diff options
-rw-r--r-- | public/property.te | 69 |
1 files changed, 65 insertions, 4 deletions
diff --git a/public/property.te b/public/property.te index 80453683..e5720d5e 100644 --- a/public/property.te +++ b/public/property.te | |||
@@ -155,7 +155,6 @@ compatible_property_only(` | |||
155 | -coredomain | 155 | -coredomain |
156 | -appdomain | 156 | -appdomain |
157 | -hal_nfc_server | 157 | -hal_nfc_server |
158 | -vendor_init | ||
159 | } { | 158 | } { |
160 | nfc_prop | 159 | nfc_prop |
161 | }:property_service set; | 160 | }:property_service set; |
@@ -168,11 +167,57 @@ compatible_property_only(` | |||
168 | -vendor_init | 167 | -vendor_init |
169 | } { | 168 | } { |
170 | exported_radio_prop | 169 | exported_radio_prop |
171 | exported2_radio_prop | ||
172 | exported3_radio_prop | 170 | exported3_radio_prop |
171 | }:property_service set; | ||
172 | |||
173 | neverallow { | ||
174 | domain | ||
175 | -coredomain | ||
176 | -appdomain | ||
177 | -hal_telephony_server | ||
178 | } { | ||
179 | exported2_radio_prop | ||
173 | radio_prop | 180 | radio_prop |
174 | }:property_service set; | 181 | }:property_service set; |
175 | 182 | ||
183 | neverallow { | ||
184 | domain | ||
185 | -coredomain | ||
186 | -bluetooth | ||
187 | -hal_bluetooth | ||
188 | } { | ||
189 | bluetooth_prop | ||
190 | }:property_service set; | ||
191 | |||
192 | neverallow { | ||
193 | domain | ||
194 | -coredomain | ||
195 | -bluetooth | ||
196 | -hal_bluetooth | ||
197 | -vendor_init | ||
198 | } { | ||
199 | exported_bluetooth_prop | ||
200 | }:property_service set; | ||
201 | |||
202 | neverallow { | ||
203 | domain | ||
204 | -coredomain | ||
205 | -hal_wifi | ||
206 | -wificond | ||
207 | } { | ||
208 | wifi_prop | ||
209 | }:property_service set; | ||
210 | |||
211 | neverallow { | ||
212 | domain | ||
213 | -coredomain | ||
214 | -hal_wifi | ||
215 | -wificond | ||
216 | -vendor_init | ||
217 | } { | ||
218 | exported_wifi_prop | ||
219 | }:property_service set; | ||
220 | |||
176 | # Prevent properties from being read | 221 | # Prevent properties from being read |
177 | neverallow { | 222 | neverallow { |
178 | domain | 223 | domain |
@@ -201,7 +246,6 @@ compatible_property_only(` | |||
201 | -coredomain | 246 | -coredomain |
202 | -appdomain | 247 | -appdomain |
203 | -hal_nfc_server | 248 | -hal_nfc_server |
204 | -vendor_init | ||
205 | } { | 249 | } { |
206 | nfc_prop | 250 | nfc_prop |
207 | }:file no_rw_file_perms; | 251 | }:file no_rw_file_perms; |
@@ -211,8 +255,25 @@ compatible_property_only(` | |||
211 | -coredomain | 255 | -coredomain |
212 | -appdomain | 256 | -appdomain |
213 | -hal_telephony_server | 257 | -hal_telephony_server |
214 | -vendor_init | ||
215 | } { | 258 | } { |
216 | radio_prop | 259 | radio_prop |
217 | }:file no_rw_file_perms; | 260 | }:file no_rw_file_perms; |
261 | |||
262 | neverallow { | ||
263 | domain | ||
264 | -coredomain | ||
265 | -bluetooth | ||
266 | -hal_bluetooth | ||
267 | } { | ||
268 | bluetooth_prop | ||
269 | }:file no_rw_file_perms; | ||
270 | |||
271 | neverallow { | ||
272 | domain | ||
273 | -coredomain | ||
274 | -hal_wifi | ||
275 | -wificond | ||
276 | } { | ||
277 | wifi_prop | ||
278 | }:file no_rw_file_perms; | ||
218 | ') | 279 | ') |