Add "DO NOT ADD statements" comments to public
For visibility Bug: 232023812 Test: N/A Change-Id: I0bc6dc568210b81ba1f52acb18afd4bcc454ea1c
This commit is contained in:
Inseob Kim
parent
5769fd90f2
commit
09b27c7109
136 changed files with 540 additions and 7 deletions
|
|
@ -2,3 +2,7 @@
|
|||
# it lives in the rootfs and has no unique file type.
|
||||
type adbd, domain;
|
||||
type adbd_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type aidl_lazy_test_server, domain;
|
||||
type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# apexd -- manager for APEX packages
|
||||
type apexd, domain;
|
||||
type apexd_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -7,3 +7,7 @@
|
|||
### zygote spawned apps should be added here.
|
||||
###
|
||||
type appdomain_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
# app_zygote is an auxiliary zygote process that is used to spawn
|
||||
# isolated service processes for individual applications. It is
|
||||
# spawned from the regular zygote process as a "child zygote".
|
||||
|
||||
type app_zygote, domain;
|
||||
type app_zygote_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# ART service daemon.
|
||||
type artd, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -7,3 +7,7 @@ with_asan(`
|
|||
type asan_extract, domain, coredomain;
|
||||
type asan_extract_exec, exec_type, file_type, system_file_type;
|
||||
')
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type atrace, domain, coredomain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,6 @@
|
|||
type audioserver, domain;
|
||||
type audioserver_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# blkid called from vold
|
||||
type blkid, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# bluetooth subsystem
|
||||
type bluetooth, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# bootanimation oneshot service
|
||||
type bootanim, domain;
|
||||
type bootanim_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# bootstat command
|
||||
type bootstat, domain;
|
||||
type bootstat_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type bpfloader, domain, coredomain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# bufferhubd
|
||||
type bufferhubd, domain, mlstrustedsubject;
|
||||
type bufferhubd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
type cameraserver, domain;
|
||||
type cameraserver_exec, system_file_type, exec_type, file_type;
|
||||
type cameraserver_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type charger, charger_type, domain;
|
||||
type charger_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
# Context when health HAL runs charger mode
|
||||
|
||||
type charger_vendor, charger_type, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type crash_dump, domain;
|
||||
type crash_dump_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# credstore daemon
|
||||
type credstore, domain;
|
||||
type credstore_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -137,3 +137,7 @@ type rootdisk_sysdev, dev_type;
|
|||
|
||||
# vfio device
|
||||
type vfio_device, dev_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type dhcp, domain;
|
||||
type dhcp_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# DNS, DHCP services
|
||||
type dnsmasq, domain;
|
||||
type dnsmasq_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
type drmserver, domain;
|
||||
type drmserver_exec, system_file_type, exec_type, file_type;
|
||||
type drmserver_socket, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# dumpstate
|
||||
type dumpstate, domain, mlstrustedsubject;
|
||||
type dumpstate_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type e2fs, domain, coredomain;
|
||||
type e2fs_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -12,3 +12,7 @@
|
|||
### PackageManager flags an app as ephemeral at install time.
|
||||
|
||||
type ephemeral_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# evsmanager daemon
|
||||
type evsmanagerd, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# The extra_free_kbytes.sh script run by init.
|
||||
type extra_free_kbytes, domain;
|
||||
type extra_free_kbytes_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -3,3 +3,7 @@
|
|||
# Declare the domain unconditionally so we can always reference it
|
||||
# in neverallow rules.
|
||||
type fastbootd, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -627,3 +627,7 @@ with_asan(`type asanwrapper_exec, exec_type, file_type;')
|
|||
|
||||
# Deprecated in SDK version 28
|
||||
type audiohal_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type fingerprintd, domain;
|
||||
type fingerprintd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# The flags_health_check command run by init.
|
||||
type flags_health_check, domain, coredomain;
|
||||
type flags_health_check_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# Any fsck program run by init
|
||||
type fsck, domain;
|
||||
type fsck_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# Any fsck program run on untrusted block devices
|
||||
type fsck_untrusted, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type gatekeeperd, domain;
|
||||
type gatekeeperd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -3,3 +3,7 @@
|
|||
###
|
||||
|
||||
type gmscore_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# gpuservice - server for gpu stats and other gpu related services
|
||||
type gpuservice, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
type hal_graphics_composer_server_tmpfs, file_type;
|
||||
attribute hal_graphics_composer_client_tmpfs;
|
||||
expandattribute hal_graphics_composer_client_tmpfs true;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# healthd - battery/charger monitoring service daemon
|
||||
# healthd is removed. The type is kept for backwards compatibility.
|
||||
|
||||
type healthd, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type heapprofd, domain, coredomain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -90,3 +90,7 @@ type hidl_base_hwservice, hwservice_manager_type;
|
|||
type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# hwservicemanager - the Binder context manager for HAL services
|
||||
type hwservicemanager, domain, mlstrustedsubject;
|
||||
type hwservicemanager_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# idmap, when executed by installd
|
||||
type idmap, domain;
|
||||
type idmap_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -6,3 +6,6 @@
|
|||
# incident
|
||||
type incident, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -3,3 +3,7 @@
|
|||
|
||||
# incident_helper
|
||||
type incident_helper, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
# incidentd
|
||||
type incidentd, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
type init, domain, mlstrustedsubject;
|
||||
type init_exec, system_file_type, exec_type, file_type;
|
||||
type init_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# inputflinger
|
||||
type inputflinger, domain;
|
||||
type inputflinger_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# installer daemon
|
||||
type installd, domain;
|
||||
type installd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -7,3 +7,7 @@
|
|||
###
|
||||
|
||||
type isolated_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type isolated_compute_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# Life begins with the kernel.
|
||||
type kernel, domain, mlstrustedsubject;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# keystore daemon
|
||||
type keystore, domain, keystore2_key_type;
|
||||
type keystore_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# A keystore2 namespace for WI-FI.
|
||||
type wifi_key, keystore2_key_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# llkd Live LocK Daemon
|
||||
type llkd, domain, mlstrustedsubject;
|
||||
type llkd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# lmkd low memory killer daemon
|
||||
type lmkd, domain, mlstrustedsubject;
|
||||
type lmkd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# android user-space log manager
|
||||
type logd, domain, mlstrustedsubject;
|
||||
type logd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# android debug logging, logpersist domains
|
||||
type logpersist, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# mdns daemon
|
||||
type mdnsd, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# mediadrmserver - mediadrm daemon
|
||||
type mediadrmserver, domain;
|
||||
type mediadrmserver_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
type mediaextractor, domain;
|
||||
type mediaextractor_exec, system_file_type, exec_type, file_type;
|
||||
type mediaextractor_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# mediametrics - daemon for collecting media.metrics data
|
||||
type mediametrics, domain;
|
||||
type mediametrics_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -4,3 +4,7 @@
|
|||
###
|
||||
|
||||
type mediaprovider, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
type mediaserver, domain;
|
||||
type mediaserver_exec, system_file_type, exec_type, file_type;
|
||||
type mediaserver_tmpfs, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type mediaswcodec, domain;
|
||||
type mediaswcodec_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type mediatranscoding, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type modprobe, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# vpn tunneling protocol manager
|
||||
type mtp, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
type node, node_type;
|
||||
type netif, netif_type;
|
||||
type port, port_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# network manager
|
||||
type netd, domain, mlstrustedsubject;
|
||||
type netd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type netutils_wrapper, domain;
|
||||
type netutils_wrapper_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# Network stack service app
|
||||
type network_stack, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# nfc subsystem
|
||||
type nfc, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
|
||||
# TODO: Only present to allow mediatek/wembley-sepolicy to see it for validation reasons.
|
||||
type otapreopt_chroot, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type perfetto, domain, coredomain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# performanced
|
||||
type performanced, domain, mlstrustedsubject;
|
||||
type performanced_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -3,3 +3,7 @@
|
|||
###
|
||||
|
||||
type platform_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -2,3 +2,7 @@
|
|||
# Extend the permissions in this domain to allow this program to access other
|
||||
# files needed by the specific device on your device's sepolicy directory.
|
||||
type postinstall, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# Point to Point Protocol daemon
|
||||
type ppp, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -3,3 +3,7 @@
|
|||
###
|
||||
|
||||
type priv_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# PRNG seeder daemon
|
||||
type prng_seeder, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# profman
|
||||
type profman, domain;
|
||||
type profman_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -342,3 +342,7 @@ not_compatible_property(`
|
|||
compatible_property_only(`
|
||||
vendor_internal_prop(vendor_default_prop)
|
||||
')
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# phone subsystem
|
||||
type radio, domain, mlstrustedsubject;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -3,3 +3,7 @@
|
|||
# Declare the domain unconditionally so we can always reference it
|
||||
# in neverallow rules.
|
||||
type recovery, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# android recovery persistent log manager
|
||||
type recovery_persist, domain;
|
||||
type recovery_persist_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# android recovery refresh log manager
|
||||
type recovery_refresh, domain;
|
||||
type recovery_refresh_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -4,3 +4,7 @@
|
|||
###
|
||||
|
||||
type rkpdapp, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type rs, domain, coredomain;
|
||||
type rs_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# rss_hwm_reset resets RSS high-water mark counters for all procesess.
|
||||
type rss_hwm_reset, domain, coredomain, mlstrustedsubject;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type runas, domain, mlstrustedsubject;
|
||||
type runas_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1 +1,5 @@
|
|||
type runas_app, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
type sdcardd, domain;
|
||||
type sdcardd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# secure_element subsystem
|
||||
type secure_element, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -354,3 +354,7 @@ type hal_wifi_service, protected_service, hal_service_type, service_manager_type
|
|||
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# servicemanager - the Binder context manager
|
||||
type servicemanager, domain, mlstrustedsubject;
|
||||
type servicemanager_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# sgdisk called from vold
|
||||
type sgdisk, domain;
|
||||
type sgdisk_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
# Process which creates/updates shared RELRO files to be used by other apps.
|
||||
type shared_relro, domain;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
# Domain for shell processes spawned by ADB or console service.
|
||||
type shell, domain, mlstrustedsubject;
|
||||
type shell_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# system/sepolicy/public is for vendor-facing type and attribute definitions.
|
||||
# DO NOT ADD allow, neverallow, or dontaudit statements here.
|
||||
# Instead, add such policy rules to system/sepolicy/private/*.te.
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue