• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Properties used only in /system
2system_internal_prop(apexd_prop)
3system_internal_prop(bootloader_boot_reason_prop)
4system_internal_prop(device_config_activity_manager_native_boot_prop)
5system_internal_prop(device_config_boot_count_prop)
6system_internal_prop(device_config_input_native_boot_prop)
7system_internal_prop(device_config_media_native_prop)
8system_internal_prop(device_config_netd_native_prop)
9system_internal_prop(device_config_reset_performed_prop)
10system_internal_prop(device_config_runtime_native_boot_prop)
11system_internal_prop(device_config_runtime_native_prop)
12system_internal_prop(device_config_storage_native_boot_prop)
13system_internal_prop(device_config_sys_traced_prop)
14system_internal_prop(device_config_window_manager_native_boot_prop)
15system_internal_prop(device_config_configuration_prop)
16system_internal_prop(firstboot_prop)
17system_internal_prop(fastbootd_protocol_prop)
18system_internal_prop(gsid_prop)
19system_internal_prop(init_perf_lsm_hooks_prop)
20system_internal_prop(init_svc_debug_prop)
21system_internal_prop(last_boot_reason_prop)
22system_internal_prop(netd_stable_secret_prop)
23system_internal_prop(pm_prop)
24system_internal_prop(userspace_reboot_log_prop)
25system_internal_prop(userspace_reboot_test_prop)
26system_internal_prop(system_adbd_prop)
27system_internal_prop(adbd_prop)
28system_internal_prop(traced_perf_enabled_prop)
29
30compatible_property_only(`
31    # DO NOT ADD ANY PROPERTIES HERE
32    system_internal_prop(boottime_prop)
33    system_internal_prop(bpf_progs_loaded_prop)
34    system_internal_prop(charger_prop)
35    system_internal_prop(cold_boot_done_prop)
36    system_internal_prop(ctl_adbd_prop)
37    system_internal_prop(ctl_apexd_prop)
38    system_internal_prop(ctl_bootanim_prop)
39    system_internal_prop(ctl_bugreport_prop)
40    system_internal_prop(ctl_console_prop)
41    system_internal_prop(ctl_dumpstate_prop)
42    system_internal_prop(ctl_fuse_prop)
43    system_internal_prop(ctl_gsid_prop)
44    system_internal_prop(ctl_interface_restart_prop)
45    system_internal_prop(ctl_interface_stop_prop)
46    system_internal_prop(ctl_mdnsd_prop)
47    system_internal_prop(ctl_restart_prop)
48    system_internal_prop(ctl_rildaemon_prop)
49    system_internal_prop(ctl_sigstop_prop)
50    system_internal_prop(dynamic_system_prop)
51    system_internal_prop(heapprofd_enabled_prop)
52    system_internal_prop(llkd_prop)
53    system_internal_prop(lpdumpd_prop)
54    system_internal_prop(mmc_prop)
55    system_internal_prop(mock_ota_prop)
56    system_internal_prop(net_dns_prop)
57    system_internal_prop(overlay_prop)
58    system_internal_prop(persistent_properties_ready_prop)
59    system_internal_prop(safemode_prop)
60    system_internal_prop(system_lmk_prop)
61    system_internal_prop(system_trace_prop)
62    system_internal_prop(test_boot_reason_prop)
63    system_internal_prop(time_prop)
64    system_internal_prop(traced_enabled_prop)
65    system_internal_prop(traced_lazy_prop)
66')
67
68# Properties which can't be written outside system
69
70# Properties used by binder caches
71system_restricted_prop(binder_cache_bluetooth_server_prop)
72system_restricted_prop(binder_cache_system_server_prop)
73system_restricted_prop(binder_cache_telephony_server_prop)
74system_restricted_prop(boottime_public_prop)
75system_restricted_prop(bq_config_prop)
76system_restricted_prop(module_sdkextensions_prop)
77system_restricted_prop(nnapi_ext_deny_product_prop)
78system_restricted_prop(restorecon_prop)
79system_restricted_prop(socket_hook_prop)
80system_restricted_prop(surfaceflinger_display_prop)
81system_restricted_prop(system_boot_reason_prop)
82system_restricted_prop(system_jvmti_agent_prop)
83system_restricted_prop(userspace_reboot_exported_prop)
84
85compatible_property_only(`
86    # DO NOT ADD ANY PROPERTIES HERE
87    system_restricted_prop(config_prop)
88    system_restricted_prop(cppreopt_prop)
89    system_restricted_prop(dalvik_prop)
90    system_restricted_prop(debuggerd_prop)
91    system_restricted_prop(default_prop)
92    system_restricted_prop(device_logging_prop)
93    system_restricted_prop(dhcp_prop)
94    system_restricted_prop(dumpstate_prop)
95    system_restricted_prop(exported2_default_prop)
96    system_restricted_prop(exported3_system_prop)
97    system_restricted_prop(exported_dumpstate_prop)
98    system_restricted_prop(exported_fingerprint_prop)
99    system_restricted_prop(exported_secure_prop)
100    system_restricted_prop(exported_vold_prop)
101    system_restricted_prop(ffs_prop)
102    system_restricted_prop(fingerprint_prop)
103    system_restricted_prop(heapprofd_prop)
104    system_restricted_prop(net_radio_prop)
105    system_restricted_prop(pan_result_prop)
106    system_restricted_prop(persist_debug_prop)
107    system_restricted_prop(shell_prop)
108    system_restricted_prop(system_radio_prop)
109    system_restricted_prop(test_harness_prop)
110    system_restricted_prop(theme_prop)
111    system_restricted_prop(use_memfd_prop)
112    system_restricted_prop(vold_prop)
113')
114
115# Properties which can be written only by vendor_init
116system_vendor_config_prop(apk_verity_prop)
117system_vendor_config_prop(cpu_variant_prop)
118system_vendor_config_prop(exported_audio_prop)
119system_vendor_config_prop(exported_camera_prop)
120system_vendor_config_prop(exported_config_prop)
121system_vendor_config_prop(exported_default_prop)
122system_vendor_config_prop(exported3_default_prop)
123system_vendor_config_prop(graphics_config_prop)
124system_vendor_config_prop(incremental_prop)
125system_vendor_config_prop(media_variant_prop)
126system_vendor_config_prop(storage_config_prop)
127system_vendor_config_prop(userspace_reboot_config_prop)
128system_vendor_config_prop(vehicle_hal_prop)
129system_vendor_config_prop(vendor_security_patch_level_prop)
130system_vendor_config_prop(vendor_socket_hook_prop)
131system_vendor_config_prop(vndk_prop)
132system_vendor_config_prop(virtual_ab_prop)
133
134# Properties with no restrictions
135system_public_prop(audio_prop)
136system_public_prop(bluetooth_a2dp_offload_prop)
137system_public_prop(bluetooth_audio_hal_prop)
138system_public_prop(bluetooth_prop)
139system_public_prop(ctl_default_prop)
140system_public_prop(ctl_interface_start_prop)
141system_public_prop(ctl_start_prop)
142system_public_prop(ctl_stop_prop)
143system_public_prop(debug_prop)
144system_public_prop(dumpstate_options_prop)
145system_public_prop(exported_system_prop)
146system_public_prop(exported2_config_prop)
147system_public_prop(exported2_radio_prop)
148system_public_prop(exported2_system_prop)
149system_public_prop(exported2_vold_prop)
150system_public_prop(exported3_radio_prop)
151system_public_prop(exported_bluetooth_prop)
152system_public_prop(exported_dalvik_prop)
153system_public_prop(exported_ffs_prop)
154system_public_prop(exported_overlay_prop)
155system_public_prop(exported_pm_prop)
156system_public_prop(exported_radio_prop)
157system_public_prop(exported_system_radio_prop)
158system_public_prop(exported_wifi_prop)
159system_public_prop(sota_prop)
160system_public_prop(hwservicemanager_prop)
161system_public_prop(lmkd_prop)
162system_public_prop(logd_prop)
163system_public_prop(logpersistd_logging_prop)
164system_public_prop(log_prop)
165system_public_prop(log_tag_prop)
166system_public_prop(lowpan_prop)
167system_public_prop(nfc_prop)
168system_public_prop(ota_prop)
169system_public_prop(powerctl_prop)
170system_public_prop(radio_prop)
171system_public_prop(serialno_prop)
172system_public_prop(system_prop)
173system_public_prop(wifi_log_prop)
174system_public_prop(wifi_prop)
175
176# Properties used in default HAL implementations
177vendor_internal_prop(rebootescrow_hal_prop)
178
179# Properties which are public for devices launching with Android O or earlier
180# This should not be used for any new properties.
181not_compatible_property(`
182    # DO NOT ADD ANY PROPERTIES HERE
183    system_public_prop(boottime_prop)
184    system_public_prop(bpf_progs_loaded_prop)
185    system_public_prop(charger_prop)
186    system_public_prop(cold_boot_done_prop)
187    system_public_prop(ctl_adbd_prop)
188    system_public_prop(ctl_apexd_prop)
189    system_public_prop(ctl_bootanim_prop)
190    system_public_prop(ctl_bugreport_prop)
191    system_public_prop(ctl_console_prop)
192    system_public_prop(ctl_dumpstate_prop)
193    system_public_prop(ctl_fuse_prop)
194    system_public_prop(ctl_gsid_prop)
195    system_public_prop(ctl_interface_restart_prop)
196    system_public_prop(ctl_interface_stop_prop)
197    system_public_prop(ctl_mdnsd_prop)
198    system_public_prop(ctl_restart_prop)
199    system_public_prop(ctl_rildaemon_prop)
200    system_public_prop(ctl_sigstop_prop)
201    system_public_prop(dynamic_system_prop)
202    system_public_prop(heapprofd_enabled_prop)
203    system_public_prop(llkd_prop)
204    system_public_prop(lpdumpd_prop)
205    system_public_prop(mmc_prop)
206    system_public_prop(mock_ota_prop)
207    system_public_prop(net_dns_prop)
208    system_public_prop(overlay_prop)
209    system_public_prop(persistent_properties_ready_prop)
210    system_public_prop(safemode_prop)
211    system_public_prop(system_lmk_prop)
212    system_public_prop(system_trace_prop)
213    system_public_prop(test_boot_reason_prop)
214    system_public_prop(time_prop)
215    system_public_prop(traced_enabled_prop)
216    system_public_prop(traced_lazy_prop)
217
218    system_public_prop(config_prop)
219    system_public_prop(cppreopt_prop)
220    system_public_prop(dalvik_prop)
221    system_public_prop(debuggerd_prop)
222    system_public_prop(default_prop)
223    system_public_prop(device_logging_prop)
224    system_public_prop(dhcp_prop)
225    system_public_prop(dumpstate_prop)
226    system_public_prop(exported2_default_prop)
227    system_public_prop(exported3_system_prop)
228    system_public_prop(exported_dumpstate_prop)
229    system_public_prop(exported_fingerprint_prop)
230    system_public_prop(exported_secure_prop)
231    system_public_prop(exported_vold_prop)
232    system_public_prop(ffs_prop)
233    system_public_prop(fingerprint_prop)
234    system_public_prop(heapprofd_prop)
235    system_public_prop(net_radio_prop)
236    system_public_prop(pan_result_prop)
237    system_public_prop(persist_debug_prop)
238    system_public_prop(shell_prop)
239    system_public_prop(system_radio_prop)
240    system_public_prop(test_harness_prop)
241    system_public_prop(theme_prop)
242    system_public_prop(use_memfd_prop)
243    system_public_prop(vold_prop)
244')
245
246type vendor_default_prop, property_type;
247
248typeattribute log_prop log_property_type;
249typeattribute log_tag_prop log_property_type;
250typeattribute wifi_log_prop log_property_type;
251
252allow property_type tmpfs:filesystem associate;
253
254###
255### Neverallow rules
256###
257
258treble_sysprop_neverallow(`
259
260# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
261# neverallow domain {
262#   property_type
263#   -system_property_type
264#   -product_property_type
265#   -vendor_property_type
266# }:file no_rw_file_perms;
267
268neverallow { domain -coredomain } {
269  system_property_type
270  system_internal_property_type
271  -system_restricted_property_type
272  -system_public_property_type
273}:file no_rw_file_perms;
274
275neverallow { domain -coredomain } {
276  system_property_type
277  -system_public_property_type
278}:property_service set;
279
280# init is in coredomain, but should be able to read/write all props.
281# dumpstate is also in coredomain, but should be able to read all props.
282neverallow { coredomain -init -dumpstate } {
283  vendor_property_type
284  vendor_internal_property_type
285  -vendor_restricted_property_type
286  -vendor_public_property_type
287}:file no_rw_file_perms;
288
289neverallow { coredomain -init } {
290  vendor_property_type
291  -vendor_public_property_type
292}:property_service set;
293
294')
295
296# There is no need to perform ioctl or advisory locking operations on
297# property files. If this neverallow is being triggered, it is
298# likely that the policy is using r_file_perms directly instead of
299# the get_prop() macro.
300neverallow domain property_type:file { ioctl lock };
301
302# core_property_type should not be used for new properties or
303# device specific properties. Properties with this attribute
304# are readable to everyone, which is overly broad and should
305# be avoided.
306# New properties should have appropriate read / write access
307# control rules written.
308
309typeattribute audio_prop         core_property_type;
310typeattribute config_prop        core_property_type;
311typeattribute cppreopt_prop      core_property_type;
312typeattribute dalvik_prop        core_property_type;
313typeattribute debuggerd_prop     core_property_type;
314typeattribute debug_prop         core_property_type;
315typeattribute default_prop       core_property_type;
316typeattribute dhcp_prop          core_property_type;
317typeattribute dumpstate_prop     core_property_type;
318typeattribute ffs_prop           core_property_type;
319typeattribute fingerprint_prop   core_property_type;
320typeattribute logd_prop          core_property_type;
321typeattribute net_radio_prop     core_property_type;
322typeattribute nfc_prop           core_property_type;
323typeattribute ota_prop           core_property_type;
324typeattribute pan_result_prop    core_property_type;
325typeattribute persist_debug_prop core_property_type;
326typeattribute powerctl_prop      core_property_type;
327typeattribute radio_prop         core_property_type;
328typeattribute restorecon_prop    core_property_type;
329typeattribute shell_prop         core_property_type;
330typeattribute system_prop        core_property_type;
331typeattribute system_radio_prop  core_property_type;
332typeattribute vold_prop          core_property_type;
333
334neverallow * {
335  core_property_type
336  -audio_prop
337  -config_prop
338  -cppreopt_prop
339  -dalvik_prop
340  -debuggerd_prop
341  -debug_prop
342  -default_prop
343  -dhcp_prop
344  -dumpstate_prop
345  -ffs_prop
346  -fingerprint_prop
347  -logd_prop
348  -net_radio_prop
349  -nfc_prop
350  -ota_prop
351  -pan_result_prop
352  -persist_debug_prop
353  -powerctl_prop
354  -radio_prop
355  -restorecon_prop
356  -shell_prop
357  -system_prop
358  -system_radio_prop
359  -vold_prop
360}:file no_rw_file_perms;
361
362# sigstop property is only used for debugging; should only be set by su which is permissive
363# for userdebug/eng
364neverallow {
365  domain
366  -init
367  -vendor_init
368} ctl_sigstop_prop:property_service set;
369
370# Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
371# in the audit log
372dontaudit domain {
373  ctl_bootanim_prop
374  ctl_bugreport_prop
375  ctl_console_prop
376  ctl_default_prop
377  ctl_dumpstate_prop
378  ctl_fuse_prop
379  ctl_mdnsd_prop
380  ctl_rildaemon_prop
381}:property_service set;
382
383neverallow {
384  domain
385  -init
386} init_svc_debug_prop:property_service set;
387
388neverallow {
389  domain
390  -init
391  -dumpstate
392  userdebug_or_eng(`-su')
393} init_svc_debug_prop:file no_rw_file_perms;
394
395compatible_property_only(`
396# Prevent properties from being set
397  neverallow {
398    domain
399    -coredomain
400    -appdomain
401    -vendor_init
402  } {
403    core_property_type
404    extended_core_property_type
405    exported_config_prop
406    exported_dalvik_prop
407    exported_default_prop
408    exported_dumpstate_prop
409    exported_ffs_prop
410    exported_fingerprint_prop
411    exported_system_prop
412    exported_system_radio_prop
413    exported_vold_prop
414    exported2_config_prop
415    exported2_default_prop
416    exported2_system_prop
417    exported2_vold_prop
418    exported3_default_prop
419    exported3_system_prop
420    -nfc_prop
421    -powerctl_prop
422    -radio_prop
423  }:property_service set;
424
425  neverallow {
426    domain
427    -coredomain
428    -appdomain
429    -hal_nfc_server
430  } {
431    nfc_prop
432  }:property_service set;
433
434  neverallow {
435    domain
436    -coredomain
437    -appdomain
438    -hal_telephony_server
439    -vendor_init
440  } {
441    exported_radio_prop
442    exported3_radio_prop
443  }:property_service set;
444
445  neverallow {
446    domain
447    -coredomain
448    -appdomain
449    -hal_telephony_server
450  } {
451    exported2_radio_prop
452    radio_prop
453  }:property_service set;
454
455  neverallow {
456    domain
457    -coredomain
458    -bluetooth
459    -hal_bluetooth_server
460  } {
461    bluetooth_prop
462  }:property_service set;
463
464  neverallow {
465    domain
466    -coredomain
467    -bluetooth
468    -hal_bluetooth_server
469    -vendor_init
470  } {
471    exported_bluetooth_prop
472  }:property_service set;
473
474  neverallow {
475    domain
476    -coredomain
477    -hal_camera_server
478    -cameraserver
479    -vendor_init
480  } {
481    exported_camera_prop
482  }:property_service set;
483
484  neverallow {
485    domain
486    -coredomain
487    -hal_wifi_server
488    -wificond
489  } {
490    wifi_prop
491  }:property_service set;
492
493  neverallow {
494    domain
495    -coredomain
496    -hal_wifi_server
497    -wificond
498    -vendor_init
499  } {
500    exported_wifi_prop
501  }:property_service set;
502
503# Prevent properties from being read
504  neverallow {
505    domain
506    -coredomain
507    -appdomain
508    -vendor_init
509  } {
510    core_property_type
511    extended_core_property_type
512    exported_dalvik_prop
513    exported_ffs_prop
514    exported_system_radio_prop
515    exported2_config_prop
516    exported2_system_prop
517    exported2_vold_prop
518    exported3_default_prop
519    exported3_system_prop
520    -debug_prop
521    -logd_prop
522    -nfc_prop
523    -powerctl_prop
524    -radio_prop
525  }:file no_rw_file_perms;
526
527  neverallow {
528    domain
529    -coredomain
530    -appdomain
531    -hal_nfc_server
532  } {
533    nfc_prop
534  }:file no_rw_file_perms;
535
536  neverallow {
537    domain
538    -coredomain
539    -appdomain
540    -hal_telephony_server
541  } {
542    radio_prop
543  }:file no_rw_file_perms;
544
545  neverallow {
546    domain
547    -coredomain
548    -bluetooth
549    -hal_bluetooth_server
550  } {
551    bluetooth_prop
552  }:file no_rw_file_perms;
553
554  neverallow {
555    domain
556    -coredomain
557    -hal_wifi_server
558    -wificond
559  } {
560    wifi_prop
561  }:file no_rw_file_perms;
562')
563
564compatible_property_only(`
565  # Neverallow coredomain to set vendor properties
566  neverallow {
567    coredomain
568    -init
569    -system_writes_vendor_properties_violators
570  } {
571    property_type
572    -system_property_type
573    -extended_core_property_type
574  }:property_service set;
575')
576
577neverallow {
578  -init
579  -system_server
580} {
581  userspace_reboot_log_prop
582}:property_service set;
583
584neverallow {
585  # Only allow init and system_server to set system_adbd_prop
586  -init
587  -system_server
588} {
589  system_adbd_prop
590}:property_service set;
591
592neverallow {
593  # Only allow init and adbd to set adbd_prop
594  -init
595  -adbd
596} {
597  adbd_prop
598}:property_service set;
599
600neverallow {
601  # Only allow init and shell to set userspace_reboot_test_prop
602  -init
603  -shell
604} {
605  userspace_reboot_test_prop
606}:property_service set;
607
608neverallow {
609  -init
610  -vendor_init
611} {
612  graphics_config_prop
613}:property_service set;
614
615neverallow {
616  -init
617  -surfaceflinger
618} {
619  surfaceflinger_display_prop
620}:property_service set;
621