607 lines
29 KiB
Plaintext
607 lines
29 KiB
Plaintext
# Filesystem types
|
|
type labeledfs, fs_type;
|
|
type pipefs, fs_type;
|
|
type sockfs, fs_type;
|
|
type rootfs, fs_type;
|
|
type proc, fs_type, proc_type;
|
|
type binderfs, fs_type;
|
|
type binderfs_logs, fs_type;
|
|
type binderfs_logs_proc, fs_type;
|
|
# Security-sensitive proc nodes that should not be writable to most.
|
|
type proc_security, fs_type, proc_type;
|
|
type proc_drop_caches, fs_type, proc_type;
|
|
type proc_overcommit_memory, fs_type, proc_type;
|
|
type proc_min_free_order_shift, fs_type, proc_type;
|
|
type proc_kpageflags, fs_type, proc_type;
|
|
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
|
|
type usermodehelper, fs_type, proc_type;
|
|
type sysfs_usermodehelper, fs_type, sysfs_type;
|
|
type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
|
|
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
|
|
type proc_bluetooth_writable, fs_type, proc_type;
|
|
type proc_abi, fs_type, proc_type;
|
|
type proc_asound, fs_type, proc_type;
|
|
type proc_bootconfig, fs_type, proc_type;
|
|
type proc_buddyinfo, fs_type, proc_type;
|
|
type proc_cmdline, fs_type, proc_type;
|
|
type proc_cpuinfo, fs_type, proc_type;
|
|
type proc_dirty, fs_type, proc_type;
|
|
type proc_diskstats, fs_type, proc_type;
|
|
type proc_extra_free_kbytes, fs_type, proc_type;
|
|
type proc_filesystems, fs_type, proc_type;
|
|
type proc_fs_verity, fs_type, proc_type;
|
|
type proc_hostname, fs_type, proc_type;
|
|
type proc_hung_task, fs_type, proc_type;
|
|
type proc_interrupts, fs_type, proc_type;
|
|
type proc_iomem, fs_type, proc_type;
|
|
type proc_kallsyms, fs_type, proc_type;
|
|
type proc_keys, fs_type, proc_type;
|
|
type proc_kmsg, fs_type, proc_type;
|
|
type proc_loadavg, fs_type, proc_type;
|
|
type proc_locks, fs_type, proc_type;
|
|
type proc_lowmemorykiller, fs_type, proc_type;
|
|
type proc_max_map_count, fs_type, proc_type;
|
|
type proc_meminfo, fs_type, proc_type;
|
|
type proc_misc, fs_type, proc_type;
|
|
type proc_modules, fs_type, proc_type;
|
|
type proc_mounts, fs_type, proc_type;
|
|
type proc_net, fs_type, proc_type, proc_net_type;
|
|
type proc_net_tcp_udp, fs_type, proc_type;
|
|
type proc_page_cluster, fs_type, proc_type;
|
|
type proc_pagetypeinfo, fs_type, proc_type;
|
|
type proc_panic, fs_type, proc_type;
|
|
type proc_perf, fs_type, proc_type;
|
|
type proc_pid_max, fs_type, proc_type;
|
|
type proc_pipe_conf, fs_type, proc_type;
|
|
type proc_pressure_cpu, fs_type, proc_type;
|
|
type proc_pressure_io, fs_type, proc_type;
|
|
type proc_pressure_mem, fs_type, proc_type;
|
|
type proc_random, fs_type, proc_type;
|
|
type proc_sched, fs_type, proc_type;
|
|
type proc_slabinfo, fs_type, proc_type;
|
|
type proc_stat, fs_type, proc_type;
|
|
type proc_swaps, fs_type, proc_type;
|
|
type proc_sysrq, fs_type, proc_type;
|
|
type proc_timer, fs_type, proc_type;
|
|
type proc_tty_drivers, fs_type, proc_type;
|
|
type proc_uid_cputime_showstat, fs_type, proc_type;
|
|
type proc_uid_cputime_removeuid, fs_type, proc_type;
|
|
type proc_uid_io_stats, fs_type, proc_type;
|
|
type proc_uid_procstat_set, fs_type, proc_type;
|
|
type proc_uid_time_in_state, fs_type, proc_type;
|
|
type proc_uid_concurrent_active_time, fs_type, proc_type;
|
|
type proc_uid_concurrent_policy_time, fs_type, proc_type;
|
|
type proc_uid_cpupower, fs_type, proc_type;
|
|
type proc_uptime, fs_type, proc_type;
|
|
type proc_version, fs_type, proc_type;
|
|
type proc_vmallocinfo, fs_type, proc_type;
|
|
type proc_vmstat, fs_type, proc_type;
|
|
type proc_zoneinfo, fs_type, proc_type;
|
|
type proc_vendor_sched, proc_type, fs_type;
|
|
type selinuxfs, fs_type, mlstrustedobject;
|
|
type fusectlfs, fs_type;
|
|
type cgroup, fs_type, mlstrustedobject;
|
|
type cgroup_v2, fs_type;
|
|
type sysfs, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_android_usb, fs_type, sysfs_type;
|
|
type sysfs_uio, sysfs_type, fs_type;
|
|
type sysfs_batteryinfo, fs_type, sysfs_type;
|
|
type sysfs_block, fs_type, sysfs_type, sysfs_block_type;
|
|
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_devfreq_cur, fs_type, sysfs_type;
|
|
type sysfs_devfreq_dir, fs_type, sysfs_type;
|
|
type sysfs_devices_block, fs_type, sysfs_type;
|
|
type sysfs_dm, fs_type, sysfs_type;
|
|
type sysfs_dm_verity, fs_type, sysfs_type;
|
|
type sysfs_dma_heap, fs_type, sysfs_type;
|
|
type sysfs_dmabuf_stats, fs_type, sysfs_type;
|
|
type sysfs_dt_firmware_android, fs_type, sysfs_type;
|
|
type sysfs_extcon, fs_type, sysfs_type;
|
|
type sysfs_ion, fs_type, sysfs_type;
|
|
type sysfs_ipv4, fs_type, sysfs_type;
|
|
type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_leds, fs_type, sysfs_type;
|
|
type sysfs_loop, fs_type, sysfs_type;
|
|
type sysfs_hwrandom, fs_type, sysfs_type;
|
|
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_wake_lock, fs_type, sysfs_type;
|
|
type sysfs_net, fs_type, sysfs_type;
|
|
type sysfs_power, fs_type, sysfs_type;
|
|
type sysfs_rtc, fs_type, sysfs_type;
|
|
type sysfs_suspend_stats, fs_type, sysfs_type;
|
|
type sysfs_switch, fs_type, sysfs_type;
|
|
type sysfs_transparent_hugepage, fs_type, sysfs_type;
|
|
type sysfs_usb, fs_type, sysfs_type;
|
|
type sysfs_wakeup, fs_type, sysfs_type;
|
|
type sysfs_wakeup_reasons, fs_type, sysfs_type;
|
|
type sysfs_fs_ext4_features, sysfs_type, fs_type;
|
|
type sysfs_fs_f2fs, sysfs_type, fs_type;
|
|
type sysfs_fs_incfs_features, sysfs_type, fs_type;
|
|
type sysfs_fs_incfs_metrics, sysfs_type, fs_type;
|
|
type sysfs_vendor_sched, sysfs_type, fs_type;
|
|
userdebug_or_eng(`
|
|
typeattribute sysfs_vendor_sched mlstrustedobject;
|
|
')
|
|
type fs_bpf, fs_type;
|
|
type fs_bpf_tethering, fs_type;
|
|
type configfs, fs_type;
|
|
# /sys/devices/cs_etm
|
|
type sysfs_devices_cs_etm, fs_type, sysfs_type;
|
|
# /sys/devices/system/cpu
|
|
type sysfs_devices_system_cpu, fs_type, sysfs_type;
|
|
# /sys/module/lowmemorykiller
|
|
type sysfs_lowmemorykiller, fs_type, sysfs_type;
|
|
# /sys/module/wlan/parameters/fwpath
|
|
type sysfs_wlan_fwpath, fs_type, sysfs_type;
|
|
type sysfs_vibrator, fs_type, sysfs_type;
|
|
type sysfs_uhid, fs_type, sysfs_type;
|
|
type sysfs_thermal, sysfs_type, fs_type;
|
|
|
|
type sysfs_zram, fs_type, sysfs_type;
|
|
type sysfs_zram_uevent, fs_type, sysfs_type;
|
|
type inotify, fs_type, mlstrustedobject;
|
|
type devpts, fs_type, mlstrustedobject;
|
|
type tmpfs, fs_type;
|
|
type shm, fs_type;
|
|
type mqueue, fs_type;
|
|
type fuse, sdcard_type, fs_type, mlstrustedobject;
|
|
type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
|
|
type vfat, sdcard_type, fs_type, mlstrustedobject;
|
|
type exfat, sdcard_type, fs_type, mlstrustedobject;
|
|
type debugfs, fs_type, debugfs_type;
|
|
type debugfs_kprobes, fs_type, debugfs_type;
|
|
type debugfs_mmc, fs_type, debugfs_type;
|
|
type debugfs_mm_events_tracing, fs_type, debugfs_type, tracefs_type;
|
|
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject, tracefs_type;
|
|
type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject, tracefs_type;
|
|
type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject, tracefs_type;
|
|
type debugfs_tracing_instances, fs_type, debugfs_type, tracefs_type;
|
|
type debugfs_tracing_printk_formats, fs_type, debugfs_type, tracefs_type;
|
|
type debugfs_wakeup_sources, fs_type, debugfs_type;
|
|
type debugfs_wifi_tracing, fs_type, debugfs_type, tracefs_type;
|
|
type securityfs, fs_type;
|
|
|
|
type pstorefs, fs_type;
|
|
type functionfs, fs_type, mlstrustedobject;
|
|
type oemfs, fs_type, contextmount_type;
|
|
type usbfs, fs_type;
|
|
type binfmt_miscfs, fs_type;
|
|
type app_fusefs, fs_type, contextmount_type;
|
|
|
|
# File types
|
|
type unlabeled, file_type;
|
|
|
|
# Default type for anything under /system.
|
|
type system_file, system_file_type, file_type;
|
|
# Default type for /system/asan.options
|
|
type system_asan_options_file, system_file_type, file_type;
|
|
# Type for /system/etc/event-log-tags (liblog implementation detail)
|
|
type system_event_log_tags_file, system_file_type, file_type;
|
|
# Default type for anything under /system/lib[64].
|
|
type system_lib_file, system_file_type, file_type;
|
|
# system libraries that are available only to bootstrap processes
|
|
type system_bootstrap_lib_file, system_file_type, file_type;
|
|
# Default type for the group file /system/etc/group.
|
|
type system_group_file, system_file_type, file_type;
|
|
# Default type for linker executable /system/bin/linker[64].
|
|
type system_linker_exec, system_file_type, file_type;
|
|
# Default type for linker config /system/etc/ld.config.*.
|
|
type system_linker_config_file, system_file_type, file_type;
|
|
# Default type for the passwd file /system/etc/passwd.
|
|
type system_passwd_file, system_file_type, file_type;
|
|
# Default type for linker config /system/etc/seccomp_policy/*.
|
|
type system_seccomp_policy_file, system_file_type, file_type;
|
|
# Default type for cacerts in /system/etc/security/cacerts/*.
|
|
type system_security_cacerts_file, system_file_type, file_type;
|
|
# Default type for /system/bin/tcpdump.
|
|
type tcpdump_exec, system_file_type, exec_type, file_type;
|
|
# Default type for zoneinfo files in /system/usr/share/zoneinfo/*.
|
|
type system_zoneinfo_file, system_file_type, file_type;
|
|
# Cgroups description file under /system/etc/cgroups.json
|
|
type cgroup_desc_file, system_file_type, file_type;
|
|
# Cgroups description file under /system/etc/task_profiles/cgroups_*.json
|
|
type cgroup_desc_api_file, system_file_type, file_type;
|
|
# Vendor cgroups description file under /vendor/etc/cgroups.json
|
|
type vendor_cgroup_desc_file, vendor_file_type, file_type;
|
|
# Task profiles file under /system/etc/task_profiles.json
|
|
type task_profiles_file, system_file_type, file_type;
|
|
# Task profiles file under /system/etc/task_profiles/task_profiles_*.json
|
|
type task_profiles_api_file, system_file_type, file_type;
|
|
# Vendor task profiles file under /vendor/etc/task_profiles.json
|
|
type vendor_task_profiles_file, vendor_file_type, file_type;
|
|
# Type for /system/apex/com.android.art
|
|
type art_apex_dir, system_file_type, file_type;
|
|
# /linkerconfig(/.*)?
|
|
type linkerconfig_file, file_type;
|
|
# Control files under /data/incremental
|
|
type incremental_control_file, file_type, data_file_type, core_data_file_type;
|
|
|
|
# Default type for directories search for
|
|
# HAL implementations
|
|
type vendor_hal_file, vendor_file_type, file_type;
|
|
# Default type for under /vendor or /system/vendor
|
|
type vendor_file, vendor_file_type, file_type;
|
|
# Default type for everything in /vendor/app
|
|
type vendor_app_file, vendor_file_type, file_type;
|
|
# Default type for everything under /vendor/etc/
|
|
type vendor_configs_file, vendor_file_type, file_type;
|
|
# Default type for all *same process* HALs and their lib/bin dependencies.
|
|
# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so
|
|
type same_process_hal_file, vendor_file_type, file_type;
|
|
# Default type for vndk-sp libs. /vendor/lib/vndk-sp
|
|
type vndk_sp_file, vendor_file_type, file_type;
|
|
# Default type for everything in /vendor/framework
|
|
type vendor_framework_file, vendor_file_type, file_type;
|
|
# Default type for everything in /vendor/overlay
|
|
type vendor_overlay_file, vendor_file_type, file_type;
|
|
# Type for all vendor public libraries. These libs should only be exposed to
|
|
# apps. ABI stability of these libs is vendor's responsibility.
|
|
type vendor_public_lib_file, vendor_file_type, file_type;
|
|
# Type for all vendor public libraries for system. These libs should only be exposed to
|
|
# system. ABI stability of these libs is vendor's responsibility.
|
|
type vendor_public_framework_file, vendor_file_type, file_type;
|
|
|
|
# Input configuration
|
|
type vendor_keylayout_file, vendor_file_type, file_type;
|
|
type vendor_keychars_file, vendor_file_type, file_type;
|
|
type vendor_idc_file, vendor_file_type, file_type;
|
|
|
|
# /metadata partition itself
|
|
type metadata_file, file_type;
|
|
# Vold files within /metadata
|
|
type vold_metadata_file, file_type;
|
|
# GSI files within /metadata
|
|
type gsi_metadata_file, gsi_metadata_file_type, file_type;
|
|
# DSU (GSI) files within /metadata that are globally readable.
|
|
type gsi_public_metadata_file, gsi_metadata_file_type, file_type;
|
|
# system_server shares Weaver slot information in /metadata
|
|
type password_slot_metadata_file, file_type;
|
|
# APEX files within /metadata
|
|
type apex_metadata_file, file_type;
|
|
# libsnapshot files within /metadata
|
|
type ota_metadata_file, file_type;
|
|
# property files within /metadata/bootstat
|
|
type metadata_bootstat_file, file_type;
|
|
# userspace reboot files within /metadata/userspacereboot
|
|
type userspace_reboot_metadata_file, file_type;
|
|
# Staged install files within /metadata/staged-install
|
|
type staged_install_file, file_type;
|
|
# Metadata information within /metadata/watchdog
|
|
type watchdog_metadata_file, file_type;
|
|
|
|
# Type for /dev/cpu_variant:.*.
|
|
type dev_cpu_variant, file_type;
|
|
# Speedup access for trusted applications to the runtime event tags
|
|
type runtime_event_log_tags_file, file_type;
|
|
# Type for /system/bin/logcat.
|
|
type logcat_exec, system_file_type, exec_type, file_type;
|
|
# Speedup access to cgroup map file
|
|
type cgroup_rc_file, file_type;
|
|
# /cores for coredumps on userdebug / eng builds
|
|
type coredump_file, file_type;
|
|
# Type of /data itself
|
|
type system_data_root_file, file_type, data_file_type, core_data_file_type;
|
|
# Default type for anything under /data.
|
|
type system_data_file, file_type, data_file_type, core_data_file_type;
|
|
# Type for /data/system/packages.list.
|
|
# TODO(b/129332765): Narrow down permissions to this.
|
|
# Find out users of system_data_file that should be granted only this.
|
|
type packages_list_file, file_type, data_file_type, core_data_file_type;
|
|
# Default type for anything under /data/vendor{_ce,_de}.
|
|
type vendor_data_file, file_type, data_file_type;
|
|
# Unencrypted data
|
|
type unencrypted_data_file, file_type, data_file_type, core_data_file_type;
|
|
# installd-create files in /data/misc/installd such as layout_version
|
|
type install_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/drm - DRM plugin data
|
|
type drm_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/adb - adb debugging files
|
|
type adb_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/anr - ANR traces
|
|
type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/tombstones - core dumps
|
|
type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/vendor/tombstones/wifi - vendor wifi dumps
|
|
type tombstone_wifi_data_file, file_type, data_file_type;
|
|
# /data/apex - APEX data files
|
|
type apex_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/app - user-installed apps
|
|
type apk_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/app-private - forward-locked apps
|
|
type apk_private_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/dalvik-cache
|
|
type dalvikcache_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/ota
|
|
type ota_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/ota_package
|
|
type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/misc/profiles
|
|
type user_profile_root_file, file_type, data_file_type, core_data_file_type;
|
|
type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/misc/profman
|
|
type profman_dump_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/misc/prereboot
|
|
type prereboot_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/resource-cache
|
|
type resourcecache_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/local - writable by shell
|
|
type shell_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
|
|
# /data/property
|
|
type property_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/bootchart
|
|
type bootchart_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/system/dropbox
|
|
type dropbox_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/system/heapdump
|
|
type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/nativetest
|
|
type nativetest_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/local/tests
|
|
type shell_test_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/system_de/0/ringtones
|
|
type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# /data/preloads
|
|
type preloads_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/preloads/media
|
|
type preloads_media_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/misc/dhcp and /data/misc/dhcp-6.8.2
|
|
type dhcp_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/server_configurable_flags
|
|
type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/app-staging
|
|
type staging_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /vendor/apex
|
|
type vendor_apex_file, vendor_file_type, file_type;
|
|
|
|
# Mount locations managed by vold
|
|
type mnt_media_rw_file, file_type;
|
|
type mnt_user_file, file_type;
|
|
type mnt_pass_through_file, file_type;
|
|
type mnt_expand_file, file_type;
|
|
type mnt_sdcard_file, file_type;
|
|
type storage_file, file_type;
|
|
|
|
# Label for storage dirs which are just mount stubs
|
|
type mnt_media_rw_stub_file, file_type;
|
|
type storage_stub_file, file_type;
|
|
|
|
# Mount location for read-write vendor partitions.
|
|
type mnt_vendor_file, file_type;
|
|
|
|
# Mount location for read-write product partitions.
|
|
type mnt_product_file, file_type;
|
|
|
|
# Mount point used for APEX images
|
|
type apex_mnt_dir, file_type;
|
|
|
|
# /apex/apex-info-list.xml created by apexd
|
|
type apex_info_file, file_type;
|
|
|
|
# /postinstall: Mount point used by update_engine to run postinstall.
|
|
type postinstall_mnt_dir, file_type;
|
|
# Files inside the /postinstall mountpoint are all labeled as postinstall_file.
|
|
type postinstall_file, file_type;
|
|
# /postinstall/apex: Mount point used for APEX images within /postinstall.
|
|
type postinstall_apex_mnt_dir, file_type;
|
|
|
|
# /data_mirror: Contains mirror directory for storing all apps data.
|
|
type mirror_data_file, file_type, core_data_file_type;
|
|
|
|
# /data/misc subdirectories
|
|
type adb_keys_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_module_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_permission_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type;
|
|
type apex_wifi_data_file, file_type, data_file_type, core_data_file_type;
|
|
type appcompat_data_file, file_type, data_file_type, core_data_file_type;
|
|
type audio_data_file, file_type, data_file_type, core_data_file_type;
|
|
type audioserver_data_file, file_type, data_file_type, core_data_file_type;
|
|
type bluetooth_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
|
type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type;
|
|
type bootstat_data_file, file_type, data_file_type, core_data_file_type;
|
|
type boottrace_data_file, file_type, data_file_type, core_data_file_type;
|
|
type camera_data_file, file_type, data_file_type, core_data_file_type;
|
|
type credstore_data_file, file_type, data_file_type, core_data_file_type;
|
|
type gatekeeper_data_file, file_type, data_file_type, core_data_file_type;
|
|
type incident_data_file, file_type, data_file_type, core_data_file_type;
|
|
type keychain_data_file, file_type, data_file_type, core_data_file_type;
|
|
type keystore_data_file, file_type, data_file_type, core_data_file_type;
|
|
type media_data_file, file_type, data_file_type, core_data_file_type;
|
|
type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
type misc_user_data_file, file_type, data_file_type, core_data_file_type;
|
|
type net_data_file, file_type, data_file_type, core_data_file_type;
|
|
type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
|
|
type nfc_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
|
type nfc_logs_data_file, file_type, data_file_type, core_data_file_type;
|
|
type radio_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
|
|
type recovery_data_file, file_type, data_file_type, core_data_file_type;
|
|
type shared_relro_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type;
|
|
type stats_data_file, file_type, data_file_type, core_data_file_type;
|
|
type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
|
|
type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
|
|
type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
type vpn_data_file, file_type, data_file_type, core_data_file_type;
|
|
type wifi_data_file, file_type, data_file_type, core_data_file_type;
|
|
type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
|
|
type vold_data_file, file_type, data_file_type, core_data_file_type;
|
|
type iorapd_data_file, file_type, data_file_type, core_data_file_type;
|
|
type tee_data_file, file_type, data_file_type;
|
|
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
|
|
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/misc/trace for method traces on userdebug / eng builds
|
|
type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
type gsi_data_file, file_type, data_file_type, core_data_file_type;
|
|
type radio_core_data_file, file_type, data_file_type, core_data_file_type;
|
|
|
|
# /data/data subdirectories - app sandboxes
|
|
type app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
|
# /data/data subdirectories - priv-app sandboxes
|
|
type privapp_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
|
# /data/data subdirectory for system UID apps.
|
|
type system_app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
|
|
# Compatibility with type name used in Android 4.3 and 4.4.
|
|
# Default type for anything under /cache
|
|
type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# Type for /cache/overlay /mnt/scratch/overlay
|
|
type overlayfs_file, file_type, data_file_type, core_data_file_type;
|
|
# Type for /cache/backup_stage/* (fd interchange with apps)
|
|
type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# type for anything under /cache/backup (local transport storage)
|
|
type cache_private_backup_file, file_type, data_file_type, core_data_file_type;
|
|
# Type for anything under /cache/recovery
|
|
type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# Default type for anything under /efs
|
|
type efs_file, file_type;
|
|
# Type for wallpaper file.
|
|
type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# Type for shortcut manager icon file.
|
|
type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# Type for user icon file.
|
|
type icon_file, file_type, data_file_type, core_data_file_type;
|
|
# /mnt/asec
|
|
type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# Elements of asec files (/mnt/asec) that are world readable
|
|
type asec_public_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/app-asec
|
|
type asec_image_file, file_type, data_file_type, core_data_file_type;
|
|
# /data/backup and /data/secure/backup
|
|
type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# All devices have bluetooth efs files. But they
|
|
# vary per device, so this type is used in per
|
|
# device policy
|
|
type bluetooth_efs_file, file_type;
|
|
# Type for fingerprint template file
|
|
type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
|
|
# Type for _new_ fingerprint template file
|
|
type fingerprint_vendor_data_file, file_type, data_file_type;
|
|
# Type for appfuse file.
|
|
type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
|
# Type for face template file
|
|
type face_vendor_data_file, file_type, data_file_type;
|
|
# Type for iris template file
|
|
type iris_vendor_data_file, file_type, data_file_type;
|
|
|
|
# Socket types
|
|
type adbd_socket, file_type, coredomain_socket;
|
|
type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
|
|
type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type dumpstate_socket, file_type, coredomain_socket;
|
|
type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type lmkd_socket, file_type, coredomain_socket;
|
|
type logd_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type logdr_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type logdw_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type mdns_socket, file_type, coredomain_socket;
|
|
type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type;
|
|
type mtpd_socket, file_type, coredomain_socket;
|
|
type property_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type racoon_socket, file_type, coredomain_socket;
|
|
type recovery_socket, file_type, coredomain_socket;
|
|
type rild_socket, file_type;
|
|
type rild_debug_socket, file_type;
|
|
type snapuserd_socket, file_type, coredomain_socket;
|
|
type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
|
|
type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
|
|
type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
|
|
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
|
|
type tombstoned_intercept_socket, file_type, coredomain_socket;
|
|
type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
type uncrypt_socket, file_type, coredomain_socket;
|
|
type wpa_socket, file_type, data_file_type, core_data_file_type;
|
|
type zygote_socket, file_type, coredomain_socket;
|
|
type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject;
|
|
# UART (for GPS) control proc file
|
|
type gps_control, file_type;
|
|
|
|
# PDX endpoint types
|
|
type pdx_display_dir, pdx_endpoint_dir_type, file_type;
|
|
type pdx_performance_dir, pdx_endpoint_dir_type, file_type;
|
|
type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type;
|
|
|
|
pdx_service_socket_types(display_client, pdx_display_dir)
|
|
pdx_service_socket_types(display_manager, pdx_display_dir)
|
|
pdx_service_socket_types(display_screenshot, pdx_display_dir)
|
|
pdx_service_socket_types(display_vsync, pdx_display_dir)
|
|
pdx_service_socket_types(performance_client, pdx_performance_dir)
|
|
pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir)
|
|
|
|
# file_contexts files
|
|
type file_contexts_file, system_file_type, file_type;
|
|
|
|
# mac_permissions file
|
|
type mac_perms_file, system_file_type, file_type;
|
|
|
|
# property_contexts file
|
|
type property_contexts_file, system_file_type, file_type;
|
|
|
|
# seapp_contexts file
|
|
type seapp_contexts_file, system_file_type, file_type;
|
|
|
|
# sepolicy files binary and others
|
|
type sepolicy_file, system_file_type, file_type;
|
|
|
|
# service_contexts file
|
|
type service_contexts_file, system_file_type, file_type;
|
|
|
|
# keystore2_key_contexts_file
|
|
type keystore2_key_contexts_file, system_file_type, file_type;
|
|
|
|
# vendor service_contexts file
|
|
type vendor_service_contexts_file, vendor_file_type, file_type;
|
|
|
|
# nonplat service_contexts file (only accessible on non full-treble devices)
|
|
type nonplat_service_contexts_file, vendor_file_type, file_type;
|
|
|
|
# hwservice_contexts file
|
|
type hwservice_contexts_file, system_file_type, file_type;
|
|
|
|
# vndservice_contexts file
|
|
type vndservice_contexts_file, file_type;
|
|
|
|
# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions.
|
|
type debugfs_bootreceiver_tracing, fs_type, debugfs_type, tracefs_type;
|
|
|
|
# kernel modules
|
|
type vendor_kernel_modules, vendor_file_type, file_type;
|
|
|
|
# Allow files to be created in their appropriate filesystems.
|
|
allow fs_type self:filesystem associate;
|
|
allow cgroup tmpfs:filesystem associate;
|
|
allow cgroup_v2 tmpfs:filesystem associate;
|
|
allow cgroup_rc_file tmpfs:filesystem associate;
|
|
allow sysfs_type sysfs:filesystem associate;
|
|
allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate;
|
|
allow file_type labeledfs:filesystem associate;
|
|
allow file_type tmpfs:filesystem associate;
|
|
allow file_type rootfs:filesystem associate;
|
|
allow dev_type tmpfs:filesystem associate;
|
|
allow app_fuse_file app_fusefs:filesystem associate;
|
|
allow postinstall_file self:filesystem associate;
|
|
allow proc_net proc:filesystem associate;
|
|
|
|
# asanwrapper (run a sanitized app_process, to be used with wrap properties)
|
|
with_asan(`type asanwrapper_exec, exec_type, file_type;')
|
|
|
|
# Deprecated in SDK version 28
|
|
type audiohal_data_file, file_type, data_file_type, core_data_file_type;
|
|
|
|
# It's a bug to assign the file_type attribute and fs_type attribute
|
|
# to any type. Do not allow it.
|
|
#
|
|
# For example, the following is a bug:
|
|
# type apk_data_file, file_type, data_file_type, fs_type;
|
|
# Should be:
|
|
# type apk_data_file, file_type, data_file_type;
|
|
neverallow fs_type file_type:filesystem associate;
|