Merge "Revert "DO NOT MERGE Fake 29.0 sepolicy prebuilts""
This commit is contained in:
commit
bf5ef59e10
390 changed files with 0 additions and 28681 deletions
|
@ -1,746 +0,0 @@
|
|||
#
|
||||
# Define common prefixes for access vectors
|
||||
#
|
||||
# common common_name { permission_name ... }
|
||||
|
||||
|
||||
#
|
||||
# Define a common prefix for file access vectors.
|
||||
#
|
||||
|
||||
common file
|
||||
{
|
||||
ioctl
|
||||
read
|
||||
write
|
||||
create
|
||||
getattr
|
||||
setattr
|
||||
lock
|
||||
relabelfrom
|
||||
relabelto
|
||||
append
|
||||
map
|
||||
unlink
|
||||
link
|
||||
rename
|
||||
execute
|
||||
quotaon
|
||||
mounton
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Define a common prefix for socket access vectors.
|
||||
#
|
||||
|
||||
common socket
|
||||
{
|
||||
# inherited from file
|
||||
ioctl
|
||||
read
|
||||
write
|
||||
create
|
||||
getattr
|
||||
setattr
|
||||
lock
|
||||
relabelfrom
|
||||
relabelto
|
||||
append
|
||||
map
|
||||
# socket-specific
|
||||
bind
|
||||
connect
|
||||
listen
|
||||
accept
|
||||
getopt
|
||||
setopt
|
||||
shutdown
|
||||
recvfrom
|
||||
sendto
|
||||
name_bind
|
||||
}
|
||||
|
||||
#
|
||||
# Define a common prefix for ipc access vectors.
|
||||
#
|
||||
|
||||
common ipc
|
||||
{
|
||||
create
|
||||
destroy
|
||||
getattr
|
||||
setattr
|
||||
read
|
||||
write
|
||||
associate
|
||||
unix_read
|
||||
unix_write
|
||||
}
|
||||
|
||||
#
|
||||
# Define a common for capability access vectors.
|
||||
#
|
||||
common cap
|
||||
{
|
||||
# The capabilities are defined in include/linux/capability.h
|
||||
# Capabilities >= 32 are defined in the cap2 common.
|
||||
# Care should be taken to ensure that these are consistent with
|
||||
# those definitions. (Order matters)
|
||||
|
||||
chown
|
||||
dac_override
|
||||
dac_read_search
|
||||
fowner
|
||||
fsetid
|
||||
kill
|
||||
setgid
|
||||
setuid
|
||||
setpcap
|
||||
linux_immutable
|
||||
net_bind_service
|
||||
net_broadcast
|
||||
net_admin
|
||||
net_raw
|
||||
ipc_lock
|
||||
ipc_owner
|
||||
sys_module
|
||||
sys_rawio
|
||||
sys_chroot
|
||||
sys_ptrace
|
||||
sys_pacct
|
||||
sys_admin
|
||||
sys_boot
|
||||
sys_nice
|
||||
sys_resource
|
||||
sys_time
|
||||
sys_tty_config
|
||||
mknod
|
||||
lease
|
||||
audit_write
|
||||
audit_control
|
||||
setfcap
|
||||
}
|
||||
|
||||
common cap2
|
||||
{
|
||||
mac_override # unused by SELinux
|
||||
mac_admin # unused by SELinux
|
||||
syslog
|
||||
wake_alarm
|
||||
block_suspend
|
||||
audit_read
|
||||
}
|
||||
|
||||
#
|
||||
# Define the access vectors.
|
||||
#
|
||||
# class class_name [ inherits common_name ] { permission_name ... }
|
||||
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for file-related objects.
|
||||
#
|
||||
|
||||
class filesystem
|
||||
{
|
||||
mount
|
||||
remount
|
||||
unmount
|
||||
getattr
|
||||
relabelfrom
|
||||
relabelto
|
||||
associate
|
||||
quotamod
|
||||
quotaget
|
||||
}
|
||||
|
||||
class dir
|
||||
inherits file
|
||||
{
|
||||
add_name
|
||||
remove_name
|
||||
reparent
|
||||
search
|
||||
rmdir
|
||||
open
|
||||
audit_access
|
||||
execmod
|
||||
}
|
||||
|
||||
class file
|
||||
inherits file
|
||||
{
|
||||
execute_no_trans
|
||||
entrypoint
|
||||
execmod
|
||||
open
|
||||
audit_access
|
||||
}
|
||||
|
||||
class lnk_file
|
||||
inherits file
|
||||
{
|
||||
open
|
||||
audit_access
|
||||
execmod
|
||||
}
|
||||
|
||||
class chr_file
|
||||
inherits file
|
||||
{
|
||||
execute_no_trans
|
||||
entrypoint
|
||||
execmod
|
||||
open
|
||||
audit_access
|
||||
}
|
||||
|
||||
class blk_file
|
||||
inherits file
|
||||
{
|
||||
open
|
||||
audit_access
|
||||
execmod
|
||||
}
|
||||
|
||||
class sock_file
|
||||
inherits file
|
||||
{
|
||||
open
|
||||
audit_access
|
||||
execmod
|
||||
}
|
||||
|
||||
class fifo_file
|
||||
inherits file
|
||||
{
|
||||
open
|
||||
audit_access
|
||||
execmod
|
||||
}
|
||||
|
||||
class fd
|
||||
{
|
||||
use
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for network-related objects.
|
||||
#
|
||||
|
||||
class socket
|
||||
inherits socket
|
||||
|
||||
class tcp_socket
|
||||
inherits socket
|
||||
{
|
||||
node_bind
|
||||
name_connect
|
||||
}
|
||||
|
||||
class udp_socket
|
||||
inherits socket
|
||||
{
|
||||
node_bind
|
||||
}
|
||||
|
||||
class rawip_socket
|
||||
inherits socket
|
||||
{
|
||||
node_bind
|
||||
}
|
||||
|
||||
class node
|
||||
{
|
||||
recvfrom
|
||||
sendto
|
||||
}
|
||||
|
||||
class netif
|
||||
{
|
||||
ingress
|
||||
egress
|
||||
}
|
||||
|
||||
class netlink_socket
|
||||
inherits socket
|
||||
|
||||
class packet_socket
|
||||
inherits socket
|
||||
|
||||
class key_socket
|
||||
inherits socket
|
||||
|
||||
class unix_stream_socket
|
||||
inherits socket
|
||||
{
|
||||
connectto
|
||||
}
|
||||
|
||||
class unix_dgram_socket
|
||||
inherits socket
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for process-related objects
|
||||
#
|
||||
|
||||
class process
|
||||
{
|
||||
fork
|
||||
transition
|
||||
sigchld # commonly granted from child to parent
|
||||
sigkill # cannot be caught or ignored
|
||||
sigstop # cannot be caught or ignored
|
||||
signull # for kill(pid, 0)
|
||||
signal # all other signals
|
||||
ptrace
|
||||
getsched
|
||||
setsched
|
||||
getsession
|
||||
getpgid
|
||||
setpgid
|
||||
getcap
|
||||
setcap
|
||||
share
|
||||
getattr
|
||||
setexec
|
||||
setfscreate
|
||||
noatsecure
|
||||
siginh
|
||||
setrlimit
|
||||
rlimitinh
|
||||
dyntransition
|
||||
setcurrent
|
||||
execmem
|
||||
execstack
|
||||
execheap
|
||||
setkeycreate
|
||||
setsockcreate
|
||||
getrlimit
|
||||
}
|
||||
|
||||
class process2
|
||||
{
|
||||
nnp_transition
|
||||
nosuid_transition
|
||||
}
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for ipc-related objects
|
||||
#
|
||||
|
||||
class ipc
|
||||
inherits ipc
|
||||
|
||||
class sem
|
||||
inherits ipc
|
||||
|
||||
class msgq
|
||||
inherits ipc
|
||||
{
|
||||
enqueue
|
||||
}
|
||||
|
||||
class msg
|
||||
{
|
||||
send
|
||||
receive
|
||||
}
|
||||
|
||||
class shm
|
||||
inherits ipc
|
||||
{
|
||||
lock
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for the security server.
|
||||
#
|
||||
|
||||
class security
|
||||
{
|
||||
compute_av
|
||||
compute_create
|
||||
compute_member
|
||||
check_context
|
||||
load_policy
|
||||
compute_relabel
|
||||
compute_user
|
||||
setenforce # was avc_toggle in system class
|
||||
setbool
|
||||
setsecparam
|
||||
setcheckreqprot
|
||||
read_policy
|
||||
validate_trans
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for system operations.
|
||||
#
|
||||
|
||||
class system
|
||||
{
|
||||
ipc_info
|
||||
syslog_read
|
||||
syslog_mod
|
||||
syslog_console
|
||||
module_request
|
||||
module_load
|
||||
}
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for controlling capabilities
|
||||
#
|
||||
|
||||
class capability
|
||||
inherits cap
|
||||
|
||||
class capability2
|
||||
inherits cap2
|
||||
|
||||
#
|
||||
# Extended Netlink classes
|
||||
#
|
||||
class netlink_route_socket
|
||||
inherits socket
|
||||
{
|
||||
nlmsg_read
|
||||
nlmsg_write
|
||||
}
|
||||
|
||||
class netlink_tcpdiag_socket
|
||||
inherits socket
|
||||
{
|
||||
nlmsg_read
|
||||
nlmsg_write
|
||||
}
|
||||
|
||||
class netlink_nflog_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_xfrm_socket
|
||||
inherits socket
|
||||
{
|
||||
nlmsg_read
|
||||
nlmsg_write
|
||||
}
|
||||
|
||||
class netlink_selinux_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_audit_socket
|
||||
inherits socket
|
||||
{
|
||||
nlmsg_read
|
||||
nlmsg_write
|
||||
nlmsg_relay
|
||||
nlmsg_readpriv
|
||||
nlmsg_tty_audit
|
||||
}
|
||||
|
||||
class netlink_dnrt_socket
|
||||
inherits socket
|
||||
|
||||
# Define the access vector interpretation for controlling
|
||||
# access to IPSec network data by association
|
||||
#
|
||||
class association
|
||||
{
|
||||
sendto
|
||||
recvfrom
|
||||
setcontext
|
||||
polmatch
|
||||
}
|
||||
|
||||
# Updated Netlink class for KOBJECT_UEVENT family.
|
||||
class netlink_kobject_uevent_socket
|
||||
inherits socket
|
||||
|
||||
class appletalk_socket
|
||||
inherits socket
|
||||
|
||||
class packet
|
||||
{
|
||||
send
|
||||
recv
|
||||
relabelto
|
||||
flow_in # deprecated
|
||||
flow_out # deprecated
|
||||
forward_in
|
||||
forward_out
|
||||
}
|
||||
|
||||
class key
|
||||
{
|
||||
view
|
||||
read
|
||||
write
|
||||
search
|
||||
link
|
||||
setattr
|
||||
create
|
||||
}
|
||||
|
||||
class dccp_socket
|
||||
inherits socket
|
||||
{
|
||||
node_bind
|
||||
name_connect
|
||||
}
|
||||
|
||||
class memprotect
|
||||
{
|
||||
mmap_zero
|
||||
}
|
||||
|
||||
# network peer labels
|
||||
class peer
|
||||
{
|
||||
recv
|
||||
}
|
||||
|
||||
class kernel_service
|
||||
{
|
||||
use_as_override
|
||||
create_files_as
|
||||
}
|
||||
|
||||
class tun_socket
|
||||
inherits socket
|
||||
{
|
||||
attach_queue
|
||||
}
|
||||
|
||||
class binder
|
||||
{
|
||||
impersonate
|
||||
call
|
||||
set_context_mgr
|
||||
transfer
|
||||
}
|
||||
|
||||
class netlink_iscsi_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_fib_lookup_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_connector_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_netfilter_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_generic_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_scsitransport_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_rdma_socket
|
||||
inherits socket
|
||||
|
||||
class netlink_crypto_socket
|
||||
inherits socket
|
||||
|
||||
class infiniband_pkey
|
||||
{
|
||||
access
|
||||
}
|
||||
|
||||
class infiniband_endport
|
||||
{
|
||||
manage_subnet
|
||||
}
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for controlling capabilities
|
||||
# in user namespaces
|
||||
#
|
||||
|
||||
class cap_userns
|
||||
inherits cap
|
||||
|
||||
class cap2_userns
|
||||
inherits cap2
|
||||
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for the new socket classes
|
||||
# enabled by the extended_socket_class policy capability.
|
||||
#
|
||||
|
||||
#
|
||||
# The next two classes were previously mapped to rawip_socket and therefore
|
||||
# have the same definition as rawip_socket (until further permissions
|
||||
# are defined).
|
||||
#
|
||||
class sctp_socket
|
||||
inherits socket
|
||||
{
|
||||
node_bind
|
||||
name_connect
|
||||
association
|
||||
}
|
||||
|
||||
class icmp_socket
|
||||
inherits socket
|
||||
{
|
||||
node_bind
|
||||
}
|
||||
|
||||
#
|
||||
# The remaining network socket classes were previously
|
||||
# mapped to the socket class and therefore have the
|
||||
# same definition as socket.
|
||||
#
|
||||
|
||||
class ax25_socket
|
||||
inherits socket
|
||||
|
||||
class ipx_socket
|
||||
inherits socket
|
||||
|
||||
class netrom_socket
|
||||
inherits socket
|
||||
|
||||
class atmpvc_socket
|
||||
inherits socket
|
||||
|
||||
class x25_socket
|
||||
inherits socket
|
||||
|
||||
class rose_socket
|
||||
inherits socket
|
||||
|
||||
class decnet_socket
|
||||
inherits socket
|
||||
|
||||
class atmsvc_socket
|
||||
inherits socket
|
||||
|
||||
class rds_socket
|
||||
inherits socket
|
||||
|
||||
class irda_socket
|
||||
inherits socket
|
||||
|
||||
class pppox_socket
|
||||
inherits socket
|
||||
|
||||
class llc_socket
|
||||
inherits socket
|
||||
|
||||
class can_socket
|
||||
inherits socket
|
||||
|
||||
class tipc_socket
|
||||
inherits socket
|
||||
|
||||
class bluetooth_socket
|
||||
inherits socket
|
||||
|
||||
class iucv_socket
|
||||
inherits socket
|
||||
|
||||
class rxrpc_socket
|
||||
inherits socket
|
||||
|
||||
class isdn_socket
|
||||
inherits socket
|
||||
|
||||
class phonet_socket
|
||||
inherits socket
|
||||
|
||||
class ieee802154_socket
|
||||
inherits socket
|
||||
|
||||
class caif_socket
|
||||
inherits socket
|
||||
|
||||
class alg_socket
|
||||
inherits socket
|
||||
|
||||
class nfc_socket
|
||||
inherits socket
|
||||
|
||||
class vsock_socket
|
||||
inherits socket
|
||||
|
||||
class kcm_socket
|
||||
inherits socket
|
||||
|
||||
class qipcrtr_socket
|
||||
inherits socket
|
||||
|
||||
class smc_socket
|
||||
inherits socket
|
||||
|
||||
class bpf
|
||||
{
|
||||
map_create
|
||||
map_read
|
||||
map_write
|
||||
prog_load
|
||||
prog_run
|
||||
}
|
||||
|
||||
class property_service
|
||||
{
|
||||
set
|
||||
}
|
||||
|
||||
class service_manager
|
||||
{
|
||||
add
|
||||
find
|
||||
list
|
||||
}
|
||||
|
||||
class hwservice_manager
|
||||
{
|
||||
add
|
||||
find
|
||||
list
|
||||
}
|
||||
|
||||
class keystore_key
|
||||
{
|
||||
get_state
|
||||
get
|
||||
insert
|
||||
delete
|
||||
exist
|
||||
list
|
||||
reset
|
||||
password
|
||||
lock
|
||||
unlock
|
||||
is_empty
|
||||
sign
|
||||
verify
|
||||
grant
|
||||
duplicate
|
||||
clear_uid
|
||||
add_auth
|
||||
user_changed
|
||||
gen_unique_id
|
||||
}
|
||||
|
||||
class drmservice {
|
||||
consumeRights
|
||||
setPlaybackStatus
|
||||
openDecryptSession
|
||||
closeDecryptSession
|
||||
initializeDecryptUnit
|
||||
decrypt
|
||||
finalizeDecryptUnit
|
||||
pread
|
||||
}
|
||||
|
||||
class xdp_socket
|
||||
inherits socket
|
|
@ -1,190 +0,0 @@
|
|||
### ADB daemon
|
||||
|
||||
typeattribute adbd coredomain;
|
||||
typeattribute adbd mlstrustedsubject;
|
||||
|
||||
init_daemon_domain(adbd)
|
||||
|
||||
domain_auto_trans(adbd, shell_exec, shell)
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow adbd self:process setcurrent;
|
||||
allow adbd su:process dyntransition;
|
||||
')
|
||||
|
||||
# When 'adb shell' is executed in recovery mode, adbd explicitly
|
||||
# switches into shell domain using setcon() because the shell executable
|
||||
# is not labeled as shell but as rootfs.
|
||||
recovery_only(`
|
||||
domain_trans(adbd, rootfs, shell)
|
||||
allow adbd shell:process dyntransition;
|
||||
|
||||
# Allows reboot fastboot to enter fastboot directly
|
||||
unix_socket_connect(adbd, recovery, recovery)
|
||||
')
|
||||
|
||||
# Do not sanitize the environment or open fds of the shell. Allow signaling
|
||||
# created processes.
|
||||
allow adbd shell:process { noatsecure signal };
|
||||
|
||||
# Set UID and GID to shell. Set supplementary groups.
|
||||
allow adbd self:global_capability_class_set { setuid setgid };
|
||||
|
||||
# Drop capabilities from bounding set on user builds.
|
||||
allow adbd self:global_capability_class_set setpcap;
|
||||
|
||||
# ignore spurious denials for adbd when disk space is low.
|
||||
dontaudit adbd self:global_capability_class_set sys_resource;
|
||||
|
||||
# adbd probes for vsock support. Do not generate denials when
|
||||
# this occurs. (b/123569840)
|
||||
dontaudit adbd self:{ socket vsock_socket } create;
|
||||
|
||||
# Create and use network sockets.
|
||||
net_domain(adbd)
|
||||
|
||||
# Access /dev/usb-ffs/adb/ep0
|
||||
allow adbd functionfs:dir search;
|
||||
allow adbd functionfs:file rw_file_perms;
|
||||
allowxperm adbd functionfs:file ioctl {
|
||||
FUNCTIONFS_ENDPOINT_DESC
|
||||
FUNCTIONFS_CLEAR_HALT
|
||||
};
|
||||
|
||||
# Use a pseudo tty.
|
||||
allow adbd devpts:chr_file rw_file_perms;
|
||||
|
||||
# adb push/pull /data/local/tmp.
|
||||
allow adbd shell_data_file:dir create_dir_perms;
|
||||
allow adbd shell_data_file:file create_file_perms;
|
||||
|
||||
# adb pull /data/local/traces/*
|
||||
allow adbd trace_data_file:dir r_dir_perms;
|
||||
allow adbd trace_data_file:file r_file_perms;
|
||||
|
||||
# adb pull /data/misc/profman.
|
||||
allow adbd profman_dump_data_file:dir r_dir_perms;
|
||||
allow adbd profman_dump_data_file:file r_file_perms;
|
||||
|
||||
# adb push/pull sdcard.
|
||||
allow adbd tmpfs:dir search;
|
||||
allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
|
||||
allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink
|
||||
allow adbd sdcard_type:dir create_dir_perms;
|
||||
allow adbd sdcard_type:file create_file_perms;
|
||||
|
||||
# adb pull /data/anr/traces.txt
|
||||
allow adbd anr_data_file:dir r_dir_perms;
|
||||
allow adbd anr_data_file:file r_file_perms;
|
||||
|
||||
# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
|
||||
set_prop(adbd, shell_prop)
|
||||
set_prop(adbd, powerctl_prop)
|
||||
set_prop(adbd, ffs_prop)
|
||||
set_prop(adbd, exported_ffs_prop)
|
||||
|
||||
# Access device logging gating property
|
||||
get_prop(adbd, device_logging_prop)
|
||||
|
||||
# Read device's serial number from system properties
|
||||
get_prop(adbd, serialno_prop)
|
||||
|
||||
# Read whether or not Test Harness Mode is enabled
|
||||
get_prop(adbd, test_harness_prop)
|
||||
|
||||
# Read device's overlayfs related properties and files
|
||||
userdebug_or_eng(`
|
||||
get_prop(adbd, persistent_properties_ready_prop)
|
||||
r_dir_file(adbd, sysfs_dt_firmware_android)
|
||||
')
|
||||
|
||||
# Run /system/bin/bu
|
||||
allow adbd system_file:file rx_file_perms;
|
||||
|
||||
# Perform binder IPC to surfaceflinger (screencap)
|
||||
# XXX Run screencap in a separate domain?
|
||||
binder_use(adbd)
|
||||
binder_call(adbd, surfaceflinger)
|
||||
binder_call(adbd, gpuservice)
|
||||
# b/13188914
|
||||
allow adbd gpu_device:chr_file rw_file_perms;
|
||||
allow adbd ion_device:chr_file rw_file_perms;
|
||||
r_dir_file(adbd, system_file)
|
||||
|
||||
# Needed for various screenshots
|
||||
hal_client_domain(adbd, hal_graphics_allocator)
|
||||
|
||||
# Read /data/misc/adb/adb_keys.
|
||||
allow adbd adb_keys_file:dir search;
|
||||
allow adbd adb_keys_file:file r_file_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Write debugging information to /data/adb
|
||||
# when persist.adb.trace_mask is set
|
||||
# https://code.google.com/p/android/issues/detail?id=72895
|
||||
allow adbd adb_data_file:dir rw_dir_perms;
|
||||
allow adbd adb_data_file:file create_file_perms;
|
||||
')
|
||||
|
||||
# ndk-gdb invokes adb forward to forward the gdbserver socket.
|
||||
allow adbd app_data_file:dir search;
|
||||
allow adbd app_data_file:sock_file write;
|
||||
allow adbd appdomain:unix_stream_socket connectto;
|
||||
|
||||
# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
|
||||
allow adbd zygote_exec:file r_file_perms;
|
||||
allow adbd system_file:file r_file_perms;
|
||||
|
||||
# Allow pulling the SELinux policy for CTS purposes
|
||||
allow adbd selinuxfs:dir r_dir_perms;
|
||||
allow adbd selinuxfs:file r_file_perms;
|
||||
allow adbd kernel:security read_policy;
|
||||
allow adbd service_contexts_file:file r_file_perms;
|
||||
allow adbd file_contexts_file:file r_file_perms;
|
||||
allow adbd seapp_contexts_file:file r_file_perms;
|
||||
allow adbd property_contexts_file:file r_file_perms;
|
||||
allow adbd sepolicy_file:file r_file_perms;
|
||||
|
||||
# Allow pulling config.gz for CTS purposes
|
||||
allow adbd config_gz:file r_file_perms;
|
||||
|
||||
allow adbd gpu_service:service_manager find;
|
||||
allow adbd surfaceflinger_service:service_manager find;
|
||||
allow adbd bootchart_data_file:dir search;
|
||||
allow adbd bootchart_data_file:file r_file_perms;
|
||||
|
||||
# Allow access to external storage; we have several visible mount points under /storage
|
||||
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
|
||||
allow adbd storage_file:dir r_dir_perms;
|
||||
allow adbd storage_file:lnk_file r_file_perms;
|
||||
allow adbd mnt_user_file:dir r_dir_perms;
|
||||
allow adbd mnt_user_file:lnk_file r_file_perms;
|
||||
|
||||
# Access to /data/media.
|
||||
# This should be removed if sdcardfs is modified to alter the secontext for its
|
||||
# accesses to the underlying FS.
|
||||
allow adbd media_rw_data_file:dir create_dir_perms;
|
||||
allow adbd media_rw_data_file:file create_file_perms;
|
||||
|
||||
r_dir_file(adbd, apk_data_file)
|
||||
|
||||
allow adbd rootfs:dir r_dir_perms;
|
||||
|
||||
# Allow to pull Perfetto traces.
|
||||
allow adbd perfetto_traces_data_file:file r_file_perms;
|
||||
allow adbd perfetto_traces_data_file:dir r_dir_perms;
|
||||
|
||||
# Connect to shell and use a socket transferred from it.
|
||||
# Used for e.g. abb.
|
||||
allow adbd shell:unix_stream_socket { read write };
|
||||
allow adbd shell:fd use;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
||||
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
|
||||
# transitions to the shell domain (except when it crashes). In particular, we
|
||||
# never want to see a transition from adbd to su (aka "adb root")
|
||||
neverallow adbd { domain -crash_dump -shell }:process transition;
|
||||
neverallow adbd { domain userdebug_or_eng(`-su') recovery_only(`-shell') }:process dyntransition;
|
|
@ -1,20 +0,0 @@
|
|||
# APEX pre- & post-install test.
|
||||
#
|
||||
# Allow to run pre- and post-install hooks for APEX test modules
|
||||
# in debuggable builds.
|
||||
|
||||
type apex_test_prepostinstall, domain, coredomain;
|
||||
type apex_test_prepostinstall_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# /dev/zero
|
||||
allow apex_test_prepostinstall apexd:fd use;
|
||||
# Logwrapper.
|
||||
create_pty(apex_test_prepostinstall)
|
||||
# Logwrapper executing sh.
|
||||
allow apex_test_prepostinstall shell_exec:file rx_file_perms;
|
||||
# Logwrapper exec.
|
||||
allow apex_test_prepostinstall system_file:file execute_no_trans;
|
||||
# Ls.
|
||||
allow apex_test_prepostinstall toolbox_exec:file rx_file_perms;
|
||||
')
|
|
@ -1,116 +0,0 @@
|
|||
typeattribute apexd coredomain;
|
||||
|
||||
init_daemon_domain(apexd)
|
||||
|
||||
# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
|
||||
allow apexd apex_data_file:dir create_dir_perms;
|
||||
allow apexd apex_data_file:file create_file_perms;
|
||||
|
||||
# Allow creating, reading and writing of APEX files/dirs in the APEX metadata dir
|
||||
allow apexd metadata_file:dir search;
|
||||
allow apexd apex_metadata_file:dir create_dir_perms;
|
||||
allow apexd apex_metadata_file:file create_file_perms;
|
||||
|
||||
# allow apexd to create loop devices with /dev/loop-control
|
||||
allow apexd loop_control_device:chr_file rw_file_perms;
|
||||
# allow apexd to access loop devices
|
||||
allow apexd loop_device:blk_file rw_file_perms;
|
||||
allowxperm apexd loop_device:blk_file ioctl {
|
||||
LOOP_GET_STATUS64
|
||||
LOOP_SET_STATUS64
|
||||
LOOP_SET_FD
|
||||
LOOP_SET_BLOCK_SIZE
|
||||
LOOP_SET_DIRECT_IO
|
||||
LOOP_CLR_FD
|
||||
BLKFLSBUF
|
||||
};
|
||||
# allow apexd to access /dev/block
|
||||
allow apexd block_device:dir r_dir_perms;
|
||||
|
||||
# allow apexd to access /dev/block/dm-* (device-mapper entries)
|
||||
allow apexd dm_device:chr_file rw_file_perms;
|
||||
allow apexd dm_device:blk_file rw_file_perms;
|
||||
|
||||
# sys_admin is required to access the device-mapper and mount
|
||||
allow apexd self:global_capability_class_set sys_admin;
|
||||
|
||||
# allow apexd to create a mount point in /apex
|
||||
allow apexd apex_mnt_dir:dir create_dir_perms;
|
||||
# allow apexd to mount in /apex
|
||||
allow apexd apex_mnt_dir:filesystem { mount unmount };
|
||||
allow apexd apex_mnt_dir:dir mounton;
|
||||
# allow apexd to create symlinks in /apex
|
||||
allow apexd apex_mnt_dir:lnk_file create_file_perms;
|
||||
# allow apexd to unlink apex files in /data/apex/active
|
||||
# note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
|
||||
# because it doesn't have write permission for staging_data_file object.
|
||||
allow apexd staging_data_file:file unlink;
|
||||
|
||||
# allow apexd to read files from /data/app-staging and hardlink them to /data/apex.
|
||||
allow apexd staging_data_file:dir r_dir_perms;
|
||||
allow apexd staging_data_file:file { r_file_perms link };
|
||||
|
||||
# allow apexd to read files from /vendor/apex
|
||||
|
||||
# Unmount and mount filesystems
|
||||
allow apexd labeledfs:filesystem { mount unmount };
|
||||
|
||||
# /sys directory tree traversal
|
||||
allow apexd sysfs_type:dir search;
|
||||
# Configure read-ahead of dm-verity and loop devices
|
||||
# for dm-X
|
||||
allow apexd sysfs_dm:dir r_dir_perms;
|
||||
allow apexd sysfs_dm:file rw_file_perms;
|
||||
# for loopX
|
||||
allow apexd sysfs_loop:dir r_dir_perms;
|
||||
allow apexd sysfs_loop:file rw_file_perms;
|
||||
|
||||
# Spawning a libbinder thread results in a dac_override deny,
|
||||
# /dev/cpuset/tasks is owned by system.
|
||||
#
|
||||
# See b/35323867#comment3
|
||||
dontaudit apexd self:global_capability_class_set { dac_override dac_read_search };
|
||||
|
||||
# Allow apexd to log to the kernel.
|
||||
allow apexd kmsg_device:chr_file w_file_perms;
|
||||
|
||||
# Allow apexd to reboot device. Required for rollbacks of apexes that are
|
||||
# not covered by rollback manager.
|
||||
set_prop(apexd, powerctl_prop)
|
||||
|
||||
# Find the vold service, and call into vold to manage FS checkpoints
|
||||
allow apexd vold_service:service_manager find;
|
||||
binder_call(apexd, vold)
|
||||
|
||||
# Apex pre- & post-install permission.
|
||||
|
||||
# Allow self-execute for the fork mount helper.
|
||||
allow apexd apexd_exec:file execute_no_trans;
|
||||
|
||||
# Unshare and make / private so that hooks cannot influence the
|
||||
# running system.
|
||||
allow apexd rootfs:dir mounton;
|
||||
|
||||
# Allow to execute shell for pre- and postinstall scripts. A transition
|
||||
# rule is required, thus restricted to execute and not execute_no_trans.
|
||||
allow apexd shell_exec:file { r_file_perms execute };
|
||||
|
||||
# apexd is using bootstrap bionic
|
||||
allow apexd system_bootstrap_lib_file:dir r_dir_perms;
|
||||
allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
|
||||
|
||||
# Allow transition to ART APEX preinstall domain.
|
||||
domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall)
|
||||
# Allow transition to ART APEX postinstall domain.
|
||||
domain_auto_trans(apexd, art_apex_postinstall_exec, art_apex_postinstall)
|
||||
|
||||
# Allow transition to test APEX preinstall domain.
|
||||
userdebug_or_eng(`
|
||||
domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
|
||||
')
|
||||
|
||||
neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
|
||||
neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms;
|
||||
neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
|
|
@ -1,17 +0,0 @@
|
|||
# Allow apps to read the Test Harness Mode property. This property is used in
|
||||
# the implementation of ActivityManager.isDeviceInTestHarnessMode()
|
||||
get_prop(appdomain, test_harness_prop)
|
||||
|
||||
neverallow appdomain system_server:udp_socket {
|
||||
accept append bind create ioctl listen lock name_bind
|
||||
relabelfrom relabelto setattr shutdown };
|
||||
|
||||
# Transition to a non-app domain.
|
||||
# Exception for the shell and su domains, can transition to runas, etc.
|
||||
# Exception for crash_dump to allow for app crash reporting.
|
||||
# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
|
||||
# to allow renderscript to create privileged executable files.
|
||||
neverallow { appdomain -shell userdebug_or_eng(`-su') }
|
||||
{ domain -appdomain -crash_dump -rs }:process { transition };
|
||||
neverallow { appdomain -shell userdebug_or_eng(`-su') }
|
||||
{ domain -appdomain }:process { dyntransition };
|
|
@ -1,293 +0,0 @@
|
|||
###
|
||||
### neverallow rules for untrusted app domains
|
||||
###
|
||||
|
||||
define(`all_untrusted_apps',`{
|
||||
ephemeral_app
|
||||
isolated_app
|
||||
mediaprovider
|
||||
untrusted_app
|
||||
untrusted_app_25
|
||||
untrusted_app_27
|
||||
untrusted_app_all
|
||||
}')
|
||||
# Receive or send uevent messages.
|
||||
neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
|
||||
|
||||
# Receive or send generic netlink messages
|
||||
neverallow all_untrusted_apps domain:netlink_socket *;
|
||||
|
||||
# Too much leaky information in debugfs. It's a security
|
||||
# best practice to ensure these files aren't readable.
|
||||
neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;
|
||||
neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:{ file lnk_file } read;
|
||||
|
||||
# Do not allow untrusted apps to register services.
|
||||
# Only trusted components of Android should be registering
|
||||
# services.
|
||||
neverallow all_untrusted_apps service_manager_type:service_manager add;
|
||||
|
||||
# Do not allow untrusted apps to use VendorBinder
|
||||
neverallow all_untrusted_apps vndbinder_device:chr_file *;
|
||||
neverallow all_untrusted_apps vndservice_manager_type:service_manager *;
|
||||
|
||||
# Do not allow untrusted apps to connect to the property service
|
||||
# or set properties. b/10243159
|
||||
neverallow { all_untrusted_apps -mediaprovider } property_socket:sock_file write;
|
||||
neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
|
||||
neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
|
||||
|
||||
# net.dns properties are not a public API. Temporarily exempt pre-Oreo apps,
|
||||
# but otherwise disallow untrusted apps from reading this property.
|
||||
neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
|
||||
|
||||
# Shared libraries created by trusted components within an app home
|
||||
# directory can be dlopen()ed. To maintain the W^X property, these files
|
||||
# must never be writable to the app.
|
||||
neverallow all_untrusted_apps app_exec_data_file:file
|
||||
{ append create link relabelfrom relabelto rename setattr write };
|
||||
|
||||
# Block calling execve() on files in an apps home directory.
|
||||
# This is a W^X violation (loading executable code from a writable
|
||||
# home directory). For compatibility, allow for targetApi <= 28.
|
||||
# b/112357170
|
||||
neverallow {
|
||||
all_untrusted_apps
|
||||
-untrusted_app_25
|
||||
-untrusted_app_27
|
||||
-runas_app
|
||||
} { app_data_file privapp_data_file }:file execute_no_trans;
|
||||
|
||||
# Do not allow untrusted apps to invoke dex2oat. This was historically required
|
||||
# by ART for compiling secondary dex files but has been removed in Q.
|
||||
# Exempt legacy apps (targetApi<=28) for compatibility.
|
||||
neverallow {
|
||||
all_untrusted_apps
|
||||
-untrusted_app_25
|
||||
-untrusted_app_27
|
||||
} dex2oat_exec:file no_x_file_perms;
|
||||
|
||||
# Do not allow untrusted apps to be assigned mlstrustedsubject.
|
||||
# This would undermine the per-user isolation model being
|
||||
# enforced via levelFrom=user in seapp_contexts and the mls
|
||||
# constraints. As there is no direct way to specify a neverallow
|
||||
# on attribute assignment, this relies on the fact that fork
|
||||
# permission only makes sense within a domain (hence should
|
||||
# never be granted to any other domain within mlstrustedsubject)
|
||||
# and an untrusted app is allowed fork permission to itself.
|
||||
neverallow all_untrusted_apps mlstrustedsubject:process fork;
|
||||
|
||||
# Do not allow untrusted apps to hard link to any files.
|
||||
# In particular, if an untrusted app links to other app data
|
||||
# files, installd will not be able to guarantee the deletion
|
||||
# of the linked to file. Hard links also contribute to security
|
||||
# bugs, so we want to ensure untrusted apps never have this
|
||||
# capability.
|
||||
neverallow all_untrusted_apps file_type:file link;
|
||||
|
||||
# Do not allow untrusted apps to access network MAC address file
|
||||
neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
|
||||
|
||||
# Do not allow any write access to files in /sys
|
||||
neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
|
||||
|
||||
# Apps may never access the default sysfs label.
|
||||
neverallow all_untrusted_apps sysfs:file no_rw_file_perms;
|
||||
|
||||
# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
|
||||
# ioctl permission, or 3. disallow the socket class.
|
||||
neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
|
||||
neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
|
||||
neverallow all_untrusted_apps *:{
|
||||
socket netlink_socket packet_socket key_socket appletalk_socket
|
||||
netlink_tcpdiag_socket netlink_nflog_socket
|
||||
netlink_xfrm_socket netlink_audit_socket
|
||||
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
|
||||
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
|
||||
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
|
||||
netlink_rdma_socket netlink_crypto_socket sctp_socket
|
||||
ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
|
||||
atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
|
||||
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
|
||||
alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
|
||||
} *;
|
||||
|
||||
# Do not allow untrusted apps access to /cache
|
||||
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
|
||||
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
|
||||
|
||||
# Do not allow untrusted apps to create/unlink files outside of its sandbox,
|
||||
# internal storage or sdcard.
|
||||
# World accessible data locations allow application to fill the device
|
||||
# with unaccounted for data. This data will not get removed during
|
||||
# application un-installation.
|
||||
neverallow { all_untrusted_apps -mediaprovider } {
|
||||
fs_type
|
||||
-sdcard_type
|
||||
file_type
|
||||
-app_data_file # The apps sandbox itself
|
||||
-privapp_data_file
|
||||
-app_exec_data_file # stored within the app sandbox directory
|
||||
-media_rw_data_file # Internal storage. Known that apps can
|
||||
# leave artfacts here after uninstall.
|
||||
-user_profile_data_file # Access to profile files
|
||||
userdebug_or_eng(`
|
||||
-method_trace_data_file # only on ro.debuggable=1
|
||||
-coredump_file # userdebug/eng only
|
||||
')
|
||||
}:dir_file_class_set { create unlink };
|
||||
|
||||
# No untrusted component should be touching /dev/fuse
|
||||
neverallow all_untrusted_apps fuse_device:chr_file *;
|
||||
|
||||
# Do not allow untrusted apps to directly open the tun_device
|
||||
neverallow all_untrusted_apps tun_device:chr_file open;
|
||||
# The tun_device ioctls below are not allowed, to prove equivalence
|
||||
# to the kernel patch at
|
||||
# https://android.googlesource.com/kernel/common/+/11cee2be0c2062ba88f04eb51196506f870a3b5d%5E%21
|
||||
neverallowxperm all_untrusted_apps tun_device:chr_file ioctl {
|
||||
SIOCGIFHWADDR
|
||||
SIOCSIFHWADDR
|
||||
TUNATTACHFILTER
|
||||
TUNDETACHFILTER
|
||||
TUNGETFEATURES
|
||||
TUNGETFILTER
|
||||
TUNGETSNDBUF
|
||||
TUNGETVNETHDRSZ
|
||||
TUNSETDEBUG
|
||||
TUNSETGROUP
|
||||
TUNSETIFF
|
||||
TUNSETLINK
|
||||
TUNSETNOCSUM
|
||||
TUNSETOFFLOAD
|
||||
TUNSETOWNER
|
||||
TUNSETPERSIST
|
||||
TUNSETQUEUE
|
||||
TUNSETSNDBUF
|
||||
TUNSETTXFILTER
|
||||
TUNSETVNETHDRSZ
|
||||
};
|
||||
|
||||
# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
|
||||
neverallow all_untrusted_apps anr_data_file:file ~{ open append };
|
||||
neverallow all_untrusted_apps anr_data_file:dir ~search;
|
||||
|
||||
# Avoid reads from generically labeled /proc files
|
||||
# Create a more specific label if needed
|
||||
neverallow all_untrusted_apps {
|
||||
proc
|
||||
proc_asound
|
||||
proc_filesystems
|
||||
proc_kmsg
|
||||
proc_loadavg
|
||||
proc_mounts
|
||||
proc_pagetypeinfo
|
||||
proc_slabinfo
|
||||
proc_stat
|
||||
proc_swaps
|
||||
proc_uptime
|
||||
proc_version
|
||||
proc_vmallocinfo
|
||||
proc_vmstat
|
||||
}:file { no_rw_file_perms no_x_file_perms };
|
||||
|
||||
# Avoid all access to kernel configuration
|
||||
neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
|
||||
|
||||
# Do not allow untrusted apps access to preloads data files
|
||||
neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
|
||||
|
||||
# Locking of files on /system could lead to denial of service attacks
|
||||
# against privileged system components
|
||||
neverallow all_untrusted_apps system_file:file lock;
|
||||
|
||||
# Do not permit untrusted apps to perform actions on HwBinder service_manager
|
||||
# other than find actions for services listed below
|
||||
neverallow all_untrusted_apps *:hwservice_manager ~find;
|
||||
|
||||
# Do not permit access from apps which host arbitrary code to HwBinder services,
|
||||
# except those considered sufficiently safe for access from such apps.
|
||||
# The two main reasons for this are:
|
||||
# 1. HwBinder servers do not perform client authentication because HIDL
|
||||
# currently does not expose caller UID information and, even if it did, many
|
||||
# HwBinder services either operate at a level below that of apps (e.g., HALs)
|
||||
# or must not rely on app identity for authorization. Thus, to be safe, the
|
||||
# default assumption is that every HwBinder service treats all its clients as
|
||||
# equally authorized to perform operations offered by the service.
|
||||
# 2. HAL servers (a subset of HwBinder services) contain code with higher
|
||||
# incidence rate of security issues than system/core components and have
|
||||
# access to lower layes of the stack (all the way down to hardware) thus
|
||||
# increasing opportunities for bypassing the Android security model.
|
||||
#
|
||||
# Safe services include:
|
||||
# - same process services: because they by definition run in the process
|
||||
# of the client and thus have the same access as the client domain in which
|
||||
# the process runs
|
||||
# - coredomain_hwservice: are considered safe because they do not pose risks
|
||||
# associated with reason #2 above.
|
||||
# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
|
||||
# designed for use by any domain.
|
||||
# - hal_graphics_allocator_hwservice: because these operations are also offered
|
||||
# by surfaceflinger Binder service, which apps are permitted to access
|
||||
# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
|
||||
# Binder service which apps were permitted to access.
|
||||
# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice.
|
||||
neverallow all_untrusted_apps {
|
||||
hwservice_manager_type
|
||||
-fwk_bufferhub_hwservice
|
||||
-hal_cas_hwservice
|
||||
-hal_codec2_hwservice
|
||||
-hal_configstore_ISurfaceFlingerConfigs
|
||||
-hal_graphics_allocator_hwservice
|
||||
-hal_graphics_mapper_hwservice
|
||||
-hal_neuralnetworks_hwservice
|
||||
-hal_omx_hwservice
|
||||
-hal_renderscript_hwservice
|
||||
-hidl_allocator_hwservice
|
||||
-hidl_manager_hwservice
|
||||
-hidl_memory_hwservice
|
||||
-hidl_token_hwservice
|
||||
-untrusted_app_visible_hwservice_violators
|
||||
}:hwservice_manager find;
|
||||
|
||||
# SELinux is not an API for untrusted apps to use
|
||||
neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
|
||||
|
||||
# Restrict *Binder access from apps to HAL domains. We can only do this on full
|
||||
# Treble devices where *Binder communications between apps and HALs are tightly
|
||||
# restricted.
|
||||
full_treble_only(`
|
||||
neverallow all_untrusted_apps {
|
||||
halserverdomain
|
||||
-coredomain
|
||||
-hal_configstore_server
|
||||
-hal_graphics_allocator_server
|
||||
-hal_cas_server
|
||||
-hal_neuralnetworks_server
|
||||
-hal_omx_server
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
-untrusted_app_visible_halserver_violators
|
||||
}:binder { call transfer };
|
||||
')
|
||||
|
||||
# Untrusted apps are not allowed to find mediaextractor update service.
|
||||
|
||||
# Access to /proc/tty/drivers, to allow apps to determine if they
|
||||
# are running in an emulated environment.
|
||||
# b/33214085 b/33814662 b/33791054 b/33211769
|
||||
# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
|
||||
# This will go away in a future Android release
|
||||
neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms;
|
||||
neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;
|
||||
|
||||
# Untrusted apps are not allowed to use cgroups.
|
||||
neverallow all_untrusted_apps cgroup:file *;
|
||||
|
||||
# Untrusted apps targetting >= Q are not allowed to open /dev/ashmem directly.
|
||||
# They must use ASharedMemory NDK API instead.
|
||||
neverallow {
|
||||
all_untrusted_apps
|
||||
-ephemeral_app
|
||||
-untrusted_app_25
|
||||
-untrusted_app_27
|
||||
} ashmem_device:chr_file open;
|
|
@ -1,158 +0,0 @@
|
|||
typeattribute app_zygote coredomain;
|
||||
|
||||
######
|
||||
###### Policy below is different from regular zygote-spawned apps
|
||||
######
|
||||
|
||||
# The app_zygote needs to be able to transition domains.
|
||||
typeattribute app_zygote mlstrustedsubject;
|
||||
|
||||
# Allow access to temporary files, which is normally permitted through
|
||||
# a domain macro.
|
||||
tmpfs_domain(app_zygote);
|
||||
|
||||
# Set the UID/GID of the process.
|
||||
# This will be further limited to a range of isolated UIDs with seccomp.
|
||||
allow app_zygote self:global_capability_class_set { setgid setuid };
|
||||
# Drop capabilities from bounding set.
|
||||
allow app_zygote self:global_capability_class_set setpcap;
|
||||
# Switch SELinux context to isolated app domain.
|
||||
allow app_zygote self:process setcurrent;
|
||||
allow app_zygote isolated_app:process dyntransition;
|
||||
|
||||
# For JIT
|
||||
allow app_zygote self:process execmem;
|
||||
|
||||
# Allow app_zygote to stat the files that it opens. It must
|
||||
# be able to inspect them so that it can reopen them on fork
|
||||
# if necessary: b/30963384.
|
||||
allow app_zygote debugfs_trace_marker:file getattr;
|
||||
|
||||
# get system_server process group
|
||||
allow app_zygote system_server:process getpgid;
|
||||
|
||||
# Interaction between the app_zygote and its children.
|
||||
allow app_zygote isolated_app:process setpgid;
|
||||
|
||||
# TODO (b/63631799) fix this access
|
||||
dontaudit app_zygote mnt_expand_file:dir getattr;
|
||||
|
||||
# Get seapp_contexts
|
||||
allow app_zygote seapp_contexts_file:file r_file_perms;
|
||||
# Check validity of SELinux context before use.
|
||||
selinux_check_context(app_zygote)
|
||||
# Check SELinux permissions.
|
||||
selinux_check_access(app_zygote)
|
||||
|
||||
######
|
||||
###### Policy below is shared with regular zygote-spawned apps
|
||||
######
|
||||
|
||||
# Child of zygote.
|
||||
allow app_zygote zygote:fd use;
|
||||
allow app_zygote zygote:process sigchld;
|
||||
|
||||
# For ART (read /data/dalvik-cache).
|
||||
r_dir_file(app_zygote, dalvikcache_data_file);
|
||||
allow app_zygote dalvikcache_data_file:file execute;
|
||||
|
||||
# Allow reading/executing installed binaries to enable preloading
|
||||
# application data
|
||||
allow app_zygote apk_data_file:dir r_dir_perms;
|
||||
allow app_zygote apk_data_file:file { r_file_perms execute };
|
||||
|
||||
# Allow app_zygote access to /vendor/overlay
|
||||
r_dir_file(app_zygote, vendor_overlay_file)
|
||||
|
||||
allow app_zygote system_data_file:lnk_file r_file_perms;
|
||||
allow app_zygote system_data_file:file { getattr read map };
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
||||
# Only permit transition to isolated_app.
|
||||
neverallow app_zygote { domain -isolated_app }:process dyntransition;
|
||||
|
||||
# Only setcon() transitions, no exec() based transitions, except for crash_dump.
|
||||
neverallow app_zygote { domain -crash_dump }:process transition;
|
||||
|
||||
# Must not exec() a program without changing domains.
|
||||
# Having said that, exec() above is not allowed.
|
||||
neverallow app_zygote *:file execute_no_trans;
|
||||
|
||||
# The only way to enter this domain is for the zygote to fork a new
|
||||
# app_zygote child.
|
||||
neverallow { domain -zygote } app_zygote:process dyntransition;
|
||||
|
||||
# Disallow write access to properties.
|
||||
neverallow app_zygote property_socket:sock_file write;
|
||||
neverallow app_zygote property_type:property_service set;
|
||||
|
||||
# Should not have any access to non-app data files.
|
||||
neverallow app_zygote {
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
}:file { rwx_file_perms };
|
||||
|
||||
neverallow app_zygote {
|
||||
service_manager_type
|
||||
-activity_service
|
||||
-ashmem_device_service
|
||||
-webviewupdate_service
|
||||
}:service_manager find;
|
||||
|
||||
# Isolated apps should not be able to access the driver directly.
|
||||
neverallow app_zygote gpu_device:chr_file { rwx_file_perms };
|
||||
|
||||
# Do not allow app_zygote access to /cache.
|
||||
neverallow app_zygote cache_file:dir ~{ r_dir_perms };
|
||||
neverallow app_zygote cache_file:file ~{ read getattr };
|
||||
|
||||
# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket,
|
||||
# unix_stream_socket, and netlink_selinux_socket.
|
||||
neverallow app_zygote domain:{
|
||||
socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket
|
||||
appletalk_socket netlink_route_socket netlink_tcpdiag_socket
|
||||
netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket
|
||||
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
|
||||
netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
|
||||
netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket
|
||||
sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket
|
||||
x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket
|
||||
pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket
|
||||
rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
|
||||
alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
|
||||
} *;
|
||||
|
||||
# Only allow app_zygote to talk to the logd socket, and su/heapprofd on eng/userdebug
|
||||
# This is because cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
|
||||
# Think twice before changing.
|
||||
neverallow app_zygote {
|
||||
domain
|
||||
-app_zygote
|
||||
-logd
|
||||
userdebug_or_eng(`-su')
|
||||
userdebug_or_eng(`-heapprofd')
|
||||
}:unix_dgram_socket *;
|
||||
|
||||
neverallow app_zygote {
|
||||
domain
|
||||
-app_zygote
|
||||
userdebug_or_eng(`-su')
|
||||
userdebug_or_eng(`-heapprofd')
|
||||
}:unix_stream_socket *;
|
||||
|
||||
# Never allow ptrace
|
||||
neverallow app_zygote *:process ptrace;
|
||||
|
||||
# Do not allow access to Bluetooth-related system properties.
|
||||
# neverallow rules for Bluetooth-related data files are listed above.
|
||||
neverallow app_zygote {
|
||||
bluetooth_a2dp_offload_prop
|
||||
bluetooth_audio_hal_prop
|
||||
bluetooth_prop
|
||||
exported_bluetooth_prop
|
||||
}:file create_file_perms;
|
|
@ -1,28 +0,0 @@
|
|||
# This command set checks the integrity of boot classpath ART
|
||||
# artifacts in /data, potentially removing them.
|
||||
|
||||
type art_apex_boot_integrity, domain, coredomain;
|
||||
type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# Technically not a daemon but we do want the transition from init domain to
|
||||
# art_apex_boot_integrity to occur.
|
||||
init_daemon_domain(art_apex_boot_integrity)
|
||||
|
||||
# Read dalvik cache directories, remove entries.
|
||||
allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name };
|
||||
# Read and possibly delete dalvik cache files.
|
||||
allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink };
|
||||
|
||||
# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh
|
||||
allow art_apex_boot_integrity shell_exec:file rx_file_perms;
|
||||
|
||||
# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity
|
||||
# permissions.
|
||||
allow art_apex_boot_integrity toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Fsverity in the same domain.
|
||||
allow art_apex_boot_integrity system_file:file execute_no_trans;
|
||||
# Fsverity work.
|
||||
allowxperm art_apex_boot_integrity dalvikcache_data_file:file ioctl {
|
||||
FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
|
||||
};
|
|
@ -1,31 +0,0 @@
|
|||
# ART APEX postinstall.
|
||||
#
|
||||
|
||||
type art_apex_postinstall, domain, coredomain;
|
||||
type art_apex_postinstall_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# /system/bin/sh (see b/126787589).
|
||||
allow art_apex_postinstall apexd:fd use;
|
||||
|
||||
# Read temp dirs and files. Move directories.
|
||||
allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent };
|
||||
allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom };
|
||||
# We're deleting the old /data/dalvik-cache/* and move the new ones
|
||||
# over.
|
||||
allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto };
|
||||
allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto };
|
||||
|
||||
# Required for relabel.
|
||||
allow art_apex_postinstall file_contexts_file:file r_file_perms;
|
||||
allow art_apex_postinstall self:global_capability_class_set sys_admin;
|
||||
|
||||
# Script helpers.
|
||||
allow art_apex_postinstall shell_exec:file rx_file_perms;
|
||||
allow art_apex_postinstall toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Fsverity in the same domain.
|
||||
allow art_apex_postinstall system_file:file execute_no_trans;
|
||||
# Fsverity work.
|
||||
allowxperm art_apex_postinstall ota_data_file:file ioctl {
|
||||
FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
|
||||
};
|
|
@ -1,33 +0,0 @@
|
|||
# ART APEX preinstall.
|
||||
#
|
||||
|
||||
type art_apex_preinstall, domain, coredomain;
|
||||
type art_apex_preinstall_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# /system/bin/sh (see b/126787589).
|
||||
allow art_apex_preinstall apexd:fd use;
|
||||
|
||||
# Create temp dirs and files under /data/ota.
|
||||
allow art_apex_preinstall ota_data_file:dir create_dir_perms;
|
||||
allow art_apex_preinstall ota_data_file:file create_file_perms;
|
||||
# We mount /data/ota/dalvik-cache over /data/dalvik-cache in our
|
||||
# mount namespace.
|
||||
allow art_apex_preinstall dalvikcache_data_file:dir { r_dir_perms mounton };
|
||||
allow art_apex_preinstall self:capability sys_admin;
|
||||
|
||||
# Script helpers.
|
||||
allow art_apex_preinstall shell_exec:file rx_file_perms;
|
||||
allow art_apex_preinstall toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Execute subscripts in the same domain.
|
||||
allow art_apex_preinstall art_apex_preinstall_exec:file execute_no_trans;
|
||||
|
||||
# Run dex2oat.
|
||||
domain_auto_trans(art_apex_preinstall, dex2oat_exec, dex2oat)
|
||||
|
||||
# Fsverity in the same domain.
|
||||
allow art_apex_preinstall system_file:file execute_no_trans;
|
||||
# Fsverity work.
|
||||
allowxperm art_apex_preinstall ota_data_file:file ioctl {
|
||||
FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
|
||||
};
|
|
@ -1,8 +0,0 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Technically not a daemon but we do want the transition from init domain to
|
||||
# asan_extract to occur.
|
||||
with_asan(`
|
||||
typeattribute asan_extract coredomain;
|
||||
init_daemon_domain(asan_extract)
|
||||
')
|
|
@ -1,9 +0,0 @@
|
|||
typeattribute ashmemd coredomain;
|
||||
type ashmemd_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
init_daemon_domain(ashmemd)
|
||||
|
||||
binder_use(ashmemd)
|
||||
add_service(ashmemd, ashmem_device_service)
|
||||
|
||||
allow ashmemd ashmem_device:chr_file rw_file_perms;
|
|
@ -1,78 +0,0 @@
|
|||
# Domain for atrace process.
|
||||
# It is spawned either by traced_probes or by init for the boottrace service.
|
||||
|
||||
type atrace, domain, coredomain;
|
||||
type atrace_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
# boottrace services uses /data/misc/boottrace/categories
|
||||
allow atrace boottrace_data_file:dir search;
|
||||
allow atrace boottrace_data_file:file r_file_perms;
|
||||
|
||||
# Allow atrace to access tracefs.
|
||||
allow atrace debugfs_tracing:dir r_dir_perms;
|
||||
allow atrace debugfs_tracing:file rw_file_perms;
|
||||
allow atrace debugfs_trace_marker:file getattr;
|
||||
|
||||
# Allow atrace to write data when a pipe is used for stdout/stderr
|
||||
# This is used by Perfetto to capture the output on error in atrace.
|
||||
allow atrace traced_probes:fd use;
|
||||
allow atrace traced_probes:fifo_file write;
|
||||
|
||||
# atrace sets debug.atrace.* properties
|
||||
set_prop(atrace, debug_prop)
|
||||
|
||||
# atrace pokes all the binder-enabled processes at startup with a
|
||||
# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
|
||||
|
||||
# Allow discovery of binder services.
|
||||
allow atrace {
|
||||
service_manager_type
|
||||
-apex_service
|
||||
-incident_service
|
||||
-iorapd_service
|
||||
-netd_service
|
||||
-dnsresolver_service
|
||||
-stats_service
|
||||
-dumpstate_service
|
||||
-installd_service
|
||||
-vold_service
|
||||
-lpdump_service
|
||||
}:service_manager { find };
|
||||
allow atrace servicemanager:service_manager list;
|
||||
|
||||
# Allow notifying the processes hosting specific binder services that
|
||||
# trace-related system properties have changed.
|
||||
binder_use(atrace)
|
||||
allow atrace healthd:binder call;
|
||||
allow atrace surfaceflinger:binder call;
|
||||
allow atrace system_server:binder call;
|
||||
allow atrace cameraserver:binder call;
|
||||
|
||||
# Similarly, on debug builds, allow specific HALs to be notified that
|
||||
# trace-related system properties have changed.
|
||||
userdebug_or_eng(`
|
||||
# List HAL interfaces.
|
||||
allow atrace hwservicemanager:hwservice_manager list;
|
||||
# Notify the camera HAL.
|
||||
hal_client_domain(atrace, hal_camera)
|
||||
')
|
||||
|
||||
# Remove logspam from notification attempts to non-whitelisted services.
|
||||
dontaudit atrace hwservice_manager_type:hwservice_manager find;
|
||||
dontaudit atrace service_manager_type:service_manager find;
|
||||
dontaudit atrace domain:binder call;
|
||||
|
||||
# atrace can call atrace HAL
|
||||
hal_client_domain(atrace, hal_atrace)
|
||||
|
||||
get_prop(atrace, hwservicemanager_prop)
|
||||
|
||||
userdebug_or_eng(`
|
||||
# atrace is generally invoked as a standalone binary from shell or perf
|
||||
# daemons like Perfetto traced_probes. However, in userdebug builds, there is
|
||||
# a further option to run atrace as an init daemon for boot tracing.
|
||||
init_daemon_domain(atrace)
|
||||
|
||||
allow atrace debugfs_tracing_debug:dir r_dir_perms;
|
||||
allow atrace debugfs_tracing_debug:file rw_file_perms;
|
||||
')
|
|
@ -1,98 +0,0 @@
|
|||
# audioserver - audio services daemon
|
||||
|
||||
typeattribute audioserver coredomain;
|
||||
|
||||
type audioserver_exec, exec_type, file_type, system_file_type;
|
||||
init_daemon_domain(audioserver)
|
||||
tmpfs_domain(audioserver)
|
||||
|
||||
r_dir_file(audioserver, sdcard_type)
|
||||
|
||||
binder_use(audioserver)
|
||||
binder_call(audioserver, binderservicedomain)
|
||||
binder_call(audioserver, appdomain)
|
||||
binder_service(audioserver)
|
||||
|
||||
hal_client_domain(audioserver, hal_allocator)
|
||||
# /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so
|
||||
r_dir_file(audioserver, system_file)
|
||||
|
||||
hal_client_domain(audioserver, hal_audio)
|
||||
|
||||
userdebug_or_eng(`
|
||||
# used for TEE sink - pcm capture for debug.
|
||||
allow audioserver media_data_file:dir create_dir_perms;
|
||||
allow audioserver audioserver_data_file:dir create_dir_perms;
|
||||
allow audioserver audioserver_data_file:file create_file_perms;
|
||||
|
||||
# ptrace to processes in the same domain for memory leak detection
|
||||
allow audioserver self:process ptrace;
|
||||
')
|
||||
|
||||
add_service(audioserver, audioserver_service)
|
||||
allow audioserver activity_service:service_manager find;
|
||||
allow audioserver appops_service:service_manager find;
|
||||
allow audioserver batterystats_service:service_manager find;
|
||||
allow audioserver external_vibrator_service:service_manager find;
|
||||
allow audioserver package_native_service:service_manager find;
|
||||
allow audioserver permission_service:service_manager find;
|
||||
allow audioserver power_service:service_manager find;
|
||||
allow audioserver scheduling_policy_service:service_manager find;
|
||||
allow audioserver mediametrics_service:service_manager find;
|
||||
|
||||
# Allow read/write access to bluetooth-specific properties
|
||||
set_prop(audioserver, bluetooth_a2dp_offload_prop)
|
||||
set_prop(audioserver, bluetooth_audio_hal_prop)
|
||||
set_prop(audioserver, bluetooth_prop)
|
||||
set_prop(audioserver, exported_bluetooth_prop)
|
||||
|
||||
# Grant access to audio files to audioserver
|
||||
allow audioserver audio_data_file:dir ra_dir_perms;
|
||||
allow audioserver audio_data_file:file create_file_perms;
|
||||
|
||||
# allow access to ALSA MMAP FDs for AAudio API
|
||||
allow audioserver audio_device:chr_file { read write };
|
||||
|
||||
not_full_treble(`allow audioserver audio_device:dir r_dir_perms;')
|
||||
not_full_treble(`allow audioserver audio_device:chr_file rw_file_perms;')
|
||||
|
||||
# For A2DP bridge which is loaded directly into audioserver
|
||||
unix_socket_connect(audioserver, bluetooth, bluetooth)
|
||||
|
||||
# Allow shell commands from ADB and shell for CTS testing/dumping
|
||||
allow audioserver adbd:fd use;
|
||||
allow audioserver adbd:unix_stream_socket { read write };
|
||||
allow audioserver shell:fifo_file { read write };
|
||||
|
||||
# Allow shell commands from ADB for CTS testing/dumping
|
||||
userdebug_or_eng(`
|
||||
allow audioserver su:fd use;
|
||||
allow audioserver su:fifo_file { read write };
|
||||
allow audioserver su:unix_stream_socket { read write };
|
||||
')
|
||||
|
||||
# Allow write access to log tag property
|
||||
set_prop(audioserver, log_tag_prop);
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
||||
# audioserver should never execute any executable without a
|
||||
# domain transition
|
||||
neverallow audioserver { file_type fs_type }:file execute_no_trans;
|
||||
|
||||
# The goal of the mediaserver split is to place media processing code into
|
||||
# restrictive sandboxes with limited responsibilities and thus limited
|
||||
# permissions. Example: Audioserver is only responsible for controlling audio
|
||||
# hardware and processing audio content. Cameraserver does the same for camera
|
||||
# hardware/content. Etc.
|
||||
#
|
||||
# Media processing code is inherently risky and thus should have limited
|
||||
# permissions and be isolated from the rest of the system and network.
|
||||
# Lengthier explanation here:
|
||||
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
||||
neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||
|
||||
# Allow using wake locks
|
||||
wakelock_use(audioserver)
|
|
@ -1,18 +0,0 @@
|
|||
#
|
||||
# /system/bin/auditctl executed for logd
|
||||
#
|
||||
# Performs maintenance of the kernel auditing system, including
|
||||
# setting rate limits on SELinux denials.
|
||||
#
|
||||
|
||||
type auditctl, domain, coredomain;
|
||||
type auditctl_exec, file_type, system_file_type, exec_type;
|
||||
|
||||
# Uncomment the line below to put this domain into permissive
|
||||
# mode. This helps speed SELinux policy development.
|
||||
# userdebug_or_eng(`permissive auditctl;')
|
||||
|
||||
init_daemon_domain(auditctl)
|
||||
|
||||
allow auditctl self:global_capability_class_set audit_control;
|
||||
allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
|
|
@ -1 +0,0 @@
|
|||
allow binder_in_vendor_violators binder_device:chr_file rw_file_perms;
|
|
@ -1,22 +0,0 @@
|
|||
# Rules common to all binder service domains
|
||||
|
||||
# Allow dumpstate and incidentd to collect information from binder services
|
||||
allow binderservicedomain { dumpstate incidentd }:fd use;
|
||||
allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
|
||||
allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
|
||||
allow binderservicedomain shell_data_file:file { getattr write };
|
||||
|
||||
# Allow dumpsys to work from adb shell or the serial console
|
||||
allow binderservicedomain devpts:chr_file rw_file_perms;
|
||||
allow binderservicedomain console_device:chr_file rw_file_perms;
|
||||
|
||||
# Receive and write to a pipe received over Binder from an app.
|
||||
allow binderservicedomain appdomain:fd use;
|
||||
allow binderservicedomain appdomain:fifo_file write;
|
||||
|
||||
# allow all services to run permission checks
|
||||
allow binderservicedomain permission_service:service_manager find;
|
||||
|
||||
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
|
||||
|
||||
use_keystore(binderservicedomain)
|
|
@ -1,6 +0,0 @@
|
|||
type blank_screen, domain, coredomain;
|
||||
type blank_screen_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
init_daemon_domain(blank_screen)
|
||||
|
||||
hal_client_domain(blank_screen, hal_light)
|
|
@ -1,22 +0,0 @@
|
|||
# blkid called from vold
|
||||
|
||||
typeattribute blkid coredomain;
|
||||
|
||||
type blkid_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# Allowed read-only access to encrypted devices to extract UUID/label
|
||||
allow blkid block_device:dir search;
|
||||
allow blkid userdata_block_device:blk_file r_file_perms;
|
||||
allow blkid dm_device:blk_file r_file_perms;
|
||||
|
||||
# Allow stdin/out back to vold
|
||||
allow blkid vold:fd use;
|
||||
allow blkid vold:fifo_file { read write getattr };
|
||||
|
||||
# For blkid launched through popen()
|
||||
allow blkid blkid_exec:file rx_file_perms;
|
||||
|
||||
# Only allow entry from vold
|
||||
neverallow { domain -vold } blkid:process transition;
|
||||
neverallow * blkid:process dyntransition;
|
||||
neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
|
|
@ -1,37 +0,0 @@
|
|||
# blkid for untrusted block devices
|
||||
|
||||
typeattribute blkid_untrusted coredomain;
|
||||
|
||||
# Allowed read-only access to vold block devices to extract UUID/label
|
||||
allow blkid_untrusted block_device:dir search;
|
||||
allow blkid_untrusted vold_device:blk_file r_file_perms;
|
||||
|
||||
# Allow stdin/out back to vold
|
||||
allow blkid_untrusted vold:fd use;
|
||||
allow blkid_untrusted vold:fifo_file { read write getattr };
|
||||
|
||||
# For blkid launched through popen()
|
||||
allow blkid_untrusted blkid_exec:file rx_file_perms;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
||||
# Untrusted blkid should never be run on block devices holding sensitive data
|
||||
neverallow blkid_untrusted {
|
||||
boot_block_device
|
||||
frp_block_device
|
||||
metadata_block_device
|
||||
recovery_block_device
|
||||
root_block_device
|
||||
swap_block_device
|
||||
system_block_device
|
||||
userdata_block_device
|
||||
cache_block_device
|
||||
dm_device
|
||||
}:blk_file no_rw_file_perms;
|
||||
|
||||
# Only allow entry from vold via blkid binary
|
||||
neverallow { domain -vold } blkid_untrusted:process transition;
|
||||
neverallow * blkid_untrusted:process dyntransition;
|
||||
neverallow blkid_untrusted { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
|
|
@ -1,83 +0,0 @@
|
|||
# bluetooth app
|
||||
|
||||
typeattribute bluetooth coredomain;
|
||||
|
||||
app_domain(bluetooth)
|
||||
net_domain(bluetooth)
|
||||
|
||||
# Socket creation under /data/misc/bluedroid.
|
||||
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
||||
|
||||
# Allow access to net_admin ioctls
|
||||
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
|
||||
|
||||
wakelock_use(bluetooth);
|
||||
|
||||
# Data file accesses.
|
||||
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
||||
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
||||
allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
|
||||
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
|
||||
|
||||
# Socket creation under /data/misc/bluedroid.
|
||||
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
||||
|
||||
allow bluetooth self:global_capability_class_set net_admin;
|
||||
allow bluetooth self:global_capability2_class_set wake_alarm;
|
||||
|
||||
# tethering
|
||||
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
|
||||
allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service };
|
||||
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
|
||||
allow bluetooth tun_device:chr_file rw_file_perms;
|
||||
allowxperm bluetooth tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
|
||||
allow bluetooth efs_file:dir search;
|
||||
|
||||
# allow Bluetooth to access uhid device for HID profile
|
||||
allow bluetooth uhid_device:chr_file rw_file_perms;
|
||||
|
||||
# proc access.
|
||||
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
|
||||
|
||||
# Allow write access to bluetooth specific properties
|
||||
set_prop(bluetooth, bluetooth_a2dp_offload_prop)
|
||||
set_prop(bluetooth, bluetooth_audio_hal_prop)
|
||||
set_prop(bluetooth, bluetooth_prop)
|
||||
set_prop(bluetooth, exported_bluetooth_prop)
|
||||
set_prop(bluetooth, pan_result_prop)
|
||||
|
||||
allow bluetooth audioserver_service:service_manager find;
|
||||
allow bluetooth bluetooth_service:service_manager find;
|
||||
allow bluetooth drmserver_service:service_manager find;
|
||||
allow bluetooth mediaserver_service:service_manager find;
|
||||
allow bluetooth radio_service:service_manager find;
|
||||
allow bluetooth app_api_service:service_manager find;
|
||||
allow bluetooth system_api_service:service_manager find;
|
||||
allow bluetooth network_stack_service:service_manager find;
|
||||
|
||||
# already open bugreport file descriptors may be shared with
|
||||
# the bluetooth process, from a file in
|
||||
# /data/data/com.android.shell/files/bugreports/bugreport-*.
|
||||
allow bluetooth shell_data_file:file read;
|
||||
|
||||
# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice
|
||||
allow bluetooth self:global_capability_class_set sys_nice;
|
||||
|
||||
hal_client_domain(bluetooth, hal_bluetooth)
|
||||
hal_client_domain(bluetooth, hal_telephony)
|
||||
|
||||
# Bluetooth A2DP offload requires binding with audio HAL
|
||||
hal_client_domain(bluetooth, hal_audio)
|
||||
|
||||
read_runtime_log_tags(bluetooth)
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
### These are things that the bluetooth app should NEVER be able to do
|
||||
###
|
||||
|
||||
# Superuser capabilities.
|
||||
# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice.
|
||||
neverallow bluetooth self:global_capability_class_set ~{ net_admin net_raw net_bind_service sys_nice};
|
||||
neverallow bluetooth self:global_capability2_class_set ~{ wake_alarm block_suspend };
|
|
@ -1,2 +0,0 @@
|
|||
# Allow clients to use a socket provided by the bluetooth app.
|
||||
allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
|
|
@ -1,6 +0,0 @@
|
|||
typeattribute bootanim coredomain;
|
||||
|
||||
init_daemon_domain(bootanim)
|
||||
|
||||
# b/68864350
|
||||
dontaudit bootanim unlabeled:dir search;
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute bootstat coredomain;
|
||||
|
||||
init_daemon_domain(bootstat)
|
|
@ -1,30 +0,0 @@
|
|||
# bpf program loader
|
||||
type bpfloader, domain;
|
||||
type bpfloader_exec, system_file_type, exec_type, file_type;
|
||||
typeattribute bpfloader coredomain;
|
||||
|
||||
# These permission is required for pin bpf program for netd.
|
||||
allow bpfloader fs_bpf:dir create_dir_perms;
|
||||
allow bpfloader fs_bpf:file create_file_perms;
|
||||
allow bpfloader devpts:chr_file { read write };
|
||||
|
||||
# Allow bpfloader to create bpf maps and programs. The map_read and map_write permission is needed
|
||||
# for retrieving a pinned map when bpfloader do a run time restart.
|
||||
allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create };
|
||||
|
||||
allow bpfloader self:global_capability_class_set sys_admin;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
neverallow { domain -bpfloader } *:bpf { map_create prog_load };
|
||||
neverallow { domain -bpfloader -netd -netutils_wrapper } *:bpf prog_run;
|
||||
neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
|
||||
neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||
# only system_server, netd and bpfloader can read/write the bpf maps
|
||||
neverallow { domain -system_server -netd -bpfloader} *:bpf { map_read map_write };
|
||||
|
||||
# No domain should be allowed to ptrace bpfloader
|
||||
neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
|
||||
|
||||
set_prop(bpfloader, bpf_progs_loaded_prop)
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute bufferhubd coredomain;
|
||||
|
||||
init_daemon_domain(bufferhubd)
|
|
@ -1,31 +0,0 @@
|
|||
dnsmasq netd fifo_file 77868789
|
||||
dnsmasq netd unix_stream_socket 77868789
|
||||
init app_data_file file 77873135
|
||||
init cache_file blk_file 77873135
|
||||
init logpersist file 77873135
|
||||
init nativetest_data_file dir 77873135
|
||||
init pstorefs dir 77873135
|
||||
init shell_data_file dir 77873135
|
||||
init shell_data_file file 77873135
|
||||
init shell_data_file lnk_file 77873135
|
||||
init shell_data_file sock_file 77873135
|
||||
init system_data_file chr_file 77873135
|
||||
isolated_app privapp_data_file dir 119596573
|
||||
isolated_app app_data_file dir 120394782
|
||||
mediaextractor app_data_file file 77923736
|
||||
mediaextractor radio_data_file file 77923736
|
||||
mediaprovider cache_file blk_file 77925342
|
||||
mediaprovider mnt_media_rw_file dir 77925342
|
||||
mediaprovider shell_data_file dir 77925342
|
||||
netd priv_app unix_stream_socket 77870037
|
||||
netd untrusted_app unix_stream_socket 77870037
|
||||
netd untrusted_app_25 unix_stream_socket 77870037
|
||||
netd untrusted_app_27 unix_stream_socket 77870037
|
||||
platform_app nfc_data_file dir 74331887
|
||||
system_server crash_dump process 73128755
|
||||
system_server sdcardfs file 77856826
|
||||
system_server storage_stub_file dir 112609936
|
||||
system_server zygote process 77856826
|
||||
usbd usbd capability 72472544
|
||||
vold system_data_file file 124108085
|
||||
zygote untrusted_app_25 process 77925912
|
|
@ -1,6 +0,0 @@
|
|||
typeattribute cameraserver coredomain;
|
||||
|
||||
typeattribute cameraserver camera_service_server;
|
||||
|
||||
init_daemon_domain(cameraserver)
|
||||
tmpfs_domain(cameraserver)
|
|
@ -1 +0,0 @@
|
|||
typeattribute charger coredomain;
|
|
@ -1,36 +0,0 @@
|
|||
# 464xlat daemon
|
||||
type clatd, domain, coredomain;
|
||||
type clatd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
net_domain(clatd)
|
||||
|
||||
r_dir_file(clatd, proc_net_type)
|
||||
userdebug_or_eng(`
|
||||
auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
|
||||
')
|
||||
|
||||
# Access objects inherited from netd.
|
||||
allow clatd netd:fd use;
|
||||
allow clatd netd:fifo_file { read write };
|
||||
# TODO: Check whether some or all of these sockets should be close-on-exec.
|
||||
allow clatd netd:netlink_kobject_uevent_socket { read write };
|
||||
allow clatd netd:netlink_nflog_socket { read write };
|
||||
allow clatd netd:netlink_route_socket { read write };
|
||||
allow clatd netd:udp_socket { read write };
|
||||
allow clatd netd:unix_stream_socket { read write };
|
||||
allow clatd netd:unix_dgram_socket { read write };
|
||||
|
||||
allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
|
||||
|
||||
# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
|
||||
# capable(CAP_IPC_LOCK), and then checks to see the requested amount is
|
||||
# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have
|
||||
# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices
|
||||
# so we permit any requests we see from clatd asking for this capability.
|
||||
# See https://android-review.googlesource.com/127940 and
|
||||
# https://b.corp.google.com/issues/21736319
|
||||
allow clatd self:global_capability_class_set ipc_lock;
|
||||
|
||||
allow clatd self:netlink_route_socket nlmsg_write;
|
||||
allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
|
||||
allow clatd tun_device:chr_file rw_file_perms;
|
|
@ -1,783 +0,0 @@
|
|||
;; attributes removed from current policy
|
||||
(typeattribute hal_wifi_keystore)
|
||||
(typeattribute hal_wifi_keystore_client)
|
||||
(typeattribute hal_wifi_keystore_server)
|
||||
|
||||
;; types removed from current policy
|
||||
(type untrusted_v2_app)
|
||||
(type asan_reboot_prop)
|
||||
(type commontime_management_service)
|
||||
(type log_device)
|
||||
(type mediacasserver_service)
|
||||
(type mediacodec)
|
||||
(type mediacodec_exec)
|
||||
(type qtaguid_proc)
|
||||
(type reboot_data_file)
|
||||
(type tracing_shell_writable)
|
||||
(type tracing_shell_writable_debug)
|
||||
(type vold_socket)
|
||||
(type webview_zygote_socket)
|
||||
(type rild)
|
||||
|
||||
(typeattributeset accessibility_service_26_0 (accessibility_service))
|
||||
(typeattributeset account_service_26_0 (account_service))
|
||||
(typeattributeset activity_service_26_0 (activity_service))
|
||||
(typeattributeset adbd_26_0 (adbd))
|
||||
(typeattributeset adb_data_file_26_0 (adb_data_file))
|
||||
(typeattributeset adbd_socket_26_0 (adbd_socket))
|
||||
(typeattributeset adb_keys_file_26_0 (adb_keys_file))
|
||||
(typeattributeset alarm_device_26_0 (alarm_device))
|
||||
(typeattributeset alarm_service_26_0 (alarm_service))
|
||||
(typeattributeset anr_data_file_26_0 (anr_data_file))
|
||||
(typeattributeset apk_data_file_26_0 (apk_data_file))
|
||||
(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
|
||||
(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
|
||||
(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
|
||||
(typeattributeset app_data_file_26_0 (app_data_file privapp_data_file))
|
||||
(typeattributeset app_fuse_file_26_0 (app_fuse_file))
|
||||
(typeattributeset app_fusefs_26_0 (app_fusefs))
|
||||
(typeattributeset appops_service_26_0 (appops_service))
|
||||
(typeattributeset appwidget_service_26_0 (appwidget_service))
|
||||
(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop))
|
||||
(typeattributeset asec_apk_file_26_0 (asec_apk_file))
|
||||
(typeattributeset asec_image_file_26_0 (asec_image_file))
|
||||
(typeattributeset asec_public_file_26_0 (asec_public_file))
|
||||
(typeattributeset ashmem_device_26_0 (ashmem_device))
|
||||
(typeattributeset assetatlas_service_26_0 (assetatlas_service))
|
||||
(typeattributeset audio_data_file_26_0 (audio_data_file))
|
||||
(typeattributeset audio_device_26_0 (audio_device))
|
||||
(typeattributeset audiohal_data_file_26_0 (audiohal_data_file))
|
||||
(typeattributeset audio_prop_26_0 (audio_prop))
|
||||
(typeattributeset audio_seq_device_26_0 (audio_seq_device))
|
||||
(typeattributeset audioserver_26_0 (audioserver))
|
||||
(typeattributeset audioserver_data_file_26_0 (audioserver_data_file))
|
||||
(typeattributeset audioserver_service_26_0 (audioserver_service))
|
||||
(typeattributeset audio_service_26_0 (audio_service))
|
||||
(typeattributeset audio_timer_device_26_0 (audio_timer_device))
|
||||
(typeattributeset autofill_service_26_0 (autofill_service))
|
||||
(typeattributeset backup_data_file_26_0 (backup_data_file))
|
||||
(typeattributeset backup_service_26_0 (backup_service))
|
||||
(typeattributeset batteryproperties_service_26_0 (batteryproperties_service))
|
||||
(typeattributeset battery_service_26_0 (battery_service))
|
||||
(typeattributeset batterystats_service_26_0 (batterystats_service))
|
||||
(typeattributeset binder_device_26_0 (binder_device))
|
||||
(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs))
|
||||
(typeattributeset blkid_26_0 (blkid))
|
||||
(typeattributeset blkid_untrusted_26_0 (blkid_untrusted))
|
||||
(typeattributeset block_device_26_0 (block_device))
|
||||
(typeattributeset bluetooth_26_0 (bluetooth))
|
||||
(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file))
|
||||
(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file))
|
||||
(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file))
|
||||
(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service))
|
||||
(typeattributeset bluetooth_prop_26_0 (bluetooth_prop))
|
||||
(typeattributeset bluetooth_service_26_0 (bluetooth_service))
|
||||
(typeattributeset bluetooth_socket_26_0 (bluetooth_socket))
|
||||
(typeattributeset bootanim_26_0 (bootanim))
|
||||
(typeattributeset bootanim_exec_26_0 (bootanim_exec))
|
||||
(typeattributeset boot_block_device_26_0 (boot_block_device))
|
||||
(typeattributeset bootchart_data_file_26_0 (bootchart_data_file))
|
||||
(typeattributeset bootstat_26_0 (bootstat))
|
||||
(typeattributeset bootstat_data_file_26_0 (bootstat_data_file))
|
||||
(typeattributeset bootstat_exec_26_0 (bootstat_exec))
|
||||
(typeattributeset boottime_prop_26_0 (boottime_prop))
|
||||
(typeattributeset boottrace_data_file_26_0 (boottrace_data_file))
|
||||
(typeattributeset bufferhubd_26_0 (bufferhubd))
|
||||
(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec))
|
||||
(typeattributeset cache_backup_file_26_0 (cache_backup_file))
|
||||
(typeattributeset cache_block_device_26_0 (cache_block_device))
|
||||
(typeattributeset cache_file_26_0 (cache_file))
|
||||
(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file))
|
||||
(typeattributeset cache_recovery_file_26_0 (cache_recovery_file))
|
||||
(typeattributeset camera_data_file_26_0 (camera_data_file))
|
||||
(typeattributeset camera_device_26_0 (camera_device))
|
||||
(typeattributeset cameraproxy_service_26_0 (cameraproxy_service))
|
||||
(typeattributeset cameraserver_26_0 (cameraserver))
|
||||
(typeattributeset cameraserver_exec_26_0 (cameraserver_exec))
|
||||
(typeattributeset cameraserver_service_26_0 (cameraserver_service))
|
||||
(typeattributeset cgroup_26_0 (cgroup))
|
||||
(typeattributeset charger_26_0 (charger))
|
||||
(typeattributeset clatd_26_0 (clatd))
|
||||
(typeattributeset clatd_exec_26_0 (clatd_exec))
|
||||
(typeattributeset clipboard_service_26_0 (clipboard_service))
|
||||
(typeattributeset commontime_management_service_26_0 (commontime_management_service))
|
||||
(typeattributeset companion_device_service_26_0 (companion_device_service))
|
||||
(typeattributeset configfs_26_0 (configfs))
|
||||
(typeattributeset config_prop_26_0 (config_prop))
|
||||
(typeattributeset connectivity_service_26_0 (connectivity_service))
|
||||
(typeattributeset connmetrics_service_26_0 (connmetrics_service))
|
||||
(typeattributeset console_device_26_0 (console_device))
|
||||
(typeattributeset consumer_ir_service_26_0 (consumer_ir_service))
|
||||
(typeattributeset content_service_26_0 (content_service))
|
||||
(typeattributeset contexthub_service_26_0 (contexthub_service))
|
||||
(typeattributeset coredump_file_26_0 (coredump_file))
|
||||
(typeattributeset country_detector_service_26_0 (country_detector_service))
|
||||
(typeattributeset coverage_service_26_0 (coverage_service))
|
||||
(typeattributeset cppreopt_prop_26_0 (cppreopt_prop))
|
||||
(typeattributeset cppreopts_26_0 (cppreopts))
|
||||
(typeattributeset cppreopts_exec_26_0 (cppreopts_exec))
|
||||
(typeattributeset cpuctl_device_26_0 (cpuctl_device))
|
||||
(typeattributeset cpuinfo_service_26_0 (cpuinfo_service))
|
||||
(typeattributeset crash_dump_26_0 (crash_dump))
|
||||
(typeattributeset crash_dump_exec_26_0 (crash_dump_exec))
|
||||
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
||||
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
||||
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
||||
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
|
||||
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
||||
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
||||
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
||||
(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop))
|
||||
(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file))
|
||||
(typeattributeset dalvik_prop_26_0 (dalvik_prop))
|
||||
(typeattributeset dbinfo_service_26_0 (dbinfo_service))
|
||||
(typeattributeset debugfs_26_0
|
||||
( debugfs
|
||||
debugfs_wakeup_sources
|
||||
))
|
||||
(typeattributeset debugfs_mmc_26_0 (debugfs_mmc))
|
||||
(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker))
|
||||
(typeattributeset debugfs_tracing_26_0 (debugfs_tracing))
|
||||
(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances))
|
||||
(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing))
|
||||
(typeattributeset debuggerd_prop_26_0 (debuggerd_prop))
|
||||
(typeattributeset debug_prop_26_0 (debug_prop))
|
||||
(typeattributeset default_android_hwservice_26_0 (default_android_hwservice))
|
||||
(typeattributeset default_android_service_26_0 (default_android_service))
|
||||
(typeattributeset default_android_vndservice_26_0 (default_android_vndservice))
|
||||
(typeattributeset default_prop_26_0
|
||||
( default_prop pm_prop))
|
||||
(typeattributeset device_26_0 (device))
|
||||
(typeattributeset device_identifiers_service_26_0 (device_identifiers_service))
|
||||
(typeattributeset deviceidle_service_26_0 (deviceidle_service))
|
||||
(typeattributeset device_logging_prop_26_0 (device_logging_prop))
|
||||
(typeattributeset device_policy_service_26_0 (device_policy_service))
|
||||
(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service))
|
||||
(typeattributeset devpts_26_0 (devpts))
|
||||
(typeattributeset dex2oat_26_0 (dex2oat))
|
||||
(typeattributeset dex2oat_exec_26_0 (dex2oat_exec))
|
||||
(typeattributeset dhcp_26_0 (dhcp))
|
||||
(typeattributeset dhcp_data_file_26_0 (dhcp_data_file))
|
||||
(typeattributeset dhcp_exec_26_0 (dhcp_exec))
|
||||
(typeattributeset dhcp_prop_26_0 (dhcp_prop))
|
||||
(typeattributeset diskstats_service_26_0 (diskstats_service))
|
||||
(typeattributeset display_service_26_0 (display_service))
|
||||
(typeattributeset dm_device_26_0 (dm_device))
|
||||
(typeattributeset dnsmasq_26_0 (dnsmasq))
|
||||
(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec))
|
||||
(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket))
|
||||
(typeattributeset DockObserver_service_26_0 (DockObserver_service))
|
||||
(typeattributeset dreams_service_26_0 (dreams_service))
|
||||
(typeattributeset drm_data_file_26_0 (drm_data_file))
|
||||
(typeattributeset drmserver_26_0 (drmserver))
|
||||
(typeattributeset drmserver_exec_26_0 (drmserver_exec))
|
||||
(typeattributeset drmserver_service_26_0 (drmserver_service))
|
||||
(typeattributeset drmserver_socket_26_0 (drmserver_socket))
|
||||
(typeattributeset dropbox_service_26_0 (dropbox_service))
|
||||
(typeattributeset dumpstate_26_0 (dumpstate))
|
||||
(typeattributeset dumpstate_exec_26_0 (dumpstate_exec))
|
||||
(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop))
|
||||
(typeattributeset dumpstate_prop_26_0 (dumpstate_prop))
|
||||
(typeattributeset dumpstate_service_26_0 (dumpstate_service))
|
||||
(typeattributeset dumpstate_socket_26_0 (dumpstate_socket))
|
||||
(typeattributeset efs_file_26_0 (efs_file))
|
||||
(typeattributeset ephemeral_app_26_0 (ephemeral_app))
|
||||
(typeattributeset ethernet_service_26_0 (ethernet_service))
|
||||
(typeattributeset ffs_prop_26_0 (ffs_prop))
|
||||
(typeattributeset file_contexts_file_26_0 (file_contexts_file))
|
||||
(typeattributeset fingerprintd_26_0 (fingerprintd))
|
||||
(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file))
|
||||
(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec))
|
||||
(typeattributeset fingerprintd_service_26_0 (fingerprintd_service))
|
||||
(typeattributeset fingerprint_prop_26_0 (fingerprint_prop))
|
||||
(typeattributeset fingerprint_service_26_0 (fingerprint_service))
|
||||
(typeattributeset firstboot_prop_26_0 (firstboot_prop))
|
||||
(typeattributeset font_service_26_0 (font_service))
|
||||
(typeattributeset frp_block_device_26_0 (frp_block_device))
|
||||
(typeattributeset fsck_26_0 (fsck))
|
||||
(typeattributeset fsck_exec_26_0 (fsck_exec))
|
||||
(typeattributeset fscklogs_26_0 (fscklogs))
|
||||
(typeattributeset fsck_untrusted_26_0 (fsck_untrusted))
|
||||
(typeattributeset full_device_26_0 (full_device))
|
||||
(typeattributeset functionfs_26_0 (functionfs))
|
||||
(typeattributeset fuse_26_0 (fuse))
|
||||
(typeattributeset fuse_device_26_0 (fuse_device))
|
||||
(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice))
|
||||
(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice))
|
||||
(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice))
|
||||
(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket))
|
||||
(typeattributeset gatekeeperd_26_0 (gatekeeperd))
|
||||
(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file))
|
||||
(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec))
|
||||
(typeattributeset gatekeeper_service_26_0 (gatekeeper_service))
|
||||
(typeattributeset gfxinfo_service_26_0 (gfxinfo_service))
|
||||
(typeattributeset gps_control_26_0 (gps_control))
|
||||
(typeattributeset gpu_device_26_0 (gpu_device))
|
||||
(typeattributeset gpu_service_26_0 (gpu_service))
|
||||
(typeattributeset graphics_device_26_0 (graphics_device))
|
||||
(typeattributeset graphicsstats_service_26_0 (graphicsstats_service))
|
||||
(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice))
|
||||
(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice))
|
||||
(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice))
|
||||
(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice))
|
||||
(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs))
|
||||
(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice))
|
||||
(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice))
|
||||
(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice))
|
||||
(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice))
|
||||
(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service))
|
||||
(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice))
|
||||
(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice))
|
||||
(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice))
|
||||
(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice))
|
||||
(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice))
|
||||
(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice))
|
||||
(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice))
|
||||
(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice))
|
||||
(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice))
|
||||
(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice))
|
||||
(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice))
|
||||
(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice))
|
||||
(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice))
|
||||
(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice))
|
||||
(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice))
|
||||
(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice))
|
||||
(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice))
|
||||
(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice))
|
||||
(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice))
|
||||
(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice))
|
||||
(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice))
|
||||
(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice))
|
||||
(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice))
|
||||
(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice))
|
||||
(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice))
|
||||
(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice))
|
||||
(typeattributeset hardware_properties_service_26_0 (hardware_properties_service))
|
||||
(typeattributeset hardware_service_26_0 (hardware_service))
|
||||
(typeattributeset hci_attach_dev_26_0 (hci_attach_dev))
|
||||
(typeattributeset hdmi_control_service_26_0 (hdmi_control_service))
|
||||
(typeattributeset healthd_26_0 (healthd))
|
||||
(typeattributeset healthd_exec_26_0 (healthd_exec))
|
||||
(typeattributeset heapdump_data_file_26_0 (heapdump_data_file))
|
||||
(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice))
|
||||
(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice))
|
||||
(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice))
|
||||
(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice))
|
||||
(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice))
|
||||
(typeattributeset hwbinder_device_26_0 (hwbinder_device))
|
||||
(typeattributeset hw_random_device_26_0 (hw_random_device))
|
||||
(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file))
|
||||
(typeattributeset hwservicemanager_26_0 (hwservicemanager))
|
||||
(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec))
|
||||
(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop))
|
||||
(typeattributeset i2c_device_26_0 (i2c_device))
|
||||
(typeattributeset icon_file_26_0 (icon_file))
|
||||
(typeattributeset idmap_26_0 (idmap))
|
||||
(typeattributeset idmap_exec_26_0 (idmap_exec))
|
||||
(typeattributeset iio_device_26_0 (iio_device))
|
||||
(typeattributeset imms_service_26_0 (imms_service))
|
||||
(typeattributeset incident_26_0 (incident))
|
||||
(typeattributeset incidentd_26_0 (incidentd))
|
||||
(typeattributeset incident_data_file_26_0 (incident_data_file))
|
||||
(typeattributeset incident_service_26_0 (incident_service))
|
||||
(typeattributeset init_26_0 (init))
|
||||
(typeattributeset init_exec_26_0 (init_exec watchdogd_exec))
|
||||
(typeattributeset inotify_26_0 (inotify))
|
||||
(typeattributeset input_device_26_0 (input_device))
|
||||
(typeattributeset inputflinger_26_0 (inputflinger))
|
||||
(typeattributeset inputflinger_exec_26_0 (inputflinger_exec))
|
||||
(typeattributeset inputflinger_service_26_0 (inputflinger_service))
|
||||
(typeattributeset input_method_service_26_0 (input_method_service))
|
||||
(typeattributeset input_service_26_0 (input_service))
|
||||
(typeattributeset installd_26_0 (installd))
|
||||
(typeattributeset install_data_file_26_0 (install_data_file))
|
||||
(typeattributeset installd_exec_26_0 (installd_exec))
|
||||
(typeattributeset installd_service_26_0 (installd_service))
|
||||
(typeattributeset install_recovery_26_0 (install_recovery))
|
||||
(typeattributeset install_recovery_exec_26_0 (install_recovery_exec))
|
||||
(typeattributeset ion_device_26_0 (ion_device))
|
||||
(typeattributeset IProxyService_service_26_0 (IProxyService_service))
|
||||
(typeattributeset ipsec_service_26_0 (ipsec_service))
|
||||
(typeattributeset isolated_app_26_0 (isolated_app))
|
||||
(typeattributeset jobscheduler_service_26_0 (jobscheduler_service))
|
||||
(typeattributeset kernel_26_0 (kernel))
|
||||
(typeattributeset keychain_data_file_26_0 (keychain_data_file))
|
||||
(typeattributeset keychord_device_26_0 (keychord_device))
|
||||
(typeattributeset keystore_26_0 (keystore))
|
||||
(typeattributeset keystore_data_file_26_0 (keystore_data_file))
|
||||
(typeattributeset keystore_exec_26_0 (keystore_exec))
|
||||
(typeattributeset keystore_service_26_0 (keystore_service))
|
||||
(typeattributeset kmem_device_26_0 (kmem_device))
|
||||
(typeattributeset kmsg_device_26_0 (kmsg_device))
|
||||
(typeattributeset labeledfs_26_0 (labeledfs))
|
||||
(typeattributeset launcherapps_service_26_0 (launcherapps_service))
|
||||
(typeattributeset lmkd_26_0 (lmkd))
|
||||
(typeattributeset lmkd_exec_26_0 (lmkd_exec))
|
||||
(typeattributeset lmkd_socket_26_0 (lmkd_socket))
|
||||
(typeattributeset location_service_26_0 (location_service))
|
||||
(typeattributeset lock_settings_service_26_0 (lock_settings_service))
|
||||
(typeattributeset logcat_exec_26_0 (logcat_exec))
|
||||
(typeattributeset logd_26_0 (logd))
|
||||
(typeattributeset log_device_26_0 (log_device))
|
||||
(typeattributeset logd_exec_26_0 (logd_exec))
|
||||
(typeattributeset logd_prop_26_0 (logd_prop))
|
||||
(typeattributeset logdr_socket_26_0 (logdr_socket))
|
||||
(typeattributeset logd_socket_26_0 (logd_socket))
|
||||
(typeattributeset logdw_socket_26_0 (logdw_socket))
|
||||
(typeattributeset logpersist_26_0 (logpersist))
|
||||
(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop))
|
||||
(typeattributeset log_prop_26_0 (log_prop))
|
||||
(typeattributeset log_tag_prop_26_0 (log_tag_prop))
|
||||
(typeattributeset loop_control_device_26_0 (loop_control_device))
|
||||
(typeattributeset loop_device_26_0 (loop_device))
|
||||
(typeattributeset mac_perms_file_26_0 (mac_perms_file))
|
||||
(typeattributeset mdnsd_26_0 (mdnsd))
|
||||
(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
|
||||
(typeattributeset mdns_socket_26_0 (mdns_socket))
|
||||
(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
|
||||
(typeattributeset mediacodec_26_0 (mediacodec))
|
||||
(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
|
||||
(typeattributeset mediacodec_service_26_0 (mediacodec_service))
|
||||
(typeattributeset media_data_file_26_0 (media_data_file))
|
||||
(typeattributeset mediadrmserver_26_0 (mediadrmserver))
|
||||
(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec))
|
||||
(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service))
|
||||
(typeattributeset mediaextractor_26_0 (mediaextractor))
|
||||
(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec))
|
||||
(typeattributeset mediaextractor_service_26_0 (mediaextractor_service))
|
||||
(typeattributeset mediametrics_26_0 (mediametrics))
|
||||
(typeattributeset mediametrics_exec_26_0 (mediametrics_exec))
|
||||
(typeattributeset mediametrics_service_26_0 (mediametrics_service))
|
||||
(typeattributeset media_projection_service_26_0 (media_projection_service))
|
||||
(typeattributeset media_router_service_26_0 (media_router_service))
|
||||
(typeattributeset media_rw_data_file_26_0 (media_rw_data_file))
|
||||
(typeattributeset mediaserver_26_0 (mediaserver))
|
||||
(typeattributeset mediaserver_exec_26_0 (mediaserver_exec))
|
||||
(typeattributeset mediaserver_service_26_0 (mediaserver_service))
|
||||
(typeattributeset media_session_service_26_0 (media_session_service))
|
||||
(typeattributeset meminfo_service_26_0 (meminfo_service))
|
||||
(typeattributeset metadata_block_device_26_0 (metadata_block_device))
|
||||
(typeattributeset method_trace_data_file_26_0 (method_trace_data_file))
|
||||
(typeattributeset midi_service_26_0 (midi_service))
|
||||
(typeattributeset misc_block_device_26_0 (misc_block_device))
|
||||
(typeattributeset misc_logd_file_26_0 (misc_logd_file))
|
||||
(typeattributeset misc_user_data_file_26_0 (misc_user_data_file))
|
||||
(typeattributeset mmc_prop_26_0 (mmc_prop))
|
||||
(typeattributeset mnt_expand_file_26_0 (mnt_expand_file))
|
||||
(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file))
|
||||
(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file))
|
||||
(typeattributeset mnt_user_file_26_0 (mnt_user_file))
|
||||
(typeattributeset modprobe_26_0 (modprobe))
|
||||
(typeattributeset mount_service_26_0 (mount_service))
|
||||
(typeattributeset mqueue_26_0 (mqueue))
|
||||
(typeattributeset mtd_device_26_0 (mtd_device))
|
||||
(typeattributeset mtp_26_0 (mtp))
|
||||
(typeattributeset mtp_device_26_0 (mtp_device))
|
||||
(typeattributeset mtpd_socket_26_0 (mtpd_socket))
|
||||
(typeattributeset mtp_exec_26_0 (mtp_exec))
|
||||
(typeattributeset nativetest_data_file_26_0 (nativetest_data_file))
|
||||
(typeattributeset netd_26_0 (netd))
|
||||
(typeattributeset net_data_file_26_0 (net_data_file))
|
||||
(typeattributeset netd_exec_26_0 (netd_exec))
|
||||
(typeattributeset netd_listener_service_26_0 (netd_listener_service))
|
||||
(typeattributeset net_dns_prop_26_0 (net_dns_prop))
|
||||
(typeattributeset netd_service_26_0 (netd_service))
|
||||
(typeattributeset netd_socket_26_0 (netd_socket))
|
||||
(typeattributeset netif_26_0 (netif))
|
||||
(typeattributeset netpolicy_service_26_0 (netpolicy_service))
|
||||
(typeattributeset net_radio_prop_26_0 (net_radio_prop))
|
||||
(typeattributeset netstats_service_26_0 (netstats_service))
|
||||
(typeattributeset netutils_wrapper_26_0 (netutils_wrapper))
|
||||
(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec))
|
||||
(typeattributeset network_management_service_26_0 (network_management_service))
|
||||
(typeattributeset network_score_service_26_0 (network_score_service))
|
||||
(typeattributeset network_time_update_service_26_0 (network_time_update_service))
|
||||
(typeattributeset nfc_26_0 (nfc))
|
||||
(typeattributeset nfc_data_file_26_0 (nfc_data_file))
|
||||
(typeattributeset nfc_device_26_0 (nfc_device))
|
||||
(typeattributeset nfc_prop_26_0 (nfc_prop))
|
||||
(typeattributeset nfc_service_26_0 (nfc_service))
|
||||
(typeattributeset node_26_0 (node))
|
||||
(typeattributeset notification_service_26_0 (notification_service))
|
||||
(typeattributeset null_device_26_0 (null_device))
|
||||
(typeattributeset oemfs_26_0 (oemfs))
|
||||
(typeattributeset oem_lock_service_26_0 (oem_lock_service))
|
||||
(typeattributeset ota_data_file_26_0 (ota_data_file))
|
||||
(typeattributeset otadexopt_service_26_0 (otadexopt_service))
|
||||
(typeattributeset ota_package_file_26_0 (ota_package_file))
|
||||
(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot))
|
||||
(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec))
|
||||
(typeattributeset otapreopt_slot_26_0 (otapreopt_slot))
|
||||
(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec))
|
||||
(typeattributeset overlay_prop_26_0 (overlay_prop))
|
||||
(typeattributeset overlay_service_26_0 (overlay_service))
|
||||
(typeattributeset owntty_device_26_0 (owntty_device))
|
||||
(typeattributeset package_service_26_0 (package_service))
|
||||
(typeattributeset pan_result_prop_26_0 (pan_result_prop))
|
||||
(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket))
|
||||
(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket))
|
||||
(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir))
|
||||
(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket))
|
||||
(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket))
|
||||
(typeattributeset pdx_display_dir_26_0 (pdx_display_dir))
|
||||
(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket))
|
||||
(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket))
|
||||
(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket))
|
||||
(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket))
|
||||
(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket))
|
||||
(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket))
|
||||
(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket))
|
||||
(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket))
|
||||
(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
|
||||
(typeattributeset performanced_26_0 (performanced))
|
||||
(typeattributeset performanced_exec_26_0 (performanced_exec))
|
||||
(typeattributeset perfprofd_26_0 (perfprofd))
|
||||
(typeattributeset perfprofd_data_file_26_0 (perfprofd_data_file))
|
||||
(typeattributeset perfprofd_exec_26_0 (perfprofd_exec))
|
||||
(typeattributeset permission_service_26_0 (permission_service))
|
||||
(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
|
||||
(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
|
||||
(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop))
|
||||
(typeattributeset pinner_service_26_0 (pinner_service))
|
||||
(typeattributeset pipefs_26_0 (pipefs))
|
||||
(typeattributeset platform_app_26_0 (platform_app))
|
||||
(typeattributeset pmsg_device_26_0 (pmsg_device))
|
||||
(typeattributeset port_26_0 (port))
|
||||
(typeattributeset port_device_26_0 (port_device))
|
||||
(typeattributeset postinstall_26_0 (postinstall))
|
||||
(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt))
|
||||
(typeattributeset postinstall_file_26_0 (postinstall_file))
|
||||
(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir))
|
||||
(typeattributeset powerctl_prop_26_0 (powerctl_prop))
|
||||
(typeattributeset power_service_26_0 (power_service))
|
||||
(typeattributeset ppp_26_0 (ppp))
|
||||
(typeattributeset ppp_device_26_0 (ppp_device))
|
||||
(typeattributeset ppp_exec_26_0 (ppp_exec))
|
||||
(typeattributeset preloads_data_file_26_0 (preloads_data_file))
|
||||
(typeattributeset preloads_media_file_26_0 (preloads_media_file))
|
||||
(typeattributeset preopt2cachename_26_0 (preopt2cachename))
|
||||
(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
|
||||
(typeattributeset print_service_26_0 (print_service))
|
||||
(typeattributeset priv_app_26_0 (mediaprovider priv_app))
|
||||
(typeattributeset proc_26_0
|
||||
( proc
|
||||
proc_abi
|
||||
proc_asound
|
||||
proc_buddyinfo
|
||||
proc_cmdline
|
||||
proc_dirty
|
||||
proc_diskstats
|
||||
proc_extra_free_kbytes
|
||||
proc_filesystems
|
||||
proc_hostname
|
||||
proc_hung_task
|
||||
proc_kmsg
|
||||
proc_loadavg
|
||||
proc_max_map_count
|
||||
proc_min_free_order_shift
|
||||
proc_mounts
|
||||
proc_page_cluster
|
||||
proc_pagetypeinfo
|
||||
proc_panic
|
||||
proc_pid_max
|
||||
proc_pipe_conf
|
||||
proc_random
|
||||
proc_sched
|
||||
proc_slabinfo
|
||||
proc_swaps
|
||||
proc_uid_time_in_state
|
||||
proc_uid_concurrent_active_time
|
||||
proc_uid_concurrent_policy_time
|
||||
proc_uid_cpupower
|
||||
proc_uptime
|
||||
proc_version
|
||||
proc_vmallocinfo
|
||||
proc_vmstat))
|
||||
(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
|
||||
(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
|
||||
(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
|
||||
(typeattributeset processinfo_service_26_0 (processinfo_service))
|
||||
(typeattributeset proc_interrupts_26_0 (proc_interrupts))
|
||||
(typeattributeset proc_iomem_26_0 (proc_iomem))
|
||||
(typeattributeset proc_meminfo_26_0 (proc_meminfo))
|
||||
(typeattributeset proc_misc_26_0 (proc_misc))
|
||||
(typeattributeset proc_modules_26_0 (proc_modules))
|
||||
(typeattributeset proc_net_26_0
|
||||
( proc_net
|
||||
proc_net_tcp_udp
|
||||
proc_qtaguid_stat))
|
||||
(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
|
||||
(typeattributeset proc_perf_26_0 (proc_perf))
|
||||
(typeattributeset proc_security_26_0 (proc_security))
|
||||
(typeattributeset proc_stat_26_0 (proc_stat))
|
||||
(typeattributeset procstats_service_26_0 (procstats_service))
|
||||
(typeattributeset proc_sysrq_26_0 (proc_sysrq))
|
||||
(typeattributeset proc_timer_26_0 (proc_timer))
|
||||
(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers))
|
||||
(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid))
|
||||
(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat))
|
||||
(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats))
|
||||
(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set))
|
||||
(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo))
|
||||
(typeattributeset profman_26_0 (profman))
|
||||
(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file))
|
||||
(typeattributeset profman_exec_26_0 (profman_exec))
|
||||
(typeattributeset properties_device_26_0 (properties_device))
|
||||
(typeattributeset properties_serial_26_0 (properties_serial))
|
||||
(typeattributeset property_contexts_file_26_0 (property_contexts_file))
|
||||
(typeattributeset property_data_file_26_0 (property_data_file))
|
||||
(typeattributeset property_socket_26_0 (property_socket))
|
||||
(typeattributeset pstorefs_26_0 (pstorefs))
|
||||
(typeattributeset ptmx_device_26_0 (ptmx_device))
|
||||
(typeattributeset qtaguid_device_26_0 (qtaguid_device))
|
||||
(typeattributeset qtaguid_proc_26_0
|
||||
( qtaguid_proc
|
||||
proc_qtaguid_ctrl))
|
||||
(typeattributeset racoon_26_0 (racoon))
|
||||
(typeattributeset racoon_exec_26_0 (racoon_exec))
|
||||
(typeattributeset racoon_socket_26_0 (racoon_socket))
|
||||
(typeattributeset radio_26_0 (radio))
|
||||
(typeattributeset radio_data_file_26_0 (radio_data_file))
|
||||
(typeattributeset radio_device_26_0 (radio_device))
|
||||
(typeattributeset radio_prop_26_0 (radio_prop))
|
||||
(typeattributeset radio_service_26_0 (radio_service))
|
||||
(typeattributeset ram_device_26_0 (ram_device))
|
||||
(typeattributeset random_device_26_0 (random_device))
|
||||
(typeattributeset reboot_data_file_26_0 (reboot_data_file))
|
||||
(typeattributeset recovery_26_0 (recovery))
|
||||
(typeattributeset recovery_block_device_26_0 (recovery_block_device))
|
||||
(typeattributeset recovery_data_file_26_0 (recovery_data_file))
|
||||
(typeattributeset recovery_persist_26_0 (recovery_persist))
|
||||
(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec))
|
||||
(typeattributeset recovery_refresh_26_0 (recovery_refresh))
|
||||
(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec))
|
||||
(typeattributeset recovery_service_26_0 (recovery_service))
|
||||
(typeattributeset registry_service_26_0 (registry_service))
|
||||
(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file))
|
||||
(typeattributeset restorecon_prop_26_0 (restorecon_prop))
|
||||
(typeattributeset restrictions_service_26_0 (restrictions_service))
|
||||
(typeattributeset rild_26_0 (rild))
|
||||
(typeattributeset rild_debug_socket_26_0 (rild_debug_socket))
|
||||
(typeattributeset rild_socket_26_0 (rild_socket))
|
||||
(typeattributeset ringtone_file_26_0 (ringtone_file))
|
||||
(typeattributeset root_block_device_26_0 (root_block_device))
|
||||
(typeattributeset rootfs_26_0 (rootfs))
|
||||
(typeattributeset rpmsg_device_26_0 (rpmsg_device))
|
||||
(typeattributeset rtc_device_26_0 (rtc_device))
|
||||
(typeattributeset rttmanager_service_26_0 (rttmanager_service))
|
||||
(typeattributeset runas_26_0 (runas))
|
||||
(typeattributeset runas_exec_26_0 (runas_exec))
|
||||
(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
|
||||
(typeattributeset safemode_prop_26_0 (safemode_prop))
|
||||
(typeattributeset same_process_hal_file_26_0
|
||||
( same_process_hal_file
|
||||
vendor_public_lib_file))
|
||||
(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
|
||||
(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
|
||||
(typeattributeset sdcardd_26_0 (sdcardd))
|
||||
(typeattributeset sdcardd_exec_26_0 (sdcardd_exec))
|
||||
(typeattributeset sdcardfs_26_0 (sdcardfs))
|
||||
(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file))
|
||||
(typeattributeset search_service_26_0 (search_service))
|
||||
(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service))
|
||||
(typeattributeset selinuxfs_26_0 (selinuxfs))
|
||||
(typeattributeset sensors_device_26_0 (sensors_device))
|
||||
(typeattributeset sensorservice_service_26_0 (sensorservice_service))
|
||||
(typeattributeset sepolicy_file_26_0 (sepolicy_file))
|
||||
(typeattributeset serial_device_26_0 (serial_device))
|
||||
(typeattributeset serialno_prop_26_0 (serialno_prop))
|
||||
(typeattributeset serial_service_26_0 (serial_service))
|
||||
(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file))
|
||||
(typeattributeset servicediscovery_service_26_0 (servicediscovery_service))
|
||||
(typeattributeset servicemanager_26_0 (servicemanager))
|
||||
(typeattributeset servicemanager_exec_26_0 (servicemanager_exec))
|
||||
(typeattributeset settings_service_26_0 (settings_service))
|
||||
(typeattributeset sgdisk_26_0 (sgdisk))
|
||||
(typeattributeset sgdisk_exec_26_0 (sgdisk_exec))
|
||||
(typeattributeset shared_relro_26_0 (shared_relro))
|
||||
(typeattributeset shared_relro_file_26_0 (shared_relro_file))
|
||||
(typeattributeset shell_26_0 (shell))
|
||||
(typeattributeset shell_data_file_26_0 (shell_data_file))
|
||||
(typeattributeset shell_exec_26_0 (shell_exec))
|
||||
(typeattributeset shell_prop_26_0 (shell_prop))
|
||||
(typeattributeset shm_26_0 (shm))
|
||||
(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons))
|
||||
(typeattributeset shortcut_service_26_0 (shortcut_service))
|
||||
(typeattributeset slideshow_26_0 (slideshow))
|
||||
(typeattributeset socket_device_26_0 (socket_device))
|
||||
(typeattributeset sockfs_26_0 (sockfs))
|
||||
(typeattributeset statusbar_service_26_0 (statusbar_service))
|
||||
(typeattributeset storaged_service_26_0 (storaged_service))
|
||||
(typeattributeset storage_file_26_0 (storage_file))
|
||||
(typeattributeset storagestats_service_26_0 (storagestats_service))
|
||||
(typeattributeset storage_stub_file_26_0 (storage_stub_file))
|
||||
(typeattributeset su_26_0 (su))
|
||||
(typeattributeset su_exec_26_0 (su_exec))
|
||||
(typeattributeset surfaceflinger_26_0 (surfaceflinger))
|
||||
(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
|
||||
(typeattributeset swap_block_device_26_0 (swap_block_device))
|
||||
(typeattributeset sysfs_26_0
|
||||
( sysfs
|
||||
sysfs_android_usb
|
||||
sysfs_dm
|
||||
sysfs_dt_firmware_android
|
||||
sysfs_ipv4
|
||||
sysfs_kernel_notes
|
||||
sysfs_loop
|
||||
sysfs_net
|
||||
sysfs_power
|
||||
sysfs_rtc
|
||||
sysfs_switch
|
||||
sysfs_wakeup_reasons))
|
||||
(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
|
||||
(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
|
||||
(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
|
||||
(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom))
|
||||
(typeattributeset sysfs_leds_26_0 (sysfs_leds))
|
||||
(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller))
|
||||
(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address))
|
||||
(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable))
|
||||
(typeattributeset sysfs_thermal_26_0 (sysfs_thermal))
|
||||
(typeattributeset sysfs_uio_26_0 (sysfs_uio))
|
||||
(typeattributeset sysfs_usb_26_0 (sysfs_usb))
|
||||
(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator))
|
||||
(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock))
|
||||
(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath))
|
||||
(typeattributeset sysfs_zram_26_0 (sysfs_zram))
|
||||
(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent))
|
||||
(typeattributeset system_app_26_0 (system_app))
|
||||
(typeattributeset system_app_data_file_26_0 (system_app_data_file))
|
||||
(typeattributeset system_app_service_26_0 (system_app_service))
|
||||
(typeattributeset system_block_device_26_0 (system_block_device))
|
||||
(typeattributeset system_data_file_26_0
|
||||
( system_data_file
|
||||
dropbox_data_file
|
||||
vendor_data_file))
|
||||
(typeattributeset system_file_26_0
|
||||
( system_file
|
||||
system_lib_file
|
||||
system_linker_config_file
|
||||
system_linker_exec
|
||||
system_seccomp_policy_file
|
||||
system_security_cacerts_file
|
||||
system_zoneinfo_file
|
||||
))
|
||||
(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
|
||||
(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
|
||||
(typeattributeset system_prop_26_0 (system_prop))
|
||||
(typeattributeset system_radio_prop_26_0 (system_radio_prop))
|
||||
(typeattributeset system_server_26_0 (system_server))
|
||||
(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice))
|
||||
(typeattributeset system_wpa_socket_26_0 (system_wpa_socket))
|
||||
(typeattributeset task_service_26_0 (task_service))
|
||||
(typeattributeset tee_26_0 (tee))
|
||||
(typeattributeset tee_data_file_26_0 (tee_data_file))
|
||||
(typeattributeset tee_device_26_0 (tee_device))
|
||||
(typeattributeset telecom_service_26_0 (telecom_service))
|
||||
(typeattributeset textclassification_service_26_0 (textclassification_service))
|
||||
(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file))
|
||||
(typeattributeset textservices_service_26_0 (textservices_service))
|
||||
(typeattributeset tmpfs_26_0 (tmpfs))
|
||||
(typeattributeset tombstoned_26_0 (tombstoned))
|
||||
(typeattributeset tombstone_data_file_26_0 (tombstone_data_file))
|
||||
(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket))
|
||||
(typeattributeset tombstoned_exec_26_0 (tombstoned_exec))
|
||||
(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket))
|
||||
(typeattributeset toolbox_26_0 (toolbox))
|
||||
(typeattributeset toolbox_exec_26_0 (toolbox_exec))
|
||||
(typeattributeset tracing_shell_writable_26_0 (debugfs_tracing tracing_shell_writable))
|
||||
(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug))
|
||||
(typeattributeset trust_service_26_0 (trust_service))
|
||||
(typeattributeset tty_device_26_0 (tty_device))
|
||||
(typeattributeset tun_device_26_0 (tun_device))
|
||||
(typeattributeset tv_input_service_26_0 (tv_input_service))
|
||||
(typeattributeset tzdatacheck_26_0 (tzdatacheck))
|
||||
(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec))
|
||||
(typeattributeset ueventd_26_0 (ueventd))
|
||||
(typeattributeset uhid_device_26_0 (uhid_device))
|
||||
(typeattributeset uimode_service_26_0 (uimode_service))
|
||||
(typeattributeset uio_device_26_0 (uio_device))
|
||||
(typeattributeset uncrypt_26_0 (uncrypt))
|
||||
(typeattributeset uncrypt_exec_26_0 (uncrypt_exec))
|
||||
(typeattributeset uncrypt_socket_26_0 (uncrypt_socket))
|
||||
(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file))
|
||||
(typeattributeset unlabeled_26_0 (unlabeled))
|
||||
(typeattributeset untrusted_app_25_26_0 (untrusted_app_25))
|
||||
(typeattributeset untrusted_app_26_0
|
||||
( untrusted_app
|
||||
untrusted_app_27))
|
||||
(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app))
|
||||
(typeattributeset update_engine_26_0 (update_engine))
|
||||
(typeattributeset update_engine_data_file_26_0 (update_engine_data_file))
|
||||
(typeattributeset update_engine_exec_26_0 (update_engine_exec))
|
||||
(typeattributeset update_engine_service_26_0 (update_engine_service))
|
||||
(typeattributeset updatelock_service_26_0 (updatelock_service))
|
||||
(typeattributeset update_verifier_26_0 (update_verifier))
|
||||
(typeattributeset update_verifier_exec_26_0 (update_verifier_exec))
|
||||
(typeattributeset usagestats_service_26_0 (usagestats_service))
|
||||
(typeattributeset usbaccessory_device_26_0 (usbaccessory_device))
|
||||
(typeattributeset usb_device_26_0 (usb_device))
|
||||
(typeattributeset usbfs_26_0 (usbfs))
|
||||
(typeattributeset usb_service_26_0 (usb_service))
|
||||
(typeattributeset userdata_block_device_26_0 (userdata_block_device))
|
||||
(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper))
|
||||
(typeattributeset user_profile_data_file_26_0 (user_profile_data_file))
|
||||
(typeattributeset user_service_26_0 (user_service))
|
||||
(typeattributeset vcs_device_26_0 (vcs_device))
|
||||
(typeattributeset vdc_26_0 (vdc))
|
||||
(typeattributeset vdc_exec_26_0 (vdc_exec))
|
||||
(typeattributeset vendor_app_file_26_0 (vendor_app_file))
|
||||
(typeattributeset vendor_configs_file_26_0 (vendor_configs_file))
|
||||
(typeattributeset vendor_file_26_0 (vendor_file))
|
||||
(typeattributeset vendor_framework_file_26_0 (vendor_framework_file))
|
||||
(typeattributeset vendor_hal_file_26_0 (vendor_hal_file))
|
||||
(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file))
|
||||
(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec))
|
||||
(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec))
|
||||
(typeattributeset vfat_26_0 (vfat))
|
||||
(typeattributeset vibrator_service_26_0 (vibrator_service))
|
||||
(typeattributeset video_device_26_0 (video_device))
|
||||
(typeattributeset virtual_touchpad_26_0 (virtual_touchpad))
|
||||
(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec))
|
||||
(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service))
|
||||
(typeattributeset vndbinder_device_26_0 (vndbinder_device))
|
||||
(typeattributeset vndk_sp_file_26_0 (vndk_sp_file))
|
||||
(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file))
|
||||
(typeattributeset vndservicemanager_26_0 (vndservicemanager))
|
||||
(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service))
|
||||
(typeattributeset vold_26_0 (vold))
|
||||
(typeattributeset vold_data_file_26_0 (vold_data_file))
|
||||
(typeattributeset vold_device_26_0 (vold_device))
|
||||
(typeattributeset vold_exec_26_0 (vold_exec))
|
||||
(typeattributeset vold_prop_26_0 (vold_prop))
|
||||
(typeattributeset vold_socket_26_0 (vold_socket))
|
||||
(typeattributeset vpn_data_file_26_0 (vpn_data_file))
|
||||
(typeattributeset vr_hwc_26_0 (vr_hwc))
|
||||
(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec))
|
||||
(typeattributeset vr_hwc_service_26_0 (vr_hwc_service))
|
||||
(typeattributeset vr_manager_service_26_0 (vr_manager_service))
|
||||
(typeattributeset wallpaper_file_26_0 (wallpaper_file))
|
||||
(typeattributeset wallpaper_service_26_0 (wallpaper_service))
|
||||
(typeattributeset watchdogd_26_0 (watchdogd))
|
||||
(typeattributeset watchdog_device_26_0 (watchdog_device))
|
||||
(typeattributeset webviewupdate_service_26_0 (webviewupdate_service))
|
||||
(typeattributeset webview_zygote_26_0 (webview_zygote))
|
||||
(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec))
|
||||
(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket))
|
||||
(typeattributeset wifiaware_service_26_0 (wifiaware_service))
|
||||
(typeattributeset wificond_26_0 (wificond))
|
||||
(typeattributeset wificond_exec_26_0 (wificond_exec))
|
||||
(typeattributeset wificond_service_26_0 (wificond_service))
|
||||
(typeattributeset wifi_data_file_26_0 (wifi_data_file))
|
||||
(typeattributeset wifi_log_prop_26_0 (wifi_log_prop))
|
||||
(typeattributeset wifip2p_service_26_0 (wifip2p_service))
|
||||
(typeattributeset wifi_prop_26_0 (wifi_prop))
|
||||
(typeattributeset wifiscanner_service_26_0 (wifiscanner_service))
|
||||
(typeattributeset wifi_service_26_0 (wifi_service))
|
||||
(typeattributeset window_service_26_0 (window_service))
|
||||
(typeattributeset wpa_socket_26_0 (wpa_socket))
|
||||
(typeattributeset zero_device_26_0 (zero_device))
|
||||
(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file))
|
||||
(typeattributeset zygote_26_0 (zygote))
|
||||
(typeattributeset zygote_exec_26_0 (zygote_exec))
|
||||
(typeattributeset zygote_socket_26_0 (zygote_socket))
|
|
@ -1,4 +0,0 @@
|
|||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
|
@ -1,224 +0,0 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
activity_task_service
|
||||
adb_service
|
||||
adbd_exec
|
||||
app_binding_service
|
||||
apex_data_file
|
||||
apex_metadata_file
|
||||
apex_mnt_dir
|
||||
apex_service
|
||||
apexd
|
||||
apexd_exec
|
||||
apexd_prop
|
||||
apexd_tmpfs
|
||||
app_zygote
|
||||
atrace
|
||||
binder_calls_stats_service
|
||||
biometric_service
|
||||
bootloader_boot_reason_prop
|
||||
blank_screen
|
||||
blank_screen_exec
|
||||
blank_screen_tmpfs
|
||||
bluetooth_a2dp_offload_prop
|
||||
bpfloader
|
||||
bpfloader_exec
|
||||
broadcastradio_service
|
||||
cgroup_bpf
|
||||
charger_exec
|
||||
color_display_service
|
||||
content_capture_service
|
||||
crossprofileapps_service
|
||||
ctl_interface_restart_prop
|
||||
ctl_interface_start_prop
|
||||
ctl_interface_stop_prop
|
||||
ctl_sigstop_prop
|
||||
device_config_boot_count_prop
|
||||
device_config_reset_performed_prop
|
||||
device_config_netd_native_prop
|
||||
dnsresolver_service
|
||||
e2fs
|
||||
e2fs_exec
|
||||
exfat
|
||||
exported_audio_prop
|
||||
exported_bluetooth_prop
|
||||
exported_config_prop
|
||||
exported_dalvik_prop
|
||||
exported_default_prop
|
||||
exported_dumpstate_prop
|
||||
exported_ffs_prop
|
||||
exported_fingerprint_prop
|
||||
exported_overlay_prop
|
||||
exported_pm_prop
|
||||
exported_radio_prop
|
||||
exported_secure_prop
|
||||
exported_system_prop
|
||||
exported_system_radio_prop
|
||||
exported_vold_prop
|
||||
exported_wifi_prop
|
||||
exported2_config_prop
|
||||
exported2_default_prop
|
||||
exported2_radio_prop
|
||||
exported2_system_prop
|
||||
exported2_vold_prop
|
||||
exported3_default_prop
|
||||
exported3_radio_prop
|
||||
exported3_system_prop
|
||||
fastbootd
|
||||
fingerprint_vendor_data_file
|
||||
flags_health_check
|
||||
flags_health_check_exec
|
||||
fs_bpf
|
||||
fwk_stats_hwservice
|
||||
hal_atrace_hwservice
|
||||
hal_audiocontrol_hwservice
|
||||
hal_authsecret_hwservice
|
||||
hal_broadcastradio_hwservice
|
||||
hal_cas_hwservice
|
||||
hal_codec2_hwservice
|
||||
hal_confirmationui_hwservice
|
||||
hal_evs_hwservice
|
||||
hal_health_storage_hwservice
|
||||
hal_lowpan_hwservice
|
||||
hal_neuralnetworks_hwservice
|
||||
hal_secure_element_hwservice
|
||||
hal_tetheroffload_hwservice
|
||||
hal_wifi_hostapd_hwservice
|
||||
hal_usb_gadget_hwservice
|
||||
hal_vehicle_hwservice
|
||||
hal_wifi_offload_hwservice
|
||||
heapprofd
|
||||
heapprofd_exec
|
||||
heapprofd_socket
|
||||
incident_helper
|
||||
incident_helper_exec
|
||||
iorapd
|
||||
iorapd_data_file
|
||||
iorapd_exec
|
||||
iorapd_service
|
||||
iorapd_tmpfs
|
||||
kmsg_debug_device
|
||||
last_boot_reason_prop
|
||||
llkd
|
||||
llkd_exec
|
||||
llkd_prop
|
||||
llkd_tmpfs
|
||||
looper_stats_service
|
||||
lowpan_device
|
||||
lowpan_prop
|
||||
lowpan_service
|
||||
mediaswcodec
|
||||
mediaswcodec_exec
|
||||
mediaswcodec_tmpfs
|
||||
mediaextractor_update_service
|
||||
mediaprovider_tmpfs
|
||||
metadata_file
|
||||
mnt_product_file
|
||||
mnt_vendor_file
|
||||
netd_stable_secret_prop
|
||||
network_stack
|
||||
network_stack_service
|
||||
network_watchlist_data_file
|
||||
network_watchlist_service
|
||||
overlayfs_file
|
||||
package_native_service
|
||||
perfetto
|
||||
perfetto_exec
|
||||
perfetto_tmpfs
|
||||
perfetto_traces_data_file
|
||||
perfprofd_service
|
||||
property_info
|
||||
recovery_socket
|
||||
role_service
|
||||
runas_app
|
||||
runtime_service
|
||||
secure_element
|
||||
secure_element_device
|
||||
secure_element_tmpfs
|
||||
secure_element_service
|
||||
server_configurable_flags_data_file
|
||||
simpleperf_app_runner
|
||||
simpleperf_app_runner_exec
|
||||
slice_service
|
||||
staging_data_file
|
||||
stats
|
||||
stats_data_file
|
||||
stats_exec
|
||||
stats_service
|
||||
statsd
|
||||
statsd_exec
|
||||
statsd_tmpfs
|
||||
statsdw
|
||||
statsdw_socket
|
||||
statscompanion_service
|
||||
storaged_data_file
|
||||
super_block_device
|
||||
sysfs_fs_ext4_features
|
||||
system_boot_reason_prop
|
||||
system_bootstrap_lib_file
|
||||
system_lmk_prop
|
||||
system_net_netd_hwservice
|
||||
system_update_service
|
||||
test_boot_reason_prop
|
||||
thermal_service
|
||||
thermalcallback_hwservice
|
||||
thermalserviced
|
||||
thermalserviced_exec
|
||||
thermalserviced_tmpfs
|
||||
time_prop
|
||||
timedetector_service
|
||||
timezone_service
|
||||
tombstoned_java_trace_socket
|
||||
tombstone_wifi_data_file
|
||||
trace_data_file
|
||||
traceur_app
|
||||
traceur_app_tmpfs
|
||||
traced
|
||||
traced_consumer_socket
|
||||
traced_enabled_prop
|
||||
traced_exec
|
||||
traced_probes
|
||||
traced_probes_exec
|
||||
traced_probes_tmpfs
|
||||
traced_producer_socket
|
||||
traced_tmpfs
|
||||
untrusted_app_all_devpts
|
||||
update_engine_log_data_file
|
||||
vendor_default_prop
|
||||
vendor_security_patch_level_prop
|
||||
uri_grants_service
|
||||
usbd
|
||||
usbd_exec
|
||||
usbd_tmpfs
|
||||
vendor_apex_file
|
||||
vendor_init
|
||||
vendor_shell
|
||||
vold_metadata_file
|
||||
vold_prepare_subdirs
|
||||
vold_prepare_subdirs_exec
|
||||
vold_service
|
||||
vrflinger_vsync_service
|
||||
wait_for_keymaster
|
||||
wait_for_keymaster_exec
|
||||
wait_for_keymaster_tmpfs
|
||||
watchdogd_tmpfs
|
||||
wpantund
|
||||
wpantund_exec
|
||||
wpantund_service
|
||||
wpantund_tmpfs
|
||||
wm_trace_data_file))
|
||||
|
||||
;; private_objects - a collection of types that were labeled differently in
|
||||
;; older policy, but that should not remain accessible to vendor policy.
|
||||
;; Thus, these types are also not mapped, but recorded for checkapi tests
|
||||
(type priv_objects)
|
||||
(typeattribute priv_objects)
|
||||
(typeattributeset priv_objects
|
||||
( priv_objects
|
||||
adbd_tmpfs
|
||||
untrusted_app_27_tmpfs))
|
File diff suppressed because it is too large
Load diff
|
@ -1,4 +0,0 @@
|
|||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
|
@ -1,201 +0,0 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
activity_task_service
|
||||
adb_service
|
||||
app_binding_service
|
||||
apex_data_file
|
||||
apex_metadata_file
|
||||
apex_mnt_dir
|
||||
apex_service
|
||||
apexd
|
||||
apexd_exec
|
||||
apexd_prop
|
||||
apexd_tmpfs
|
||||
app_zygote
|
||||
atrace
|
||||
binder_calls_stats_service
|
||||
biometric_service
|
||||
blank_screen
|
||||
blank_screen_exec
|
||||
blank_screen_tmpfs
|
||||
bootloader_boot_reason_prop
|
||||
bluetooth_a2dp_offload_prop
|
||||
bpfloader
|
||||
bpfloader_exec
|
||||
cgroup_bpf
|
||||
charger_exec
|
||||
color_display_service
|
||||
content_capture_service
|
||||
crossprofileapps_service
|
||||
ctl_interface_restart_prop
|
||||
ctl_interface_start_prop
|
||||
ctl_interface_stop_prop
|
||||
ctl_sigstop_prop
|
||||
device_config_boot_count_prop
|
||||
device_config_reset_performed_prop
|
||||
device_config_netd_native_prop
|
||||
dnsresolver_service
|
||||
exfat
|
||||
exported2_config_prop
|
||||
exported2_default_prop
|
||||
exported2_radio_prop
|
||||
exported2_system_prop
|
||||
exported2_vold_prop
|
||||
exported3_default_prop
|
||||
exported3_radio_prop
|
||||
exported3_system_prop
|
||||
exported_audio_prop
|
||||
exported_bluetooth_prop
|
||||
exported_config_prop
|
||||
exported_dalvik_prop
|
||||
exported_default_prop
|
||||
exported_dumpstate_prop
|
||||
exported_ffs_prop
|
||||
exported_fingerprint_prop
|
||||
exported_overlay_prop
|
||||
exported_pm_prop
|
||||
exported_radio_prop
|
||||
exported_secure_prop
|
||||
exported_system_prop
|
||||
exported_system_radio_prop
|
||||
exported_vold_prop
|
||||
exported_wifi_prop
|
||||
fastbootd
|
||||
flags_health_check
|
||||
flags_health_check_exec
|
||||
fingerprint_vendor_data_file
|
||||
fs_bpf
|
||||
fwk_stats_hwservice
|
||||
hal_atrace_hwservice
|
||||
hal_audiocontrol_hwservice
|
||||
hal_authsecret_hwservice
|
||||
hal_codec2_hwservice
|
||||
hal_confirmationui_hwservice
|
||||
hal_evs_hwservice
|
||||
hal_health_storage_hwservice
|
||||
hal_lowpan_hwservice
|
||||
hal_secure_element_hwservice
|
||||
hal_usb_gadget_hwservice
|
||||
hal_vehicle_hwservice
|
||||
hal_wifi_hostapd_hwservice
|
||||
heapprofd
|
||||
heapprofd_exec
|
||||
heapprofd_socket
|
||||
incident_helper
|
||||
incident_helper_exec
|
||||
iorapd
|
||||
iorapd_data_file
|
||||
iorapd_exec
|
||||
iorapd_service
|
||||
iorapd_tmpfs
|
||||
last_boot_reason_prop
|
||||
llkd
|
||||
llkd_exec
|
||||
llkd_prop
|
||||
llkd_tmpfs
|
||||
looper_stats_service
|
||||
lowpan_device
|
||||
lowpan_prop
|
||||
lowpan_service
|
||||
mediaextractor_update_service
|
||||
mediaswcodec
|
||||
mediaswcodec_exec
|
||||
mediaswcodec_tmpfs
|
||||
metadata_file
|
||||
mnt_product_file
|
||||
mnt_vendor_file
|
||||
network_stack
|
||||
network_stack_service
|
||||
network_watchlist_data_file
|
||||
network_watchlist_service
|
||||
overlayfs_file
|
||||
perfetto
|
||||
perfetto_exec
|
||||
perfetto_tmpfs
|
||||
perfetto_traces_data_file
|
||||
perfprofd_service
|
||||
property_info
|
||||
recovery_socket
|
||||
role_service
|
||||
runas_app
|
||||
runtime_service
|
||||
secure_element
|
||||
secure_element_device
|
||||
secure_element_service
|
||||
secure_element_tmpfs
|
||||
server_configurable_flags_data_file
|
||||
simpleperf_app_runner
|
||||
simpleperf_app_runner_exec
|
||||
slice_service
|
||||
stats
|
||||
stats_data_file
|
||||
stats_exec
|
||||
stats_service
|
||||
statscompanion_service
|
||||
statsd
|
||||
statsd_exec
|
||||
statsd_tmpfs
|
||||
statsdw
|
||||
statsdw_socket
|
||||
storaged_data_file
|
||||
super_block_device
|
||||
staging_data_file
|
||||
system_boot_reason_prop
|
||||
system_bootstrap_lib_file
|
||||
system_lmk_prop
|
||||
system_update_service
|
||||
test_boot_reason_prop
|
||||
time_prop
|
||||
timedetector_service
|
||||
tombstone_wifi_data_file
|
||||
trace_data_file
|
||||
traced
|
||||
traced_consumer_socket
|
||||
traced_enabled_prop
|
||||
traced_exec
|
||||
traced_probes
|
||||
traced_probes_exec
|
||||
traced_probes_tmpfs
|
||||
traced_producer_socket
|
||||
traced_tmpfs
|
||||
traceur_app
|
||||
traceur_app_tmpfs
|
||||
untrusted_app_all_devpts
|
||||
update_engine_log_data_file
|
||||
uri_grants_service
|
||||
usbd
|
||||
usbd_exec
|
||||
usbd_tmpfs
|
||||
vendor_apex_file
|
||||
vendor_default_prop
|
||||
vendor_init
|
||||
vendor_security_patch_level_prop
|
||||
vendor_shell
|
||||
vold_metadata_file
|
||||
vold_prepare_subdirs
|
||||
vold_prepare_subdirs_exec
|
||||
vold_service
|
||||
vrflinger_vsync_service
|
||||
wait_for_keymaster
|
||||
wait_for_keymaster_exec
|
||||
wait_for_keymaster_tmpfs
|
||||
watchdogd_tmpfs
|
||||
wm_trace_data_file
|
||||
wpantund
|
||||
wpantund_exec
|
||||
wpantund_service
|
||||
wpantund_tmpfs))
|
||||
|
||||
;; private_objects - a collection of types that were labeled differently in
|
||||
;; older policy, but that should not remain accessible to vendor policy.
|
||||
;; Thus, these types are also not mapped, but recorded for checkapi tests
|
||||
(type priv_objects)
|
||||
(typeattribute priv_objects)
|
||||
(typeattributeset priv_objects
|
||||
( priv_objects
|
||||
untrusted_app_27_tmpfs))
|
File diff suppressed because it is too large
Load diff
|
@ -1,4 +0,0 @@
|
|||
(typeattribute vendordomain)
|
||||
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
||||
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
||||
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
|
@ -1,149 +0,0 @@
|
|||
;; new_objects - a collection of types that have been introduced that have no
|
||||
;; analogue in older policy. Thus, we do not need to map these types to
|
||||
;; previous ones. Add here to pass checkapi tests.
|
||||
(type new_objects)
|
||||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
activity_task_service
|
||||
adb_service
|
||||
apex_data_file
|
||||
apex_metadata_file
|
||||
apex_mnt_dir
|
||||
apex_service
|
||||
apexd
|
||||
apexd_exec
|
||||
apexd_prop
|
||||
apexd_tmpfs
|
||||
appdomain_tmpfs
|
||||
app_binding_service
|
||||
app_prediction_service
|
||||
app_zygote
|
||||
app_zygote_tmpfs
|
||||
ashmemd
|
||||
ashmem_device_service
|
||||
attention_service
|
||||
biometric_service
|
||||
bluetooth_audio_hal_prop
|
||||
bpf_progs_loaded_prop
|
||||
bugreport_service
|
||||
cgroup_desc_file
|
||||
cgroup_rc_file
|
||||
charger_exec
|
||||
content_capture_service
|
||||
content_suggestions_service
|
||||
cpu_variant_prop
|
||||
ctl_gsid_prop
|
||||
dev_cpu_variant
|
||||
device_config_activity_manager_native_boot_prop
|
||||
device_config_boot_count_prop
|
||||
device_config_input_native_boot_prop
|
||||
device_config_netd_native_prop
|
||||
device_config_reset_performed_prop
|
||||
device_config_runtime_native_boot_prop
|
||||
device_config_runtime_native_prop
|
||||
device_config_media_native_prop
|
||||
device_config_service
|
||||
dnsresolver_service
|
||||
dynamic_android_service
|
||||
dynamic_system_prop
|
||||
face_service
|
||||
face_vendor_data_file
|
||||
fastbootd
|
||||
flags_health_check
|
||||
flags_health_check_exec
|
||||
fwk_bufferhub_hwservice
|
||||
fwk_camera_hwservice
|
||||
fwk_stats_hwservice
|
||||
gpuservice
|
||||
gsi_data_file
|
||||
gsi_metadata_file
|
||||
gsi_service
|
||||
gsid
|
||||
gsid_exec
|
||||
gsid_prop
|
||||
color_display_service
|
||||
external_vibrator_service
|
||||
hal_atrace_hwservice
|
||||
hal_face_hwservice
|
||||
hal_graphics_composer_server_tmpfs
|
||||
hal_health_storage_hwservice
|
||||
hal_input_classifier_hwservice
|
||||
hal_power_stats_hwservice
|
||||
heapprofd
|
||||
heapprofd_enabled_prop
|
||||
heapprofd_exec
|
||||
heapprofd_prop
|
||||
heapprofd_socket
|
||||
idmap_service
|
||||
iris_service
|
||||
iris_vendor_data_file
|
||||
llkd
|
||||
llkd_exec
|
||||
llkd_prop
|
||||
llkd_tmpfs
|
||||
looper_stats_service
|
||||
lpdumpd
|
||||
lpdumpd_exec
|
||||
lpdumpd_prop
|
||||
lpdump_service
|
||||
iorapd
|
||||
iorapd_exec
|
||||
iorapd_data_file
|
||||
iorapd_service
|
||||
iorapd_tmpfs
|
||||
mediaswcodec
|
||||
mediaswcodec_exec
|
||||
mediaswcodec_tmpfs
|
||||
mnt_product_file
|
||||
network_stack
|
||||
network_stack_service
|
||||
network_stack_tmpfs
|
||||
nnapi_ext_deny_product_prop
|
||||
overlayfs_file
|
||||
password_slot_metadata_file
|
||||
permissionmgr_service
|
||||
postinstall_apex_mnt_dir
|
||||
recovery_socket
|
||||
role_service
|
||||
rs
|
||||
rs_exec
|
||||
rss_hwm_reset
|
||||
rss_hwm_reset_exec
|
||||
runas_app
|
||||
runas_app_tmpfs
|
||||
runtime_service
|
||||
sdcard_block_device
|
||||
sensor_privacy_service
|
||||
server_configurable_flags_data_file
|
||||
simpleperf_app_runner
|
||||
simpleperf_app_runner_exec
|
||||
su_tmpfs
|
||||
super_block_device
|
||||
sysfs_fs_f2fs
|
||||
system_bootstrap_lib_file
|
||||
system_event_log_tags_file
|
||||
system_lmk_prop
|
||||
system_suspend_hwservice
|
||||
system_suspend_control_service
|
||||
system_trace_prop
|
||||
staging_data_file
|
||||
task_profiles_file
|
||||
testharness_service
|
||||
test_harness_prop
|
||||
time_prop
|
||||
timedetector_service
|
||||
timezonedetector_service
|
||||
traced_lazy_prop
|
||||
uri_grants_service
|
||||
use_memfd_prop
|
||||
vendor_apex_file
|
||||
vendor_cgroup_desc_file
|
||||
vendor_idc_file
|
||||
vendor_keychars_file
|
||||
vendor_keylayout_file
|
||||
vendor_misc_writer
|
||||
vendor_misc_writer_exec
|
||||
vendor_task_profiles_file
|
||||
vrflinger_vsync_service
|
||||
watchdogd_tmpfs))
|
|
@ -1,207 +0,0 @@
|
|||
get_prop(coredomain, pm_prop)
|
||||
get_prop(coredomain, exported_pm_prop)
|
||||
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
coredomain
|
||||
|
||||
# for chowning
|
||||
-init
|
||||
|
||||
# generic access to sysfs_type
|
||||
-ueventd
|
||||
-vold
|
||||
} sysfs_leds:file *;
|
||||
')
|
||||
|
||||
# On TREBLE devices, a limited set of files in /vendor are accessible to
|
||||
# only a few whitelisted coredomains to keep system/vendor separation.
|
||||
full_treble_only(`
|
||||
# Limit access to /vendor/app
|
||||
neverallow {
|
||||
coredomain
|
||||
-appdomain
|
||||
-dex2oat
|
||||
-idmap
|
||||
-init
|
||||
-installd
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
userdebug_or_eng(`-heapprofd')
|
||||
-postinstall_dexopt
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
-system_server
|
||||
} vendor_app_file:dir { open read getattr search };
|
||||
')
|
||||
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
coredomain
|
||||
-appdomain
|
||||
-dex2oat
|
||||
-idmap
|
||||
-init
|
||||
-installd
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
userdebug_or_eng(`-heapprofd')
|
||||
-postinstall_dexopt
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
-system_server
|
||||
-mediaserver
|
||||
} vendor_app_file:file r_file_perms;
|
||||
')
|
||||
|
||||
full_treble_only(`
|
||||
# Limit access to /vendor/overlay
|
||||
neverallow {
|
||||
coredomain
|
||||
-appdomain
|
||||
-idmap
|
||||
-init
|
||||
-installd
|
||||
-postinstall_dexopt
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
-system_server
|
||||
-app_zygote
|
||||
-webview_zygote
|
||||
-zygote
|
||||
userdebug_or_eng(`-heapprofd')
|
||||
} vendor_overlay_file:dir { getattr open read search };
|
||||
')
|
||||
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
coredomain
|
||||
-appdomain
|
||||
-idmap
|
||||
-init
|
||||
-installd
|
||||
-postinstall_dexopt
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
-system_server
|
||||
-app_zygote
|
||||
-webview_zygote
|
||||
-zygote
|
||||
userdebug_or_eng(`-heapprofd')
|
||||
} vendor_overlay_file:file r_file_perms;
|
||||
')
|
||||
|
||||
# Core domains are not permitted to use kernel interfaces which are not
|
||||
# explicitly labeled.
|
||||
# TODO(b/65643247): Apply these neverallow rules to all coredomain.
|
||||
full_treble_only(`
|
||||
# /proc
|
||||
neverallow {
|
||||
coredomain
|
||||
-init
|
||||
-vold
|
||||
} proc:file no_rw_file_perms;
|
||||
|
||||
# /sys
|
||||
neverallow {
|
||||
coredomain
|
||||
-init
|
||||
-ueventd
|
||||
-vold
|
||||
} sysfs:file no_rw_file_perms;
|
||||
|
||||
# /dev
|
||||
neverallow {
|
||||
coredomain
|
||||
-fsck
|
||||
-init
|
||||
-ueventd
|
||||
} device:{ blk_file file } no_rw_file_perms;
|
||||
|
||||
# debugfs
|
||||
neverallow {
|
||||
coredomain
|
||||
-dumpstate
|
||||
-init
|
||||
-system_server
|
||||
} debugfs:file no_rw_file_perms;
|
||||
|
||||
# tracefs
|
||||
neverallow {
|
||||
coredomain
|
||||
-atrace
|
||||
-dumpstate
|
||||
-init
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
-traced_probes
|
||||
-shell
|
||||
-traceur_app
|
||||
} debugfs_tracing:file no_rw_file_perms;
|
||||
|
||||
# inotifyfs
|
||||
neverallow {
|
||||
coredomain
|
||||
-init
|
||||
} inotify:file no_rw_file_perms;
|
||||
|
||||
# pstorefs
|
||||
neverallow {
|
||||
coredomain
|
||||
-bootstat
|
||||
-charger
|
||||
-dumpstate
|
||||
-healthd
|
||||
userdebug_or_eng(`-incidentd')
|
||||
-init
|
||||
-logd
|
||||
-logpersist
|
||||
-recovery_persist
|
||||
-recovery_refresh
|
||||
-shell
|
||||
-system_server
|
||||
} pstorefs:file no_rw_file_perms;
|
||||
|
||||
# configfs
|
||||
neverallow {
|
||||
coredomain
|
||||
-init
|
||||
-system_server
|
||||
} configfs:file no_rw_file_perms;
|
||||
|
||||
# functionfs
|
||||
neverallow {
|
||||
coredomain
|
||||
-adbd
|
||||
-init
|
||||
-mediaprovider
|
||||
-system_server
|
||||
} functionfs:file no_rw_file_perms;
|
||||
|
||||
# usbfs and binfmt_miscfs
|
||||
neverallow {
|
||||
coredomain
|
||||
-init
|
||||
}{ usbfs binfmt_miscfs }:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
# Following /dev nodes must not be directly accessed by coredomain, but should
|
||||
# instead be wrapped by HALs.
|
||||
neverallow coredomain {
|
||||
iio_device
|
||||
radio_device
|
||||
}:chr_file { open read append write ioctl };
|
||||
|
||||
# TODO(b/120243891): HAL permission to tee_device is included into coredomain
|
||||
# on non-Treble devices.
|
||||
full_treble_only(`
|
||||
neverallow coredomain tee_device:chr_file { open read append write ioctl };
|
||||
')
|
||||
|
||||
# Allow access to ashmemd to request /dev/ashmem fds.
|
||||
allow {
|
||||
coredomain
|
||||
-init
|
||||
-iorapd
|
||||
-perfprofd
|
||||
} ashmem_device_service:service_manager find;
|
||||
|
||||
binder_call({
|
||||
coredomain
|
||||
-init
|
||||
-iorapd
|
||||
-perfprofd
|
||||
}, ashmemd)
|
|
@ -1,27 +0,0 @@
|
|||
# cppreopts
|
||||
#
|
||||
# This command copies preopted files from the system_b partition to the data
|
||||
# partition. This domain ensures that we are only copying into specific
|
||||
# directories.
|
||||
|
||||
type cppreopts, domain, mlstrustedsubject, coredomain;
|
||||
type cppreopts_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# Technically not a daemon but we do want the transition from init domain to
|
||||
# cppreopts to occur.
|
||||
init_daemon_domain(cppreopts)
|
||||
domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename);
|
||||
|
||||
# Allow cppreopts copy files into the dalvik-cache
|
||||
allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write };
|
||||
allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink };
|
||||
|
||||
# Allow cppreopts to execute itself using #!/system/bin/sh
|
||||
allow cppreopts shell_exec:file rx_file_perms;
|
||||
|
||||
# Allow us to run find on /postinstall
|
||||
allow cppreopts system_file:dir { open read };
|
||||
|
||||
# Allow running the cp command using cppreopts permissions. Needed so we can
|
||||
# write into dalvik-cache
|
||||
allow cppreopts toolbox_exec:file rx_file_perms;
|
|
@ -1,49 +0,0 @@
|
|||
typeattribute crash_dump coredomain;
|
||||
|
||||
# Crash dump does not need to access devices passed across exec().
|
||||
dontaudit crash_dump { devpts dev_type }:chr_file { read write };
|
||||
|
||||
allow crash_dump {
|
||||
domain
|
||||
-apexd
|
||||
-bpfloader
|
||||
-crash_dump
|
||||
-init
|
||||
-kernel
|
||||
-keystore
|
||||
-llkd
|
||||
-logd
|
||||
-ueventd
|
||||
-vendor_init
|
||||
-vold
|
||||
}:process { ptrace signal sigchld sigstop sigkill };
|
||||
userdebug_or_eng(`
|
||||
allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
|
||||
')
|
||||
|
||||
###
|
||||
### neverallow assertions
|
||||
###
|
||||
|
||||
# ptrace neverallow assertions are spread throughout the other policy
|
||||
# files, so we avoid adding redundant assertions here
|
||||
|
||||
neverallow crash_dump {
|
||||
apexd
|
||||
userdebug_or_eng(`-apexd')
|
||||
bpfloader
|
||||
init
|
||||
kernel
|
||||
keystore
|
||||
llkd
|
||||
userdebug_or_eng(`-llkd')
|
||||
logd
|
||||
userdebug_or_eng(`-logd')
|
||||
ueventd
|
||||
vendor_init
|
||||
vold
|
||||
userdebug_or_eng(`-vold')
|
||||
}:process { signal sigstop sigkill };
|
||||
|
||||
neverallow crash_dump self:process ptrace;
|
||||
neverallow crash_dump gpu_device:chr_file *;
|
|
@ -1,84 +0,0 @@
|
|||
# dex2oat
|
||||
type dex2oat, domain, coredomain;
|
||||
type dex2oat_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
r_dir_file(dex2oat, apk_data_file)
|
||||
# Access to /vendor/app
|
||||
r_dir_file(dex2oat, vendor_app_file)
|
||||
# Access /vendor/framework
|
||||
allow dex2oat vendor_framework_file:dir { getattr search };
|
||||
allow dex2oat vendor_framework_file:file { getattr open read map };
|
||||
|
||||
allow dex2oat tmpfs:file { read getattr map };
|
||||
|
||||
r_dir_file(dex2oat, dalvikcache_data_file)
|
||||
allow dex2oat dalvikcache_data_file:file write;
|
||||
# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot images, where
|
||||
# the oat file is symlinked to the original file in /system.
|
||||
allow dex2oat dalvikcache_data_file:lnk_file read;
|
||||
allow dex2oat installd:fd use;
|
||||
|
||||
# Acquire advisory lock on /system/framework/arm/*
|
||||
allow dex2oat system_file:file lock;
|
||||
|
||||
# Read already open asec_apk_file file descriptors passed by installd.
|
||||
# Also allow reading unlabeled files, to allow for upgrading forward
|
||||
# locked APKs.
|
||||
allow dex2oat asec_apk_file:file { read map };
|
||||
allow dex2oat unlabeled:file { read map };
|
||||
allow dex2oat oemfs:file { read map };
|
||||
allow dex2oat apk_tmp_file:dir search;
|
||||
allow dex2oat apk_tmp_file:file r_file_perms;
|
||||
allow dex2oat user_profile_data_file:file { getattr read lock map };
|
||||
|
||||
# Allow dex2oat to compile app's secondary dex files which were reported back to
|
||||
# the framework.
|
||||
allow dex2oat { privapp_data_file app_data_file }:file { getattr read write lock map };
|
||||
|
||||
##################
|
||||
# A/B OTA Dexopt #
|
||||
##################
|
||||
|
||||
# Allow dex2oat to use file descriptors from otapreopt.
|
||||
allow dex2oat postinstall_dexopt:fd use;
|
||||
|
||||
# Allow dex2oat to read files under /postinstall (e.g. APKs under /system, /system/bin/linker).
|
||||
allow dex2oat postinstall_file:dir r_dir_perms;
|
||||
allow dex2oat postinstall_file:filesystem getattr;
|
||||
allow dex2oat postinstall_file:lnk_file { getattr read };
|
||||
allow dex2oat postinstall_file:file read;
|
||||
# Allow dex2oat to use libraries under /postinstall/system (e.g. /system/lib/libc.so).
|
||||
# TODO(b/120266448): Remove when Bionic libraries are part of the Runtime APEX.
|
||||
allow dex2oat postinstall_file:file { execute getattr open };
|
||||
|
||||
# Allow dex2oat access to /postinstall/apex.
|
||||
allow dex2oat postinstall_apex_mnt_dir:dir { getattr search };
|
||||
|
||||
# Allow dex2oat access to files in /data/ota.
|
||||
allow dex2oat ota_data_file:dir ra_dir_perms;
|
||||
allow dex2oat ota_data_file:file r_file_perms;
|
||||
|
||||
# Create and read symlinks in /data/ota/dalvik-cache. This is required for PIC mode boot images,
|
||||
# where the oat file is symlinked to the original file in /system.
|
||||
allow dex2oat ota_data_file:lnk_file { create read };
|
||||
|
||||
# It would be nice to tie this down, but currently, because of how images are written, we can't
|
||||
# pass file descriptors for the preopted boot image to dex2oat. So dex2oat needs to be able to
|
||||
# create them itself (and make them world-readable).
|
||||
allow dex2oat ota_data_file:file { create w_file_perms setattr };
|
||||
|
||||
###############
|
||||
# APEX Update #
|
||||
###############
|
||||
|
||||
# /dev/zero is inherited.
|
||||
allow dex2oat apexd:fd use;
|
||||
|
||||
# Allow dex2oat to use file descriptors from preinstall.
|
||||
allow dex2oat art_apex_preinstall:fd use;
|
||||
|
||||
##############
|
||||
# Neverallow #
|
||||
##############
|
||||
|
||||
neverallow dex2oat { privapp_data_file app_data_file }:notdevfile_class_set open;
|
|
@ -1,32 +0,0 @@
|
|||
# dexoptanalyzer
|
||||
type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
|
||||
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
|
||||
type dexoptanalyzer_tmpfs, file_type;
|
||||
|
||||
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
|
||||
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
|
||||
# own label, which differs from other labels created by other processes.
|
||||
# This allows to distinguish in policy files created by dexoptanalyzer vs other
|
||||
#processes.
|
||||
tmpfs_domain(dexoptanalyzer)
|
||||
|
||||
# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot
|
||||
# app_data_file the oat file is symlinked to the original file in /system.
|
||||
allow dexoptanalyzer dalvikcache_data_file:dir { getattr search };
|
||||
allow dexoptanalyzer dalvikcache_data_file:file r_file_perms;
|
||||
allow dexoptanalyzer dalvikcache_data_file:lnk_file read;
|
||||
|
||||
allow dexoptanalyzer installd:fd use;
|
||||
allow dexoptanalyzer installd:fifo_file { getattr write };
|
||||
|
||||
# Allow reading secondary dex files that were reported by the app to the
|
||||
# package manager.
|
||||
allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
|
||||
allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read };
|
||||
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
|
||||
# "dontaudit...audit_access" policy line to suppress the audit access without
|
||||
# suppressing denial on actual access.
|
||||
dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access;
|
||||
|
||||
# Allow testing /data/user/0 which symlinks to /data/data
|
||||
allow dexoptanalyzer system_data_file:lnk_file { getattr };
|
|
@ -1,4 +0,0 @@
|
|||
typeattribute dhcp coredomain;
|
||||
|
||||
init_daemon_domain(dhcp)
|
||||
type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
|
|
@ -1 +0,0 @@
|
|||
typeattribute dnsmasq coredomain;
|
|
@ -1,314 +0,0 @@
|
|||
# Transition to crash_dump when /system/bin/crash_dump* is executed.
|
||||
# This occurs when the process crashes.
|
||||
# We do not apply this to the su domain to avoid interfering with
|
||||
# tests (b/114136122)
|
||||
domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
|
||||
allow domain crash_dump:process sigchld;
|
||||
|
||||
# Allow every process to check the heapprofd.enable properties to determine
|
||||
# whether to load the heap profiling library. This does not necessarily enable
|
||||
# heap profiling, as initialization will fail if it does not have the
|
||||
# necessary SELinux permissions.
|
||||
get_prop(domain, heapprofd_prop);
|
||||
# Allow heap profiling on debug builds.
|
||||
userdebug_or_eng(`can_profile_heap_userdebug_or_eng({
|
||||
domain
|
||||
-bpfloader
|
||||
-init
|
||||
-kernel
|
||||
-keystore
|
||||
-llkd
|
||||
-logd
|
||||
-logpersist
|
||||
-recovery
|
||||
-recovery_persist
|
||||
-recovery_refresh
|
||||
-ueventd
|
||||
-vendor_init
|
||||
-vold
|
||||
})')
|
||||
|
||||
# Path resolution access in cgroups.
|
||||
allow domain cgroup:dir search;
|
||||
allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
|
||||
allow { domain -appdomain -rs } cgroup:file w_file_perms;
|
||||
|
||||
allow domain cgroup_rc_file:dir search;
|
||||
allow domain cgroup_rc_file:file r_file_perms;
|
||||
allow domain task_profiles_file:file r_file_perms;
|
||||
allow domain vendor_task_profiles_file:file r_file_perms;
|
||||
|
||||
# Allow all domains to read sys.use_memfd to determine
|
||||
# if memfd support can be used if device supports it
|
||||
get_prop(domain, use_memfd_prop);
|
||||
|
||||
# For now, everyone can access core property files
|
||||
# Device specific properties are not granted by default
|
||||
not_compatible_property(`
|
||||
get_prop(domain, core_property_type)
|
||||
get_prop(domain, exported_dalvik_prop)
|
||||
get_prop(domain, exported_ffs_prop)
|
||||
get_prop(domain, exported_system_radio_prop)
|
||||
get_prop(domain, exported2_config_prop)
|
||||
get_prop(domain, exported2_radio_prop)
|
||||
get_prop(domain, exported2_system_prop)
|
||||
get_prop(domain, exported2_vold_prop)
|
||||
get_prop(domain, exported3_default_prop)
|
||||
get_prop(domain, exported3_radio_prop)
|
||||
get_prop(domain, exported3_system_prop)
|
||||
get_prop(domain, vendor_default_prop)
|
||||
')
|
||||
compatible_property_only(`
|
||||
get_prop({coredomain appdomain shell}, core_property_type)
|
||||
get_prop({coredomain appdomain shell}, exported_dalvik_prop)
|
||||
get_prop({coredomain appdomain shell}, exported_ffs_prop)
|
||||
get_prop({coredomain appdomain shell}, exported_system_radio_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_config_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_radio_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_system_prop)
|
||||
get_prop({coredomain appdomain shell}, exported2_vold_prop)
|
||||
get_prop({coredomain appdomain shell}, exported3_default_prop)
|
||||
get_prop({coredomain appdomain shell}, exported3_radio_prop)
|
||||
get_prop({coredomain appdomain shell}, exported3_system_prop)
|
||||
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
|
||||
')
|
||||
|
||||
# Allow access to fsverity keyring.
|
||||
allow domain kernel:key search;
|
||||
# Allow access to keys in the fsverity keyring that were installed at boot.
|
||||
allow domain fsverity_init:key search;
|
||||
# For testing purposes, allow access to keys installed with su.
|
||||
userdebug_or_eng(`
|
||||
allow domain su:key search;
|
||||
')
|
||||
|
||||
# Limit ability to ptrace or read sensitive /proc/pid files of processes
|
||||
# with other UIDs to these whitelisted domains.
|
||||
neverallow {
|
||||
domain
|
||||
-vold
|
||||
userdebug_or_eng(`-llkd')
|
||||
-dumpstate
|
||||
userdebug_or_eng(`-incidentd')
|
||||
-storaged
|
||||
-system_server
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
} self:global_capability_class_set sys_ptrace;
|
||||
|
||||
# Limit ability to generate hardware unique device ID attestations to priv_apps
|
||||
neverallow { domain -priv_app } *:keystore_key gen_unique_id;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-vendor_init
|
||||
userdebug_or_eng(`-domain')
|
||||
} debugfs_tracing_debug:file no_rw_file_perms;
|
||||
|
||||
# System_server owns dropbox data, and init creates/restorecons the directory
|
||||
# Disallow direct access by other processes.
|
||||
neverallow { domain -init -system_server } dropbox_data_file:dir *;
|
||||
neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
|
||||
|
||||
###
|
||||
# Services should respect app sandboxes
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain
|
||||
-installd # creation of sandbox
|
||||
} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
|
||||
|
||||
# Only the following processes should be directly accessing private app
|
||||
# directories.
|
||||
neverallow {
|
||||
domain
|
||||
-adbd
|
||||
-appdomain
|
||||
-app_zygote
|
||||
-dexoptanalyzer
|
||||
-installd
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
-profman
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
-runas
|
||||
-system_server
|
||||
-viewcompiler
|
||||
} { privapp_data_file app_data_file }:dir *;
|
||||
|
||||
# Only apps should be modifying app data. installd is exempted for
|
||||
# restorecon and package install/uninstall.
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain
|
||||
-installd
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
} { privapp_data_file app_data_file }:dir ~r_dir_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain
|
||||
-app_zygote
|
||||
-installd
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
-rs # spawned by appdomain, so carryover the exception above
|
||||
} { privapp_data_file app_data_file }:file_class_set open;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain
|
||||
-installd # creation of sandbox
|
||||
} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-installd
|
||||
} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto };
|
||||
|
||||
# The staging directory contains APEX and APK files. It is important to ensure
|
||||
# that these files cannot be accessed by other domains to ensure that the files
|
||||
# do not change between system_server staging the files and apexd processing
|
||||
# the files.
|
||||
neverallow { domain -init -system_server -apexd -installd} staging_data_file:dir *;
|
||||
neverallow { domain -init -system_server -apexd -kernel -installd } staging_data_file:file *;
|
||||
neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
|
||||
# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
|
||||
# except for `link` and `unlink`.
|
||||
neverallow { domain -init -system_server } staging_data_file:file
|
||||
{ append create relabelfrom rename setattr write no_x_file_perms };
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain # for oemfs
|
||||
-bootanim # for oemfs
|
||||
-recovery # for /tmp/update_binary in tmpfs
|
||||
} { fs_type -rootfs }:file execute;
|
||||
|
||||
#
|
||||
# Assert that, to the extent possible, we're not loading executable content from
|
||||
# outside the rootfs or /system partition except for a few whitelisted domains.
|
||||
# Executable files loaded from /data is a persistence vector
|
||||
# we want to avoid. See
|
||||
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
|
||||
#
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain
|
||||
with_asan(`-asan_extract')
|
||||
-shell
|
||||
userdebug_or_eng(`-su')
|
||||
-system_server_startup # for memfd backed executable regions
|
||||
-app_zygote
|
||||
-webview_zygote
|
||||
-zygote
|
||||
userdebug_or_eng(`-mediaextractor')
|
||||
userdebug_or_eng(`-mediaswcodec')
|
||||
} {
|
||||
file_type
|
||||
-system_file_type
|
||||
-system_lib_file
|
||||
-system_linker_exec
|
||||
-vendor_file_type
|
||||
-exec_type
|
||||
-postinstall_file
|
||||
}:file execute;
|
||||
|
||||
# Only init is allowed to write cgroup.rc file
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-vendor_init
|
||||
} cgroup_rc_file:file no_w_file_perms;
|
||||
|
||||
# Only authorized processes should be writing to files in /data/dalvik-cache
|
||||
neverallow {
|
||||
domain
|
||||
-init # TODO: limit init to relabelfrom for files
|
||||
-zygote
|
||||
-installd
|
||||
-postinstall_dexopt
|
||||
-cppreopts
|
||||
-dex2oat
|
||||
-otapreopt_slot
|
||||
-art_apex_postinstall
|
||||
-art_apex_boot_integrity
|
||||
} dalvikcache_data_file:file no_w_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-installd
|
||||
-postinstall_dexopt
|
||||
-cppreopts
|
||||
-dex2oat
|
||||
-zygote
|
||||
-otapreopt_slot
|
||||
-art_apex_boot_integrity
|
||||
-art_apex_postinstall
|
||||
} dalvikcache_data_file:dir no_w_dir_perms;
|
||||
|
||||
# Minimize dac_override and dac_read_search.
|
||||
# Instead of granting them it is usually better to add the domain to
|
||||
# a Unix group or change the permissions of a file.
|
||||
define(`dac_override_allowed', `{
|
||||
dnsmasq
|
||||
dumpstate
|
||||
init
|
||||
installd
|
||||
install_recovery
|
||||
userdebug_or_eng(`llkd')
|
||||
lmkd
|
||||
netd
|
||||
perfprofd
|
||||
postinstall_dexopt
|
||||
recovery
|
||||
rss_hwm_reset
|
||||
sdcardd
|
||||
tee
|
||||
ueventd
|
||||
uncrypt
|
||||
vendor_init
|
||||
vold
|
||||
vold_prepare_subdirs
|
||||
zygote
|
||||
}')
|
||||
neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
|
||||
# Since the kernel checks dac_read_search before dac_override, domains that
|
||||
# have dac_override should also have dac_read_search to eliminate spurious
|
||||
# denials. Some domains have dac_read_search without having dac_override, so
|
||||
# this list should be a superset of the one above.
|
||||
neverallow ~{
|
||||
dac_override_allowed
|
||||
traced_probes
|
||||
userdebug_or_eng(`heapprofd')
|
||||
} self:global_capability_class_set dac_read_search;
|
||||
|
||||
# Limit what domains can mount filesystems or change their mount flags.
|
||||
# sdcard_type / vfat is exempt as a larger set of domains need
|
||||
# this capability, including device-specific domains.
|
||||
neverallow {
|
||||
domain
|
||||
-apexd
|
||||
recovery_only(`userdebug_or_eng(`-fastbootd')')
|
||||
-init
|
||||
-kernel
|
||||
-otapreopt_chroot
|
||||
-recovery
|
||||
-update_engine
|
||||
-vold
|
||||
-zygote
|
||||
} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
|
||||
|
||||
# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
|
||||
neverallow {
|
||||
domain
|
||||
userdebug_or_eng(`-domain')
|
||||
-kernel
|
||||
-gsid
|
||||
-init
|
||||
-recovery
|
||||
-ueventd
|
||||
-healthd
|
||||
-uncrypt
|
||||
-tee
|
||||
-hal_bootctl_server
|
||||
} self:global_capability_class_set sys_rawio;
|
|
@ -1,7 +0,0 @@
|
|||
typeattribute drmserver coredomain;
|
||||
|
||||
init_daemon_domain(drmserver)
|
||||
|
||||
type_transition drmserver apk_data_file:sock_file drmserver_socket;
|
||||
|
||||
typeattribute drmserver_socket coredomain_socket;
|
|
@ -1,52 +0,0 @@
|
|||
typeattribute dumpstate coredomain;
|
||||
|
||||
init_daemon_domain(dumpstate)
|
||||
|
||||
# Execute and transition to the vdc domain
|
||||
domain_auto_trans(dumpstate, vdc_exec, vdc)
|
||||
|
||||
# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
|
||||
allow dumpstate system_file:file lock;
|
||||
|
||||
allow dumpstate storaged_exec:file rx_file_perms;
|
||||
|
||||
# /data/misc/wmtrace for wm traces
|
||||
userdebug_or_eng(`
|
||||
allow dumpstate wm_trace_data_file:dir r_dir_perms;
|
||||
allow dumpstate wm_trace_data_file:file r_file_perms;
|
||||
')
|
||||
|
||||
# Allow dumpstate to make binder calls to incidentd
|
||||
binder_call(dumpstate, incidentd)
|
||||
|
||||
# Allow dumpstate to make binder calls to storaged service
|
||||
binder_call(dumpstate, storaged)
|
||||
|
||||
# Allow dumpstate to make binder calls to statsd
|
||||
binder_call(dumpstate, statsd)
|
||||
|
||||
# Allow dumpstate to talk to gpuservice over binder
|
||||
binder_call(dumpstate, gpuservice);
|
||||
|
||||
# Allow dumpstate to talk to idmap over binder
|
||||
binder_call(dumpstate, idmap);
|
||||
|
||||
# Collect metrics on boot time created by init
|
||||
get_prop(dumpstate, boottime_prop)
|
||||
|
||||
# Signal native processes to dump their stack.
|
||||
allow dumpstate {
|
||||
statsd
|
||||
netd
|
||||
}:process signal;
|
||||
|
||||
# For collecting bugreports.
|
||||
allow dumpstate debugfs_wakeup_sources:file r_file_perms;
|
||||
allow dumpstate dev_type:blk_file getattr;
|
||||
allow dumpstate webview_zygote:process signal;
|
||||
dontaudit dumpstate perfprofd:binder call;
|
||||
dontaudit dumpstate update_engine:binder call;
|
||||
allow dumpstate proc_net_tcp_udp:file r_file_perms;
|
||||
|
||||
# For comminucating with the system process to do confirmation ui.
|
||||
binder_call(dumpstate, incidentcompanion_service)
|
|
@ -1,102 +0,0 @@
|
|||
###
|
||||
### Ephemeral apps.
|
||||
###
|
||||
### This file defines the security policy for apps with the ephemeral
|
||||
### feature.
|
||||
###
|
||||
### The ephemeral_app domain is a reduced permissions sandbox allowing
|
||||
### ephemeral applications to be safely installed and run. Non ephemeral
|
||||
### applications may also opt-in to ephemeral to take advantage of the
|
||||
### additional security features.
|
||||
###
|
||||
### PackageManager flags an app as ephemeral at install time.
|
||||
|
||||
typeattribute ephemeral_app coredomain;
|
||||
|
||||
net_domain(ephemeral_app)
|
||||
app_domain(ephemeral_app)
|
||||
|
||||
# Allow ephemeral apps to read/write files in visible storage if provided fds
|
||||
allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr ioctl lock append};
|
||||
|
||||
# Some apps ship with shared libraries and binaries that they write out
|
||||
# to their sandbox directory and then execute.
|
||||
allow ephemeral_app privapp_data_file:file { r_file_perms execute };
|
||||
allow ephemeral_app app_data_file:file { r_file_perms execute };
|
||||
|
||||
# Follow priv-app symlinks. This is used for dynamite functionality.
|
||||
allow ephemeral_app privapp_data_file:lnk_file r_file_perms;
|
||||
|
||||
# Allow the renderscript compiler to be run.
|
||||
domain_auto_trans(ephemeral_app, rs_exec, rs)
|
||||
|
||||
# Allow loading and deleting shared libraries created by trusted system
|
||||
# components within an application home directory.
|
||||
allow ephemeral_app app_exec_data_file:file { r_file_perms execute unlink };
|
||||
|
||||
# services
|
||||
allow ephemeral_app audioserver_service:service_manager find;
|
||||
allow ephemeral_app cameraserver_service:service_manager find;
|
||||
allow ephemeral_app mediaserver_service:service_manager find;
|
||||
allow ephemeral_app mediaextractor_service:service_manager find;
|
||||
allow ephemeral_app mediacodec_service:service_manager find;
|
||||
allow ephemeral_app mediametrics_service:service_manager find;
|
||||
allow ephemeral_app mediadrmserver_service:service_manager find;
|
||||
allow ephemeral_app drmserver_service:service_manager find;
|
||||
allow ephemeral_app radio_service:service_manager find;
|
||||
allow ephemeral_app ephemeral_app_api_service:service_manager find;
|
||||
allow ephemeral_app gpu_service:service_manager find;
|
||||
|
||||
# Allow ephemeral apps to interact with gpuservice
|
||||
binder_call(ephemeral_app, gpuservice)
|
||||
|
||||
# Write app-specific trace data to the Perfetto traced damon. This requires
|
||||
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
|
||||
allow ephemeral_app traced:fd use;
|
||||
allow ephemeral_app traced_tmpfs:file { read write getattr map };
|
||||
unix_socket_connect(ephemeral_app, traced_producer, traced)
|
||||
|
||||
# Allow heap profiling if the app opts in by being marked
|
||||
# profileable/debuggable.
|
||||
can_profile_heap(ephemeral_app)
|
||||
|
||||
# allow ephemeral apps to use UDP sockets provided by the system server but not
|
||||
# modify them other than to connect
|
||||
allow ephemeral_app system_server:udp_socket {
|
||||
connect getattr read recvfrom sendto write getopt setopt };
|
||||
|
||||
allow ephemeral_app ashmem_device:chr_file rw_file_perms;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
||||
neverallow ephemeral_app { app_data_file privapp_data_file }:file execute_no_trans;
|
||||
|
||||
# Receive or send uevent messages.
|
||||
neverallow ephemeral_app domain:netlink_kobject_uevent_socket *;
|
||||
|
||||
# Receive or send generic netlink messages
|
||||
neverallow ephemeral_app domain:netlink_socket *;
|
||||
|
||||
# Too much leaky information in debugfs. It's a security
|
||||
# best practice to ensure these files aren't readable.
|
||||
neverallow ephemeral_app debugfs:file read;
|
||||
|
||||
# execute gpu_device
|
||||
neverallow ephemeral_app gpu_device:chr_file execute;
|
||||
|
||||
# access files in /sys with the default sysfs label
|
||||
neverallow ephemeral_app sysfs:file *;
|
||||
|
||||
# Avoid reads from generically labeled /proc files
|
||||
# Create a more specific label if needed
|
||||
neverallow ephemeral_app proc:file { no_rw_file_perms no_x_file_perms };
|
||||
|
||||
# Directly access external storage
|
||||
neverallow ephemeral_app { sdcard_type media_rw_data_file }:file {open create};
|
||||
neverallow ephemeral_app { sdcard_type media_rw_data_file }:dir search;
|
||||
|
||||
# Avoid reads to proc_net, it contains too much device wide information about
|
||||
# ongoing connections.
|
||||
neverallow ephemeral_app proc_net:file no_rw_file_perms;
|
|
@ -1 +0,0 @@
|
|||
typeattribute fastbootd coredomain;
|
|
@ -1,22 +0,0 @@
|
|||
# /proc/config.gz
|
||||
type config_gz, fs_type, proc_type;
|
||||
|
||||
# /data/misc/storaged
|
||||
type storaged_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /data/misc/wmtrace for wm traces
|
||||
type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /data/misc/perfetto-traces for perfetto traces
|
||||
type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
|
||||
type debugfs_kcov, fs_type, debugfs_type;
|
||||
|
||||
# App executable files in /data/data directories
|
||||
type app_exec_data_file, file_type, data_file_type, core_data_file_type;
|
||||
typealias app_exec_data_file alias rs_data_file;
|
||||
|
||||
# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
|
||||
# of application data.
|
||||
type rollback_data_file, file_type, data_file_type, core_data_file_type;
|
|
@ -1,652 +0,0 @@
|
|||
###########################################
|
||||
# Root
|
||||
/ u:object_r:rootfs:s0
|
||||
|
||||
# Data files
|
||||
/adb_keys u:object_r:adb_keys_file:s0
|
||||
/build\.prop u:object_r:rootfs:s0
|
||||
/default\.prop u:object_r:rootfs:s0
|
||||
/fstab\..* u:object_r:rootfs:s0
|
||||
/init\..* u:object_r:rootfs:s0
|
||||
/res(/.*)? u:object_r:rootfs:s0
|
||||
/selinux_version u:object_r:rootfs:s0
|
||||
/ueventd\..* u:object_r:rootfs:s0
|
||||
/verity_key u:object_r:rootfs:s0
|
||||
|
||||
# Executables
|
||||
/init u:object_r:init_exec:s0
|
||||
/sbin(/.*)? u:object_r:rootfs:s0
|
||||
|
||||
# For kernel modules
|
||||
/lib(/.*)? u:object_r:rootfs:s0
|
||||
|
||||
# Empty directories
|
||||
/lost\+found u:object_r:rootfs:s0
|
||||
/acct u:object_r:cgroup:s0
|
||||
/config u:object_r:rootfs:s0
|
||||
/debug_ramdisk u:object_r:tmpfs:s0
|
||||
/mnt u:object_r:tmpfs:s0
|
||||
/postinstall u:object_r:postinstall_mnt_dir:s0
|
||||
/postinstall/apex u:object_r:postinstall_apex_mnt_dir:s0
|
||||
/proc u:object_r:rootfs:s0
|
||||
/sys u:object_r:sysfs:s0
|
||||
/apex u:object_r:apex_mnt_dir:s0
|
||||
|
||||
# Symlinks
|
||||
/bin u:object_r:rootfs:s0
|
||||
/bugreports u:object_r:rootfs:s0
|
||||
/charger u:object_r:rootfs:s0
|
||||
/d u:object_r:rootfs:s0
|
||||
/etc u:object_r:rootfs:s0
|
||||
/sdcard u:object_r:rootfs:s0
|
||||
|
||||
# SELinux policy files
|
||||
/vendor_file_contexts u:object_r:file_contexts_file:s0
|
||||
/nonplat_file_contexts u:object_r:file_contexts_file:s0
|
||||
/plat_file_contexts u:object_r:file_contexts_file:s0
|
||||
/product_file_contexts u:object_r:file_contexts_file:s0
|
||||
/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
/nonplat_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
/plat_property_contexts u:object_r:property_contexts_file:s0
|
||||
/product_property_contexts u:object_r:property_contexts_file:s0
|
||||
/nonplat_property_contexts u:object_r:property_contexts_file:s0
|
||||
/vendor_property_contexts u:object_r:property_contexts_file:s0
|
||||
/seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/vendor_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/sepolicy u:object_r:sepolicy_file:s0
|
||||
/plat_service_contexts u:object_r:service_contexts_file:s0
|
||||
/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
# Use nonplat_service_contexts_file to allow servicemanager to read it
|
||||
# on non full-treble devices.
|
||||
/vendor_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/vendor_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/vndservice_contexts u:object_r:vndservice_contexts_file:s0
|
||||
|
||||
##########################
|
||||
# Devices
|
||||
#
|
||||
/dev(/.*)? u:object_r:device:s0
|
||||
/dev/adf[0-9]* u:object_r:graphics_device:s0
|
||||
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
||||
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
||||
/dev/ashmem u:object_r:ashmem_device:s0
|
||||
/dev/audio.* u:object_r:audio_device:s0
|
||||
/dev/binder u:object_r:binder_device:s0
|
||||
/dev/block(/.*)? u:object_r:block_device:s0
|
||||
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
|
||||
/dev/block/loop[0-9]* u:object_r:loop_device:s0
|
||||
/dev/block/vold/.+ u:object_r:vold_device:s0
|
||||
/dev/block/ram[0-9]* u:object_r:ram_device:s0
|
||||
/dev/block/zram[0-9]* u:object_r:ram_device:s0
|
||||
/dev/bus/usb(.*)? u:object_r:usb_device:s0
|
||||
/dev/console u:object_r:console_device:s0
|
||||
/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0
|
||||
/dev/device-mapper u:object_r:dm_device:s0
|
||||
/dev/eac u:object_r:audio_device:s0
|
||||
/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0
|
||||
/dev/cgroup_info(/.*)? u:object_r:cgroup_rc_file:s0
|
||||
/dev/fscklogs(/.*)? u:object_r:fscklogs:s0
|
||||
/dev/fuse u:object_r:fuse_device:s0
|
||||
/dev/graphics(/.*)? u:object_r:graphics_device:s0
|
||||
/dev/hw_random u:object_r:hw_random_device:s0
|
||||
/dev/hwbinder u:object_r:hwbinder_device:s0
|
||||
/dev/input(/.*)? u:object_r:input_device:s0
|
||||
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
|
||||
/dev/ion u:object_r:ion_device:s0
|
||||
/dev/keychord u:object_r:keychord_device:s0
|
||||
/dev/loop-control u:object_r:loop_control_device:s0
|
||||
/dev/modem.* u:object_r:radio_device:s0
|
||||
/dev/mtp_usb u:object_r:mtp_device:s0
|
||||
/dev/pmsg0 u:object_r:pmsg_device:s0
|
||||
/dev/pn544 u:object_r:nfc_device:s0
|
||||
/dev/port u:object_r:port_device:s0
|
||||
/dev/ppp u:object_r:ppp_device:s0
|
||||
/dev/ptmx u:object_r:ptmx_device:s0
|
||||
/dev/pvrsrvkm u:object_r:gpu_device:s0
|
||||
/dev/kmsg u:object_r:kmsg_device:s0
|
||||
/dev/kmsg_debug u:object_r:kmsg_debug_device:s0
|
||||
/dev/null u:object_r:null_device:s0
|
||||
/dev/nvhdcp1 u:object_r:video_device:s0
|
||||
/dev/random u:object_r:random_device:s0
|
||||
/dev/rpmsg-omx[0-9] u:object_r:rpmsg_device:s0
|
||||
/dev/rproc_user u:object_r:rpmsg_device:s0
|
||||
/dev/rtc[0-9] u:object_r:rtc_device:s0
|
||||
/dev/snd(/.*)? u:object_r:audio_device:s0
|
||||
/dev/socket(/.*)? u:object_r:socket_device:s0
|
||||
/dev/socket/adbd u:object_r:adbd_socket:s0
|
||||
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
|
||||
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
|
||||
/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0
|
||||
/dev/socket/lmkd u:object_r:lmkd_socket:s0
|
||||
/dev/socket/logd u:object_r:logd_socket:s0
|
||||
/dev/socket/logdr u:object_r:logdr_socket:s0
|
||||
/dev/socket/logdw u:object_r:logdw_socket:s0
|
||||
/dev/socket/statsdw u:object_r:statsdw_socket:s0
|
||||
/dev/socket/mdns u:object_r:mdns_socket:s0
|
||||
/dev/socket/mdnsd u:object_r:mdnsd_socket:s0
|
||||
/dev/socket/mtpd u:object_r:mtpd_socket:s0
|
||||
/dev/socket/netd u:object_r:netd_socket:s0
|
||||
/dev/socket/pdx/system/buffer_hub u:object_r:pdx_bufferhub_dir:s0
|
||||
/dev/socket/pdx/system/buffer_hub/client u:object_r:pdx_bufferhub_client_endpoint_socket:s0
|
||||
/dev/socket/pdx/system/performance u:object_r:pdx_performance_dir:s0
|
||||
/dev/socket/pdx/system/performance/client u:object_r:pdx_performance_client_endpoint_socket:s0
|
||||
/dev/socket/pdx/system/vr/display u:object_r:pdx_display_dir:s0
|
||||
/dev/socket/pdx/system/vr/display/client u:object_r:pdx_display_client_endpoint_socket:s0
|
||||
/dev/socket/pdx/system/vr/display/manager u:object_r:pdx_display_manager_endpoint_socket:s0
|
||||
/dev/socket/pdx/system/vr/display/screenshot u:object_r:pdx_display_screenshot_endpoint_socket:s0
|
||||
/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0
|
||||
/dev/socket/property_service u:object_r:property_socket:s0
|
||||
/dev/socket/racoon u:object_r:racoon_socket:s0
|
||||
/dev/socket/recovery u:object_r:recovery_socket:s0
|
||||
/dev/socket/rild u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
|
||||
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
|
||||
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
|
||||
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
|
||||
/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
|
||||
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
|
||||
/dev/socket/heapprofd u:object_r:heapprofd_socket:s0
|
||||
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
|
||||
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
|
||||
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
|
||||
/dev/socket/zygote u:object_r:zygote_socket:s0
|
||||
/dev/socket/zygote_secondary u:object_r:zygote_socket:s0
|
||||
/dev/socket/blastula_pool u:object_r:zygote_socket:s0
|
||||
/dev/socket/blastula_pool_secondary u:object_r:zygote_socket:s0
|
||||
/dev/spdif_out.* u:object_r:audio_device:s0
|
||||
/dev/tty u:object_r:owntty_device:s0
|
||||
/dev/tty[0-9]* u:object_r:tty_device:s0
|
||||
/dev/ttyS[0-9]* u:object_r:serial_device:s0
|
||||
/dev/tun u:object_r:tun_device:s0
|
||||
/dev/uhid u:object_r:uhid_device:s0
|
||||
/dev/uinput u:object_r:uhid_device:s0
|
||||
/dev/uio[0-9]* u:object_r:uio_device:s0
|
||||
/dev/urandom u:object_r:random_device:s0
|
||||
/dev/usb_accessory u:object_r:usbaccessory_device:s0
|
||||
/dev/v4l-touch[0-9]* u:object_r:input_device:s0
|
||||
/dev/video[0-9]* u:object_r:video_device:s0
|
||||
/dev/vndbinder u:object_r:vndbinder_device:s0
|
||||
/dev/watchdog u:object_r:watchdog_device:s0
|
||||
/dev/xt_qtaguid u:object_r:qtaguid_device:s0
|
||||
/dev/zero u:object_r:zero_device:s0
|
||||
/dev/__properties__ u:object_r:properties_device:s0
|
||||
/dev/__properties__/property_info u:object_r:property_info:s0
|
||||
#############################
|
||||
# System files
|
||||
#
|
||||
/system(/.*)? u:object_r:system_file:s0
|
||||
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
||||
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
|
||||
/system/bin/atrace u:object_r:atrace_exec:s0
|
||||
/system/bin/ashmemd u:object_r:ashmemd_exec:s0
|
||||
/system/bin/auditctl u:object_r:auditctl_exec:s0
|
||||
/system/bin/bcc u:object_r:rs_exec:s0
|
||||
/system/bin/blank_screen u:object_r:blank_screen_exec:s0
|
||||
/system/bin/charger u:object_r:charger_exec:s0
|
||||
/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
|
||||
/system/bin/mke2fs u:object_r:e2fs_exec:s0
|
||||
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
|
||||
/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0
|
||||
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
|
||||
/system/bin/init u:object_r:init_exec:s0
|
||||
# TODO(/123600489): merge mini-keyctl into toybox
|
||||
/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0
|
||||
/system/bin/fsverity_init u:object_r:fsverity_init_exec:s0
|
||||
/system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0
|
||||
/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0
|
||||
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
|
||||
/system/bin/tcpdump -- u:object_r:tcpdump_exec:s0
|
||||
/system/bin/tune2fs -- u:object_r:fsck_exec:s0
|
||||
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
|
||||
/system/bin/toybox -- u:object_r:toolbox_exec:s0
|
||||
/system/bin/ld\.mc u:object_r:rs_exec:s0
|
||||
/system/bin/logcat -- u:object_r:logcat_exec:s0
|
||||
/system/bin/logcatd -- u:object_r:logcat_exec:s0
|
||||
/system/bin/sh -- u:object_r:shell_exec:s0
|
||||
/system/bin/run-as -- u:object_r:runas_exec:s0
|
||||
/system/bin/bootanimation u:object_r:bootanim_exec:s0
|
||||
/system/bin/bootstat u:object_r:bootstat_exec:s0
|
||||
/system/bin/app_process32 u:object_r:zygote_exec:s0
|
||||
/system/bin/app_process64 u:object_r:zygote_exec:s0
|
||||
/system/bin/servicemanager u:object_r:servicemanager_exec:s0
|
||||
/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0
|
||||
/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0
|
||||
/system/bin/gpuservice u:object_r:gpuservice_exec:s0
|
||||
/system/bin/bufferhubd u:object_r:bufferhubd_exec:s0
|
||||
/system/bin/performanced u:object_r:performanced_exec:s0
|
||||
/system/bin/drmserver u:object_r:drmserver_exec:s0
|
||||
/system/bin/dumpstate u:object_r:dumpstate_exec:s0
|
||||
/system/bin/incident u:object_r:incident_exec:s0
|
||||
/system/bin/incidentd u:object_r:incidentd_exec:s0
|
||||
/system/bin/incident_helper u:object_r:incident_helper_exec:s0
|
||||
/system/bin/iw u:object_r:iw_exec:s0
|
||||
/system/bin/netutils-wrapper-1\.0 u:object_r:netutils_wrapper_exec:s0
|
||||
/system/bin/vold u:object_r:vold_exec:s0
|
||||
/system/bin/netd u:object_r:netd_exec:s0
|
||||
/system/bin/wificond u:object_r:wificond_exec:s0
|
||||
/system/bin/audioserver u:object_r:audioserver_exec:s0
|
||||
/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
|
||||
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
|
||||
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
|
||||
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
|
||||
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
|
||||
/system/bin/mediaswcodec u:object_r:mediaswcodec_exec:s0
|
||||
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
|
||||
/system/bin/installd u:object_r:installd_exec:s0
|
||||
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
|
||||
/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0
|
||||
/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0
|
||||
/system/bin/keystore u:object_r:keystore_exec:s0
|
||||
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
|
||||
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
|
||||
/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0
|
||||
/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0
|
||||
/system/bin/tombstoned u:object_r:tombstoned_exec:s0
|
||||
/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0
|
||||
/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
|
||||
/system/bin/sdcard u:object_r:sdcardd_exec:s0
|
||||
/system/bin/dhcpcd u:object_r:dhcp_exec:s0
|
||||
/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0
|
||||
/system/bin/mtpd u:object_r:mtp_exec:s0
|
||||
/system/bin/pppd u:object_r:ppp_exec:s0
|
||||
/system/bin/racoon u:object_r:racoon_exec:s0
|
||||
/system/xbin/su u:object_r:su_exec:s0
|
||||
/system/bin/perfprofd u:object_r:perfprofd_exec:s0
|
||||
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
|
||||
/system/bin/healthd u:object_r:healthd_exec:s0
|
||||
/system/bin/clatd u:object_r:clatd_exec:s0
|
||||
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
|
||||
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
|
||||
/system/bin/llkd u:object_r:llkd_exec:s0
|
||||
/system/bin/lmkd u:object_r:lmkd_exec:s0
|
||||
/system/bin/usbd u:object_r:usbd_exec:s0
|
||||
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
|
||||
/system/bin/logd u:object_r:logd_exec:s0
|
||||
/system/bin/lpdumpd u:object_r:lpdumpd_exec:s0
|
||||
/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0
|
||||
/system/bin/perfetto u:object_r:perfetto_exec:s0
|
||||
/system/bin/traced u:object_r:traced_exec:s0
|
||||
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
|
||||
/system/bin/heapprofd u:object_r:heapprofd_exec:s0
|
||||
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
|
||||
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
|
||||
/system/bin/logwrapper u:object_r:system_file:s0
|
||||
/system/bin/vdc u:object_r:vdc_exec:s0
|
||||
/system/bin/cppreopts\.sh u:object_r:cppreopts_exec:s0
|
||||
/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0
|
||||
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
|
||||
/system/bin/install-recovery\.sh u:object_r:install_recovery_exec:s0
|
||||
/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
|
||||
/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
|
||||
/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0
|
||||
/system/bin/profman(d)? u:object_r:profman_exec:s0
|
||||
/system/bin/iorapd u:object_r:iorapd_exec:s0
|
||||
/system/bin/sgdisk u:object_r:sgdisk_exec:s0
|
||||
/system/bin/blkid u:object_r:blkid_exec:s0
|
||||
/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
|
||||
/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
|
||||
/system/bin/idmap u:object_r:idmap_exec:s0
|
||||
/system/bin/idmap2(d)? u:object_r:idmap_exec:s0
|
||||
/system/bin/update_engine u:object_r:update_engine_exec:s0
|
||||
/system/bin/storaged u:object_r:storaged_exec:s0
|
||||
/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
|
||||
/system/bin/wpantund u:object_r:wpantund_exec:s0
|
||||
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
|
||||
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
|
||||
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
|
||||
/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0
|
||||
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
|
||||
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
|
||||
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
|
||||
/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
|
||||
/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
|
||||
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
|
||||
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
|
||||
/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
|
||||
/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0
|
||||
/system/etc/selinux/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0
|
||||
/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
|
||||
/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0
|
||||
/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0
|
||||
/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0
|
||||
/system/bin/adbd u:object_r:adbd_exec:s0
|
||||
/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0
|
||||
/system/bin/stats u:object_r:stats_exec:s0
|
||||
/system/bin/statsd u:object_r:statsd_exec:s0
|
||||
/system/bin/bpfloader u:object_r:bpfloader_exec:s0
|
||||
/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0
|
||||
/system/bin/watchdogd u:object_r:watchdogd_exec:s0
|
||||
/system/bin/apexd u:object_r:apexd_exec:s0
|
||||
/system/bin/gsid u:object_r:gsid_exec:s0
|
||||
/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
|
||||
/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0
|
||||
|
||||
#############################
|
||||
# Vendor files
|
||||
#
|
||||
/(vendor|system/vendor)(/.*)? u:object_r:vendor_file:s0
|
||||
/(vendor|system/vendor)/bin/sh u:object_r:vendor_shell_exec:s0
|
||||
/(vendor|system/vendor)/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0
|
||||
/(vendor|system/vendor)/bin/toolbox u:object_r:vendor_toolbox_exec:s0
|
||||
/(vendor|system/vendor)/etc(/.*)? u:object_r:vendor_configs_file:s0
|
||||
/(vendor|system/vendor)/etc/cgroups\.json u:object_r:vendor_cgroup_desc_file:s0
|
||||
/(vendor|system/vendor)/etc/task_profiles\.json u:object_r:vendor_task_profiles_file:s0
|
||||
|
||||
/(vendor|system/vendor)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0
|
||||
|
||||
/(vendor|system/vendor)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0
|
||||
|
||||
/(vendor|system/vendor)/manifest\.xml u:object_r:vendor_configs_file:s0
|
||||
/(vendor|system/vendor)/compatibility_matrix\.xml u:object_r:vendor_configs_file:s0
|
||||
/(vendor|system/vendor)/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0
|
||||
/(vendor|system/vendor)/app(/.*)? u:object_r:vendor_app_file:s0
|
||||
/(vendor|system/vendor)/priv-app(/.*)? u:object_r:vendor_app_file:s0
|
||||
/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
|
||||
|
||||
/vendor/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
|
||||
|
||||
# HAL location
|
||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
|
||||
#############################
|
||||
# OEM and ODM files
|
||||
#
|
||||
/(odm|vendor/odm)(/.*)? u:object_r:vendor_file:s0
|
||||
/(odm|vendor/odm)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0
|
||||
/(odm|vendor/odm)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
/(odm|vendor/odm)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0
|
||||
/(odm|vendor/odm)/bin/sh u:object_r:vendor_shell_exec:s0
|
||||
/(odm|vendor/odm)/etc(/.*)? u:object_r:vendor_configs_file:s0
|
||||
/(odm|vendor/odm)/app(/.*)? u:object_r:vendor_app_file:s0
|
||||
/(odm|vendor/odm)/priv-app(/.*)? u:object_r:vendor_app_file:s0
|
||||
/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0
|
||||
|
||||
# Input configuration
|
||||
/(odm|vendor|vendor/odm)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0
|
||||
/(odm|vendor|vendor/odm)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0
|
||||
/(odm|vendor|vendor/odm)/usr/idc(/.*)?\.idc u:object_r:vendor_idc_file:s0
|
||||
|
||||
/oem(/.*)? u:object_r:oemfs:s0
|
||||
/oem/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
|
||||
# The precompiled monolithic sepolicy will be under /odm only when
|
||||
# BOARD_USES_ODMIMAGE is true: a separate odm.img is built.
|
||||
/odm/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0
|
||||
/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
|
||||
|
||||
/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
/(odm|vendor/odm)/etc/selinux/odm_file_contexts u:object_r:file_contexts_file:s0
|
||||
/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/(odm|vendor/odm)/etc/selinux/odm_property_contexts u:object_r:property_contexts_file:s0
|
||||
/(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml u:object_r:mac_perms_file:s0
|
||||
|
||||
#############################
|
||||
# Product files
|
||||
#
|
||||
/(product|system/product)(/.*)? u:object_r:system_file:s0
|
||||
/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
|
||||
/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0
|
||||
/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
|
||||
/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0
|
||||
/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0
|
||||
|
||||
#############################
|
||||
# Product-Services files
|
||||
#
|
||||
/(product_services|system/product_services)(/.*)? u:object_r:system_file:s0
|
||||
/(product_services|system/product_services)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
|
||||
#############################
|
||||
# Vendor files from /(product|system/product)/vendor_overlay
|
||||
#
|
||||
# NOTE: For additional vendor file contexts for vendor overlay files,
|
||||
# use device specific file_contexts.
|
||||
#
|
||||
/(product|system/product)/vendor_overlay/[0-9]+/.* u:object_r:vendor_file:s0
|
||||
|
||||
#############################
|
||||
# Data files
|
||||
#
|
||||
# NOTE: When modifying existing label rules, changes may also need to
|
||||
# propagate to the "Expanded data files" section.
|
||||
#
|
||||
/data(/.*)? u:object_r:system_data_file:s0
|
||||
/data/system/packages\.list u:object_r:packages_list_file:s0
|
||||
/data/.layout_version u:object_r:install_data_file:s0
|
||||
/data/unencrypted(/.*)? u:object_r:unencrypted_data_file:s0
|
||||
/data/backup(/.*)? u:object_r:backup_data_file:s0
|
||||
/data/secure/backup(/.*)? u:object_r:backup_data_file:s0
|
||||
/data/system/ndebugsocket u:object_r:system_ndebug_socket:s0
|
||||
/data/drm(/.*)? u:object_r:drm_data_file:s0
|
||||
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
|
||||
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/data/ota(/.*)? u:object_r:ota_data_file:s0
|
||||
/data/ota_package(/.*)? u:object_r:ota_package_file:s0
|
||||
/data/adb(/.*)? u:object_r:adb_data_file:s0
|
||||
/data/anr(/.*)? u:object_r:anr_data_file:s0
|
||||
/data/apex(/.*)? u:object_r:apex_data_file:s0
|
||||
/data/apex/active/(.*)? u:object_r:staging_data_file:s0
|
||||
/data/apex/backup/(.*)? u:object_r:staging_data_file:s0
|
||||
/data/app(/.*)? u:object_r:apk_data_file:s0
|
||||
/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
|
||||
/data/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/data/app-private(/.*)? u:object_r:apk_private_data_file:s0
|
||||
/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0
|
||||
/data/gsi(/.*)? u:object_r:gsi_data_file:s0
|
||||
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
|
||||
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
|
||||
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
|
||||
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
|
||||
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
|
||||
/data/media(/.*)? u:object_r:media_rw_data_file:s0
|
||||
/data/mediadrm(/.*)? u:object_r:media_data_file:s0
|
||||
/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0
|
||||
/data/nativetest64(/.*)? u:object_r:nativetest_data_file:s0
|
||||
# This directory was removed after Q Beta 2, but we need to preserve labels for upgrading devices.
|
||||
/data/pkg_staging(/.*)? u:object_r:staging_data_file:s0
|
||||
/data/property(/.*)? u:object_r:property_data_file:s0
|
||||
/data/preloads(/.*)? u:object_r:preloads_data_file:s0
|
||||
/data/preloads/media(/.*)? u:object_r:preloads_media_file:s0
|
||||
/data/preloads/demo(/.*)? u:object_r:preloads_media_file:s0
|
||||
/data/server_configurable_flags(/.*)? u:object_r:server_configurable_flags_data_file:s0
|
||||
/data/app-staging(/.*)? u:object_r:staging_data_file:s0
|
||||
|
||||
# Misc data
|
||||
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
|
||||
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
|
||||
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
|
||||
/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0
|
||||
/data/misc/audiohal(/.*)? u:object_r:audiohal_data_file:s0
|
||||
/data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0
|
||||
/data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0
|
||||
/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
|
||||
/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0
|
||||
/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0
|
||||
/data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0
|
||||
/data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0
|
||||
/data/misc/camera(/.*)? u:object_r:camera_data_file:s0
|
||||
/data/misc/carrierid(/.*)? u:object_r:radio_data_file:s0
|
||||
/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0
|
||||
/data/misc/dhcp-6\.8\.2(/.*)? u:object_r:dhcp_data_file:s0
|
||||
/data/misc/gatekeeper(/.*)? u:object_r:gatekeeper_data_file:s0
|
||||
/data/misc/incidents(/.*)? u:object_r:incident_data_file:s0
|
||||
/data/misc/keychain(/.*)? u:object_r:keychain_data_file:s0
|
||||
/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0
|
||||
/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0
|
||||
/data/misc/media(/.*)? u:object_r:media_data_file:s0
|
||||
/data/misc/net(/.*)? u:object_r:net_data_file:s0
|
||||
/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
|
||||
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
|
||||
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
|
||||
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
|
||||
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
|
||||
/data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0
|
||||
/data/misc/stats-data(/.*)? u:object_r:stats_data_file:s0
|
||||
/data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0
|
||||
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
|
||||
/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
|
||||
/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0
|
||||
/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
|
||||
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
|
||||
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
|
||||
/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0
|
||||
/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0
|
||||
/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
|
||||
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0
|
||||
/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
|
||||
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
|
||||
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
|
||||
/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
|
||||
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
|
||||
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
|
||||
/data/misc/wmtrace(/.*)? u:object_r:wm_trace_data_file:s0
|
||||
# TODO(calin) label profile reference differently so that only
|
||||
# profman run as a special user can write to them
|
||||
/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0
|
||||
/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0
|
||||
/data/misc/profman(/.*)? u:object_r:profman_dump_data_file:s0
|
||||
/data/vendor(/.*)? u:object_r:vendor_data_file:s0
|
||||
/data/vendor_ce(/.*)? u:object_r:vendor_data_file:s0
|
||||
/data/vendor_de(/.*)? u:object_r:vendor_data_file:s0
|
||||
|
||||
# storaged proto files
|
||||
/data/misc_de/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0
|
||||
/data/misc_ce/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0
|
||||
|
||||
# Fingerprint data
|
||||
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
|
||||
|
||||
# Fingerprint vendor data file
|
||||
/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
|
||||
# Face vendor data file
|
||||
/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
|
||||
|
||||
# Iris vendor data file
|
||||
/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0
|
||||
|
||||
# Bootchart data
|
||||
/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
|
||||
|
||||
# App data snapshots (managed by installd).
|
||||
/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
|
||||
/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
|
||||
|
||||
#############################
|
||||
# Expanded data files
|
||||
#
|
||||
/mnt/expand(/.*)? u:object_r:mnt_expand_file:s0
|
||||
/mnt/expand/[^/]+(/.*)? u:object_r:system_data_file:s0
|
||||
/mnt/expand/[^/]+/app(/.*)? u:object_r:apk_data_file:s0
|
||||
/mnt/expand/[^/]+/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
|
||||
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
/mnt/expand/[^/]+/local/tmp(/.*)? u:object_r:shell_data_file:s0
|
||||
/mnt/expand/[^/]+/media(/.*)? u:object_r:media_rw_data_file:s0
|
||||
/mnt/expand/[^/]+/misc/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
|
||||
# coredump directory for userdebug/eng devices
|
||||
/cores(/.*)? u:object_r:coredump_file:s0
|
||||
|
||||
# Wallpaper files
|
||||
/data/system/users/[0-9]+/wallpaper_lock_orig u:object_r:wallpaper_file:s0
|
||||
/data/system/users/[0-9]+/wallpaper_lock u:object_r:wallpaper_file:s0
|
||||
/data/system/users/[0-9]+/wallpaper_orig u:object_r:wallpaper_file:s0
|
||||
/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0
|
||||
|
||||
# Ringtone files
|
||||
/data/system_de/[0-9]+/ringtones(/.*)? u:object_r:ringtone_file:s0
|
||||
|
||||
# ShortcutManager icons, e.g.
|
||||
# /data/system_ce/0/shortcut_service/bitmaps/com.example.app/1457472879282.png
|
||||
/data/system_ce/[0-9]+/shortcut_service/bitmaps(/.*)? u:object_r:shortcut_manager_icons:s0
|
||||
|
||||
# User icon files
|
||||
/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0
|
||||
|
||||
# vold per-user data
|
||||
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
|
||||
# iorapd per-user data
|
||||
/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0
|
||||
|
||||
# Backup service persistent per-user bookkeeping
|
||||
/data/system_ce/[0-9]+/backup(/.*)? u:object_r:backup_data_file:s0
|
||||
# Backup service temporary per-user data for inter-change with apps
|
||||
/data/system_ce/[0-9]+/backup_stage(/.*)? u:object_r:backup_data_file:s0
|
||||
|
||||
#############################
|
||||
# efs files
|
||||
#
|
||||
/efs(/.*)? u:object_r:efs_file:s0
|
||||
|
||||
#############################
|
||||
# Cache files
|
||||
#
|
||||
/cache(/.*)? u:object_r:cache_file:s0
|
||||
/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
|
||||
# General backup/restore interchange with apps
|
||||
/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0
|
||||
# LocalTransport (backup) uses this subtree
|
||||
/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
|
||||
|
||||
#############################
|
||||
# Overlayfs support directories
|
||||
#
|
||||
/cache/overlay(/.*)? u:object_r:overlayfs_file:s0
|
||||
/mnt/scratch(/.*)? u:object_r:overlayfs_file:s0
|
||||
|
||||
/data/cache(/.*)? u:object_r:cache_file:s0
|
||||
/data/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
|
||||
# General backup/restore interchange with apps
|
||||
/data/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0
|
||||
# LocalTransport (backup) uses this subtree
|
||||
/data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
|
||||
|
||||
#############################
|
||||
# Metadata files
|
||||
#
|
||||
/metadata(/.*)? u:object_r:metadata_file:s0
|
||||
/metadata/apex(/.*)? u:object_r:apex_metadata_file:s0
|
||||
/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0
|
||||
/metadata/gsi(/.*)? u:object_r:gsi_metadata_file:s0
|
||||
/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0
|
||||
|
||||
#############################
|
||||
# asec containers
|
||||
/mnt/asec(/.*)? u:object_r:asec_apk_file:s0
|
||||
/mnt/asec/[^/]+/[^/]+\.zip u:object_r:asec_public_file:s0
|
||||
/mnt/asec/[^/]+/lib(/.*)? u:object_r:asec_public_file:s0
|
||||
/data/app-asec(/.*)? u:object_r:asec_image_file:s0
|
||||
|
||||
#############################
|
||||
# external storage
|
||||
/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0
|
||||
/mnt/user(/.*)? u:object_r:mnt_user_file:s0
|
||||
/mnt/runtime(/.*)? u:object_r:storage_file:s0
|
||||
/storage(/.*)? u:object_r:storage_file:s0
|
||||
|
||||
#############################
|
||||
# mount point for read-write vendor partitions
|
||||
/mnt/vendor(/.*)? u:object_r:mnt_vendor_file:s0
|
||||
|
||||
#############################
|
||||
# mount point for read-write product partitions
|
||||
/mnt/product(/.*)? u:object_r:mnt_product_file:s0
|
|
@ -1,12 +0,0 @@
|
|||
/data/asan/system/lib(/.*)? u:object_r:system_lib_file:s0
|
||||
/data/asan/system/lib64(/.*)? u:object_r:system_lib_file:s0
|
||||
/data/asan/vendor/lib(/.*)? u:object_r:system_lib_file:s0
|
||||
/data/asan/vendor/lib64(/.*)? u:object_r:system_lib_file:s0
|
||||
/data/asan/odm/lib(/.*)? u:object_r:system_lib_file:s0
|
||||
/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0
|
||||
/system/asan.options u:object_r:system_asan_options_file:s0
|
||||
/system/bin/asan_extract u:object_r:asan_extract_exec:s0
|
||||
/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0
|
||||
/system/bin/asan/app_process u:object_r:zygote_exec:s0
|
||||
/system/bin/asan/app_process32 u:object_r:zygote_exec:s0
|
||||
/system/bin/asan/app_process64 u:object_r:zygote_exec:s0
|
|
@ -1,9 +0,0 @@
|
|||
#############################
|
||||
# Overlayfs support directories for userdebug/eng devices
|
||||
#
|
||||
/cache/overlay/(system|product)/upper u:object_r:system_file:s0
|
||||
/cache/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
|
||||
/cache/overlay/oem/upper u:object_r:vendor_file:s0
|
||||
/mnt/scratch/overlay/(system|product)/upper u:object_r:system_file:s0
|
||||
/mnt/scratch/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
|
||||
/mnt/scratch/overlay/oem/upper u:object_r:vendor_file:s0
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute fingerprintd coredomain;
|
||||
|
||||
init_daemon_domain(fingerprintd)
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute flags_health_check coredomain;
|
||||
|
||||
init_daemon_domain(flags_health_check)
|
|
@ -1,25 +0,0 @@
|
|||
# Label inodes via getxattr.
|
||||
fs_use_xattr yaffs2 u:object_r:labeledfs:s0;
|
||||
fs_use_xattr jffs2 u:object_r:labeledfs:s0;
|
||||
fs_use_xattr ext2 u:object_r:labeledfs:s0;
|
||||
fs_use_xattr ext3 u:object_r:labeledfs:s0;
|
||||
fs_use_xattr ext4 u:object_r:labeledfs:s0;
|
||||
fs_use_xattr xfs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr btrfs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr f2fs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr squashfs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr overlay u:object_r:labeledfs:s0;
|
||||
fs_use_xattr erofs u:object_r:labeledfs:s0;
|
||||
|
||||
# Label inodes from task label.
|
||||
fs_use_task pipefs u:object_r:pipefs:s0;
|
||||
fs_use_task sockfs u:object_r:sockfs:s0;
|
||||
|
||||
# Label inodes from combination of task label and fs label.
|
||||
# Define type_transition rules if you want per-domain types.
|
||||
fs_use_trans devpts u:object_r:devpts:s0;
|
||||
fs_use_trans tmpfs u:object_r:tmpfs:s0;
|
||||
fs_use_trans devtmpfs u:object_r:device:s0;
|
||||
fs_use_trans shm u:object_r:shm:s0;
|
||||
fs_use_trans mqueue u:object_r:mqueue:s0;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
typeattribute fsck coredomain;
|
||||
|
||||
init_daemon_domain(fsck)
|
||||
|
||||
allow fsck metadata_block_device:blk_file rw_file_perms;
|
|
@ -1 +0,0 @@
|
|||
typeattribute fsck_untrusted coredomain;
|
|
@ -1,25 +0,0 @@
|
|||
type fsverity_init, domain, coredomain;
|
||||
type fsverity_init_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
init_daemon_domain(fsverity_init)
|
||||
|
||||
# Allow this shell script to run and execute toybox
|
||||
allow fsverity_init shell_exec:file rx_file_perms;
|
||||
allow fsverity_init toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Allow to read /proc/keys for searching key id.
|
||||
allow fsverity_init proc_keys:file r_file_perms;
|
||||
|
||||
# Kernel only prints the keys that can be accessed and only kernel keyring is needed here.
|
||||
dontaudit fsverity_init init:key view;
|
||||
dontaudit fsverity_init vold:key view;
|
||||
allow fsverity_init kernel:key { view search write setattr };
|
||||
allow fsverity_init fsverity_init:key { view search write };
|
||||
|
||||
# Allow init to write to /proc/sys/fs/verity/require_signatures
|
||||
allow fsverity_init proc_fs_verity:file w_file_perms;
|
||||
|
||||
# When kernel requests an algorithm, the crypto API first looks for an
|
||||
# already registered algorithm with that name. If it fails, the kernel creates
|
||||
# an implementation of the algorithm from templates.
|
||||
dontaudit fsverity_init kernel:system module_request;
|
|
@ -1,8 +0,0 @@
|
|||
type fwk_bufferhub, domain, coredomain;
|
||||
type fwk_bufferhub_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
hal_client_domain(fwk_bufferhub, hal_graphics_allocator)
|
||||
allow fwk_bufferhub ion_device:chr_file r_file_perms;
|
||||
|
||||
hal_server_domain(fwk_bufferhub, hal_bufferhub)
|
||||
init_daemon_domain(fwk_bufferhub)
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute gatekeeperd coredomain;
|
||||
|
||||
init_daemon_domain(gatekeeperd)
|
|
@ -1,296 +0,0 @@
|
|||
# Label inodes with the fs label.
|
||||
genfscon rootfs / u:object_r:rootfs:s0
|
||||
# proc labeling can be further refined (longest matching prefix).
|
||||
genfscon proc / u:object_r:proc:s0
|
||||
genfscon proc /asound u:object_r:proc_asound:s0
|
||||
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
|
||||
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
||||
genfscon proc /config.gz u:object_r:config_gz:s0
|
||||
genfscon proc /diskstats u:object_r:proc_diskstats:s0
|
||||
genfscon proc /filesystems u:object_r:proc_filesystems:s0
|
||||
genfscon proc /interrupts u:object_r:proc_interrupts:s0
|
||||
genfscon proc /iomem u:object_r:proc_iomem:s0
|
||||
genfscon proc /keys u:object_r:proc_keys:s0
|
||||
genfscon proc /kmsg u:object_r:proc_kmsg:s0
|
||||
genfscon proc /loadavg u:object_r:proc_loadavg:s0
|
||||
genfscon proc /meminfo u:object_r:proc_meminfo:s0
|
||||
genfscon proc /misc u:object_r:proc_misc:s0
|
||||
genfscon proc /modules u:object_r:proc_modules:s0
|
||||
genfscon proc /mounts u:object_r:proc_mounts:s0
|
||||
genfscon proc /net u:object_r:proc_net:s0
|
||||
genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0
|
||||
genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0
|
||||
genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
|
||||
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
|
||||
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
||||
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
|
||||
genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
|
||||
genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
|
||||
genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
|
||||
genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
|
||||
genfscon proc /softirqs u:object_r:proc_timer:s0
|
||||
genfscon proc /stat u:object_r:proc_stat:s0
|
||||
genfscon proc /swaps u:object_r:proc_swaps:s0
|
||||
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
||||
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
||||
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
||||
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
||||
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
||||
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
||||
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
|
||||
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
||||
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
|
||||
genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
|
||||
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
||||
genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
|
||||
genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
|
||||
genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0
|
||||
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
|
||||
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
|
||||
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
|
||||
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
|
||||
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
|
||||
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
|
||||
genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0
|
||||
genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0
|
||||
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
|
||||
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
|
||||
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
|
||||
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
|
||||
genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
|
||||
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
|
||||
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
|
||||
genfscon proc /sys/net u:object_r:proc_net:s0
|
||||
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
|
||||
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
|
||||
genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0
|
||||
genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0
|
||||
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
|
||||
genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
|
||||
genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
|
||||
genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
|
||||
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
|
||||
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
|
||||
genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
|
||||
genfscon proc /timer_list u:object_r:proc_timer:s0
|
||||
genfscon proc /timer_stats u:object_r:proc_timer:s0
|
||||
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
|
||||
genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
|
||||
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
|
||||
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
|
||||
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
|
||||
genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
|
||||
genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
|
||||
genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0
|
||||
genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0
|
||||
genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0
|
||||
genfscon proc /uptime u:object_r:proc_uptime:s0
|
||||
genfscon proc /version u:object_r:proc_version:s0
|
||||
genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
|
||||
genfscon proc /vmstat u:object_r:proc_vmstat:s0
|
||||
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
|
||||
|
||||
# selinuxfs booleans can be individually labeled.
|
||||
genfscon selinuxfs / u:object_r:selinuxfs:s0
|
||||
genfscon cgroup / u:object_r:cgroup:s0
|
||||
genfscon cgroup2 / u:object_r:cgroup_bpf:s0
|
||||
# sysfs labels can be set by userspace.
|
||||
genfscon sysfs / u:object_r:sysfs:s0
|
||||
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
|
||||
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
|
||||
genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0
|
||||
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
|
||||
genfscon sysfs /class/net u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
genfscon sysfs /class/rfkill/rfkill1/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
genfscon sysfs /class/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
|
||||
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
|
||||
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
|
||||
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
|
||||
genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
|
||||
genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
|
||||
genfscon sysfs /devices/virtual/block/loop u:object_r:sysfs_loop:s0
|
||||
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
|
||||
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
|
||||
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
||||
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
||||
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
||||
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
|
||||
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
|
||||
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
|
||||
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
|
||||
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/state u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
||||
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
||||
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
|
||||
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
|
||||
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
|
||||
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
|
||||
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
|
||||
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
|
||||
genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
|
||||
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
|
||||
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
|
||||
|
||||
genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
|
||||
genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0
|
||||
genfscon tracefs / u:object_r:debugfs_tracing_debug:s0
|
||||
genfscon debugfs /tracing/tracing_on u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /trace u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
|
||||
|
||||
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
|
||||
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
|
||||
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
||||
genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
||||
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
|
||||
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
|
||||
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
|
||||
|
||||
genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
||||
|
||||
genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
||||
|
||||
genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/sync/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/fence/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/dma_fence/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0
|
||||
|
||||
genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/options/record-tgid u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/fence/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/dma_fence/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0
|
||||
|
||||
genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
|
||||
|
||||
|
||||
genfscon inotifyfs / u:object_r:inotify:s0
|
||||
genfscon vfat / u:object_r:vfat:s0
|
||||
genfscon exfat / u:object_r:exfat:s0
|
||||
genfscon debugfs / u:object_r:debugfs:s0
|
||||
genfscon fuse / u:object_r:fuse:s0
|
||||
genfscon configfs / u:object_r:configfs:s0
|
||||
genfscon sdcardfs / u:object_r:sdcardfs:s0
|
||||
genfscon esdfs / u:object_r:sdcardfs:s0
|
||||
genfscon pstore / u:object_r:pstorefs:s0
|
||||
genfscon functionfs / u:object_r:functionfs:s0
|
||||
genfscon usbfs / u:object_r:usbfs:s0
|
||||
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
|
||||
genfscon bpf / u:object_r:fs_bpf:s0
|
|
@ -1,41 +0,0 @@
|
|||
# gpuservice - server for gpu stats and other gpu related services
|
||||
typeattribute gpuservice coredomain;
|
||||
type gpuservice_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(gpuservice)
|
||||
|
||||
binder_call(gpuservice, adbd)
|
||||
binder_call(gpuservice, shell)
|
||||
binder_use(gpuservice)
|
||||
|
||||
# Access the GPU.
|
||||
allow gpuservice gpu_device:chr_file rw_file_perms;
|
||||
|
||||
# GPU service will need to load GPU driver, for example Vulkan driver in order
|
||||
# to get the capability of the driver.
|
||||
allow gpuservice same_process_hal_file:file { open read getattr execute map };
|
||||
allow gpuservice ion_device:chr_file r_file_perms;
|
||||
get_prop(gpuservice, hwservicemanager_prop)
|
||||
hwbinder_use(gpuservice)
|
||||
|
||||
# Access /dev/graphics/fb0.
|
||||
allow gpuservice graphics_device:dir search;
|
||||
allow gpuservice graphics_device:chr_file rw_file_perms;
|
||||
|
||||
# Needed for dumpsys pipes.
|
||||
allow gpuservice shell:fifo_file write;
|
||||
|
||||
# Use socket supplied by adbd, for cmd gpu vkjson etc.
|
||||
allow gpuservice adbd:unix_stream_socket { read write getattr };
|
||||
|
||||
# Needed for interactive shell
|
||||
allow gpuservice devpts:chr_file { read write getattr };
|
||||
|
||||
# Needed for dumpstate to dumpsys gpu.
|
||||
allow gpuservice dumpstate:fd use;
|
||||
allow gpuservice dumpstate:fifo_file write;
|
||||
|
||||
add_service(gpuservice, gpu_service)
|
||||
|
||||
# Only uncomment below line when in development
|
||||
# userdebug_or_eng(`permissive gpuservice;')
|
|
@ -1,132 +0,0 @@
|
|||
# gsid - Manager for GSI Installation
|
||||
|
||||
type gsid, domain;
|
||||
type gsid_exec, exec_type, file_type, system_file_type;
|
||||
typeattribute gsid coredomain;
|
||||
|
||||
init_daemon_domain(gsid)
|
||||
|
||||
binder_use(gsid)
|
||||
binder_service(gsid)
|
||||
add_service(gsid, gsi_service)
|
||||
set_prop(gsid, gsid_prop)
|
||||
|
||||
# Needed to create/delete device-mapper nodes, and read/write to them.
|
||||
allow gsid dm_device:chr_file rw_file_perms;
|
||||
allow gsid dm_device:blk_file rw_file_perms;
|
||||
allow gsid self:global_capability_class_set sys_admin;
|
||||
dontaudit gsid self:global_capability_class_set dac_override;
|
||||
|
||||
# libfiemap_writer uses sysfs to derive the bottom of a device-mapper stacking.
|
||||
# This requires traversing /sys/block/dm-N/slaves/* and reading the list of
|
||||
# file names.
|
||||
allow gsid sysfs_dm:dir r_dir_perms;
|
||||
|
||||
# Needed to read fstab, which is used to validate that system verity does not
|
||||
# use check_once_at_most for sdcard installs. (Note: proc_cmdline is needed
|
||||
# to get the A/B slot suffix).
|
||||
allow gsid proc_cmdline:file r_file_perms;
|
||||
allow gsid sysfs_dt_firmware_android:dir r_dir_perms;
|
||||
allow gsid sysfs_dt_firmware_android:file r_file_perms;
|
||||
|
||||
# Needed to stat /data/gsi/* and realpath on /dev/block/by-name/*
|
||||
allow gsid block_device:dir r_dir_perms;
|
||||
|
||||
# liblp queries these block alignment properties.
|
||||
allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl {
|
||||
BLKIOMIN
|
||||
BLKALIGNOFF
|
||||
};
|
||||
|
||||
# When installing images to an sdcard, gsid needs to be able to stat() the
|
||||
# block device. gsid also calls realpath() to remove symlinks.
|
||||
allow gsid mnt_media_rw_file:dir r_dir_perms;
|
||||
|
||||
# When installing images to an sdcard, gsid must bypass sdcardfs and install
|
||||
# directly to vfat, which supports the FIBMAP ioctl.
|
||||
allow gsid vfat:dir rw_dir_perms;
|
||||
allow gsid vfat:file create_file_perms;
|
||||
allow gsid sdcard_block_device:blk_file r_file_perms;
|
||||
# This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this
|
||||
# requirement, but the kernel does not implement FIEMAP support for VFAT.
|
||||
allow gsid self:global_capability_class_set sys_rawio;
|
||||
|
||||
# gsi_tool passes the system image over the adb connection, via stdin.
|
||||
allow gsid adbd:fd use;
|
||||
# Needed when running gsi_tool through "su root" rather than adb root.
|
||||
allow gsid adbd:unix_stream_socket rw_socket_perms;
|
||||
|
||||
neverallow { domain -gsid -init } gsid_prop:property_service set;
|
||||
|
||||
# gsid needs to store images on /data, but cannot use file I/O. If it did, the
|
||||
# underlying blocks would be encrypted, and we couldn't mount the GSI image in
|
||||
# first-stage init. So instead of directly writing to /data, we:
|
||||
#
|
||||
# 1. fallocate a file large enough to hold the signed GSI
|
||||
# 2. extract its block layout with FIEMAP
|
||||
# 3. create a dm-linear device using the FIEMAP, targeting /dev/block/by-name/userdata
|
||||
# 4. write system_gsi into that dm device
|
||||
#
|
||||
# To make this process work, we need to unwrap the device-mapper stacking for
|
||||
# userdata to reach the underlying block device. To verify the result we use
|
||||
# stat(), which requires read access.
|
||||
allow gsid userdata_block_device:blk_file r_file_perms;
|
||||
|
||||
# gsid uses /metadata/gsi to communicate GSI boot information to first-stage
|
||||
# init. It cannot use userdata since data cannot be decrypted during this
|
||||
# stage.
|
||||
#
|
||||
# gsid uses /metadata/gsi to store three files:
|
||||
# install_status - A short string indicating whether a GSI image is bootable.
|
||||
# lp_metadata - LpMetadata blob describing the block ranges on userdata
|
||||
# where system_gsi resides.
|
||||
# booted - An empty file that, if exists, indicates that a GSI is
|
||||
# currently running.
|
||||
#
|
||||
allow gsid metadata_file:dir search;
|
||||
allow gsid gsi_metadata_file:dir rw_dir_perms;
|
||||
allow gsid gsi_metadata_file:file create_file_perms;
|
||||
|
||||
allow gsid gsi_data_file:dir rw_dir_perms;
|
||||
allow gsid gsi_data_file:file create_file_perms;
|
||||
allowxperm gsid gsi_data_file:file ioctl FS_IOC_FIEMAP;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-gsid
|
||||
-fastbootd
|
||||
-vold
|
||||
} gsi_metadata_file:dir *;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-gsid
|
||||
-fastbootd
|
||||
-vold
|
||||
} gsi_metadata_file:notdevfile_class_set ~{ relabelto getattr };
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-gsid
|
||||
-fastbootd
|
||||
-vold
|
||||
} { gsi_data_file gsi_metadata_file }:notdevfile_class_set *;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-gsid
|
||||
} gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-gsid
|
||||
} gsi_data_file:dir *;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-gsid
|
||||
} gsi_data_file:notdevfile_class_set ~{ relabelto getattr };
|
|
@ -1,8 +0,0 @@
|
|||
type hal_allocator_default, domain, coredomain;
|
||||
hal_server_domain(hal_allocator_default, hal_allocator)
|
||||
|
||||
type hal_allocator_default_exec, system_file_type, exec_type, file_type;
|
||||
init_daemon_domain(hal_allocator_default)
|
||||
|
||||
# To talk to ashmemd
|
||||
binder_use(hal_allocator_default)
|
|
@ -1,13 +0,0 @@
|
|||
###
|
||||
### Rules for all domains which are clients of a HAL
|
||||
###
|
||||
|
||||
# Find out whether a HAL in passthrough/in-process mode or
|
||||
# binderized/out-of-process mode
|
||||
hwbinder_use(halclientdomain)
|
||||
|
||||
# Used to wait for hwservicemanager
|
||||
get_prop(halclientdomain, hwservicemanager_prop)
|
||||
|
||||
# Wait for HAL server to be up (used by getService)
|
||||
allow halclientdomain hidl_manager_hwservice:hwservice_manager find;
|
|
@ -1,12 +0,0 @@
|
|||
###
|
||||
### Rules for all domains which offer a HAL service over HwBinder
|
||||
###
|
||||
|
||||
# Register the HAL service with hwservicemanager
|
||||
hwbinder_use(halserverdomain)
|
||||
|
||||
# Find HAL implementations
|
||||
allow halserverdomain system_file:dir r_dir_perms;
|
||||
|
||||
# Used to wait for hwservicemanager
|
||||
get_prop(halserverdomain, hwservicemanager_prop)
|
|
@ -1,6 +0,0 @@
|
|||
typeattribute healthd coredomain;
|
||||
|
||||
init_daemon_domain(healthd)
|
||||
|
||||
# Allow healthd to serve health HAL
|
||||
hal_server_domain(healthd, hal_health)
|
|
@ -1,77 +0,0 @@
|
|||
# Android heap profiling daemon. go/heapprofd.
|
||||
#
|
||||
# On user builds, this daemon is responsible for receiving the initial
|
||||
# profiling configuration, finding matching target processes (if profiling by
|
||||
# process name), and sending the activation signal to them (+ setting system
|
||||
# properties for new processes to start profiling from startup). When profiling
|
||||
# is triggered in a process, it spawns a private heapprofd subprocess (in its
|
||||
# own SELinux domain), which will exclusively handle profiling of its parent.
|
||||
#
|
||||
# On debug builds, this central daemon performs profiling for all target
|
||||
# processes (which talk directly to this daemon).
|
||||
type heapprofd_exec, exec_type, file_type, system_file_type;
|
||||
type heapprofd_tmpfs, file_type;
|
||||
|
||||
init_daemon_domain(heapprofd)
|
||||
tmpfs_domain(heapprofd)
|
||||
|
||||
# Allow apps in other MLS contexts (for multi-user) to access
|
||||
# shared memory buffers created by heapprofd.
|
||||
typeattribute heapprofd_tmpfs mlstrustedobject;
|
||||
|
||||
set_prop(heapprofd, heapprofd_prop);
|
||||
|
||||
# Necessary for /proc/[pid]/cmdline access & sending signals.
|
||||
typeattribute heapprofd mlstrustedsubject;
|
||||
|
||||
# Allow sending signals to processes. This excludes SIGKILL, SIGSTOP and
|
||||
# SIGCHLD, which are controlled by separate permissions.
|
||||
allow heapprofd self:capability kill;
|
||||
|
||||
# When scanning /proc/[pid]/cmdline to find matching processes for by-name
|
||||
# profiling, only whitelisted domains will be allowed by SELinux. Avoid
|
||||
# spamming logs with denials for entries that we can not access.
|
||||
dontaudit heapprofd domain:dir { search open };
|
||||
|
||||
# Write trace data to the Perfetto traced daemon. This requires connecting to
|
||||
# its producer socket and obtaining a (per-process) tmpfs fd.
|
||||
allow heapprofd traced:fd use;
|
||||
allow heapprofd traced_tmpfs:file { read write getattr map };
|
||||
unix_socket_connect(heapprofd, traced_producer, traced)
|
||||
|
||||
# When handling profiling for all processes, heapprofd needs to read
|
||||
# executables/libraries/etc to do stack unwinding.
|
||||
userdebug_or_eng(`
|
||||
r_dir_file(heapprofd, nativetest_data_file)
|
||||
r_dir_file(heapprofd, system_file_type)
|
||||
r_dir_file(heapprofd, apk_data_file)
|
||||
r_dir_file(heapprofd, dalvikcache_data_file)
|
||||
r_dir_file(heapprofd, vendor_file_type)
|
||||
# Some dex files are not world-readable.
|
||||
# We are still constrained by the SELinux rules above.
|
||||
allow heapprofd self:global_capability_class_set dac_read_search;
|
||||
|
||||
')
|
||||
|
||||
# This is going to happen on user but is benign because central heapprofd
|
||||
# does not actually need these permission.
|
||||
# If the dac_read_search capability check is rejected, the kernel then tries
|
||||
# to perform a dac_override capability check, so we need to dontaudit that
|
||||
# as well.
|
||||
dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override };
|
||||
|
||||
never_profile_heap(`{
|
||||
bpfloader
|
||||
init
|
||||
kernel
|
||||
keystore
|
||||
llkd
|
||||
logd
|
||||
ueventd
|
||||
vendor_init
|
||||
vold
|
||||
}')
|
||||
|
||||
full_treble_only(`
|
||||
neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms };
|
||||
')
|
|
@ -1,82 +0,0 @@
|
|||
android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
|
||||
android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0
|
||||
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
|
||||
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
|
||||
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
|
||||
android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0
|
||||
android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0
|
||||
android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
|
||||
android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
|
||||
android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
|
||||
android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0
|
||||
android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0
|
||||
android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0
|
||||
android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0
|
||||
android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
|
||||
android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0
|
||||
android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0
|
||||
android.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:object_r:hal_audio_hwservice:s0
|
||||
android.hardware.boot::IBootControl u:object_r:hal_bootctl_hwservice:s0
|
||||
android.hardware.broadcastradio::IBroadcastRadio u:object_r:hal_broadcastradio_hwservice:s0
|
||||
android.hardware.broadcastradio::IBroadcastRadioFactory u:object_r:hal_broadcastradio_hwservice:s0
|
||||
android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0
|
||||
android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
|
||||
android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
|
||||
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
|
||||
android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
|
||||
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
|
||||
android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
|
||||
android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
|
||||
android.hardware.gatekeeper::IGatekeeper u:object_r:hal_gatekeeper_hwservice:s0
|
||||
android.hardware.gnss::IGnss u:object_r:hal_gnss_hwservice:s0
|
||||
android.hardware.graphics.allocator::IAllocator u:object_r:hal_graphics_allocator_hwservice:s0
|
||||
android.hardware.graphics.composer::IComposer u:object_r:hal_graphics_composer_hwservice:s0
|
||||
android.hardware.graphics.mapper::IMapper u:object_r:hal_graphics_mapper_hwservice:s0
|
||||
android.hardware.health::IHealth u:object_r:hal_health_hwservice:s0
|
||||
android.hardware.health.storage::IStorage u:object_r:hal_health_storage_hwservice:s0
|
||||
android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0
|
||||
android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
|
||||
android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
|
||||
android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
|
||||
android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
|
||||
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
|
||||
android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
|
||||
android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0
|
||||
android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
|
||||
android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0
|
||||
android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0
|
||||
android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0
|
||||
android.hardware.power::IPower u:object_r:hal_power_hwservice:s0
|
||||
android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0
|
||||
android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0
|
||||
android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0
|
||||
android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0
|
||||
android.hardware.radio::ISap u:object_r:hal_telephony_hwservice:s0
|
||||
android.hardware.renderscript::IDevice u:object_r:hal_renderscript_hwservice:s0
|
||||
android.hardware.secure_element::ISecureElement u:object_r:hal_secure_element_hwservice:s0
|
||||
android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
|
||||
android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
|
||||
android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0
|
||||
android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0
|
||||
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
|
||||
android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
|
||||
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
|
||||
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
|
||||
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
|
||||
android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0
|
||||
android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0
|
||||
android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0
|
||||
android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
|
||||
android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0
|
||||
android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0
|
||||
android.hardware.wifi.offload::IOffload u:object_r:hal_wifi_offload_hwservice:s0
|
||||
android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0
|
||||
android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
|
||||
android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0
|
||||
android.hidl.manager::IServiceManager u:object_r:hidl_manager_hwservice:s0
|
||||
android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0
|
||||
android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0
|
||||
android.system.net.netd::INetd u:object_r:system_net_netd_hwservice:s0
|
||||
android.system.suspend::ISystemSuspend u:object_r:system_suspend_hwservice:s0
|
||||
android.system.wifi.keystore::IKeystore u:object_r:system_wifi_keystore_hwservice:s0
|
||||
* u:object_r:default_android_hwservice:s0
|
|
@ -1,8 +0,0 @@
|
|||
typeattribute hwservicemanager coredomain;
|
||||
|
||||
init_daemon_domain(hwservicemanager)
|
||||
|
||||
add_hwservice(hwservicemanager, hidl_manager_hwservice)
|
||||
add_hwservice(hwservicemanager, hidl_token_hwservice)
|
||||
|
||||
set_prop(hwservicemanager, ctl_interface_start_prop)
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute idmap coredomain;
|
||||
|
||||
init_daemon_domain(idmap)
|
|
@ -1,30 +0,0 @@
|
|||
typeattribute incident coredomain;
|
||||
|
||||
type incident_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# switch to incident domain for incident command
|
||||
domain_auto_trans(shell, incident_exec, incident)
|
||||
|
||||
# allow incident access to stdout from its parent shell.
|
||||
allow incident shell:fd use;
|
||||
|
||||
# allow incident be able to output data for CTS to fetch.
|
||||
allow incident devpts:chr_file { read write };
|
||||
|
||||
# allow incident to communicate use, read and write over the adb
|
||||
# connection.
|
||||
allow incident adbd:fd use;
|
||||
allow incident adbd:unix_stream_socket { read write };
|
||||
|
||||
# allow adbd to reap incident
|
||||
allow incident adbd:process { sigchld };
|
||||
|
||||
# Allow the incident command to talk to the incidentd over the binder, and get
|
||||
# back the incident report data from a ParcelFileDescriptor.
|
||||
binder_use(incident)
|
||||
allow incident incident_service:service_manager find;
|
||||
binder_call(incident, incidentd)
|
||||
allow incident incidentd:fifo_file write;
|
||||
|
||||
# only allow incident being called by shell
|
||||
neverallow { domain -su -shell -incident } incident_exec:file { execute execute_no_trans };
|
|
@ -1,14 +0,0 @@
|
|||
typeattribute incident_helper coredomain;
|
||||
|
||||
type incident_helper_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# switch to incident_helper domain for incident_helper command
|
||||
domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
|
||||
|
||||
# use pipe to transmit data from/to incidentd/incident_helper for parsing
|
||||
allow incident_helper { shell incident incidentd dumpstate }:fd use;
|
||||
allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
|
||||
allow incident_helper incidentd:unix_stream_socket { read write };
|
||||
|
||||
# only allow incidentd and shell to call incident_helper
|
||||
neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
|
|
@ -1,177 +0,0 @@
|
|||
typeattribute incidentd coredomain;
|
||||
typeattribute incidentd mlstrustedsubject;
|
||||
|
||||
init_daemon_domain(incidentd)
|
||||
type incidentd_exec, system_file_type, exec_type, file_type;
|
||||
binder_use(incidentd)
|
||||
wakelock_use(incidentd)
|
||||
|
||||
# Allow incidentd to scan through /proc/pid for all processes
|
||||
r_dir_file(incidentd, domain)
|
||||
|
||||
# Allow incidentd to kill incident_helper when timeout
|
||||
allow incidentd incident_helper:process sigkill;
|
||||
|
||||
# Allow executing files on system, such as:
|
||||
# /system/bin/toolbox
|
||||
# /system/bin/logcat
|
||||
# /system/bin/dumpsys
|
||||
allow incidentd system_file:file execute_no_trans;
|
||||
allow incidentd toolbox_exec:file rx_file_perms;
|
||||
|
||||
# section id 1002, allow reading kernel version /proc/version
|
||||
allow incidentd proc_version:file r_file_perms;
|
||||
|
||||
# section id 2001, allow reading /proc/pagetypeinfo
|
||||
allow incidentd proc_pagetypeinfo:file r_file_perms;
|
||||
|
||||
# section id 2002, allow reading /d/wakeup_sources
|
||||
allow incidentd debugfs_wakeup_sources:file r_file_perms;
|
||||
|
||||
# section id 2003, allow executing top
|
||||
allow incidentd proc_meminfo:file { open read };
|
||||
|
||||
# section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state
|
||||
allow incidentd sysfs_devices_system_cpu:file r_file_perms;
|
||||
|
||||
# section id 2005, allow reading ps dump in full
|
||||
allow incidentd domain:process getattr;
|
||||
|
||||
# section id 2006, allow reading /sys/class/power_supply/bms/battery_type
|
||||
allow incidentd sysfs_batteryinfo:dir { search };
|
||||
allow incidentd sysfs_batteryinfo:file r_file_perms;
|
||||
|
||||
# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops
|
||||
userdebug_or_eng(`allow incidentd pstorefs:dir search');
|
||||
userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
|
||||
|
||||
# section id 3023, allow obtaining stats report
|
||||
allow incidentd stats_service:service_manager find;
|
||||
binder_call(incidentd, statsd)
|
||||
|
||||
# Create and write into /data/misc/incidents
|
||||
allow incidentd incident_data_file:dir rw_dir_perms;
|
||||
allow incidentd incident_data_file:file create_file_perms;
|
||||
|
||||
# Enable incidentd to get stack traces.
|
||||
binder_use(incidentd)
|
||||
hwbinder_use(incidentd)
|
||||
allow incidentd hwservicemanager:hwservice_manager { list };
|
||||
get_prop(incidentd, hwservicemanager_prop)
|
||||
allow incidentd hidl_manager_hwservice:hwservice_manager { find };
|
||||
|
||||
# Read files in /proc
|
||||
allow incidentd {
|
||||
proc_cmdline
|
||||
proc_pipe_conf
|
||||
proc_stat
|
||||
}:file r_file_perms;
|
||||
|
||||
# Signal java processes to dump their stack and get the results
|
||||
allow incidentd { appdomain ephemeral_app system_server }:process signal;
|
||||
|
||||
# Signal native processes to dump their stack.
|
||||
# This list comes from native_processes_to_dump in incidentd/utils.c
|
||||
allow incidentd {
|
||||
# This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
|
||||
audioserver
|
||||
cameraserver
|
||||
drmserver
|
||||
inputflinger
|
||||
mediadrmserver
|
||||
mediaextractor
|
||||
mediametrics
|
||||
mediaserver
|
||||
sdcardd
|
||||
statsd
|
||||
surfaceflinger
|
||||
|
||||
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
|
||||
hal_audio_server
|
||||
hal_bluetooth_server
|
||||
hal_camera_server
|
||||
hal_graphics_allocator_server
|
||||
hal_graphics_composer_server
|
||||
hal_health_server
|
||||
hal_omx_server
|
||||
hal_sensors_server
|
||||
hal_vr_server
|
||||
}:process signal;
|
||||
|
||||
# Allow incidentd to make binder calls to any binder service
|
||||
binder_call(incidentd, system_server)
|
||||
binder_call(incidentd, appdomain)
|
||||
|
||||
# Reading /proc/PID/maps of other processes
|
||||
userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
|
||||
# incidentd has capability sys_ptrace, but should only use that capability for
|
||||
# accessing sensitive /proc/PID files, never for using ptrace attach.
|
||||
neverallow incidentd *:process ptrace;
|
||||
|
||||
allow incidentd self:global_capability_class_set {
|
||||
# Send signals to processes
|
||||
kill
|
||||
};
|
||||
|
||||
# Connect to tombstoned to intercept dumps.
|
||||
unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
|
||||
|
||||
# Run a shell.
|
||||
allow incidentd shell_exec:file rx_file_perms;
|
||||
|
||||
# logd access - work to be done is a PII safe log (possibly an event log?)
|
||||
userdebug_or_eng(`read_logd(incidentd)')
|
||||
# TODO control_logd(incidentd)
|
||||
|
||||
# Allow incidentd to find these standard groups of services.
|
||||
# Others can be whitelisted individually.
|
||||
allow incidentd {
|
||||
system_server_service
|
||||
app_api_service
|
||||
system_api_service
|
||||
}:service_manager find;
|
||||
|
||||
# Only incidentd can publish the binder service
|
||||
add_service(incidentd, incident_service)
|
||||
|
||||
# Allow pipes only from dumpstate and incident
|
||||
allow incidentd { dumpstate incident }:fd use;
|
||||
allow incidentd { dumpstate incident }:fifo_file write;
|
||||
|
||||
# Allow incident to call back to incident with status updates.
|
||||
binder_call(incidentd, incident)
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
||||
# only dumpstate, system_server, system_app and incident command can find the incident service
|
||||
neverallow {
|
||||
domain
|
||||
-dumpstate
|
||||
-incident
|
||||
-incidentd
|
||||
-priv_app
|
||||
-statsd
|
||||
-system_app
|
||||
-system_server
|
||||
} incident_service:service_manager find;
|
||||
|
||||
# only incidentd and the other root services in limited circumstances
|
||||
# can get to the files in /data/misc/incidents
|
||||
#
|
||||
# write, execute, append are forbidden almost everywhere
|
||||
neverallow { domain -incidentd -init -vold } incident_data_file:file {
|
||||
w_file_perms
|
||||
x_file_perms
|
||||
create
|
||||
rename
|
||||
setattr
|
||||
unlink
|
||||
append
|
||||
};
|
||||
# read is also allowed by system_server, for when the file is handed to dropbox
|
||||
neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms;
|
||||
# limited access to the directory itself
|
||||
neverallow { domain -incidentd -init -vold } incident_data_file:dir create_dir_perms;
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
typeattribute init coredomain;
|
||||
|
||||
tmpfs_domain(init)
|
||||
|
||||
# Transitions to seclabel processes in init.rc
|
||||
domain_trans(init, rootfs, healthd)
|
||||
domain_trans(init, rootfs, slideshow)
|
||||
domain_auto_trans(init, charger_exec, charger)
|
||||
domain_auto_trans(init, e2fs_exec, e2fs)
|
||||
domain_auto_trans(init, bpfloader_exec, bpfloader)
|
||||
|
||||
recovery_only(`
|
||||
# Files in recovery image are labeled as rootfs.
|
||||
domain_trans(init, rootfs, adbd)
|
||||
domain_trans(init, rootfs, charger)
|
||||
domain_trans(init, rootfs, fastbootd)
|
||||
domain_trans(init, rootfs, recovery)
|
||||
')
|
||||
domain_trans(init, shell_exec, shell)
|
||||
domain_trans(init, init_exec, ueventd)
|
||||
domain_trans(init, init_exec, vendor_init)
|
||||
domain_trans(init, { rootfs toolbox_exec }, modprobe)
|
||||
userdebug_or_eng(`
|
||||
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
|
||||
domain_auto_trans(init, logcat_exec, logpersist)
|
||||
|
||||
# allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
|
||||
allow init su:process transition;
|
||||
dontaudit init su:process noatsecure;
|
||||
allow init su:process { siginh rlimitinh };
|
||||
')
|
||||
|
||||
# Allow the BoringSSL self test to request a reboot upon failure
|
||||
set_prop(init, powerctl_prop)
|
|
@ -1,27 +0,0 @@
|
|||
sid kernel u:r:kernel:s0
|
||||
sid security u:object_r:kernel:s0
|
||||
sid unlabeled u:object_r:unlabeled:s0
|
||||
sid fs u:object_r:labeledfs:s0
|
||||
sid file u:object_r:unlabeled:s0
|
||||
sid file_labels u:object_r:unlabeled:s0
|
||||
sid init u:object_r:unlabeled:s0
|
||||
sid any_socket u:object_r:unlabeled:s0
|
||||
sid port u:object_r:port:s0
|
||||
sid netif u:object_r:netif:s0
|
||||
sid netmsg u:object_r:unlabeled:s0
|
||||
sid node u:object_r:node:s0
|
||||
sid igmp_packet u:object_r:unlabeled:s0
|
||||
sid icmp_socket u:object_r:unlabeled:s0
|
||||
sid tcp_socket u:object_r:unlabeled:s0
|
||||
sid sysctl_modprobe u:object_r:unlabeled:s0
|
||||
sid sysctl u:object_r:proc:s0
|
||||
sid sysctl_fs u:object_r:unlabeled:s0
|
||||
sid sysctl_kernel u:object_r:unlabeled:s0
|
||||
sid sysctl_net u:object_r:unlabeled:s0
|
||||
sid sysctl_net_unix u:object_r:unlabeled:s0
|
||||
sid sysctl_vm u:object_r:unlabeled:s0
|
||||
sid sysctl_dev u:object_r:unlabeled:s0
|
||||
sid kmod u:object_r:unlabeled:s0
|
||||
sid policy u:object_r:unlabeled:s0
|
||||
sid scmp_packet u:object_r:unlabeled:s0
|
||||
sid devnull u:object_r:null_device:s0
|
|
@ -1,35 +0,0 @@
|
|||
# FLASK
|
||||
|
||||
#
|
||||
# Define initial security identifiers
|
||||
#
|
||||
|
||||
sid kernel
|
||||
sid security
|
||||
sid unlabeled
|
||||
sid fs
|
||||
sid file
|
||||
sid file_labels
|
||||
sid init
|
||||
sid any_socket
|
||||
sid port
|
||||
sid netif
|
||||
sid netmsg
|
||||
sid node
|
||||
sid igmp_packet
|
||||
sid icmp_socket
|
||||
sid tcp_socket
|
||||
sid sysctl_modprobe
|
||||
sid sysctl
|
||||
sid sysctl_fs
|
||||
sid sysctl_kernel
|
||||
sid sysctl_net
|
||||
sid sysctl_net_unix
|
||||
sid sysctl_vm
|
||||
sid sysctl_dev
|
||||
sid kmod
|
||||
sid policy
|
||||
sid scmp_packet
|
||||
sid devnull
|
||||
|
||||
# FLASK
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute inputflinger coredomain;
|
||||
|
||||
init_daemon_domain(inputflinger)
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute install_recovery coredomain;
|
||||
|
||||
init_daemon_domain(install_recovery)
|
|
@ -1,41 +0,0 @@
|
|||
typeattribute installd coredomain;
|
||||
|
||||
init_daemon_domain(installd)
|
||||
|
||||
# Run dex2oat in its own sandbox.
|
||||
domain_auto_trans(installd, dex2oat_exec, dex2oat)
|
||||
|
||||
# Run dexoptanalyzer in its own sandbox.
|
||||
domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer)
|
||||
|
||||
# Run viewcompiler in its own sandbox.
|
||||
domain_auto_trans(installd, viewcompiler_exec, viewcompiler)
|
||||
|
||||
# Run profman in its own sandbox.
|
||||
domain_auto_trans(installd, profman_exec, profman)
|
||||
|
||||
# Run idmap in its own sandbox.
|
||||
domain_auto_trans(installd, idmap_exec, idmap)
|
||||
|
||||
# Create /data/.layout_version.* file
|
||||
type_transition installd system_data_file:file install_data_file;
|
||||
|
||||
# For collecting bugreports.
|
||||
allow installd dumpstate:fd use;
|
||||
allow installd dumpstate:fifo_file r_file_perms;
|
||||
|
||||
# Delete /system/bin/bcc generated artifacts
|
||||
allow installd app_exec_data_file:file unlink;
|
||||
|
||||
# Capture userdata snapshots to /data/misc_[ce|de]/rollback and
|
||||
# subsequently restore them.
|
||||
allow installd rollback_data_file:dir create_dir_perms;
|
||||
allow installd rollback_data_file:file create_file_perms;
|
||||
|
||||
# Allow installd to access the runtime feature flag properties.
|
||||
get_prop(installd, device_config_runtime_native_prop)
|
||||
get_prop(installd, device_config_runtime_native_boot_prop)
|
||||
|
||||
# Allow installd to delete files in /data/staging
|
||||
allow installd staging_data_file:file unlink;
|
||||
allow installd staging_data_file:dir { open read remove_name rmdir search write };
|
|
@ -1,4 +0,0 @@
|
|||
typeattribute iorapd coredomain;
|
||||
|
||||
init_daemon_domain(iorapd)
|
||||
tmpfs_domain(iorapd)
|
|
@ -1,153 +0,0 @@
|
|||
###
|
||||
### Services with isolatedProcess=true in their manifest.
|
||||
###
|
||||
### This file defines the rules for isolated apps. An "isolated
|
||||
### app" is an APP with UID between AID_ISOLATED_START (99000)
|
||||
### and AID_ISOLATED_END (99999).
|
||||
###
|
||||
|
||||
typeattribute isolated_app coredomain;
|
||||
|
||||
app_domain(isolated_app)
|
||||
|
||||
# Access already open app data files received over Binder or local socket IPC.
|
||||
allow isolated_app { app_data_file privapp_data_file }:file { append read write getattr lock map };
|
||||
|
||||
allow isolated_app activity_service:service_manager find;
|
||||
allow isolated_app display_service:service_manager find;
|
||||
allow isolated_app webviewupdate_service:service_manager find;
|
||||
|
||||
# Google Breakpad (crash reporter for Chrome) relies on ptrace
|
||||
# functionality. Without the ability to ptrace, the crash reporter
|
||||
# tool is broken.
|
||||
# b/20150694
|
||||
# https://code.google.com/p/chromium/issues/detail?id=475270
|
||||
allow isolated_app self:process ptrace;
|
||||
|
||||
# b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps
|
||||
# by other processes. Open should never be allowed, and is blocked by
|
||||
# neverallow rules below.
|
||||
# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
|
||||
# is modified to change the secontext when accessing the lower filesystem.
|
||||
allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock map };
|
||||
|
||||
# For webviews, isolated_app processes can be forked from the webview_zygote
|
||||
# in addition to the zygote. Allow access to resources inherited from the
|
||||
# webview_zygote process. These rules are specialized copies of the ones in app.te.
|
||||
# Inherit FDs from the webview_zygote.
|
||||
allow isolated_app webview_zygote:fd use;
|
||||
# Notify webview_zygote of child death.
|
||||
allow isolated_app webview_zygote:process sigchld;
|
||||
# Inherit logd write socket.
|
||||
allow isolated_app webview_zygote:unix_dgram_socket write;
|
||||
# Read system properties managed by webview_zygote.
|
||||
allow isolated_app webview_zygote_tmpfs:file read;
|
||||
|
||||
# Inherit FDs from the app_zygote.
|
||||
allow isolated_app app_zygote:fd use;
|
||||
# Notify app_zygote of child death.
|
||||
allow isolated_app app_zygote:process sigchld;
|
||||
# Inherit logd write socket.
|
||||
allow isolated_app app_zygote:unix_dgram_socket write;
|
||||
|
||||
# TODO (b/63631799) fix this access
|
||||
# suppress denials to /data/local/tmp
|
||||
dontaudit isolated_app shell_data_file:dir search;
|
||||
|
||||
# Write app-specific trace data to the Perfetto traced damon. This requires
|
||||
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
|
||||
allow isolated_app traced:fd use;
|
||||
allow isolated_app traced_tmpfs:file { read write getattr map };
|
||||
unix_socket_connect(isolated_app, traced_producer, traced)
|
||||
|
||||
# Allow heap profiling if the main app has been marked as profileable or
|
||||
# debuggable.
|
||||
can_profile_heap(isolated_app)
|
||||
|
||||
allow isolated_app ashmem_device:chr_file { getattr read ioctl lock map append write };
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
||||
# Isolated apps should not directly open app data files themselves.
|
||||
neverallow isolated_app { app_data_file privapp_data_file }:file open;
|
||||
|
||||
# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
|
||||
# TODO: are there situations where isolated_apps write to this file?
|
||||
# TODO: should we tighten these restrictions further?
|
||||
neverallow isolated_app anr_data_file:file ~{ open append };
|
||||
neverallow isolated_app anr_data_file:dir ~search;
|
||||
|
||||
# Isolated apps must not be permitted to use HwBinder
|
||||
neverallow isolated_app hwbinder_device:chr_file *;
|
||||
neverallow isolated_app *:hwservice_manager *;
|
||||
|
||||
# Isolated apps must not be permitted to use VndBinder
|
||||
neverallow isolated_app vndbinder_device:chr_file *;
|
||||
|
||||
# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
|
||||
# except the find actions for services whitelisted below.
|
||||
neverallow isolated_app *:service_manager ~find;
|
||||
|
||||
# b/17487348
|
||||
# Isolated apps can only access three services,
|
||||
# activity_service, display_service, webviewupdate_service, and
|
||||
# ashmem_device_service.
|
||||
neverallow isolated_app {
|
||||
service_manager_type
|
||||
-activity_service
|
||||
-ashmem_device_service
|
||||
-display_service
|
||||
-webviewupdate_service
|
||||
}:service_manager find;
|
||||
|
||||
# Isolated apps shouldn't be able to access the driver directly.
|
||||
neverallow isolated_app gpu_device:chr_file { rw_file_perms execute };
|
||||
|
||||
# Do not allow isolated_app access to /cache
|
||||
neverallow isolated_app cache_file:dir ~{ r_dir_perms };
|
||||
neverallow isolated_app cache_file:file ~{ read getattr };
|
||||
|
||||
# Do not allow isolated_app to access external storage, except for files passed
|
||||
# via file descriptors (b/32896414).
|
||||
neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr;
|
||||
neverallow isolated_app { storage_file mnt_user_file }:file_class_set *;
|
||||
neverallow isolated_app sdcard_type:{ devfile_class_set lnk_file sock_file fifo_file } *;
|
||||
neverallow isolated_app sdcard_type:file ~{ read write append getattr lock map };
|
||||
|
||||
# Do not allow USB access
|
||||
neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
|
||||
|
||||
# Restrict the webview_zygote control socket.
|
||||
neverallow isolated_app webview_zygote:sock_file write;
|
||||
|
||||
# Limit the /sys files which isolated_app can access. This is important
|
||||
# for controlling isolated_app attack surface.
|
||||
neverallow isolated_app {
|
||||
sysfs_type
|
||||
-sysfs_devices_system_cpu
|
||||
-sysfs_transparent_hugepage
|
||||
-sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
|
||||
}:file no_rw_file_perms;
|
||||
|
||||
# No creation of sockets families other than AF_UNIX sockets.
|
||||
# List taken from system/sepolicy/public/global_macros - socket_class_set
|
||||
# excluding unix_stream_socket and unix_dgram_socket.
|
||||
# Many of these are socket families which have never and will never
|
||||
# be compiled into the Android kernel.
|
||||
neverallow isolated_app self:{
|
||||
socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
|
||||
key_socket appletalk_socket netlink_route_socket
|
||||
netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
|
||||
netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
|
||||
netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
|
||||
netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
|
||||
netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
|
||||
netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
|
||||
netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
|
||||
rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
|
||||
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
|
||||
ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
|
||||
qipcrtr_socket smc_socket xdp_socket
|
||||
} create;
|
|
@ -1,4 +0,0 @@
|
|||
type iw, domain, coredomain;
|
||||
type iw_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(iw)
|
|
@ -1,8 +0,0 @@
|
|||
typeattribute kernel coredomain;
|
||||
|
||||
domain_auto_trans(kernel, init_exec, init)
|
||||
|
||||
# Allow the kernel to read otapreopt_chroot's file descriptors and files under
|
||||
# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
|
||||
allow kernel otapreopt_chroot:fd use;
|
||||
allow kernel postinstall_file:file read;
|
|
@ -1,28 +0,0 @@
|
|||
#
|
||||
# Maps an arbitrary tag [TAGNAME] with the string contents found in
|
||||
# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and
|
||||
# name it after the base file name of the pem file.
|
||||
#
|
||||
# Each tag (section) then allows one to specify any string found in
|
||||
# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another
|
||||
# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string.
|
||||
#
|
||||
|
||||
[@PLATFORM]
|
||||
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
|
||||
|
||||
[@MEDIA]
|
||||
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
|
||||
|
||||
[@NETWORK_STACK]
|
||||
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/networkstack.x509.pem
|
||||
|
||||
[@SHARED]
|
||||
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem
|
||||
|
||||
# Example of ALL TARGET_BUILD_VARIANTS
|
||||
[@RELEASE]
|
||||
ENG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem
|
||||
USER : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem
|
||||
USERDEBUG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
typeattribute keystore coredomain;
|
||||
|
||||
init_daemon_domain(keystore)
|
||||
|
||||
# talk to keymaster
|
||||
hal_client_domain(keystore, hal_keymaster)
|
||||
|
||||
# talk to confirmationui
|
||||
hal_client_domain(keystore, hal_confirmationui)
|
||||
|
||||
# This is used for the ConfirmationUI async callback.
|
||||
allow keystore platform_app:binder call;
|
||||
|
||||
# Offer the Wifi Keystore HwBinder service
|
||||
typeattribute keystore wifi_keystore_service_server;
|
||||
add_hwservice(keystore, system_wifi_keystore_hwservice)
|
||||
|
||||
# Allow to check whether security logging is enabled.
|
||||
get_prop(keystore, device_logging_prop)
|
|
@ -1,53 +0,0 @@
|
|||
# llkd Live LocK Daemon
|
||||
typeattribute llkd coredomain;
|
||||
|
||||
init_daemon_domain(llkd)
|
||||
|
||||
get_prop(llkd, llkd_prop)
|
||||
|
||||
allow llkd self:global_capability_class_set kill;
|
||||
userdebug_or_eng(`
|
||||
allow llkd self:global_capability_class_set sys_ptrace;
|
||||
allow llkd self:global_capability_class_set { dac_override dac_read_search };
|
||||
')
|
||||
|
||||
# llkd optionally locks itself in memory, to prevent it from being
|
||||
# swapped out and unable to discover a kernel in live-lock state.
|
||||
allow llkd self:global_capability_class_set ipc_lock;
|
||||
|
||||
# Send kill signals to _anyone_ suffering from Live Lock
|
||||
allow llkd domain:process sigkill;
|
||||
|
||||
# read stack to check for Live Lock
|
||||
userdebug_or_eng(`
|
||||
allow llkd {
|
||||
domain
|
||||
-apexd
|
||||
-kernel
|
||||
-keystore
|
||||
-init
|
||||
-llkd
|
||||
-ueventd
|
||||
-vendor_init
|
||||
}:process ptrace;
|
||||
')
|
||||
|
||||
# live lock watchdog process allowed to look through /proc/
|
||||
allow llkd domain:dir r_dir_perms;
|
||||
allow llkd domain:file r_file_perms;
|
||||
allow llkd domain:lnk_file read;
|
||||
# Set /proc/sys/kernel/hung_task_*
|
||||
allow llkd proc_hung_task:file rw_file_perms;
|
||||
|
||||
# live lock watchdog process allowed to dump process trace and
|
||||
# reboot because orderly shutdown may not be possible.
|
||||
allow llkd proc_sysrq:file w_file_perms;
|
||||
allow llkd kmsg_device:chr_file w_file_perms;
|
||||
|
||||
### neverallow rules
|
||||
|
||||
neverallow { domain -init } llkd:process { dyntransition transition };
|
||||
neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace;
|
||||
|
||||
# never honor LD_PRELOAD
|
||||
neverallow * llkd:process noatsecure;
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute lmkd coredomain;
|
||||
|
||||
init_daemon_domain(lmkd)
|
|
@ -1,37 +0,0 @@
|
|||
typeattribute logd coredomain;
|
||||
|
||||
init_daemon_domain(logd)
|
||||
|
||||
# logd is not allowed to write anywhere other than /data/misc/logd, and then
|
||||
# only on userdebug or eng builds
|
||||
neverallow logd {
|
||||
file_type
|
||||
-runtime_event_log_tags_file
|
||||
userdebug_or_eng(`-coredump_file -misc_logd_file')
|
||||
}:file { create write append };
|
||||
|
||||
# protect the event-log-tags file
|
||||
neverallow {
|
||||
domain
|
||||
-appdomain # covered below
|
||||
-bootstat
|
||||
-dumpstate
|
||||
-init
|
||||
-logd
|
||||
userdebug_or_eng(`-logpersist')
|
||||
-servicemanager
|
||||
-system_server
|
||||
-surfaceflinger
|
||||
-zygote
|
||||
} runtime_event_log_tags_file:file no_rw_file_perms;
|
||||
|
||||
neverallow {
|
||||
appdomain
|
||||
-bluetooth
|
||||
-platform_app
|
||||
-priv_app
|
||||
-radio
|
||||
-shell
|
||||
userdebug_or_eng(`-su')
|
||||
-system_app
|
||||
} runtime_event_log_tags_file:file no_rw_file_perms;
|
|
@ -1,24 +0,0 @@
|
|||
typeattribute logpersist coredomain;
|
||||
|
||||
# android debug log storage in logpersist domains (eng and userdebug only)
|
||||
userdebug_or_eng(`
|
||||
|
||||
r_dir_file(logpersist, cgroup)
|
||||
|
||||
allow logpersist misc_logd_file:file create_file_perms;
|
||||
allow logpersist misc_logd_file:dir rw_dir_perms;
|
||||
|
||||
allow logpersist self:global_capability_class_set sys_nice;
|
||||
allow logpersist pstorefs:dir search;
|
||||
allow logpersist pstorefs:file r_file_perms;
|
||||
|
||||
control_logd(logpersist)
|
||||
unix_socket_connect(logpersist, logdr, logd)
|
||||
read_runtime_log_tags(logpersist)
|
||||
|
||||
')
|
||||
|
||||
# logpersist is allowed to write to /data/misc/log for userdebug and eng builds
|
||||
neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append };
|
||||
neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
|
||||
neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
|
|
@ -1,41 +0,0 @@
|
|||
type lpdumpd, domain, coredomain;
|
||||
type lpdumpd_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(lpdumpd)
|
||||
|
||||
# Allow lpdumpd to register itself as a service.
|
||||
binder_use(lpdumpd)
|
||||
add_service(lpdumpd, lpdump_service)
|
||||
|
||||
# Allow lpdumpd to find the super partition block device.
|
||||
allow lpdumpd block_device:dir r_dir_perms;
|
||||
|
||||
# Allow lpdumpd to read super partition metadata.
|
||||
allow lpdumpd super_block_device_type:blk_file r_file_perms;
|
||||
|
||||
# Allow lpdumpd to read fstab.
|
||||
allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms;
|
||||
allow lpdumpd sysfs_dt_firmware_android:file r_file_perms;
|
||||
|
||||
# Triggered when lpdumpd tries to read default fstab.
|
||||
dontaudit lpdumpd metadata_file:dir r_dir_perms;
|
||||
dontaudit lpdumpd metadata_file:file r_file_perms;
|
||||
dontaudit lpdumpd gsi_metadata_file:dir r_dir_perms;
|
||||
dontaudit lpdumpd gsi_metadata_file:file r_file_perms;
|
||||
|
||||
### Neverallow rules
|
||||
|
||||
# Disallow other domains to get lpdump_service and call lpdumpd.
|
||||
neverallow {
|
||||
domain
|
||||
-dumpstate
|
||||
-lpdumpd
|
||||
-shell
|
||||
} lpdump_service:service_manager find;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-dumpstate
|
||||
-lpdumpd
|
||||
-shell
|
||||
} lpdumpd:binder call;
|
|
@ -1,62 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<policy>
|
||||
|
||||
<!--
|
||||
|
||||
* A signature is a hex encoded X.509 certificate or a tag defined in
|
||||
keys.conf and is required for each signer tag. The signature can
|
||||
either appear as a set of attached cert child tags or as an attribute.
|
||||
* A signer tag must contain a seinfo tag XOR multiple package stanzas.
|
||||
* Each signer/package tag is allowed to contain one seinfo tag. This tag
|
||||
represents additional info that each app can use in setting a SELinux security
|
||||
context on the eventual process as well as the apps data directory.
|
||||
* seinfo assignments are made according to the following rules:
|
||||
- Stanzas with package name refinements will be checked first.
|
||||
- Stanzas w/o package name refinements will be checked second.
|
||||
- The "default" seinfo label is automatically applied.
|
||||
|
||||
* valid stanzas can take one of the following forms:
|
||||
|
||||
// single cert protecting seinfo
|
||||
<signer signature="@PLATFORM" >
|
||||
<seinfo value="platform" />
|
||||
</signer>
|
||||
|
||||
// multiple certs protecting seinfo (all contained certs must match)
|
||||
<signer>
|
||||
<cert signature="@PLATFORM1"/>
|
||||
<cert signature="@PLATFORM2"/>
|
||||
<seinfo value="platform" />
|
||||
</signer>
|
||||
|
||||
// single cert protecting explicitly named app
|
||||
<signer signature="@PLATFORM" >
|
||||
<package name="com.android.foo">
|
||||
<seinfo value="bar" />
|
||||
</package>
|
||||
</signer>
|
||||
|
||||
// multiple certs protecting explicitly named app (all certs must match)
|
||||
<signer>
|
||||
<cert signature="@PLATFORM1"/>
|
||||
<cert signature="@PLATFORM2"/>
|
||||
<package name="com.android.foo">
|
||||
<seinfo value="bar" />
|
||||
</package>
|
||||
</signer>
|
||||
-->
|
||||
|
||||
<!-- Platform dev key in AOSP -->
|
||||
<signer signature="@PLATFORM" >
|
||||
<seinfo value="platform" />
|
||||
</signer>
|
||||
|
||||
<!-- Media key in AOSP -->
|
||||
<signer signature="@MEDIA" >
|
||||
<seinfo value="media" />
|
||||
</signer>
|
||||
|
||||
<signer signature="@NETWORK_STACK" >
|
||||
<seinfo value="network_stack" />
|
||||
</signer>
|
||||
</policy>
|
|
@ -1,12 +0,0 @@
|
|||
# mdns daemon
|
||||
|
||||
typeattribute mdnsd coredomain;
|
||||
typeattribute mdnsd mlstrustedsubject;
|
||||
|
||||
type mdnsd_exec, system_file_type, exec_type, file_type;
|
||||
init_daemon_domain(mdnsd)
|
||||
|
||||
net_domain(mdnsd)
|
||||
|
||||
# Read from /proc/net
|
||||
r_dir_file(mdnsd, proc_net_type)
|
|
@ -1,8 +0,0 @@
|
|||
typeattribute mediadrmserver coredomain;
|
||||
|
||||
init_daemon_domain(mediadrmserver)
|
||||
|
||||
# allocate and use graphic buffers
|
||||
hal_client_domain(mediadrmserver, hal_graphics_allocator)
|
||||
auditallow mediadrmserver hal_graphics_allocator_server:binder call;
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
typeattribute mediaextractor coredomain;
|
||||
|
||||
init_daemon_domain(mediaextractor)
|
||||
tmpfs_domain(mediaextractor)
|
||||
allow mediaextractor appdomain_tmpfs:file { getattr map read write };
|
||||
allow mediaextractor mediaserver_tmpfs:file { getattr map read write };
|
||||
allow mediaextractor system_server_tmpfs:file { getattr map read write };
|
|
@ -1,3 +0,0 @@
|
|||
typeattribute mediametrics coredomain;
|
||||
|
||||
init_daemon_domain(mediametrics)
|
|
@ -1,46 +0,0 @@
|
|||
###
|
||||
### A domain for android.process.media, which contains both
|
||||
### MediaProvider and DownloadProvider and associated services.
|
||||
###
|
||||
|
||||
typeattribute mediaprovider coredomain;
|
||||
app_domain(mediaprovider)
|
||||
|
||||
# DownloadProvider accesses the network.
|
||||
net_domain(mediaprovider)
|
||||
|
||||
# DownloadProvider uses /cache.
|
||||
allow mediaprovider cache_file:dir create_dir_perms;
|
||||
allow mediaprovider cache_file:file create_file_perms;
|
||||
# /cache is a symlink to /data/cache on some devices. Allow reading the link.
|
||||
allow mediaprovider cache_file:lnk_file r_file_perms;
|
||||
# mediaprovider searches through /cache looking for orphans
|
||||
# Ignore denials to /cache/recovery and /cache/backup.
|
||||
dontaudit mediaprovider cache_private_backup_file:dir getattr;
|
||||
dontaudit mediaprovider cache_recovery_file:dir getattr;
|
||||
|
||||
# Access external sdcards through /mnt/media_rw
|
||||
allow mediaprovider { mnt_media_rw_file }:dir search;
|
||||
|
||||
allow mediaprovider app_api_service:service_manager find;
|
||||
allow mediaprovider audioserver_service:service_manager find;
|
||||
allow mediaprovider drmserver_service:service_manager find;
|
||||
allow mediaprovider mediaextractor_service:service_manager find;
|
||||
allow mediaprovider mediaserver_service:service_manager find;
|
||||
|
||||
# Allow MediaProvider to read/write cached ringtones (opened by system).
|
||||
allow mediaprovider ringtone_file:file { getattr read write };
|
||||
|
||||
# MtpServer uses /dev/mtp_usb
|
||||
allow mediaprovider mtp_device:chr_file rw_file_perms;
|
||||
|
||||
# MtpServer uses /dev/usb-ffs/mtp
|
||||
allow mediaprovider functionfs:dir search;
|
||||
allow mediaprovider functionfs:file rw_file_perms;
|
||||
allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
|
||||
|
||||
# MtpServer sets sys.usb.ffs.mtp.ready
|
||||
set_prop(mediaprovider, ffs_prop)
|
||||
set_prop(mediaprovider, exported_ffs_prop)
|
||||
|
||||
allow mediaprovider ashmem_device:chr_file { getattr read ioctl lock map append write };
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue