1type audio_prop, property_type, core_property_type; 2type boottime_prop, property_type; 3type bluetooth_a2dp_offload_prop, property_type; 4type bluetooth_prop, property_type; 5type bootloader_boot_reason_prop, property_type; 6type config_prop, property_type, core_property_type; 7type cppreopt_prop, property_type, core_property_type; 8type ctl_bootanim_prop, property_type; 9type ctl_bugreport_prop, property_type; 10type ctl_console_prop, property_type; 11type ctl_default_prop, property_type; 12type ctl_dumpstate_prop, property_type; 13type ctl_fuse_prop, property_type; 14type ctl_interface_restart_prop, property_type; 15type ctl_interface_start_prop, property_type; 16type ctl_interface_stop_prop, property_type; 17type ctl_mdnsd_prop, property_type; 18type ctl_restart_prop, property_type; 19type ctl_rildaemon_prop, property_type; 20type ctl_sigstop_prop, property_type; 21type ctl_start_prop, property_type; 22type ctl_stop_prop, property_type; 23type dalvik_prop, property_type, core_property_type; 24type debuggerd_prop, property_type, core_property_type; 25type debug_prop, property_type, core_property_type; 26type default_prop, property_type, core_property_type; 27type device_logging_prop, property_type; 28type dhcp_prop, property_type, core_property_type; 29type dumpstate_options_prop, property_type; 30type dumpstate_prop, property_type, core_property_type; 31type exported_secure_prop, property_type; 32type ffs_prop, property_type, core_property_type; 33type fingerprint_prop, property_type, core_property_type; 34type firstboot_prop, property_type; 35type hwservicemanager_prop, property_type; 36type last_boot_reason_prop, property_type; 37type logd_prop, property_type, core_property_type; 38type logpersistd_logging_prop, property_type; 39type log_prop, property_type, log_property_type; 40type log_tag_prop, property_type, log_property_type; 41type lowpan_prop, property_type; 42type mmc_prop, property_type; 43type net_dns_prop, property_type; 44type net_radio_prop, property_type, core_property_type; 45type netd_stable_secret_prop, property_type; 46type nfc_prop, property_type, core_property_type; 47type overlay_prop, property_type; 48type pan_result_prop, property_type, core_property_type; 49type persist_debug_prop, property_type, core_property_type; 50type persistent_properties_ready_prop, property_type; 51type pm_prop, property_type; 52type powerctl_prop, property_type, core_property_type; 53type radio_prop, property_type, core_property_type; 54type restorecon_prop, property_type, core_property_type; 55type safemode_prop, property_type; 56type serialno_prop, property_type; 57type shell_prop, property_type, core_property_type; 58type system_boot_reason_prop, property_type; 59type system_prop, property_type, core_property_type; 60type system_radio_prop, property_type, core_property_type; 61type test_boot_reason_prop, property_type; 62type traced_enabled_prop, property_type; 63type vold_prop, property_type, core_property_type; 64type wifi_log_prop, property_type, log_property_type; 65type wifi_prop, property_type; 66type vendor_security_patch_level_prop, property_type; 67 68# Properties for whitelisting 69type exported_bluetooth_prop, property_type; 70type exported_config_prop, property_type; 71type exported_dalvik_prop, property_type; 72type exported_default_prop, property_type; 73type exported_dumpstate_prop, property_type; 74type exported_ffs_prop, property_type; 75type exported_fingerprint_prop, property_type; 76type exported_overlay_prop, property_type; 77type exported_pm_prop, property_type; 78type exported_radio_prop, property_type; 79type exported_system_prop, property_type; 80type exported_system_radio_prop, property_type; 81type exported_vold_prop, property_type; 82type exported_wifi_prop, property_type; 83type exported2_config_prop, property_type; 84type exported2_default_prop, property_type; 85type exported2_radio_prop, property_type; 86type exported2_system_prop, property_type; 87type exported2_vold_prop, property_type; 88type exported3_default_prop, property_type; 89type exported3_radio_prop, property_type; 90type exported3_system_prop, property_type; 91type vendor_default_prop, property_type; 92 93allow property_type tmpfs:filesystem associate; 94 95### 96### Neverallow rules 97### 98 99# core_property_type should not be used for new properties or 100# device specific properties. Properties with this attribute 101# are readable to everyone, which is overly broad and should 102# be avoided. 103# New properties should have appropriate read / write access 104# control rules written. 105 106neverallow * { 107 core_property_type 108 -audio_prop 109 -config_prop 110 -cppreopt_prop 111 -dalvik_prop 112 -debuggerd_prop 113 -debug_prop 114 -default_prop 115 -dhcp_prop 116 -dumpstate_prop 117 -ffs_prop 118 -fingerprint_prop 119 -logd_prop 120 -net_radio_prop 121 -nfc_prop 122 -pan_result_prop 123 -persist_debug_prop 124 -powerctl_prop 125 -radio_prop 126 -restorecon_prop 127 -shell_prop 128 -system_prop 129 -system_radio_prop 130 -vold_prop 131}:file no_rw_file_perms; 132 133# sigstop property is only used for debugging; should only be set by su which is permissive 134# for userdebug/eng 135neverallow { 136 domain 137 -init 138 -vendor_init 139} ctl_sigstop_prop:property_service set; 140 141# Don't audit legacy ctl. property handling. We only want the newer permission check to appear 142# in the audit log 143dontaudit domain { 144 ctl_bootanim_prop 145 ctl_bugreport_prop 146 ctl_console_prop 147 ctl_default_prop 148 ctl_dumpstate_prop 149 ctl_fuse_prop 150 ctl_mdnsd_prop 151 ctl_rildaemon_prop 152}:property_service set; 153 154compatible_property_only(` 155# Prevent properties from being set 156 neverallow { 157 domain 158 -coredomain 159 -appdomain 160 -vendor_init 161 } { 162 core_property_type 163 extended_core_property_type 164 exported_config_prop 165 exported_dalvik_prop 166 exported_default_prop 167 exported_dumpstate_prop 168 exported_ffs_prop 169 exported_fingerprint_prop 170 exported_system_prop 171 exported_system_radio_prop 172 exported_vold_prop 173 exported2_config_prop 174 exported2_default_prop 175 exported2_system_prop 176 exported2_vold_prop 177 exported3_default_prop 178 exported3_system_prop 179 -nfc_prop 180 -powerctl_prop 181 -radio_prop 182 }:property_service set; 183 184 neverallow { 185 domain 186 -coredomain 187 -appdomain 188 -hal_nfc_server 189 } { 190 nfc_prop 191 }:property_service set; 192 193 neverallow { 194 domain 195 -coredomain 196 -appdomain 197 -hal_telephony_server 198 -vendor_init 199 } { 200 exported_radio_prop 201 exported3_radio_prop 202 }:property_service set; 203 204 neverallow { 205 domain 206 -coredomain 207 -appdomain 208 -hal_telephony_server 209 } { 210 exported2_radio_prop 211 radio_prop 212 }:property_service set; 213 214 neverallow { 215 domain 216 -coredomain 217 -bluetooth 218 -hal_bluetooth_server 219 } { 220 bluetooth_prop 221 }:property_service set; 222 223 neverallow { 224 domain 225 -coredomain 226 -bluetooth 227 -hal_bluetooth_server 228 -vendor_init 229 } { 230 exported_bluetooth_prop 231 }:property_service set; 232 233 neverallow { 234 domain 235 -coredomain 236 -hal_wifi_server 237 -wificond 238 } { 239 wifi_prop 240 }:property_service set; 241 242 neverallow { 243 domain 244 -coredomain 245 -hal_wifi_server 246 -wificond 247 -vendor_init 248 } { 249 exported_wifi_prop 250 }:property_service set; 251 252# Prevent properties from being read 253 neverallow { 254 domain 255 -coredomain 256 -appdomain 257 -vendor_init 258 } { 259 core_property_type 260 extended_core_property_type 261 exported_dalvik_prop 262 exported_ffs_prop 263 exported_system_radio_prop 264 exported2_config_prop 265 exported2_system_prop 266 exported2_vold_prop 267 exported3_default_prop 268 exported3_system_prop 269 -debug_prop 270 -logd_prop 271 -nfc_prop 272 -powerctl_prop 273 -radio_prop 274 }:file no_rw_file_perms; 275 276 neverallow { 277 domain 278 -coredomain 279 -appdomain 280 -hal_nfc_server 281 } { 282 nfc_prop 283 }:file no_rw_file_perms; 284 285 neverallow { 286 domain 287 -coredomain 288 -appdomain 289 -hal_telephony_server 290 } { 291 radio_prop 292 }:file no_rw_file_perms; 293 294 neverallow { 295 domain 296 -coredomain 297 -bluetooth 298 -hal_bluetooth_server 299 } { 300 bluetooth_prop 301 }:file no_rw_file_perms; 302 303 neverallow { 304 domain 305 -coredomain 306 -hal_wifi_server 307 -wificond 308 } { 309 wifi_prop 310 }:file no_rw_file_perms; 311') 312 313compatible_property_only(` 314 # Neverallow coredomain to set vendor properties 315 neverallow { 316 coredomain 317 -init 318 -system_writes_vendor_properties_violators 319 } { 320 property_type 321 -audio_prop 322 -bluetooth_a2dp_offload_prop 323 -bluetooth_prop 324 -bootloader_boot_reason_prop 325 -boottime_prop 326 -config_prop 327 -cppreopt_prop 328 -ctl_bootanim_prop 329 -ctl_bugreport_prop 330 -ctl_console_prop 331 -ctl_default_prop 332 -ctl_dumpstate_prop 333 -ctl_fuse_prop 334 -ctl_interface_restart_prop 335 -ctl_interface_start_prop 336 -ctl_interface_stop_prop 337 -ctl_mdnsd_prop 338 -ctl_restart_prop 339 -ctl_rildaemon_prop 340 -ctl_sigstop_prop 341 -ctl_start_prop 342 -ctl_stop_prop 343 -dalvik_prop 344 -debug_prop 345 -debuggerd_prop 346 -default_prop 347 -device_logging_prop 348 -dhcp_prop 349 -dumpstate_options_prop 350 -dumpstate_prop 351 -exported2_config_prop 352 -exported2_default_prop 353 -exported2_radio_prop 354 -exported2_system_prop 355 -exported2_vold_prop 356 -exported3_default_prop 357 -exported3_radio_prop 358 -exported3_system_prop 359 -exported_bluetooth_prop 360 -exported_config_prop 361 -exported_dalvik_prop 362 -exported_default_prop 363 -exported_dumpstate_prop 364 -exported_ffs_prop 365 -exported_fingerprint_prop 366 -exported_overlay_prop 367 -exported_pm_prop 368 -exported_radio_prop 369 -exported_secure_prop 370 -exported_system_prop 371 -exported_system_radio_prop 372 -exported_vold_prop 373 -exported_wifi_prop 374 -extended_core_property_type 375 -ffs_prop 376 -fingerprint_prop 377 -firstboot_prop 378 -hwservicemanager_prop 379 -last_boot_reason_prop 380 -log_prop 381 -log_tag_prop 382 -logd_prop 383 -logpersistd_logging_prop 384 -lowpan_prop 385 -mmc_prop 386 -net_dns_prop 387 -net_radio_prop 388 -netd_stable_secret_prop 389 -nfc_prop 390 -overlay_prop 391 -pan_result_prop 392 -persist_debug_prop 393 -persistent_properties_ready_prop 394 -pm_prop 395 -powerctl_prop 396 -radio_prop 397 -restorecon_prop 398 -safemode_prop 399 -serialno_prop 400 -shell_prop 401 -system_boot_reason_prop 402 -system_prop 403 -system_radio_prop 404 -test_boot_reason_prop 405 -traced_enabled_prop 406 -vendor_default_prop 407 -vendor_security_patch_level_prop 408 -vold_prop 409 -wifi_log_prop 410 -wifi_prop 411 }:property_service set; 412') 413