Allow dumpstate to read property_type
dumpstate needs to read all the system properties for debugging. Bug: 77277669 Test: succeeded building and tested with taimen Change-Id: I3603854b3be67d4fc55d74f7925a21bfa59c81ee
This commit is contained in:
parent
ba89007178
commit
4de238e9b9
@ -560,7 +560,7 @@ neverallow {
|
||||
} serialno_prop:file r_file_perms;
|
||||
|
||||
# Do not allow reading the last boot timestamp from system properties
|
||||
neverallow { domain -init -system_server } firstboot_prop:file r_file_perms;
|
||||
neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
|
@ -232,16 +232,8 @@ set_prop(dumpstate, exported_dumpstate_prop)
|
||||
# dumpstate_options_prop is used to pass extra command-line args.
|
||||
set_prop(dumpstate, dumpstate_options_prop)
|
||||
|
||||
# Read device's serial number from system properties
|
||||
get_prop(dumpstate, serialno_prop)
|
||||
|
||||
# Read state of logging-related properties
|
||||
get_prop(dumpstate, device_logging_prop)
|
||||
|
||||
# Read state of boot reason properties
|
||||
get_prop(dumpstate, bootloader_boot_reason_prop)
|
||||
get_prop(dumpstate, last_boot_reason_prop)
|
||||
get_prop(dumpstate, system_boot_reason_prop)
|
||||
# Read any system properties
|
||||
get_prop(dumpstate, property_type)
|
||||
|
||||
# Access to /data/media.
|
||||
# This should be removed if sdcardfs is modified to alter the secontext for its
|
||||
|
@ -141,7 +141,7 @@ neverallow netd { appdomain userdebug_or_eng(`-su') }:binder call;
|
||||
|
||||
# persist.netd.stable_secret contains RFC 7217 secret key which should never be
|
||||
# leaked to other processes. Make sure it never leaks.
|
||||
neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
|
||||
neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms;
|
||||
|
||||
# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
|
||||
# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
|
||||
|
Loading…
Reference in New Issue
Block a user