From c0f8f2f82a9526be7c7835f2ef9501948fd5b4ed Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Wed, 30 May 2018 17:38:09 +0900
Subject: [PATCH] add extended_core_property_type

The attribute is used to capture system properties added from outside of
AOSP (e.g. by OEM), but are not device-specific and thus are used only
inside the system partition.

Access to the the system properties from outside of the system partition
is prevented by the neverallow rule.

Bug: 80382020
Bug: 78598545
Test: m -j selinux_policy
Change-Id: I22c083dc195dab84c9c21a79fbe3ad823a3bbb46
---
 prebuilts/api/28.0/public/attributes  | 5 +++++
 prebuilts/api/28.0/public/property.te | 3 +++
 public/attributes                     | 5 +++++
 public/property.te                    | 3 +++
 4 files changed, 16 insertions(+)

diff --git a/prebuilts/api/28.0/public/attributes b/prebuilts/api/28.0/public/attributes
index 6a66c031a..0c7ca2ed7 100644
--- a/prebuilts/api/28.0/public/attributes
+++ b/prebuilts/api/28.0/public/attributes
@@ -70,6 +70,11 @@ attribute core_property_type;
 # All properties used to configure log filtering.
 attribute log_property_type;
 
+# All properties that are not specific to device but are added from
+# outside of AOSP. (e.g. OEM-specific properties)
+# These properties are not accessible from device-specific domains
+attribute extended_core_property_type;
+
 # All service_manager types created by system_server
 attribute system_server_service;
 
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index c31210c0b..42706edd9 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -132,6 +132,7 @@ compatible_property_only(`
     -vendor_init
   } {
     core_property_type
+    extended_core_property_type
     exported_config_prop
     exported_dalvik_prop
     exported_default_prop
@@ -228,6 +229,7 @@ compatible_property_only(`
     -vendor_init
   } {
     core_property_type
+    extended_core_property_type
     exported_dalvik_prop
     exported_ffs_prop
     exported_system_radio_prop
@@ -334,6 +336,7 @@ compatible_property_only(`
     -exported_system_radio_prop
     -exported_vold_prop
     -exported_wifi_prop
+    -extended_core_property_type
     -ffs_prop
     -fingerprint_prop
     -firstboot_prop
diff --git a/public/attributes b/public/attributes
index 6a66c031a..0c7ca2ed7 100644
--- a/public/attributes
+++ b/public/attributes
@@ -70,6 +70,11 @@ attribute core_property_type;
 # All properties used to configure log filtering.
 attribute log_property_type;
 
+# All properties that are not specific to device but are added from
+# outside of AOSP. (e.g. OEM-specific properties)
+# These properties are not accessible from device-specific domains
+attribute extended_core_property_type;
+
 # All service_manager types created by system_server
 attribute system_server_service;
 
diff --git a/public/property.te b/public/property.te
index c31210c0b..42706edd9 100644
--- a/public/property.te
+++ b/public/property.te
@@ -132,6 +132,7 @@ compatible_property_only(`
     -vendor_init
   } {
     core_property_type
+    extended_core_property_type
     exported_config_prop
     exported_dalvik_prop
     exported_default_prop
@@ -228,6 +229,7 @@ compatible_property_only(`
     -vendor_init
   } {
     core_property_type
+    extended_core_property_type
     exported_dalvik_prop
     exported_ffs_prop
     exported_system_radio_prop
@@ -334,6 +336,7 @@ compatible_property_only(`
     -exported_system_radio_prop
     -exported_vold_prop
     -exported_wifi_prop
+    -extended_core_property_type
     -ffs_prop
     -fingerprint_prop
     -firstboot_prop
-- 
GitLab