Merge "Add "DO NOT ADD statements" comments to public" into main

This commit is contained in:
Treehugger Robot 2024-03-28 06:22:32 +00:00 committed by Gerrit Code Review
commit f02575f27f
136 changed files with 540 additions and 7 deletions

View file

@ -2,3 +2,7 @@
# it lives in the rootfs and has no unique file type.
type adbd, domain;
type adbd_exec, exec_type, file_type, system_file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type aidl_lazy_test_server, domain;
type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# apexd -- manager for APEX packages
type apexd, domain;
type apexd_exec, exec_type, file_type, system_file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -7,3 +7,7 @@
### zygote spawned apps should be added here.
###
type appdomain_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,6 +1,9 @@
# app_zygote is an auxiliary zygote process that is used to spawn
# isolated service processes for individual applications. It is
# spawned from the regular zygote process as a "child zygote".
type app_zygote, domain;
type app_zygote_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# ART service daemon.
type artd, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -7,3 +7,7 @@ with_asan(`
type asan_extract, domain, coredomain;
type asan_extract_exec, exec_type, file_type, system_file_type;
')
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type atrace, domain, coredomain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,6 @@
type audioserver, domain;
type audioserver_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# blkid called from vold
type blkid, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# bluetooth subsystem
type bluetooth, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# bootanimation oneshot service
type bootanim, domain;
type bootanim_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# bootstat command
type bootstat, domain;
type bootstat_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type bpfloader, domain, coredomain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# bufferhubd
type bufferhubd, domain, mlstrustedsubject;
type bufferhubd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
type cameraserver, domain;
type cameraserver_exec, system_file_type, exec_type, file_type;
type cameraserver_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type charger, charger_type, domain;
type charger_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,6 @@
# Context when health HAL runs charger mode
type charger_vendor, charger_type, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type crash_dump, domain;
type crash_dump_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# credstore daemon
type credstore, domain;
type credstore_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -137,3 +137,7 @@ type rootdisk_sysdev, dev_type;
# vfio device
type vfio_device, dev_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type dhcp, domain;
type dhcp_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# DNS, DHCP services
type dnsmasq, domain;
type dnsmasq_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
type drmserver, domain;
type drmserver_exec, system_file_type, exec_type, file_type;
type drmserver_socket, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# dumpstate
type dumpstate, domain, mlstrustedsubject;
type dumpstate_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type e2fs, domain, coredomain;
type e2fs_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -12,3 +12,7 @@
### PackageManager flags an app as ephemeral at install time.
type ephemeral_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# evsmanager daemon
type evsmanagerd, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# The extra_free_kbytes.sh script run by init.
type extra_free_kbytes, domain;
type extra_free_kbytes_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -3,3 +3,7 @@
# Declare the domain unconditionally so we can always reference it
# in neverallow rules.
type fastbootd, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -627,3 +627,7 @@ with_asan(`type asanwrapper_exec, exec_type, file_type;')
# Deprecated in SDK version 28
type audiohal_data_file, file_type, data_file_type, core_data_file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type fingerprintd, domain;
type fingerprintd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# The flags_health_check command run by init.
type flags_health_check, domain, coredomain;
type flags_health_check_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# Any fsck program run by init
type fsck, domain;
type fsck_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# Any fsck program run on untrusted block devices
type fsck_untrusted, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type gatekeeperd, domain;
type gatekeeperd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -3,3 +3,7 @@
###
type gmscore_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# gpuservice - server for gpu stats and other gpu related services
type gpuservice, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
type hal_graphics_composer_server_tmpfs, file_type;
attribute hal_graphics_composer_client_tmpfs;
expandattribute hal_graphics_composer_client_tmpfs true;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,4 +1,7 @@
# healthd - battery/charger monitoring service daemon
# healthd is removed. The type is kept for backwards compatibility.
type healthd, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type heapprofd, domain, coredomain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -90,3 +90,7 @@ type hidl_base_hwservice, hwservice_manager_type;
type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# hwservicemanager - the Binder context manager for HAL services
type hwservicemanager, domain, mlstrustedsubject;
type hwservicemanager_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# idmap, when executed by installd
type idmap, domain;
type idmap_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -6,3 +6,6 @@
# incident
type incident, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -3,3 +3,7 @@
# incident_helper
type incident_helper, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,6 @@
# incidentd
type incidentd, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
type init, domain, mlstrustedsubject;
type init_exec, system_file_type, exec_type, file_type;
type init_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# inputflinger
type inputflinger, domain;
type inputflinger_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# installer daemon
type installd, domain;
type installd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -7,3 +7,7 @@
###
type isolated_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type isolated_compute_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# Life begins with the kernel.
type kernel, domain, mlstrustedsubject;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# keystore daemon
type keystore, domain, keystore2_key_type;
type keystore_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# A keystore2 namespace for WI-FI.
type wifi_key, keystore2_key_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# llkd Live LocK Daemon
type llkd, domain, mlstrustedsubject;
type llkd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# lmkd low memory killer daemon
type lmkd, domain, mlstrustedsubject;
type lmkd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# android user-space log manager
type logd, domain, mlstrustedsubject;
type logd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# android debug logging, logpersist domains
type logpersist, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# mdns daemon
type mdnsd, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# mediadrmserver - mediadrm daemon
type mediadrmserver, domain;
type mediadrmserver_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
type mediaextractor, domain;
type mediaextractor_exec, system_file_type, exec_type, file_type;
type mediaextractor_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# mediametrics - daemon for collecting media.metrics data
type mediametrics, domain;
type mediametrics_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -4,3 +4,7 @@
###
type mediaprovider, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
type mediaserver, domain;
type mediaserver_exec, system_file_type, exec_type, file_type;
type mediaserver_tmpfs, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type mediaswcodec, domain;
type mediaswcodec_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type mediatranscoding, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type modprobe, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# vpn tunneling protocol manager
type mtp, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
type node, node_type;
type netif, netif_type;
type port, port_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# network manager
type netd, domain, mlstrustedsubject;
type netd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type netutils_wrapper, domain;
type netutils_wrapper_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# Network stack service app
type network_stack, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# nfc subsystem
type nfc, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
# TODO: Only present to allow mediatek/wembley-sepolicy to see it for validation reasons.
type otapreopt_chroot, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type perfetto, domain, coredomain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# performanced
type performanced, domain, mlstrustedsubject;
type performanced_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -3,3 +3,7 @@
###
type platform_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -2,3 +2,7 @@
# Extend the permissions in this domain to allow this program to access other
# files needed by the specific device on your device's sepolicy directory.
type postinstall, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# Point to Point Protocol daemon
type ppp, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -3,3 +3,7 @@
###
type priv_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# PRNG seeder daemon
type prng_seeder, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# profman
type profman, domain;
type profman_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -343,3 +343,7 @@ not_compatible_property(`
compatible_property_only(`
vendor_internal_prop(vendor_default_prop)
')
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# phone subsystem
type radio, domain, mlstrustedsubject;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -3,3 +3,7 @@
# Declare the domain unconditionally so we can always reference it
# in neverallow rules.
type recovery, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# android recovery persistent log manager
type recovery_persist, domain;
type recovery_persist_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# android recovery refresh log manager
type recovery_refresh, domain;
type recovery_refresh_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -4,3 +4,7 @@
###
type rkpdapp, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type rs, domain, coredomain;
type rs_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# rss_hwm_reset resets RSS high-water mark counters for all procesess.
type rss_hwm_reset, domain, coredomain, mlstrustedsubject;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type runas, domain, mlstrustedsubject;
type runas_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1 +1,5 @@
type runas_app, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
type sdcardd, domain;
type sdcardd_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# secure_element subsystem
type secure_element, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -354,3 +354,7 @@ type hal_wifi_service, protected_service, hal_service_type, service_manager_type
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# servicemanager - the Binder context manager
type servicemanager, domain, mlstrustedsubject;
type servicemanager_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# sgdisk called from vold
type sgdisk, domain;
type sgdisk_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,2 +1,6 @@
# Process which creates/updates shared RELRO files to be used by other apps.
type shared_relro, domain;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

View file

@ -1,3 +1,7 @@
# Domain for shell processes spawned by ADB or console service.
type shell, domain, mlstrustedsubject;
type shell_exec, system_file_type, exec_type, file_type;
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.

Some files were not shown because too many files have changed in this diff Show more