# Filesystem types type labeledfs, fs_type; type pipefs, fs_type; type sockfs, fs_type; type rootfs, fs_type; type proc, fs_type; type qtaguid_proc, fs_type, mlstrustedobject; type proc_bluetooth_writable, fs_type; type selinuxfs, fs_type; type cgroup, fs_type, mlstrustedobject; type sysfs, fs_type, mlstrustedobject; type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; type inotify, fs_type, mlstrustedobject; type devpts, fs_type, mlstrustedobject; type tmpfs, fs_type; type shm, fs_type; type mqueue, fs_type; type sdcard_internal, sdcard_type, fs_type, mlstrustedobject; type sdcard_external, sdcard_type, fs_type, mlstrustedobject; type debugfs, fs_type, mlstrustedobject; # File types type unlabeled, file_type; # Default type for anything under /system. type system_file, file_type; # Default type for anything under /data. type system_data_file, file_type, data_file_type; # /data/drm - DRM plugin data type drm_data_file, file_type, data_file_type; # /data/anr - ANR traces type anr_data_file, file_type, data_file_type, mlstrustedobject; # /data/tombstones - core dumps type tombstone_data_file, file_type, data_file_type; # /data/app - user-installed apps type apk_data_file, file_type, data_file_type; type apk_tmp_file, file_type, data_file_type, mlstrustedobject; # /data/app-private - forward-locked apps type apk_private_data_file, file_type, data_file_type; type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; # /data/dalvik-cache type dalvikcache_data_file, file_type, data_file_type; # /data/local - writable by shell type shell_data_file, file_type, data_file_type; # /data/gps type gps_data_file, file_type, data_file_type; # /data/misc subdirectories type bluetooth_data_file, file_type, data_file_type; type keystore_data_file, file_type, data_file_type; type vpn_data_file, file_type, data_file_type; type systemkeys_data_file, file_type, data_file_type; type wifi_data_file, file_type, data_file_type; type radio_data_file, file_type, data_file_type; type nfc_data_file, file_type, data_file_type; type camera_calibration_file, file_type, data_file_type; type adb_keys_file, file_type, data_file_type; # /data/data subdirectories - app sandboxes type app_data_file, file_type, data_file_type; type platform_app_data_file, file_type, data_file_type, mlstrustedobject; # Default type for anything under /cache type cache_file, file_type, mlstrustedobject; # Type for /cache/.*\.{data|restore} and default # type for anything under /cache/backup type cache_backup_file, file_type, mlstrustedobject; # Default type for anything under /efs type efs_file, file_type; # Type for wallpaper file. type wallpaper_file, file_type, mlstrustedobject; # /mnt/asec type asec_apk_file, file_type, data_file_type; # /data/app-asec type asec_image_file, file_type, data_file_type; # /data/backup and /data/secure/backup type backup_data_file, file_type, data_file_type, mlstrustedobject; # For /data/security type security_file, file_type; # All devices have bluetooth efs files. But they # vary per device, so this type is used in per # device policy type bluetooth_efs_file, file_type; # Downloaded files type download_file, file_type; # /sys/devices/system/cpu type sysfs_devices_system_cpu, file_type; # Socket types type adbd_socket, file_type; type bluetooth_socket, file_type; type dnsproxyd_socket, file_type, mlstrustedobject; type gps_socket, file_type; type installd_socket, file_type; type keystore_socket, file_type; type mdns_socket, file_type; type netd_socket, file_type; type property_socket, file_type; type qemud_socket, file_type; type racoon_socket, file_type; type rild_socket, file_type; type rild_debug_socket, file_type; type system_wpa_socket, file_type; type system_ndebug_socket, file_type; type vold_socket, file_type; type wpa_socket, file_type; type zygote_socket, file_type; # UART (for GPS) control proc file type gps_control, file_type; # Allow files to be created in their appropriate filesystems. allow fs_type self:filesystem associate; allow sysfs_type sysfs:filesystem associate; allow file_type labeledfs:filesystem associate; allow file_type tmpfs:filesystem associate; allow file_type rootfs:filesystem associate; allow dev_type tmpfs:filesystem associate;