mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
f392990328
system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.
Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.
These violators are allowed only for P, but not for Q.
Bug: 78598545
Test: m -j selinux_policy
Merged-In: I60b12f1232c77ad997c8c87e6d91baa14c626e94
Change-Id: I60b12f1232c77ad997c8c87e6d91baa14c626e94
(cherry picked from commit 3ee4e77674)
7 lines
236 B
Plaintext
7 lines
236 B
Plaintext
typeattribute bluetooth system_writes_vendor_properties_violators;
|
|
set_prop(bluetooth, vendor_bluetooth_prop)
|
|
set_prop(bluetooth, wc_prop)
|
|
|
|
# Allow access to net_admin ioctls
|
|
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
|