1# Properties used only in /system
2system_internal_prop(apexd_prop)
3system_internal_prop(bootloader_boot_reason_prop)
4system_internal_prop(device_config_activity_manager_native_boot_prop)
5system_internal_prop(device_config_boot_count_prop)
6system_internal_prop(device_config_input_native_boot_prop)
7system_internal_prop(device_config_media_native_prop)
8system_internal_prop(device_config_netd_native_prop)
9system_internal_prop(device_config_reset_performed_prop)
10system_internal_prop(device_config_runtime_native_boot_prop)
11system_internal_prop(device_config_runtime_native_prop)
12system_internal_prop(device_config_storage_native_boot_prop)
13system_internal_prop(device_config_sys_traced_prop)
14system_internal_prop(device_config_window_manager_native_boot_prop)
15system_internal_prop(device_config_configuration_prop)
16system_internal_prop(firstboot_prop)
17system_internal_prop(fastbootd_protocol_prop)
18system_internal_prop(gsid_prop)
19system_internal_prop(init_perf_lsm_hooks_prop)
20system_internal_prop(init_svc_debug_prop)
21system_internal_prop(last_boot_reason_prop)
22system_internal_prop(netd_stable_secret_prop)
23system_internal_prop(pm_prop)
24system_internal_prop(userspace_reboot_log_prop)
25system_internal_prop(userspace_reboot_test_prop)
26system_internal_prop(system_adbd_prop)
27system_internal_prop(adbd_prop)
28system_internal_prop(traced_perf_enabled_prop)
29
30compatible_property_only(`
31    # DO NOT ADD ANY PROPERTIES HERE
32    system_internal_prop(boottime_prop)
33    system_internal_prop(bpf_progs_loaded_prop)
34    system_internal_prop(charger_prop)
35    system_internal_prop(cold_boot_done_prop)
36    system_internal_prop(ctl_adbd_prop)
37    system_internal_prop(ctl_apexd_prop)
38    system_internal_prop(ctl_bootanim_prop)
39    system_internal_prop(ctl_bugreport_prop)
40    system_internal_prop(ctl_console_prop)
41    system_internal_prop(ctl_dumpstate_prop)
42    system_internal_prop(ctl_fuse_prop)
43    system_internal_prop(ctl_gsid_prop)
44    system_internal_prop(ctl_interface_restart_prop)
45    system_internal_prop(ctl_interface_stop_prop)
46    system_internal_prop(ctl_mdnsd_prop)
47    system_internal_prop(ctl_restart_prop)
48    system_internal_prop(ctl_rildaemon_prop)
49    system_internal_prop(ctl_sigstop_prop)
50    system_internal_prop(dynamic_system_prop)
51    system_internal_prop(heapprofd_enabled_prop)
52    system_internal_prop(llkd_prop)
53    system_internal_prop(lpdumpd_prop)
54    system_internal_prop(mmc_prop)
55    system_internal_prop(mock_ota_prop)
56    system_internal_prop(net_dns_prop)
57    system_internal_prop(overlay_prop)
58    system_internal_prop(persistent_properties_ready_prop)
59    system_internal_prop(safemode_prop)
60    system_internal_prop(system_lmk_prop)
61    system_internal_prop(system_trace_prop)
62    system_internal_prop(test_boot_reason_prop)
63    system_internal_prop(time_prop)
64    system_internal_prop(traced_enabled_prop)
65    system_internal_prop(traced_lazy_prop)
66')
67
68# Properties which can't be written outside system
69
70# Properties used by binder caches
71system_restricted_prop(binder_cache_bluetooth_server_prop)
72system_restricted_prop(binder_cache_system_server_prop)
73system_restricted_prop(binder_cache_telephony_server_prop)
74system_restricted_prop(bq_config_prop)
75system_restricted_prop(module_sdkextensions_prop)
76system_restricted_prop(nnapi_ext_deny_product_prop)
77system_restricted_prop(restorecon_prop)
78system_restricted_prop(socket_hook_prop)
79system_restricted_prop(system_boot_reason_prop)
80system_restricted_prop(system_jvmti_agent_prop)
81system_restricted_prop(userspace_reboot_exported_prop)
82
83compatible_property_only(`
84    # DO NOT ADD ANY PROPERTIES HERE
85    system_restricted_prop(config_prop)
86    system_restricted_prop(cppreopt_prop)
87    system_restricted_prop(dalvik_prop)
88    system_restricted_prop(debuggerd_prop)
89    system_restricted_prop(default_prop)
90    system_restricted_prop(device_logging_prop)
91    system_restricted_prop(dhcp_prop)
92    system_restricted_prop(dumpstate_prop)
93    system_restricted_prop(exported2_default_prop)
94    system_restricted_prop(exported3_system_prop)
95    system_restricted_prop(exported_dumpstate_prop)
96    system_restricted_prop(exported_fingerprint_prop)
97    system_restricted_prop(exported_secure_prop)
98    system_restricted_prop(exported_vold_prop)
99    system_restricted_prop(ffs_prop)
100    system_restricted_prop(fingerprint_prop)
101    system_restricted_prop(heapprofd_prop)
102    system_restricted_prop(net_radio_prop)
103    system_restricted_prop(pan_result_prop)
104    system_restricted_prop(persist_debug_prop)
105    system_restricted_prop(shell_prop)
106    system_restricted_prop(system_radio_prop)
107    system_restricted_prop(test_harness_prop)
108    system_restricted_prop(theme_prop)
109    system_restricted_prop(use_memfd_prop)
110    system_restricted_prop(vold_prop)
111')
112
113# Properties which can be written only by vendor_init
114system_vendor_config_prop(apk_verity_prop)
115system_vendor_config_prop(cpu_variant_prop)
116system_vendor_config_prop(exported_audio_prop)
117system_vendor_config_prop(exported_camera_prop)
118system_vendor_config_prop(exported_config_prop)
119system_vendor_config_prop(exported_default_prop)
120system_vendor_config_prop(exported3_default_prop)
121system_vendor_config_prop(graphics_config_prop)
122system_vendor_config_prop(incremental_prop)
123system_vendor_config_prop(media_variant_prop)
124system_vendor_config_prop(storage_config_prop)
125system_vendor_config_prop(userspace_reboot_config_prop)
126system_vendor_config_prop(vehicle_hal_prop)
127system_vendor_config_prop(vendor_security_patch_level_prop)
128system_vendor_config_prop(vendor_socket_hook_prop)
129system_vendor_config_prop(vndk_prop)
130system_vendor_config_prop(virtual_ab_prop)
131
132# Properties with no restrictions
133system_public_prop(audio_prop)
134system_public_prop(bluetooth_a2dp_offload_prop)
135system_public_prop(bluetooth_audio_hal_prop)
136system_public_prop(bluetooth_prop)
137system_public_prop(ctl_default_prop)
138system_public_prop(ctl_interface_start_prop)
139system_public_prop(ctl_start_prop)
140system_public_prop(ctl_stop_prop)
141system_public_prop(debug_prop)
142system_public_prop(dumpstate_options_prop)
143system_public_prop(exported_system_prop)
144system_public_prop(exported2_config_prop)
145system_public_prop(exported2_radio_prop)
146system_public_prop(exported2_system_prop)
147system_public_prop(exported2_vold_prop)
148system_public_prop(exported3_radio_prop)
149system_public_prop(exported_bluetooth_prop)
150system_public_prop(exported_dalvik_prop)
151system_public_prop(exported_ffs_prop)
152system_public_prop(exported_overlay_prop)
153system_public_prop(exported_pm_prop)
154system_public_prop(exported_radio_prop)
155system_public_prop(exported_system_radio_prop)
156system_public_prop(exported_wifi_prop)
157system_public_prop(sota_prop)
158system_public_prop(hwservicemanager_prop)
159system_public_prop(lmkd_prop)
160system_public_prop(logd_prop)
161system_public_prop(logpersistd_logging_prop)
162system_public_prop(log_prop)
163system_public_prop(log_tag_prop)
164system_public_prop(lowpan_prop)
165system_public_prop(nfc_prop)
166system_public_prop(ota_prop)
167system_public_prop(powerctl_prop)
168system_public_prop(radio_prop)
169system_public_prop(serialno_prop)
170system_public_prop(system_prop)
171system_public_prop(wifi_log_prop)
172system_public_prop(wifi_prop)
173
174# Properties used in default HAL implementations
175vendor_internal_prop(rebootescrow_hal_prop)
176
177# Properties which are public for devices launching with Android O or earlier
178# This should not be used for any new properties.
179not_compatible_property(`
180    # DO NOT ADD ANY PROPERTIES HERE
181    system_public_prop(boottime_prop)
182    system_public_prop(bpf_progs_loaded_prop)
183    system_public_prop(charger_prop)
184    system_public_prop(cold_boot_done_prop)
185    system_public_prop(ctl_adbd_prop)
186    system_public_prop(ctl_apexd_prop)
187    system_public_prop(ctl_bootanim_prop)
188    system_public_prop(ctl_bugreport_prop)
189    system_public_prop(ctl_console_prop)
190    system_public_prop(ctl_dumpstate_prop)
191    system_public_prop(ctl_fuse_prop)
192    system_public_prop(ctl_gsid_prop)
193    system_public_prop(ctl_interface_restart_prop)
194    system_public_prop(ctl_interface_stop_prop)
195    system_public_prop(ctl_mdnsd_prop)
196    system_public_prop(ctl_restart_prop)
197    system_public_prop(ctl_rildaemon_prop)
198    system_public_prop(ctl_sigstop_prop)
199    system_public_prop(dynamic_system_prop)
200    system_public_prop(heapprofd_enabled_prop)
201    system_public_prop(llkd_prop)
202    system_public_prop(lpdumpd_prop)
203    system_public_prop(mmc_prop)
204    system_public_prop(mock_ota_prop)
205    system_public_prop(net_dns_prop)
206    system_public_prop(overlay_prop)
207    system_public_prop(persistent_properties_ready_prop)
208    system_public_prop(safemode_prop)
209    system_public_prop(system_lmk_prop)
210    system_public_prop(system_trace_prop)
211    system_public_prop(test_boot_reason_prop)
212    system_public_prop(time_prop)
213    system_public_prop(traced_enabled_prop)
214    system_public_prop(traced_lazy_prop)
215
216    system_public_prop(config_prop)
217    system_public_prop(cppreopt_prop)
218    system_public_prop(dalvik_prop)
219    system_public_prop(debuggerd_prop)
220    system_public_prop(default_prop)
221    system_public_prop(device_logging_prop)
222    system_public_prop(dhcp_prop)
223    system_public_prop(dumpstate_prop)
224    system_public_prop(exported2_default_prop)
225    system_public_prop(exported3_system_prop)
226    system_public_prop(exported_dumpstate_prop)
227    system_public_prop(exported_fingerprint_prop)
228    system_public_prop(exported_secure_prop)
229    system_public_prop(exported_vold_prop)
230    system_public_prop(ffs_prop)
231    system_public_prop(fingerprint_prop)
232    system_public_prop(heapprofd_prop)
233    system_public_prop(net_radio_prop)
234    system_public_prop(pan_result_prop)
235    system_public_prop(persist_debug_prop)
236    system_public_prop(shell_prop)
237    system_public_prop(system_radio_prop)
238    system_public_prop(test_harness_prop)
239    system_public_prop(theme_prop)
240    system_public_prop(use_memfd_prop)
241    system_public_prop(vold_prop)
242')
243
244type vendor_default_prop, property_type;
245
246typeattribute log_prop log_property_type;
247typeattribute log_tag_prop log_property_type;
248typeattribute wifi_log_prop log_property_type;
249
250allow property_type tmpfs:filesystem associate;
251
252###
253### Neverallow rules
254###
255
256treble_sysprop_neverallow(`
257
258# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
259# neverallow domain {
260#   property_type
261#   -system_property_type
262#   -product_property_type
263#   -vendor_property_type
264# }:file no_rw_file_perms;
265
266neverallow { domain -coredomain } {
267  system_property_type
268  system_internal_property_type
269  -system_restricted_property_type
270  -system_public_property_type
271}:file no_rw_file_perms;
272
273neverallow { domain -coredomain } {
274  system_property_type
275  -system_public_property_type
276}:property_service set;
277
278# init is in coredomain, but should be able to read/write all props.
279# dumpstate is also in coredomain, but should be able to read all props.
280neverallow { coredomain -init -dumpstate } {
281  vendor_property_type
282  vendor_internal_property_type
283  -vendor_restricted_property_type
284  -vendor_public_property_type
285}:file no_rw_file_perms;
286
287neverallow { coredomain -init } {
288  vendor_property_type
289  -vendor_public_property_type
290}:property_service set;
291
292')
293
294# There is no need to perform ioctl or advisory locking operations on
295# property files. If this neverallow is being triggered, it is
296# likely that the policy is using r_file_perms directly instead of
297# the get_prop() macro.
298neverallow domain property_type:file { ioctl lock };
299
300# core_property_type should not be used for new properties or
301# device specific properties. Properties with this attribute
302# are readable to everyone, which is overly broad and should
303# be avoided.
304# New properties should have appropriate read / write access
305# control rules written.
306
307typeattribute audio_prop         core_property_type;
308typeattribute config_prop        core_property_type;
309typeattribute cppreopt_prop      core_property_type;
310typeattribute dalvik_prop        core_property_type;
311typeattribute debuggerd_prop     core_property_type;
312typeattribute debug_prop         core_property_type;
313typeattribute default_prop       core_property_type;
314typeattribute dhcp_prop          core_property_type;
315typeattribute dumpstate_prop     core_property_type;
316typeattribute ffs_prop           core_property_type;
317typeattribute fingerprint_prop   core_property_type;
318typeattribute logd_prop          core_property_type;
319typeattribute net_radio_prop     core_property_type;
320typeattribute nfc_prop           core_property_type;
321typeattribute ota_prop           core_property_type;
322typeattribute pan_result_prop    core_property_type;
323typeattribute persist_debug_prop core_property_type;
324typeattribute powerctl_prop      core_property_type;
325typeattribute radio_prop         core_property_type;
326typeattribute restorecon_prop    core_property_type;
327typeattribute shell_prop         core_property_type;
328typeattribute system_prop        core_property_type;
329typeattribute system_radio_prop  core_property_type;
330typeattribute vold_prop          core_property_type;
331
332neverallow * {
333  core_property_type
334  -audio_prop
335  -config_prop
336  -cppreopt_prop
337  -dalvik_prop
338  -debuggerd_prop
339  -debug_prop
340  -default_prop
341  -dhcp_prop
342  -dumpstate_prop
343  -ffs_prop
344  -fingerprint_prop
345  -logd_prop
346  -net_radio_prop
347  -nfc_prop
348  -ota_prop
349  -pan_result_prop
350  -persist_debug_prop
351  -powerctl_prop
352  -radio_prop
353  -restorecon_prop
354  -shell_prop
355  -system_prop
356  -system_radio_prop
357  -vold_prop
358}:file no_rw_file_perms;
359
360# sigstop property is only used for debugging; should only be set by su which is permissive
361# for userdebug/eng
362neverallow {
363  domain
364  -init
365  -vendor_init
366} ctl_sigstop_prop:property_service set;
367
368# Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
369# in the audit log
370dontaudit domain {
371  ctl_bootanim_prop
372  ctl_bugreport_prop
373  ctl_console_prop
374  ctl_default_prop
375  ctl_dumpstate_prop
376  ctl_fuse_prop
377  ctl_mdnsd_prop
378  ctl_rildaemon_prop
379}:property_service set;
380
381neverallow {
382  domain
383  -init
384} init_svc_debug_prop:property_service set;
385
386neverallow {
387  domain
388  -init
389  -dumpstate
390  userdebug_or_eng(`-su')
391} init_svc_debug_prop:file no_rw_file_perms;
392
393compatible_property_only(`
394# Prevent properties from being set
395  neverallow {
396    domain
397    -coredomain
398    -appdomain
399    -vendor_init
400  } {
401    core_property_type
402    extended_core_property_type
403    exported_config_prop
404    exported_dalvik_prop
405    exported_default_prop
406    exported_dumpstate_prop
407    exported_ffs_prop
408    exported_fingerprint_prop
409    exported_system_prop
410    exported_system_radio_prop
411    exported_vold_prop
412    exported2_config_prop
413    exported2_default_prop
414    exported2_system_prop
415    exported2_vold_prop
416    exported3_default_prop
417    exported3_system_prop
418    -nfc_prop
419    -powerctl_prop
420    -radio_prop
421  }:property_service set;
422
423  neverallow {
424    domain
425    -coredomain
426    -appdomain
427    -hal_nfc_server
428  } {
429    nfc_prop
430  }:property_service set;
431
432  neverallow {
433    domain
434    -coredomain
435    -appdomain
436    -hal_telephony_server
437    -vendor_init
438  } {
439    exported_radio_prop
440    exported3_radio_prop
441  }:property_service set;
442
443  neverallow {
444    domain
445    -coredomain
446    -appdomain
447    -hal_telephony_server
448  } {
449    exported2_radio_prop
450    radio_prop
451  }:property_service set;
452
453  neverallow {
454    domain
455    -coredomain
456    -bluetooth
457    -hal_bluetooth_server
458  } {
459    bluetooth_prop
460  }:property_service set;
461
462  neverallow {
463    domain
464    -coredomain
465    -bluetooth
466    -hal_bluetooth_server
467    -vendor_init
468  } {
469    exported_bluetooth_prop
470  }:property_service set;
471
472  neverallow {
473    domain
474    -coredomain
475    -hal_camera_server
476    -cameraserver
477    -vendor_init
478  } {
479    exported_camera_prop
480  }:property_service set;
481
482  neverallow {
483    domain
484    -coredomain
485    -hal_wifi_server
486    -wificond
487  } {
488    wifi_prop
489  }:property_service set;
490
491  neverallow {
492    domain
493    -coredomain
494    -hal_wifi_server
495    -wificond
496    -vendor_init
497  } {
498    exported_wifi_prop
499  }:property_service set;
500
501# Prevent properties from being read
502  neverallow {
503    domain
504    -coredomain
505    -appdomain
506    -vendor_init
507  } {
508    core_property_type
509    extended_core_property_type
510    exported_dalvik_prop
511    exported_ffs_prop
512    exported_system_radio_prop
513    exported2_config_prop
514    exported2_system_prop
515    exported2_vold_prop
516    exported3_default_prop
517    exported3_system_prop
518    -debug_prop
519    -logd_prop
520    -nfc_prop
521    -powerctl_prop
522    -radio_prop
523  }:file no_rw_file_perms;
524
525  neverallow {
526    domain
527    -coredomain
528    -appdomain
529    -hal_nfc_server
530  } {
531    nfc_prop
532  }:file no_rw_file_perms;
533
534  neverallow {
535    domain
536    -coredomain
537    -appdomain
538    -hal_telephony_server
539  } {
540    radio_prop
541  }:file no_rw_file_perms;
542
543  neverallow {
544    domain
545    -coredomain
546    -bluetooth
547    -hal_bluetooth_server
548  } {
549    bluetooth_prop
550  }:file no_rw_file_perms;
551
552  neverallow {
553    domain
554    -coredomain
555    -hal_wifi_server
556    -wificond
557  } {
558    wifi_prop
559  }:file no_rw_file_perms;
560')
561
562compatible_property_only(`
563  # Neverallow coredomain to set vendor properties
564  neverallow {
565    coredomain
566    -init
567    -system_writes_vendor_properties_violators
568  } {
569    property_type
570    -system_property_type
571    -extended_core_property_type
572  }:property_service set;
573')
574
575neverallow {
576  -init
577  -system_server
578} {
579  userspace_reboot_log_prop
580}:property_service set;
581
582neverallow {
583  # Only allow init and system_server to set system_adbd_prop
584  -init
585  -system_server
586} {
587  system_adbd_prop
588}:property_service set;
589
590neverallow {
591  # Only allow init and adbd to set adbd_prop
592  -init
593  -adbd
594} {
595  adbd_prop
596}:property_service set;
597
598neverallow {
599  # Only allow init and shell to set userspace_reboot_test_prop
600  -init
601  -shell
602} {
603  userspace_reboot_test_prop
604}:property_service set;
605