Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / d5a0448a53da55d21907637b22d6caee8cdd5279
commitd5a0448a53da55d21907637b22d6caee8cdd5279[log] [tgz]
authorInseob Kim <inseob@google.com>Thu Nov 05 22:17:26 2020 +0900
committerInseob Kim <inseob@google.com>Fri Nov 06 14:02:34 2020 +0900
treee1ea59d7fd400ccf97c42683903aa9a2b99ca37e
parent12376168b44904799936cad2ea1de10dfad456f6 [diff]
Add entries for some properties in default_prop

Currently default_prop is readable by coredomain and appdomain. That's
too broad, and we are going to restrict the access so every property
should be added to property_contexts.

This adds some missing properties to property_contexts. Newly added
property contexts are:

- wrap.*: used by zygote to give arguments. It's assigned as
zygote_wrap_prop, and will be readable from coredomain.

- partition.{mount_name}.verified: used by dm-verity. It's assigned as
vertiy_status_prop, and will only be accessible from init.

- (ro.)?setupwizard.*: used by setup wizard. It's assigned as
setupwizard_prop, and will be readable from coredomain.

Other properties, such as ro.gfx.*, media.stagefright.*,
ro.storage_manager.* are also added to existing contexts.

Bug: 170590987
Test: boot crosshatch and see no denials
Change-Id: Ife9d69a62ee8bd7395a70cd104271898c8a72540
4 files changed
tree: e1ea59d7fd400ccf97c42683903aa9a2b99ca37e
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk