1##########################
2# property service keys
3#
4#
5net.rmnet               u:object_r:net_radio_prop:s0
6net.gprs                u:object_r:net_radio_prop:s0
7net.ppp                 u:object_r:net_radio_prop:s0
8net.qmi                 u:object_r:net_radio_prop:s0
9net.lte                 u:object_r:net_radio_prop:s0
10net.cdma                u:object_r:net_radio_prop:s0
11net.dns                 u:object_r:net_dns_prop:s0
12sys.usb.config          u:object_r:system_radio_prop:s0
13ril.                    u:object_r:radio_prop:s0
14ro.ril.                 u:object_r:radio_prop:s0
15gsm.                    u:object_r:radio_prop:s0
16persist.radio           u:object_r:radio_prop:s0
17
18net.                    u:object_r:system_prop:s0
19dev.                    u:object_r:system_prop:s0
20ro.runtime.             u:object_r:system_prop:s0
21ro.runtime.firstboot    u:object_r:firstboot_prop:s0
22hw.                     u:object_r:system_prop:s0
23ro.hw.                  u:object_r:system_prop:s0
24sys.                    u:object_r:system_prop:s0
25sys.audio.              u:object_r:audio_prop:s0
26sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0
27sys.cppreopt            u:object_r:cppreopt_prop:s0
28sys.lpdumpd             u:object_r:lpdumpd_prop:s0
29sys.powerctl            u:object_r:powerctl_prop:s0
30sys.usb.ffs.            u:object_r:ffs_prop:s0
31service.                u:object_r:system_prop:s0
32dhcp.                   u:object_r:dhcp_prop:s0
33dhcp.bt-pan.result      u:object_r:pan_result_prop:s0
34bluetooth.              u:object_r:bluetooth_prop:s0
35
36debug.                  u:object_r:debug_prop:s0
37debug.db.               u:object_r:debuggerd_prop:s0
38dumpstate.              u:object_r:dumpstate_prop:s0
39dumpstate.options       u:object_r:dumpstate_options_prop:s0
40init.svc_debug_pid.     u:object_r:init_svc_debug_prop:s0
41llk.                    u:object_r:llkd_prop:s0
42khungtask.              u:object_r:llkd_prop:s0
43ro.llk.                 u:object_r:llkd_prop:s0
44ro.khungtask.           u:object_r:llkd_prop:s0
45lmkd.reinit             u:object_r:lmkd_prop:s0 exact int
46log.                    u:object_r:log_prop:s0
47log.tag                 u:object_r:log_tag_prop:s0
48log.tag.WifiHAL         u:object_r:wifi_log_prop:s0
49security.perf_harden    u:object_r:shell_prop:s0
50service.adb.root        u:object_r:shell_prop:s0
51service.adb.tcp.port    u:object_r:shell_prop:s0
52service.adb.tls.port    u:object_r:adbd_prop:s0
53persist.adb.wifi.       u:object_r:adbd_prop:s0
54persist.adb.tls_server.enable  u:object_r:system_adbd_prop:s0
55
56persist.audio.          u:object_r:audio_prop:s0
57persist.bluetooth.      u:object_r:bluetooth_prop:s0
58persist.nfc_cfg.        u:object_r:nfc_prop:s0
59persist.debug.          u:object_r:persist_debug_prop:s0
60persist.logd.           u:object_r:logd_prop:s0
61ro.logd.                u:object_r:logd_prop:s0
62persist.logd.security   u:object_r:device_logging_prop:s0
63persist.logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
64logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
65persist.log.tag         u:object_r:log_tag_prop:s0
66persist.mmc.            u:object_r:mmc_prop:s0
67persist.netd.stable_secret      u:object_r:netd_stable_secret_prop:s0
68persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0
69persist.sys.            u:object_r:system_prop:s0
70persist.sys.safemode    u:object_r:safemode_prop:s0
71persist.sys.theme       u:object_r:theme_prop:s0
72persist.sys.fflag.override.settings_dynamic_system    u:object_r:dynamic_system_prop:s0
73ro.sys.safemode         u:object_r:safemode_prop:s0
74persist.sys.audit_safemode      u:object_r:safemode_prop:s0
75persist.sys.dalvik.jvmtiagent   u:object_r:system_jvmti_agent_prop:s0
76persist.service.        u:object_r:system_prop:s0
77persist.service.bdroid. u:object_r:bluetooth_prop:s0
78persist.security.       u:object_r:system_prop:s0
79persist.traced.enable   u:object_r:traced_enabled_prop:s0
80traced.lazy.            u:object_r:traced_lazy_prop:s0
81persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
82persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
83persist.vendor.overlay.  u:object_r:overlay_prop:s0
84ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
85ro.boottime.             u:object_r:boottime_prop:s0
86ro.serialno             u:object_r:serialno_prop:s0
87ro.boot.btmacaddr       u:object_r:bluetooth_prop:s0
88ro.boot.serialno        u:object_r:serialno_prop:s0
89ro.bt.                  u:object_r:bluetooth_prop:s0
90ro.boot.bootreason      u:object_r:bootloader_boot_reason_prop:s0
91persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
92sys.boot.reason         u:object_r:system_boot_reason_prop:s0
93sys.boot.reason.last    u:object_r:last_boot_reason_prop:s0
94pm.                     u:object_r:pm_prop:s0
95test.sys.boot.reason    u:object_r:test_boot_reason_prop:s0
96test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0
97sys.lmk.                u:object_r:system_lmk_prop:s0
98sys.trace.              u:object_r:system_trace_prop:s0
99
100# Fastbootd protocol control property
101fastbootd.protocol    u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
102
103# Boolean property set by system server upon boot indicating
104# if device is fully owned by organization instead of being
105# a personal device.
106ro.organization_owned   u:object_r:device_logging_prop:s0
107
108# selinux non-persistent properties
109selinux.restorecon_recursive   u:object_r:restorecon_prop:s0
110
111# default property context
112*                       u:object_r:default_prop:s0
113
114# data partition encryption properties
115vold.                   u:object_r:vold_prop:s0
116ro.crypto.              u:object_r:vold_prop:s0
117
118# ro.build.fingerprint is either set in /system/build.prop, or is
119# set at runtime by system_server.
120ro.build.fingerprint    u:object_r:fingerprint_prop:s0
121
122ro.persistent_properties.ready  u:object_r:persistent_properties_ready_prop:s0
123
124# ctl properties
125ctl.bootanim            u:object_r:ctl_bootanim_prop:s0
126ctl.dumpstate           u:object_r:ctl_dumpstate_prop:s0
127ctl.fuse_               u:object_r:ctl_fuse_prop:s0
128ctl.mdnsd               u:object_r:ctl_mdnsd_prop:s0
129ctl.ril-daemon          u:object_r:ctl_rildaemon_prop:s0
130ctl.bugreport           u:object_r:ctl_bugreport_prop:s0
131ctl.console             u:object_r:ctl_console_prop:s0
132ctl.                    u:object_r:ctl_default_prop:s0
133
134# Don't allow blind access to all services
135ctl.sigstop_on$         u:object_r:ctl_sigstop_prop:s0
136ctl.sigstop_off$        u:object_r:ctl_sigstop_prop:s0
137ctl.start$              u:object_r:ctl_start_prop:s0
138ctl.stop$               u:object_r:ctl_stop_prop:s0
139ctl.restart$            u:object_r:ctl_restart_prop:s0
140ctl.interface_start$    u:object_r:ctl_interface_start_prop:s0
141ctl.interface_stop$     u:object_r:ctl_interface_stop_prop:s0
142ctl.interface_restart$  u:object_r:ctl_interface_restart_prop:s0
143
144 # Restrict access to starting/stopping adbd
145ctl.start$adbd             u:object_r:ctl_adbd_prop:s0
146ctl.stop$adbd              u:object_r:ctl_adbd_prop:s0
147ctl.restart$adbd           u:object_r:ctl_adbd_prop:s0
148
149# Restrict access to starting/stopping gsid.
150ctl.start$gsid          u:object_r:ctl_gsid_prop:s0
151ctl.stop$gsid           u:object_r:ctl_gsid_prop:s0
152ctl.restart$gsid        u:object_r:ctl_gsid_prop:s0
153
154# Restrict access to stopping apexd.
155ctl.stop$apexd          u:object_r:ctl_apexd_prop:s0
156
157# Restrict access to restart dumpstate
158ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
159
160# NFC properties
161nfc.                    u:object_r:nfc_prop:s0
162
163# These properties are not normally set by processes other than init.
164# They are only distinguished here for setting by qemu-props on the
165# emulator/goldfish.
166config.                 u:object_r:config_prop:s0
167ro.config.              u:object_r:config_prop:s0
168dalvik.                 u:object_r:dalvik_prop:s0
169ro.dalvik.              u:object_r:dalvik_prop:s0
170
171# Shared between system server and wificond
172wifi.                   u:object_r:wifi_prop:s0
173wlan.                   u:object_r:wifi_prop:s0
174
175# Lowpan properties
176lowpan.                 u:object_r:lowpan_prop:s0
177ro.lowpan.              u:object_r:lowpan_prop:s0
178
179# heapprofd properties
180heapprofd.              u:object_r:heapprofd_prop:s0
181
182# hwservicemanager properties
183hwservicemanager.       u:object_r:hwservicemanager_prop:s0
184
185# Common default properties for vendor and odm.
186init.svc.odm.           u:object_r:vendor_default_prop:s0
187init.svc.vendor.        u:object_r:vendor_default_prop:s0
188ro.hardware.            u:object_r:vendor_default_prop:s0
189ro.odm.                 u:object_r:vendor_default_prop:s0
190ro.vendor.              u:object_r:vendor_default_prop:s0
191odm.                    u:object_r:vendor_default_prop:s0
192persist.odm.            u:object_r:vendor_default_prop:s0
193persist.vendor.         u:object_r:vendor_default_prop:s0
194vendor.                 u:object_r:vendor_default_prop:s0
195# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned.
196ro.boot.                u:object_r:exported2_default_prop:s0
197
198# Properties that relate to time / time zone detection behavior.
199persist.time.           u:object_r:time_prop:s0
200
201# Properties that relate to server configurable flags
202device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
203persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0
204persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
205persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
206persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0
207persist.device_config.runtime_native.        u:object_r:device_config_runtime_native_prop:s0
208persist.device_config.runtime_native_boot.   u:object_r:device_config_runtime_native_boot_prop:s0
209persist.device_config.media_native.          u:object_r:device_config_media_native_prop:s0
210persist.device_config.storage_native_boot.   u:object_r:device_config_storage_native_boot_prop:s0
211persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
212persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
213
214# Properties that relate to legacy server configurable flags
215persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
216
217apexd.                  u:object_r:apexd_prop:s0
218persist.apexd.          u:object_r:apexd_prop:s0
219
220bpf.progs_loaded        u:object_r:bpf_progs_loaded_prop:s0
221
222gsid.                   u:object_r:gsid_prop:s0
223ro.gsid.                u:object_r:gsid_prop:s0
224
225# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
226# which can't use NNAPI vendor extensions).
227ro.nnapi.extensions.deny_on_product                u:object_r:nnapi_ext_deny_product_prop:s0
228
229# Property that is set once ueventd finishes cold boot.
230ro.cold_boot_done       u:object_r:cold_boot_done_prop:s0
231
232# Charger properties
233ro.charger.             u:object_r:charger_prop:s0
234
235# Virtual A/B properties
236ro.virtual_ab.enabled   u:object_r:virtual_ab_prop:s0
237ro.virtual_ab.retrofit  u:object_r:virtual_ab_prop:s0
238
239# Property to set/clear the warm reset flag after an OTA update.
240ota.warm_reset  u:object_r:ota_prop:s0
241
242# Module properties
243com.android.sdkext.                  u:object_r:module_sdkextensions_prop:s0
244persist.com.android.sdkext.          u:object_r:module_sdkextensions_prop:s0
245
246# Userspace reboot properties
247sys.userspace_reboot.log.         u:object_r:userspace_reboot_log_prop:s0
248persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
249
250# Integer property which is used in libgui to configure the number of frames
251# tracked by buffer queue's frame event timing history. The property is set
252# by devices with video decoding pipelines long enough to overflow the default
253# history size.
254ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
255
256# Property to enable incremental feature
257ro.incremental.enable      u:object_r:incremental_prop:s0
258
259# Properties to configure userspace reboot.
260init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
261init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
262init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
263init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
264init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
265init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
266
267# surfaceflinger-settable
268graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool
269