From 062236a8c9c7467222b1780c2fb6ce014d5fe14b Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Tue, 27 Dec 2016 14:05:46 -0800
Subject: [PATCH] Remove access to ro.runtime.firstboot from apps

ro.runtime.firstboot system property is only used internally by
system_server to distinguish between first start after boot from
consecutive starts (for example, this happens when full-disk
encryption is enabled). The value of the property is a
millisecond-precise timestamp which can help track individual
device. Thus apps should not have access to this property.

Test: Device boots fine, reading ro.runtime.firstboot from an app results in an error and SELinux denial.
Bug: 33700679
Change-Id: I4c3c26a35c5dd840bced3a3e53d071f45317f63c
---
 private/property_contexts | 1 +
 public/domain.te          | 3 +++
 public/property.te        | 1 +
 public/system_server.te   | 3 +++
 4 files changed, 8 insertions(+)

diff --git a/private/property_contexts b/private/property_contexts
index a27b7566f..39e8a8db8 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -18,6 +18,7 @@ persist.radio           u:object_r:radio_prop:s0
 net.                    u:object_r:system_prop:s0
 dev.                    u:object_r:system_prop:s0
 ro.runtime.             u:object_r:system_prop:s0
+ro.runtime.firstboot    u:object_r:firstboot_prop:s0
 hw.                     u:object_r:system_prop:s0
 ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
diff --git a/public/domain.te b/public/domain.te
index 47b3e5a46..2bf0be312 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -386,6 +386,9 @@ neverallow {
   -system_server
 } serialno_prop:file r_file_perms;
 
+# Do not allow reading the last boot timestamp from system properties
+neverallow { domain -init -system_server } firstboot_prop:file r_file_perms;
+
 neverallow {
   domain
   -init
diff --git a/public/property.te b/public/property.te
index 0bba50d3a..ce5ce2f9b 100644
--- a/public/property.te
+++ b/public/property.te
@@ -21,6 +21,7 @@ type dumpstate_options_prop, property_type;
 type dumpstate_prop, property_type, core_property_type;
 type ffs_prop, property_type, core_property_type;
 type fingerprint_prop, property_type, core_property_type;
+type firstboot_prop, property_type;
 type hwservicemanager_prop, property_type;
 type logd_prop, property_type, core_property_type;
 type logpersistd_logging_prop, property_type;
diff --git a/public/system_server.te b/public/system_server.te
index bc1dd9f34..99ff1d816 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -391,6 +391,9 @@ get_prop(system_server, boottime_prop)
 # Read device's serial number from system properties
 get_prop(system_server, serialno_prop)
 
+# Read/write the property which keeps track of whether this is the first start of system_server
+set_prop(system_server, firstboot_prop)
+
 # Create a socket for receiving info from wpa.
 allow system_server wpa_socket:dir rw_dir_perms;
 allow system_server system_wpa_socket:sock_file create_file_perms;
-- 
GitLab