Reduce use of exported_system_prop
Reduce use of "exported_system_prop" by defining 2 new (currently
identical) "locale_prop" and "timezone_prop" types for the system
properties that are for "global system settings". See the comments in
private/property_contexts for details.
Initially the rights of the new types should be identical to
exported_system_prop but they will be reduced with a follow-up commit to
enable easier rollback / progress to be made on related work.
Bug: 236612872
Test: treehugger
Change-Id: I8d818342023bc462376c091b8a522532ccaf15d3
diff --git a/private/compat/33.0/33.0.cil b/private/compat/33.0/33.0.cil
index 163a300..849be82 100644
--- a/private/compat/33.0/33.0.cil
+++ b/private/compat/33.0/33.0.cil
@@ -1637,7 +1637,11 @@
(typeattributeset exported_overlay_prop_33_0 (exported_overlay_prop))
(typeattributeset exported_pm_prop_33_0 (exported_pm_prop))
(typeattributeset exported_secure_prop_33_0 (exported_secure_prop))
-(typeattributeset exported_system_prop_33_0 (exported_system_prop))
+(typeattributeset exported_system_prop_33_0
+ ( exported_system_prop
+ locale_prop
+ timezone_prop
+))
(typeattributeset external_vibrator_service_33_0 (external_vibrator_service))
(typeattributeset extra_free_kbytes_33_0 (extra_free_kbytes))
(typeattributeset extra_free_kbytes_exec_33_0 (extra_free_kbytes_exec))
diff --git a/private/property_contexts b/private/property_contexts
index a67ea73..507e9c6 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -783,8 +783,20 @@
net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
-persist.sys.locale u:object_r:exported_system_prop:s0 exact string
-persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+# Settings system properties containing mutable "global" device settings.
+#
+# These can't be Android settings because they are also read by low-level
+# binaries that don't have access to "real" SettingsProvider settings. This
+# will usually be because of when they execute, e.g. during boot when Android
+# services are not yet running, and/or because they are needed by binaries that
+# are not "Android aware", i.e. they have light integration with the Android
+# platform via the low-level system properties lib. Processes like shell may
+# modify these for testing purposes, but doing so is generally discouraged;
+# updates to these props will generally require intents to be sent to
+# long-running Android apps so they can update cached data and their UI state.
+persist.sys.locale u:object_r:locale_prop:s0 exact string
+persist.sys.timezone u:object_r:timezone_prop:s0 exact string
+
persist.sys.mte.permissive u:object_r:permissive_mte_prop:s0 exact string
persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index bb16f20..dbb5507 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -58,7 +58,9 @@
set_prop(surfaceflinger, exported_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
+set_prop(surfaceflinger, locale_prop)
set_prop(surfaceflinger, surfaceflinger_display_prop)
+set_prop(surfaceflinger, timezone_prop)
# Get properties.
get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
diff --git a/private/system_app.te b/private/system_app.te
index 822fbb5..61d3b5d 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -44,8 +44,10 @@
set_prop(system_app, exported_system_prop)
set_prop(system_app, exported3_system_prop)
set_prop(system_app, gesture_prop)
+set_prop(system_app, locale_prop)
set_prop(system_app, logd_prop)
set_prop(system_app, net_radio_prop)
+set_prop(system_app, timezone_prop)
set_prop(system_app, usb_control_prop)
set_prop(system_app, usb_prop)
set_prop(system_app, log_tag_prop)
diff --git a/private/system_server.te b/private/system_server.te
index ab0bfe0..c2c8147 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -717,6 +717,8 @@
set_prop(system_server, provisioned_prop)
set_prop(system_server, retaildemo_prop)
set_prop(system_server, dmesgd_start_prop)
+set_prop(system_server, locale_prop)
+set_prop(system_server, timezone_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
userdebug_or_eng(`set_prop(system_server, system_user_mode_emulation_prop)')
diff --git a/public/domain.te b/public/domain.te
index 11a14c5..e97639f 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -123,6 +123,7 @@
get_prop(domain, hw_timeout_multiplier_prop)
get_prop(domain, init_service_status_prop)
get_prop(domain, libc_debug_prop)
+get_prop(domain, locale_prop)
get_prop(domain, logd_prop)
get_prop(domain, mediadrm_config_prop)
get_prop(domain, property_service_version_prop)
@@ -130,6 +131,7 @@
get_prop(domain, socket_hook_prop)
get_prop(domain, surfaceflinger_prop)
get_prop(domain, telephony_status_prop)
+get_prop(domain, timezone_prop)
get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop)
get_prop(domain, vendor_socket_hook_prop)
get_prop(domain, vndk_prop)
diff --git a/public/property.te b/public/property.te
index 80df624..a9e61b5 100644
--- a/public/property.te
+++ b/public/property.te
@@ -212,6 +212,7 @@
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
system_public_prop(lmkd_prop)
+system_public_prop(locale_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
system_public_prop(log_prop)
@@ -230,6 +231,7 @@
system_public_prop(system_prop)
system_public_prop(system_user_mode_emulation_prop)
system_public_prop(telephony_status_prop)
+system_public_prop(timezone_prop)
system_public_prop(usb_control_prop)
system_public_prop(vold_post_fs_data_prop)
system_public_prop(wifi_hal_prop)
