1# Properties used only in /system
2system_internal_prop(adbd_prop)
3system_internal_prop(device_config_storage_native_boot_prop)
4system_internal_prop(device_config_sys_traced_prop)
5system_internal_prop(device_config_window_manager_native_boot_prop)
6system_internal_prop(device_config_configuration_prop)
7system_internal_prop(fastbootd_protocol_prop)
8system_internal_prop(gsid_prop)
9system_internal_prop(init_perf_lsm_hooks_prop)
10system_internal_prop(init_service_status_private_prop)
11system_internal_prop(init_svc_debug_prop)
12system_internal_prop(last_boot_reason_prop)
13system_internal_prop(localization_prop)
14system_internal_prop(netd_stable_secret_prop)
15system_internal_prop(pm_prop)
16system_internal_prop(system_adbd_prop)
17system_internal_prop(traced_perf_enabled_prop)
18system_internal_prop(userspace_reboot_log_prop)
19system_internal_prop(userspace_reboot_test_prop)
20
21###
22### Neverallow rules
23###
24
25treble_sysprop_neverallow(`
26
27# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
28# neverallow domain {
29#   property_type
30#   -system_property_type
31#   -product_property_type
32#   -vendor_property_type
33# }:file no_rw_file_perms;
34
35neverallow { domain -coredomain } {
36  system_property_type
37  system_internal_property_type
38  -system_restricted_property_type
39  -system_public_property_type
40}:file no_rw_file_perms;
41
42neverallow { domain -coredomain } {
43  system_property_type
44  -system_public_property_type
45}:property_service set;
46
47# init is in coredomain, but should be able to read/write all props.
48# dumpstate is also in coredomain, but should be able to read all props.
49neverallow { coredomain -init -dumpstate } {
50  vendor_property_type
51  vendor_internal_property_type
52  -vendor_restricted_property_type
53  -vendor_public_property_type
54}:file no_rw_file_perms;
55
56neverallow { coredomain -init } {
57  vendor_property_type
58  -vendor_public_property_type
59}:property_service set;
60
61')
62
63# There is no need to perform ioctl or advisory locking operations on
64# property files. If this neverallow is being triggered, it is
65# likely that the policy is using r_file_perms directly instead of
66# the get_prop() macro.
67neverallow domain property_type:file { ioctl lock };
68
69neverallow * {
70  core_property_type
71  -audio_prop
72  -config_prop
73  -cppreopt_prop
74  -dalvik_prop
75  -debuggerd_prop
76  -debug_prop
77  -default_prop
78  -dhcp_prop
79  -dumpstate_prop
80  -fingerprint_prop
81  -logd_prop
82  -net_radio_prop
83  -nfc_prop
84  -ota_prop
85  -pan_result_prop
86  -persist_debug_prop
87  -powerctl_prop
88  -radio_prop
89  -restorecon_prop
90  -shell_prop
91  -system_prop
92  -usb_prop
93  -vold_prop
94}:file no_rw_file_perms;
95
96# sigstop property is only used for debugging; should only be set by su which is permissive
97# for userdebug/eng
98neverallow {
99  domain
100  -init
101  -vendor_init
102} ctl_sigstop_prop:property_service set;
103
104# Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
105# in the audit log
106dontaudit domain {
107  ctl_bootanim_prop
108  ctl_bugreport_prop
109  ctl_console_prop
110  ctl_default_prop
111  ctl_dumpstate_prop
112  ctl_fuse_prop
113  ctl_mdnsd_prop
114  ctl_rildaemon_prop
115}:property_service set;
116
117neverallow {
118  domain
119  -init
120} init_svc_debug_prop:property_service set;
121
122neverallow {
123  domain
124  -init
125  -dumpstate
126  userdebug_or_eng(`-su')
127} init_svc_debug_prop:file no_rw_file_perms;
128
129compatible_property_only(`
130# Prevent properties from being set
131  neverallow {
132    domain
133    -coredomain
134    -appdomain
135    -vendor_init
136  } {
137    core_property_type
138    extended_core_property_type
139    exported_config_prop
140    exported_default_prop
141    exported_dumpstate_prop
142    exported_system_prop
143    exported2_system_prop
144    exported3_system_prop
145    usb_control_prop
146    -nfc_prop
147    -powerctl_prop
148    -radio_prop
149  }:property_service set;
150
151  neverallow {
152    domain
153    -coredomain
154    -appdomain
155    -hal_nfc_server
156  } {
157    nfc_prop
158  }:property_service set;
159
160  neverallow {
161    domain
162    -coredomain
163    -appdomain
164    -hal_telephony_server
165    -vendor_init
166  } {
167    exported3_radio_prop
168  }:property_service set;
169
170  neverallow {
171    domain
172    -coredomain
173    -appdomain
174    -hal_telephony_server
175  } {
176    radio_prop
177  }:property_service set;
178
179  neverallow {
180    domain
181    -coredomain
182    -bluetooth
183    -hal_bluetooth_server
184  } {
185    bluetooth_prop
186  }:property_service set;
187
188  neverallow {
189    domain
190    -coredomain
191    -bluetooth
192    -hal_bluetooth_server
193    -vendor_init
194  } {
195    exported_bluetooth_prop
196  }:property_service set;
197
198  neverallow {
199    domain
200    -coredomain
201    -hal_camera_server
202    -cameraserver
203    -vendor_init
204  } {
205    exported_camera_prop
206  }:property_service set;
207
208  neverallow {
209    domain
210    -coredomain
211    -hal_wifi_server
212    -wificond
213  } {
214    wifi_prop
215  }:property_service set;
216
217  neverallow {
218    domain
219    -init
220    -dumpstate
221    -hal_wifi_server
222    -wificond
223    -vendor_init
224  } {
225    wifi_hal_prop
226  }:property_service set;
227
228# Prevent properties from being read
229  neverallow {
230    domain
231    -coredomain
232    -appdomain
233    -vendor_init
234  } {
235    core_property_type
236    dalvik_config_prop
237    extended_core_property_type
238    exported2_system_prop
239    exported3_system_prop
240    systemsound_config_prop
241    -debug_prop
242    -logd_prop
243    -nfc_prop
244    -powerctl_prop
245    -radio_prop
246  }:file no_rw_file_perms;
247
248  neverallow {
249    domain
250    -coredomain
251    -appdomain
252    -hal_nfc_server
253  } {
254    nfc_prop
255  }:file no_rw_file_perms;
256
257  neverallow {
258    domain
259    -coredomain
260    -appdomain
261    -hal_telephony_server
262  } {
263    radio_prop
264  }:file no_rw_file_perms;
265
266  neverallow {
267    domain
268    -coredomain
269    -bluetooth
270    -hal_bluetooth_server
271  } {
272    bluetooth_prop
273  }:file no_rw_file_perms;
274
275  neverallow {
276    domain
277    -coredomain
278    -hal_wifi_server
279    -wificond
280  } {
281    wifi_prop
282  }:file no_rw_file_perms;
283')
284
285compatible_property_only(`
286  # Neverallow coredomain to set vendor properties
287  neverallow {
288    coredomain
289    -init
290    -system_writes_vendor_properties_violators
291  } {
292    property_type
293    -system_property_type
294    -extended_core_property_type
295  }:property_service set;
296')
297
298neverallow {
299  -coredomain
300  -vendor_init
301} {
302  ffs_config_prop
303  ffs_control_prop
304}:file no_rw_file_perms;
305
306neverallow {
307  -init
308  -system_server
309} {
310  userspace_reboot_log_prop
311}:property_service set;
312
313neverallow {
314  # Only allow init and system_server to set system_adbd_prop
315  -init
316  -system_server
317} {
318  system_adbd_prop
319}:property_service set;
320
321neverallow {
322  # Only allow init and adbd to set adbd_prop
323  -init
324  -adbd
325} {
326  adbd_prop
327}:property_service set;
328
329neverallow {
330  # Only allow init and shell to set userspace_reboot_test_prop
331  -init
332  -shell
333} {
334  userspace_reboot_test_prop
335}:property_service set;
336
337neverallow {
338  -init
339  -system_server
340  -vendor_init
341} {
342  surfaceflinger_color_prop
343}:property_service set;
344
345neverallow {
346  -init
347} {
348  libc_debug_prop
349}:property_service set;
350
351neverallow {
352  -init
353  -system_server
354  -vendor_init
355} zram_control_prop:property_service set;
356
357neverallow {
358  -init
359  -system_server
360  -vendor_init
361} dalvik_runtime_prop:property_service set;
362
363neverallow {
364  -coredomain
365  -vendor_init
366} {
367  usb_config_prop
368  usb_control_prop
369}:property_service set;
370
371neverallow {
372  -init
373  -system_server
374} {
375  provisioned_prop
376  retaildemo_prop
377}:property_service set;
378
379neverallow {
380  -coredomain
381  -vendor_init
382} {
383  provisioned_prop
384  retaildemo_prop
385}:file no_rw_file_perms;
386
387neverallow {
388  -init
389} {
390  init_service_status_private_prop
391  init_service_status_prop
392}:property_service set;
393
394neverallow {
395  -init
396  -radio
397  -appdomain
398  -hal_telephony_server
399  not_compatible_property(`-vendor_init')
400} telephony_status_prop:property_service set;
401
402neverallow {
403  -init
404  -vendor_init
405} {
406  graphics_config_prop
407}:property_service set;
408
409neverallow {
410  -coredomain
411  -appdomain
412  -vendor_init
413} packagemanager_config_prop:file no_rw_file_perms;
414
415neverallow {
416  -coredomain
417  -vendor_init
418} keyguard_config_prop:file no_rw_file_perms;
419
420neverallow {
421  -init
422} {
423  localization_prop
424}:property_service set;
425
426neverallow {
427  -init
428  -vendor_init
429  -dumpstate
430  -system_app
431} oem_unlock_prop:file no_rw_file_perms;
432
433neverallow {
434  -coredomain
435  -vendor_init
436} storagemanager_config_prop:file no_rw_file_perms;
437
438neverallow {
439  -init
440  -vendor_init
441  -dumpstate
442  -appdomain
443} sendbug_config_prop:file no_rw_file_perms;
444
445neverallow {
446  -init
447  -vendor_init
448  -dumpstate
449  -appdomain
450} camera_calibration_prop:file no_rw_file_perms;
451