From 224921d18a8aa83123adfbdef8e9c352795e2b6b Mon Sep 17 00:00:00 2001
From: Jaekyun Seok <jaekyun@google.com>
Date: Mon, 9 Apr 2018 12:07:32 +0900
Subject: [PATCH] Whitelist vendor-init-settable bluetooth_prop and wifi_prop

Values of the following properties are set by SoC vendors on some
devices including Pixels.
- persist.bluetooth.a2dp_offload.cap
- persist.bluetooth.a2dp_offload.enable
- persist.vendor.bluetooth.a2dp_offload.enable
- ro.bt.bdaddr_path
- wlan.driver.status

So they should be whitelisted for compatibility.

Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
---
 private/audioserver.te              | 2 ++
 private/bluetooth.te                | 2 ++
 private/compat/26.0/26.0.ignore.cil | 3 +++
 private/compat/27.0/27.0.ignore.cil | 3 +++
 private/priv_app.te                 | 1 +
 private/system_app.te               | 2 ++
 private/webview_zygote.te           | 6 +++++-
 private/zygote.te                   | 6 +++++-
 public/app.te                       | 2 +-
 public/hal_audio.te                 | 2 ++
 public/hal_bluetooth.te             | 2 ++
 public/hal_wifi.te                  | 1 +
 public/property.te                  | 3 +++
 public/property_contexts            | 5 +++++
 public/vendor_init.te               | 3 +++
 public/wificond.te                  | 1 +
 16 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/private/audioserver.te b/private/audioserver.te
index 471fcbed2..a82cfecbd 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -37,7 +37,9 @@ allow audioserver power_service:service_manager find;
 allow audioserver scheduling_policy_service:service_manager find;
 
 # Allow read/write access to bluetooth-specific properties
+set_prop(audioserver, bluetooth_a2dp_offload_prop)
 set_prop(audioserver, bluetooth_prop)
+set_prop(audioserver, exported_bluetooth_prop)
 
 # Grant access to audio files to audioserver
 allow audioserver audio_data_file:dir ra_dir_perms;
diff --git a/private/bluetooth.te b/private/bluetooth.te
index fec94941b..d4198553e 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -39,7 +39,9 @@ allow bluetooth uhid_device:chr_file rw_file_perms;
 allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 
 # Allow write access to bluetooth specific properties
+set_prop(bluetooth, bluetooth_a2dp_offload_prop)
 set_prop(bluetooth, bluetooth_prop)
+set_prop(bluetooth, exported_bluetooth_prop)
 set_prop(bluetooth, pan_result_prop)
 
 allow bluetooth audioserver_service:service_manager find;
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3e2273479..ab58ddaa2 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -11,6 +11,7 @@
     blank_screen
     blank_screen_exec
     blank_screen_tmpfs
+    bluetooth_a2dp_offload_prop
     bpfloader
     bpfloader_exec
     broadcastradio_service
@@ -18,6 +19,7 @@
     crossprofileapps_service
     e2fs
     e2fs_exec
+    exported_bluetooth_prop
     exported_config_prop
     exported_dalvik_prop
     exported_default_prop
@@ -31,6 +33,7 @@
     exported_system_prop
     exported_system_radio_prop
     exported_vold_prop
+    exported_wifi_prop
     exported2_config_prop
     exported2_default_prop
     exported2_radio_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index efc0166fa..493ac312e 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -10,6 +10,7 @@
     blank_screen_exec
     blank_screen_tmpfs
     bootloader_boot_reason_prop
+    bluetooth_a2dp_offload_prop
     bpfloader
     bpfloader_exec
     cgroup_bpf
@@ -22,6 +23,7 @@
     exported3_default_prop
     exported3_radio_prop
     exported3_system_prop
+    exported_bluetooth_prop
     exported_config_prop
     exported_dalvik_prop
     exported_default_prop
@@ -35,6 +37,7 @@
     exported_system_prop
     exported_system_radio_prop
     exported_vold_prop
+    exported_wifi_prop
     fingerprint_vendor_data_file
     fs_bpf
     hal_authsecret_hwservice
diff --git a/private/priv_app.te b/private/priv_app.te
index 0841c41f6..99397a5bc 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -149,6 +149,7 @@ dontaudit priv_app proc_version:file read;
 dontaudit priv_app sysfs:dir read;
 dontaudit priv_app sysfs_android_usb:file read;
 dontaudit priv_app wifi_prop:file read;
+dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
 
 # allow privileged apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
diff --git a/private/system_app.te b/private/system_app.te
index b2f83764f..eb7e05052 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -31,9 +31,11 @@ allow system_app wallpaper_file:file r_file_perms;
 allow system_app icon_file:file r_file_perms;
 
 # Write to properties
+set_prop(system_app, bluetooth_a2dp_offload_prop)
 set_prop(system_app, bluetooth_prop)
 set_prop(system_app, debug_prop)
 set_prop(system_app, system_prop)
+set_prop(system_app, exported_bluetooth_prop)
 set_prop(system_app, exported_system_prop)
 set_prop(system_app, exported2_system_prop)
 set_prop(system_app, exported3_system_prop)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index c9a401a77..c41f9cb3b 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -131,4 +131,8 @@ neverallow webview_zygote domain:{
 
 # Do not allow access to Bluetooth-related system properties.
 # neverallow rules for Bluetooth-related data files are listed above.
-neverallow webview_zygote bluetooth_prop:file create_file_perms;
+neverallow webview_zygote {
+  bluetooth_a2dp_offload_prop
+  bluetooth_prop
+  exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/private/zygote.te b/private/zygote.te
index 0a1a7c6b9..4f26bd015 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -136,4 +136,8 @@ neverallow zygote {
 }:file no_x_file_perms;
 
 # Do not allow access to Bluetooth-related system properties and files
-neverallow zygote bluetooth_prop:file create_file_perms;
+neverallow zygote {
+  bluetooth_a2dp_offload_prop
+  bluetooth_prop
+  exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/public/app.te b/public/app.te
index 4eeede958..cc4d285f8 100644
--- a/public/app.te
+++ b/public/app.te
@@ -557,7 +557,7 @@ neverallow {
   appdomain
   -bluetooth
   -system_app
-} bluetooth_prop:file create_file_perms;
+} { bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
 
 # Apps cannot access proc_uid_time_in_state
 neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 8d9d9328c..037066ea8 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -34,3 +34,5 @@ neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
 
 # Only audio HAL may directly access the audio hardware
 neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
+
+get_prop(hal_audio, bluetooth_a2dp_offload_prop)
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 461523bdc..373dbec6b 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -21,7 +21,9 @@ allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow hal_bluetooth self:global_capability2_class_set wake_alarm;
 
 # Allow write access to bluetooth-specific properties
+set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop)
 set_prop(hal_bluetooth, bluetooth_prop)
+set_prop(hal_bluetooth, exported_bluetooth_prop)
 
 # /proc access (bluesleep etc.).
 allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 78823d002..7cea7c740 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -8,6 +8,7 @@ allow hal_wifi_client hal_wifi_hwservice:hwservice_manager find;
 r_dir_file(hal_wifi, proc_net)
 r_dir_file(hal_wifi, sysfs_type)
 
+set_prop(hal_wifi, exported_wifi_prop)
 set_prop(hal_wifi, wifi_prop)
 
 # allow hal wifi set interfaces up and down
diff --git a/public/property.te b/public/property.te
index 6fa85dc90..804536834 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,5 +1,6 @@
 type audio_prop, property_type, core_property_type;
 type boottime_prop, property_type;
+type bluetooth_a2dp_offload_prop, property_type;
 type bluetooth_prop, property_type;
 type bootloader_boot_reason_prop, property_type;
 type config_prop, property_type, core_property_type;
@@ -56,6 +57,7 @@ type wifi_prop, property_type;
 type vendor_security_patch_level_prop, property_type;
 
 # Properties for whitelisting
+type exported_bluetooth_prop, property_type;
 type exported_config_prop, property_type;
 type exported_dalvik_prop, property_type;
 type exported_default_prop, property_type;
@@ -68,6 +70,7 @@ type exported_radio_prop, property_type;
 type exported_system_prop, property_type;
 type exported_system_radio_prop, property_type;
 type exported_vold_prop, property_type;
+type exported_wifi_prop, property_type;
 type exported2_config_prop, property_type;
 type exported2_default_prop, property_type;
 type exported2_radio_prop, property_type;
diff --git a/public/property_contexts b/public/property_contexts
index 57a61231b..380b16ce3 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -61,6 +61,8 @@ dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
 drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
 keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
 media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
+persist.bluetooth.a2dp_offload.enable u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
 persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
 persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
@@ -69,6 +71,7 @@ persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
 persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
 persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
 persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact bool
+persist.vendor.bluetooth.a2dp_offload.enable u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
@@ -77,6 +80,7 @@ pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
 ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
 ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
 ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
+ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
 ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
 ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
 ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
@@ -113,6 +117,7 @@ sys.usb.state u:object_r:exported2_system_prop:s0 exact string
 telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
 tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
 vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
 
 # vendor-init-readable|vendor-init-actionable
 dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
diff --git a/public/vendor_init.te b/public/vendor_init.te
index dee2006a8..027392509 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -159,7 +159,9 @@ not_compatible_property(`
     })
 ')
 
+set_prop(vendor_init, bluetooth_a2dp_offload_prop)
 set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_bluetooth_prop)
 set_prop(vendor_init, exported_config_prop)
 set_prop(vendor_init, exported_dalvik_prop)
 set_prop(vendor_init, exported_default_prop)
@@ -168,6 +170,7 @@ set_prop(vendor_init, exported_overlay_prop)
 set_prop(vendor_init, exported_pm_prop)
 set_prop(vendor_init, exported_radio_prop)
 set_prop(vendor_init, exported_system_radio_prop)
+set_prop(vendor_init, exported_wifi_prop)
 set_prop(vendor_init, exported2_config_prop)
 set_prop(vendor_init, exported2_system_prop)
 set_prop(vendor_init, exported2_vold_prop)
diff --git a/public/wificond.te b/public/wificond.te
index f4990b2d5..96668f3a8 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -7,6 +7,7 @@ binder_call(wificond, system_server)
 
 add_service(wificond, wificond_service)
 
+set_prop(wificond, exported_wifi_prop)
 set_prop(wificond, wifi_prop)
 set_prop(wificond, ctl_default_prop)
 
-- 
GitLab