Update language to comply with Android's inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for reference

Bug: 161896447
Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff

prebuilts/api/26.0/private/app.te

@@ -494,7 +494,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -515,7 +515,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/26.0/private/domain.te

@@ -4,7 +4,7 @@ domain_auto_trans(domain, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold

prebuilts/api/26.0/private/incidentd.te

@@ -66,7 +66,7 @@ allow incidentd shell_exec:file rx_file_perms;
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/26.0/private/system_server.te

@@ -50,7 +50,7 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
@@ -92,7 +92,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/26.0/public/domain.te

@@ -195,19 +195,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -223,7 +223,7 @@ allow { domain -domain } vndservice_manager_type:service_manager { add find };
 ### neverallow rules
 ###
 
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 
 # TIOCSTI is only ever used for exploits. Block it.
@@ -234,7 +234,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init or recovery to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -243,7 +243,7 @@ neverallow {
   -vold
 } self:capability mknod;
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')
@@ -343,7 +343,7 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 #
 neverallow {
     domain
@@ -445,7 +445,7 @@ neverallow { domain -init } default_prop:property_service set;
 neverallow { domain -init } mmc_prop:property_service set;
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -668,7 +668,7 @@ full_treble_only(`
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {
@@ -722,7 +722,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -923,7 +923,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/26.0/public/hal_wifi_supplicant.te

@@ -5,7 +5,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
 allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/26.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/26.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

prebuilts/api/27.0/private/app.te

@@ -512,7 +512,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -533,7 +533,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/27.0/private/domain.te

@@ -4,7 +4,7 @@ domain_auto_trans(domain, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold

prebuilts/api/27.0/private/incidentd.te

@@ -66,7 +66,7 @@ allow incidentd shell_exec:file rx_file_perms;
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/27.0/private/isolated_app.te

@@ -74,7 +74,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

prebuilts/api/27.0/private/system_server.te

@@ -50,7 +50,7 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
@@ -95,7 +95,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/27.0/public/domain.te

@@ -195,19 +195,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -226,7 +226,7 @@ with_asan(`allow domain system_data_file:dir getattr;')
 ### neverallow rules
 ###
 
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 
 # TIOCSTI is only ever used for exploits. Block it.
@@ -237,7 +237,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init or recovery to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -246,7 +246,7 @@ neverallow {
   -vold
 } self:capability mknod;
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')
@@ -347,7 +347,7 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 #
 neverallow {
     domain
@@ -448,7 +448,7 @@ neverallow { domain -init } default_prop:property_service set;
 neverallow { domain -init } mmc_prop:property_service set;
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -664,7 +664,7 @@ full_treble_only(`
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {
@@ -718,7 +718,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -916,7 +916,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/27.0/public/hal_wifi_supplicant.te

@@ -5,7 +5,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
 allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/27.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/27.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

prebuilts/api/28.0/private/domain.te

@@ -4,7 +4,7 @@ domain_auto_trans(domain, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold

prebuilts/api/28.0/private/incidentd.te

@@ -115,7 +115,7 @@ userdebug_or_eng(`read_logd(incidentd)')
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/28.0/private/isolated_app.te

@@ -77,7 +77,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

prebuilts/api/28.0/private/perfetto.te

@@ -1,5 +1,5 @@
 # Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
 # This command line client accesses the privileged socket of the traced
 # daemon.
 

prebuilts/api/28.0/private/system_server.te

@@ -46,7 +46,7 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
@@ -91,7 +91,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/28.0/private/traced_probes.te

@@ -16,7 +16,7 @@ allow traced_probes debugfs_tracing:file rw_file_perms;
 allow traced_probes debugfs_trace_marker:file getattr;
 
 # TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
 userdebug_or_eng(`
 allow traced_probes debugfs_tracing_debug:file rw_file_perms;
 ')

prebuilts/api/28.0/public/app.te

@@ -530,7 +530,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -551,7 +551,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/28.0/public/domain.te

@@ -257,19 +257,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -288,7 +288,7 @@ with_asan(`allow domain system_data_file:dir getattr;')
 ### neverallow rules
 ###
 
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 
 # b/68014825 and https://android-review.googlesource.com/516535
@@ -303,7 +303,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -312,7 +312,7 @@ neverallow {
   -vold
 } self:global_capability_class_set mknod;
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')
@@ -424,7 +424,7 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 #
 neverallow {
     domain
@@ -552,7 +552,7 @@ compatible_property_only(`
 ')
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -928,7 +928,7 @@ full_treble_only(`
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {
@@ -997,7 +997,7 @@ full_treble_only(`
 
 full_treble_only(`
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -1014,7 +1014,7 @@ full_treble_only(`
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
-    # except for the ones whitelisted here.
+    # except for the ones allowlisted here.
     neverallow {
       coredomain
       -init
@@ -1224,7 +1224,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/28.0/public/hal_wifi_supplicant.te

@@ -5,7 +5,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
 allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/28.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/28.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

prebuilts/api/29.0/private/coredomain.te

@@ -15,7 +15,7 @@ neverallow {
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {

prebuilts/api/29.0/private/domain.te

@@ -83,7 +83,7 @@ userdebug_or_eng(`
 ')
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold
@@ -185,7 +185,7 @@ neverallow {
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 # Executable files loaded from /data is a persistence vector
 # we want to avoid. See
 # https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
@@ -299,7 +299,7 @@ neverallow {
     -zygote
 } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')

prebuilts/api/29.0/private/heapprofd.te

@@ -29,7 +29,7 @@ typeattribute heapprofd mlstrustedsubject;
 allow heapprofd self:capability kill;
 
 # When scanning /proc/[pid]/cmdline to find matching processes for by-name
-# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# profiling, only allowlisted domains will be allowed by SELinux. Avoid
 # spamming logs with denials for entries that we can not access.
 dontaudit heapprofd domain:dir { search open };
 

prebuilts/api/29.0/private/incidentd.te

@@ -126,7 +126,7 @@ userdebug_or_eng(`read_logd(incidentd)')
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/29.0/private/isolated_app.te

@@ -87,7 +87,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

prebuilts/api/29.0/private/perfetto.te

@@ -1,5 +1,5 @@
 # Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
 # This command line client accesses the privileged socket of the traced
 # daemon.
 

prebuilts/api/29.0/private/system_server.te

@@ -50,14 +50,14 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
 
 # Allow setup of tcp keepalive offload. This gives system_server the permission to
 # call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
-# be granted individually, except for a small set of safe values whitelisted in
+# be granted individually, except for a small set of safe values allowlisted in
 # public/domain.te.
 allow system_server appdomain:tcp_socket ioctl;
 
@@ -102,7 +102,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/29.0/private/traced_probes.te

@@ -16,7 +16,7 @@ allow traced_probes debugfs_tracing:file rw_file_perms;
 allow traced_probes debugfs_trace_marker:file getattr;
 
 # TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
 userdebug_or_eng(`
 allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
 allow traced_probes debugfs_tracing_debug:file rw_file_perms;

prebuilts/api/29.0/public/app.te

@@ -537,7 +537,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -558,7 +558,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/29.0/public/domain.te

@@ -260,19 +260,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -288,7 +288,7 @@ allowxperm domain tun_device:chr_file ioctl { FIOCLEX FIONCLEX };
 
 # Allow a process to make a determination whether a file descriptor
 # for a plain file or pipe (fifo_file) is a tty. Note that granting
-# this whitelist to domain does not grant the ioctl permission to
+# this allowlist to domain does not grant the ioctl permission to
 # these files. That must be granted separately.
 allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
 allowxperm domain domain:fifo_file ioctl { TCGETS };
@@ -331,7 +331,7 @@ allow domain apex_mnt_dir:lnk_file r_file_perms;
 ###
 
 # All ioctls on file-like objects (except chr_file and blk_file) and
-# sockets must be restricted to a whitelist.
+# sockets must be restricted to a allowlist.
 neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 };
 
 # b/68014825 and https://android-review.googlesource.com/516535
@@ -346,7 +346,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -544,7 +544,7 @@ compatible_property_only(`
 ')
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -951,7 +951,7 @@ full_treble_only(`
 
 full_treble_only(`
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -970,7 +970,7 @@ full_treble_only(`
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
-    # except for the ones whitelisted here.
+    # except for the ones allowlisted here.
     neverallow {
       coredomain
       -init
@@ -998,7 +998,7 @@ full_treble_only(`
 
 full_treble_only(`
   # Do not allow system components access to /vendor files except for the
-  # ones whitelisted here.
+  # ones allowlisted here.
   neverallow {
     coredomain
     # TODO(b/37168747): clean up fwk access to /vendor
@@ -1028,7 +1028,7 @@ full_treble_only(`
 
 full_treble_only(`
   # Do not allow vendor components access to /system files except for the
-  # ones whitelisted here.
+  # ones allowlisted here.
   neverallow {
     domain
     -appdomain
@@ -1215,7 +1215,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/29.0/public/hal_wifi_supplicant.te

@@ -4,7 +4,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 
 hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/29.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, system_file_type, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/29.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

prebuilts/api/30.0/private/atrace.te

@@ -59,7 +59,7 @@ userdebug_or_eng(`
   hal_client_domain(atrace, hal_vibrator)
 ')
 
-# Remove logspam from notification attempts to non-whitelisted services.
+# Remove logspam from notification attempts to non-allowlisted services.
 dontaudit atrace hwservice_manager_type:hwservice_manager find;
 dontaudit atrace service_manager_type:service_manager find;
 dontaudit atrace domain:binder call;

prebuilts/api/30.0/private/coredomain.te

@@ -15,7 +15,7 @@ neverallow {
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {

prebuilts/api/30.0/private/domain.te

@@ -122,7 +122,7 @@ allow domain linkerconfig_file:file r_file_perms;
 allow domain boringssl_self_test_marker:dir search;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold
@@ -225,7 +225,7 @@ neverallow {
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 # Executable files loaded from /data is a persistence vector
 # we want to avoid. See
 # https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
@@ -342,7 +342,7 @@ neverallow {
     -zygote
 } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')

prebuilts/api/30.0/private/heapprofd.te

@@ -29,7 +29,7 @@ typeattribute heapprofd mlstrustedsubject;
 allow heapprofd self:capability kill;
 
 # When scanning /proc/[pid]/cmdline to find matching processes for by-name
-# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# profiling, only allowlisted domains will be allowed by SELinux. Avoid
 # spamming logs with denials for entries that we can not access.
 dontaudit heapprofd domain:dir { search open };
 

prebuilts/api/30.0/private/incidentd.te

@@ -145,7 +145,7 @@ userdebug_or_eng(`read_logd(incidentd)')
 r_dir_file(incidentd, misc_logd_file)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/30.0/private/isolated_app.te

@@ -88,7 +88,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

prebuilts/api/30.0/private/perfetto.te

@@ -1,5 +1,5 @@
 # Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
 # This command line client accesses the privileged socket of the traced
 # daemon.
 

prebuilts/api/30.0/private/system_server.te

@@ -66,14 +66,14 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
 
 # Allow setup of tcp keepalive offload. This gives system_server the permission to
 # call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
-# be granted individually, except for a small set of safe values whitelisted in
+# be granted individually, except for a small set of safe values allowlisted in
 # public/domain.te.
 allow system_server appdomain:tcp_socket ioctl;
 
@@ -118,7 +118,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/30.0/private/traced_probes.te

@@ -16,7 +16,7 @@ allow traced_probes debugfs_tracing:file rw_file_perms;
 allow traced_probes debugfs_trace_marker:file getattr;
 
 # TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
 userdebug_or_eng(`
 allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
 allow traced_probes debugfs_tracing_debug:file rw_file_perms;

prebuilts/api/30.0/public/app.te

@@ -537,7 +537,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -558,7 +558,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/30.0/public/domain.te

@@ -260,19 +260,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -288,7 +288,7 @@ allowxperm domain tun_device:chr_file ioctl { FIOCLEX FIONCLEX };
 
 # Allow a process to make a determination whether a file descriptor
 # for a plain file or pipe (fifo_file) is a tty. Note that granting
-# this whitelist to domain does not grant the ioctl permission to
+# this allowlist to domain does not grant the ioctl permission to
 # these files. That must be granted separately.
 allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
 allowxperm domain domain:fifo_file ioctl { TCGETS };
@@ -331,7 +331,7 @@ allow domain apex_mnt_dir:lnk_file r_file_perms;
 ###
 
 # All ioctls on file-like objects (except chr_file and blk_file) and
-# sockets must be restricted to a whitelist.
+# sockets must be restricted to a allowlist.
 neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 };
 
 # b/68014825 and https://android-review.googlesource.com/516535
@@ -346,7 +346,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -544,7 +544,7 @@ compatible_property_only(`
 ')
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -934,7 +934,7 @@ full_treble_only(`
 
 full_treble_only(`
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -955,7 +955,7 @@ full_treble_only(`
 
 full_treble_only(`
     # Do not allow system components to execute files from vendor
-    # except for the ones whitelisted here.
+    # except for the ones allowlisted here.
     neverallow {
       coredomain
       -init
@@ -984,7 +984,7 @@ full_treble_only(`
 
 full_treble_only(`
   # Do not allow system components access to /vendor files except for the
-  # ones whitelisted here.
+  # ones allowlisted here.
   neverallow {
     coredomain
     # TODO(b/37168747): clean up fwk access to /vendor
@@ -1019,7 +1019,7 @@ full_treble_only(`
 
 full_treble_only(`
   # Do not allow vendor components access to /system files except for the
-  # ones whitelisted here.
+  # ones allowlisted here.
   neverallow {
     domain
     -appdomain
@@ -1212,7 +1212,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/30.0/public/hal_wifi_supplicant.te

@@ -4,7 +4,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 
 hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/30.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, system_file_type, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/30.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

private/atrace.te

@@ -59,7 +59,7 @@ userdebug_or_eng(`
   hal_client_domain(atrace, hal_vibrator)
 ')
 
-# Remove logspam from notification attempts to non-whitelisted services.
+# Remove logspam from notification attempts to non-allowlisted services.
 dontaudit atrace hwservice_manager_type:hwservice_manager find;
 dontaudit atrace service_manager_type:service_manager find;
 dontaudit atrace domain:binder call;

private/coredomain.te

@@ -34,7 +34,7 @@ neverallow {
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {

private/domain.te

@@ -109,7 +109,7 @@ allow domain linkerconfig_file:file r_file_perms;
 allow domain boringssl_self_test_marker:dir search;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold
@@ -212,7 +212,7 @@ neverallow {
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 # Executable files loaded from /data is a persistence vector
 # we want to avoid. See
 # https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
@@ -329,7 +329,7 @@ neverallow {
     -zygote
 } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')

private/heapprofd.te

@@ -29,7 +29,7 @@ typeattribute heapprofd mlstrustedsubject;
 allow heapprofd self:capability kill;
 
 # When scanning /proc/[pid]/cmdline to find matching processes for by-name
-# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# profiling, only allowlisted domains will be allowed by SELinux. Avoid
 # spamming logs with denials for entries that we can not access.
 dontaudit heapprofd domain:dir { search open };
 

private/incidentd.te

@@ -145,7 +145,7 @@ userdebug_or_eng(`read_logd(incidentd)')
 r_dir_file(incidentd, misc_logd_file)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

private/isolated_app.te

@@ -91,7 +91,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

private/perfetto.te

@@ -1,5 +1,5 @@
 # Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
 # This command line client accesses the privileged socket of the traced
 # daemon.
 

private/system_server.te

@@ -66,14 +66,14 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
 
 # Allow setup of tcp keepalive offload. This gives system_server the permission to
 # call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
-# be granted individually, except for a small set of safe values whitelisted in
+# be granted individually, except for a small set of safe values allowlisted in
 # public/domain.te.
 allow system_server appdomain:tcp_socket ioctl;
 
@@ -118,7 +118,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

private/traced_probes.te

@@ -16,7 +16,7 @@ allow traced_probes debugfs_tracing:file rw_file_perms;
 allow traced_probes debugfs_trace_marker:file getattr;
 
 # TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
 userdebug_or_eng(`
 allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
 allow traced_probes debugfs_tracing_debug:file rw_file_perms;

public/hal_wifi_supplicant.te

@@ -4,7 +4,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 
 hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, system_file_type, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init