Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 1 | type audio_prop, property_type, core_property_type; |
Nick Kralevich | bb9a388 | 2016-12-13 19:50:36 -0800 | [diff] [blame] | 2 | type boottime_prop, property_type; |
Alex Klyubin | 6e4508e | 2016-12-27 18:05:46 -0800 | [diff] [blame] | 3 | type bluetooth_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 4 | type config_prop, property_type, core_property_type; |
| 5 | type cppreopt_prop, property_type, core_property_type; |
Nick Kralevich | f01453a | 2015-12-09 08:47:02 -0800 | [diff] [blame] | 6 | type ctl_bootanim_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 7 | type ctl_bugreport_prop, property_type; |
| 8 | type ctl_console_prop, property_type; |
Nick Kralevich | f01453a | 2015-12-09 08:47:02 -0800 | [diff] [blame] | 9 | type ctl_default_prop, property_type; |
Nick Kralevich | f01453a | 2015-12-09 08:47:02 -0800 | [diff] [blame] | 10 | type ctl_dumpstate_prop, property_type; |
| 11 | type ctl_fuse_prop, property_type; |
| 12 | type ctl_mdnsd_prop, property_type; |
| 13 | type ctl_rildaemon_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 14 | type dalvik_prop, property_type, core_property_type; |
| 15 | type debuggerd_prop, property_type, core_property_type; |
| 16 | type debug_prop, property_type, core_property_type; |
| 17 | type default_prop, property_type, core_property_type; |
| 18 | type device_logging_prop, property_type; |
| 19 | type dhcp_prop, property_type, core_property_type; |
| 20 | type dumpstate_options_prop, property_type; |
| 21 | type dumpstate_prop, property_type, core_property_type; |
| 22 | type ffs_prop, property_type, core_property_type; |
| 23 | type fingerprint_prop, property_type, core_property_type; |
Alex Klyubin | 062236a | 2016-12-27 14:05:46 -0800 | [diff] [blame] | 24 | type firstboot_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 25 | type hwservicemanager_prop, property_type; |
Nick Kralevich | 5a570a4 | 2015-12-08 14:45:50 -0800 | [diff] [blame] | 26 | type logd_prop, property_type, core_property_type; |
Mark Salyzyn | 68d67a0 | 2016-06-06 12:18:46 -0700 | [diff] [blame] | 27 | type logpersistd_logging_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 28 | type log_prop, property_type, log_property_type; |
| 29 | type log_tag_prop, property_type, log_property_type; |
Mark Salyzyn | d143560 | 2016-02-04 10:55:43 -0800 | [diff] [blame] | 30 | type mmc_prop, property_type; |
Nick Kralevich | 4e40429 | 2017-02-09 16:08:11 -0800 | [diff] [blame] | 31 | type net_dns_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 32 | type net_radio_prop, property_type, core_property_type; |
Nick Kralevich | 5a570a4 | 2015-12-08 14:45:50 -0800 | [diff] [blame] | 33 | type nfc_prop, property_type, core_property_type; |
Jason Monk | 0e1cbf5 | 2016-11-09 15:19:05 -0500 | [diff] [blame] | 34 | type overlay_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 35 | type pan_result_prop, property_type, core_property_type; |
| 36 | type persist_debug_prop, property_type, core_property_type; |
Keun-young Park | f67c346 | 2017-02-28 19:21:31 -0800 | [diff] [blame] | 37 | type persistent_properties_ready_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 38 | type powerctl_prop, property_type, core_property_type; |
| 39 | type radio_prop, property_type, core_property_type; |
| 40 | type restorecon_prop, property_type, core_property_type; |
| 41 | type safemode_prop, property_type; |
Alex Klyubin | 2015107 | 2016-12-20 15:31:37 -0800 | [diff] [blame] | 42 | type serialno_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 43 | type shell_prop, property_type, core_property_type; |
| 44 | type system_prop, property_type, core_property_type; |
| 45 | type system_radio_prop, property_type, core_property_type; |
Steven Moreland | cd597cd | 2017-01-13 11:37:38 -0800 | [diff] [blame] | 46 | type hal_binderization_prop, property_type; |
Nick Kralevich | 26c6d72 | 2016-11-11 02:43:08 -0800 | [diff] [blame] | 47 | type vold_prop, property_type, core_property_type; |
| 48 | type wifi_log_prop, property_type, log_property_type; |
| 49 | type wifi_prop, property_type; |
Tom Cherry | 949d7cb | 2015-12-01 16:58:27 -0800 | [diff] [blame] | 50 | |
| 51 | allow property_type tmpfs:filesystem associate; |
Nick Kralevich | d310df2 | 2016-12-13 15:59:33 -0800 | [diff] [blame] | 52 | |
| 53 | ### |
| 54 | ### Neverallow rules |
| 55 | ### |
| 56 | |
| 57 | # core_property_type should not be used for new properties or |
| 58 | # device specific properties. Properties with this attribute |
| 59 | # are readable to everyone, which is overly broad and should |
| 60 | # be avoided. |
| 61 | # New properties should have appropriate read / write access |
| 62 | # control rules written. |
| 63 | |
| 64 | neverallow * { |
| 65 | core_property_type |
| 66 | -audio_prop |
Nick Kralevich | d310df2 | 2016-12-13 15:59:33 -0800 | [diff] [blame] | 67 | -config_prop |
| 68 | -cppreopt_prop |
| 69 | -dalvik_prop |
| 70 | -debuggerd_prop |
| 71 | -debug_prop |
| 72 | -default_prop |
| 73 | -dhcp_prop |
| 74 | -dumpstate_prop |
| 75 | -ffs_prop |
| 76 | -fingerprint_prop |
| 77 | -logd_prop |
| 78 | -net_radio_prop |
| 79 | -nfc_prop |
| 80 | -pan_result_prop |
| 81 | -persist_debug_prop |
| 82 | -powerctl_prop |
| 83 | -radio_prop |
| 84 | -restorecon_prop |
| 85 | -shell_prop |
| 86 | -system_prop |
| 87 | -system_radio_prop |
| 88 | -vold_prop |
| 89 | }:file no_rw_file_perms; |