platform_system_sepolicy/private/file_contexts

###########################################
# Entries in this file describe the security context associated with a file
# path. They are used when building the device image, to include the security
# context within the extended file attributes of the file system. They are also
# used at runtime when calling restorecon.
#
# Entries are merged with other file_contexts from other partitions (e.g.,
# vendor or odm, see the full list at libselinux/src/android/android.c).
#
# The entries are evaluated by the following rules:
# - Static entries (that is, not using regular expressions) are always
#   evaluated first.
# - The first matching entry is used.
# - Entries are evaluated from the bottom to the top.
#
# Based on these rules, it is recommended that the less specific entries appear
# first. For instance:
#    /dev(/.*)?        u:object_r:device:s0
#    /dev/block(/.*)?  u:object_r:block_device:s0
#    /dev/block/my_dev u:object_r:my_dev:s0
#

# Root
/                   u:object_r:rootfs:s0

# Data files
/adb_keys           u:object_r:adb_keys_file:s0
/build\.prop        u:object_r:rootfs:s0
/default\.prop      u:object_r:rootfs:s0
/fstab\..*          u:object_r:rootfs:s0
/init\..*           u:object_r:rootfs:s0
/res(/.*)?          u:object_r:rootfs:s0
/selinux_version    u:object_r:rootfs:s0
/ueventd\..*        u:object_r:rootfs:s0
/verity_key         u:object_r:rootfs:s0

# Executables
/init               u:object_r:init_exec:s0
/sbin(/.*)?         u:object_r:rootfs:s0

# For kernel modules
/lib(/.*)?          u:object_r:rootfs:s0
/system_dlkm(/.*)?  u:object_r:system_dlkm_file:s0

# Empty directories
/lost\+found        u:object_r:rootfs:s0
/acct               u:object_r:cgroup:s0
/config             u:object_r:rootfs:s0
/data_mirror        u:object_r:mirror_data_file:s0
/debug_ramdisk      u:object_r:tmpfs:s0
/mnt                u:object_r:tmpfs:s0
/proc               u:object_r:rootfs:s0
/second_stage_resources u:object_r:tmpfs:s0
/sys                u:object_r:sysfs:s0
/apex               u:object_r:apex_mnt_dir:s0
/bootstrap-apex     u:object_r:apex_mnt_dir:s0
/tmp                u:object_r:shell_data_file:s0

# Postinstall directories
/postinstall         u:object_r:postinstall_mnt_dir:s0
/postinstall/apex    u:object_r:postinstall_apex_mnt_dir:s0

/apex/(\.(bootstrap|default)-)?apex-info-list.xml u:object_r:apex_info_file:s0

# Symlinks
/bin                u:object_r:rootfs:s0
/bugreports         u:object_r:rootfs:s0
/charger            u:object_r:rootfs:s0
/d                  u:object_r:rootfs:s0
/etc                u:object_r:rootfs:s0
/sdcard             u:object_r:rootfs:s0

# SELinux policy files
/vendor_file_contexts   u:object_r:file_contexts_file:s0
/plat_file_contexts     u:object_r:file_contexts_file:s0
/product_file_contexts  u:object_r:file_contexts_file:s0
/mapping_sepolicy\.cil   u:object_r:sepolicy_file:s0
/plat_sepolicy\.cil      u:object_r:sepolicy_file:s0
/plat_property_contexts  u:object_r:property_contexts_file:s0
/product_property_contexts  u:object_r:property_contexts_file:s0
/vendor_property_contexts   u:object_r:property_contexts_file:s0
/seapp_contexts     u:object_r:seapp_contexts_file:s0
/vendor_seapp_contexts      u:object_r:seapp_contexts_file:s0
/plat_seapp_contexts     u:object_r:seapp_contexts_file:s0
/sepolicy           u:object_r:sepolicy_file:s0
/plat_service_contexts   u:object_r:service_contexts_file:s0
/plat_hwservice_contexts   u:object_r:hwservice_contexts_file:s0
/plat_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
/vendor_service_contexts    u:object_r:vendor_service_contexts_file:s0
/vendor_hwservice_contexts    u:object_r:hwservice_contexts_file:s0
/vndservice_contexts   u:object_r:vndservice_contexts_file:s0

##########################
# Devices
#
/dev(/.*)?		u:object_r:device:s0
/dev/adf[0-9]*		u:object_r:graphics_device:s0
/dev/adf-interface[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
/dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
/dev/ashmem		u:object_r:ashmem_device:s0
/dev/ashmem(.*)?	u:object_r:ashmem_libcutils_device:s0
/dev/audio.*		u:object_r:audio_device:s0
/dev/binder		u:object_r:binder_device:s0
/dev/block(/.*)?	u:object_r:block_device:s0
/dev/block/by-name/zoned_device	u:object_r:zoned_block_device:s0
/dev/block/dm-[0-9]+	u:object_r:dm_device:s0
/dev/block/ublkb[0-9]+	u:object_r:ublk_block_device:s0
/dev/block/loop[0-9]*	u:object_r:loop_device:s0
/dev/block/vd[a-z][0-9]*  u:object_r:vd_device:s0
/dev/block/vold/.+	u:object_r:vold_device:s0
/dev/block/ram[0-9]*	u:object_r:ram_device:s0
/dev/block/zram[0-9]*	u:object_r:ram_device:s0
/dev/boringssl/selftest(/.*)?	u:object_r:boringssl_self_test_marker:s0
/dev/bus/usb(.*)?       u:object_r:usb_device:s0
/dev/console		u:object_r:console_device:s0
/dev/cpu_variant:.*     u:object_r:dev_cpu_variant:s0
/dev/dma_heap(/.*)?     u:object_r:dmabuf_heap_device:s0
/dev/dma_heap/system    u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/system-uncached    u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/system-secure(.*)	 u:object_r:dmabuf_system_secure_heap_device:s0
/dev/dm-user(/.*)?	u:object_r:dm_user_device:s0
/dev/ublk-control	u:object_r:ublk_control_device:s0
/dev/device-mapper	u:object_r:dm_device:s0
/dev/eac		u:object_r:audio_device:s0
/dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0
/dev/cgroup_info(/.*)?  u:object_r:cgroup_rc_file:s0
/dev/fscklogs(/.*)?	u:object_r:fscklogs:s0
/dev/fuse		u:object_r:fuse_device:s0
/dev/gnss[0-9]+		u:object_r:gnss_device:s0
/dev/graphics(/.*)?	u:object_r:graphics_device:s0
/dev/hidraw[0-9]+	u:object_r:hidraw_device:s0
/dev/hw_random		u:object_r:hw_random_device:s0
/dev/hwbinder		u:object_r:hwbinder_device:s0
/dev/input(/.*)?	u:object_r:input_device:s0
/dev/iio:device[0-9]+   u:object_r:iio_device:s0
/dev/ion		u:object_r:ion_device:s0
/dev/keychord   u:object_r:keychord_device:s0
/dev/loop-control	u:object_r:loop_control_device:s0
/dev/modem.*		u:object_r:radio_device:s0
/dev/mtp_usb		u:object_r:mtp_device:s0
/dev/pmsg0		u:object_r:pmsg_device:s0
/dev/pn544		u:object_r:nfc_device:s0
/dev/port		u:object_r:port_device:s0
/dev/ptmx		u:object_r:ptmx_device:s0
/dev/pvrsrvkm		u:object_r:gpu_device:s0
/dev/kmsg		u:object_r:kmsg_device:s0
/dev/kmsg_debug	u:object_r:kmsg_debug_device:s0
/dev/kvm		u:object_r:kvm_device:s0
/dev/null		u:object_r:null_device:s0
/dev/nvhdcp1		u:object_r:video_device:s0
/dev/random		u:object_r:random_device:s0
/dev/rpmsg-omx[0-9]	u:object_r:rpmsg_device:s0
/dev/rproc_user	u:object_r:rpmsg_device:s0
/dev/rtc[0-9]      u:object_r:rtc_device:s0
/dev/snd(/.*)?		u:object_r:audio_device:s0
/dev/socket(/.*)?	u:object_r:socket_device:s0
/dev/socket/adbd	u:object_r:adbd_socket:s0
/dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
/dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
/dev/socket/fwmarkd	u:object_r:fwmarkd_socket:s0
/dev/socket/lmkd        u:object_r:lmkd_socket:s0
/dev/socket/logd	u:object_r:logd_socket:s0
/dev/socket/logdr	u:object_r:logdr_socket:s0
/dev/socket/logdw	u:object_r:logdw_socket:s0
/dev/socket/statsdw	u:object_r:statsdw_socket:s0
/dev/socket/mdns	u:object_r:mdns_socket:s0
/dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
/dev/socket/ot-daemon(/.*)?  u:object_r:ot_daemon_socket:s0
/dev/socket/pdx/system/buffer_hub	u:object_r:pdx_bufferhub_dir:s0
/dev/socket/pdx/system/buffer_hub/client	u:object_r:pdx_bufferhub_client_endpoint_socket:s0
/dev/socket/pdx/system/performance	u:object_r:pdx_performance_dir:s0
/dev/socket/pdx/system/performance/client	u:object_r:pdx_performance_client_endpoint_socket:s0
/dev/socket/pdx/system/vr/display	u:object_r:pdx_display_dir:s0
/dev/socket/pdx/system/vr/display/client	u:object_r:pdx_display_client_endpoint_socket:s0
/dev/socket/pdx/system/vr/display/manager	u:object_r:pdx_display_manager_endpoint_socket:s0
/dev/socket/pdx/system/vr/display/screenshot	u:object_r:pdx_display_screenshot_endpoint_socket:s0
/dev/socket/pdx/system/vr/display/vsync	u:object_r:pdx_display_vsync_endpoint_socket:s0
/dev/socket/prng_seeder	u:object_r:prng_seeder_socket:s0
/dev/socket/property_service	u:object_r:property_socket:s0
/dev/socket/property_service_for_system  u:object_r:property_socket:s0
/dev/socket/recovery    u:object_r:recovery_socket:s0
/dev/socket/rild	u:object_r:rild_socket:s0
/dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
/dev/socket/snapuserd u:object_r:snapuserd_socket:s0
/dev/socket/snapuserd_proxy u:object_r:snapuserd_proxy_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/traced_consumer	u:object_r:traced_consumer_socket:s0
/dev/socket/traced_perf	u:object_r:traced_perf_socket:s0
/dev/socket/traced_producer	u:object_r:traced_producer_socket:s0
/dev/socket/heapprofd	u:object_r:heapprofd_socket:s0
/dev/socket/uncrypt	u:object_r:uncrypt_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
/dev/socket/zygote	u:object_r:zygote_socket:s0
/dev/socket/zygote_secondary	u:object_r:zygote_socket:s0
/dev/socket/usap_pool_primary	u:object_r:zygote_socket:s0
/dev/socket/usap_pool_secondary	u:object_r:zygote_socket:s0
/dev/spdif_out.*	u:object_r:audio_device:s0
/dev/sys/block/by-name/rootdisk(/.*)?	u:object_r:rootdisk_sysdev:s0
/dev/sys/block/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
/dev/sys/fs/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
/dev/tty		u:object_r:owntty_device:s0
/dev/tty[0-9]*		u:object_r:tty_device:s0
/dev/ttyS[0-9]*		u:object_r:serial_device:s0
/dev/ttyUSB[0-9]*	u:object_r:usb_serial_device:s0
/dev/ttyACM[0-9]*	u:object_r:usb_serial_device:s0
/dev/tun		u:object_r:tun_device:s0
/dev/uhid		u:object_r:uhid_device:s0
/dev/uinput		u:object_r:uhid_device:s0
/dev/uio[0-9]*		u:object_r:uio_device:s0
/dev/urandom		u:object_r:random_device:s0
/dev/usb_accessory	u:object_r:usbaccessory_device:s0
/dev/v4l-touch[0-9]*	u:object_r:input_device:s0
/dev/vfio(/.*)?		u:object_r:vfio_device:s0
/dev/vhost-vsock	u:object_r:kvm_device:s0
/dev/video[0-9]*	u:object_r:video_device:s0
/dev/vndbinder		u:object_r:vndbinder_device:s0
/dev/watchdog		u:object_r:watchdog_device:s0
/dev/xt_qtaguid	u:object_r:qtaguid_device:s0
/dev/zero		u:object_r:zero_device:s0
/dev/__properties__ u:object_r:properties_device:s0
/dev/__properties__/appcompat_override u:object_r:properties_device:s0
/dev/__properties__/property_info   u:object_r:property_info:s0
/dev/__properties__/appcompat_override/property_info   u:object_r:property_info:s0
#############################
# Linker configuration
#
/linkerconfig(/.*)?          u:object_r:linkerconfig_file:s0

#############################
# System files
#
/system(/.*)?		u:object_r:system_file:s0
/system/apex/com.android.art	u:object_r:art_apex_dir:s0
/system/lib(64)?(/.*)?		u:object_r:system_lib_file:s0
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
/system/bin/mm_events		u:object_r:mm_events_exec:s0
/system/bin/atrace	u:object_r:atrace_exec:s0
/system/bin/auditctl	u:object_r:auditctl_exec:s0
/system/bin/bcc                 u:object_r:rs_exec:s0
/system/bin/blank_screen	u:object_r:blank_screen_exec:s0
/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
/system/bin/prng_seeder		u:object_r:prng_seeder_exec:s0
/system/bin/charger		u:object_r:charger_exec:s0
/system/bin/e2fsdroid		u:object_r:e2fs_exec:s0
/system/bin/mke2fs		u:object_r:e2fs_exec:s0
/system/bin/e2fsck	--	u:object_r:fsck_exec:s0
/system/bin/extra_free_kbytes\.sh u:object_r:extra_free_kbytes_exec:s0
/system/bin/fsck\.exfat	--	u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
/system/bin/init		u:object_r:init_exec:s0
# TODO(/123600489): merge mini-keyctl into toybox
/system/bin/mini-keyctl	--	u:object_r:toolbox_exec:s0
/system/bin/fsverity_init	u:object_r:fsverity_init_exec:s0
/system/bin/sload_f2fs	--	u:object_r:e2fs_exec:s0
/system/bin/make_f2fs	--	u:object_r:e2fs_exec:s0
/system/bin/fsck_msdos	--	u:object_r:fsck_exec:s0
/system/bin/tcpdump	--	u:object_r:tcpdump_exec:s0
/system/bin/tune2fs	--	u:object_r:fsck_exec:s0
/system/bin/resize2fs	--	u:object_r:fsck_exec:s0
/system/bin/toolbox	--	u:object_r:toolbox_exec:s0
/system/bin/toybox	--	u:object_r:toolbox_exec:s0
/system/bin/ld\.mc              u:object_r:rs_exec:s0
/system/bin/logcat	--	u:object_r:logcat_exec:s0
/system/bin/logcatd	--	u:object_r:logcat_exec:s0
/system/bin/sh		--	u:object_r:shell_exec:s0
/system/bin/run-as	--	u:object_r:runas_exec:s0
/system/bin/bootanimation u:object_r:bootanim_exec:s0
/system/bin/bootstat		u:object_r:bootstat_exec:s0
/system/bin/app_process32	u:object_r:zygote_exec:s0
/system/bin/app_process64	u:object_r:zygote_exec:s0
/system/bin/servicemanager	u:object_r:servicemanager_exec:s0
/system/bin/surfaceflinger	u:object_r:surfaceflinger_exec:s0
/system/bin/gpuservice	u:object_r:gpuservice_exec:s0
/system/bin/bufferhubd	u:object_r:bufferhubd_exec:s0
/system/bin/performanced	u:object_r:performanced_exec:s0
/system/bin/drmserver	u:object_r:drmserver_exec:s0
/system/bin/drmserver32	u:object_r:drmserver_exec:s0
/system/bin/drmserver64	u:object_r:drmserver_exec:s0
/system/bin/dumpstate   u:object_r:dumpstate_exec:s0
/system/bin/incident   u:object_r:incident_exec:s0
/system/bin/incidentd   u:object_r:incidentd_exec:s0
/system/bin/incident_helper  u:object_r:incident_helper_exec:s0
/system/bin/iw                   u:object_r:iw_exec:s0
/system/bin/netutils-wrapper-1\.0    u:object_r:netutils_wrapper_exec:s0
/system/bin/vold	u:object_r:vold_exec:s0
/system/bin/netd	u:object_r:netd_exec:s0
/system/bin/wificond	u:object_r:wificond_exec:s0
/system/bin/audioserver	u:object_r:audioserver_exec:s0
/system/bin/mediadrmserver	u:object_r:mediadrmserver_exec:s0
/system/bin/mediaserver	u:object_r:mediaserver_exec:s0
/system/bin/mediaserver32	u:object_r:mediaserver_exec:s0
/system/bin/mediaserver64	u:object_r:mediaserver_exec:s0
/system/bin/mediametrics	u:object_r:mediametrics_exec:s0
/system/bin/cameraserver	u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor	u:object_r:mediaextractor_exec:s0
/system/bin/mediaswcodec	u:object_r:mediaswcodec_exec:s0
/system/bin/mediatranscoding	u:object_r:mediatranscoding_exec:s0
/system/bin/mediatuner	        u:object_r:mediatuner_exec:s0
/system/bin/mdnsd	u:object_r:mdnsd_exec:s0
/system/bin/installd	u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot   u:object_r:otapreopt_chroot_exec:s0
/system/bin/otapreopt_slot   u:object_r:otapreopt_slot_exec:s0
/system/bin/credstore	u:object_r:credstore_exec:s0
/system/bin/keystore	u:object_r:keystore_exec:s0
/system/bin/keystore2	u:object_r:keystore_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
/system/bin/tombstoned u:object_r:tombstoned_exec:s0
/system/bin/recovery-persist     u:object_r:recovery_persist_exec:s0
/system/bin/recovery-refresh     u:object_r:recovery_refresh_exec:s0
/system/bin/sdcard      u:object_r:sdcardd_exec:s0
/system/bin/snapshotctl      u:object_r:snapshotctl_exec:s0
/system/bin/remount              u:object_r:remount_exec:s0
/system/bin/dhcpcd      u:object_r:dhcp_exec:s0
/system/bin/dhcpcd-6\.8\.2	u:object_r:dhcp_exec:s0
/system/bin/dmesgd	u:object_r:dmesgd_exec:s0
/system/xbin/su		u:object_r:su_exec:s0
/system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/llkd        u:object_r:llkd_exec:s0
/system/bin/lmkd        u:object_r:lmkd_exec:s0
/system/bin/usbd   u:object_r:usbd_exec:s0
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
/system/bin/logd        u:object_r:logd_exec:s0
/system/bin/lpdumpd        u:object_r:lpdumpd_exec:s0
/system/bin/rss_hwm_reset	u:object_r:rss_hwm_reset_exec:s0
/system/bin/perfetto        u:object_r:perfetto_exec:s0
/system/bin/mtectrl         u:object_r:mtectrl_exec:s0
/system/bin/traced        u:object_r:traced_exec:s0
/system/bin/traced_perf        u:object_r:traced_perf_exec:s0
/system/bin/traced_probes        u:object_r:traced_probes_exec:s0
/system/bin/heapprofd        u:object_r:heapprofd_exec:s0
/system/bin/uncrypt     u:object_r:uncrypt_exec:s0
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
/system/bin/logwrapper  u:object_r:system_file:s0
/system/bin/vdc         u:object_r:vdc_exec:s0
/system/bin/cppreopts\.sh   u:object_r:cppreopts_exec:s0
/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
/system/bin/viewcompiler     u:object_r:viewcompiler_exec:s0
/system/bin/sgdisk      u:object_r:sgdisk_exec:s0
/system/bin/blkid       u:object_r:blkid_exec:s0
/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
/system/bin/idmap2(d)?           u:object_r:idmap_exec:s0
/system/bin/update_engine        u:object_r:update_engine_exec:s0
/system/bin/profcollectd         u:object_r:profcollectd_exec:s0
/system/bin/profcollectctl       u:object_r:profcollectd_exec:s0
/system/bin/storaged             u:object_r:storaged_exec:s0
/system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
/system/bin/virtual_camera       u:object_r:virtual_camera_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service    u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.system\.suspend-service               u:object_r:system_suspend_exec:s0
/system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
/system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_api_file:s0
/system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0
/system/etc/font_fallback.xml           u:object_r:system_font_fallback_file:s0
/system/etc/group                       u:object_r:system_group_file:s0
/system/etc/ld\.config.*                u:object_r:system_linker_config_file:s0
/system/etc/passwd                      u:object_r:system_passwd_file:s0
/system/etc/seccomp_policy(/.*)?        u:object_r:system_seccomp_policy_file:s0
/system/etc/security/cacerts(/.*)?      u:object_r:system_security_cacerts_file:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+(\.compat)?\.cil       u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
/system/etc/selinux/plat_property_contexts  u:object_r:property_contexts_file:s0
/system/etc/selinux/plat_service_contexts  u:object_r:service_contexts_file:s0
/system/etc/selinux/plat_hwservice_contexts  u:object_r:hwservice_contexts_file:s0
/system/etc/selinux/plat_keystore2_key_contexts  u:object_r:keystore2_key_contexts_file:s0
/system/etc/selinux/plat_file_contexts  u:object_r:file_contexts_file:s0
/system/etc/selinux/plat_seapp_contexts  u:object_r:seapp_contexts_file:s0
/system/etc/selinux/plat_sepolicy\.cil       u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
/system/etc/task_profiles\.json  u:object_r:task_profiles_file:s0
/system/etc/task_profiles/task_profiles_[0-9]+\.json  u:object_r:task_profiles_api_file:s0
/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0
/system/bin/adbd                 u:object_r:adbd_exec:s0
/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0
/system/bin/stats                u:object_r:stats_exec:s0
/system/bin/statsd               u:object_r:statsd_exec:s0
/system/bin/bpfloader            u:object_r:bpfloader_exec:s0
/system/bin/netbpfload           u:object_r:bpfloader_exec:s0
/system/bin/watchdogd            u:object_r:watchdogd_exec:s0
/system/bin/apexd                u:object_r:apexd_exec:s0
/system/bin/gsid                 u:object_r:gsid_exec:s0
/system/bin/simpleperf           u:object_r:simpleperf_exec:s0
/system/bin/simpleperf_app_runner    u:object_r:simpleperf_app_runner_exec:s0
/system/bin/migrate_legacy_obb_data u:object_r:migrate_legacy_obb_data_exec:s0
/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
/system/bin/snapuserd            u:object_r:snapuserd_exec:s0
/system/bin/odsign               u:object_r:odsign_exec:s0
/system/bin/vehicle_binding_util     u:object_r:vehicle_binding_util_exec:s0
/system/bin/cardisplayproxyd     u:object_r:automotive_display_service_exec:s0
/system/bin/evsmanagerd          u:object_r:evsmanagerd_exec:s0
/system/bin/android\.automotive\.evs\.manager@1\.[0-9]+ u:object_r:evsmanagerd_exec:s0
/system/bin/uprobestats           u:object_r:uprobestats_exec:s0

#############################
# Vendor files
#
/(vendor|system/vendor)(/.*)?                  u:object_r:vendor_file:s0
/(vendor|system/vendor)/bin/sh                 u:object_r:vendor_shell_exec:s0
/(vendor|system/vendor)/bin/toybox_vendor      u:object_r:vendor_toolbox_exec:s0
/(vendor|system/vendor)/bin/toolbox            u:object_r:vendor_toolbox_exec:s0
/(vendor|system/vendor)/etc(/.*)?              u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/etc/cgroups\.json      u:object_r:vendor_cgroup_desc_file:s0
/(vendor|system/vendor)/etc/task_profiles\.json    u:object_r:vendor_task_profiles_file:s0
/(vendor|system/vendor)/etc/avf/microdroid(/.*)?   u:object_r:vendor_microdroid_file:s0

/(vendor|system/vendor)/lib(64)?/egl(/.*)?     u:object_r:same_process_hal_file:s0

/(vendor|system/vendor)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0

/(vendor|system/vendor)/manifest\.xml           u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/compatibility_matrix\.xml u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/etc/vintf(/.*)?        u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/app(/.*)?              u:object_r:vendor_app_file:s0
/(vendor|system/vendor)/priv-app(/.*)?         u:object_r:vendor_app_file:s0
/(vendor|system/vendor)/overlay(/.*)?          u:object_r:vendor_overlay_file:s0
/(vendor|system/vendor)/framework(/.*)?        u:object_r:vendor_framework_file:s0

/(vendor|system/vendor)/apex(/[^/]+){0,2}                      u:object_r:vendor_apex_file:s0
/(vendor|system/vendor)/bin/misc_writer                        u:object_r:vendor_misc_writer_exec:s0
/(vendor|system/vendor)/bin/boringssl_self_test(32|64)         u:object_r:vendor_boringssl_self_test_exec:s0

# HAL location
/(vendor|system/vendor)/lib(64)?/hw            u:object_r:vendor_hal_file:s0

/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0

#############################
# OEM and ODM files
#
/(odm|vendor/odm)(/.*)?                       u:object_r:vendor_file:s0
/(odm|vendor/odm)/lib(64)?/egl(/.*)?          u:object_r:same_process_hal_file:s0
/(odm|vendor/odm)/lib(64)?/hw                 u:object_r:vendor_hal_file:s0
/(odm|vendor/odm)/lib(64)?/vndk-sp(/.*)?      u:object_r:vndk_sp_file:s0
/(odm|vendor/odm)/bin/sh                      u:object_r:vendor_shell_exec:s0
/(odm|vendor/odm)/etc(/.*)?                   u:object_r:vendor_configs_file:s0
/(odm|vendor/odm)/app(/.*)?                   u:object_r:vendor_app_file:s0
/(odm|vendor/odm)/priv-app(/.*)?              u:object_r:vendor_app_file:s0
/(odm|vendor/odm)/overlay(/.*)?               u:object_r:vendor_overlay_file:s0
/(odm|vendor/odm)/framework(/.*)?             u:object_r:vendor_framework_file:s0

# secure-element service: vendor uuid mapping config file
/(odm|vendor/odm|vendor|system/vendor)/etc/hal_uuid_map_(.*)?\.xml    u:object_r:vendor_uuid_mapping_config_file:s0


# Input configuration
/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl        u:object_r:vendor_keylayout_file:s0
/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm        u:object_r:vendor_keychars_file:s0
/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc             u:object_r:vendor_idc_file:s0

/oem(/.*)?              u:object_r:oemfs:s0
/oem/overlay(/.*)?      u:object_r:vendor_overlay_file:s0

# The precompiled monolithic sepolicy will be under /odm only when
# BOARD_USES_ODMIMAGE is true: a separate odm.img is built.
/odm/etc/selinux/precompiled_sepolicy                           u:object_r:sepolicy_file:s0
/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0

/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil                 u:object_r:sepolicy_file:s0
/(odm|vendor/odm)/etc/selinux/odm_file_contexts                 u:object_r:file_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts                u:object_r:seapp_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_property_contexts             u:object_r:property_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_service_contexts              u:object_r:vendor_service_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts            u:object_r:hwservice_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_keystore2_key_contexts        u:object_r:keystore2_key_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml          u:object_r:mac_perms_file:s0

#############################
# Product files
#
/(product|system/product)(/.*)?                                 u:object_r:system_file:s0
/(product|system/product)/etc/group                             u:object_r:system_group_file:s0
/(product|system/product)/etc/passwd                            u:object_r:system_passwd_file:s0
/(product|system/product)/overlay(/.*)?                         u:object_r:system_file:s0

/(product|system/product)/etc/selinux/product_file_contexts      u:object_r:file_contexts_file:s0
/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/(product|system/product)/etc/selinux/product_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
/(product|system/product)/etc/selinux/product_property_contexts  u:object_r:property_contexts_file:s0
/(product|system/product)/etc/selinux/product_seapp_contexts     u:object_r:seapp_contexts_file:s0
/(product|system/product)/etc/selinux/product_service_contexts   u:object_r:service_contexts_file:s0
/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0

/(product|system/product)/lib(64)?(/.*)?                         u:object_r:system_lib_file:s0

#############################
# SystemExt files
#
/(system_ext|system/system_ext)(/.*)?               u:object_r:system_file:s0
/(system_ext|system/system_ext)/etc/group           u:object_r:system_group_file:s0
/(system_ext|system/system_ext)/etc/passwd          u:object_r:system_passwd_file:s0
/(system_ext|system/system_ext)/overlay(/.*)?       u:object_r:vendor_overlay_file:s0

/(system_ext|system/system_ext)/etc/selinux/system_ext_file_contexts        u:object_r:file_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_hwservice_contexts   u:object_r:hwservice_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_property_contexts    u:object_r:property_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts       u:object_r:seapp_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts     u:object_r:service_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0
/(system_ext|system/system_ext)/etc/selinux/userdebug_plat_sepolicy\.cil    u:object_r:sepolicy_file:s0

/(system_ext|system/system_ext)/bin/aidl_lazy_test_server    u:object_r:aidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/aidl_lazy_cb_test_server u:object_r:aidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hidl_lazy_test_server    u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hidl_lazy_cb_test_server u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hwservicemanager         u:object_r:hwservicemanager_exec:s0
/(system_ext|system/system_ext)/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0


/(system_ext|system/system_ext)/bin/canhalconfigurator(-aidl)? u:object_r:canhalconfigurator_exec:s0

/(system_ext|system/system_ext)/lib(64)?(/.*)?      u:object_r:system_lib_file:s0

#############################
# VendorDlkm files
# This includes VENDOR Dynamically Loadable Kernel Modules and other misc files.
#
/(vendor_dlkm|vendor/vendor_dlkm|system/vendor/vendor_dlkm)(/.*)?         u:object_r:vendor_file:s0
/(vendor_dlkm|vendor/vendor_dlkm|system/vendor/vendor_dlkm)/etc(/.*)?     u:object_r:vendor_configs_file:s0

#############################
# OdmDlkm files
# This includes ODM Dynamically Loadable Kernel Modules and other misc files.
#
/(odm_dlkm|vendor/odm_dlkm|system/vendor/odm_dlkm)(/.*)?                  u:object_r:vendor_file:s0
/(odm_dlkm|vendor/odm_dlkm|system/vendor/odm_dlkm)/etc(/.*)?              u:object_r:vendor_configs_file:s0

#############################
# Vendor files from /(product|system/product)/vendor_overlay
#
# NOTE: For additional vendor file contexts for vendor overlay files,
# use device specific file_contexts.
#
/(product|system/product)/vendor_overlay/[0-9]+/.*          u:object_r:vendor_file:s0

#############################
# Data files
#
# NOTE: When modifying existing label rules, changes may also need to
# propagate to the "Expanded data files" section.
#
/data		u:object_r:system_data_root_file:s0
/data/(.*)?		u:object_r:system_data_file:s0
/data/system/environ(/.*)? u:object_r:environ_system_data_file:s0
/data/system/packages\.list u:object_r:packages_list_file:s0
/data/system/game_mode_intervention\.list u:object_r:game_mode_intervention_list_file:s0
/data/unencrypted(/.*)?         u:object_r:unencrypted_data_file:s0
/data/backup(/.*)?		u:object_r:backup_data_file:s0
/data/secure/backup(/.*)?	u:object_r:backup_data_file:s0
/data/system/ndebugsocket	u:object_r:system_ndebug_socket:s0
/data/system/unsolzygotesocket  u:object_r:system_unsolzygote_socket:s0
/data/drm(/.*)?		u:object_r:drm_data_file:s0
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
/data/ota(/.*)? u:object_r:ota_data_file:s0
/data/ota_package(/.*)? u:object_r:ota_package_file:s0
/data/adb(/.*)?		u:object_r:adb_data_file:s0
/data/anr(/.*)?		u:object_r:anr_data_file:s0
/data/apex(/.*)?		u:object_r:apex_data_file:s0
/data/apex/active/(.*)?		u:object_r:staging_data_file:s0
/data/apex/backup/(.*)?		u:object_r:staging_data_file:s0
/data/apex/decompressed/(.*)?    u:object_r:staging_data_file:s0
/data/apex/ota_reserved(/.*)?       u:object_r:apex_ota_reserved_file:s0
/data/app(/.*)?                       u:object_r:apk_data_file:s0
# Traditional /data/app/[packageName]-[randomString]/base.apk location
/data/app/[^/]+/oat(/.*)?                u:object_r:dalvikcache_data_file:s0
# /data/app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
/data/app/[^/]+/[^/]+/oat(/.*)?                u:object_r:dalvikcache_data_file:s0
/data/app/vmdl[^/]+\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
/data/app/vmdl[^/]+\.tmp/oat(/.*)?           u:object_r:dalvikcache_data_file:s0
/data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
/data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
/data/gsi(/.*)?        u:object_r:gsi_data_file:s0
/data/gsi_persistent_data    u:object_r:gsi_persistent_data_file:s0
/data/gsi/ota(/.*)?    u:object_r:ota_image_data_file:s0
/data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
/data/local/tests(/.*)?	u:object_r:shell_test_data_file:s0
/data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
/data/local/tmp/ltp(/.*)?   u:object_r:nativetest_data_file:s0
/data/local/traces(/.*)?	u:object_r:trace_data_file:s0
/data/media             u:object_r:media_userdir_file:s0
/data/media/.*          u:object_r:media_rw_data_file:s0
/data/mediadrm(/.*)?	u:object_r:media_data_file:s0
/data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0
/data/nativetest64(/.*)?	u:object_r:nativetest_data_file:s0
# This directory was removed after Q Beta 2, but we need to preserve labels for upgrading devices.
/data/pkg_staging(/.*)?		u:object_r:staging_data_file:s0
/data/property(/.*)?	u:object_r:property_data_file:s0
/data/preloads(/.*)?	u:object_r:preloads_data_file:s0
/data/preloads/media(/.*)?	u:object_r:preloads_media_file:s0
/data/preloads/demo(/.*)?	u:object_r:preloads_media_file:s0
/data/server_configurable_flags(/.*)? u:object_r:server_configurable_flags_data_file:s0
/data/app-staging(/.*)?		u:object_r:staging_data_file:s0
# Ensure we have the same labels as /data/app or /data/apex/active
# to avoid restorecon conflicts
/data/rollback/\d+/[^/]+/.*\.apk  u:object_r:apk_data_file:s0
/data/rollback/\d+/[^/]+/.*\.apex u:object_r:staging_data_file:s0
/data/fonts/files(/.*)?     u:object_r:font_data_file:s0
/data/misc_ce             u:object_r:system_userdir_file:s0
/data/misc_de             u:object_r:system_userdir_file:s0
/data/system_ce           u:object_r:system_userdir_file:s0
/data/system_de           u:object_r:system_userdir_file:s0
/data/user                u:object_r:system_userdir_file:s0
/data/user_de             u:object_r:system_userdir_file:s0

# Misc data
/data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
/data/misc/a11ytrace(/.*)?      u:object_r:accessibility_trace_data_file:s0
/data/misc/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
/data/misc/apexdata/com\.android\.art(/.*)?           u:object_r:apex_art_data_file:s0
/data/misc/apexdata/com\.android\.compos(/.*)?        u:object_r:apex_compos_data_file:s0
/data/misc/apexdata/com\.android\.virt(/.*)?          u:object_r:apex_virt_data_file:s0
/data/misc/apexdata/com\.android\.permission(/.*)?    u:object_r:apex_system_server_data_file:s0
/data/misc/apexdata/com\.android\.scheduling(/.*)?    u:object_r:apex_system_server_data_file:s0
/data/misc/apexdata/com\.android\.tethering(/.*)?     u:object_r:apex_tethering_data_file:s0
/data/misc/apexdata/com\.android\.uwb(/.*)?           u:object_r:apex_system_server_data_file:s0
/data/misc/apexdata/com\.android\.wifi(/.*)?          u:object_r:apex_system_server_data_file:s0
/data/misc/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)?           u:object_r:radio_data_file:s0
/data/misc/appcompat(/.*)?      u:object_r:appcompat_data_file:s0
/data/misc/audio(/.*)?          u:object_r:audio_data_file:s0
/data/misc/audioserver(/.*)?    u:object_r:audioserver_data_file:s0
/data/misc/audiohal(/.*)?       u:object_r:audiohal_data_file:s0
/data/misc/bootstat(/.*)?       u:object_r:bootstat_data_file:s0
/data/misc/boottrace(/.*)?      u:object_r:boottrace_data_file:s0
/data/misc/bluetooth(/.*)?      u:object_r:bluetooth_data_file:s0
/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0
/data/misc/bluedroid(/.*)?      u:object_r:bluetooth_data_file:s0
/data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0
/data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0
/data/misc/camera(/.*)?         u:object_r:camera_data_file:s0
/data/misc/carrierid(/.*)?      u:object_r:radio_data_file:s0
/data/misc/dhcp(/.*)?           u:object_r:dhcp_data_file:s0
/data/misc/dhcp-6\.8\.2(/.*)?     u:object_r:dhcp_data_file:s0
/data/misc/dmesgd(/.*)?         u:object_r:dmesgd_data_file:s0
/data/misc/emergencynumberdb(/.*)?     u:object_r:emergency_data_file:s0
/data/misc/gatekeeper(/.*)?     u:object_r:gatekeeper_data_file:s0
/data/misc/incidents(/.*)?	    u:object_r:incident_data_file:s0
/data/misc/installd(/.*)?		u:object_r:install_data_file:s0
/data/misc/keychain(/.*)?       u:object_r:keychain_data_file:s0
/data/misc/credstore(/.*)?       u:object_r:credstore_data_file:s0
/data/misc/keystore(/.*)?       u:object_r:keystore_data_file:s0
/data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
/data/misc/media(/.*)?          u:object_r:media_data_file:s0
/data/misc/net(/.*)?            u:object_r:net_data_file:s0
/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/telephonyconfig(/.*)? u:object_r:radio_data_file:s0
/data/misc/nfc/logs(/.*)?       u:object_r:nfc_logs_data_file:s0
/data/misc/odrefresh(/.*)?      u:object_r:odrefresh_data_file:s0
/data/misc/odsign(/.*)?         u:object_r:odsign_data_file:s0
/data/misc/odsign/metrics(/.*)? u:object_r:odsign_metrics_file:s0
/data/misc/perfetto-traces(/.*)?          u:object_r:perfetto_traces_data_file:s0
/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
/data/misc/perfetto-configs(/.*)?         u:object_r:perfetto_configs_data_file:s0
/data/misc/uprobestats-configs(/.*)?      u:object_r:uprobestats_configs_data_file:s0
/data/misc/prereboot(/.*)?      u:object_r:prereboot_data_file:s0
/data/misc/profcollectd(/.*)?   u:object_r:profcollectd_data_file:s0
/data/misc/radio(/.*)?          u:object_r:radio_core_data_file:s0
/data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
/data/misc/snapshotctl_log(/.*)?      u:object_r:snapshotctl_log_data_file:s0
/data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0
/data/misc/stats-data(/.*)?     u:object_r:stats_data_file:s0
/data/misc/stats-service(/.*)?  u:object_r:stats_config_data_file:s0
/data/misc/stats-metadata(/.*)? u:object_r:stats_data_file:s0
/data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0
/data/misc/textclassifier(/.*)?       u:object_r:textclassifier_data_file:s0
/data/misc/train-info(/.*)?     u:object_r:stats_data_file:s0
/data/misc/user(/.*)?           u:object_r:misc_user_data_file:s0
/data/misc/virtualizationservice(/.*)? u:object_r:virtualizationservice_data_file:s0
/data/misc/vpn(/.*)?            u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)?           u:object_r:wifi_data_file:s0
/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0
/data/misc/wifi/sockets(/.*)?   u:object_r:wpa_socket:s0
/data/misc/wifi/sockets/wpa_ctrl.*   u:object_r:system_wpa_socket:s0
/data/misc/vold(/.*)?           u:object_r:vold_data_file:s0
/data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
/data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
/data/misc/snapuserd_log(/.*)?  u:object_r:snapuserd_log_data_file:s0
/data/system/dropbox(/.*)?      u:object_r:dropbox_data_file:s0
/data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
/data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
/data/misc/wmtrace(/.*)?        u:object_r:wm_trace_data_file:s0
# TODO(calin) label profile reference differently so that only
# profman run as a special user can write to them
/data/misc/profiles/cur(/[0-9]+)?   u:object_r:user_profile_root_file:s0
/data/misc/profiles/cur/[0-9]+/.*   u:object_r:user_profile_data_file:s0
/data/misc/profiles/ref(/.*)?       u:object_r:user_profile_data_file:s0
/data/misc/profman(/.*)?        u:object_r:profman_dump_data_file:s0
/data/vendor(/.*)?              u:object_r:vendor_data_file:s0
/data/vendor_ce                 u:object_r:vendor_userdir_file:s0
/data/vendor_ce/.*              u:object_r:vendor_data_file:s0
/data/vendor_de                 u:object_r:vendor_userdir_file:s0
/data/vendor_de/.*              u:object_r:vendor_data_file:s0
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0

# storaged proto files
/data/misc_de/[0-9]+/storaged(/.*)?       u:object_r:storaged_data_file:s0
/data/misc_ce/[0-9]+/storaged(/.*)?       u:object_r:storaged_data_file:s0

# checkin data files
/data/misc_ce/[0-9]+/checkin(/.*)? u:object_r:checkin_data_file:s0

# Fingerprint data
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0

# Fingerprint vendor data file
/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0

# Face vendor data file
/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
/data/vendor_ce/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0

# Iris vendor data file
/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0

# Bootchart data
/data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0

# Sandbox sdk data (managed by installd)
/data/misc_de/[0-9]+/sdksandbox       u:object_r:sdk_sandbox_system_data_file:s0
/data/misc_ce/[0-9]+/sdksandbox       u:object_r:sdk_sandbox_system_data_file:s0

# App data snapshots (managed by installd).
/data/misc_de/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
/data/misc_ce/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0

# Apex data directories
/data/misc_de/[0-9]+/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
/data/misc_ce/[0-9]+/apexdata(/.*)?       u:object_r:apex_module_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.appsearch(/.*)?   u:object_r:apex_system_server_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.permission(/.*)?  u:object_r:apex_system_server_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.permission(/.*)?  u:object_r:apex_system_server_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)?        u:object_r:apex_system_server_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)?        u:object_r:apex_system_server_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.uwb(/.*)?         u:object_r:apex_system_server_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.uwb(/.*)?         u:object_r:apex_system_server_data_file:s0

# Apex rollback directories
/data/misc_de/[0-9]+/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
/data/misc_ce/[0-9]+/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0

# Incremental directories
/data/incremental(/.*)?                                 u:object_r:apk_data_file:s0
/data/incremental/MT_[^/]+/mount/.pending_reads         u:object_r:incremental_control_file:s0
/data/incremental/MT_[^/]+/mount/.log                   u:object_r:incremental_control_file:s0
/data/incremental/MT_[^/]+/mount/.blocks_written        u:object_r:incremental_control_file:s0

# Boot animation data
/data/misc/bootanim(/.*)? u:object_r:bootanim_data_file:s0
#############################
# Expanded data files
#
/mnt/expand                                         u:object_r:mnt_expand_file:s0
/mnt/expand/[^/]+(/.*)?                             u:object_r:system_data_file:s0
/mnt/expand/[^/]+/app(/.*)?                         u:object_r:apk_data_file:s0
/mnt/expand/[^/]+/app/[^/]+/oat(/.*)?               u:object_r:dalvikcache_data_file:s0
# /mnt/expand/..../app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
/mnt/expand/[^/]+/app/[^/]+/[^/]+/oat(/.*)?        u:object_r:dalvikcache_data_file:s0
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)?          u:object_r:apk_tmp_file:s0
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)?      u:object_r:dalvikcache_data_file:s0
/mnt/expand/[^/]+/local/tmp(/.*)?                   u:object_r:shell_data_file:s0
/mnt/expand/[^/]+/media                             u:object_r:media_userdir_file:s0
/mnt/expand/[^/]+/media/.*                          u:object_r:media_rw_data_file:s0
/mnt/expand/[^/]+/misc/vold(/.*)?                   u:object_r:vold_data_file:s0
/mnt/expand/[^/]+/misc_ce                           u:object_r:system_userdir_file:s0
/mnt/expand/[^/]+/misc_de                           u:object_r:system_userdir_file:s0
/mnt/expand/[^/]+/user                              u:object_r:system_userdir_file:s0
/mnt/expand/[^/]+/user_de                           u:object_r:system_userdir_file:s0

# coredump directory for userdebug/eng devices
/cores(/.*)?                    u:object_r:coredump_file:s0

# Wallpaper files
/data/system/users/[0-9]+/wallpaper_lock_orig	u:object_r:wallpaper_file:s0
/data/system/users/[0-9]+/wallpaper_lock	u:object_r:wallpaper_file:s0
/data/system/users/[0-9]+/wallpaper_orig	u:object_r:wallpaper_file:s0
/data/system/users/[0-9]+/wallpaper		u:object_r:wallpaper_file:s0

# Ringtone files
/data/system_de/[0-9]+/ringtones(/.*)?          u:object_r:ringtone_file:s0

# ShortcutManager icons, e.g.
#   /data/system_ce/0/shortcut_service/bitmaps/com.example.app/1457472879282.png
/data/system_ce/[0-9]+/shortcut_service/bitmaps(/.*)? u:object_r:shortcut_manager_icons:s0

# User icon files
/data/system/users/[0-9]+/photo\.png             u:object_r:icon_file:s0

# Shutdown-checkpoints files
/data/system/shutdown-checkpoints(/.*)?          u:object_r:shutdown_checkpoints_system_data_file:s0

# vold per-user data
/data/misc_de/[0-9]+/vold(/.*)?           u:object_r:vold_data_file:s0
/data/misc_ce/[0-9]+/vold(/.*)?           u:object_r:vold_data_file:s0

# Backup service persistent per-user bookkeeping
/data/system_ce/[0-9]+/backup(/.*)?		u:object_r:backup_data_file:s0
# Backup service temporary per-user data for inter-change with apps
/data/system_ce/[0-9]+/backup_stage(/.*)?	u:object_r:backup_data_file:s0

#############################
# efs files
#
/efs(/.*)?		u:object_r:efs_file:s0

#############################
# Cache files
#
/cache(/.*)?		u:object_r:cache_file:s0
/cache/recovery(/.*)?	u:object_r:cache_recovery_file:s0
# General backup/restore interchange with apps
/cache/backup_stage(/.*)?	u:object_r:cache_backup_file:s0
# LocalTransport (backup) uses this subtree
/cache/backup(/.*)?		u:object_r:cache_private_backup_file:s0

#############################
# Overlayfs support directories
#
/cache/overlay(/.*)?            u:object_r:overlayfs_file:s0
/mnt/scratch(/.*)?              u:object_r:overlayfs_file:s0

/data/cache(/.*)?		u:object_r:cache_file:s0
/data/cache/recovery(/.*)?	u:object_r:cache_recovery_file:s0
# General backup/restore interchange with apps
/data/cache/backup_stage(/.*)?	u:object_r:cache_backup_file:s0
# LocalTransport (backup) uses this subtree
/data/cache/backup(/.*)?	u:object_r:cache_private_backup_file:s0

#############################
# Metadata files
#
/metadata(/.*)?           u:object_r:metadata_file:s0
/metadata/apex(/.*)?      u:object_r:apex_metadata_file:s0
/metadata/vold(/.*)?      u:object_r:vold_metadata_file:s0
/metadata/gsi(/.*)?       u:object_r:gsi_metadata_file:s0
/metadata/gsi/dsu/active  u:object_r:gsi_public_metadata_file:s0
/metadata/gsi/dsu/booted  u:object_r:gsi_public_metadata_file:s0
/metadata/gsi/dsu/lp_names  u:object_r:gsi_public_metadata_file:s0
/metadata/gsi/dsu/[^/]+/metadata_encryption_dir u:object_r:gsi_public_metadata_file:s0
/metadata/gsi/ota(/.*)?   u:object_r:ota_metadata_file:s0
/metadata/password_slots(/.*)?    u:object_r:password_slot_metadata_file:s0
/metadata/ota(/.*)?       u:object_r:ota_metadata_file:s0
/metadata/bootstat(/.*)?  u:object_r:metadata_bootstat_file:s0
/metadata/staged-install(/.*)?    u:object_r:staged_install_file:s0
/metadata/userspacereboot(/.*)?    u:object_r:userspace_reboot_metadata_file:s0
/metadata/watchdog(/.*)?    u:object_r:watchdog_metadata_file:s0
/metadata/repair-mode(/.*)?    u:object_r:repair_mode_metadata_file:s0
/metadata/aconfig(/.*)?    u:object_r:aconfig_storage_metadata_file:s0
/metadata/aconfig/flags(/.*)?    u:object_r:aconfig_storage_flags_metadata_file:s0

#############################
# asec containers
/mnt/asec(/.*)?             u:object_r:asec_apk_file:s0
/mnt/asec/[^/]+/[^/]+\.zip  u:object_r:asec_public_file:s0
/mnt/asec/[^/]+/lib(/.*)?   u:object_r:asec_public_file:s0
/data/app-asec(/.*)?        u:object_r:asec_image_file:s0

#############################
# external storage
/mnt/media_rw(/.*)?         u:object_r:mnt_media_rw_file:s0
/mnt/user(/.*)?             u:object_r:mnt_user_file:s0
/mnt/pass_through(/.*)?     u:object_r:mnt_pass_through_file:s0
/mnt/sdcard                 u:object_r:mnt_sdcard_file:s0
/mnt/runtime(/.*)?          u:object_r:storage_file:s0
/storage(/.*)?              u:object_r:storage_file:s0

#############################
# mount point for read-write vendor partitions
/mnt/vendor(/.*)?           u:object_r:mnt_vendor_file:s0

#############################
# mount point for read-write product partitions
/mnt/product(/.*)?          u:object_r:mnt_product_file:s0

#############################
# /postinstall file contexts
/(system|product)/bin/check_dynamic_partitions  u:object_r:postinstall_exec:s0
/(system|product)/bin/otapreopt_script          u:object_r:postinstall_exec:s0
/(system|product)/bin/otapreopt                 u:object_r:postinstall_dexopt_exec:s0