Whitelist exported platform properties
This CL lists all the exported platform properties in private/exported_property_contexts. Additionally accessing core_property_type from vendor components is restricted. Instead public_readable_property_type is used to allow vendor components to read exported platform properties, and accessibility from vendor_init is also specified explicitly. Note that whitelisting would be applied only if PRODUCT_COMPATIBLE_PROPERTY is set on. Bug: 38146102 Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
This commit is contained in:
Jaekyun Seok
Jeffrey Vander Stoep
parent
c80f9e037b
commit
e49714542e
@ -262,6 +262,7 @@ $(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
$(reqd_policy_mask.conf): $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
|
||||
$(transform-policy-to-conf)
|
||||
# b/37755687
|
||||
@ -288,6 +289,7 @@ $(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
$(plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
|
||||
$(transform-policy-to-conf)
|
||||
@ -336,6 +338,7 @@ $(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
$(plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
|
||||
$(transform-policy-to-conf)
|
||||
@ -451,6 +454,7 @@ $(nonplat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(nonplat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(nonplat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(nonplat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(nonplat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
$(nonplat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
$(transform-policy-to-conf)
|
||||
@ -882,6 +886,9 @@ endif
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
plat_pcfiles := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
ifeq ($(PRODUCT_COMPATIBLE_PROPERTY),true)
|
||||
plat_pcfiles += $(LOCAL_PATH)/public/property_contexts
|
||||
endif
|
||||
|
||||
plat_property_contexts.tmp := $(intermediates)/plat_property_contexts.tmp
|
||||
$(plat_property_contexts.tmp): PRIVATE_PC_FILES := $(plat_pcfiles)
|
||||
@ -1281,6 +1288,7 @@ $(base_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(base_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
|
||||
$(base_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
$(base_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(BASE_PLAT_PUBLIC_POLICY) $(BASE_PLAT_PRIVATE_POLICY))
|
||||
$(transform-policy-to-conf)
|
||||
|
||||
@ -9,6 +9,7 @@ $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
|
||||
-D target_arch=$(PRIVATE_TGT_ARCH) \
|
||||
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
|
||||
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
|
||||
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
|
||||
$(PRIVATE_TGT_RECOVERY) \
|
||||
-s $^ > $@
|
||||
endef
|
||||
|
||||
@ -55,6 +55,7 @@ allow adbd anr_data_file:file r_file_perms;
|
||||
set_prop(adbd, shell_prop)
|
||||
set_prop(adbd, powerctl_prop)
|
||||
set_prop(adbd, ffs_prop)
|
||||
set_prop(adbd, exported_ffs_prop)
|
||||
|
||||
# Access device logging gating property
|
||||
get_prop(adbd, device_logging_prop)
|
||||
|
||||
@ -10,6 +10,24 @@
|
||||
crossprofileapps_service
|
||||
e2fs
|
||||
e2fs_exec
|
||||
exported_config_prop
|
||||
exported_dalvik_prop
|
||||
exported_default_prop
|
||||
exported_dumpstate_prop
|
||||
exported_ffs_prop
|
||||
exported_overlay_prop
|
||||
exported_pm_prop
|
||||
exported_radio_prop
|
||||
exported_system_prop
|
||||
exported_system_radio_prop
|
||||
exported_vold_prop
|
||||
exported2_config_prop
|
||||
exported2_default_prop
|
||||
exported2_radio_prop
|
||||
exported2_system_prop
|
||||
exported2_vold_prop
|
||||
exported3_default_prop
|
||||
exported3_system_prop
|
||||
fs_bpf
|
||||
hal_broadcastradio_hwservice
|
||||
hal_cas_hwservice
|
||||
@ -64,6 +82,7 @@
|
||||
traced_producer_socket
|
||||
traced_tmpfs
|
||||
update_engine_log_data_file
|
||||
vendor_default_prop
|
||||
vendor_init
|
||||
vold_prepare_subdirs
|
||||
vold_prepare_subdirs_exec
|
||||
|
||||
@ -1 +1,2 @@
|
||||
get_prop(coredomain, pm_prop)
|
||||
get_prop(coredomain, exported_pm_prop)
|
||||
|
||||
@ -37,3 +37,4 @@ allow mediaprovider functionfs:file rw_file_perms;
|
||||
|
||||
# MtpServer sets sys.usb.ffs.mtp.ready
|
||||
set_prop(mediaprovider, ffs_prop)
|
||||
set_prop(mediaprovider, exported_ffs_prop)
|
||||
|
||||
@ -9,7 +9,10 @@ net.qmi u:object_r:net_radio_prop:s0
|
||||
net.lte u:object_r:net_radio_prop:s0
|
||||
net.cdma u:object_r:net_radio_prop:s0
|
||||
net.dns u:object_r:net_dns_prop:s0
|
||||
sys.usb.config u:object_r:system_radio_prop:s0
|
||||
# TODO(b/36001741): Rename to sys.usb.config when exact match is supported and
|
||||
# so an exact-matching spec isn't considered as a duplicate of a
|
||||
# prefix-matching spec having the same property name.
|
||||
sys.usb.conf u:object_r:system_radio_prop:s0
|
||||
ril. u:object_r:radio_prop:s0
|
||||
ro.ril. u:object_r:radio_prop:s0
|
||||
gsm. u:object_r:radio_prop:s0
|
||||
@ -45,6 +48,7 @@ persist.audio. u:object_r:audio_prop:s0
|
||||
persist.bluetooth. u:object_r:bluetooth_prop:s0
|
||||
persist.debug. u:object_r:persist_debug_prop:s0
|
||||
persist.logd. u:object_r:logd_prop:s0
|
||||
ro.logd. u:object_r:logd_prop:s0
|
||||
persist.logd.security u:object_r:device_logging_prop:s0
|
||||
persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
||||
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
||||
@ -86,6 +90,9 @@ ro.crypto. u:object_r:vold_prop:s0
|
||||
|
||||
# ro.build.fingerprint is either set in /system/build.prop, or is
|
||||
# set at runtime by system_server.
|
||||
# TODO(b/36001741): Copy into exported_property_contexts when exact match is
|
||||
# supported and so an exact-matching spec isn't considered as a duplicate of a
|
||||
# prefix-matching spec having the same property name.
|
||||
ro.build.fingerprint u:object_r:fingerprint_prop:s0
|
||||
|
||||
ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
|
||||
@ -120,3 +127,10 @@ ro.lowpan. u:object_r:lowpan_prop:s0
|
||||
|
||||
# hwservicemanager properties
|
||||
hwservicemanager. u:object_r:hwservicemanager_prop:s0
|
||||
|
||||
# Common vendor default properties.
|
||||
init.svc.vendor. u:object_r:vendor_default_prop:s0
|
||||
ro.hardware. u:object_r:vendor_default_prop:s0
|
||||
ro.vendor. u:object_r:vendor_default_prop:s0
|
||||
persist.vendor. u:object_r:vendor_default_prop:s0
|
||||
vendor. u:object_r:vendor_default_prop:s0
|
||||
|
||||
@ -46,6 +46,9 @@ allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_i
|
||||
|
||||
# Set properties.
|
||||
set_prop(surfaceflinger, system_prop)
|
||||
set_prop(surfaceflinger, exported_system_prop)
|
||||
set_prop(surfaceflinger, exported2_system_prop)
|
||||
set_prop(surfaceflinger, exported3_system_prop)
|
||||
set_prop(surfaceflinger, ctl_bootanim_prop)
|
||||
|
||||
# Use open files supplied by an app.
|
||||
|
||||
@ -34,13 +34,18 @@ allow system_app icon_file:file r_file_perms;
|
||||
set_prop(system_app, bluetooth_prop)
|
||||
set_prop(system_app, debug_prop)
|
||||
set_prop(system_app, system_prop)
|
||||
set_prop(system_app, exported_system_prop)
|
||||
set_prop(system_app, exported2_system_prop)
|
||||
set_prop(system_app, exported3_system_prop)
|
||||
set_prop(system_app, logd_prop)
|
||||
set_prop(system_app, net_radio_prop)
|
||||
set_prop(system_app, system_radio_prop)
|
||||
set_prop(system_app, exported_system_radio_prop)
|
||||
set_prop(system_app, log_tag_prop)
|
||||
userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
|
||||
auditallow system_app net_radio_prop:property_service set;
|
||||
auditallow system_app system_radio_prop:property_service set;
|
||||
auditallow system_app exported_system_radio_prop:property_service set;
|
||||
|
||||
# ctl interface
|
||||
set_prop(system_app, ctl_default_prop)
|
||||
|
||||
@ -468,18 +468,24 @@ allow system_server system_data_file:dir relabelfrom;
|
||||
|
||||
# Property Service write
|
||||
set_prop(system_server, system_prop)
|
||||
set_prop(system_server, exported_system_prop)
|
||||
set_prop(system_server, exported2_system_prop)
|
||||
set_prop(system_server, exported3_system_prop)
|
||||
set_prop(system_server, safemode_prop)
|
||||
set_prop(system_server, dhcp_prop)
|
||||
set_prop(system_server, net_radio_prop)
|
||||
set_prop(system_server, net_dns_prop)
|
||||
set_prop(system_server, system_radio_prop)
|
||||
set_prop(system_server, exported_system_radio_prop)
|
||||
set_prop(system_server, debug_prop)
|
||||
set_prop(system_server, powerctl_prop)
|
||||
set_prop(system_server, fingerprint_prop)
|
||||
set_prop(system_server, device_logging_prop)
|
||||
set_prop(system_server, dumpstate_options_prop)
|
||||
set_prop(system_server, overlay_prop)
|
||||
set_prop(system_server, exported_overlay_prop)
|
||||
set_prop(system_server, pm_prop)
|
||||
set_prop(system_server, exported_pm_prop)
|
||||
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
|
||||
|
||||
# ctl interface
|
||||
|
||||
@ -110,6 +110,7 @@ allow zygote tmpfs:dir r_dir_perms;
|
||||
|
||||
# Let the zygote access overlays so it can initialize the AssetManager.
|
||||
get_prop(zygote, overlay_prop)
|
||||
get_prop(zygote, exported_overlay_prop)
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
|
||||
@ -38,3 +38,6 @@ allow charger proc_sysrq:file rw_file_perms;
|
||||
# charger needs to tell init to continue the boot
|
||||
# process when running in charger mode.
|
||||
set_prop(charger, system_prop)
|
||||
set_prop(charger, exported_system_prop)
|
||||
set_prop(charger, exported2_system_prop)
|
||||
set_prop(charger, exported3_system_prop)
|
||||
|
||||
@ -85,7 +85,57 @@ allow domain property_info:file r_file_perms;
|
||||
|
||||
# For now, everyone can access core property files
|
||||
# Device specific properties are not granted by default
|
||||
get_prop(domain, core_property_type)
|
||||
not_compatible_property(`
|
||||
get_prop(domain, core_property_type)
|
||||
get_prop(domain, exported_dalvik_prop)
|
||||
get_prop(domain, exported_ffs_prop)
|
||||
get_prop(domain, exported_system_radio_prop)
|
||||
get_prop(domain, exported2_config_prop)
|
||||
get_prop(domain, exported2_radio_prop)
|
||||
get_prop(domain, exported2_system_prop)
|
||||
get_prop(domain, exported2_vold_prop)
|
||||
get_prop(domain, exported3_default_prop)
|
||||
get_prop(domain, exported3_system_prop)
|
||||
get_prop(domain, vendor_default_prop)
|
||||
')
|
||||
compatible_property_only(`
|
||||
get_prop({coredomain appdomain shell}, core_property_type)
|
||||
get_prop({coredomain appdomain shell}, exported_dalvik_prop)
|
||||
get_prop({coredomain appdomain shell}, exported_ffs_prop)
|
||||
get_prop({coredomain appdomain shell}, exported_system_radio_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_config_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_radio_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_system_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_vold_prop)
|
||||
get_prop({coredomain appdomain shell}, exported3_default_prop)
|
||||
get_prop({coredomain appdomain shell}, exported3_system_prop)
|
||||
userdebug_or_eng(`
|
||||
get_prop(su, core_property_type)
|
||||
get_prop(su, exported_dalvik_prop)
|
||||
get_prop(su, exported_ffs_prop)
|
||||
get_prop(su, exported_system_radio_prop)
|
||||
get_prop(su, exported2_config_prop)
|
||||
get_prop(su, exported2_radio_prop)
|
||||
get_prop(su, exported2_system_prop)
|
||||
get_prop(su, exported2_vold_prop)
|
||||
get_prop(su, exported3_default_prop)
|
||||
get_prop(su, exported3_system_prop)
|
||||
')
|
||||
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
|
||||
')
|
||||
|
||||
# Public readable properties
|
||||
get_prop(domain, debug_prop)
|
||||
get_prop(domain, exported_config_prop)
|
||||
get_prop(domain, exported_default_prop)
|
||||
get_prop(domain, exported_dumpstate_prop)
|
||||
get_prop(domain, exported_radio_prop)
|
||||
get_prop(domain, exported_system_prop)
|
||||
get_prop(domain, exported_vold_prop)
|
||||
get_prop(domain, exported2_default_prop)
|
||||
get_prop(domain, fingerprint_prop)
|
||||
get_prop(domain, logd_prop)
|
||||
|
||||
# Let everyone read log properties, so that liblog can avoid sending unloggable
|
||||
# messages to logd.
|
||||
get_prop(domain, log_property_type)
|
||||
@ -459,10 +509,22 @@ neverallow * hidl_base_hwservice:hwservice_manager find;
|
||||
neverallow { domain -init } default_prop:property_service set;
|
||||
neverallow { domain -init } mmc_prop:property_service set;
|
||||
|
||||
compatible_property_only(`
|
||||
neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
|
||||
neverallow { domain -init -vendor_init } exported2_default_prop:property_service set;
|
||||
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
|
||||
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
|
||||
')
|
||||
|
||||
# Only core domains are allowed to access package_manager properties
|
||||
neverallow { domain -init -system_server } pm_prop:property_service set;
|
||||
neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
|
||||
|
||||
compatible_property_only(`
|
||||
neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set;
|
||||
neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
# Do not allow reading device's serial number from system properties except form
|
||||
# a few whitelisted domains.
|
||||
neverallow {
|
||||
|
||||
@ -220,6 +220,7 @@ allow dumpstate devpts:chr_file rw_file_perms;
|
||||
# Set properties.
|
||||
# dumpstate_prop is used to share state with the Shell app.
|
||||
set_prop(dumpstate, dumpstate_prop)
|
||||
set_prop(dumpstate, exported_dumpstate_prop)
|
||||
# dumpstate_options_prop is used to pass extra command-line args.
|
||||
set_prop(dumpstate, dumpstate_options_prop)
|
||||
|
||||
|
||||
@ -58,3 +58,6 @@ add_service(healthd, batteryproperties_service)
|
||||
# Healthd needs to tell init to continue the boot
|
||||
# process when running in charger mode.
|
||||
set_prop(healthd, system_prop)
|
||||
set_prop(healthd, exported_system_prop)
|
||||
set_prop(healthd, exported2_system_prop)
|
||||
set_prop(healthd, exported3_system_prop)
|
||||
|
||||
@ -53,6 +53,27 @@ type vold_prop, property_type, core_property_type;
|
||||
type wifi_log_prop, property_type, log_property_type;
|
||||
type wifi_prop, property_type;
|
||||
|
||||
# Properties for whitelisting
|
||||
type exported_config_prop, property_type;
|
||||
type exported_dalvik_prop, property_type;
|
||||
type exported_default_prop, property_type;
|
||||
type exported_dumpstate_prop, property_type;
|
||||
type exported_ffs_prop, property_type;
|
||||
type exported_overlay_prop, property_type;
|
||||
type exported_pm_prop, property_type;
|
||||
type exported_radio_prop, property_type;
|
||||
type exported_system_prop, property_type;
|
||||
type exported_system_radio_prop, property_type;
|
||||
type exported_vold_prop, property_type;
|
||||
type exported2_config_prop, property_type;
|
||||
type exported2_default_prop, property_type;
|
||||
type exported2_radio_prop, property_type;
|
||||
type exported2_system_prop, property_type;
|
||||
type exported2_vold_prop, property_type;
|
||||
type exported3_default_prop, property_type;
|
||||
type exported3_system_prop, property_type;
|
||||
type vendor_default_prop, property_type;
|
||||
|
||||
allow property_type tmpfs:filesystem associate;
|
||||
|
||||
###
|
||||
@ -92,3 +113,53 @@ neverallow * {
|
||||
-system_radio_prop
|
||||
-vold_prop
|
||||
}:file no_rw_file_perms;
|
||||
|
||||
compatible_property_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain
|
||||
-vendor_init
|
||||
} {
|
||||
core_property_type
|
||||
exported_config_prop
|
||||
exported_dalvik_prop
|
||||
exported_default_prop
|
||||
exported_dumpstate_prop
|
||||
exported_ffs_prop
|
||||
exported_radio_prop
|
||||
exported_system_prop
|
||||
exported_system_radio_prop
|
||||
exported_vold_prop
|
||||
exported2_config_prop
|
||||
exported2_default_prop
|
||||
exported2_radio_prop
|
||||
exported2_system_prop
|
||||
exported2_vold_prop
|
||||
exported3_default_prop
|
||||
exported3_system_prop
|
||||
}:file no_w_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain
|
||||
-vendor_init
|
||||
} {
|
||||
core_property_type
|
||||
exported_dalvik_prop
|
||||
exported_ffs_prop
|
||||
exported_system_radio_prop
|
||||
exported2_config_prop
|
||||
exported2_system_prop
|
||||
exported2_vold_prop
|
||||
exported3_default_prop
|
||||
exported3_system_prop
|
||||
-debug_prop
|
||||
-fingerprint_prop
|
||||
-logd_prop
|
||||
-nfc_prop
|
||||
-powerctl_prop
|
||||
-radio_prop
|
||||
}:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
268
public/property_contexts
Normal file
268
public/property_contexts
Normal file
@ -0,0 +1,268 @@
|
||||
# vendor-init-readable
|
||||
persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
|
||||
persist.radio.multisim.config u:object_r:exported2_radio_prop:s0 exact string
|
||||
|
||||
# vendor-init-settable
|
||||
af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
|
||||
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
|
||||
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
|
||||
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
|
||||
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.stack-trace-dir u:object_r:exported_dalvik_prop:s0 exact string
|
||||
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
|
||||
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
|
||||
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
|
||||
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
|
||||
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
|
||||
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
|
||||
persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
|
||||
persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
|
||||
persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
|
||||
persist.rcs.supported u:object_r:exported3_default_prop:s0 exact int
|
||||
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
|
||||
persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
|
||||
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
|
||||
pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
|
||||
ro.adb.secure u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
|
||||
ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
|
||||
ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
|
||||
ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
|
||||
ro.com.google.clientidbase u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
|
||||
ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
|
||||
ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
|
||||
ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
|
||||
ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
|
||||
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
|
||||
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
|
||||
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
|
||||
ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact int
|
||||
ro.url.legal u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.url.legal.android_privacy u:object_r:exported3_default_prop:s0 exact string
|
||||
ro.zygote u:object_r:exported3_default_prop:s0 exact string
|
||||
sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
|
||||
sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
|
||||
sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
|
||||
sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
|
||||
sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
|
||||
sys.usb.state u:object_r:exported2_system_prop:s0 exact string
|
||||
telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
|
||||
tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
|
||||
vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
|
||||
|
||||
# vendor-init-readable|vendor-init-actionable
|
||||
sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
|
||||
|
||||
# vendor-init-settable|vendor-init-actionable
|
||||
sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
|
||||
sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
|
||||
|
||||
# public-readable
|
||||
aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
|
||||
aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
|
||||
aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
|
||||
aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
|
||||
aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
|
||||
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
|
||||
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
|
||||
hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
|
||||
init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
|
||||
libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
|
||||
libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
|
||||
persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
|
||||
ro.arch u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
|
||||
ro.baseband u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.bootimage.build.date u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.bootimage.build.date.utc u:object_r:exported2_default_prop:s0 exact int
|
||||
ro.bootimage.build.fingerprint u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.bootloader u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.date u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
|
||||
ro.build.description u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.host u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.id u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.product u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
|
||||
ro.build.tags u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.user u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
|
||||
ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
|
||||
ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
|
||||
ro.crypto.type u:object_r:exported_vold_prop:s0 exact string
|
||||
ro.debuggable u:object_r:exported2_default_prop:s0 exact int
|
||||
ro.hardware u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.brand u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.device u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.model u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.product.name u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
|
||||
ro.revision u:object_r:exported2_default_prop:s0 exact string
|
||||
service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
|
||||
sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
|
||||
vold.decrypt u:object_r:exported_vold_prop:s0 exact string
|
||||
|
||||
# vendor-init-settable|public-readable
|
||||
aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
|
||||
aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
|
||||
aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
|
||||
aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
|
||||
aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
|
||||
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
|
||||
gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
|
||||
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
|
||||
ro.board.platform u:object_r:exported_default_prop:s0 exact string
|
||||
ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
|
||||
ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
|
||||
ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
|
||||
ro.carrier u:object_r:exported_default_prop:s0 exact string
|
||||
ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
|
||||
ro.frp.pst u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.input u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.power u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.type u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
|
||||
ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
|
||||
ro.kernel.qemu u:object_r:exported_default_prop:s0 exact int
|
||||
ro.kernel.qemu.gles u:object_r:exported_default_prop:s0 exact int
|
||||
ro.product.board u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
|
||||
ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
|
||||
ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
|
||||
ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
|
||||
ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
|
||||
ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
|
||||
ro.vndk.version u:object_r:exported_default_prop:s0 exact string
|
||||
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
|
||||
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
|
||||
wifi.interface u:object_r:exported_default_prop:s0 exact string
|
||||
|
||||
# vendor-init-actionable|public-readable
|
||||
ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.bootmode u:object_r:exported2_default_prop:s0 exact string
|
||||
ro.build.type u:object_r:exported2_default_prop:s0 exact string
|
||||
sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
|
||||
@ -19,6 +19,8 @@ allow radio net_data_file:file r_file_perms;
|
||||
|
||||
# Property service
|
||||
set_prop(radio, radio_prop)
|
||||
set_prop(radio, exported_radio_prop)
|
||||
set_prop(radio, exported2_radio_prop)
|
||||
set_prop(radio, net_radio_prop)
|
||||
|
||||
# ctl interface
|
||||
|
||||
@ -115,6 +115,7 @@ recovery_only(`
|
||||
|
||||
# Set sys.usb.ffs.ready when starting minadbd for sideload.
|
||||
set_prop(recovery, ffs_prop)
|
||||
set_prop(recovery, exported_ffs_prop)
|
||||
|
||||
# Read ro.boot.bootreason
|
||||
get_prop(recovery, bootloader_boot_reason_prop)
|
||||
|
||||
@ -23,6 +23,8 @@ allow rild sdcard_type:dir r_dir_perms;
|
||||
|
||||
# property service
|
||||
set_prop(rild, radio_prop)
|
||||
set_prop(rild, exported_radio_prop)
|
||||
set_prop(rild, exported2_radio_prop)
|
||||
|
||||
allow rild tty_device:chr_file rw_file_perms;
|
||||
|
||||
|
||||
@ -57,6 +57,7 @@ set_prop(shell, shell_prop)
|
||||
set_prop(shell, ctl_bugreport_prop)
|
||||
set_prop(shell, ctl_dumpstate_prop)
|
||||
set_prop(shell, dumpstate_prop)
|
||||
set_prop(shell, exported_dumpstate_prop)
|
||||
set_prop(shell, debug_prop)
|
||||
set_prop(shell, powerctl_prop)
|
||||
set_prop(shell, log_tag_prop)
|
||||
|
||||
@ -470,6 +470,23 @@ $1
|
||||
#
|
||||
define(`not_full_treble', ifelse(target_full_treble, `true', , $1))
|
||||
|
||||
#####################################
|
||||
# Compatible property only
|
||||
# SELinux rules which apply only to devices with compatible property
|
||||
#
|
||||
define(`compatible_property_only', ifelse(target_compatible_property, `true', $1,
|
||||
ifelse(target_compatible_property, `cts',
|
||||
# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
|
||||
$1
|
||||
# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
|
||||
, )))
|
||||
|
||||
#####################################
|
||||
# Not compatible property
|
||||
# SELinux rules which apply only to devices without compatible property
|
||||
#
|
||||
define(`not_compatible_property', ifelse(target_compatible_property, `true', , $1))
|
||||
|
||||
#####################################
|
||||
# Userdebug or eng builds
|
||||
# SELinux rules which apply only to userdebug or eng builds
|
||||
|
||||
@ -217,3 +217,26 @@ allow vendor_init serialno_prop:file { getattr open read };
|
||||
|
||||
# Vendor init can perform operations on trusted and security Extended Attributes
|
||||
allow vendor_init self:global_capability_class_set sys_admin;
|
||||
|
||||
set_prop(vendor_init, debug_prop)
|
||||
set_prop(vendor_init, exported_config_prop)
|
||||
set_prop(vendor_init, exported_dalvik_prop)
|
||||
set_prop(vendor_init, exported_default_prop)
|
||||
set_prop(vendor_init, exported_ffs_prop)
|
||||
set_prop(vendor_init, exported_overlay_prop)
|
||||
set_prop(vendor_init, exported_pm_prop)
|
||||
set_prop(vendor_init, exported_radio_prop)
|
||||
set_prop(vendor_init, exported_system_radio_prop)
|
||||
set_prop(vendor_init, exported2_config_prop)
|
||||
set_prop(vendor_init, exported2_system_prop)
|
||||
set_prop(vendor_init, exported2_vold_prop)
|
||||
set_prop(vendor_init, exported3_default_prop)
|
||||
set_prop(vendor_init, logd_prop)
|
||||
set_prop(vendor_init, log_tag_prop)
|
||||
set_prop(vendor_init, log_prop)
|
||||
set_prop(vendor_init, serialno_prop)
|
||||
set_prop(vendor_init, vendor_default_prop)
|
||||
set_prop(vendor_init, wifi_log_prop)
|
||||
|
||||
get_prop(vendor_init, exported2_radio_prop)
|
||||
get_prop(vendor_init, exported3_system_prop)
|
||||
|
||||
@ -124,6 +124,8 @@ allow vold kernel:process setsched;
|
||||
|
||||
# Property Service
|
||||
set_prop(vold, vold_prop)
|
||||
set_prop(vold, exported_vold_prop)
|
||||
set_prop(vold, exported2_vold_prop)
|
||||
set_prop(vold, powerctl_prop)
|
||||
set_prop(vold, ctl_fuse_prop)
|
||||
set_prop(vold, restorecon_prop)
|
||||
|
||||
@ -38,6 +38,7 @@ typedef struct file_context_node {
|
||||
char *path;
|
||||
char *file_type;
|
||||
char *context;
|
||||
char *extra;
|
||||
bool_t meta;
|
||||
int stem_len;
|
||||
int str_len;
|
||||
@ -487,6 +488,30 @@ int main(int argc, char *argv[])
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Get rid of whitespace after the context. */
|
||||
for (; i < line_len; i++) {
|
||||
if (!isspace(line_buf[i]))
|
||||
break;
|
||||
}
|
||||
|
||||
/* Parse out the extra from the line. */
|
||||
start = i;
|
||||
finish = line_len;
|
||||
while (start < finish && (!isspace(line_buf[i - 1])))
|
||||
finish--;
|
||||
|
||||
if (start < finish && line_buf[start] != '#') {
|
||||
temp->extra = (char*)strndup(&line_buf[start], finish - start);
|
||||
if (!(temp->extra)) {
|
||||
file_context_node_destroy(temp);
|
||||
free(temp);
|
||||
free(line_buf);
|
||||
fprintf(stderr, "Error: failure allocating memory.\n");
|
||||
fc_free_file_context_node_list(head);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set all the data about the regular
|
||||
* expression. */
|
||||
fc_fill_data(temp);
|
||||
@ -577,7 +602,14 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
/* Output the context. */
|
||||
fprintf(out_file, "%s\n", current->context);
|
||||
fprintf(out_file, "%s", current->context);
|
||||
|
||||
/* Output the extra, if there is one. */
|
||||
if (current->extra) {
|
||||
fprintf(out_file, "\t%s", current->extra);
|
||||
}
|
||||
|
||||
fprintf(out_file, "\n");
|
||||
|
||||
current = current->next;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user