From 6b106184074c091017417700aaa87bb3fb385821 Mon Sep 17 00:00:00 2001 From: Jaekyun Seok Date: Thu, 19 Oct 2017 17:07:15 +0900 Subject: [PATCH] Mark unlabeled vendor properties with vendor_default_prop For now, unlabeled vendor properties are marked as default_prop which is one of core_property_type. This CL will mark them with vendor_default_prop. Bug: 38146102 Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true Change-Id: I8d4068927f435a0a0732fce86920adc3e7389424 --- device.mk | 2 + sepolicy/vendor/atfwd.te | 2 +- sepolicy/vendor/charger.te | 1 + sepolicy/vendor/domain.te | 4 + sepolicy/vendor/hal_dumpstate_impl.te | 2 + sepolicy/vendor/healthd.te | 1 + sepolicy/vendor/init-devstart-sh.te | 2 +- sepolicy/vendor/init-insmod-sh.te | 2 +- sepolicy/vendor/netmgrd.te | 2 +- sepolicy/vendor/property.te | 4 + sepolicy/vendor/property_contexts | 166 +++++++++++++++++++++++++- sepolicy/vendor/radio.te | 2 + sepolicy/vendor/rild.te | 1 + sepolicy/vendor/surfaceflinger.te | 2 + sepolicy/vendor/system_app.te | 2 + sepolicy/vendor/system_server.te | 2 + sepolicy/vendor/vendor_init.te | 5 +- 17 files changed, 194 insertions(+), 8 deletions(-) create mode 100644 sepolicy/vendor/charger.te create mode 100644 sepolicy/vendor/healthd.te diff --git a/device.mk b/device.mk index 62970822..47d95552 100755 --- a/device.mk +++ b/device.mk @@ -14,6 +14,8 @@ # limitations under the License. # +PRODUCT_COMPATIBLE_PROPERTY := true + PRODUCT_PROPERTY_OVERRIDES += \ keyguard.no_require_sim=true diff --git a/sepolicy/vendor/atfwd.te b/sepolicy/vendor/atfwd.te index ad96a120..6dbd56bb 100644 --- a/sepolicy/vendor/atfwd.te +++ b/sepolicy/vendor/atfwd.te @@ -13,4 +13,4 @@ allowxperm atfwd self:socket ioctl msm_sock_ipc_ioctls; r_dir_file(atfwd, sysfs_type) -set_prop(atfwd, radio_prop) +set_prop(atfwd, vendor_radio_prop) diff --git a/sepolicy/vendor/charger.te b/sepolicy/vendor/charger.te new file mode 100644 index 00000000..3f30f35d --- /dev/null +++ b/sepolicy/vendor/charger.te @@ -0,0 +1 @@ +set_prop(charger, public_vendor_system_prop) diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te index eedf87fd..0a0cc413 100644 --- a/sepolicy/vendor/domain.te +++ b/sepolicy/vendor/domain.te @@ -5,3 +5,7 @@ allow domain debugfs_kgsl:dir search; allow domain debugfs_ion:dir search; + +get_prop(domain, public_vendor_default_prop) +get_prop(domain, public_vendor_system_prop) +get_prop(domain, vendor_radio_prop) diff --git a/sepolicy/vendor/hal_dumpstate_impl.te b/sepolicy/vendor/hal_dumpstate_impl.te index 97a5c361..7815f71b 100644 --- a/sepolicy/vendor/hal_dumpstate_impl.te +++ b/sepolicy/vendor/hal_dumpstate_impl.te @@ -26,6 +26,8 @@ userdebug_or_eng(` set_prop(hal_dumpstate_impl, modem_diag_prop) ') +get_prop(hal_dumpstate_impl, vendor_radio_prop) + allow hal_dumpstate_impl uio_device:chr_file rw_file_perms; r_dir_file(hal_dumpstate_impl, sysfs_uio) r_dir_file(hal_dumpstate_impl, sysfs_rmtfs) diff --git a/sepolicy/vendor/healthd.te b/sepolicy/vendor/healthd.te new file mode 100644 index 00000000..5032bba8 --- /dev/null +++ b/sepolicy/vendor/healthd.te @@ -0,0 +1 @@ +set_prop(healthd, public_vendor_system_prop) diff --git a/sepolicy/vendor/init-devstart-sh.te b/sepolicy/vendor/init-devstart-sh.te index 9b762638..47de30f8 100644 --- a/sepolicy/vendor/init-devstart-sh.te +++ b/sepolicy/vendor/init-devstart-sh.te @@ -10,7 +10,7 @@ allow init-qcom-devstart-sh vendor_toolbox_exec:file rx_file_perms; allow init-qcom-devstart-sh vendor_file:file rx_file_perms; # Set the sys.qcom.devup property -set_prop(init-qcom-devstart-sh, system_prop) +set_prop(init-qcom-devstart-sh, public_vendor_system_prop) # Set boot_adsp and boot_slpi to 1 allow init-qcom-devstart-sh sysfs_msm_subsys:file w_file_perms; diff --git a/sepolicy/vendor/init-insmod-sh.te b/sepolicy/vendor/init-insmod-sh.te index 024984a5..184dd03f 100644 --- a/sepolicy/vendor/init-insmod-sh.te +++ b/sepolicy/vendor/init-insmod-sh.te @@ -7,7 +7,7 @@ allow init-insmod-sh vendor_shell_exec:file rx_file_perms; allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms; # Set the sys.touch.modules.ready property -set_prop(init-insmod-sh, system_prop) +set_prop(init-insmod-sh, public_vendor_system_prop) # Allow insmod allow init-insmod-sh self:capability sys_module; diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te index 197f6720..32fc7ec0 100644 --- a/sepolicy/vendor/netmgrd.te +++ b/sepolicy/vendor/netmgrd.te @@ -4,7 +4,7 @@ type netmgrd_exec, exec_type, vendor_file_type, file_type; net_domain(netmgrd) init_daemon_domain(netmgrd) -set_prop(netmgrd, net_radio_prop) +set_prop(netmgrd, vendor_net_radio_prop) set_prop(netmgrd, net_rmnet_prop) # communicate with netd diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te index 30822410..401dbb3f 100644 --- a/sepolicy/vendor/property.te +++ b/sepolicy/vendor/property.te @@ -5,6 +5,8 @@ type keymaster_prop, property_type; type net_rmnet_prop, property_type; type ramdump_prop, property_type; type post_boot_prop, property_type; +type public_vendor_default_prop, property_type; +type public_vendor_system_prop, property_type; type ssr_prop, property_type; type cnss_diag_prop, property_type; type tee_listener_prop, property_type; @@ -16,3 +18,5 @@ type sys_time_prop, property_type; type atfwd_start_prop, property_type; type bluetooth_log_prop, property_type; type power_prop, property_type; +type vendor_net_radio_prop, property_type; +type vendor_radio_prop, property_type; diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index e7f2a02e..611b45e4 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -6,10 +6,10 @@ sys.ims. u:object_r:ims_prop:s0 vendor.ims. u:object_r:ims_prop:s0 sys.keymaster.loaded u:object_r:keymaster_prop:s0 net.r_rmnet_data0 u:object_r:net_rmnet_prop:s0 -persist.net.doxlat u:object_r:net_radio_prop:s0 +persist.net.doxlat u:object_r:vendor_net_radio_prop:s0 sys.post_boot. u:object_r:post_boot_prop:s0 -radio. u:object_r:radio_prop:s0 -rcs.publish.status u:object_r:radio_prop:s0 +radio. u:object_r:vendor_radio_prop:s0 +rcs.publish.status u:object_r:vendor_radio_prop:s0 debug.ramdump. u:object_r:ramdump_prop:s0 persist.sys.crash_rcu u:object_r:ramdump_prop:s0 debug.ssrdump u:object_r:ssr_prop:s0 @@ -27,3 +27,163 @@ persist.radio.atfwd.start u:object_r:atfwd_start_prop:s0 sys.logger.bluetooth u:object_r:bluetooth_log_prop:s0 vendor.powerhal.state u:object_r:power_prop:s0 vendor.powerhal.audio u:object_r:power_prop:s0 + +# public_vendor_default_prop +# They are public_vendor_default_props for vendor-specific extension. +# Usually they are for vndk-sp libs and vendor apks. +fastrpc.perf. u:object_r:public_vendor_default_prop:s0 +persist.cne.cqetimer u:object_r:public_vendor_default_prop:s0 +persist.cne.feature u:object_r:public_vendor_default_prop:s0 +persist.cne.logging.qxdm u:object_r:public_vendor_default_prop:s0 +persist.gcam. u:object_r:public_vendor_default_prop:s0 +persist.vendor.cnd.iwlan u:object_r:public_vendor_default_prop:s0 +persist.vendor.cnd.wqe u:object_r:public_vendor_default_prop:s0 +ro.graphics.memory u:object_r:public_vendor_default_prop:s0 +ro.boot.ddrsize u:object_r:public_vendor_default_prop:s0 +ro.boot.hardware.ddr u:object_r:public_vendor_default_prop:s0 +ro.boot.hardware.ufs u:object_r:public_vendor_default_prop:s0 + +# public_vendor_system_prop +# They are public_vendor_system_props for vendor-specific extension. +sys.all.modules.ready u:object_r:public_vendor_system_prop:s0 +sys.qcom.devup u:object_r:public_vendor_system_prop:s0 +sys.slpi.firmware.version u:object_r:public_vendor_system_prop:s0 + +# vendor_default_prop +# default_prop isn't accessible from vendor components. +# So vendor_default_prop should be marked. +audio_hal.in_period_size u:object_r:vendor_default_prop:s0 +audio_hal.period_multiplier u:object_r:vendor_default_prop:s0 +audio_hal.period_size u:object_r:vendor_default_prop:s0 +audio.adm. u:object_r:vendor_default_prop:s0 +audio.snd_card.open.retries u:object_r:vendor_default_prop:s0 +audio.volume.headset.gain.depcal u:object_r:vendor_default_prop:s0 +audio.volume.listener.dump u:object_r:vendor_default_prop:s0 +boost_override u:object_r:vendor_default_prop:s0 +cameradaemon.SaveMemAtBoot u:object_r:vendor_default_prop:s0 +camera.cpp. u:object_r:vendor_default_prop:s0 +camera.eis.fov_correction u:object_r:vendor_default_prop:s0 +camera.hdrplus.donotpoweroneasel u:object_r:vendor_default_prop:s0 +com.qti. u:object_r:vendor_default_prop:s0 +cpp.set.clock u:object_r:vendor_default_prop:s0 +disable.cpp.power.collapse u:object_r:vendor_default_prop:s0 +downmix_override_mode u:object_r:vendor_default_prop:s0 +fmas. u:object_r:vendor_default_prop:s0 +gpu.stats.debug.level u:object_r:vendor_default_prop:s0 +hw.hdmi.resolution u:object_r:vendor_default_prop:s0 +fpc_kpi u:object_r:vendor_default_prop:s0 +media.aac_51_output_enabled u:object_r:vendor_default_prop:s0 +mmp.enable.3g2 u:object_r:vendor_default_prop:s0 +mm.enable.qcom_parser u:object_r:vendor_default_prop:s0 +mm.enable.smoothstreaming u:object_r:vendor_default_prop:s0 +perflocks.predefined_clust_map u:object_r:vendor_default_prop:s0 +perflocks.predefined_freq_map u:object_r:vendor_default_prop:s0 +perist.vendor. u:object_r:vendor_default_prop:s0 +persist.audio.calfile0 u:object_r:vendor_default_prop:s0 +persist.audio.dualmic.config u:object_r:vendor_default_prop:s0 +persist.audio.fluence. u:object_r:vendor_default_prop:s0 +persist.cam.pp.feat.mask u:object_r:vendor_default_prop:s0 +persist.cne.override.memlimit u:object_r:vendor_default_prop:s0 +persist.data_netmgrd_mtu u:object_r:vendor_default_prop:s0 +persist.data_netmgrd_nint u:object_r:vendor_default_prop:s0 +persist.data.df. u:object_r:vendor_default_prop:s0 +persist.data.dont_use_epc u:object_r:vendor_default_prop:s0 +persist.data.dont_use_npflag u:object_r:vendor_default_prop:s0 +persist.data.dpm.enable u:object_r:vendor_default_prop:s0 +persist.data.dropssdp u:object_r:vendor_default_prop:s0 +persist.data.ibfc.enable u:object_r:vendor_default_prop:s0 +persist.data.iwlan.enable u:object_r:vendor_default_prop:s0 +persist.data.iwlan.ims.enable u:object_r:vendor_default_prop:s0 +persist.data.iwlan.rekey u:object_r:vendor_default_prop:s0 +persist.data.llf.enable u:object_r:vendor_default_prop:s0 +persist.data.mode u:object_r:vendor_default_prop:s0 +persist.data.netmgrd.qos.enable u:object_r:vendor_default_prop:s0 +persist.data.netmgrd.qos.hybrid u:object_r:vendor_default_prop:s0 +persist.data.netmgr.log_to_file u:object_r:vendor_default_prop:s0 +persist.data.netmgr.wl.timeout u:object_r:vendor_default_prop:s0 +persist.data.port_bridge.log u:object_r:vendor_default_prop:s0 +persist.data.profile_update u:object_r:vendor_default_prop:s0 +persist.data.qmi.adb_logmask u:object_r:vendor_default_prop:s0 +persist.data.rmnet.en u:object_r:vendor_default_prop:s0 +persist.data.target.msm8998 u:object_r:vendor_default_prop:s0 +persist.data.tcpackprio.enable u:object_r:vendor_default_prop:s0 +persist.data.wda.enable u:object_r:vendor_default_prop:s0 +persist.debug.sensors.elmyra.rate u:object_r:vendor_default_prop:s0 +persist.debug.sensors.hal u:object_r:vendor_default_prop:s0 +persist.debug.sf.showfps u:object_r:vendor_default_prop:s0 +persist.delta_time.enable u:object_r:vendor_default_prop:s0 +persist.enable.max.pending.buf u:object_r:vendor_default_prop:s0 +persist.env.spec u:object_r:vendor_default_prop:s0 +persist.fci u:object_r:vendor_default_prop:s0 +persist.fuse_sdcard u:object_r:vendor_default_prop:s0 +persist.hwc.blit.comp u:object_r:vendor_default_prop:s0 +persist.metadata_dynfps.disable u:object_r:vendor_default_prop:s0 +persist.msmirqbalance.debug u:object_r:vendor_default_prop:s0 +persist.net.logmask u:object_r:vendor_default_prop:s0 +persist.partial.skip u:object_r:vendor_default_prop:s0 +persist.pd_locater_debug u:object_r:vendor_default_prop:s0 +persist.qcril u:object_r:vendor_default_prop:s0 +persist.rild.nitz_ u:object_r:vendor_default_prop:s0 +persist.rmnet.data.enable u:object_r:vendor_default_prop:s0 +persist.sensors.elmyra.sensitivity u:object_r:vendor_default_prop:s0 +persist.sensors.hal_timeout u:object_r:vendor_default_prop:s0 +persist.sys.ssr.enable_ramdumps u:object_r:vendor_default_prop:s0 +persist.sys.ssr.restart_level u:object_r:vendor_default_prop:s0 +persist.timed.enable u:object_r:vendor_default_prop:s0 +persist.tnr.process.plates u:object_r:vendor_default_prop:s0 +qcom.bluetooth.soc u:object_r:vendor_default_prop:s0 +qcril.support.encrypted_calls u:object_r:vendor_default_prop:s0 +qdcm. u:object_r:vendor_default_prop:s0 +rild.libargs u:object_r:vendor_default_prop:s0 +rild.libpath u:object_r:vendor_default_prop:s0 +ro.alarm_boot u:object_r:vendor_default_prop:s0 +ro.boot.factoryota u:object_r:vendor_default_prop:s0 +ro.boot.mid u:object_r:vendor_default_prop:s0 +ro.boot.temp_protect_ignore u:object_r:vendor_default_prop:s0 +ro.bluetooth.a4wp u:object_r:vendor_default_prop:s0 +ro.bluetooth.emb_wp_mode u:object_r:vendor_default_prop:s0 +ro.bluetooth.wipower u:object_r:vendor_default_prop:s0 +ro.camera.wrapper.hal3TrebleMinorVersion u:object_r:vendor_default_prop:s0 +ro.fota.oem u:object_r:vendor_default_prop:s0 +ro.lean u:object_r:vendor_default_prop:s0 +ro.min_freq_0 u:object_r:vendor_default_prop:s0 +ro.min_freq_4 u:object_r:vendor_default_prop:s0 +ro.oem_unlock.pst u:object_r:vendor_default_prop:s0 +ro.qcom. u:object_r:vendor_default_prop:s0 +ro.qc.sdk.audio.fluencetype u:object_r:vendor_default_prop:s0 +ro.qfusion_use_report_period u:object_r:vendor_default_prop:s0 +ro.qti. u:object_r:vendor_default_prop:s0 +ro.qualcomm. u:object_r:vendor_default_prop:s0 +ro.radio.log_loc u:object_r:vendor_default_prop:s0 +ro.radio.log_prefix u:object_r:vendor_default_prop:s0 +ro.rfkilldisabled u:object_r:vendor_default_prop:s0 +ro.vendor.build.svn u:object_r:vendor_default_prop:s0 +ro.vendor.extension_library u:object_r:vendor_default_prop:s0 +ro.vibrator.hal.click.duration u:object_r:vendor_default_prop:s0 +ro.vibrator.hal.tick.duration u:object_r:vendor_default_prop:s0 +sdm. u:object_r:vendor_default_prop:s0 +sys.disable_ext_animation u:object_r:vendor_default_prop:s0 +sys.display.low_persistence_mode_brightness u:object_r:vendor_default_prop:s0 +sys.hwc_disable_hdr u:object_r:vendor_default_prop:s0 +sys.qca1530 u:object_r:vendor_default_prop:s0 +vendor.audio.adm.buffering.ms u:object_r:vendor_default_prop:s0 +vendor.vidc.enc.dcvs.extra-buff-count u:object_r:vendor_default_prop:s0 +ubwc.no.compression u:object_r:vendor_default_prop:s0 + +# vendor_radio_prop +persist.radio.always_send_plmn u:object_r:vendor_radio_prop:s0 +persist.radio.apm_sim_not_pwdn u:object_r:vendor_radio_prop:s0 +persist.radio.custom_ecc u:object_r:vendor_radio_prop:s0 +persist.radio.data_con_rprt u:object_r:vendor_radio_prop:s0 +persist.radio.data_ltd_sys_ind u:object_r:vendor_radio_prop:s0 +persist.radio.is_wps_enabled u:object_r:vendor_radio_prop:s0 +persist.radio.RATE_ADAPT_ENABLE u:object_r:vendor_radio_prop:s0 +persist.radio.ROTATION_ENABLE u:object_r:vendor_radio_prop:s0 +persist.radio.sap_silent_pin u:object_r:vendor_radio_prop:s0 +persist.radio.sib16_support u:object_r:vendor_radio_prop:s0 +persist.radio.smlog_switch u:object_r:vendor_radio_prop:s0 +persist.radio.snapshot_enabled u:object_r:vendor_radio_prop:s0 +persist.radio.snapshot_timer u:object_r:vendor_radio_prop:s0 +persist.radio.videopause.mode u:object_r:vendor_radio_prop:s0 +persist.radio.VT_ENABLE u:object_r:vendor_radio_prop:s0 +persist.radio.VT_HYBRID_ENABLE u:object_r:vendor_radio_prop:s0 diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te index 47e7d8b3..5e3bdd82 100644 --- a/sepolicy/vendor/radio.te +++ b/sepolicy/vendor/radio.te @@ -27,3 +27,5 @@ binder_call(radio, hal_imsrtp) # read /proc/cmdline allow radio proc_cmdline:file r_file_perms; + +get_prop(radio, vendor_radio_prop) diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te index 36470144..3d54a40b 100644 --- a/sepolicy/vendor/rild.te +++ b/sepolicy/vendor/rild.te @@ -29,3 +29,4 @@ allow rild radio_vendor_data_file:dir rw_dir_perms; allow rild radio_vendor_data_file:file create_file_perms; get_prop(rild, tel_mon_prop) +get_prop(rild, vendor_radio_prop) diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te index fee5e123..a8f71cbb 100644 --- a/sepolicy/vendor/surfaceflinger.te +++ b/sepolicy/vendor/surfaceflinger.te @@ -1,3 +1,5 @@ dontaudit surfaceflinger firmware_file:dir search; dontaudit surfaceflinger kernel:system module_request; allow surfaceflinger debugfs_ion:dir search; + +set_prop(surfaceflinger, public_vendor_system_prop) diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te index 1cc6fb1f..5e5eb62f 100644 --- a/sepolicy/vendor/system_app.te +++ b/sepolicy/vendor/system_app.te @@ -8,3 +8,5 @@ set_prop(system_app, camera_prop) # read regulatory info allow system_app elabel_data_file:dir r_dir_perms; allow system_app elabel_data_file:file r_file_perms; + +set_prop(system_app, public_vendor_system_prop) diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index 090cadfa..92ab548a 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -18,3 +18,5 @@ dontaudit system_server audioserver:file write; dontaudit system_server untrusted_app:file write; dontaudit system_server hal_audio_default:file write; dontaudit system_server appdomain:file write; + +set_prop(system_server, public_vendor_system_prop) diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 33dce0bb..21a228a9 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -1,4 +1,7 @@ allow vendor_init debugfs_clk:file w_file_perms; dontaudit vendor_init kernel:system module_request; -get_prop(vendor_init, modem_diag_prop) +set_prop(vendor_init, camera_prop) +set_prop(vendor_init, modem_diag_prop) +set_prop(vendor_init, public_vendor_default_prop) +set_prop(vendor_init, vendor_radio_prop)