| system_internal_prop(ctl_tombstoned_prop) |
| system_restricted_prop(tombstone_transmit_status_prop) |
| |
| system_restricted_prop(boot_status_prop) |
| |
| # Declare ART properties for CompOS |
| system_public_prop(dalvik_config_prop) |
| system_restricted_prop(device_config_runtime_native_prop) |
| system_restricted_prop(device_config_runtime_native_boot_prop) |
| |
| # Don't audit legacy ctl. property handling. We only want the newer permission check to appear |
| # in the audit log |
| dontaudit domain { |
| ctl_console_prop |
| ctl_default_prop |
| ctl_fuse_prop |
| }:property_service set; |
| |
| ### |
| ### Neverallow rules |
| ### |
| |
| # microdroid_manager_roothash_prop can only be set by microdroid_manager |
| # and read by apkdmverity |
| neverallow { |
| domain |
| -init |
| -microdroid_manager |
| } microdroid_manager_roothash_prop:property_service set; |
| |
| neverallow { |
| domain |
| -init |
| -microdroid_manager |
| -apkdmverity |
| } microdroid_manager_roothash_prop:file no_rw_file_perms; |
| |
| # apexd_payload_metadata_prop can only set by init |
| neverallow { |
| domain |
| -init |
| } apexd_payload_metadata_prop:property_service set; |
| |
| # Only microdroid_manager and init can set the microdroid_config_prop sysprops |
| neverallow { |
| domain |
| -init |
| -microdroid_manager |
| } {microdroid_config_prop microdroid_lifecycle_prop}:property_service set; |
| |
| neverallow { |
| domain |
| -init |
| -microdroid_manager |
| } {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms; |
