###################################### # Attribute declarations # # All types used for devices. # On change, update CHECK_FC_ASSERT_ATTRS # in tools/checkfc.c attribute dev_type; # All types used for processes. attribute domain; # Temporary attribute used for migrating permissions out of domain. # Motivation: Domain is overly permissive. Start removing permissions # from domain and assign them to the domain_deprecated attribute. # Domain_deprecated and domain can initially be assigned to all # domains. The goal is to not assign domain_deprecated to new domains # and to start removing domain_deprecated where it's not required or # reassigning the appropriate permissions to the inheriting domain # when necessary. attribute domain_deprecated; # All types used for filesystems. # On change, update CHECK_FC_ASSERT_ATTRS # definition in tools/checkfc.c. attribute fs_type; # All types used for context= mounts. attribute contextmount_type; # All types used for files that can exist on a labeled fs. # Do not use for pseudo file types. # On change, update CHECK_FC_ASSERT_ATTRS # definition in tools/checkfc.c. attribute file_type; # All types used for domain entry points. attribute exec_type; # All types used for /data files. attribute data_file_type; # All types in /data, not in /data/vendor attribute core_data_file_type; # All vendor domains which violate the requirement of not accessing # data outside /data/vendor. # TODO(b/34980020): Remove this once there are no violations attribute coredata_in_vendor_violators; # All core domains which violate the requirement of not accessing vendor # owned data. # TODO(b/34980020): Remove this once there are no violations attribute vendordata_in_core_violators; # All types use for sysfs files. attribute sysfs_type; # All types use for debugfs files. attribute debugfs_type; # Attribute used for all sdcards attribute sdcard_type; # All types used for nodes/hosts. attribute node_type; # All types used for network interfaces. attribute netif_type; # All types used for network ports. attribute port_type; # All types used for property service # On change, update CHECK_PC_ASSERT_ATTRS # definition in tools/checkfc.c. attribute property_type; # All properties defined in core SELinux policy. Should not be # used by device specific properties attribute core_property_type; # All properties used to configure log filtering. attribute log_property_type; # All service_manager types created by system_server attribute system_server_service; # services which should be available to all but isolated apps attribute app_api_service; # services which should be available to all ephemeral apps attribute ephemeral_app_api_service; # services which export only system_api attribute system_api_service; # All types used for services managed by service_manager. # On change, update CHECK_SC_ASSERT_ATTRS # definition in tools/checkfc.c. attribute service_manager_type; # All domains that can override MLS restrictions. # i.e. processes that can read up and write down. attribute mlstrustedsubject; # All types that can override MLS restrictions. # i.e. files that can be read by lower and written by higher attribute mlstrustedobject; # All domains used for apps. attribute appdomain; # All third party apps. attribute untrusted_app_all; # All domains used for apps with network access. attribute netdomain; # All domains used for apps with bluetooth access. attribute bluetoothdomain; # All domains used for binder service domains. attribute binderservicedomain; # update_engine related domains that need to apply an update and run # postinstall. This includes the background daemon and the sideload tool from # recovery for A/B devices. attribute update_engine_common; # All core domains (as opposed to vendor/device-specific domains) attribute coredomain; # All socket devices owned by core domain components attribute coredomain_socket; # All vendor domains which violate the requirement of not using Binder # TODO(b/35870313): Remove this once there are no violations attribute binder_in_vendor_violators; # All vendor domains which violate the requirement of not using sockets for # communicating with core components # TODO(b/36577153): Remove this once there are no violations attribute socket_between_core_and_vendor_violators; # All HAL servers attribute halserverdomain; # All HAL clients attribute halclientdomain; # HALs attribute hal_allocator; attribute hal_allocator_client; attribute hal_allocator_server; attribute hal_audio; attribute hal_audio_client; attribute hal_audio_server; attribute hal_bluetooth; attribute hal_bluetooth_client; attribute hal_bluetooth_server; attribute hal_bootctl; attribute hal_bootctl_client; attribute hal_bootctl_server; attribute hal_camera; attribute hal_camera_client; attribute hal_camera_server; attribute hal_configstore; attribute hal_configstore_client; attribute hal_configstore_server; attribute hal_contexthub; attribute hal_contexthub_client; attribute hal_contexthub_server; attribute hal_drm; attribute hal_drm_client; attribute hal_drm_server; attribute hal_dumpstate; attribute hal_dumpstate_client; attribute hal_dumpstate_server; attribute hal_fingerprint; attribute hal_fingerprint_client; attribute hal_fingerprint_server; attribute hal_gatekeeper; attribute hal_gatekeeper_client; attribute hal_gatekeeper_server; attribute hal_gnss; attribute hal_gnss_client; attribute hal_gnss_server; attribute hal_graphics_allocator; attribute hal_graphics_allocator_client; attribute hal_graphics_allocator_server; attribute hal_graphics_composer; attribute hal_graphics_composer_client; attribute hal_graphics_composer_server; attribute hal_health; attribute hal_health_client; attribute hal_health_server; attribute hal_ir; attribute hal_ir_client; attribute hal_ir_server; attribute hal_keymaster; attribute hal_keymaster_client; attribute hal_keymaster_server; attribute hal_light; attribute hal_light_client; attribute hal_light_server; attribute hal_memtrack; attribute hal_memtrack_client; attribute hal_memtrack_server; attribute hal_nfc; attribute hal_nfc_client; attribute hal_nfc_server; attribute hal_power; attribute hal_power_client; attribute hal_power_server; attribute hal_sensors; attribute hal_sensors_client; attribute hal_sensors_server; attribute hal_telephony; attribute hal_telephony_client; attribute hal_telephony_server; attribute hal_thermal; attribute hal_thermal_client; attribute hal_thermal_server; attribute hal_tv_input; attribute hal_tv_input_client; attribute hal_tv_input_server; attribute hal_usb; attribute hal_usb_client; attribute hal_usb_server; attribute hal_vibrator; attribute hal_vibrator_client; attribute hal_vibrator_server; attribute hal_vr; attribute hal_vr_client; attribute hal_vr_server; attribute hal_wifi; attribute hal_wifi_client; attribute hal_wifi_server; attribute hal_wifi_keystore; attribute hal_wifi_keystore_client; attribute hal_wifi_keystore_server; attribute hal_wifi_supplicant; attribute hal_wifi_supplicant_client; attribute hal_wifi_supplicant_server;