worker # Only allow init and shell to set rollback_test_prop 627*e4a36f41SAndroid Build Coastguard Worker domain 628*e4a36f41SAndroid Build Coastguard Worker -init 629*e4a36f41SAndroid Build Coastguard Worker -shell 630*e4a36f41SAndroid Build Coastguard Worker} rollback_test_prop:property_service set; 631*e4a36f41SAndroid Build Coastguard Worker 632*e4a36f41SAndroid Build Coastguard Workerneverallow { 633*e4a36f41SAndroid Build Coastguard Worker # Only allow init and profcollectd to access profcollectd_node_id_prop 634*e4a36f41SAndroid Build Coastguard Worker domain 635*e4a36f41SAndroid Build Coastguard Worker -init 636*e4a36f41SAndroid Build Coastguard Worker -dumpstate 637*e4a36f41SAndroid Build Coastguard Worker -profcollectd 638*e4a36f41SAndroid Build Coastguard Worker} profcollectd_node_id_prop:file r_file_perms; 639*e4a36f41SAndroid Build Coastguard Worker 640