neverallow coredomain from writing vendor properties
System properties can be abused to get around Treble requirements of
having a clean system/vendor split. This CL seeks to prevent that by
neverallowing coredomain from writing vendor properties.
Bug: 78598545
Test: build 2017 Pixels
Test: build aosp_arm64
Change-Id: I5e06894150ba121624d753228e550ba9b81f7677
(cherry picked from commit cdb1624c27)
This commit is contained in:
Tom Cherry
Jiyong Park
parent
1156d59389
commit
5897e23ea1
@ -173,6 +173,12 @@ expandattribute data_between_core_and_vendor_violators false;
|
||||
attribute system_executes_vendor_violators;
|
||||
expandattribute system_executes_vendor_violators false;
|
||||
|
||||
# All system domains which violate the requirement of not writing vendor
|
||||
# properties.
|
||||
# TODO(b/78598545): Remove this once there are no violations
|
||||
attribute system_writes_vendor_properties_violators;
|
||||
expandattribute system_writes_vendor_properties_violators false;
|
||||
|
||||
# hwservices that are accessible from untrusted applications
|
||||
# WARNING: Use of this attribute should be avoided unless
|
||||
# absolutely necessary. It is a temporary allowance to aid the
|
||||
|
||||
@ -307,3 +307,103 @@ compatible_property_only(`
|
||||
wifi_prop
|
||||
}:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
compatible_property_only(`
|
||||
# Neverallow coredomain to set vendor properties
|
||||
neverallow {
|
||||
coredomain
|
||||
-init
|
||||
-system_writes_vendor_properties_violators
|
||||
} {
|
||||
property_type
|
||||
-audio_prop
|
||||
-bluetooth_a2dp_offload_prop
|
||||
-bluetooth_prop
|
||||
-bootloader_boot_reason_prop
|
||||
-boottime_prop
|
||||
-config_prop
|
||||
-cppreopt_prop
|
||||
-ctl_bootanim_prop
|
||||
-ctl_bugreport_prop
|
||||
-ctl_console_prop
|
||||
-ctl_default_prop
|
||||
-ctl_dumpstate_prop
|
||||
-ctl_fuse_prop
|
||||
-ctl_interface_restart_prop
|
||||
-ctl_interface_start_prop
|
||||
-ctl_interface_stop_prop
|
||||
-ctl_mdnsd_prop
|
||||
-ctl_restart_prop
|
||||
-ctl_rildaemon_prop
|
||||
-ctl_sigstop_prop
|
||||
-ctl_start_prop
|
||||
-ctl_stop_prop
|
||||
-dalvik_prop
|
||||
-debug_prop
|
||||
-debuggerd_prop
|
||||
-default_prop
|
||||
-device_logging_prop
|
||||
-dhcp_prop
|
||||
-dumpstate_options_prop
|
||||
-dumpstate_prop
|
||||
-exported2_config_prop
|
||||
-exported2_default_prop
|
||||
-exported2_radio_prop
|
||||
-exported2_system_prop
|
||||
-exported2_vold_prop
|
||||
-exported3_default_prop
|
||||
-exported3_radio_prop
|
||||
-exported3_system_prop
|
||||
-exported_bluetooth_prop
|
||||
-exported_config_prop
|
||||
-exported_dalvik_prop
|
||||
-exported_default_prop
|
||||
-exported_dumpstate_prop
|
||||
-exported_ffs_prop
|
||||
-exported_fingerprint_prop
|
||||
-exported_overlay_prop
|
||||
-exported_pm_prop
|
||||
-exported_radio_prop
|
||||
-exported_secure_prop
|
||||
-exported_system_prop
|
||||
-exported_system_radio_prop
|
||||
-exported_vold_prop
|
||||
-exported_wifi_prop
|
||||
-ffs_prop
|
||||
-fingerprint_prop
|
||||
-firstboot_prop
|
||||
-hwservicemanager_prop
|
||||
-last_boot_reason_prop
|
||||
-log_prop
|
||||
-log_tag_prop
|
||||
-logd_prop
|
||||
-logpersistd_logging_prop
|
||||
-lowpan_prop
|
||||
-mmc_prop
|
||||
-net_dns_prop
|
||||
-net_radio_prop
|
||||
-netd_stable_secret_prop
|
||||
-nfc_prop
|
||||
-overlay_prop
|
||||
-pan_result_prop
|
||||
-persist_debug_prop
|
||||
-persistent_properties_ready_prop
|
||||
-pm_prop
|
||||
-powerctl_prop
|
||||
-radio_prop
|
||||
-restorecon_prop
|
||||
-safemode_prop
|
||||
-serialno_prop
|
||||
-shell_prop
|
||||
-system_boot_reason_prop
|
||||
-system_prop
|
||||
-system_radio_prop
|
||||
-test_boot_reason_prop
|
||||
-traced_enabled_prop
|
||||
-vendor_default_prop
|
||||
-vendor_security_patch_level_prop
|
||||
-vold_prop
|
||||
-wifi_log_prop
|
||||
-wifi_prop
|
||||
}:property_service set;
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user