###########################################
# Root
/                   u:object_r:rootfs:s0

# Data files
/build\.prop        u:object_r:rootfs:s0
/init\..*           u:object_r:rootfs:s0

# Executables
/init               u:object_r:init_exec:s0

# For kernel modules
/lib(/.*)?          u:object_r:rootfs:s0

# Empty directories
/lost\+found        u:object_r:rootfs:s0
/debug_ramdisk      u:object_r:tmpfs:s0
/mnt                u:object_r:tmpfs:s0
/proc               u:object_r:rootfs:s0
/second_stage_resources u:object_r:tmpfs:s0
/sys                u:object_r:sysfs:s0
/apex               u:object_r:apex_mnt_dir:s0

/apex/(\.(bootstrap|default)-)?apex-info-list.xml u:object_r:apex_info_file:s0

# Symlinks
/bin                u:object_r:rootfs:s0
/d                  u:object_r:rootfs:s0
/etc                u:object_r:rootfs:s0

##########################
# Devices
#
/dev(/.*)?		u:object_r:device:s0
/dev/ashmem		u:object_r:ashmem_device:s0
/dev/ashmem(.*)?	u:object_r:ashmem_libcutils_device:s0
/dev/binder		u:object_r:binder_device:s0
/dev/block(/.*)?	u:object_r:block_device:s0
/dev/block/dm-[0-9]+	u:object_r:dm_device:s0
/dev/block/loop[0-9]*	u:object_r:loop_device:s0
/dev/block/vd[a-z][0-9]*  u:object_r:vd_device:s0
/dev/block/ram[0-9]*	u:object_r:ram_device:s0
/dev/block/zram[0-9]*	u:object_r:ram_device:s0
/dev/console		u:object_r:console_device:s0
/dev/dma_heap(/.*)?     u:object_r:dmabuf_heap_device:s0
/dev/dma_heap/system    u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/system-uncached    u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/system-secure(.*)	 u:object_r:dmabuf_system_secure_heap_device:s0
/dev/dm-user(/.*)?	u:object_r:dm_user_device:s0
/dev/device-mapper	u:object_r:dm_device:s0
/dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0
/dev/cgroup_info(/.*)?  u:object_r:cgroup_rc_file:s0
/dev/fuse		u:object_r:fuse_device:s0
/dev/hvc0               u:object_r:serial_device:s0
/dev/hvc1               u:object_r:serial_device:s0
/dev/hvc2               u:object_r:log_device:s0
/dev/hw_random		u:object_r:hw_random_device:s0
/dev/hwbinder		u:object_r:hwbinder_device:s0
/dev/loop-control	u:object_r:loop_control_device:s0
/dev/ppp		u:object_r:ppp_device:s0
/dev/ptmx		u:object_r:ptmx_device:s0
/dev/kmsg		u:object_r:kmsg_device:s0
/dev/kmsg_debug	u:object_r:kmsg_debug_device:s0
/dev/kvm		u:object_r:kvm_device:s0
/dev/null		u:object_r:null_device:s0
/dev/open-dice0         u:object_r:open_dice_device:s0
/dev/random		u:object_r:random_device:s0
/dev/rtc[0-9]      u:object_r:rtc_device:s0
/dev/socket(/.*)?	u:object_r:socket_device:s0
/dev/socket/adbd	u:object_r:adbd_socket:s0
/dev/socket/property_service	u:object_r:property_socket:s0
/dev/socket/statsdw	u:object_r:statsdw_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
/dev/sys/block/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
/dev/sys/fs/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
/dev/tty		u:object_r:owntty_device:s0
/dev/tty[0-9]*		u:object_r:tty_device:s0
/dev/ttyS[0-9]*		u:object_r:serial_device:s0
/dev/tun		u:object_r:tun_device:s0
/dev/uhid		u:object_r:uhid_device:s0
/dev/uinput		u:object_r:uhid_device:s0
/dev/uio[0-9]*		u:object_r:uio_device:s0
/dev/urandom		u:object_r:random_device:s0
/dev/vhost-vsock	u:object_r:kvm_device:s0
/dev/vndbinder		u:object_r:vndbinder_device:s0
/dev/vsock		u:object_r:vsock_device:s0
/dev/zero		u:object_r:zero_device:s0
/dev/__properties__ u:object_r:properties_device:s0
/dev/__properties__/property_info   u:object_r:property_info:s0
#############################
# Linker configuration
#
/linkerconfig(/.*)?          u:object_r:linkerconfig_file:s0
#############################
# System files
#
/system(/.*)?          u:object_r:system_file:s0
/system/lib(64)?(/.*)?         u:object_r:system_lib_file:s0
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
/system/bin/apexd                u:object_r:apexd_exec:s0
/system/bin/tombstone_transmit.microdroid   u:object_r:tombstone_transmit_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/init		u:object_r:init_exec:s0
/system/bin/logcat	--	u:object_r:logcat_exec:s0
/system/bin/logd        u:object_r:logd_exec:s0
/system/bin/sh		--	u:object_r:shell_exec:s0
/system/bin/tombstoned.microdroid u:object_r:tombstoned_exec:s0
/system/bin/toolbox	--	u:object_r:toolbox_exec:s0
/system/bin/toybox	--	u:object_r:toolbox_exec:s0
/system/bin/zipfuse              u:object_r:zipfuse_exec:s0
/system/bin/microdroid_launcher  u:object_r:microdroid_app_exec:s0
/system/bin/microdroid_manager   u:object_r:microdroid_manager_exec:s0
/system/bin/apkdmverity          u:object_r:apkdmverity_exec:s0
/system/bin/authfs               u:object_r:authfs_exec:s0
/system/bin/authfs_service       u:object_r:authfs_service_exec:s0
/system/bin/encryptedstore       u:object_r:encryptedstore_exec:s0
/system/bin/mke2fs		u:object_r:e2fs_exec:s0
/system/bin/kexec_load           u:object_r:kexec_exec:s0
/system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
/system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_api_file:s0
/system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0
/system/etc/group                       u:object_r:system_group_file:s0
/system/etc/ld\.config.*                u:object_r:system_linker_config_file:s0
/system/etc/passwd                      u:object_r:system_passwd_file:s0
/system/etc/seccomp_policy(/.*)?        u:object_r:system_seccomp_policy_file:s0
/system/etc/security/cacerts(/.*)?      u:object_r:system_security_cacerts_file:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil       u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_property_contexts  u:object_r:property_contexts_file:s0
/system/etc/selinux/plat_service_contexts  u:object_r:service_contexts_file:s0
/system/etc/selinux/plat_file_contexts  u:object_r:file_contexts_file:s0
/system/etc/selinux/plat_sepolicy\.cil       u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
/system/etc/task_profiles\.json  u:object_r:task_profiles_file:s0
/system/etc/task_profiles/task_profiles_[0-9]+\.json  u:object_r:task_profiles_api_file:s0

#############################
# Vendor files
#
/vendor(/.*)?                  u:object_r:vendor_file:s0
/vendor/etc(/.*)?              u:object_r:vendor_configs_file:s0
/vendor/etc/vintf(/.*)?        u:object_r:vendor_configs_file:s0

#############################
# Data files
#
# NOTE: When modifying existing label rules, changes may also need to
# propagate to the "Expanded data files" section.
#
/data		u:object_r:system_data_root_file:s0
/data/(.*)?		u:object_r:system_data_file:s0
/data/local/tests(/.*)?	u:object_r:shell_test_data_file:s0
/data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
/data/local/tmp/ltp(/.*)?   u:object_r:nativetest_data_file:s0
/data/local/traces(/.*)?	u:object_r:trace_data_file:s0
/data/misc/authfs(/.*)?         u:object_r:authfs_data_file:s0
/data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
/data/vendor(/.*)?              u:object_r:vendor_data_file:s0

# microdroid doesn't use anr, but tombstoned tries to read this.
# So marking /data/anr as tombstone_data_file
/data/anr(/.*)?		u:object_r:tombstone_data_file:s0

#############################
# Directory for extra apks
/mnt/extra-apk	u:object_r:extra_apk_file:s0