• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Properties used only in /system
2system_internal_prop(apexd_prop)
3system_internal_prop(bootloader_boot_reason_prop)
4system_internal_prop(device_config_activity_manager_native_boot_prop)
5system_internal_prop(device_config_boot_count_prop)
6system_internal_prop(device_config_input_native_boot_prop)
7system_internal_prop(device_config_media_native_prop)
8system_internal_prop(device_config_netd_native_prop)
9system_internal_prop(device_config_reset_performed_prop)
10system_internal_prop(device_config_runtime_native_boot_prop)
11system_internal_prop(device_config_runtime_native_prop)
12system_internal_prop(device_config_storage_native_boot_prop)
13system_internal_prop(device_config_sys_traced_prop)
14system_internal_prop(device_config_window_manager_native_boot_prop)
15system_internal_prop(device_config_configuration_prop)
16system_internal_prop(firstboot_prop)
17system_internal_prop(fastbootd_protocol_prop)
18system_internal_prop(gsid_prop)
19system_internal_prop(init_perf_lsm_hooks_prop)
20system_internal_prop(init_svc_debug_prop)
21system_internal_prop(last_boot_reason_prop)
22system_internal_prop(netd_stable_secret_prop)
23system_internal_prop(pm_prop)
24system_internal_prop(userspace_reboot_log_prop)
25system_internal_prop(userspace_reboot_test_prop)
26system_internal_prop(system_adbd_prop)
27system_internal_prop(adbd_prop)
28system_internal_prop(traced_perf_enabled_prop)
29
30compatible_property_only(`
31    # DO NOT ADD ANY PROPERTIES HERE
32    system_internal_prop(boottime_prop)
33    system_internal_prop(bpf_progs_loaded_prop)
34    system_internal_prop(charger_prop)
35    system_internal_prop(cold_boot_done_prop)
36    system_internal_prop(ctl_adbd_prop)
37    system_internal_prop(ctl_apexd_prop)
38    system_internal_prop(ctl_bootanim_prop)
39    system_internal_prop(ctl_bugreport_prop)
40    system_internal_prop(ctl_console_prop)
41    system_internal_prop(ctl_dumpstate_prop)
42    system_internal_prop(ctl_fuse_prop)
43    system_internal_prop(ctl_gsid_prop)
44    system_internal_prop(ctl_interface_restart_prop)
45    system_internal_prop(ctl_interface_stop_prop)
46    system_internal_prop(ctl_mdnsd_prop)
47    system_internal_prop(ctl_restart_prop)
48    system_internal_prop(ctl_rildaemon_prop)
49    system_internal_prop(ctl_sigstop_prop)
50    system_internal_prop(dynamic_system_prop)
51    system_internal_prop(heapprofd_enabled_prop)
52    system_internal_prop(llkd_prop)
53    system_internal_prop(lpdumpd_prop)
54    system_internal_prop(mmc_prop)
55    system_internal_prop(mock_ota_prop)
56    system_internal_prop(net_dns_prop)
57    system_internal_prop(overlay_prop)
58    system_internal_prop(persistent_properties_ready_prop)
59    system_internal_prop(safemode_prop)
60    system_internal_prop(system_lmk_prop)
61    system_internal_prop(system_trace_prop)
62    system_internal_prop(test_boot_reason_prop)
63    system_internal_prop(time_prop)
64    system_internal_prop(traced_enabled_prop)
65    system_internal_prop(traced_lazy_prop)
66')
67
68# Properties which can't be written outside system
69
70# Properties used by binder caches
71system_restricted_prop(binder_cache_bluetooth_server_prop)
72system_restricted_prop(binder_cache_system_server_prop)
73system_restricted_prop(binder_cache_telephony_server_prop)
74system_restricted_prop(boottime_public_prop)
75system_restricted_prop(bq_config_prop)
76system_restricted_prop(module_sdkextensions_prop)
77system_restricted_prop(nnapi_ext_deny_product_prop)
78system_restricted_prop(restorecon_prop)
79system_restricted_prop(socket_hook_prop)
80system_restricted_prop(surfaceflinger_display_prop)
81system_restricted_prop(system_boot_reason_prop)
82system_restricted_prop(system_jvmti_agent_prop)
83system_restricted_prop(userspace_reboot_exported_prop)
84
85compatible_property_only(`
86    # DO NOT ADD ANY PROPERTIES HERE
87    system_restricted_prop(config_prop)
88    system_restricted_prop(cppreopt_prop)
89    system_restricted_prop(dalvik_prop)
90    system_restricted_prop(debuggerd_prop)
91    system_restricted_prop(default_prop)
92    system_restricted_prop(device_logging_prop)
93    system_restricted_prop(dhcp_prop)
94    system_restricted_prop(dumpstate_prop)
95    system_restricted_prop(exported2_default_prop)
96    system_restricted_prop(exported3_system_prop)
97    system_restricted_prop(exported_dumpstate_prop)
98    system_restricted_prop(exported_fingerprint_prop)
99    system_restricted_prop(exported_secure_prop)
100    system_restricted_prop(exported_vold_prop)
101    system_restricted_prop(ffs_prop)
102    system_restricted_prop(fingerprint_prop)
103    system_restricted_prop(heapprofd_prop)
104    system_restricted_prop(net_radio_prop)
105    system_restricted_prop(pan_result_prop)
106    system_restricted_prop(persist_debug_prop)
107    system_restricted_prop(shell_prop)
108    system_restricted_prop(system_radio_prop)
109    system_restricted_prop(test_harness_prop)
110    system_restricted_prop(theme_prop)
111    system_restricted_prop(use_memfd_prop)
112    system_restricted_prop(vold_prop)
113')
114
115# Properties which can be written only by vendor_init
116system_vendor_config_prop(apk_verity_prop)
117system_vendor_config_prop(cpu_variant_prop)
118system_vendor_config_prop(exported_audio_prop)
119system_vendor_config_prop(exported_camera_prop)
120system_vendor_config_prop(exported_config_prop)
121system_vendor_config_prop(exported_default_prop)
122system_vendor_config_prop(exported3_default_prop)
123system_vendor_config_prop(graphics_config_prop)
124system_vendor_config_prop(incremental_prop)
125system_vendor_config_prop(media_variant_prop)
126system_vendor_config_prop(storage_config_prop)
127system_vendor_config_prop(userspace_reboot_config_prop)
128system_vendor_config_prop(vehicle_hal_prop)
129system_vendor_config_prop(vendor_security_patch_level_prop)
130system_vendor_config_prop(vendor_socket_hook_prop)
131system_vendor_config_prop(vndk_prop)
132system_vendor_config_prop(virtual_ab_prop)
133
134# Properties with no restrictions
135system_public_prop(adbd_config_prop)
136system_public_prop(audio_prop)
137system_public_prop(bluetooth_a2dp_offload_prop)
138system_public_prop(bluetooth_audio_hal_prop)
139system_public_prop(bluetooth_prop)
140system_public_prop(ctl_default_prop)
141system_public_prop(ctl_interface_start_prop)
142system_public_prop(ctl_start_prop)
143system_public_prop(ctl_stop_prop)
144system_public_prop(debug_prop)
145system_public_prop(dumpstate_options_prop)
146system_public_prop(exported_system_prop)
147system_public_prop(exported2_config_prop)
148system_public_prop(exported2_radio_prop)
149system_public_prop(exported2_system_prop)
150system_public_prop(exported2_vold_prop)
151system_public_prop(exported3_radio_prop)
152system_public_prop(exported_bluetooth_prop)
153system_public_prop(exported_dalvik_prop)
154system_public_prop(exported_ffs_prop)
155system_public_prop(exported_overlay_prop)
156system_public_prop(exported_pm_prop)
157system_public_prop(exported_radio_prop)
158system_public_prop(exported_system_radio_prop)
159system_public_prop(exported_wifi_prop)
160system_public_prop(sota_prop)
161system_public_prop(hwservicemanager_prop)
162system_public_prop(lmkd_prop)
163system_public_prop(logd_prop)
164system_public_prop(logpersistd_logging_prop)
165system_public_prop(log_prop)
166system_public_prop(log_tag_prop)
167system_public_prop(lowpan_prop)
168system_public_prop(nfc_prop)
169system_public_prop(ota_prop)
170system_public_prop(powerctl_prop)
171system_public_prop(radio_prop)
172system_public_prop(serialno_prop)
173system_public_prop(system_prop)
174system_public_prop(wifi_log_prop)
175system_public_prop(wifi_prop)
176
177# Properties used in default HAL implementations
178vendor_internal_prop(rebootescrow_hal_prop)
179
180# Properties which are public for devices launching with Android O or earlier
181# This should not be used for any new properties.
182not_compatible_property(`
183    # DO NOT ADD ANY PROPERTIES HERE
184    system_public_prop(boottime_prop)
185    system_public_prop(bpf_progs_loaded_prop)
186    system_public_prop(charger_prop)
187    system_public_prop(cold_boot_done_prop)
188    system_public_prop(ctl_adbd_prop)
189    system_public_prop(ctl_apexd_prop)
190    system_public_prop(ctl_bootanim_prop)
191    system_public_prop(ctl_bugreport_prop)
192    system_public_prop(ctl_console_prop)
193    system_public_prop(ctl_dumpstate_prop)
194    system_public_prop(ctl_fuse_prop)
195    system_public_prop(ctl_gsid_prop)
196    system_public_prop(ctl_interface_restart_prop)
197    system_public_prop(ctl_interface_stop_prop)
198    system_public_prop(ctl_mdnsd_prop)
199    system_public_prop(ctl_restart_prop)
200    system_public_prop(ctl_rildaemon_prop)
201    system_public_prop(ctl_sigstop_prop)
202    system_public_prop(dynamic_system_prop)
203    system_public_prop(heapprofd_enabled_prop)
204    system_public_prop(llkd_prop)
205    system_public_prop(lpdumpd_prop)
206    system_public_prop(mmc_prop)
207    system_public_prop(mock_ota_prop)
208    system_public_prop(net_dns_prop)
209    system_public_prop(overlay_prop)
210    system_public_prop(persistent_properties_ready_prop)
211    system_public_prop(safemode_prop)
212    system_public_prop(system_lmk_prop)
213    system_public_prop(system_trace_prop)
214    system_public_prop(test_boot_reason_prop)
215    system_public_prop(time_prop)
216    system_public_prop(traced_enabled_prop)
217    system_public_prop(traced_lazy_prop)
218
219    system_public_prop(config_prop)
220    system_public_prop(cppreopt_prop)
221    system_public_prop(dalvik_prop)
222    system_public_prop(debuggerd_prop)
223    system_public_prop(default_prop)
224    system_public_prop(device_logging_prop)
225    system_public_prop(dhcp_prop)
226    system_public_prop(dumpstate_prop)
227    system_public_prop(exported2_default_prop)
228    system_public_prop(exported3_system_prop)
229    system_public_prop(exported_dumpstate_prop)
230    system_public_prop(exported_fingerprint_prop)
231    system_public_prop(exported_secure_prop)
232    system_public_prop(exported_vold_prop)
233    system_public_prop(ffs_prop)
234    system_public_prop(fingerprint_prop)
235    system_public_prop(heapprofd_prop)
236    system_public_prop(net_radio_prop)
237    system_public_prop(pan_result_prop)
238    system_public_prop(persist_debug_prop)
239    system_public_prop(shell_prop)
240    system_public_prop(system_radio_prop)
241    system_public_prop(test_harness_prop)
242    system_public_prop(theme_prop)
243    system_public_prop(use_memfd_prop)
244    system_public_prop(vold_prop)
245')
246
247type vendor_default_prop, property_type;
248
249typeattribute log_prop log_property_type;
250typeattribute log_tag_prop log_property_type;
251typeattribute wifi_log_prop log_property_type;
252
253allow property_type tmpfs:filesystem associate;
254
255###
256### Neverallow rules
257###
258
259treble_sysprop_neverallow(`
260
261# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
262# neverallow domain {
263#   property_type
264#   -system_property_type
265#   -product_property_type
266#   -vendor_property_type
267# }:file no_rw_file_perms;
268
269neverallow { domain -coredomain } {
270  system_property_type
271  system_internal_property_type
272  -system_restricted_property_type
273  -system_public_property_type
274}:file no_rw_file_perms;
275
276neverallow { domain -coredomain } {
277  system_property_type
278  -system_public_property_type
279}:property_service set;
280
281# init is in coredomain, but should be able to read/write all props.
282# dumpstate is also in coredomain, but should be able to read all props.
283neverallow { coredomain -init -dumpstate } {
284  vendor_property_type
285  vendor_internal_property_type
286  -vendor_restricted_property_type
287  -vendor_public_property_type
288}:file no_rw_file_perms;
289
290neverallow { coredomain -init } {
291  vendor_property_type
292  -vendor_public_property_type
293}:property_service set;
294
295')
296
297# There is no need to perform ioctl or advisory locking operations on
298# property files. If this neverallow is being triggered, it is
299# likely that the policy is using r_file_perms directly instead of
300# the get_prop() macro.
301neverallow domain property_type:file { ioctl lock };
302
303# core_property_type should not be used for new properties or
304# device specific properties. Properties with this attribute
305# are readable to everyone, which is overly broad and should
306# be avoided.
307# New properties should have appropriate read / write access
308# control rules written.
309
310typeattribute audio_prop         core_property_type;
311typeattribute config_prop        core_property_type;
312typeattribute cppreopt_prop      core_property_type;
313typeattribute dalvik_prop        core_property_type;
314typeattribute debuggerd_prop     core_property_type;
315typeattribute debug_prop         core_property_type;
316typeattribute default_prop       core_property_type;
317typeattribute dhcp_prop          core_property_type;
318typeattribute dumpstate_prop     core_property_type;
319typeattribute ffs_prop           core_property_type;
320typeattribute fingerprint_prop   core_property_type;
321typeattribute logd_prop          core_property_type;
322typeattribute net_radio_prop     core_property_type;
323typeattribute nfc_prop           core_property_type;
324typeattribute ota_prop           core_property_type;
325typeattribute pan_result_prop    core_property_type;
326typeattribute persist_debug_prop core_property_type;
327typeattribute powerctl_prop      core_property_type;
328typeattribute radio_prop         core_property_type;
329typeattribute restorecon_prop    core_property_type;
330typeattribute shell_prop         core_property_type;
331typeattribute system_prop        core_property_type;
332typeattribute system_radio_prop  core_property_type;
333typeattribute vold_prop          core_property_type;
334
335neverallow * {
336  core_property_type
337  -audio_prop
338  -config_prop
339  -cppreopt_prop
340  -dalvik_prop
341  -debuggerd_prop
342  -debug_prop
343  -default_prop
344  -dhcp_prop
345  -dumpstate_prop
346  -ffs_prop
347  -fingerprint_prop
348  -logd_prop
349  -net_radio_prop
350  -nfc_prop
351  -ota_prop
352  -pan_result_prop
353  -persist_debug_prop
354  -powerctl_prop
355  -radio_prop
356  -restorecon_prop
357  -shell_prop
358  -system_prop
359  -system_radio_prop
360  -vold_prop
361}:file no_rw_file_perms;
362
363# sigstop property is only used for debugging; should only be set by su which is permissive
364# for userdebug/eng
365neverallow {
366  domain
367  -init
368  -vendor_init
369} ctl_sigstop_prop:property_service set;
370
371# Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
372# in the audit log
373dontaudit domain {
374  ctl_bootanim_prop
375  ctl_bugreport_prop
376  ctl_console_prop
377  ctl_default_prop
378  ctl_dumpstate_prop
379  ctl_fuse_prop
380  ctl_mdnsd_prop
381  ctl_rildaemon_prop
382}:property_service set;
383
384neverallow {
385  domain
386  -init
387} init_svc_debug_prop:property_service set;
388
389neverallow {
390  domain
391  -init
392  -dumpstate
393  userdebug_or_eng(`-su')
394} init_svc_debug_prop:file no_rw_file_perms;
395
396compatible_property_only(`
397# Prevent properties from being set
398  neverallow {
399    domain
400    -coredomain
401    -appdomain
402    -vendor_init
403  } {
404    core_property_type
405    extended_core_property_type
406    exported_config_prop
407    exported_dalvik_prop
408    exported_default_prop
409    exported_dumpstate_prop
410    exported_ffs_prop
411    exported_fingerprint_prop
412    exported_system_prop
413    exported_system_radio_prop
414    exported_vold_prop
415    exported2_config_prop
416    exported2_default_prop
417    exported2_system_prop
418    exported2_vold_prop
419    exported3_default_prop
420    exported3_system_prop
421    -nfc_prop
422    -powerctl_prop
423    -radio_prop
424  }:property_service set;
425
426  neverallow {
427    domain
428    -coredomain
429    -appdomain
430    -hal_nfc_server
431  } {
432    nfc_prop
433  }:property_service set;
434
435  neverallow {
436    domain
437    -coredomain
438    -appdomain
439    -hal_telephony_server
440    -vendor_init
441  } {
442    exported_radio_prop
443    exported3_radio_prop
444  }:property_service set;
445
446  neverallow {
447    domain
448    -coredomain
449    -appdomain
450    -hal_telephony_server
451  } {
452    exported2_radio_prop
453    radio_prop
454  }:property_service set;
455
456  neverallow {
457    domain
458    -coredomain
459    -bluetooth
460    -hal_bluetooth_server
461  } {
462    bluetooth_prop
463  }:property_service set;
464
465  neverallow {
466    domain
467    -coredomain
468    -bluetooth
469    -hal_bluetooth_server
470    -vendor_init
471  } {
472    exported_bluetooth_prop
473  }:property_service set;
474
475  neverallow {
476    domain
477    -coredomain
478    -hal_camera_server
479    -cameraserver
480    -vendor_init
481  } {
482    exported_camera_prop
483  }:property_service set;
484
485  neverallow {
486    domain
487    -coredomain
488    -hal_wifi_server
489    -wificond
490  } {
491    wifi_prop
492  }:property_service set;
493
494  neverallow {
495    domain
496    -coredomain
497    -hal_wifi_server
498    -wificond
499    -vendor_init
500  } {
501    exported_wifi_prop
502  }:property_service set;
503
504# Prevent properties from being read
505  neverallow {
506    domain
507    -coredomain
508    -appdomain
509    -vendor_init
510  } {
511    core_property_type
512    extended_core_property_type
513    exported_dalvik_prop
514    exported_ffs_prop
515    exported_system_radio_prop
516    exported2_config_prop
517    exported2_system_prop
518    exported2_vold_prop
519    exported3_default_prop
520    exported3_system_prop
521    -debug_prop
522    -logd_prop
523    -nfc_prop
524    -powerctl_prop
525    -radio_prop
526  }:file no_rw_file_perms;
527
528  neverallow {
529    domain
530    -coredomain
531    -appdomain
532    -hal_nfc_server
533  } {
534    nfc_prop
535  }:file no_rw_file_perms;
536
537  neverallow {
538    domain
539    -coredomain
540    -appdomain
541    -hal_telephony_server
542  } {
543    radio_prop
544  }:file no_rw_file_perms;
545
546  neverallow {
547    domain
548    -coredomain
549    -bluetooth
550    -hal_bluetooth_server
551  } {
552    bluetooth_prop
553  }:file no_rw_file_perms;
554
555  neverallow {
556    domain
557    -coredomain
558    -hal_wifi_server
559    -wificond
560  } {
561    wifi_prop
562  }:file no_rw_file_perms;
563')
564
565compatible_property_only(`
566  # Neverallow coredomain to set vendor properties
567  neverallow {
568    coredomain
569    -init
570    -system_writes_vendor_properties_violators
571  } {
572    property_type
573    -system_property_type
574    -extended_core_property_type
575  }:property_service set;
576')
577
578neverallow {
579  -init
580  -system_server
581} {
582  userspace_reboot_log_prop
583}:property_service set;
584
585neverallow {
586  # Only allow init and system_server to set system_adbd_prop
587  -init
588  -system_server
589} {
590  system_adbd_prop
591}:property_service set;
592
593neverallow {
594  # Only allow init and adbd to set adbd_prop
595  -init
596  -adbd
597} {
598  adbd_prop
599}:property_service set;
600
601neverallow {
602  # Only allow init and shell to set userspace_reboot_test_prop
603  -init
604  -shell
605} {
606  userspace_reboot_test_prop
607}:property_service set;
608
609neverallow {
610  -init
611  -vendor_init
612} {
613  graphics_config_prop
614}:property_service set;
615
616neverallow {
617  -init
618  -surfaceflinger
619} {
620  surfaceflinger_display_prop
621}:property_service set;
622