[ALPS05014766] SEPolicy: Modify property with new attributes

[Detail] In AOSP/1097032 and AOSP/1128792, there are new attributes and neverallow rules with property. The MTK sepolicies of properties need some modification for them. [Solution] Modify MTK sepolicies of properties. Change-Id: I0a78d4e974d57c6d328991a791918ffa6a12008b CR-Id: ALPS05014766 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
author: Shanshan Guo <Shanshan.Guo@mediatek.com> 2020-03-04 14:49:32 +0800
committer: Shanshan Guo <Shanshan.Guo@mediatek.com> 2020-03-05 11:44:44 +0800
commit: af794b428a2fb72cb4999b2ea611f95f5a2e9489 (patch)
tree: 4ea4d858f4c7438dde78026ad1650362a4c33e2f
parent: 8c2ce28a36be318fd5ff2e224b2fb0dfc25f3d6e (diff)
download: device_mediatek_wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.tar.gz
device_mediatek_wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.tar.bz2
device_mediatek_wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.zip
5 files changed, 306 insertions, 372 deletions
diff --git a/non_plat/property.te b/non_plat/property.te
index 3abf8df..5a920c3 100644
--- a/non_plat/property.te
+++ b/non_plat/property.te
@@ -2,323 +2,252 @@
 # MTK Policy Rule
 # ==============================================
 
-# MTK properties, allow all system/vendor processes to read.
-type mtk_default_prop, property_type, mtk_core_property_type;
-
-# Date: W14.32
-# Operation: Migration
-# Purpose: don't allow to use default_prop
-### TBD
-#neverallow { domain -init } default_prop:property_service set;
-#neverallow { domain -init -system_server -recovery -system_app} ctl_default_prop:property_service set;
-
-#=============allow ccci_mdinit to start gsm0710muxd==============
-type ctl_gsm0710muxd_prop, property_type;
-type ctl_gsm0710muxd-s_prop, property_type;
-type ctl_gsm0710muxd-d_prop, property_type;
-
-#=============allow viarild to start property==============
-type ctl_viarild_prop, property_type;
-#=============allow mtkrild to set persist.ril property==============
-type vendor_ril_ipo_prop, property_type, mtk_core_property_type;
-
-#=============allow gsm0710muxd to set mux property==============
-type gsm0710muxd_prop, property_type, mtk_core_property_type;
-
-#=============allow netlog running==============
-type debug_mtklog_prop, property_type, extended_core_property_type;
-type persist_mtklog_prop, property_type, extended_core_property_type;
-type debug_netlog_prop, property_type, extended_core_property_type;
-
-#=============allow netd to set mtk_wifi.*=========================
-type mtk_wifi_prop, property_type, mtk_core_property_type;
-
-#=============allow mdlogger==============
-type debug_mdlogger_prop, property_type, extended_core_property_type;
-type vendor_mdl_prop, property_type, extended_core_property_type;
-type vendor_mdl_start_prop, property_type, extended_core_property_type;
-type vendor_usb_prop, property_type;
-type persist_mdlog_prop, property_type, extended_core_property_type;
-type vendor_mdl_pulllog_prop, property_type, extended_core_property_type;
-
-#=============allow AEE==============
-type persist_mtk_aee_prop, property_type, extended_core_property_type;
-type persist_aee_prop, property_type, extended_core_property_type;
-type debug_mtk_aee_prop, property_type, extended_core_property_type;
-
-type persist_mtk_aeev_prop, property_type, mtk_core_property_type;
-type persist_aeev_prop, property_type, mtk_core_property_type;
-type debug_mtk_aeev_prop, property_type, mtk_core_property_type;
-type ro_mtk_aee_prop, property_type, mtk_core_property_type;
-
-#=============allow aee_dumpstate==============
-type debug_bq_dump_prop, property_type, extended_core_property_type;
-
-#=============allow ccci_mdinit to stop rild==============
-type ctl_ril-daemon-mtk_prop, property_type;
-type ctl_fusion_ril_mtk_prop, property_type;
-type ctl_ril-daemon-s_prop, property_type;
-type ctl_ril-daemon-d_prop, property_type;
-type ctl_ril-proxy_prop, property_type;
-
-#=============allow ccci_mdinit to start ccci_fsd==============
-type ctl_ccci_fsd_prop, property_type;
-type ctl_ccci2_fsd_prop, property_type;
-type ctl_ccci3_fsd_prop, property_type;
-
-#=============allow ccci_mdinit to set ril_active_md_prop==============
-type ril_active_md_prop, property_type, mtk_core_property_type;
-
-#=============allow ccci_mdinit to stop rild==============
-type ril_mux_report_case_prop, property_type, mtk_core_property_type;
-type ril_cdma_report_prop, property_type, mtk_core_property_type;
-
-#=============allow ccci_mdinit to mtk_md_prop==============
-type mtk_md_prop, property_type, mtk_core_property_type;
-
-#=============allow mtkrild to start muxreport==============
-type ctl_muxreport-daemon_prop, property_type;
-
-#=============allow telephony modules to set tel_switch_prop==============
-type tel_switch_prop, property_type, mtk_core_property_type;
-
-#=============allow bootanim==============
-type bootani_prop, property_type, extended_core_property_type;
-
-#=============allow mnld_prop==============
-type mnld_prop, property_type, mtk_core_property_type;
-
-#=============allow audiohal==============
-type audiohal_prop, property_type, mtk_core_property_type;
-
-#=============allow wmt==============
-type wmt_prop, property_type, mtk_core_property_type;
-type coredump_prop, property_type, mtk_core_property_type;
-
-#=============allow sensor==============
-type ctl_emcsmdlogger_prop, property_type;
-type ctl_eemcs_fsd_prop, property_type;
-
-#=============allow statusd==============
-type net_cdma_mdmstat, property_type, mtk_core_property_type;
-
-#=============allow bt==============
-type persist_bt_prop, property_type, mtk_core_property_type;
-
-#============= allow factory idle current prop ==============
-type vendor_factory_idle_state_prop, property_type, mtk_core_property_type;
-
-#============= allow mobile log property ===============
-type mobile_log_prop, property_type, extended_core_property_type;
-
-#============= allow service.nvram_init property ===============
-type service_nvram_init_prop, property_type, mtk_core_property_type;
-
-#============= allow ro.wlan.mtk.wifi.5g property ===============
-type wifi_5g_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set client.appmode  ==============
-type mtk_em_prop, property_type, mtk_core_property_type;
-
-#=============allow mediatek_prop ==============
-type mediatek_prop, property_type, mtk_core_property_type;
-
-#=============Property set by EM, for test/debug purpose=========
-type mtk_em_sys_prop, property_type, extended_core_property_type;
-type mtk_em_hidl_prop, property_type, mtk_core_property_type;
-
-#============= allow em set protocol ===============
-type mtk_em_net_auto_tethering_prop, property_type, extended_core_property_type;
-
-#=============allow em set property=============
-type mtk_operator_id_prop, property_type, mtk_core_property_type;
-
-#=============allow em set testsim.cardtype property===========
-type mtk_simswitch_emmode_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_dsbp_support_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_imstestmode_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_smsformat_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_gprs_prefer_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_testsim_cardtype_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_ct_ir_engmode_prop, property_type, mtk_core_property_type;
-
-#=============allow em set property=============
-type mtk_disable_c2k_cap_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set modem reset delay property================
-type mtk_debug_md_reset_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set video log omx.* property================
-type mtk_omx_log_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set vdec log property================
-type mtk_vdec_log_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set vdectlc log property================
-type mtk_vdectlc_log_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set venc h264 showlog property================
-type mtk_venc_h264_showlog_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set modem warning_prop property================
-type mtk_modem_warning_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set bgdata disabled property================
-type mtk_bgdata_disabled, property_type, extended_core_property_type;
-
-#=============allow em to set telecom vibrate property================
-type mtk_telecom_vibrate, property_type, extended_core_property_type;
-
-#=============allow em to set gprs attach type property================
-type mtk_gprs_attach_type, property_type, extended_core_property_type;
-
-#=============allow em to set poweroffmd property================
-type mtk_power_off_md_type, property_type, extended_core_property_type;
-
-#=============allow meta_tst to stop specific service ===============
-type ctl_mobile_log_d_prop, property_type;
-type ctl_mnld_prop, property_type;
-type ctl_mobicore_prop, property_type;
-
-#=============allow system server to set meta_connecttype property  ==============
-type meta_connecttype_prop, property_type;
-
-#=============Telephony Sensitive property==============
-type mtk_telephony_sensitive_prop, property_type;
-
-#=============allow processes to change thermal config================
-type mtk_thermal_config_prop, property_type;
-
-#=============allow composer set property ============================
-type graphics_hwc_pid_prop, property_type;
-type graphics_hwc_latch_unsignaled_prop, property_type;
-type graphics_hwc_hdr_prop, property_type;
-
-#============= mtkcam property ============================
-type mtkcam_prop, property_type;
-
-#============= atm modem mode property ==============
-type atm_mdmode_prop, property_type;
-
-#============= atm ip address property ==============
-type atm_ipaddr_prop, property_type;
-
-#=============allow consyslogger==============
-type vendor_connsysfw_prop, property_type, extended_core_property_type;
-
-#=============radio group property=============
-type vendor_radio_prop, property_type, mtk_core_property_type;
-
-#=============allow bluetooth==============
-type vendor_bluetooth_prop, property_type, extended_core_property_type;
-
-#=============allow ct volte==============
-type mtk_ct_volte_prop, property_type, mtk_core_property_type;
-
-#=============mtk ril mode property=============
-type mtk_ril_mode_prop, property_type, mtk_core_property_type;
-type mtk_ss_vendor_prop, property_type, mtk_core_property_type;
-
-#=============GPS support properties==============
-type mtk_gps_support_prop, property_type, mtk_core_property_type;
-
-#=============mtk rat config property=============
-type mtk_rat_config_prop, property_type, mtk_core_property_type;
-
-#=============mtk aal property=============
-type mtk_aal_ro_prop, property_type, mtk_core_property_type;
-
-#=============mtk pq property=============
-type mtk_pq_ro_prop, property_type, mtk_core_property_type;
-type mtk_pq_prop, property_type, mtk_core_property_type;
-
-#=============mtk emmc property=============
-type mtk_emmc_support_prop, property_type, mtk_core_property_type;
-
-#=============sim system property=============
-type vendor_sim_system_prop, property_type, extended_core_property_type;
-
-#=============em usb property==============
-type vendor_em_usb_prop, property_type, mtk_core_property_type;
-
-#=============allow em to set usb otg enable property  ==============
-type vendor_usb_otg_switch, property_type, mtk_core_property_type;
-
-#=============mtk anr property=============
-type mtk_anr_support_prop, property_type, mtk_core_property_type;
-
-#=============mtk app resolution tuner property=============
-type mtk_appresolutiontuner_prop, property_type, mtk_core_property_type;
-
-#=============mtk fullscreen switch=============
-type mtk_fullscreenswitch_prop, property_type, mtk_core_property_type;
-
-# MTK Antutu feature
-type mtk_antutu_prop, property_type, mtk_core_property_type;
-
-#=============mtk malloc debug switch unwind backtrace property=============
-type mtk_malloc_debug_backtrace_prop, property_type, mtk_core_property_type;
-
-#=============MTK Voice Recognize property===========
-type mtk_voicerecgnize_prop, property_type, mtk_core_property_type;
-
-#=============allow radio to set/get xcap rawurl config================
-type persist_xcap_rawurl_prop, property_type, extended_core_property_type;
-
-#=============allow atcid==============
-type persist_service_atci_prop, property_type, mtk_core_property_type;
-type mtk_atci_prop, property_type, mtk_core_property_type;
-
-#=============allow Netd property==============
-type mtk_net_ipv6_prop, property_type, mtk_core_property_type;
-
-#============= allow carrier express (cxp) ==============
-type usp_prop, property_type, mtk_core_property_type;
-type usp_srv_prop, property_type, extended_core_property_type;
-type mtk_cxp_vendor_prop, property_type, mtk_core_property_type;
-
-#=============allow MD to set mtk_md_version_prop==============
-type mtk_md_version_prop, property_type, mtk_core_property_type;
-
-#=============allow radio to set mtk_volte_enable property==============
-type mtk_volte_prop, property_type, mtk_core_property_type;
-
-#=============allow AMS dynamic enable log property===========
-type mtk_amslog_prop, property_type, extended_core_property_type;
-
-#=============allow android log much property==============
-type logmuch_prop, property_type, extended_core_property_type;
-
-#=============mtk bt enable SAP profile property=============
-type mtk_bt_sap_enable_prop, property_type, mtk_core_property_type;
-
-#=============MTK powerhal property================
-type mtk_powerhal_prop, property_type;
-
-#=============MTK Wifi wlan_assistant property=============
-type mtk_nvram_ready_prop, property_type, mtk_core_property_type;
-
-#=============allow wifi hotspot to read property===========
-type mtk_wifi_hotspot_prop, property_type, mtk_core_property_type;
-
-#=============mtk hdmi property=============
-type mtk_hdmi_prop, property_type, mtk_core_property_type;
-
-#=============mtk nn option property=============
-type mtk_nn_option_prop, property_type;
-
-#============system wfc service property===========
-type mtk_wfc_serv_prop, property_type;
-
+# system_internal_prop      -- Properties used only in /system
+# system_restricted_prop    -- Properties which can't be written outside system
+# system_public_prop        -- Properties with no restrictions
+# system_vendor_config_prop -- Properties which can be written only by vendor_init
+# vendor_internal_prop      -- Properties used only in /vendor
+# vendor_restricted_prop    -- Properties which can't be written outside vendor
+# vendor_public_prop        -- Properties with no restrictions
+
+# Properties used only in /vendor
+vendor_internal_prop(ctl_gsm0710muxd_prop)
+vendor_internal_prop(ctl_gsm0710muxd-s_prop)
+vendor_internal_prop(ctl_gsm0710muxd-d_prop)
+vendor_internal_prop(ctl_viarild_prop)
+vendor_internal_prop(ctl_ril-daemon-mtk_prop)
+vendor_internal_prop(ctl_fusion_ril_mtk_prop)
+vendor_internal_prop(ctl_ril-daemon-s_prop)
+vendor_internal_prop(ctl_ril-daemon-d_prop)
+vendor_internal_prop(ctl_ril-proxy_prop)
+vendor_internal_prop(ctl_ccci_fsd_prop)
+vendor_internal_prop(ctl_ccci2_fsd_prop)
+vendor_internal_prop(ctl_ccci3_fsd_prop)
+vendor_internal_prop(ctl_muxreport-daemon_prop)
+vendor_internal_prop(ctl_emcsmdlogger_prop)
+vendor_internal_prop(ctl_eemcs_fsd_prop)
+vendor_internal_prop(mtk_powerhal_prop)
+vendor_internal_prop(mtk_wfc_serv_prop)
+vendor_internal_prop(ctl_mdlogger_prop)
+vendor_internal_prop(ctl_emdlogger1_prop)
+vendor_internal_prop(ctl_emdlogger2_prop)
+vendor_internal_prop(ctl_emdlogger3_prop)
+vendor_internal_prop(ctl_dualmdlogger_prop)
+vendor_internal_prop(init_svc_emdlogger1_prop)
+vendor_internal_prop(init_svc_aee_aedv_prop)
+
+# Properties which can't be written outside vendor
+vendor_restricted_prop(mtk_nn_option_prop)
+vendor_restricted_prop(mtk_volte_prop)
+vendor_restricted_prop(mtk_cxp_vendor_prop)
+vendor_restricted_prop(mtk_antutu_prop)
+vendor_restricted_prop(mtk_ss_vendor_prop)
+vendor_restricted_prop(atm_ipaddr_prop)
+vendor_restricted_prop(mtkcam_prop)
+vendor_restricted_prop(graphics_hwc_hdr_prop)
+vendor_restricted_prop(graphics_hwc_latch_unsignaled_prop)
+vendor_restricted_prop(graphics_hwc_pid_prop)
+vendor_restricted_prop(mtk_thermal_config_prop)
+vendor_restricted_prop(mtk_telephony_sensitive_prop)
+vendor_restricted_prop(meta_connecttype_prop)
+vendor_restricted_prop(mtk_debug_md_reset_prop)
+vendor_restricted_prop(wmt_prop)
+vendor_restricted_prop(ril_active_md_prop)
+vendor_restricted_prop(vendor_usb_prop)
+vendor_restricted_prop(tel_switch_prop)
+vendor_restricted_prop(mtk_nvram_ready_prop)
+vendor_restricted_prop(mtk_wifi_hotspot_prop)
+vendor_restricted_prop(mtk_hdmi_prop)
+vendor_restricted_prop(mtk_default_prop)
+vendor_restricted_prop(vendor_ril_ipo_prop)
+vendor_restricted_prop(gsm0710muxd_prop)
+vendor_restricted_prop(mtk_wifi_prop)
+vendor_restricted_prop(persist_mtk_aeev_prop)
+vendor_restricted_prop(persist_aeev_prop)
+vendor_restricted_prop(debug_mtk_aeev_prop)
+vendor_restricted_prop(ro_mtk_aee_prop)
+vendor_restricted_prop(ril_mux_report_case_prop)
+vendor_restricted_prop(ril_cdma_report_prop)
+vendor_restricted_prop(mtk_md_prop)
+vendor_restricted_prop(mnld_prop)
+vendor_restricted_prop(audiohal_prop)
+vendor_restricted_prop(coredump_prop)
+vendor_restricted_prop(net_cdma_mdmstat)
+vendor_restricted_prop(persist_bt_prop)
+vendor_restricted_prop(vendor_factory_idle_state_prop)
+vendor_restricted_prop(service_nvram_init_prop)
+vendor_restricted_prop(wifi_5g_prop)
+vendor_restricted_prop(mtk_em_prop)
+vendor_restricted_prop(mediatek_prop)
+vendor_restricted_prop(mtk_em_hidl_prop)
+vendor_restricted_prop(mtk_operator_id_prop)
+vendor_restricted_prop(mtk_simswitch_emmode_prop)
+vendor_restricted_prop(mtk_dsbp_support_prop)
+vendor_restricted_prop(mtk_imstestmode_prop)
+vendor_restricted_prop(mtk_smsformat_prop)
+vendor_restricted_prop(mtk_gprs_prefer_prop)
+vendor_restricted_prop(mtk_testsim_cardtype_prop)
+vendor_restricted_prop(mtk_ct_ir_engmode_prop)
+vendor_restricted_prop(mtk_disable_c2k_cap_prop)
+vendor_restricted_prop(mtk_omx_log_prop)
+vendor_restricted_prop(mtk_vdec_log_prop)
+vendor_restricted_prop(mtk_vdectlc_log_prop)
+vendor_restricted_prop(mtk_venc_h264_showlog_prop)
+vendor_restricted_prop(mtk_modem_warning_prop)
+vendor_restricted_prop(ctl_mobile_log_d_prop)
+vendor_restricted_prop(ctl_mnld_prop)
+vendor_restricted_prop(ctl_mobicore_prop)
+vendor_restricted_prop(atm_mdmode_prop)
+vendor_restricted_prop(vendor_radio_prop)
+vendor_restricted_prop(mtk_ct_volte_prop)
+vendor_restricted_prop(mtk_ril_mode_prop)
+vendor_restricted_prop(mtk_gps_support_prop)
+vendor_restricted_prop(mtk_rat_config_prop)
+vendor_restricted_prop(mtk_aal_ro_prop)
+vendor_restricted_prop(mtk_pq_ro_prop)
+vendor_restricted_prop(mtk_pq_prop)
+vendor_restricted_prop(mtk_emmc_support_prop)
+vendor_restricted_prop(vendor_em_usb_prop)
+vendor_restricted_prop(vendor_usb_otg_switch)
+vendor_restricted_prop(mtk_anr_support_prop)
+vendor_restricted_prop(mtk_appresolutiontuner_prop)
+vendor_restricted_prop(mtk_fullscreenswitch_prop)
+vendor_restricted_prop(mtk_malloc_debug_backtrace_prop)
+vendor_restricted_prop(mtk_voicerecgnize_prop)
+vendor_restricted_prop(persist_service_atci_prop)
+vendor_restricted_prop(mtk_atci_prop)
+vendor_restricted_prop(mtk_net_ipv6_prop)
+vendor_restricted_prop(usp_prop)
+vendor_restricted_prop(mtk_md_version_prop)
+vendor_restricted_prop(mtk_bt_sap_enable_prop)
+
+# Properties used only in /system
+system_internal_prop(debug_mtklog_prop)
+system_internal_prop(persist_mtklog_prop)
+system_internal_prop(debug_netlog_prop)
+system_internal_prop(debug_mdlogger_prop)
+system_internal_prop(vendor_mdl_prop)
+system_internal_prop(vendor_mdl_start_prop)
+system_internal_prop(persist_mdlog_prop)
+system_internal_prop(vendor_mdl_pulllog_prop)
+system_internal_prop(persist_aee_prop)
+system_internal_prop(debug_mtk_aee_prop)
+system_internal_prop(debug_bq_dump_prop)
+system_internal_prop(bootani_prop)
+system_internal_prop(mobile_log_prop)
+system_internal_prop(mtk_em_sys_prop)
+system_internal_prop(mtk_em_net_auto_tethering_prop)
+system_internal_prop(mtk_bgdata_disabled)
+system_internal_prop(mtk_telecom_vibrate)
+system_internal_prop(mtk_gprs_attach_type)
+system_internal_prop(mtk_power_off_md_type)
+system_internal_prop(vendor_connsysfw_prop)
+system_internal_prop(vendor_bluetooth_prop)
+system_internal_prop(vendor_sim_system_prop)
+system_internal_prop(persist_xcap_rawurl_prop)
+system_internal_prop(usp_srv_prop)
+system_internal_prop(logmuch_prop)
+
+# Properties with no restrictions
+system_public_prop(persist_mtk_aee_prop)
+system_public_prop(mtk_amslog_prop)
+
+# Properties with can be read by all domains
+typeattribute mtk_default_prop                mtk_core_property_type;
+typeattribute vendor_ril_ipo_prop             mtk_core_property_type;
+typeattribute gsm0710muxd_prop                mtk_core_property_type;
+typeattribute mtk_wifi_prop                   mtk_core_property_type;
+typeattribute persist_mtk_aeev_prop           mtk_core_property_type;
+typeattribute persist_aeev_prop               mtk_core_property_type;
+typeattribute debug_mtk_aeev_prop             mtk_core_property_type;
+typeattribute ro_mtk_aee_prop                 mtk_core_property_type;
+typeattribute ril_active_md_prop              mtk_core_property_type;
+typeattribute ril_mux_report_case_prop        mtk_core_property_type;
+typeattribute ril_cdma_report_prop            mtk_core_property_type;
+typeattribute mtk_md_prop                     mtk_core_property_type;
+typeattribute tel_switch_prop                 mtk_core_property_type;
+typeattribute mnld_prop                       mtk_core_property_type;
+typeattribute audiohal_prop                   mtk_core_property_type;
+typeattribute wmt_prop                        mtk_core_property_type;
+typeattribute coredump_prop                   mtk_core_property_type;
+typeattribute net_cdma_mdmstat                mtk_core_property_type;
+typeattribute persist_bt_prop                 mtk_core_property_type;
+typeattribute vendor_factory_idle_state_prop  mtk_core_property_type;
+typeattribute service_nvram_init_prop         mtk_core_property_type;
+typeattribute wifi_5g_prop                    mtk_core_property_type;
+typeattribute mtk_em_prop                     mtk_core_property_type;
+typeattribute mediatek_prop                   mtk_core_property_type;
+typeattribute mtk_em_hidl_prop                mtk_core_property_type;
+typeattribute mtk_operator_id_prop            mtk_core_property_type;
+typeattribute mtk_simswitch_emmode_prop       mtk_core_property_type;
+typeattribute mtk_dsbp_support_prop           mtk_core_property_type;
+typeattribute mtk_imstestmode_prop            mtk_core_property_type;
+typeattribute mtk_smsformat_prop              mtk_core_property_type;
+typeattribute mtk_gprs_prefer_prop            mtk_core_property_type;
+typeattribute mtk_testsim_cardtype_prop       mtk_core_property_type;
+typeattribute mtk_ct_ir_engmode_prop          mtk_core_property_type;
+typeattribute mtk_disable_c2k_cap_prop        mtk_core_property_type;
+typeattribute mtk_debug_md_reset_prop         mtk_core_property_type;
+typeattribute mtk_omx_log_prop                mtk_core_property_type;
+typeattribute mtk_vdec_log_prop               mtk_core_property_type;
+typeattribute mtk_vdectlc_log_prop            mtk_core_property_type;
+typeattribute mtk_venc_h264_showlog_prop      mtk_core_property_type;
+typeattribute mtk_modem_warning_prop          mtk_core_property_type;
+typeattribute vendor_radio_prop               mtk_core_property_type;
+typeattribute mtk_ct_volte_prop               mtk_core_property_type;
+typeattribute mtk_ril_mode_prop               mtk_core_property_type;
+typeattribute mtk_ss_vendor_prop              mtk_core_property_type;
+typeattribute mtk_gps_support_prop            mtk_core_property_type;
+typeattribute mtk_rat_config_prop             mtk_core_property_type;
+typeattribute mtk_aal_ro_prop                 mtk_core_property_type;
+typeattribute mtk_pq_ro_prop                  mtk_core_property_type;
+typeattribute mtk_pq_prop                     mtk_core_property_type;
+typeattribute mtk_emmc_support_prop           mtk_core_property_type;
+typeattribute vendor_em_usb_prop              mtk_core_property_type;
+typeattribute vendor_usb_otg_switch           mtk_core_property_type;
+typeattribute mtk_anr_support_prop            mtk_core_property_type;
+typeattribute mtk_appresolutiontuner_prop     mtk_core_property_type;
+typeattribute mtk_fullscreenswitch_prop       mtk_core_property_type;
+typeattribute mtk_antutu_prop                 mtk_core_property_type;
+typeattribute mtk_malloc_debug_backtrace_prop mtk_core_property_type;
+typeattribute mtk_voicerecgnize_prop          mtk_core_property_type;
+typeattribute persist_service_atci_prop       mtk_core_property_type;
+typeattribute mtk_atci_prop                   mtk_core_property_type;
+typeattribute mtk_net_ipv6_prop               mtk_core_property_type;
+typeattribute usp_prop                        mtk_core_property_type;
+typeattribute mtk_cxp_vendor_prop             mtk_core_property_type;
+typeattribute mtk_md_version_prop             mtk_core_property_type;
+typeattribute mtk_volte_prop                  mtk_core_property_type;
+typeattribute mtk_bt_sap_enable_prop          mtk_core_property_type;
+typeattribute mtk_nvram_ready_prop            mtk_core_property_type;
+typeattribute mtk_wifi_hotspot_prop           mtk_core_property_type;
+typeattribute mtk_hdmi_prop                   mtk_core_property_type;
+
+# Properties with can't be accessed by device-sepcific domains
+typeattribute debug_mtklog_prop              extended_core_property_type;
+typeattribute persist_mtklog_prop            extended_core_property_type;
+typeattribute debug_netlog_prop              extended_core_property_type;
+typeattribute debug_mdlogger_prop            extended_core_property_type;
+typeattribute vendor_mdl_prop                extended_core_property_type;
+typeattribute vendor_mdl_start_prop          extended_core_property_type;
+typeattribute persist_mdlog_prop             extended_core_property_type;
+typeattribute vendor_mdl_pulllog_prop        extended_core_property_type;
+typeattribute persist_mtk_aee_prop           extended_core_property_type;
+typeattribute persist_aee_prop               extended_core_property_type;
+typeattribute debug_mtk_aee_prop             extended_core_property_type;
+typeattribute debug_bq_dump_prop             extended_core_property_type;
+typeattribute bootani_prop                   extended_core_property_type;
+typeattribute mobile_log_prop                extended_core_property_type;
+typeattribute mtk_em_sys_prop                extended_core_property_type;
+typeattribute mtk_em_net_auto_tethering_prop extended_core_property_type;
+typeattribute mtk_bgdata_disabled            extended_core_property_type;
+typeattribute mtk_telecom_vibrate            extended_core_property_type;
+typeattribute mtk_gprs_attach_type           extended_core_property_type;
+typeattribute mtk_power_off_md_type          extended_core_property_type;
+typeattribute vendor_connsysfw_prop          extended_core_property_type;
+typeattribute vendor_bluetooth_prop          extended_core_property_type;
+typeattribute vendor_sim_system_prop         extended_core_property_type;
+typeattribute persist_xcap_rawurl_prop       extended_core_property_type;
+typeattribute usp_srv_prop                   extended_core_property_type;
+typeattribute mtk_amslog_prop                extended_core_property_type;
+typeattribute logmuch_prop                   extended_core_property_type;
diff --git a/non_plat/property_contexts b/non_plat/property_contexts
index aec00cb..60e8c63 100644
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@@ -1,10 +1,10 @@
 # ==============================================
 # MTK Policy Rule
 # ==============================================
+
 #=============allow ccci_mdinit to start gsm0710muxd==============
 ctl.vendor.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0
 
-
 #=============allow mtkrild to set persist.ril property==============
 vendor.ril.ipo u:object_r:vendor_ril_ipo_prop:s0
 
@@ -22,7 +22,6 @@ persist.vendor.usb. u:object_r:vendor_usb_prop:s0
 persist.vendor.mdl u:object_r:persist_mdlog_prop:s0
 vendor.pullmdlog u:object_r:vendor_mdl_pulllog_prop:s0
 
-
 #=============allow AEE==============
 # persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal
 persist.vendor.mtk.aee. u:object_r:persist_mtk_aee_prop:s0
@@ -104,11 +103,9 @@ persist.vendor.connsys.coredump.mode u:object_r:coredump_prop:s0
 persist.vendor.connsys. u:object_r:wmt_prop:s0
 vendor.connsys. u:object_r:wmt_prop:s0
 
-
 #=============allow c2k_prop ==============
 vendor.net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0
 
-
 #=============allow ccci_mdinit md status ==============
 vendor.mtk.md   u:object_r:mtk_md_prop:s0
 #============= allow factory idle current prop ==============
@@ -120,7 +117,6 @@ vendor.MB.            u:object_r:mobile_log_prop:s0
 #=============allow service.nvram_init property================
 vendor.service.nvram_init     u:object_r:service_nvram_init_prop:s0
 
-
 #=============Allow EM To Set Camera APP Mode  ==============
 vendor.client.      u:object_r:mtk_em_prop:s0
 
@@ -192,7 +188,6 @@ persist.vendor.radio.gprs.attach.type u:object_r:mtk_gprs_attach_type:s0
 vendor.ril.test.poweroffmd u:object_r:mtk_power_off_md_type:s0
 vendor.ril.testmode u:object_r:mtk_power_off_md_type:s0
 
-
 #=============allow system server to set meta_connecttype property  ==============
 persist.vendor.meta.connecttype u:object_r:meta_connecttype_prop:s0
 
@@ -235,7 +230,7 @@ ro.boot.atm u:object_r:mtk_default_prop:s0
 #=============allow consyslogger==============
 vendor.connsysfw u:object_r:vendor_connsysfw_prop:s0
 
-#============Label telephony property=======#
+#============Label telephony property=======
 vendor.ril. u:object_r:vendor_radio_prop:s0
 ro.vendor.ril. u:object_r:vendor_radio_prop:s0
 vendor.gsm. u:object_r:vendor_radio_prop:s0
@@ -247,7 +242,7 @@ vendor.bthcisnoop u:object_r:vendor_bluetooth_prop:s0
 #=============allow ct volte==============
 persist.vendor.mtk_ct_volte_support u:object_r:mtk_ct_volte_prop:s0
 
-#============Label mtk ril mode=======#
+#============Label mtk ril mode=======
 ro.vendor.mtk_ril_mode u:object_r:mtk_ril_mode_prop:s0
 
 #=============GPS support properties==============
@@ -256,15 +251,15 @@ ro.vendor.mtk_agps_app u:object_r:mtk_gps_support_prop:s0
 ro.vendor.mtk_log_hide_gps u:object_r:mtk_gps_support_prop:s0
 ro.vendor.mtk_hidl_consolidation u:object_r:mtk_gps_support_prop:s0
 
-#============allow rat config=======#
+#============allow rat config=======
 ro.vendor.mtk_protocol1_rat_config u:object_r:mtk_rat_config_prop:s0
 
-#=============allow mtk aal==============#
+#=============allow mtk aal==============
 ro.vendor.mtk_aal_support u:object_r:mtk_aal_ro_prop:s0
 ro.vendor.mtk_ultra_dimming_support u:object_r:mtk_aal_ro_prop:s0
 ro.vendor.mtk_dre30_support u:object_r:mtk_aal_ro_prop:s0
 
-#=============allow mtk pq==============#
+#=============allow mtk pq==============
 persist.vendor.sys.pq. u:object_r:mtk_pq_prop:s0
 vendor.debug.pq. u:object_r:mtk_pq_prop:s0
 persist.vendor.sys.isp. u:object_r:mtk_pq_prop:s0
@@ -292,7 +287,7 @@ ro.vendor.mtk_disable_cap_switch u:object_r:mtk_default_prop:s0
 ro.vendor.mtk_sim_card_onoff u:object_r:mtk_default_prop:s0
 ro.vendor.mtk_perf_plus u:object_r:mtk_default_prop:s0
 
-#============mtk emmc=======#
+#============mtk emmc=======
 ro.vendor.mtk_emmc_support u:object_r:mtk_emmc_support_prop:s0
 
 # MTK connsys log feature
@@ -305,7 +300,7 @@ vendor.em.usb. u:object_r:vendor_em_usb_prop:s0
 #=============allow em to set usb otg switch property  ==============
 persist.vendor.usb.otg.switch u:object_r:vendor_usb_otg_switch:s0
 
-#============mtk rsc========#
+#============mtk rsc========
 ro.boot.rsc u:object_r:mtk_default_prop:s0
 
 #=============mtk anr property=============
@@ -326,15 +321,15 @@ persist.vendor.ss. u:object_r:mtk_ss_vendor_prop:s0
 # MTK Antutu feature
 ro.vendor.net.upload.benchmark.default u:object_r:mtk_antutu_prop:s0
 
-#=============malloc debug unwind backtrace switch property==============#
+#=============malloc debug unwind backtrace switch property==============
 vendor.debug.malloc.bt.switch u:object_r:mtk_malloc_debug_backtrace_prop:s0
 
-#=============allow gmo====================#
+#=============allow gmo====================
 ro.vendor.gmo.ram_optimize u:object_r:mtk_default_prop:s0
 ro.vendor.gmo.rom_optimize u:object_r:mtk_default_prop:s0
 ro.vendor.mtk_config_max_dram_size u:object_r:mtk_default_prop:s0
 
-#=============MTK Voice Recognize property===========#
+#=============MTK Voice Recognize property===========
 vendor.voicerecognize.raw u:object_r:mtk_voicerecgnize_prop:s0
 vendor.voicerecognize_data.raw u:object_r:mtk_voicerecgnize_prop:s0
 vendor.voicerecognize.noDL u:object_r:mtk_voicerecgnize_prop:s0
@@ -342,7 +337,7 @@ vendor.voicerecognize.noDL u:object_r:mtk_voicerecgnize_prop:s0
 #=============allow radio to set/get xcap rawurl config================
 persist.vendor.mtk.xcap.rawurl  u:object_r:persist_xcap_rawurl_prop:s0
 
-#=============mtk bt enable SAP profile property=============#
+#=============mtk bt enable SAP profile property=============
 ro.vendor.mtk.bt_sap_enable u:object_r:mtk_bt_sap_enable_prop:s0
 
 #=============allow processes to change powerhal config================
@@ -355,12 +350,20 @@ vendor.mtk.nvram.ready u:object_r:mtk_nvram_ready_prop:s0
 #=============Wi-Fi Hotspot==============
 ro.vendor.wifi.sap.interface u:object_r:mtk_wifi_hotspot_prop:s0
 
-#=============allow mtk hdmi==============#
+#=============allow mtk hdmi==============
 persist.vendor.sys.hdmi_hidl. u:object_r:mtk_hdmi_prop:s0
 
-#=============mtk nn option==============#
+#=============mtk nn option==============
 ro.vendor.mtk_nn.option u:object_r:mtk_nn_option_prop:s0
 
 #============system wfc service property===========
 persist.vendor.wfc. u:object_r:mtk_wfc_serv_prop:s0
 
+#=============allow ccci_mdinit to ctl. mdlogger==============
+ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0
+ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0
+ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0
+ctl.emdlogger3 u:object_r:ctl_emdlogger3_prop:s0
+
+init.svc.emdlogger1 u:object_r:init_svc_emdlogger1_prop:s0
+init.svc.aee_aedv u:object_r:init_svc_aee_aedv_prop:s0
diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te
index 3121190..783f6c9 100644
--- a/non_plat/vendor_init.te
+++ b/non_plat/vendor_init.te
@@ -1,16 +1,16 @@
-#allow vendor_init exported3_system_prop:property_service set;
-#allow vendor_init dalvik_prop:property_service set;
-
-#allow vendor_init ffs_prop:property_service set;
-allow vendor_init mediatek_prop:property_service set;
-allow vendor_init mtk_md_version_prop:property_service set;
-allow vendor_init mtk_volte_prop:property_service set;
-allow vendor_init vendor_radio_prop:property_service set;
-allow vendor_init mtk_ril_mode_prop:property_service set;
-allow vendor_init wmt_prop:property_service set;
-allow vendor_init coredump_prop:property_service set;
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+set_prop(vendor_init, mediatek_prop)
+set_prop(vendor_init, mtk_md_version_prop)
+set_prop(vendor_init, mtk_volte_prop)
+set_prop(vendor_init, vendor_radio_prop)
+set_prop(vendor_init, mtk_ril_mode_prop)
+set_prop(vendor_init, wmt_prop)
+set_prop(vendor_init, coredump_prop)
+
 allow vendor_init proc_wmtdbg:file w_file_perms;
-#allow vendor_init vold_prop:property_service set;
 
 allow vendor_init proc_cpufreq:file w_file_perms;
 allow vendor_init proc_bootprof:file write;
@@ -33,7 +33,6 @@ set_prop(vendor_init, mtk_aal_ro_prop)
 set_prop(vendor_init, mtk_pq_ro_prop)
 set_prop(vendor_init, mtk_default_prop)
 set_prop(vendor_init, mtk_nn_option_prop)
-
 set_prop(vendor_init, mtk_emmc_support_prop)
 set_prop(vendor_init, mtk_anr_support_prop)
 set_prop(vendor_init, mtk_antutu_prop)
@@ -70,9 +69,7 @@ allow vendor_init kernel:key search;
 allow vendor_init expdb_block_device:blk_file rw_file_perms;
 
 set_prop(vendor_init, mtk_wifi_hotspot_prop)
-
 set_prop(vendor_init, persist_aeev_prop)
-
 set_prop(vendor_init, mtk_powerhal_prop)
 
 # mmstat tracer
diff --git a/plat_private/property_contexts b/plat_private/property_contexts
index b85131f..e5bb3c3 100644
--- a/plat_private/property_contexts
+++ b/plat_private/property_contexts
@@ -1,11 +1,6 @@
-#=============allow ccci_mdinit to ctl. mdlogger==============
-ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0
-ctl.emdlogger1       u:object_r:ctl_emdlogger1_prop:s0
-ctl.emdlogger2       u:object_r:ctl_emdlogger2_prop:s0
-ctl.emdlogger3       u:object_r:ctl_emdlogger3_prop:s0
-
-init.svc.emdlogger1 u:object_r:init_svc_emdlogger1_prop:s0
-init.svc.aee_aedv u:object_r:init_svc_aee_aedv_prop:s0
+# ==============================================
+# MTK Policy Rule
+# ==============================================
 
 #allow mtk audio hidl service to read "ro.audio.usb.period_us"
 ro.audio.usb.period_us u:object_r:exported_default_prop:s0 exact int
@@ -13,6 +8,5 @@ ro.audio.usb.period_us u:object_r:exported_default_prop:s0 exact int
 #allow adb daemon to read "persist.adb.nonblocking_ffs"
 persist.adb.nonblocking_ffs u:object_r:exported_default_prop:s0 exact int
 
-#============system fingerprint property===========#
+#============system fingerprint property===========
 ro.system.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string
-
diff --git a/plat_public/property.te b/plat_public/property.te
index 976018b..03e0d0e 100644
--- a/plat_public/property.te
+++ b/plat_public/property.te
@@ -1,9 +1,20 @@
-#=============allow ccci_mdinit to ctl. mdlogger==============
-type ctl_mdlogger_prop, property_type;
-type ctl_emdlogger1_prop, property_type;
-type ctl_emdlogger2_prop, property_type;
-type ctl_emdlogger3_prop, property_type;
-type ctl_dualmdlogger_prop, property_type;
+# ==============================================
+# MTK Policy Rule
+# ==============================================
 
-type init_svc_emdlogger1_prop, property_type;
-type init_svc_aee_aedv_prop, property_type;
-\ No newline at end of file
+# system_internal_prop      -- Properties used only in /system
+# system_restricted_prop    -- Properties which can't be written outside system
+# system_public_prop        -- Properties with no restrictions
+# system_vendor_config_prop -- Properties which can be written only by vendor_init
+# vendor_internal_prop      -- Properties used only in /vendor
+# vendor_restricted_prop    -- Properties which can't be written outside vendor
+# vendor_public_prop        -- Properties with no restrictions
+
+# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
+#typeattribute vendor_default_prop vendor_property_type;
+#neverallow domain {
+#  property_type
+#  -system_property_type
+#  -product_property_type
+#  -vendor_property_type
+#}:file no_rw_file_perms;
author	Shanshan Guo <Shanshan.Guo@mediatek.com>	2020-03-04 14:49:32 +0800
committer	Shanshan Guo <Shanshan.Guo@mediatek.com>	2020-03-05 11:44:44 +0800
commit	af794b428a2fb72cb4999b2ea611f95f5a2e9489 (patch)
tree	4ea4d858f4c7438dde78026ad1650362a4c33e2f
parent	8c2ce28a36be318fd5ff2e224b2fb0dfc25f3d6e (diff)
download	device_mediatek_wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.tar.gz device_mediatek_wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.tar.bz2 device_mediatek_wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.zip