From f392990328be61fce1961e303cabe3bab2be8a5f Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Tue, 15 May 2018 12:06:48 +0900
Subject: [PATCH] Temporarily whitelisting system domains writing vendor props

system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.

Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.

These violators are allowed only for P, but not for Q.

Bug: 78598545
Test: m -j selinux_policy
Merged-In: I60b12f1232c77ad997c8c87e6d91baa14c626e94
Change-Id: I60b12f1232c77ad997c8c87e6d91baa14c626e94
(cherry picked from commit 3ee4e77674ecce82dadfcf5c64d87ce6d65a88b0)
---
 sepolicy/private/ramoops.te       | 1 +
 sepolicy/vendor/bluetooth.te      | 1 +
 sepolicy/vendor/cameraserver.te   | 1 +
 sepolicy/vendor/gatekeeperd.te    | 1 +
 sepolicy/vendor/radio.te          | 1 +
 sepolicy/vendor/surfaceflinger.te | 1 +
 sepolicy/vendor/system_app.te     | 1 +
 7 files changed, 7 insertions(+)

diff --git a/sepolicy/private/ramoops.te b/sepolicy/private/ramoops.te
index c7cea81d..534fa656 100644
--- a/sepolicy/private/ramoops.te
+++ b/sepolicy/private/ramoops.te
@@ -11,6 +11,7 @@ allow ramoops shell_exec:file rx_file_perms;
 allow ramoops toolbox_exec:file rx_file_perms;
 
 # Set the sys.ramoops.decrypted property
+typeattribute ramoops system_writes_vendor_properties_violators;
 set_prop(ramoops, ramoops_prop);
 
 allow ramoops sysfs_pstore:file rw_file_perms;
diff --git a/sepolicy/vendor/bluetooth.te b/sepolicy/vendor/bluetooth.te
index 5a8371dd..0f5673a9 100644
--- a/sepolicy/vendor/bluetooth.te
+++ b/sepolicy/vendor/bluetooth.te
@@ -1,3 +1,4 @@
+typeattribute bluetooth system_writes_vendor_properties_violators;
 set_prop(bluetooth, wc_prop)
 
 # Allow access to net_admin ioctls
diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te
index d29d473d..594f22a9 100644
--- a/sepolicy/vendor/cameraserver.te
+++ b/sepolicy/vendor/cameraserver.te
@@ -1,5 +1,6 @@
 allow cameraserver gpu_device:chr_file rw_file_perms;
 
+typeattribute cameraserver system_writes_vendor_properties_violators;
 set_prop(cameraserver, camera_prop)
 
 allow cameraserver sysfs_camera:file r_file_perms;
diff --git a/sepolicy/vendor/gatekeeperd.te b/sepolicy/vendor/gatekeeperd.te
index 647ede2a..e4bef11b 100644
--- a/sepolicy/vendor/gatekeeperd.te
+++ b/sepolicy/vendor/gatekeeperd.te
@@ -1 +1,2 @@
+typeattribute gatekeeperd system_writes_vendor_properties_violators;
 set_prop(gatekeeperd, keymaster_prop)
diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
index 162251f3..73d9b526 100644
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -1,4 +1,5 @@
 get_prop(radio, ims_prop)
+typeattribute radio system_writes_vendor_properties_violators;
 userdebug_or_eng(`set_prop(radio, tel_mon_prop)')
 
 allow radio qmuxd_socket:dir search;
diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te
index 287824bf..6437fb82 100644
--- a/sepolicy/vendor/surfaceflinger.te
+++ b/sepolicy/vendor/surfaceflinger.te
@@ -2,3 +2,4 @@ dontaudit surfaceflinger firmware_file:dir search;
 dontaudit surfaceflinger vendor_file:file read;
 dontaudit surfaceflinger kernel:system module_request;
 allow surfaceflinger debugfs_ion:dir search;
+
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index 72d8cf3b..6fbccc86 100644
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -4,6 +4,7 @@ userdebug_or_eng(`set_prop(system_app, tel_mon_prop)')
 
 # Needed by Settings app's CameraHalHdrplusPreferenceController, available only on a subset of
 # userdebug and eng devices
+typeattribute system_app system_writes_vendor_properties_violators;
 userdebug_or_eng(`set_prop(system_app, camera_prop)')
 
 # read regulatory info