Mark unlabeled vendor properties with vendor_default_prop

For now, unlabeled vendor properties are marked as default_prop which is
one of core_property_type.
This CL will mark them with vendor_default_prop.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I8d4068927f435a0a0732fce86920adc3e7389424

device.mk

@@ -14,6 +14,8 @@
 # limitations under the License.
 #
 
+PRODUCT_COMPATIBLE_PROPERTY := true
+
 PRODUCT_PROPERTY_OVERRIDES += \
     keyguard.no_require_sim=true
 

sepolicy/vendor/atfwd.te

@@ -13,4 +13,4 @@ allowxperm atfwd self:socket ioctl msm_sock_ipc_ioctls;
 
 r_dir_file(atfwd, sysfs_type)
 
-set_prop(atfwd, radio_prop)
+set_prop(atfwd, vendor_radio_prop)

sepolicy/vendor/charger.te

@@ -0,0 +1 @@
+set_prop(charger, public_vendor_system_prop)

sepolicy/vendor/domain.te

@@ -5,3 +5,7 @@
 allow domain debugfs_kgsl:dir search;
 
 allow domain debugfs_ion:dir search;
+
+get_prop(domain, public_vendor_default_prop)
+get_prop(domain, public_vendor_system_prop)
+get_prop(domain, vendor_radio_prop)

sepolicy/vendor/hal_dumpstate_impl.te

@@ -26,6 +26,8 @@ userdebug_or_eng(`
   set_prop(hal_dumpstate_impl, modem_diag_prop)
 ')
 
+get_prop(hal_dumpstate_impl, vendor_radio_prop)
+
 allow hal_dumpstate_impl uio_device:chr_file rw_file_perms;
 r_dir_file(hal_dumpstate_impl, sysfs_uio)
 r_dir_file(hal_dumpstate_impl, sysfs_rmtfs)

sepolicy/vendor/healthd.te

@@ -0,0 +1 @@
+set_prop(healthd, public_vendor_system_prop)

sepolicy/vendor/init-devstart-sh.te

@@ -10,7 +10,7 @@ allow init-qcom-devstart-sh vendor_toolbox_exec:file rx_file_perms;
 allow init-qcom-devstart-sh vendor_file:file rx_file_perms;
 
 # Set the sys.qcom.devup property
-set_prop(init-qcom-devstart-sh, system_prop)
+set_prop(init-qcom-devstart-sh, public_vendor_system_prop)
 
 # Set boot_adsp and boot_slpi to 1
 allow init-qcom-devstart-sh sysfs_msm_subsys:file w_file_perms;

sepolicy/vendor/init-insmod-sh.te

@@ -7,7 +7,7 @@ allow init-insmod-sh vendor_shell_exec:file rx_file_perms;
 allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms;
 
 # Set the sys.touch.modules.ready property
-set_prop(init-insmod-sh, system_prop)
+set_prop(init-insmod-sh, public_vendor_system_prop)
 
 # Allow insmod
 allow init-insmod-sh self:capability sys_module;

sepolicy/vendor/netmgrd.te

@@ -4,7 +4,7 @@ type netmgrd_exec, exec_type, vendor_file_type, file_type;
 net_domain(netmgrd)
 init_daemon_domain(netmgrd)
 
-set_prop(netmgrd, net_radio_prop)
+set_prop(netmgrd, vendor_net_radio_prop)
 set_prop(netmgrd, net_rmnet_prop)
 
 # communicate with netd

sepolicy/vendor/property.te

@@ -5,6 +5,8 @@ type keymaster_prop, property_type;
 type net_rmnet_prop, property_type;
 type ramdump_prop, property_type;
 type post_boot_prop, property_type;
+type public_vendor_default_prop, property_type;
+type public_vendor_system_prop, property_type;
 type ssr_prop, property_type;
 type cnss_diag_prop, property_type;
 type tee_listener_prop, property_type;
@@ -16,3 +18,5 @@ type sys_time_prop, property_type;
 type atfwd_start_prop, property_type;
 type bluetooth_log_prop, property_type;
 type power_prop, property_type;
+type vendor_net_radio_prop, property_type;
+type vendor_radio_prop, property_type;

sepolicy/vendor/property_contexts

@@ -6,10 +6,10 @@ sys.ims.                   u:object_r:ims_prop:s0
 vendor.ims.                u:object_r:ims_prop:s0
 sys.keymaster.loaded       u:object_r:keymaster_prop:s0
 net.r_rmnet_data0          u:object_r:net_rmnet_prop:s0
-persist.net.doxlat         u:object_r:net_radio_prop:s0
+persist.net.doxlat         u:object_r:vendor_net_radio_prop:s0
 sys.post_boot.             u:object_r:post_boot_prop:s0
-radio.                     u:object_r:radio_prop:s0
-rcs.publish.status         u:object_r:radio_prop:s0
+radio.                     u:object_r:vendor_radio_prop:s0
+rcs.publish.status         u:object_r:vendor_radio_prop:s0
 debug.ramdump.             u:object_r:ramdump_prop:s0
 persist.sys.crash_rcu      u:object_r:ramdump_prop:s0
 debug.ssrdump              u:object_r:ssr_prop:s0
@@ -27,3 +27,163 @@ persist.radio.atfwd.start  u:object_r:atfwd_start_prop:s0
 sys.logger.bluetooth       u:object_r:bluetooth_log_prop:s0
 vendor.powerhal.state      u:object_r:power_prop:s0
 vendor.powerhal.audio      u:object_r:power_prop:s0
+
+# public_vendor_default_prop
+# They are public_vendor_default_props for vendor-specific extension.
+# Usually they are for vndk-sp libs and vendor apks.
+fastrpc.perf.              u:object_r:public_vendor_default_prop:s0
+persist.cne.cqetimer       u:object_r:public_vendor_default_prop:s0
+persist.cne.feature        u:object_r:public_vendor_default_prop:s0
+persist.cne.logging.qxdm   u:object_r:public_vendor_default_prop:s0
+persist.gcam.              u:object_r:public_vendor_default_prop:s0
+persist.vendor.cnd.iwlan   u:object_r:public_vendor_default_prop:s0
+persist.vendor.cnd.wqe     u:object_r:public_vendor_default_prop:s0
+ro.graphics.memory         u:object_r:public_vendor_default_prop:s0
+ro.boot.ddrsize            u:object_r:public_vendor_default_prop:s0
+ro.boot.hardware.ddr       u:object_r:public_vendor_default_prop:s0
+ro.boot.hardware.ufs       u:object_r:public_vendor_default_prop:s0
+
+# public_vendor_system_prop
+# They are public_vendor_system_props for vendor-specific extension.
+sys.all.modules.ready      u:object_r:public_vendor_system_prop:s0
+sys.qcom.devup             u:object_r:public_vendor_system_prop:s0
+sys.slpi.firmware.version  u:object_r:public_vendor_system_prop:s0
+
+# vendor_default_prop
+# default_prop isn't accessible from vendor components.
+# So vendor_default_prop should be marked.
+audio_hal.in_period_size   u:object_r:vendor_default_prop:s0
+audio_hal.period_multiplier  u:object_r:vendor_default_prop:s0
+audio_hal.period_size      u:object_r:vendor_default_prop:s0
+audio.adm.                 u:object_r:vendor_default_prop:s0
+audio.snd_card.open.retries  u:object_r:vendor_default_prop:s0
+audio.volume.headset.gain.depcal  u:object_r:vendor_default_prop:s0
+audio.volume.listener.dump  u:object_r:vendor_default_prop:s0
+boost_override             u:object_r:vendor_default_prop:s0
+cameradaemon.SaveMemAtBoot  u:object_r:vendor_default_prop:s0
+camera.cpp.                u:object_r:vendor_default_prop:s0
+camera.eis.fov_correction  u:object_r:vendor_default_prop:s0
+camera.hdrplus.donotpoweroneasel  u:object_r:vendor_default_prop:s0
+com.qti.                   u:object_r:vendor_default_prop:s0
+cpp.set.clock              u:object_r:vendor_default_prop:s0
+disable.cpp.power.collapse  u:object_r:vendor_default_prop:s0
+downmix_override_mode      u:object_r:vendor_default_prop:s0
+fmas.                      u:object_r:vendor_default_prop:s0
+gpu.stats.debug.level      u:object_r:vendor_default_prop:s0
+hw.hdmi.resolution         u:object_r:vendor_default_prop:s0
+fpc_kpi                    u:object_r:vendor_default_prop:s0
+media.aac_51_output_enabled  u:object_r:vendor_default_prop:s0
+mmp.enable.3g2             u:object_r:vendor_default_prop:s0
+mm.enable.qcom_parser      u:object_r:vendor_default_prop:s0
+mm.enable.smoothstreaming  u:object_r:vendor_default_prop:s0
+perflocks.predefined_clust_map  u:object_r:vendor_default_prop:s0
+perflocks.predefined_freq_map  u:object_r:vendor_default_prop:s0
+perist.vendor.             u:object_r:vendor_default_prop:s0
+persist.audio.calfile0     u:object_r:vendor_default_prop:s0
+persist.audio.dualmic.config  u:object_r:vendor_default_prop:s0
+persist.audio.fluence.     u:object_r:vendor_default_prop:s0
+persist.cam.pp.feat.mask   u:object_r:vendor_default_prop:s0
+persist.cne.override.memlimit  u:object_r:vendor_default_prop:s0
+persist.data_netmgrd_mtu   u:object_r:vendor_default_prop:s0
+persist.data_netmgrd_nint  u:object_r:vendor_default_prop:s0
+persist.data.df.           u:object_r:vendor_default_prop:s0
+persist.data.dont_use_epc  u:object_r:vendor_default_prop:s0
+persist.data.dont_use_npflag  u:object_r:vendor_default_prop:s0
+persist.data.dpm.enable    u:object_r:vendor_default_prop:s0
+persist.data.dropssdp      u:object_r:vendor_default_prop:s0
+persist.data.ibfc.enable   u:object_r:vendor_default_prop:s0
+persist.data.iwlan.enable  u:object_r:vendor_default_prop:s0
+persist.data.iwlan.ims.enable  u:object_r:vendor_default_prop:s0
+persist.data.iwlan.rekey   u:object_r:vendor_default_prop:s0
+persist.data.llf.enable    u:object_r:vendor_default_prop:s0
+persist.data.mode          u:object_r:vendor_default_prop:s0
+persist.data.netmgrd.qos.enable  u:object_r:vendor_default_prop:s0
+persist.data.netmgrd.qos.hybrid  u:object_r:vendor_default_prop:s0
+persist.data.netmgr.log_to_file  u:object_r:vendor_default_prop:s0
+persist.data.netmgr.wl.timeout  u:object_r:vendor_default_prop:s0
+persist.data.port_bridge.log  u:object_r:vendor_default_prop:s0
+persist.data.profile_update  u:object_r:vendor_default_prop:s0
+persist.data.qmi.adb_logmask  u:object_r:vendor_default_prop:s0
+persist.data.rmnet.en      u:object_r:vendor_default_prop:s0
+persist.data.target.msm8998  u:object_r:vendor_default_prop:s0
+persist.data.tcpackprio.enable  u:object_r:vendor_default_prop:s0
+persist.data.wda.enable    u:object_r:vendor_default_prop:s0
+persist.debug.sensors.elmyra.rate  u:object_r:vendor_default_prop:s0
+persist.debug.sensors.hal  u:object_r:vendor_default_prop:s0
+persist.debug.sf.showfps   u:object_r:vendor_default_prop:s0
+persist.delta_time.enable  u:object_r:vendor_default_prop:s0
+persist.enable.max.pending.buf  u:object_r:vendor_default_prop:s0
+persist.env.spec           u:object_r:vendor_default_prop:s0
+persist.fci                u:object_r:vendor_default_prop:s0
+persist.fuse_sdcard        u:object_r:vendor_default_prop:s0
+persist.hwc.blit.comp      u:object_r:vendor_default_prop:s0
+persist.metadata_dynfps.disable  u:object_r:vendor_default_prop:s0
+persist.msmirqbalance.debug  u:object_r:vendor_default_prop:s0
+persist.net.logmask        u:object_r:vendor_default_prop:s0
+persist.partial.skip       u:object_r:vendor_default_prop:s0
+persist.pd_locater_debug   u:object_r:vendor_default_prop:s0
+persist.qcril              u:object_r:vendor_default_prop:s0
+persist.rild.nitz_         u:object_r:vendor_default_prop:s0
+persist.rmnet.data.enable  u:object_r:vendor_default_prop:s0
+persist.sensors.elmyra.sensitivity  u:object_r:vendor_default_prop:s0
+persist.sensors.hal_timeout  u:object_r:vendor_default_prop:s0
+persist.sys.ssr.enable_ramdumps  u:object_r:vendor_default_prop:s0
+persist.sys.ssr.restart_level  u:object_r:vendor_default_prop:s0
+persist.timed.enable       u:object_r:vendor_default_prop:s0
+persist.tnr.process.plates  u:object_r:vendor_default_prop:s0
+qcom.bluetooth.soc         u:object_r:vendor_default_prop:s0
+qcril.support.encrypted_calls  u:object_r:vendor_default_prop:s0
+qdcm.                      u:object_r:vendor_default_prop:s0
+rild.libargs               u:object_r:vendor_default_prop:s0
+rild.libpath               u:object_r:vendor_default_prop:s0
+ro.alarm_boot              u:object_r:vendor_default_prop:s0
+ro.boot.factoryota         u:object_r:vendor_default_prop:s0
+ro.boot.mid                u:object_r:vendor_default_prop:s0
+ro.boot.temp_protect_ignore  u:object_r:vendor_default_prop:s0
+ro.bluetooth.a4wp          u:object_r:vendor_default_prop:s0
+ro.bluetooth.emb_wp_mode   u:object_r:vendor_default_prop:s0
+ro.bluetooth.wipower       u:object_r:vendor_default_prop:s0
+ro.camera.wrapper.hal3TrebleMinorVersion  u:object_r:vendor_default_prop:s0
+ro.fota.oem                u:object_r:vendor_default_prop:s0
+ro.lean                    u:object_r:vendor_default_prop:s0
+ro.min_freq_0              u:object_r:vendor_default_prop:s0
+ro.min_freq_4              u:object_r:vendor_default_prop:s0
+ro.oem_unlock.pst          u:object_r:vendor_default_prop:s0
+ro.qcom.                   u:object_r:vendor_default_prop:s0
+ro.qc.sdk.audio.fluencetype  u:object_r:vendor_default_prop:s0
+ro.qfusion_use_report_period  u:object_r:vendor_default_prop:s0
+ro.qti.                    u:object_r:vendor_default_prop:s0
+ro.qualcomm.               u:object_r:vendor_default_prop:s0
+ro.radio.log_loc           u:object_r:vendor_default_prop:s0
+ro.radio.log_prefix        u:object_r:vendor_default_prop:s0
+ro.rfkilldisabled          u:object_r:vendor_default_prop:s0
+ro.vendor.build.svn        u:object_r:vendor_default_prop:s0
+ro.vendor.extension_library  u:object_r:vendor_default_prop:s0
+ro.vibrator.hal.click.duration  u:object_r:vendor_default_prop:s0
+ro.vibrator.hal.tick.duration  u:object_r:vendor_default_prop:s0
+sdm.                       u:object_r:vendor_default_prop:s0
+sys.disable_ext_animation  u:object_r:vendor_default_prop:s0
+sys.display.low_persistence_mode_brightness  u:object_r:vendor_default_prop:s0
+sys.hwc_disable_hdr        u:object_r:vendor_default_prop:s0
+sys.qca1530                u:object_r:vendor_default_prop:s0
+vendor.audio.adm.buffering.ms  u:object_r:vendor_default_prop:s0
+vendor.vidc.enc.dcvs.extra-buff-count  u:object_r:vendor_default_prop:s0
+ubwc.no.compression        u:object_r:vendor_default_prop:s0
+
+# vendor_radio_prop
+persist.radio.always_send_plmn  u:object_r:vendor_radio_prop:s0
+persist.radio.apm_sim_not_pwdn  u:object_r:vendor_radio_prop:s0
+persist.radio.custom_ecc   u:object_r:vendor_radio_prop:s0
+persist.radio.data_con_rprt  u:object_r:vendor_radio_prop:s0
+persist.radio.data_ltd_sys_ind  u:object_r:vendor_radio_prop:s0
+persist.radio.is_wps_enabled  u:object_r:vendor_radio_prop:s0
+persist.radio.RATE_ADAPT_ENABLE  u:object_r:vendor_radio_prop:s0
+persist.radio.ROTATION_ENABLE  u:object_r:vendor_radio_prop:s0
+persist.radio.sap_silent_pin  u:object_r:vendor_radio_prop:s0
+persist.radio.sib16_support  u:object_r:vendor_radio_prop:s0
+persist.radio.smlog_switch  u:object_r:vendor_radio_prop:s0
+persist.radio.snapshot_enabled  u:object_r:vendor_radio_prop:s0
+persist.radio.snapshot_timer  u:object_r:vendor_radio_prop:s0
+persist.radio.videopause.mode  u:object_r:vendor_radio_prop:s0
+persist.radio.VT_ENABLE    u:object_r:vendor_radio_prop:s0
+persist.radio.VT_HYBRID_ENABLE  u:object_r:vendor_radio_prop:s0

sepolicy/vendor/radio.te

@@ -27,3 +27,5 @@ binder_call(radio, hal_imsrtp)
 
 # read /proc/cmdline
 allow radio proc_cmdline:file r_file_perms;
+
+get_prop(radio, vendor_radio_prop)

sepolicy/vendor/rild.te

@@ -29,3 +29,4 @@ allow rild radio_vendor_data_file:dir rw_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;
 
 get_prop(rild, tel_mon_prop)
+get_prop(rild, vendor_radio_prop)

sepolicy/vendor/surfaceflinger.te

@@ -1,3 +1,5 @@
 dontaudit surfaceflinger firmware_file:dir search;
 dontaudit surfaceflinger kernel:system module_request;
 allow surfaceflinger debugfs_ion:dir search;
+
+set_prop(surfaceflinger, public_vendor_system_prop)

sepolicy/vendor/system_app.te

@@ -8,3 +8,5 @@ set_prop(system_app, camera_prop)
 # read regulatory info
 allow system_app elabel_data_file:dir r_dir_perms;
 allow system_app elabel_data_file:file r_file_perms;
+
+set_prop(system_app, public_vendor_system_prop)

sepolicy/vendor/system_server.te

@@ -18,3 +18,5 @@ dontaudit system_server audioserver:file write;
 dontaudit system_server untrusted_app:file write;
 dontaudit system_server hal_audio_default:file write;
 dontaudit system_server appdomain:file write;
+
+set_prop(system_server, public_vendor_system_prop)

sepolicy/vendor/vendor_init.te

@@ -1,4 +1,7 @@
 allow vendor_init debugfs_clk:file w_file_perms;
 dontaudit vendor_init kernel:system module_request;
 
-get_prop(vendor_init, modem_diag_prop)
+set_prop(vendor_init, camera_prop)
+set_prop(vendor_init, modem_diag_prop)
+set_prop(vendor_init, public_vendor_default_prop)
+set_prop(vendor_init, vendor_radio_prop)