1# Properties used only in /system 2system_internal_prop(adbd_prop) 3system_internal_prop(apexd_payload_metadata_prop) 4system_internal_prop(ctl_snapuserd_prop) 5system_internal_prop(crashrecovery_prop) 6system_internal_prop(device_config_core_experiments_team_internal_prop) 7system_internal_prop(device_config_lmkd_native_prop) 8system_internal_prop(device_config_mglru_native_prop) 9system_internal_prop(device_config_profcollect_native_boot_prop) 10system_internal_prop(device_config_remote_key_provisioning_native_prop) 11system_internal_prop(device_config_statsd_native_prop) 12system_internal_prop(device_config_statsd_native_boot_prop) 13system_internal_prop(device_config_storage_native_boot_prop) 14system_internal_prop(device_config_sys_traced_prop) 15system_internal_prop(device_config_window_manager_native_boot_prop) 16system_internal_prop(device_config_configuration_prop) 17system_internal_prop(device_config_connectivity_prop) 18system_internal_prop(device_config_swcodec_native_prop) 19system_internal_prop(device_config_tethering_u_or_later_native_prop) 20system_internal_prop(dmesgd_start_prop) 21system_internal_prop(fastbootd_protocol_prop) 22system_internal_prop(gsid_prop) 23system_internal_prop(init_perf_lsm_hooks_prop) 24system_internal_prop(init_service_status_private_prop) 25system_internal_prop(init_storage_prop) 26system_internal_prop(init_svc_debug_prop) 27system_internal_prop(keystore_crash_prop) 28system_internal_prop(keystore_listen_prop) 29system_internal_prop(last_boot_reason_prop) 30system_internal_prop(localization_prop) 31system_internal_prop(logd_auditrate_prop) 32system_internal_prop(lower_kptr_restrict_prop) 33system_internal_prop(net_464xlat_fromvendor_prop) 34system_internal_prop(net_connectivity_prop) 35system_internal_prop(netd_stable_secret_prop) 36system_internal_prop(next_boot_prop) 37system_internal_prop(odsign_prop) 38system_internal_prop(misctrl_prop) 39system_internal_prop(perf_drop_caches_prop) 40system_internal_prop(pm_prop) 41system_internal_prop(profcollectd_node_id_prop) 42system_internal_prop(radio_cdma_ecm_prop) 43system_internal_prop(remote_prov_prop) 44system_internal_prop(rollback_test_prop) 45system_internal_prop(setupwizard_prop) 46system_internal_prop(snapuserd_prop) 47system_internal_prop(system_adbd_prop) 48system_internal_prop(system_audio_config_prop) 49system_internal_prop(timezone_metadata_prop) 50system_internal_prop(traced_perf_enabled_prop) 51system_internal_prop(uprobestats_start_with_config_prop) 52system_internal_prop(tuner_server_ctl_prop) 53system_internal_prop(userspace_reboot_log_prop) 54system_internal_prop(userspace_reboot_test_prop) 55system_internal_prop(verity_status_prop) 56system_internal_prop(zygote_wrap_prop) 57system_internal_prop(ctl_mediatranscoding_prop) 58system_internal_prop(ctl_odsign_prop) 59system_internal_prop(virtualizationservice_prop) 60system_internal_prop(ctl_apex_load_prop) 61system_internal_prop(enable_16k_pages_prop) 62system_internal_prop(sensors_config_prop) 63system_internal_prop(hypervisor_pvmfw_prop) 64system_internal_prop(hypervisor_virtualizationmanager_prop) 65system_internal_prop(game_manager_config_prop) 66system_internal_prop(hidl_memory_prop) 67system_internal_prop(suspend_debug_prop) 68 69# Properties which can't be written outside system 70system_restricted_prop(device_config_virtualization_framework_native_prop) 71system_restricted_prop(log_file_logger_prop) 72system_restricted_prop(persist_sysui_builder_extras_prop) 73system_restricted_prop(persist_sysui_ranking_update_prop) 74 75### 76### Neverallow rules 77### 78 79treble_sysprop_neverallow(` 80 81enforce_sysprop_owner(` 82 neverallow domain { 83 property_type 84 -system_property_type 85 -product_property_type 86 -vendor_property_type 87 }:file no_rw_file_perms; 88') 89 90neverallow { domain -coredomain } { 91 system_property_type 92 system_internal_property_type 93 -system_restricted_property_type 94 -system_public_property_type 95}:file no_rw_file_perms; 96 97neverallow { domain -coredomain } { 98 system_property_type 99 -system_public_property_type 100}:property_service set; 101 102# init is in coredomain, but should be able to read/write all props. 103# dumpstate is also in coredomain, but should be able to read all props. 104neverallow { coredomain -init -dumpstate } { 105 vendor_property_type 106 vendor_internal_property_type 107 -vendor_restricted_property_type 108 -vendor_public_property_type 109}:file no_rw_file_perms; 110 111neverallow { coredomain -init } { 112 vendor_property_type 113 -vendor_public_property_type 114}:property_service set; 115 116') 117 118# There is no need to perform ioctl or advisory locking operations on 119# property files. If this neverallow is being triggered, it is 120# likely that the policy is using r_file_perms directly instead of 121# the get_prop() macro. 122neverallow domain property_type:file { ioctl lock }; 123 124neverallow * { 125 core_property_type 126 -audio_prop 127 -config_prop 128 -cppreopt_prop 129 -dalvik_prop 130 -debuggerd_prop 131 -debug_prop 132 -dhcp_prop 133 -dumpstate_prop 134 -fingerprint_prop 135 -logd_prop 136 -net_radio_prop 137 -nfc_prop 138 -ota_prop 139 -pan_result_prop 140 -persist_debug_prop 141 -powerctl_prop 142 -radio_prop 143 -restorecon_prop 144 -shell_prop 145 -system_prop 146 -usb_prop 147 -vold_prop 148}:file no_rw_file_perms; 149 150# sigstop property is only used for debugging; should only be set by su which is permissive 151# for userdebug/eng 152neverallow { 153 domain 154 -init 155 -vendor_init 156} ctl_sigstop_prop:property_service set; 157 158# Don't audit legacy ctl. property handling. We only want the newer permission check to appear 159# in the audit log 160dontaudit domain { 161 ctl_bootanim_prop 162 ctl_bugreport_prop 163 ctl_console_prop 164 ctl_default_prop 165 ctl_dumpstate_prop 166 ctl_fuse_prop 167 ctl_mdnsd_prop 168 ctl_rildaemon_prop 169}:property_service set; 170 171neverallow { 172 domain 173 -init 174 -extra_free_kbytes 175} init_storage_prop:property_service set; 176 177neverallow { 178 domain 179 -init 180} init_svc_debug_prop:property_service set; 181 182neverallow { 183 domain 184 -init 185 -dumpstate 186 userdebug_or_eng(`-su') 187} init_svc_debug_prop:file no_rw_file_perms; 188 189# DO NOT ADD: compat risk 190neverallow { 191 domain 192 -init 193 -dumpstate 194 -misctrl 195 userdebug_or_eng(`-su') 196} misctrl_prop:file no_rw_file_perms; 197neverallow { 198 domain 199 -init 200 -misctrl 201 userdebug_or_eng(`-su') 202} misctrl_prop:property_service set; 203 204compatible_property_only(` 205# Prevent properties from being set 206 neverallow { 207 domain 208 -coredomain 209 -appdomain 210 -vendor_init 211 } { 212 core_property_type 213 extended_core_property_type 214 exported_config_prop 215 exported_default_prop 216 exported_dumpstate_prop 217 exported_system_prop 218 exported3_system_prop 219 usb_control_prop 220 -nfc_prop 221 -powerctl_prop 222 -radio_prop 223 }:property_service set; 224 225 neverallow { 226 domain 227 -coredomain 228 -appdomain 229 -hal_nfc_server 230 } { 231 nfc_prop 232 }:property_service set; 233 234 neverallow { 235 domain 236 -coredomain 237 -appdomain 238 -hal_telephony_server 239 -vendor_init 240 } { 241 radio_control_prop 242 }:property_service set; 243 244 neverallow { 245 domain 246 -coredomain 247 -appdomain 248 -hal_telephony_server 249 } { 250 radio_prop 251 }:property_service set; 252 253 neverallow { 254 domain 255 -coredomain 256 -bluetooth 257 -hal_bluetooth_server 258 } { 259 bluetooth_prop 260 }:property_service set; 261 262 neverallow { 263 domain 264 -coredomain 265 -bluetooth 266 -hal_bluetooth_server 267 -vendor_init 268 } { 269 exported_bluetooth_prop 270 }:property_service set; 271 272 neverallow { 273 domain 274 -coredomain 275 -hal_camera_server 276 -cameraserver 277 -vendor_init 278 } { 279 exported_camera_prop 280 }:property_service set; 281 282 neverallow { 283 domain 284 -coredomain 285 -hal_wifi_server 286 -wificond 287 } { 288 wifi_prop 289 }:property_service set; 290 291 neverallow { 292 domain 293 -init 294 -dumpstate 295 -hal_wifi_server 296 -wificond 297 -vendor_init 298 } { 299 wifi_hal_prop 300 }:property_service set; 301 302# Prevent properties from being read 303 neverallow { 304 domain 305 -coredomain 306 -appdomain 307 -vendor_init 308 } { 309 core_property_type 310 dalvik_config_prop_type 311 extended_core_property_type 312 exported3_system_prop 313 systemsound_config_prop 314 -debug_prop 315 -logd_prop 316 -nfc_prop 317 -powerctl_prop 318 -radio_prop 319 }:file no_rw_file_perms; 320 321 neverallow { 322 domain 323 -coredomain 324 -appdomain 325 -hal_nfc_server 326 } { 327 nfc_prop 328 }:file no_rw_file_perms; 329 330 neverallow { 331 domain 332 -coredomain 333 -appdomain 334 -hal_telephony_server 335 } { 336 radio_prop 337 }:file no_rw_file_perms; 338 339 neverallow { 340 domain 341 -coredomain 342 -bluetooth 343 -hal_bluetooth_server 344 } { 345 bluetooth_prop 346 }:file no_rw_file_perms; 347 348 neverallow { 349 domain 350 -coredomain 351 -hal_wifi_server 352 -wificond 353 } { 354 wifi_prop 355 }:file no_rw_file_perms; 356 357 neverallow { 358 domain 359 -coredomain 360 -vendor_init 361 } { 362 suspend_prop 363 }:property_service set; 364 365 neverallow { 366 domain 367 -init 368 } { 369 suspend_debug_prop 370 }:property_service set; 371 372 neverallow { 373 domain 374 -init 375 -dumpstate 376 userdebug_or_eng(`-system_suspend') 377 } { 378 suspend_debug_prop 379 }:file no_rw_file_perms; 380') 381 382dontaudit system_suspend suspend_debug_prop:file r_file_perms; 383 384compatible_property_only(` 385 # Neverallow coredomain to set vendor properties 386 neverallow { 387 coredomain 388 -init 389 -system_writes_vendor_properties_violators 390 } { 391 property_type 392 -system_property_type 393 -extended_core_property_type 394 }:property_service set; 395') 396 397neverallow { 398 domain 399 -coredomain 400 -vendor_init 401} { 402 ffs_config_prop 403 ffs_control_prop 404}:file no_rw_file_perms; 405 406neverallow { 407 domain 408 -init 409 -system_server 410} { 411 userspace_reboot_log_prop 412}:property_service set; 413 414neverallow { 415 # Only allow init and system_server to set system_adbd_prop 416 domain 417 -init 418 -system_server 419} { 420 system_adbd_prop 421}:property_service set; 422 423# Let (vendor_)init, adbd, and system_server set service.adb.tcp.port 424neverallow { 425 domain 426 -init 427 -vendor_init 428 -adbd 429 -system_server 430} { 431 adbd_config_prop 432}:property_service set; 433 434neverallow { 435 # Only allow init and adbd to set adbd_prop 436 domain 437 -init 438 -adbd 439} { 440 adbd_prop 441}:property_service set; 442 443neverallow { 444 # Only allow init to set apexd_payload_metadata_prop 445 domain 446 -init 447} { 448 apexd_payload_metadata_prop 449}:property_service set; 450 451 452neverallow { 453 # Only allow init and shell to set userspace_reboot_test_prop 454 domain 455 -init 456 -shell 457} { 458 userspace_reboot_test_prop 459}:property_service set; 460 461neverallow { 462 domain 463 -init 464 -system_server 465 -vendor_init 466} { 467 surfaceflinger_color_prop 468}:property_service set; 469 470neverallow { 471 domain 472 -init 473} { 474 libc_debug_prop 475}:property_service set; 476 477# Allow the shell to set MTE & GWP-ASan props, so that non-root users with adb 478# shell access can control the settings on their device. Allow system apps to 479# set MTE props, so Developer Options can set them. 480neverallow { 481 domain 482 -init 483 -shell 484 -system_app 485 -system_server 486 -mtectrl 487} { 488 arm64_memtag_prop 489 gwp_asan_prop 490}:property_service set; 491 492neverallow { 493 domain 494 -init 495 -system_server 496 -vendor_init 497} zram_control_prop:property_service set; 498 499neverallow { 500 domain 501 -init 502 -system_server 503 -vendor_init 504} dalvik_runtime_prop:property_service set; 505 506neverallow { 507 domain 508 -coredomain 509 -vendor_init 510} { 511 usb_config_prop 512 usb_control_prop 513}:property_service set; 514 515neverallow { 516 domain 517 -init 518 -system_server 519} { 520 provisioned_prop 521 retaildemo_prop 522}:property_service set; 523 524neverallow { 525 domain 526 -coredomain 527 -vendor_init 528} { 529 provisioned_prop 530 retaildemo_prop 531}:file no_rw_file_perms; 532 533neverallow { 534 domain 535 -init 536} { 537 init_service_status_private_prop 538 init_service_status_prop 539}:property_service set; 540 541neverallow { 542 domain 543 -init 544 -radio 545 -appdomain 546 -hal_telephony_server 547 not_compatible_property(`-vendor_init') 548} telephony_status_prop:property_service set; 549 550neverallow { 551 domain 552 -init 553 -vendor_init 554} { 555 graphics_config_prop 556}:property_service set; 557 558neverallow { 559 domain 560 -init 561 -surfaceflinger 562} { 563 surfaceflinger_display_prop 564}:property_service set; 565 566neverallow { 567 domain 568 -coredomain 569 -appdomain 570 -vendor_init 571} packagemanager_config_prop:file no_rw_file_perms; 572 573neverallow { 574 domain 575 -coredomain 576 -vendor_init 577} keyguard_config_prop:file no_rw_file_perms; 578 579neverallow { 580 domain 581 -init 582} { 583 localization_prop 584}:property_service set; 585 586neverallow { 587 domain 588 -init 589 -vendor_init 590 -dumpstate 591 -system_app 592} oem_unlock_prop:file no_rw_file_perms; 593 594neverallow { 595 domain 596 -coredomain 597 -vendor_init 598} storagemanager_config_prop:file no_rw_file_perms; 599 600neverallow { 601 domain 602 -init 603 -vendor_init 604 -dumpstate 605 -appdomain 606} sendbug_config_prop:file no_rw_file_perms; 607 608neverallow { 609 domain 610 -init 611 -vendor_init 612 -dumpstate 613 -appdomain 614} camera_calibration_prop:file no_rw_file_perms; 615 616neverallow { 617 domain 618 -init 619 -dumpstate 620 -hal_dumpstate_server 621 not_compatible_property(`-vendor_init') 622} hal_dumpstate_config_prop:file no_rw_file_perms; 623 624neverallow { 625 domain 626 -init 627 userdebug_or_eng(`-profcollectd') 628 userdebug_or_eng(`-simpleperf_boot') 629 userdebug_or_eng(`-traced_probes') 630 userdebug_or_eng(`-traced_perf') 631} { 632 lower_kptr_restrict_prop 633}:property_service set; 634 635neverallow { 636 domain 637 -init 638} zygote_wrap_prop:property_service set; 639 640neverallow { 641 domain 642 -init 643} verity_status_prop:property_service set; 644 645neverallow { 646 domain 647 -init 648 -vendor_init 649} setupwizard_mode_prop:property_service set; 650 651neverallow { 652 domain 653 -init 654} setupwizard_prop:property_service set; 655 656# ro.product.property_source_order is useless after initialization of ro.product.* props. 657# So making it accessible only from init and vendor_init. 658neverallow { 659 domain 660 -init 661 -dumpstate 662 -vendor_init 663} build_config_prop:file no_rw_file_perms; 664 665neverallow { 666 domain 667 -init 668 -shell 669} sqlite_log_prop:property_service set; 670 671neverallow { 672 domain 673 -coredomain 674 -appdomain 675} sqlite_log_prop:file no_rw_file_perms; 676 677neverallow { 678 domain 679 -init 680} default_prop:property_service set; 681 682# Only one of system_property_type and vendor_property_type can be assigned. 683# Property types having both attributes won't be accessible from anywhere. 684neverallow domain system_and_vendor_property_type:{file property_service} *; 685 686neverallow { 687 domain 688 -init 689 -shell 690 -rkpdapp 691} remote_prov_prop:property_service set; 692 693neverallow { 694 # Only allow init and shell to set rollback_test_prop 695 domain 696 -init 697 -shell 698} rollback_test_prop:property_service set; 699 700neverallow { 701 domain 702 -init 703 -apexd 704} ctl_apex_load_prop:property_service set; 705 706neverallow { 707 domain 708 -coredomain 709 -init 710 -dumpstate 711 -apexd 712} ctl_apex_load_prop:file no_rw_file_perms; 713 714neverallow { 715 domain 716 -init 717 -apexd 718} apex_ready_prop:property_service set; 719 720neverallow { 721 domain 722 -coredomain 723 -dumpstate 724 -apexd 725 -vendor_init 726} apex_ready_prop:file no_rw_file_perms; 727 728neverallow { 729 # Only allow init and profcollectd to access profcollectd_node_id_prop 730 domain 731 -init 732 -dumpstate 733 -profcollectd 734} profcollectd_node_id_prop:file r_file_perms; 735 736neverallow { 737 domain 738 -init 739} log_file_logger_prop:property_service set; 740 741neverallow { 742 domain 743 -init 744 -vendor_init 745} usb_uvc_enabled_prop:property_service set; 746 747# Disallow non system apps from reading ro.usb.uvc.enabled 748neverallow { 749 appdomain 750 -system_app 751 -device_as_webcam 752} usb_uvc_enabled_prop:file no_rw_file_perms; 753 754neverallow { 755 domain 756 -init 757 -vendor_init 758} pm_archiving_enabled_prop:property_service set; 759 760