Skip to content
Snippets Groups Projects
Commit e5616f0d authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "neverallow coredomain from writing vendor properties"

parents 8169f6b6 5897e23e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
public/attributes
+ 6
0
View file @ e5616f0d
......@@ -173,6 +173,12 @@ expandattribute data_between_core_and_vendor_violators false;
attribute system_executes_vendor_violators;
expandattribute system_executes_vendor_violators false;
# All system domains which violate the requirement of not writing vendor
# properties.
# TODO(b/78598545): Remove this once there are no violations
attribute system_writes_vendor_properties_violators;
expandattribute system_writes_vendor_properties_violators false;
# hwservices that are accessible from untrusted applications
# WARNING: Use of this attribute should be avoided unless
# absolutely necessary. It is a temporary allowance to aid the
......
public/property.te
+ 100
0
View file @ e5616f0d
......@@ -307,3 +307,103 @@ compatible_property_only(`
wifi_prop
}:file no_rw_file_perms;
')
compatible_property_only(`
# Neverallow coredomain to set vendor properties
neverallow {
coredomain
-init
-system_writes_vendor_properties_violators
} {
property_type
-audio_prop
-bluetooth_a2dp_offload_prop
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
-config_prop
-cppreopt_prop
-ctl_bootanim_prop
-ctl_bugreport_prop
-ctl_console_prop
-ctl_default_prop
-ctl_dumpstate_prop
-ctl_fuse_prop
-ctl_interface_restart_prop
-ctl_interface_start_prop
-ctl_interface_stop_prop
-ctl_mdnsd_prop
-ctl_restart_prop
-ctl_rildaemon_prop
-ctl_sigstop_prop
-ctl_start_prop
-ctl_stop_prop
-dalvik_prop
-debug_prop
-debuggerd_prop
-default_prop
-device_logging_prop
-dhcp_prop
-dumpstate_options_prop
-dumpstate_prop
-exported2_config_prop
-exported2_default_prop
-exported2_radio_prop
-exported2_system_prop
-exported2_vold_prop
-exported3_default_prop
-exported3_radio_prop
-exported3_system_prop
-exported_bluetooth_prop
-exported_config_prop
-exported_dalvik_prop
-exported_default_prop
-exported_dumpstate_prop
-exported_ffs_prop
-exported_fingerprint_prop
-exported_overlay_prop
-exported_pm_prop
-exported_radio_prop
-exported_secure_prop
-exported_system_prop
-exported_system_radio_prop
-exported_vold_prop
-exported_wifi_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
-hwservicemanager_prop
-last_boot_reason_prop
-log_prop
-log_tag_prop
-logd_prop
-logpersistd_logging_prop
-lowpan_prop
-mmc_prop
-net_dns_prop
-net_radio_prop
-netd_stable_secret_prop
-nfc_prop
-overlay_prop
-pan_result_prop
-persist_debug_prop
-persistent_properties_ready_prop
-pm_prop
-powerctl_prop
-radio_prop
-restorecon_prop
-safemode_prop
-serialno_prop
-shell_prop
-system_boot_reason_prop
-system_prop
-system_radio_prop
-test_boot_reason_prop
-traced_enabled_prop
-vendor_default_prop
-vendor_security_patch_level_prop
-vold_prop
-wifi_log_prop
-wifi_prop
}:property_service set;
')
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment