4b9929e2fc
These three files, general_sepolicy.conf / mapping.cil /
plat_sepolicy.cil will be used to test vendor sepolicy's neverallow
rules.
Bug: 330671085
Test: build
Change-Id: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
Merged-In: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
(cherry picked from commit 6f18a17ff8)
33418 lines
2.1 MiB
33418 lines
2.1 MiB
(role object_r)
|
|
(role auditadm_r)
|
|
(role secadm_r)
|
|
(typeattribute cil_gen_require)
|
|
(roleattribute cil_gen_require)
|
|
(handleunknown deny)
|
|
(mls true)
|
|
(policycap network_peer_controls)
|
|
(policycap open_perms)
|
|
(policycap extended_socket_class)
|
|
(policycap nnp_nosuid_transition)
|
|
(sid devnull)
|
|
(sidcontext devnull (u object_r null_device ((s0) (s0))))
|
|
(sid scmp_packet)
|
|
(sidcontext scmp_packet (u object_r unlabeled ((s0) (s0))))
|
|
(sid policy)
|
|
(sidcontext policy (u object_r unlabeled ((s0) (s0))))
|
|
(sid kmod)
|
|
(sidcontext kmod (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl_dev)
|
|
(sidcontext sysctl_dev (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl_vm)
|
|
(sidcontext sysctl_vm (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl_net_unix)
|
|
(sidcontext sysctl_net_unix (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl_net)
|
|
(sidcontext sysctl_net (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl_kernel)
|
|
(sidcontext sysctl_kernel (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl_fs)
|
|
(sidcontext sysctl_fs (u object_r unlabeled ((s0) (s0))))
|
|
(sid sysctl)
|
|
(sidcontext sysctl (u object_r proc ((s0) (s0))))
|
|
(sid sysctl_modprobe)
|
|
(sidcontext sysctl_modprobe (u object_r unlabeled ((s0) (s0))))
|
|
(sid tcp_socket)
|
|
(sidcontext tcp_socket (u object_r unlabeled ((s0) (s0))))
|
|
(sid icmp_socket)
|
|
(sidcontext icmp_socket (u object_r unlabeled ((s0) (s0))))
|
|
(sid igmp_packet)
|
|
(sidcontext igmp_packet (u object_r unlabeled ((s0) (s0))))
|
|
(sid node)
|
|
(sidcontext node (u object_r node ((s0) (s0))))
|
|
(sid netmsg)
|
|
(sidcontext netmsg (u object_r unlabeled ((s0) (s0))))
|
|
(sid netif)
|
|
(sidcontext netif (u object_r netif ((s0) (s0))))
|
|
(sid port)
|
|
(sidcontext port (u object_r port ((s0) (s0))))
|
|
(sid any_socket)
|
|
(sidcontext any_socket (u object_r unlabeled ((s0) (s0))))
|
|
(sid init)
|
|
(sidcontext init (u object_r unlabeled ((s0) (s0))))
|
|
(sid file_labels)
|
|
(sidcontext file_labels (u object_r unlabeled ((s0) (s0))))
|
|
(sid file)
|
|
(sidcontext file (u object_r unlabeled ((s0) (s0))))
|
|
(sid fs)
|
|
(sidcontext fs (u object_r labeledfs ((s0) (s0))))
|
|
(sid unlabeled)
|
|
(sidcontext unlabeled (u object_r unlabeled ((s0) (s0))))
|
|
(sid security)
|
|
(sidcontext security (u object_r kernel ((s0) (s0))))
|
|
(sid kernel)
|
|
(sidcontext kernel (u r kernel ((s0) (s0))))
|
|
(sidorder (kernel security unlabeled fs file file_labels init any_socket port netif netmsg node igmp_packet icmp_socket tcp_socket sysctl_modprobe sysctl sysctl_fs sysctl_kernel sysctl_net sysctl_net_unix sysctl_vm sysctl_dev kmod policy scmp_packet devnull ))
|
|
(fsuse trans mqueue (u object_r mqueue ((s0) (s0))))
|
|
(fsuse trans shm (u object_r shm ((s0) (s0))))
|
|
(fsuse trans devtmpfs (u object_r device ((s0) (s0))))
|
|
(fsuse trans tmpfs (u object_r tmpfs ((s0) (s0))))
|
|
(fsuse trans devpts (u object_r devpts ((s0) (s0))))
|
|
(fsuse task sockfs (u object_r sockfs ((s0) (s0))))
|
|
(fsuse task pipefs (u object_r pipefs ((s0) (s0))))
|
|
(fsuse xattr virtiofs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr incremental-fs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr erofs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr overlay (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr squashfs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr f2fs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr btrfs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr xfs (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr ext4 (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr ext3 (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr ext2 (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr jffs2 (u object_r labeledfs ((s0) (s0))))
|
|
(fsuse xattr yaffs2 (u object_r labeledfs ((s0) (s0))))
|
|
(genfscon binder "/binder_logs/stats" (u object_r binderfs_logs_stats ((s0) (s0))))
|
|
(genfscon binder "/binder_logs/proc" (u object_r binderfs_logs_proc ((s0) (s0))))
|
|
(genfscon binder "/binder_logs" (u object_r binderfs_logs ((s0) (s0))))
|
|
(genfscon binder "/vndbinder" (u object_r vndbinder_device ((s0) (s0))))
|
|
(genfscon binder "/hwbinder" (u object_r hwbinder_device ((s0) (s0))))
|
|
(genfscon binder "/features" (u object_r binderfs_features ((s0) (s0))))
|
|
(genfscon binder "/binder" (u object_r binder_device ((s0) (s0))))
|
|
(genfscon binder "/" (u object_r binderfs ((s0) (s0))))
|
|
(genfscon binfmt_misc "/" (u object_r binfmt_miscfs ((s0) (s0))))
|
|
(genfscon bpf "/netd_readonly" (u object_r fs_bpf_netd_readonly ((s0) (s0))))
|
|
(genfscon bpf "/net_private" (u object_r fs_bpf_net_private ((s0) (s0))))
|
|
(genfscon bpf "/netd_shared" (u object_r fs_bpf_netd_shared ((s0) (s0))))
|
|
(genfscon bpf "/uprobestats" (u object_r fs_bpf_uprobestats ((s0) (s0))))
|
|
(genfscon bpf "/net_shared" (u object_r fs_bpf_net_shared ((s0) (s0))))
|
|
(genfscon bpf "/tethering" (u object_r fs_bpf_tethering ((s0) (s0))))
|
|
(genfscon bpf "/loader" (u object_r fs_bpf_loader ((s0) (s0))))
|
|
(genfscon bpf "/vendor" (u object_r fs_bpf_vendor ((s0) (s0))))
|
|
(genfscon bpf "/" (u object_r fs_bpf ((s0) (s0))))
|
|
(genfscon cgroup "/" (u object_r cgroup ((s0) (s0))))
|
|
(genfscon cgroup2 "/" (u object_r cgroup_v2 ((s0) (s0))))
|
|
(genfscon configfs "/" (u object_r configfs ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/filemap/mm_filemap_delete_from_page_cache/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/filemap/mm_filemap_add_to_page_cache/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/vmscan/mm_vmscan_direct_reclaim_end/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_transaction_alloc_buf/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_transaction_received/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_es_lookup_extent_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_es_lookup_extent_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/synthetic/suspend_resume_minimal" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/vmscan/mm_vmscan_kswapd_sleep/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/vmscan/mm_vmscan_kswapd_wake/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/synthetic/rss_stat_throttled" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/thermal/thermal_temperature/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_blocked_reason/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/cpu_frequency_limits/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_set_priority/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/f2fs/f2fs_sync_file_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_sync_file_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_transaction/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/f2fs/f2fs_get_data_block/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/f2fs/f2fs_sync_file_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_da_write_begin/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_sync_file_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_process_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_process_free/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/mm_event/mm_event_record/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/oom/oom_score_adj_update/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/block/block_rq_complete/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_cpu_hotplug/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_da_write_end/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_wakeup_new/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_pi_setprio/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/f2fs/f2fs_write_begin/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/gpu_work_period/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_command/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ext4/ext4_load_inode/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/block/block_rq_issue/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/clock_set_rate/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/suspend_resume/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_locked/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_unlock/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_return/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/kmem/ion_heap_shrink/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/gpu_mem/gpu_mem_total" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/f2fs/f2fs_write_end/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/cpu_frequency/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/clock_disable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/gpu_frequency/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/cpufreq_interactive/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/thermal/cdev_update/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_switch/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_wakeup/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sched/sched_waking/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/clock_enable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/binder/binder_lock/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/kmem/ion_heap_grow/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/task/task_newtask/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/cpuhp/cpuhp_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/task/task_rename/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/cpuhp/cpuhp_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/clk/clk_set_rate/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/lowmemorykiller/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/oom/mark_victim/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/clk/clk_disable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/instances/bootreceiver" (u object_r debugfs_bootreceiver_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/f2fs/f2fs_iget/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/power/cpu_idle/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/clk/clk_enable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/kmem/rss_stat/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ion/ion_stat/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ftrace/print/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/instances/mm_events" (u object_r debugfs_mm_events_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/options/record-tgid" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/saved_cmdlines_size" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/header_page" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/options/print-tgid" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/options/overwrite" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/dma_fence/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/synthetic_events" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/instances/wifi" (u object_r debugfs_wifi_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/printk_formats" (u object_r debugfs_tracing_printk_formats ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/buffer_size_kb" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/cgroup/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/fence/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/trace_marker" (u object_r debugfs_trace_marker ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/sync/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/per_cpu/cpu" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/trace_clock" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/ipi/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/events/irq/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/tracing_on" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/instances" (u object_r debugfs_tracing_instances ((s0) (s0))))
|
|
(genfscon debugfs "/wakeup_sources" (u object_r debugfs_wakeup_sources ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/trace" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/tracing/hyp" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon debugfs "/kprobes" (u object_r debugfs_kprobes ((s0) (s0))))
|
|
(genfscon debugfs "/tracing" (u object_r debugfs_tracing_debug ((s0) (s0))))
|
|
(genfscon debugfs "/mmc0" (u object_r debugfs_mmc ((s0) (s0))))
|
|
(genfscon debugfs "/kcov" (u object_r debugfs_kcov ((s0) (s0))))
|
|
(genfscon debugfs "/" (u object_r debugfs ((s0) (s0))))
|
|
(genfscon esdfs "/" (u object_r sdcardfs ((s0) (s0))))
|
|
(genfscon exfat "/" (u object_r exfat ((s0) (s0))))
|
|
(genfscon functionfs "/" (u object_r functionfs ((s0) (s0))))
|
|
(genfscon fuse "/" (u object_r fuse ((s0) (s0))))
|
|
(genfscon fuseblk "/" (u object_r fuseblk ((s0) (s0))))
|
|
(genfscon fusectl "/" (u object_r fusectlfs ((s0) (s0))))
|
|
(genfscon inotifyfs "/" (u object_r inotify ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_util_clamp_min_rt_default" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_wakeup_granularity_ns" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/perf_event_max_sample_rate" (u object_r proc_perf ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/perf_cpu_time_max_percent" (u object_r proc_perf ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/percpu_pagelist_high_fraction" (u object_r proc_percpu_pagelist_high_fraction ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_child_runs_first" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_tunable_scaling" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_util_clamp_max" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_util_clamp_min" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/perf_event_paranoid" (u object_r proc_perf ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/perf_event_mlock_kb" (u object_r proc_perf ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_rt_runtime_us" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/randomize_va_space" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_rt_period_us" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/dirty_background_ratio" (u object_r proc_dirty ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/dirty_expire_centisecs" (u object_r proc_dirty ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/watermark_boost_factor" (u object_r proc_watermark_boost_factor ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/watermark_scale_factor" (u object_r proc_watermark_scale_factor ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/unprivileged_bpf_" (u object_r proc_bpf ((s0) (s0))))
|
|
(genfscon proc "/uid_cputime/remove_uid_range" (u object_r proc_uid_cputime_removeuid ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/modules_disabled" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_latency_ns" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sched_schedstats" (u object_r proc_sched ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/mmap_rnd_compat_bits" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/min_free_order_shift" (u object_r proc_min_free_order_shift ((s0) (s0))))
|
|
(genfscon proc "/sys/fs/protected_hardlinks" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/core_pipe_limit" (u object_r usermodehelper ((s0) (s0))))
|
|
(genfscon proc "/uid_concurrent_active_time" (u object_r proc_uid_concurrent_active_time ((s0) (s0))))
|
|
(genfscon proc "/uid_concurrent_policy_time" (u object_r proc_uid_concurrent_policy_time ((s0) (s0))))
|
|
(genfscon proc "/sys/fs/protected_symlinks" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/dmesg_restrict" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/usermodehelper" (u object_r usermodehelper ((s0) (s0))))
|
|
(genfscon proc "/uid_cputime/show_uid_stat" (u object_r proc_uid_cputime_showstat ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/kptr_restrict" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/panic_on_oops" (u object_r proc_panic ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/extra_free_kbytes" (u object_r proc_extra_free_kbytes ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/overcommit_memory" (u object_r proc_overcommit_memory ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/core_pattern" (u object_r usermodehelper ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/poweroff_cmd" (u object_r usermodehelper ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/domainname" (u object_r proc_hostname ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/hung_task_" (u object_r proc_hung_task ((s0) (s0))))
|
|
(genfscon proc "/sys/fs/pipe-max-size" (u object_r proc_pipe_conf ((s0) (s0))))
|
|
(genfscon proc "/sys/fs/suid_dumpable" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/max_map_count" (u object_r proc_max_map_count ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/mmap_min_addr" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/mmap_rnd_bits" (u object_r proc_security ((s0) (s0))))
|
|
(genfscon proc "/net/xt_qtaguid/ctrl" (u object_r proc_qtaguid_ctrl ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/hostname" (u object_r proc_hostname ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/modprobe" (u object_r usermodehelper ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/page-cluster" (u object_r proc_page_cluster ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/hotplug" (u object_r usermodehelper ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/pid_max" (u object_r proc_pid_max ((s0) (s0))))
|
|
(genfscon proc "/sys/vm/drop_caches" (u object_r proc_drop_caches ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/random" (u object_r proc_random ((s0) (s0))))
|
|
(genfscon proc "/sys/net/core/bpf_" (u object_r proc_bpf ((s0) (s0))))
|
|
(genfscon proc "/uid_time_in_state" (u object_r proc_uid_time_in_state ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/sysrq" (u object_r proc_sysrq ((s0) (s0))))
|
|
(genfscon proc "/uid_procstat/set" (u object_r proc_uid_procstat_set ((s0) (s0))))
|
|
(genfscon proc "/device-tree/avf" (u object_r proc_dt_avf ((s0) (s0))))
|
|
(genfscon proc "/lowmemorykiller" (u object_r proc_lowmemorykiller ((s0) (s0))))
|
|
(genfscon proc "/net/xt_qtaguid/" (u object_r proc_qtaguid_stat ((s0) (s0))))
|
|
(genfscon proc "/pressure/memory" (u object_r proc_pressure_mem ((s0) (s0))))
|
|
(genfscon proc "/sys/kernel/bpf_" (u object_r proc_bpf ((s0) (s0))))
|
|
(genfscon proc "/cpu/alignment" (u object_r proc_cpu_alignment ((s0) (s0))))
|
|
(genfscon proc "/sysrq-trigger" (u object_r proc_sysrq ((s0) (s0))))
|
|
(genfscon proc "/uid_cpupower/" (u object_r proc_uid_cpupower ((s0) (s0))))
|
|
(genfscon proc "/pagetypeinfo" (u object_r proc_pagetypeinfo ((s0) (s0))))
|
|
(genfscon proc "/pressure/cpu" (u object_r proc_pressure_cpu ((s0) (s0))))
|
|
(genfscon proc "/uid_io/stats" (u object_r proc_uid_io_stats ((s0) (s0))))
|
|
(genfscon proc "/vendor_sched" (u object_r proc_vendor_sched ((s0) (s0))))
|
|
(genfscon proc "/filesystems" (u object_r proc_filesystems ((s0) (s0))))
|
|
(genfscon proc "/pressure/io" (u object_r proc_pressure_io ((s0) (s0))))
|
|
(genfscon proc "/sys/abi/swp" (u object_r proc_abi ((s0) (s0))))
|
|
(genfscon proc "/timer_stats" (u object_r proc_timer ((s0) (s0))))
|
|
(genfscon proc "/tty/drivers" (u object_r proc_tty_drivers ((s0) (s0))))
|
|
(genfscon proc "/vmallocinfo" (u object_r proc_vmallocinfo ((s0) (s0))))
|
|
(genfscon proc "/bootconfig" (u object_r proc_bootconfig ((s0) (s0))))
|
|
(genfscon proc "/interrupts" (u object_r proc_interrupts ((s0) (s0))))
|
|
(genfscon proc "/kpageflags" (u object_r proc_kpageflags ((s0) (s0))))
|
|
(genfscon proc "/timer_list" (u object_r proc_timer ((s0) (s0))))
|
|
(genfscon proc "/buddyinfo" (u object_r proc_buddyinfo ((s0) (s0))))
|
|
(genfscon proc "/config.gz" (u object_r config_gz ((s0) (s0))))
|
|
(genfscon proc "/diskstats" (u object_r proc_diskstats ((s0) (s0))))
|
|
(genfscon proc "/kallsyms" (u object_r proc_kallsyms ((s0) (s0))))
|
|
(genfscon proc "/slabinfo" (u object_r proc_slabinfo ((s0) (s0))))
|
|
(genfscon proc "/softirqs" (u object_r proc_timer ((s0) (s0))))
|
|
(genfscon proc "/zoneinfo" (u object_r proc_zoneinfo ((s0) (s0))))
|
|
(genfscon proc "/cmdline" (u object_r proc_cmdline ((s0) (s0))))
|
|
(genfscon proc "/loadavg" (u object_r proc_loadavg ((s0) (s0))))
|
|
(genfscon proc "/meminfo" (u object_r proc_meminfo ((s0) (s0))))
|
|
(genfscon proc "/modules" (u object_r proc_modules ((s0) (s0))))
|
|
(genfscon proc "/net/tcp" (u object_r proc_net_tcp_udp ((s0) (s0))))
|
|
(genfscon proc "/net/udp" (u object_r proc_net_tcp_udp ((s0) (s0))))
|
|
(genfscon proc "/cpuinfo" (u object_r proc_cpuinfo ((s0) (s0))))
|
|
(genfscon proc "/sys/net" (u object_r proc_net ((s0) (s0))))
|
|
(genfscon proc "/version" (u object_r proc_version ((s0) (s0))))
|
|
(genfscon proc "/asound" (u object_r proc_asound ((s0) (s0))))
|
|
(genfscon proc "/mounts" (u object_r proc_mounts ((s0) (s0))))
|
|
(genfscon proc "/uptime" (u object_r proc_uptime ((s0) (s0))))
|
|
(genfscon proc "/vmstat" (u object_r proc_vmstat ((s0) (s0))))
|
|
(genfscon proc "/iomem" (u object_r proc_iomem ((s0) (s0))))
|
|
(genfscon proc "/locks" (u object_r proc_locks ((s0) (s0))))
|
|
(genfscon proc "/swaps" (u object_r proc_swaps ((s0) (s0))))
|
|
(genfscon proc "/keys" (u object_r proc_keys ((s0) (s0))))
|
|
(genfscon proc "/kmsg" (u object_r proc_kmsg ((s0) (s0))))
|
|
(genfscon proc "/misc" (u object_r proc_misc ((s0) (s0))))
|
|
(genfscon proc "/stat" (u object_r proc_stat ((s0) (s0))))
|
|
(genfscon proc "/uid/" (u object_r proc_uid_time_in_state ((s0) (s0))))
|
|
(genfscon proc "/net" (u object_r proc_net ((s0) (s0))))
|
|
(genfscon proc "/" (u object_r proc ((s0) (s0))))
|
|
(genfscon pstore "/" (u object_r pstorefs ((s0) (s0))))
|
|
(genfscon rootfs "/" (u object_r rootfs ((s0) (s0))))
|
|
(genfscon sdcardfs "/" (u object_r sdcardfs ((s0) (s0))))
|
|
(genfscon securityfs "/" (u object_r securityfs ((s0) (s0))))
|
|
(genfscon selinuxfs "/" (u object_r selinuxfs ((s0) (s0))))
|
|
(genfscon sysfs "/module/dm_verity/parameters/prefetch_cluster" (u object_r sysfs_dm_verity ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/timed_output/vibrator/enable" (u object_r sysfs_vibrator ((s0) (s0))))
|
|
(genfscon sysfs "/firmware/devicetree/base/firmware/android" (u object_r sysfs_dt_firmware_android ((s0) (s0))))
|
|
(genfscon sysfs "/devices/platform/nfc-power/nfc_power" (u object_r sysfs_nfc_power_writable ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/zram0/uevent" (u object_r sysfs_zram_uevent ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/zram1/uevent" (u object_r sysfs_zram_uevent ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/misc/hw_random" (u object_r sysfs_hwrandom ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/mm/transparent_hugepage" (u object_r sysfs_transparent_hugepage ((s0) (s0))))
|
|
(genfscon sysfs "/module/wlan/parameters/fwpath" (u object_r sysfs_wlan_fwpath ((s0) (s0))))
|
|
(genfscon sysfs "/firmware/devicetree/base/avf" (u object_r sysfs_dt_avf ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/android_usb" (u object_r sysfs_android_usb ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/zram0" (u object_r sysfs_zram ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/zram1" (u object_r sysfs_zram ((s0) (s0))))
|
|
(genfscon sysfs "/fs/incremental-fs/instances" (u object_r sysfs_fs_incfs_metrics ((s0) (s0))))
|
|
(genfscon sysfs "/module/tcp_cubic/parameters" (u object_r sysfs_net ((s0) (s0))))
|
|
(genfscon sysfs "/class/rfkill/rfkill0/state" (u object_r sysfs_bluetooth_writable ((s0) (s0))))
|
|
(genfscon sysfs "/class/rfkill/rfkill1/state" (u object_r sysfs_bluetooth_writable ((s0) (s0))))
|
|
(genfscon sysfs "/class/rfkill/rfkill2/state" (u object_r sysfs_bluetooth_writable ((s0) (s0))))
|
|
(genfscon sysfs "/class/rfkill/rfkill3/state" (u object_r sysfs_bluetooth_writable ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/loop" (u object_r sysfs_loop ((s0) (s0))))
|
|
(genfscon sysfs "/fs/fuse/bpf_prog_type_fuse" (u object_r sysfs_fs_fuse_bpf ((s0) (s0))))
|
|
(genfscon sysfs "/fs/incremental-fs/features" (u object_r sysfs_fs_incfs_features ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/dm-" (u object_r sysfs_dm ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/mm/lru_gen/enabled" (u object_r sysfs_lru_gen_enabled ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/misc/uhid" (u object_r sysfs_uhid ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/memory_state_time" (u object_r sysfs_power ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/block/" (u object_r sysfs_devices_block ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/switch" (u object_r sysfs_switch ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/wakeup" (u object_r sysfs_wakeup ((s0) (s0))))
|
|
(genfscon sysfs "/module/lowmemorykiller" (u object_r sysfs_lowmemorykiller ((s0) (s0))))
|
|
(genfscon sysfs "/power/sync_on_suspend" (u object_r sysfs_sync_on_suspend ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/wakeup_reasons" (u object_r sysfs_wakeup_reasons ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/dmabuf/buffers" (u object_r sysfs_dmabuf_stats ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/uevent_helper" (u object_r sysfs_usermodehelper ((s0) (s0))))
|
|
(genfscon sysfs "/devices/virtual/net" (u object_r sysfs_net ((s0) (s0))))
|
|
(genfscon sysfs "/power/suspend_stats" (u object_r sysfs_suspend_stats ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/vendor_sched" (u object_r sysfs_vendor_sched ((s0) (s0))))
|
|
(genfscon sysfs "/devices/system/cpu" (u object_r sysfs_devices_system_cpu ((s0) (s0))))
|
|
(genfscon sysfs "/power/wakeup_count" (u object_r sysfs_power ((s0) (s0))))
|
|
(genfscon sysfs "/class/android_usb" (u object_r sysfs_android_usb ((s0) (s0))))
|
|
(genfscon sysfs "/power/wake_unlock" (u object_r sysfs_wake_lock ((s0) (s0))))
|
|
(genfscon sysfs "/fs/ext4/features" (u object_r sysfs_fs_ext4_features ((s0) (s0))))
|
|
(genfscon sysfs "/fs/fuse/features" (u object_r sysfs_fs_fuse_features ((s0) (s0))))
|
|
(genfscon sysfs "/power/autosleep" (u object_r sysfs_power ((s0) (s0))))
|
|
(genfscon sysfs "/power/wake_lock" (u object_r sysfs_wake_lock ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/dma_heap" (u object_r sysfs_dma_heap ((s0) (s0))))
|
|
(genfscon sysfs "/devices/cs_etm" (u object_r sysfs_devices_cs_etm ((s0) (s0))))
|
|
(genfscon sysfs "/devices/uprobe" (u object_r sysfs_uprobe ((s0) (s0))))
|
|
(genfscon sysfs "/class/extcon" (u object_r sysfs_extcon ((s0) (s0))))
|
|
(genfscon sysfs "/class/switch" (u object_r sysfs_switch ((s0) (s0))))
|
|
(genfscon sysfs "/class/wakeup" (u object_r sysfs_wakeup ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/notes" (u object_r sysfs_kernel_notes ((s0) (s0))))
|
|
(genfscon sysfs "/power/state" (u object_r sysfs_power ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/ipv4" (u object_r sysfs_ipv4 ((s0) (s0))))
|
|
(genfscon sysfs "/class/leds" (u object_r sysfs_leds ((s0) (s0))))
|
|
(genfscon sysfs "/kernel/ion" (u object_r sysfs_ion ((s0) (s0))))
|
|
(genfscon sysfs "/class/gpu" (u object_r sysfs_gpu ((s0) (s0))))
|
|
(genfscon sysfs "/class/net" (u object_r sysfs_net ((s0) (s0))))
|
|
(genfscon sysfs "/class/rtc" (u object_r sysfs_rtc ((s0) (s0))))
|
|
(genfscon sysfs "/fs/f2fs" (u object_r sysfs_fs_f2fs ((s0) (s0))))
|
|
(genfscon sysfs "/" (u object_r sysfs ((s0) (s0))))
|
|
(genfscon tracefs "/events/filemap/mm_filemap_delete_from_page_cache/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/vmscan/mm_vmscan_direct_reclaim_begin/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/filemap/mm_filemap_add_to_page_cache/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/vmscan/mm_vmscan_direct_reclaim_end/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_transaction_alloc_buf/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_transaction_received/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_es_lookup_extent_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_es_lookup_extent_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/synthetic/suspend_resume_minimal" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/vmscan/mm_vmscan_kswapd_sleep/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/vmscan/mm_vmscan_kswapd_wake/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/synthetic/rss_stat_throttled" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/thermal/thermal_temperature/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_blocked_reason/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/cpu_frequency_limits/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_set_priority/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/f2fs/f2fs_sync_file_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_sync_file_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_transaction/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/f2fs/f2fs_get_data_block/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/f2fs/f2fs_sync_file_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_da_write_begin/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_sync_file_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_process_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_process_free/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/mm_event/mm_event_record/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/oom/oom_score_adj_update/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/block/block_rq_complete/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_cpu_hotplug/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_da_write_end/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_wakeup_new/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_pi_setprio/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/f2fs/f2fs_write_begin/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/gpu_work_period/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_command/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ext4/ext4_load_inode/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/block/block_rq_issue/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/clock_set_rate/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/suspend_resume/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_locked/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_unlock/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_return/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/kmem/ion_heap_shrink/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/gpu_mem/gpu_mem_total" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/f2fs/f2fs_write_end/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/cpu_frequency/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/clock_disable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/gpu_frequency/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/cpufreq_interactive/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/thermal/cdev_update/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_switch/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_wakeup/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/sched/sched_waking/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/clock_enable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/binder/binder_lock/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/kmem/ion_heap_grow/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/task/task_newtask/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/cpuhp/cpuhp_enter/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/cpuhp/cpuhp_pause/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/task/task_rename/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/cpuhp/cpuhp_exit/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/clk/clk_set_rate/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/lowmemorykiller/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/oom/mark_victim/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/clk/clk_disable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/instances/bootreceiver" (u object_r debugfs_bootreceiver_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/f2fs/f2fs_iget/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/power/cpu_idle/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/clk/clk_enable/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/kmem/rss_stat/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ion/ion_stat/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ftrace/print/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/instances/mm_events" (u object_r debugfs_mm_events_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/options/record-tgid" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/saved_cmdlines_size" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/header_page" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/options/print-tgid" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/options/overwrite" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/dma_fence/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/synthetic_events" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/instances/wifi" (u object_r debugfs_wifi_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/printk_formats" (u object_r debugfs_tracing_printk_formats ((s0) (s0))))
|
|
(genfscon tracefs "/buffer_size_kb" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/cgroup/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/fence/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/trace_marker" (u object_r debugfs_trace_marker ((s0) (s0))))
|
|
(genfscon tracefs "/events/sync/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/per_cpu/cpu" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/trace_clock" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/ipi/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/events/irq/" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/tracing_on" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/instances" (u object_r debugfs_tracing_instances ((s0) (s0))))
|
|
(genfscon tracefs "/trace" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/hyp" (u object_r debugfs_tracing ((s0) (s0))))
|
|
(genfscon tracefs "/" (u object_r debugfs_tracing_debug ((s0) (s0))))
|
|
(genfscon usbfs "/" (u object_r usbfs ((s0) (s0))))
|
|
(genfscon vfat "/" (u object_r vfat ((s0) (s0))))
|
|
(common cap (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap ))
|
|
(common cap2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon ))
|
|
(common ipc (create destroy getattr setattr read write associate unix_read unix_write ))
|
|
(common socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind ))
|
|
(common file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads ))
|
|
(typealias rs_data_file)
|
|
(typealiasactual rs_data_file app_exec_data_file)
|
|
(class security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy validate_trans ))
|
|
(class process (fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate getrlimit ))
|
|
(mlsconstrain (process (sigkill sigstop signal ptrace setsched setpgid setcap share setrlimit)) (or (eq l1 l2) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (process (ptrace getsched getsession getpgid getcap share getattr)) (or (dom l1 l2) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (process (transition dyntransition)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class system (ipc_info syslog_read syslog_mod syslog_console module_request module_load ))
|
|
(class capability ())
|
|
(classcommon capability cap)
|
|
(class filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget watch ))
|
|
(class file (execute_no_trans entrypoint ))
|
|
(classcommon file file)
|
|
(mlsconstrain (file (write setattr append unlink link rename)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (eq l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (file (read getattr execute)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (file (setattr unlink link rename open)) (or (or (and (neq t2 app_data_file_type) (neq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (file (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class anon_inode ())
|
|
(classcommon anon_inode file)
|
|
(mlsconstrain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute open execmod)) (eq l1 l2))
|
|
(class dir (add_name remove_name reparent search rmdir ))
|
|
(classcommon dir file)
|
|
(mlsconstrain (dir (write setattr rename add_name remove_name reparent rmdir)) (or (or (or (eq t2 app_data_file_type) (eq l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (dir (read getattr search)) (or (or (or (or (eq t2 app_data_file_type) (dom l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)) (and (eq t1 mlsvendorcompat) (or (eq t2 system_data_file) (eq t2 user_profile_root_file)))))
|
|
(mlsconstrain (dir (getattr setattr rename open add_name remove_name reparent search rmdir)) (or (or (neq t2 app_data_file_type) (dom l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (dir (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class fd (use ))
|
|
(class lnk_file ())
|
|
(classcommon lnk_file file)
|
|
(mlsconstrain (lnk_file (write setattr append unlink link rename)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (eq l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (lnk_file (read getattr execute)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (lnk_file (read setattr unlink link rename open)) (or (or (and (neq t2 privapp_data_file) (neq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (lnk_file (read setattr unlink link rename open)) (or (or (or (neq t2 app_data_file_type) (eq t2 privapp_data_file)) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (lnk_file (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class chr_file (execute_no_trans entrypoint ))
|
|
(classcommon chr_file file)
|
|
(mlsconstrain (chr_file (write setattr append unlink link rename)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (eq l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (chr_file (read getattr execute)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (chr_file (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class blk_file ())
|
|
(classcommon blk_file file)
|
|
(mlsconstrain (blk_file (write setattr append unlink link rename)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (eq l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (blk_file (read getattr execute)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (blk_file (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class sock_file ())
|
|
(classcommon sock_file file)
|
|
(mlsconstrain (sock_file (write setattr append unlink link rename)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (eq l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (sock_file (read getattr execute)) (or (or (or (or (eq t2 app_data_file_type) (eq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)))
|
|
(mlsconstrain (sock_file (setattr unlink link rename open)) (or (or (and (neq t2 app_data_file_type) (neq t2 appdomain_tmpfs)) (dom l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(mlsconstrain (sock_file (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class fifo_file ())
|
|
(classcommon fifo_file file)
|
|
(mlsconstrain (fifo_file (write setattr append unlink link rename)) (or (or (or (eq l1 l2) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)) (eq t2 domain)))
|
|
(mlsconstrain (fifo_file (read getattr)) (or (or (or (dom l1 l2) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedobject)) (eq t2 domain)))
|
|
(mlsconstrain (fifo_file (create relabelfrom relabelto)) (and (eq l2 h2) (or (eq l1 l2) (eq t1 mlstrustedsubject))))
|
|
(class socket ())
|
|
(classcommon socket socket)
|
|
(mlsconstrain (socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class tcp_socket (node_bind name_connect ))
|
|
(classcommon tcp_socket socket)
|
|
(mlsconstrain (tcp_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class udp_socket (node_bind ))
|
|
(classcommon udp_socket socket)
|
|
(mlsconstrain (udp_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class rawip_socket (node_bind ))
|
|
(classcommon rawip_socket socket)
|
|
(mlsconstrain (rawip_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class node (recvfrom sendto ))
|
|
(class netif (ingress egress ))
|
|
(class netlink_socket ())
|
|
(classcommon netlink_socket socket)
|
|
(mlsconstrain (netlink_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class packet_socket ())
|
|
(classcommon packet_socket socket)
|
|
(mlsconstrain (packet_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class key_socket ())
|
|
(classcommon key_socket socket)
|
|
(mlsconstrain (key_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class unix_stream_socket (connectto ))
|
|
(classcommon unix_stream_socket socket)
|
|
(mlsconstrain (unix_stream_socket (connectto)) (or (or (eq l1 l2) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedsubject)))
|
|
(mlsconstrain (unix_stream_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class unix_dgram_socket ())
|
|
(classcommon unix_dgram_socket socket)
|
|
(mlsconstrain (unix_dgram_socket (sendto)) (or (or (eq l1 l2) (eq t1 mlstrustedsubject)) (eq t2 mlstrustedsubject)))
|
|
(mlsconstrain (unix_dgram_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class sem ())
|
|
(classcommon sem ipc)
|
|
(class msg (send receive ))
|
|
(class msgq (enqueue ))
|
|
(classcommon msgq ipc)
|
|
(class shm (lock ))
|
|
(classcommon shm ipc)
|
|
(class ipc ())
|
|
(classcommon ipc ipc)
|
|
(class netlink_route_socket (nlmsg_read nlmsg_write nlmsg_readpriv nlmsg_getneigh ))
|
|
(classcommon netlink_route_socket socket)
|
|
(mlsconstrain (netlink_route_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_tcpdiag_socket (nlmsg_read nlmsg_write ))
|
|
(classcommon netlink_tcpdiag_socket socket)
|
|
(mlsconstrain (netlink_tcpdiag_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_nflog_socket ())
|
|
(classcommon netlink_nflog_socket socket)
|
|
(mlsconstrain (netlink_nflog_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_xfrm_socket (nlmsg_read nlmsg_write ))
|
|
(classcommon netlink_xfrm_socket socket)
|
|
(mlsconstrain (netlink_xfrm_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_selinux_socket ())
|
|
(classcommon netlink_selinux_socket socket)
|
|
(mlsconstrain (netlink_selinux_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_audit_socket (nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit ))
|
|
(classcommon netlink_audit_socket socket)
|
|
(mlsconstrain (netlink_audit_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_dnrt_socket ())
|
|
(classcommon netlink_dnrt_socket socket)
|
|
(mlsconstrain (netlink_dnrt_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class association (sendto recvfrom setcontext polmatch ))
|
|
(class netlink_kobject_uevent_socket ())
|
|
(classcommon netlink_kobject_uevent_socket socket)
|
|
(mlsconstrain (netlink_kobject_uevent_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class appletalk_socket ())
|
|
(classcommon appletalk_socket socket)
|
|
(mlsconstrain (appletalk_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class packet (send recv relabelto forward_in forward_out ))
|
|
(class key (view read write search link setattr create ))
|
|
(class dccp_socket (node_bind name_connect ))
|
|
(classcommon dccp_socket socket)
|
|
(class memprotect (mmap_zero ))
|
|
(class peer (recv ))
|
|
(class capability2 ())
|
|
(classcommon capability2 cap2)
|
|
(class kernel_service (use_as_override create_files_as ))
|
|
(class tun_socket (attach_queue ))
|
|
(classcommon tun_socket socket)
|
|
(mlsconstrain (tun_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class binder (impersonate call set_context_mgr transfer ))
|
|
(class netlink_iscsi_socket ())
|
|
(classcommon netlink_iscsi_socket socket)
|
|
(mlsconstrain (netlink_iscsi_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_fib_lookup_socket ())
|
|
(classcommon netlink_fib_lookup_socket socket)
|
|
(mlsconstrain (netlink_fib_lookup_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_connector_socket ())
|
|
(classcommon netlink_connector_socket socket)
|
|
(mlsconstrain (netlink_connector_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_netfilter_socket ())
|
|
(classcommon netlink_netfilter_socket socket)
|
|
(mlsconstrain (netlink_netfilter_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_generic_socket ())
|
|
(classcommon netlink_generic_socket socket)
|
|
(mlsconstrain (netlink_generic_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_scsitransport_socket ())
|
|
(classcommon netlink_scsitransport_socket socket)
|
|
(mlsconstrain (netlink_scsitransport_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_rdma_socket ())
|
|
(classcommon netlink_rdma_socket socket)
|
|
(mlsconstrain (netlink_rdma_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netlink_crypto_socket ())
|
|
(classcommon netlink_crypto_socket socket)
|
|
(mlsconstrain (netlink_crypto_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class infiniband_pkey (access ))
|
|
(class infiniband_endport (manage_subnet ))
|
|
(class cap_userns ())
|
|
(classcommon cap_userns cap)
|
|
(class cap2_userns ())
|
|
(classcommon cap2_userns cap2)
|
|
(class sctp_socket (node_bind name_connect association ))
|
|
(classcommon sctp_socket socket)
|
|
(mlsconstrain (sctp_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class icmp_socket (node_bind ))
|
|
(classcommon icmp_socket socket)
|
|
(mlsconstrain (icmp_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class ax25_socket ())
|
|
(classcommon ax25_socket socket)
|
|
(mlsconstrain (ax25_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class ipx_socket ())
|
|
(classcommon ipx_socket socket)
|
|
(mlsconstrain (ipx_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class netrom_socket ())
|
|
(classcommon netrom_socket socket)
|
|
(mlsconstrain (netrom_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class atmpvc_socket ())
|
|
(classcommon atmpvc_socket socket)
|
|
(mlsconstrain (atmpvc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class x25_socket ())
|
|
(classcommon x25_socket socket)
|
|
(mlsconstrain (x25_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class rose_socket ())
|
|
(classcommon rose_socket socket)
|
|
(mlsconstrain (rose_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class decnet_socket ())
|
|
(classcommon decnet_socket socket)
|
|
(mlsconstrain (decnet_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class atmsvc_socket ())
|
|
(classcommon atmsvc_socket socket)
|
|
(mlsconstrain (atmsvc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class rds_socket ())
|
|
(classcommon rds_socket socket)
|
|
(mlsconstrain (rds_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class irda_socket ())
|
|
(classcommon irda_socket socket)
|
|
(mlsconstrain (irda_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class pppox_socket ())
|
|
(classcommon pppox_socket socket)
|
|
(mlsconstrain (pppox_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class llc_socket ())
|
|
(classcommon llc_socket socket)
|
|
(mlsconstrain (llc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class can_socket ())
|
|
(classcommon can_socket socket)
|
|
(mlsconstrain (can_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class tipc_socket ())
|
|
(classcommon tipc_socket socket)
|
|
(mlsconstrain (tipc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class bluetooth_socket ())
|
|
(classcommon bluetooth_socket socket)
|
|
(mlsconstrain (bluetooth_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class iucv_socket ())
|
|
(classcommon iucv_socket socket)
|
|
(mlsconstrain (iucv_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class rxrpc_socket ())
|
|
(classcommon rxrpc_socket socket)
|
|
(mlsconstrain (rxrpc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class isdn_socket ())
|
|
(classcommon isdn_socket socket)
|
|
(mlsconstrain (isdn_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class phonet_socket ())
|
|
(classcommon phonet_socket socket)
|
|
(mlsconstrain (phonet_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class ieee802154_socket ())
|
|
(classcommon ieee802154_socket socket)
|
|
(mlsconstrain (ieee802154_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class caif_socket ())
|
|
(classcommon caif_socket socket)
|
|
(mlsconstrain (caif_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class alg_socket ())
|
|
(classcommon alg_socket socket)
|
|
(mlsconstrain (alg_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class nfc_socket ())
|
|
(classcommon nfc_socket socket)
|
|
(mlsconstrain (nfc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class vsock_socket ())
|
|
(classcommon vsock_socket socket)
|
|
(mlsconstrain (vsock_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class kcm_socket ())
|
|
(classcommon kcm_socket socket)
|
|
(mlsconstrain (kcm_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class qipcrtr_socket ())
|
|
(classcommon qipcrtr_socket socket)
|
|
(mlsconstrain (qipcrtr_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class smc_socket ())
|
|
(classcommon smc_socket socket)
|
|
(mlsconstrain (smc_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class process2 (nnp_transition nosuid_transition ))
|
|
(class bpf (map_create map_read map_write prog_load prog_run ))
|
|
(class xdp_socket ())
|
|
(classcommon xdp_socket socket)
|
|
(mlsconstrain (xdp_socket (create relabelfrom relabelto)) (or (and (eq h1 h2) (eq l1 l2)) (eq t1 mlstrustedsubject)))
|
|
(class perf_event (open cpu kernel tracepoint read write ))
|
|
(class io_uring (override_creds sqpoll cmd ))
|
|
(class lockdown (integrity confidentiality ))
|
|
(class property_service (set ))
|
|
(class service_manager (add find list ))
|
|
(class hwservice_manager (add find list ))
|
|
(class keystore_key (get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid add_auth user_changed gen_unique_id ))
|
|
(class keystore2 (add_auth change_password change_user clear_ns clear_uid delete_all_keys early_boot_ended get_attestation_key get_auth_token get_last_auth_time get_state list lock pull_metrics report_off_body reset unlock ))
|
|
(class keystore2_key (convert_storage_key_to_ephemeral delete gen_unique_id get_info grant manage_blob rebind req_forced_op update use use_dev_id ))
|
|
(class diced (demote demote_self derive get_attestation_chain use_seal use_sign ))
|
|
(class drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread ))
|
|
(classorder (security process system capability filesystem file anon_inode dir fd lnk_file chr_file blk_file sock_file fifo_file socket tcp_socket udp_socket rawip_socket node netif netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket sem msg msgq shm ipc netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket association netlink_kobject_uevent_socket appletalk_socket packet key dccp_socket memprotect peer capability2 kernel_service tun_socket binder netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket infiniband_pkey infiniband_endport cap_userns cap2_userns sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket process2 bpf xdp_socket perf_event io_uring lockdown property_service service_manager hwservice_manager keystore_key keystore2 keystore2_key diced drmservice ))
|
|
(role r)
|
|
(roletype r domain)
|
|
(typeattribute dev_type)
|
|
(typeattributeset dev_type (device ashmem_device ashmem_libcutils_device audio_device binder_device hwbinder_device vndbinder_device block_device bt_device camera_device dm_device ublk_block_device dm_user_device ublk_control_device keychord_device loop_control_device loop_device pmsg_device radio_device ram_device rtc_device vd_device vold_device console_device fscklogs gpu_device graphics_device hw_random_device input_device port_device lowpan_device mtp_device nfc_device ptmx_device kmsg_device kmsg_debug_device null_device random_device secure_element_device sensors_device serial_device socket_device owntty_device tty_device video_device zero_device fuse_device iio_device ion_device dmabuf_heap_device dmabuf_system_heap_device dmabuf_system_secure_heap_device qtaguid_device watchdog_device uhid_device uio_device tun_device usbaccessory_device usb_device usb_serial_device gnss_device properties_device properties_serial property_info hidraw_device hci_attach_dev rpmsg_device root_block_device frp_block_device system_block_device recovery_block_device boot_block_device dtbo_block_device userdata_block_device zoned_block_device cache_block_device swap_block_device metadata_block_device misc_block_device super_block_device sdcard_block_device userdata_sysdev rootdisk_sysdev vfio_device tee_device kvm_device ))
|
|
(typeattribute bpffs_type)
|
|
(typeattributeset bpffs_type (fs_bpf fs_bpf_tethering fs_bpf_vendor fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_loader fs_bpf_uprobestats ))
|
|
(typeattribute domain)
|
|
(typeattributeset domain (adbd aidl_lazy_test_server apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger charger_vendor crash_dump credstore dhcp dnsmasq drmserver dumpstate e2fs ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe mtp netd netutils_wrapper network_stack nfc otapreopt_chroot perfetto performanced platform_app postinstall ppp priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd su surfaceflinger system_app system_server tee tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc vendor_init vendor_misc_writer vendor_modprobe vendor_shell virtual_touchpad vndservicemanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd apex_test_prepostinstall apexd_derive_classpath art_boot auditctl automotive_display_service blank_screen boringssl_self_test vendor_boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts crosvm derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dexoptanalyzer dmesgd fsverity_init fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hidl_lazy_test_server iw linkerconfig lpdumpd mediaprovider_app mediatuner migrate_legacy_obb_data misctrl mm_events mtectrl odrefresh odsign ot_daemon otapreopt_slot permissioncontroller_app postinstall_dexopt preloads_copy preopt2cachename profcollectd remount rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend uprobestats vehicle_binding_util viewcompiler virtual_camera virtualizationmanager virtualizationservice vzwomatrigger_app wait_for_keymaster ))
|
|
(typeattribute fs_type)
|
|
(typeattributeset fs_type (device labeledfs pipefs sockfs rootfs proc binderfs binderfs_logs binderfs_logs_proc binderfs_logs_stats binderfs_features proc_security proc_drop_caches proc_overcommit_memory proc_min_free_order_shift proc_kpageflags proc_watermark_boost_factor proc_percpu_pagelist_high_fraction usermodehelper sysfs_usermodehelper proc_qtaguid_ctrl proc_qtaguid_stat proc_bluetooth_writable proc_abi proc_asound proc_bootconfig proc_bpf proc_buddyinfo proc_cmdline proc_cpu_alignment proc_cpuinfo proc_dirty proc_diskstats proc_extra_free_kbytes proc_filesystems proc_fs_verity proc_hostname proc_hung_task proc_interrupts proc_iomem proc_kallsyms proc_keys proc_kmsg proc_loadavg proc_locks proc_lowmemorykiller proc_max_map_count proc_meminfo proc_misc proc_modules proc_mounts proc_net proc_net_tcp_udp proc_page_cluster proc_pagetypeinfo proc_panic proc_perf proc_pid_max proc_pipe_conf proc_pressure_cpu proc_pressure_io proc_pressure_mem proc_random proc_sched proc_slabinfo proc_stat proc_swaps proc_sysrq proc_timer proc_tty_drivers proc_uid_cputime_showstat proc_uid_cputime_removeuid proc_uid_io_stats proc_uid_procstat_set proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time proc_uid_cpupower proc_uptime proc_version proc_vmallocinfo proc_vmstat proc_watermark_scale_factor proc_zoneinfo proc_vendor_sched selinuxfs fusectlfs cgroup cgroup_v2 sysfs sysfs_android_usb sysfs_uio sysfs_batteryinfo sysfs_bluetooth_writable sysfs_devfreq_cur sysfs_devfreq_dir sysfs_devices_block sysfs_dm sysfs_dm_verity sysfs_dma_heap sysfs_dmabuf_stats sysfs_dt_firmware_android sysfs_extcon sysfs_ion sysfs_ipv4 sysfs_kernel_notes sysfs_leds sysfs_loop sysfs_gpu sysfs_hwrandom sysfs_nfc_power_writable sysfs_wake_lock sysfs_net sysfs_power sysfs_rtc sysfs_suspend_stats sysfs_switch sysfs_sync_on_suspend sysfs_transparent_hugepage sysfs_lru_gen_enabled sysfs_usb sysfs_wakeup sysfs_wakeup_reasons sysfs_fs_ext4_features sysfs_fs_f2fs sysfs_fs_fuse_bpf sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_fs_incfs_metrics sysfs_vendor_sched fs_bpf fs_bpf_tethering fs_bpf_vendor configfs sysfs_devices_cs_etm sysfs_devices_system_cpu sysfs_lowmemorykiller sysfs_wlan_fwpath sysfs_vibrator sysfs_uhid sysfs_thermal sysfs_zram sysfs_zram_uevent inotify devpts tmpfs shm mqueue fuse fuseblk sdcardfs vfat exfat debugfs debugfs_kprobes debugfs_mmc debugfs_mm_events_tracing debugfs_trace_marker debugfs_tracing debugfs_tracing_debug debugfs_tracing_instances debugfs_tracing_printk_formats debugfs_wakeup_sources debugfs_wifi_tracing securityfs pstorefs functionfs oemfs usbfs binfmt_miscfs app_fusefs debugfs_bootreceiver_tracing apexd_devpts config_gz fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_loader fs_bpf_uprobestats debugfs_kcov sysfs_dt_avf proc_dt_avf sysfs_uprobe odsign_devpts priv_app_devpts untrusted_app_all_devpts ))
|
|
(typeattribute contextmount_type)
|
|
(typeattributeset contextmount_type (oemfs app_fusefs ))
|
|
(typeattribute fusefs_type)
|
|
(typeattributeset fusefs_type (fuse fuseblk app_fusefs ))
|
|
(typeattribute file_type)
|
|
(typeattributeset file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec appdomain_tmpfs app_zygote_tmpfs audioserver_tmpfs bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec cameraserver_tmpfs charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec drmserver_socket dumpstate_exec e2fs_exec extra_free_kbytes_exec unlabeled system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file cgroup_desc_api_file vendor_cgroup_desc_file task_profiles_file task_profiles_api_file vendor_task_profiles_file art_apex_dir linkerconfig_file incremental_control_file bootanim_oem_file vendor_hal_file vendor_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_vm_file vendor_vm_data_file metadata_file vold_metadata_file gsi_metadata_file gsi_public_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file metadata_bootstat_file userspace_reboot_metadata_file staged_install_file watchdog_metadata_file repair_mode_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file dev_cpu_variant runtime_event_log_tags_file logcat_exec cgroup_rc_file coredump_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file vendor_apex_file vendor_apex_metadata_file shutdown_checkpoints_system_data_file mnt_media_rw_file mnt_user_file mnt_pass_through_file mnt_expand_file mnt_sdcard_file storage_file mnt_media_rw_stub_file storage_stub_file mnt_vendor_file mnt_product_file apex_mnt_dir apex_info_file postinstall_mnt_dir postinstall_file postinstall_apex_mnt_dir mirror_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file efs_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file bluetooth_efs_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file adbd_socket bluetooth_socket dnsproxyd_socket dumpstate_socket fwmarkd_socket lmkd_socket logd_socket logdr_socket logdw_socket mdns_socket mdnsd_socket misc_logd_file mtpd_socket ot_daemon_socket property_socket racoon_socket recovery_socket rild_socket rild_debug_socket snapuserd_socket snapuserd_proxy_socket statsdw_socket system_wpa_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_java_trace_socket tombstoned_intercept_socket traced_consumer_socket traced_perf_socket traced_producer_socket uncrypt_socket wpa_socket zygote_socket heapprofd_socket gps_control pdx_display_dir pdx_performance_dir pdx_bufferhub_dir pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file vendor_service_contexts_file hwservice_contexts_file vndservice_contexts_file vendor_kernel_modules system_dlkm_file audiohal_data_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hal_graphics_composer_server_tmpfs hwservicemanager_exec idmap_exec init_exec init_tmpfs inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediaextractor_tmpfs mediametrics_exec mediaserver_exec mediaserver_tmpfs mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec surfaceflinger_tmpfs system_server_tmpfs tombstoned_exec toolbox_exec traced_tmpfs ueventd_tmpfs uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_touchpad_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec webview_zygote_tmpfs wificond_exec zygote_tmpfs zygote_exec aconfigd_exec apex_test_prepostinstall_exec art_boot_exec artd_exec artd_tmpfs atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec boringssl_self_test_marker bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec crosvm_tmpfs derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexopt_chroot_setup_tmpfs dexoptanalyzer_exec dexoptanalyzer_tmpfs dmesgd_exec dumpstate_tmpfs evsmanagerd_exec storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file uprobestats_configs_data_file oatdump_exec sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file environ_system_data_file bootanim_data_file fd_server_exec compos_exec compos_key_helper_exec art_exec_exec prng_seeder_socket system_font_fallback_file aconfigd_socket system_aconfig_storage_file vendor_aconfig_storage_file fsverity_init_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec heapprofd_exec heapprofd_tmpfs hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec linkerconfig_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatranscoding_tmpfs mediatuner_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mtectrl_exec odrefresh_exec odsign_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec perfetto_exec perfetto_tmpfs postinstall_exec postinstall_dexopt_exec postinstall_dexopt_tmpfs preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec simpleperf_boot_data_file snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_server_startup_tmpfs system_suspend_exec traced_exec traced_perf_exec traced_probes_exec traced_probes_tmpfs uprobestats_exec vehicle_binding_util_exec viewcompiler_exec viewcompiler_tmpfs virtual_camera_exec virtualizationmanager_exec virtualizationservice_exec wait_for_keymaster_exec ))
|
|
(typeattribute exec_type)
|
|
(typeattributeset exec_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec extra_free_kbytes_exec tcpdump_exec logcat_exec fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_touchpad_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec wificond_exec zygote_exec aconfigd_exec apex_test_prepostinstall_exec art_boot_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec oatdump_exec fd_server_exec compos_exec compos_key_helper_exec art_exec_exec fsverity_init_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec linkerconfig_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mtectrl_exec odrefresh_exec odsign_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec perfetto_exec postinstall_exec postinstall_dexopt_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec traced_exec traced_perf_exec traced_probes_exec uprobestats_exec vehicle_binding_util_exec viewcompiler_exec virtual_camera_exec virtualizationmanager_exec virtualizationservice_exec wait_for_keymaster_exec ))
|
|
(typeattribute data_file_type)
|
|
(expandtypeattribute (data_file_type) false)
|
|
(typeattributeset data_file_type (incremental_control_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file shutdown_checkpoints_system_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file bluetooth_socket misc_logd_file system_wpa_socket system_ndebug_socket system_unsolzygote_socket wpa_socket audiohal_data_file storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file uprobestats_configs_data_file sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file environ_system_data_file bootanim_data_file ))
|
|
(typeattribute core_data_file_type)
|
|
(expandtypeattribute (core_data_file_type) false)
|
|
(typeattributeset core_data_file_type (incremental_control_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file shutdown_checkpoints_system_data_file mirror_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file fingerprintd_data_file app_fuse_file bluetooth_socket misc_logd_file system_wpa_socket system_ndebug_socket system_unsolzygote_socket wpa_socket audiohal_data_file storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file uprobestats_configs_data_file sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file environ_system_data_file bootanim_data_file ))
|
|
(typeattribute app_data_file_type)
|
|
(expandtypeattribute (app_data_file_type) false)
|
|
(typeattributeset app_data_file_type (shell_data_file bluetooth_data_file nfc_data_file radio_data_file app_data_file privapp_data_file system_app_data_file sdk_sandbox_data_file ))
|
|
(typeattribute system_file_type)
|
|
(typeattributeset system_file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec extra_free_kbytes_exec system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file cgroup_desc_api_file task_profiles_file task_profiles_api_file art_apex_dir bootanim_oem_file logcat_exec file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file hwservice_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec virtual_touchpad_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec wificond_exec zygote_exec aconfigd_exec apex_test_prepostinstall_exec art_boot_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec blank_screen_exec blkid_exec boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec oatdump_exec fd_server_exec compos_exec compos_key_helper_exec art_exec_exec system_font_fallback_file system_aconfig_storage_file fsverity_init_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec linkerconfig_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mtectrl_exec odrefresh_exec odsign_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec perfetto_exec postinstall_exec postinstall_dexopt_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec traced_exec traced_perf_exec traced_probes_exec uprobestats_exec vehicle_binding_util_exec viewcompiler_exec virtual_camera_exec virtualizationmanager_exec virtualizationservice_exec wait_for_keymaster_exec ))
|
|
(typeattribute system_dlkm_file_type)
|
|
(typeattributeset system_dlkm_file_type (system_dlkm_file ))
|
|
(typeattribute vendor_file_type)
|
|
(typeattributeset vendor_file_type (vendor_cgroup_desc_file vendor_task_profiles_file vendor_hal_file vendor_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_vm_file vendor_vm_data_file vendor_apex_file vendor_apex_metadata_file vendor_service_contexts_file vendor_kernel_modules vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec vendor_boringssl_self_test_exec vendor_aconfig_storage_file ))
|
|
(typeattribute proc_type)
|
|
(expandtypeattribute (proc_type) false)
|
|
(typeattributeset proc_type (proc proc_security proc_drop_caches proc_overcommit_memory proc_min_free_order_shift proc_kpageflags proc_watermark_boost_factor proc_percpu_pagelist_high_fraction usermodehelper proc_qtaguid_ctrl proc_qtaguid_stat proc_bluetooth_writable proc_abi proc_asound proc_bootconfig proc_bpf proc_buddyinfo proc_cmdline proc_cpu_alignment proc_cpuinfo proc_dirty proc_diskstats proc_extra_free_kbytes proc_filesystems proc_fs_verity proc_hostname proc_hung_task proc_interrupts proc_iomem proc_kallsyms proc_keys proc_kmsg proc_loadavg proc_locks proc_lowmemorykiller proc_max_map_count proc_meminfo proc_misc proc_modules proc_mounts proc_net proc_net_tcp_udp proc_page_cluster proc_pagetypeinfo proc_panic proc_perf proc_pid_max proc_pipe_conf proc_pressure_cpu proc_pressure_io proc_pressure_mem proc_random proc_sched proc_slabinfo proc_stat proc_swaps proc_sysrq proc_timer proc_tty_drivers proc_uid_cputime_showstat proc_uid_cputime_removeuid proc_uid_io_stats proc_uid_procstat_set proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time proc_uid_cpupower proc_uptime proc_version proc_vmallocinfo proc_vmstat proc_watermark_scale_factor proc_zoneinfo proc_vendor_sched config_gz proc_dt_avf ))
|
|
(typeattribute proc_net_type)
|
|
(expandtypeattribute (proc_net_type) true)
|
|
(typeattributeset proc_net_type (proc_net ))
|
|
(typeattribute sysfs_type)
|
|
(typeattributeset sysfs_type (sysfs_usermodehelper sysfs sysfs_android_usb sysfs_uio sysfs_batteryinfo sysfs_bluetooth_writable sysfs_devfreq_cur sysfs_devfreq_dir sysfs_devices_block sysfs_dm sysfs_dm_verity sysfs_dma_heap sysfs_dmabuf_stats sysfs_dt_firmware_android sysfs_extcon sysfs_ion sysfs_ipv4 sysfs_kernel_notes sysfs_leds sysfs_loop sysfs_gpu sysfs_hwrandom sysfs_nfc_power_writable sysfs_wake_lock sysfs_net sysfs_power sysfs_rtc sysfs_suspend_stats sysfs_switch sysfs_sync_on_suspend sysfs_transparent_hugepage sysfs_lru_gen_enabled sysfs_usb sysfs_wakeup sysfs_wakeup_reasons sysfs_fs_ext4_features sysfs_fs_f2fs sysfs_fs_fuse_bpf sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_fs_incfs_metrics sysfs_vendor_sched sysfs_devices_cs_etm sysfs_devices_system_cpu sysfs_lowmemorykiller sysfs_wlan_fwpath sysfs_vibrator sysfs_uhid sysfs_thermal sysfs_zram sysfs_zram_uevent sysfs_dt_avf sysfs_uprobe ))
|
|
(typeattribute debugfs_type)
|
|
(typeattributeset debugfs_type (debugfs debugfs_kprobes debugfs_mmc debugfs_mm_events_tracing debugfs_trace_marker debugfs_tracing debugfs_tracing_debug debugfs_tracing_instances debugfs_tracing_printk_formats debugfs_wakeup_sources debugfs_wifi_tracing debugfs_bootreceiver_tracing debugfs_kcov ))
|
|
(typeattribute tracefs_type)
|
|
(typeattributeset tracefs_type (debugfs_mm_events_tracing debugfs_trace_marker debugfs_tracing debugfs_tracing_debug debugfs_tracing_instances debugfs_tracing_printk_formats debugfs_wifi_tracing debugfs_bootreceiver_tracing ))
|
|
(typeattribute sdcard_type)
|
|
(typeattributeset sdcard_type (fuseblk sdcardfs vfat exfat ))
|
|
(typeattribute node_type)
|
|
(typeattributeset node_type (node ))
|
|
(typeattribute netif_type)
|
|
(typeattributeset netif_type (netif ))
|
|
(typeattribute port_type)
|
|
(typeattributeset port_type (port ))
|
|
(typeattribute property_type)
|
|
(typeattributeset property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop default_prop rebootescrow_hal_prop virtual_face_hal_prop virtual_fingerprint_hal_prop persist_vendor_debug_wifi_prop vendor_default_prop adbd_prop apexd_payload_metadata_prop ctl_snapuserd_prop crashrecovery_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop keystore_crash_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop rollback_test_prop setupwizard_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_perf_enabled_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop enable_16k_pages_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop device_config_virtualization_framework_native_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop ))
|
|
(typeattribute core_property_type)
|
|
(typeattributeset core_property_type (restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))
|
|
(typeattribute log_property_type)
|
|
(typeattributeset log_property_type (log_prop log_tag_prop wifi_log_prop ))
|
|
(typeattribute extended_core_property_type)
|
|
(typeattribute system_property_type)
|
|
(expandtypeattribute (system_property_type) false)
|
|
(typeattributeset system_property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop default_prop adbd_prop apexd_payload_metadata_prop ctl_snapuserd_prop crashrecovery_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop keystore_crash_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop rollback_test_prop setupwizard_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_perf_enabled_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop enable_16k_pages_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop device_config_virtualization_framework_native_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop ))
|
|
(typeattribute system_internal_property_type)
|
|
(expandtypeattribute (system_internal_property_type) false)
|
|
(typeattributeset system_internal_property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop default_prop adbd_prop apexd_payload_metadata_prop ctl_snapuserd_prop crashrecovery_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop keystore_crash_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop rollback_test_prop setupwizard_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_perf_enabled_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop enable_16k_pages_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop ))
|
|
(typeattribute system_restricted_property_type)
|
|
(expandtypeattribute (system_restricted_property_type) false)
|
|
(typeattributeset system_restricted_property_type (aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop device_config_virtualization_framework_native_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop ))
|
|
(typeattribute system_public_property_type)
|
|
(expandtypeattribute (system_public_property_type) false)
|
|
(typeattributeset system_public_property_type (apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop ))
|
|
(typeattribute keystore2_key_type)
|
|
(typeattributeset keystore2_key_type (keystore wifi_key shell_key su_key vold_key odsign_key locksettings_key resume_on_reboot_key ))
|
|
(typeattribute vendor_property_type)
|
|
(expandtypeattribute (vendor_property_type) false)
|
|
(typeattributeset vendor_property_type (rebootescrow_hal_prop virtual_face_hal_prop virtual_fingerprint_hal_prop persist_vendor_debug_wifi_prop vendor_default_prop ))
|
|
(typeattribute vendor_internal_property_type)
|
|
(expandtypeattribute (vendor_internal_property_type) false)
|
|
(typeattributeset vendor_internal_property_type (rebootescrow_hal_prop virtual_face_hal_prop virtual_fingerprint_hal_prop vendor_default_prop ))
|
|
(typeattribute vendor_restricted_property_type)
|
|
(expandtypeattribute (vendor_restricted_property_type) false)
|
|
(typeattribute vendor_public_property_type)
|
|
(expandtypeattribute (vendor_public_property_type) false)
|
|
(typeattributeset vendor_public_property_type (persist_vendor_debug_wifi_prop ))
|
|
(typeattribute system_server_service)
|
|
(typeattributeset system_server_service (device_config_updatable_service ondevicepersonalization_system_service profiling_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifiaware_service window_service inputflinger_service tethering_service emergency_affordance_service adaptive_auth_service ambient_context_service attention_service bg_install_control_service communal_service dynamic_system_service feature_flags_service incidentcompanion_service logcat_service resolver_service safety_center_service statsbootstrap_service statscompanion_service statsmanager_service tracingproxy_service transparency_service wearable_sensing_service ))
|
|
(typeattribute app_api_service)
|
|
(typeattributeset app_api_service (batteryproperties_service gatekeeper_service gpu_service credstore_service mediatranscoding_service profiling_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_hibernation_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service blob_store_service bluetooth_manager_service broadcastradio_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service device_policy_service device_state_service deviceidle_service device_identifiers_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service file_integrity_service font_service devicelock_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_stats_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service input_method_service input_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service lock_settings_service media_communication_service media_metrics_service media_projection_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service notification_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service powerstats_service power_service print_service procstats_service reboot_readiness_service registry_service remote_auth_service restrictions_service role_service rollback_service rttmanager_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service speech_recognition_service tare_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifi_service wifiaware_service tethering_service ambient_context_service communal_service feature_flags_service incidentcompanion_service mediatuner_service safety_center_service wearable_sensing_service ))
|
|
(typeattribute ephemeral_app_api_service)
|
|
(typeattributeset ephemeral_app_api_service (batteryproperties_service gpu_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_search_service appops_service appwidget_service assetatlas_service audio_service autofill_service backup_service batterystats_service bluetooth_manager_service clipboard_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service deviceidle_service device_identifiers_service display_service font_service devicelock_service dreams_service dropbox_service platform_compat_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hint_service imms_service input_method_service input_service ipsec_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service media_communication_service media_metrics_service media_projection_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service netpolicy_service netstats_service network_management_service notification_service package_service package_native_service permission_service permissionmgr_service permission_checker_service power_service print_service procstats_service registry_service restrictions_service rttmanager_service search_service security_state_service selection_toolbar_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service statusbar_service storagestats_service speech_recognition_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service timedetector_service translation_service tv_ad_service tv_iapp_service tv_input_service uimode_service uri_grants_service usagestats_service user_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_native_service voiceinteraction_service webviewupdate_service tethering_service ))
|
|
(typeattribute system_api_service)
|
|
(typeattributeset system_api_service (device_config_updatable_service ondevicepersonalization_system_service adb_service adservices_manager_service app_hibernation_service app_integrity_service cacheinfo_service cpuinfo_service credential_service dbinfo_service device_state_service diskstats_service color_display_service gfxinfo_service lock_settings_service meminfo_service network_score_service oem_lock_service overlay_service persistent_data_block_service resources_manager_service serial_service system_config_service system_server_dumper_service updatelock_service wifiscanner_service window_service inputflinger_service bg_install_control_service dynamic_system_service incidentcompanion_service safety_center_service statsmanager_service ))
|
|
(typeattribute protected_service)
|
|
(typeattributeset protected_service (hal_audio_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_confirmationui_service hal_contexthub_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_composer_service hal_health_service hal_health_storage_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_memtrack_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service ))
|
|
(typeattribute service_manager_type)
|
|
(typeattributeset service_manager_type (aidl_lazy_test_service apc_service apex_service artd_service artd_pre_reboot_service audioserver_service authorization_service batteryproperties_service bluetooth_service cameraserver_service fwk_camera_service default_android_service device_config_updatable_service dexopt_chroot_setup_service dnsresolver_service drmserver_service dumpstate_service evsmanagerd_service fingerprintd_service fwk_automotive_display_service gatekeeper_service gpu_service idmap_service incident_service installd_service credstore_service keystore_compat_hal_service keystore_maintenance_service keystore_metrics_service keystore_service legacykeystore_service lpdump_service mdns_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service mediatranscoding_service netd_service nfc_service ondevicepersonalization_system_service ot_daemon_service profiling_service radio_service secure_element_service service_manager_service storaged_service surfaceflinger_service system_app_service system_net_netd_service system_suspend_control_internal_service system_suspend_control_service update_engine_service update_engine_stable_service virtualization_service virtual_camera_service virtual_touchpad_service vold_service vr_hwc_service vrflinger_vsync_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifinl80211_service wifiaware_service window_service inputflinger_service tethering_service emergency_affordance_service hal_audio_service hal_audiocontrol_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_cas_service hal_codec2_service hal_confirmationui_service hal_contexthub_service hal_drm_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_allocator_service hal_graphics_composer_service hal_graphics_mapper_service hal_health_service hal_health_storage_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_memtrack_service hal_neuralnetworks_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service adaptive_auth_service ambient_context_service attention_service bg_install_control_service compos_service communal_service dynamic_system_service feature_flags_service gsi_service incidentcompanion_service logcat_service logd_service mediatuner_service profcollectd_service resolver_service rkpd_registrar_service rkpd_refresh_service safety_center_service stats_service statsbootstrap_service statscompanion_service statsmanager_service tracingproxy_service transparency_service uce_service wearable_sensing_service ))
|
|
(typeattribute hwservice_manager_type)
|
|
(typeattributeset hwservice_manager_type (default_android_hwservice fwk_camera_hwservice fwk_display_hwservice fwk_scheduler_hwservice fwk_sensor_hwservice fwk_stats_hwservice fwk_automotive_display_hwservice hal_atrace_hwservice hal_audio_hwservice hal_audiocontrol_hwservice hal_authsecret_hwservice hal_bluetooth_hwservice hal_bootctl_hwservice hal_broadcastradio_hwservice hal_camera_hwservice hal_can_bus_hwservice hal_can_controller_hwservice hal_confirmationui_hwservice hal_contexthub_hwservice hal_dumpstate_hwservice hal_evs_hwservice hal_face_hwservice hal_fingerprint_hwservice hal_gatekeeper_hwservice hal_gnss_hwservice hal_graphics_composer_hwservice hal_health_hwservice hal_health_storage_hwservice hal_input_classifier_hwservice hal_ir_hwservice hal_keymaster_hwservice hal_light_hwservice hal_lowpan_hwservice hal_memtrack_hwservice hal_nfc_hwservice hal_oemlock_hwservice hal_power_hwservice hal_power_stats_hwservice hal_secure_element_hwservice hal_sensors_hwservice hal_telephony_hwservice hal_tetheroffload_hwservice hal_thermal_hwservice hal_tv_cec_hwservice hal_tv_input_hwservice hal_tv_tuner_hwservice hal_usb_gadget_hwservice hal_usb_hwservice hal_vehicle_hwservice hal_vibrator_hwservice hal_vr_hwservice hal_weaver_hwservice hal_wifi_hostapd_hwservice hal_wifi_hwservice hal_wifi_supplicant_hwservice system_net_netd_hwservice system_suspend_hwservice system_wifi_keystore_hwservice fwk_bufferhub_hwservice hal_cas_hwservice hal_codec2_hwservice hal_configstore_ISurfaceFlingerConfigs hal_drm_hwservice hal_graphics_allocator_hwservice hal_graphics_mapper_hwservice hal_neuralnetworks_hwservice hal_omx_hwservice hal_renderscript_hwservice hidl_allocator_hwservice hidl_base_hwservice hidl_manager_hwservice hidl_memory_hwservice hidl_token_hwservice hal_lazy_test_hwservice ))
|
|
(typeattribute same_process_hwservice)
|
|
(typeattributeset same_process_hwservice (hal_graphics_mapper_hwservice hal_renderscript_hwservice ))
|
|
(typeattribute coredomain_hwservice)
|
|
(typeattributeset coredomain_hwservice (fwk_camera_hwservice fwk_display_hwservice fwk_scheduler_hwservice fwk_sensor_hwservice fwk_stats_hwservice fwk_automotive_display_hwservice system_net_netd_hwservice system_suspend_hwservice system_wifi_keystore_hwservice fwk_bufferhub_hwservice hidl_allocator_hwservice hidl_manager_hwservice hidl_memory_hwservice hidl_token_hwservice ))
|
|
(typeattribute protected_hwservice)
|
|
(typeattributeset protected_hwservice (default_android_hwservice fwk_camera_hwservice fwk_display_hwservice fwk_scheduler_hwservice fwk_sensor_hwservice fwk_stats_hwservice fwk_automotive_display_hwservice hal_atrace_hwservice hal_audio_hwservice hal_audiocontrol_hwservice hal_authsecret_hwservice hal_bluetooth_hwservice hal_bootctl_hwservice hal_broadcastradio_hwservice hal_camera_hwservice hal_can_bus_hwservice hal_can_controller_hwservice hal_confirmationui_hwservice hal_contexthub_hwservice hal_dumpstate_hwservice hal_evs_hwservice hal_face_hwservice hal_fingerprint_hwservice hal_gatekeeper_hwservice hal_gnss_hwservice hal_graphics_composer_hwservice hal_health_hwservice hal_health_storage_hwservice hal_input_classifier_hwservice hal_ir_hwservice hal_keymaster_hwservice hal_light_hwservice hal_lowpan_hwservice hal_memtrack_hwservice hal_nfc_hwservice hal_oemlock_hwservice hal_power_hwservice hal_power_stats_hwservice hal_secure_element_hwservice hal_sensors_hwservice hal_telephony_hwservice hal_tetheroffload_hwservice hal_thermal_hwservice hal_tv_cec_hwservice hal_tv_input_hwservice hal_tv_tuner_hwservice hal_usb_gadget_hwservice hal_usb_hwservice hal_vehicle_hwservice hal_vibrator_hwservice hal_vr_hwservice hal_weaver_hwservice hal_wifi_hostapd_hwservice hal_wifi_hwservice hal_wifi_supplicant_hwservice system_net_netd_hwservice system_suspend_hwservice system_wifi_keystore_hwservice hal_lazy_test_hwservice ))
|
|
(typeattribute vndservice_manager_type)
|
|
(typeattributeset vndservice_manager_type (service_manager_vndservice default_android_vndservice ))
|
|
(typeattribute hal_service_type)
|
|
(typeattributeset hal_service_type (hal_audio_service hal_audiocontrol_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_cas_service hal_codec2_service hal_confirmationui_service hal_contexthub_service hal_drm_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_allocator_service hal_graphics_composer_service hal_graphics_mapper_service hal_health_service hal_health_storage_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_memtrack_service hal_neuralnetworks_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service ))
|
|
(typeattribute mlstrustedsubject)
|
|
(typeattributeset mlstrustedsubject (adbd artd bluetooth bufferhubd drmserver dumpstate pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket heapprofd hwservicemanager incidentd init installd kernel keystore llkd lmkd logd mdnsd mediadrmserver mediaextractor mediaserver netd network_stack nfc performanced prng_seeder radio rss_hwm_reset runas servicemanager shell simpleperf_app_runner statsd surfaceflinger system_app system_server tombstoned traced traced_perf traced_probes uncrypt vendor_init vold vold_prepare_subdirs webview_zygote zygote cppreopts device_as_webcam dexoptanalyzer otapreopt_slot postinstall_dexopt profcollectd simpleperf_boot storaged viewcompiler virtualizationservice ))
|
|
(typeattribute mlstrustedobject)
|
|
(typeattributeset mlstrustedobject (ashmem_device ashmem_libcutils_device binder_device hwbinder_device pmsg_device gpu_device mtp_device ptmx_device kmsg_device null_device random_device owntty_device zero_device fuse_device ion_device dmabuf_heap_device dmabuf_system_heap_device dmabuf_system_secure_heap_device uhid_device tun_device usbaccessory_device usb_device proc_qtaguid_ctrl proc_qtaguid_stat selinuxfs cgroup sysfs sysfs_bluetooth_writable sysfs_kernel_notes sysfs_nfc_power_writable inotify devpts fuse fuseblk sdcardfs vfat exfat debugfs_trace_marker debugfs_tracing debugfs_tracing_debug functionfs anr_data_file tombstone_data_file apk_tmp_file apk_private_tmp_file ota_package_file user_profile_data_file shell_data_file heapdump_data_file ringtone_file media_rw_data_file radio_data_file shared_relro_file trace_data_file method_trace_data_file system_app_data_file cache_file cache_backup_file cache_recovery_file wallpaper_file shortcut_manager_icons asec_apk_file backup_data_file app_fuse_file dnsproxyd_socket fwmarkd_socket logd_socket logdr_socket logdw_socket mdnsd_socket property_socket statsdw_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_java_trace_socket traced_consumer_socket traced_perf_socket traced_producer_socket heapprofd_socket pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket system_server_tmpfs traced_tmpfs wm_trace_data_file virtualizationservice_data_file kvm_device prng_seeder_socket heapprofd_tmpfs ))
|
|
(typeattribute appdomain)
|
|
(typeattributeset appdomain (bluetooth ephemeral_app gmscore_app isolated_app isolated_compute_app mediaprovider network_stack nfc platform_app priv_app radio rkpdapp runas_app secure_element shared_relro shell simpleperf system_app traceur_app untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 device_as_webcam mediaprovider_app permissioncontroller_app sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next vzwomatrigger_app ))
|
|
(typeattribute untrusted_app_all)
|
|
(typeattributeset untrusted_app_all (runas_app simpleperf untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))
|
|
(typeattribute isolated_app_all)
|
|
(typeattributeset isolated_app_all (isolated_app isolated_compute_app ))
|
|
(typeattribute isolated_compute_allowed_service)
|
|
(typeattributeset isolated_compute_allowed_service (audioserver_service cameraserver_service mediaserver_service content_capture_service device_state_service speech_recognition_service hal_codec2_service ))
|
|
(typeattribute isolated_compute_allowed_device)
|
|
(typeattributeset isolated_compute_allowed_device (hwbinder_device ion_device dmabuf_system_heap_device ))
|
|
(typeattribute netdomain)
|
|
(typeattributeset netdomain (adbd bluetooth dhcp dnsmasq drmserver dumpstate ephemeral_app gmscore_app mdnsd mediadrmserver mediaprovider mediaserver netd network_stack nfc platform_app priv_app radio rkpdapp runas_app shell system_app system_server untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine clatd ot_daemon sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next ))
|
|
(typeattribute bluetoothdomain)
|
|
(typeattributeset bluetoothdomain (platform_app priv_app radio runas_app system_server untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))
|
|
(typeattribute binderservicedomain)
|
|
(typeattributeset binderservicedomain (audioserver cameraserver credstore drmserver evsmanagerd gatekeeperd idmap inputflinger keystore logd mediadrmserver mediaextractor mediametrics mediaserver mediatranscoding nfc radio secure_element surfaceflinger system_app system_server virtual_touchpad gsid mediatuner rkpd ))
|
|
(typeattribute bpfdomain)
|
|
(expandtypeattribute (bpfdomain) false)
|
|
(typeattributeset bpfdomain (bpfloader charger_vendor gpuservice lmkd netd netutils_wrapper network_stack system_server mediaprovider_app uprobestats ))
|
|
(typeattribute update_engine_common)
|
|
(typeattributeset update_engine_common (update_engine ))
|
|
(typeattribute coredomain)
|
|
(typeattributeset coredomain (adbd apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger crash_dump credstore dhcp dnsmasq drmserver dumpstate e2fs ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe netd netutils_wrapper network_stack nfc otapreopt_chroot perfetto performanced platform_app postinstall priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd surfaceflinger system_app system_server tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc virtual_touchpad vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd apex_test_prepostinstall apexd_derive_classpath art_boot auditctl automotive_display_service blank_screen boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts crosvm derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dexoptanalyzer dmesgd fsverity_init fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default iw linkerconfig lpdumpd mediaprovider_app mediatuner migrate_legacy_obb_data misctrl mm_events mtectrl odrefresh odsign ot_daemon otapreopt_slot permissioncontroller_app postinstall_dexopt preloads_copy preopt2cachename profcollectd remount rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend uprobestats vehicle_binding_util viewcompiler virtual_camera virtualizationmanager virtualizationservice wait_for_keymaster ))
|
|
(typeattribute vendor_hwservice_type)
|
|
(typeattribute coredomain_socket)
|
|
(expandtypeattribute (coredomain_socket) false)
|
|
(typeattributeset coredomain_socket (drmserver_socket adbd_socket bluetooth_socket dnsproxyd_socket dumpstate_socket fwmarkd_socket lmkd_socket logd_socket logdr_socket logdw_socket mdns_socket mdnsd_socket misc_logd_file mtpd_socket ot_daemon_socket property_socket racoon_socket recovery_socket snapuserd_socket snapuserd_proxy_socket statsdw_socket system_wpa_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_intercept_socket traced_consumer_socket traced_perf_socket traced_producer_socket uncrypt_socket zygote_socket heapprofd_socket pdx_display_client_endpoint_socket pdx_display_client_channel_socket pdx_display_manager_endpoint_socket pdx_display_manager_channel_socket pdx_display_screenshot_endpoint_socket pdx_display_screenshot_channel_socket pdx_display_vsync_endpoint_socket pdx_display_vsync_channel_socket pdx_performance_client_endpoint_socket pdx_performance_client_channel_socket pdx_bufferhub_client_endpoint_socket pdx_bufferhub_client_channel_socket prng_seeder_socket aconfigd_socket ))
|
|
(typeattribute socket_between_core_and_vendor_violators)
|
|
(expandtypeattribute (socket_between_core_and_vendor_violators) false)
|
|
(typeattribute vendor_executes_system_violators)
|
|
(expandtypeattribute (vendor_executes_system_violators) false)
|
|
(typeattribute data_between_core_and_vendor_violators)
|
|
(expandtypeattribute (data_between_core_and_vendor_violators) false)
|
|
(typeattribute system_executes_vendor_violators)
|
|
(expandtypeattribute (system_executes_vendor_violators) false)
|
|
(typeattribute system_writes_vendor_properties_violators)
|
|
(expandtypeattribute (system_writes_vendor_properties_violators) false)
|
|
(typeattribute system_writes_mnt_vendor_violators)
|
|
(expandtypeattribute (system_writes_mnt_vendor_violators) false)
|
|
(typeattribute untrusted_app_visible_hwservice_violators)
|
|
(expandtypeattribute (untrusted_app_visible_hwservice_violators) false)
|
|
(typeattribute untrusted_app_visible_halserver_violators)
|
|
(expandtypeattribute (untrusted_app_visible_halserver_violators) false)
|
|
(typeattribute pdx_endpoint_dir_type)
|
|
(typeattributeset pdx_endpoint_dir_type (pdx_display_dir pdx_performance_dir pdx_bufferhub_dir ))
|
|
(typeattribute pdx_endpoint_socket_type)
|
|
(expandtypeattribute (pdx_endpoint_socket_type) false)
|
|
(typeattributeset pdx_endpoint_socket_type (pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket ))
|
|
(typeattribute pdx_channel_socket_type)
|
|
(expandtypeattribute (pdx_channel_socket_type) false)
|
|
(typeattributeset pdx_channel_socket_type (pdx_display_client_channel_socket pdx_display_manager_channel_socket pdx_display_screenshot_channel_socket pdx_display_vsync_channel_socket pdx_performance_client_channel_socket pdx_bufferhub_client_channel_socket ))
|
|
(typeattribute pdx_display_client_endpoint_dir_type)
|
|
(typeattributeset pdx_display_client_endpoint_dir_type (pdx_display_dir ))
|
|
(typeattribute pdx_display_client_endpoint_socket_type)
|
|
(typeattributeset pdx_display_client_endpoint_socket_type (pdx_display_client_endpoint_socket ))
|
|
(typeattribute pdx_display_client_channel_socket_type)
|
|
(typeattributeset pdx_display_client_channel_socket_type (pdx_display_client_channel_socket ))
|
|
(typeattribute pdx_display_client_server_type)
|
|
(typeattributeset pdx_display_client_server_type (surfaceflinger ))
|
|
(typeattribute pdx_display_manager_endpoint_dir_type)
|
|
(typeattributeset pdx_display_manager_endpoint_dir_type (pdx_display_dir ))
|
|
(typeattribute pdx_display_manager_endpoint_socket_type)
|
|
(typeattributeset pdx_display_manager_endpoint_socket_type (pdx_display_manager_endpoint_socket ))
|
|
(typeattribute pdx_display_manager_channel_socket_type)
|
|
(typeattributeset pdx_display_manager_channel_socket_type (pdx_display_manager_channel_socket ))
|
|
(typeattribute pdx_display_manager_server_type)
|
|
(typeattributeset pdx_display_manager_server_type (surfaceflinger ))
|
|
(typeattribute pdx_display_screenshot_endpoint_dir_type)
|
|
(typeattributeset pdx_display_screenshot_endpoint_dir_type (pdx_display_dir ))
|
|
(typeattribute pdx_display_screenshot_endpoint_socket_type)
|
|
(typeattributeset pdx_display_screenshot_endpoint_socket_type (pdx_display_screenshot_endpoint_socket ))
|
|
(typeattribute pdx_display_screenshot_channel_socket_type)
|
|
(typeattributeset pdx_display_screenshot_channel_socket_type (pdx_display_screenshot_channel_socket ))
|
|
(typeattribute pdx_display_screenshot_server_type)
|
|
(typeattributeset pdx_display_screenshot_server_type (surfaceflinger ))
|
|
(typeattribute pdx_display_vsync_endpoint_dir_type)
|
|
(typeattributeset pdx_display_vsync_endpoint_dir_type (pdx_display_dir ))
|
|
(typeattribute pdx_display_vsync_endpoint_socket_type)
|
|
(typeattributeset pdx_display_vsync_endpoint_socket_type (pdx_display_vsync_endpoint_socket ))
|
|
(typeattribute pdx_display_vsync_channel_socket_type)
|
|
(typeattributeset pdx_display_vsync_channel_socket_type (pdx_display_vsync_channel_socket ))
|
|
(typeattribute pdx_display_vsync_server_type)
|
|
(typeattributeset pdx_display_vsync_server_type (surfaceflinger ))
|
|
(typeattribute pdx_performance_client_endpoint_dir_type)
|
|
(typeattributeset pdx_performance_client_endpoint_dir_type (pdx_performance_dir ))
|
|
(typeattribute pdx_performance_client_endpoint_socket_type)
|
|
(typeattributeset pdx_performance_client_endpoint_socket_type (pdx_performance_client_endpoint_socket ))
|
|
(typeattribute pdx_performance_client_channel_socket_type)
|
|
(typeattributeset pdx_performance_client_channel_socket_type (pdx_performance_client_channel_socket ))
|
|
(typeattribute pdx_performance_client_server_type)
|
|
(typeattributeset pdx_performance_client_server_type (performanced ))
|
|
(typeattribute pdx_bufferhub_client_endpoint_dir_type)
|
|
(typeattributeset pdx_bufferhub_client_endpoint_dir_type (pdx_bufferhub_dir ))
|
|
(typeattribute pdx_bufferhub_client_endpoint_socket_type)
|
|
(typeattributeset pdx_bufferhub_client_endpoint_socket_type (pdx_bufferhub_client_endpoint_socket ))
|
|
(typeattribute pdx_bufferhub_client_channel_socket_type)
|
|
(typeattributeset pdx_bufferhub_client_channel_socket_type (pdx_bufferhub_client_channel_socket ))
|
|
(typeattribute pdx_bufferhub_client_server_type)
|
|
(typeattributeset pdx_bufferhub_client_server_type (bufferhubd ))
|
|
(typeattribute halserverdomain)
|
|
(typeattributeset halserverdomain (charger_vendor mediaswcodec hal_allocator_default virtualizationservice ))
|
|
(typeattribute halclientdomain)
|
|
(expandtypeattribute (halclientdomain) true)
|
|
(typeattributeset halclientdomain (adbd atrace audioserver bluetooth bootanim bufferhubd cameraserver charger credstore dumpstate evsmanagerd gatekeeperd isolated_compute_app keystore mediadrmserver mediaextractor mediaserver mediaswcodec mediatranscoding network_stack nfc radio rkpdapp secure_element shell statsd surfaceflinger system_app system_server traced_probes traceur_app update_engine update_verifier usbd vold wificond automotive_display_service blank_screen canhalconfigurator fwk_bufferhub mediatuner odsign ot_daemon snapshotctl storaged vehicle_binding_util virtual_camera virtualizationmanager virtualizationservice ))
|
|
(typeattribute hal_automotive_socket_exemption)
|
|
(typeattribute hal_allocator)
|
|
(expandtypeattribute (hal_allocator) true)
|
|
(typeattributeset hal_allocator (hal_allocator_default ))
|
|
(typeattribute hal_allocator_client)
|
|
(expandtypeattribute (hal_allocator_client) true)
|
|
(typeattributeset hal_allocator_client (audioserver cameraserver isolated_compute_app mediaextractor mediaserver mediaswcodec mediatranscoding system_server ))
|
|
(typeattribute hal_allocator_server)
|
|
(expandtypeattribute (hal_allocator_server) false)
|
|
(typeattributeset hal_allocator_server (hal_allocator_default ))
|
|
(typeattribute hal_atrace)
|
|
(expandtypeattribute (hal_atrace) true)
|
|
(typeattribute hal_atrace_client)
|
|
(expandtypeattribute (hal_atrace_client) true)
|
|
(typeattributeset hal_atrace_client (atrace shell traced_probes traceur_app ))
|
|
(typeattribute hal_atrace_server)
|
|
(expandtypeattribute (hal_atrace_server) false)
|
|
(typeattribute hal_audio)
|
|
(expandtypeattribute (hal_audio) true)
|
|
(typeattribute hal_audio_client)
|
|
(expandtypeattribute (hal_audio_client) true)
|
|
(typeattributeset hal_audio_client (audioserver bluetooth dumpstate system_server ))
|
|
(typeattribute hal_audio_server)
|
|
(expandtypeattribute (hal_audio_server) false)
|
|
(typeattribute hal_audiocontrol)
|
|
(expandtypeattribute (hal_audiocontrol) true)
|
|
(typeattribute hal_audiocontrol_client)
|
|
(expandtypeattribute (hal_audiocontrol_client) true)
|
|
(typeattributeset hal_audiocontrol_client (dumpstate ))
|
|
(typeattribute hal_audiocontrol_server)
|
|
(expandtypeattribute (hal_audiocontrol_server) false)
|
|
(typeattribute hal_authgraph)
|
|
(expandtypeattribute (hal_authgraph) true)
|
|
(typeattribute hal_authgraph_client)
|
|
(expandtypeattribute (hal_authgraph_client) true)
|
|
(typeattributeset hal_authgraph_client (dumpstate system_server ))
|
|
(typeattribute hal_authgraph_server)
|
|
(expandtypeattribute (hal_authgraph_server) false)
|
|
(typeattribute hal_authsecret)
|
|
(expandtypeattribute (hal_authsecret) true)
|
|
(typeattribute hal_authsecret_client)
|
|
(expandtypeattribute (hal_authsecret_client) true)
|
|
(typeattributeset hal_authsecret_client (dumpstate system_server ))
|
|
(typeattribute hal_authsecret_server)
|
|
(expandtypeattribute (hal_authsecret_server) false)
|
|
(typeattribute hal_bluetooth)
|
|
(expandtypeattribute (hal_bluetooth) true)
|
|
(typeattribute hal_bluetooth_client)
|
|
(expandtypeattribute (hal_bluetooth_client) true)
|
|
(typeattributeset hal_bluetooth_client (bluetooth dumpstate system_server ))
|
|
(typeattribute hal_bluetooth_server)
|
|
(expandtypeattribute (hal_bluetooth_server) false)
|
|
(typeattribute hal_bootctl)
|
|
(expandtypeattribute (hal_bootctl) true)
|
|
(typeattribute hal_bootctl_client)
|
|
(expandtypeattribute (hal_bootctl_client) true)
|
|
(typeattributeset hal_bootctl_client (system_server update_engine update_verifier vold snapshotctl ))
|
|
(typeattribute hal_bootctl_server)
|
|
(expandtypeattribute (hal_bootctl_server) false)
|
|
(typeattribute hal_broadcastradio)
|
|
(expandtypeattribute (hal_broadcastradio) true)
|
|
(typeattribute hal_broadcastradio_client)
|
|
(expandtypeattribute (hal_broadcastradio_client) true)
|
|
(typeattributeset hal_broadcastradio_client (dumpstate system_server ))
|
|
(typeattribute hal_broadcastradio_server)
|
|
(expandtypeattribute (hal_broadcastradio_server) false)
|
|
(typeattribute hal_camera)
|
|
(expandtypeattribute (hal_camera) true)
|
|
(typeattribute hal_camera_client)
|
|
(expandtypeattribute (hal_camera_client) true)
|
|
(typeattributeset hal_camera_client (cameraserver dumpstate ))
|
|
(typeattribute hal_camera_server)
|
|
(expandtypeattribute (hal_camera_server) false)
|
|
(typeattribute hal_can_bus)
|
|
(expandtypeattribute (hal_can_bus) true)
|
|
(typeattribute hal_can_bus_client)
|
|
(expandtypeattribute (hal_can_bus_client) true)
|
|
(typeattribute hal_can_bus_server)
|
|
(expandtypeattribute (hal_can_bus_server) false)
|
|
(typeattribute hal_can_controller)
|
|
(expandtypeattribute (hal_can_controller) true)
|
|
(typeattribute hal_can_controller_client)
|
|
(expandtypeattribute (hal_can_controller_client) true)
|
|
(typeattributeset hal_can_controller_client (canhalconfigurator ))
|
|
(typeattribute hal_can_controller_server)
|
|
(expandtypeattribute (hal_can_controller_server) false)
|
|
(typeattribute hal_cas)
|
|
(expandtypeattribute (hal_cas) true)
|
|
(typeattribute hal_cas_client)
|
|
(expandtypeattribute (hal_cas_client) true)
|
|
(typeattributeset hal_cas_client (mediaextractor ))
|
|
(typeattribute hal_cas_server)
|
|
(expandtypeattribute (hal_cas_server) false)
|
|
(typeattribute hal_codec2)
|
|
(expandtypeattribute (hal_codec2) true)
|
|
(typeattributeset hal_codec2 (mediaswcodec ))
|
|
(typeattribute hal_codec2_client)
|
|
(expandtypeattribute (hal_codec2_client) true)
|
|
(typeattributeset hal_codec2_client (cameraserver dumpstate isolated_compute_app mediaserver mediaswcodec mediatranscoding surfaceflinger system_server virtual_camera ))
|
|
(typeattribute hal_codec2_server)
|
|
(expandtypeattribute (hal_codec2_server) false)
|
|
(typeattributeset hal_codec2_server (mediaswcodec ))
|
|
(typeattribute hal_configstore)
|
|
(expandtypeattribute (hal_configstore) true)
|
|
(typeattribute hal_configstore_client)
|
|
(expandtypeattribute (hal_configstore_client) true)
|
|
(typeattributeset hal_configstore_client (bootanim mediaserver mediatranscoding surfaceflinger system_server ))
|
|
(typeattribute hal_configstore_server)
|
|
(expandtypeattribute (hal_configstore_server) false)
|
|
(typeattribute hal_confirmationui)
|
|
(expandtypeattribute (hal_confirmationui) true)
|
|
(typeattribute hal_confirmationui_client)
|
|
(expandtypeattribute (hal_confirmationui_client) true)
|
|
(typeattributeset hal_confirmationui_client (keystore ))
|
|
(typeattribute hal_confirmationui_server)
|
|
(expandtypeattribute (hal_confirmationui_server) false)
|
|
(typeattribute hal_contexthub)
|
|
(expandtypeattribute (hal_contexthub) true)
|
|
(typeattribute hal_contexthub_client)
|
|
(expandtypeattribute (hal_contexthub_client) true)
|
|
(typeattributeset hal_contexthub_client (dumpstate system_server ))
|
|
(typeattribute hal_contexthub_server)
|
|
(expandtypeattribute (hal_contexthub_server) false)
|
|
(typeattribute hal_drm)
|
|
(expandtypeattribute (hal_drm) true)
|
|
(typeattribute hal_drm_client)
|
|
(expandtypeattribute (hal_drm_client) true)
|
|
(typeattributeset hal_drm_client (dumpstate mediadrmserver mediaserver ))
|
|
(typeattribute hal_drm_server)
|
|
(expandtypeattribute (hal_drm_server) false)
|
|
(typeattribute hal_dumpstate)
|
|
(expandtypeattribute (hal_dumpstate) true)
|
|
(typeattribute hal_dumpstate_client)
|
|
(expandtypeattribute (hal_dumpstate_client) true)
|
|
(typeattributeset hal_dumpstate_client (dumpstate system_app ))
|
|
(typeattribute hal_dumpstate_server)
|
|
(expandtypeattribute (hal_dumpstate_server) false)
|
|
(typeattribute hal_evs)
|
|
(expandtypeattribute (hal_evs) true)
|
|
(typeattribute hal_evs_client)
|
|
(expandtypeattribute (hal_evs_client) true)
|
|
(typeattributeset hal_evs_client (dumpstate evsmanagerd ))
|
|
(typeattribute hal_evs_server)
|
|
(expandtypeattribute (hal_evs_server) false)
|
|
(typeattribute hal_face)
|
|
(expandtypeattribute (hal_face) true)
|
|
(typeattribute hal_face_client)
|
|
(expandtypeattribute (hal_face_client) true)
|
|
(typeattributeset hal_face_client (dumpstate system_server ))
|
|
(typeattribute hal_face_server)
|
|
(expandtypeattribute (hal_face_server) false)
|
|
(typeattribute hal_fastboot)
|
|
(expandtypeattribute (hal_fastboot) true)
|
|
(typeattribute hal_fastboot_client)
|
|
(expandtypeattribute (hal_fastboot_client) true)
|
|
(typeattribute hal_fastboot_server)
|
|
(expandtypeattribute (hal_fastboot_server) false)
|
|
(typeattribute hal_fingerprint)
|
|
(expandtypeattribute (hal_fingerprint) true)
|
|
(typeattribute hal_fingerprint_client)
|
|
(expandtypeattribute (hal_fingerprint_client) true)
|
|
(typeattributeset hal_fingerprint_client (dumpstate system_server ))
|
|
(typeattribute hal_fingerprint_server)
|
|
(expandtypeattribute (hal_fingerprint_server) false)
|
|
(typeattribute hal_gatekeeper)
|
|
(expandtypeattribute (hal_gatekeeper) true)
|
|
(typeattribute hal_gatekeeper_client)
|
|
(expandtypeattribute (hal_gatekeeper_client) true)
|
|
(typeattributeset hal_gatekeeper_client (gatekeeperd ))
|
|
(typeattribute hal_gatekeeper_server)
|
|
(expandtypeattribute (hal_gatekeeper_server) false)
|
|
(typeattribute hal_gnss)
|
|
(expandtypeattribute (hal_gnss) true)
|
|
(typeattribute hal_gnss_client)
|
|
(expandtypeattribute (hal_gnss_client) true)
|
|
(typeattributeset hal_gnss_client (dumpstate system_server ))
|
|
(typeattribute hal_gnss_server)
|
|
(expandtypeattribute (hal_gnss_server) false)
|
|
(typeattribute hal_graphics_allocator)
|
|
(expandtypeattribute (hal_graphics_allocator) true)
|
|
(typeattribute hal_graphics_allocator_client)
|
|
(expandtypeattribute (hal_graphics_allocator_client) true)
|
|
(typeattributeset hal_graphics_allocator_client (adbd bootanim bufferhubd cameraserver dumpstate mediadrmserver mediaserver mediaswcodec mediatranscoding surfaceflinger system_server automotive_display_service fwk_bufferhub virtual_camera ))
|
|
(typeattribute hal_graphics_allocator_server)
|
|
(expandtypeattribute (hal_graphics_allocator_server) false)
|
|
(typeattribute hal_graphics_composer)
|
|
(expandtypeattribute (hal_graphics_composer) true)
|
|
(typeattribute hal_graphics_composer_client)
|
|
(expandtypeattribute (hal_graphics_composer_client) true)
|
|
(typeattributeset hal_graphics_composer_client (bootanim dumpstate surfaceflinger automotive_display_service ))
|
|
(typeattribute hal_graphics_composer_server)
|
|
(expandtypeattribute (hal_graphics_composer_server) false)
|
|
(typeattribute hal_health)
|
|
(expandtypeattribute (hal_health) true)
|
|
(typeattributeset hal_health (charger_vendor ))
|
|
(typeattribute hal_health_client)
|
|
(expandtypeattribute (hal_health_client) true)
|
|
(typeattributeset hal_health_client (charger dumpstate statsd system_server traced_probes storaged ))
|
|
(typeattribute hal_health_server)
|
|
(expandtypeattribute (hal_health_server) false)
|
|
(typeattributeset hal_health_server (charger_vendor ))
|
|
(typeattribute hal_health_storage)
|
|
(expandtypeattribute (hal_health_storage) true)
|
|
(typeattribute hal_health_storage_client)
|
|
(expandtypeattribute (hal_health_storage_client) true)
|
|
(typeattributeset hal_health_storage_client (vold ))
|
|
(typeattribute hal_health_storage_server)
|
|
(expandtypeattribute (hal_health_storage_server) false)
|
|
(typeattribute hal_identity)
|
|
(expandtypeattribute (hal_identity) true)
|
|
(typeattribute hal_identity_client)
|
|
(expandtypeattribute (hal_identity_client) true)
|
|
(typeattributeset hal_identity_client (credstore dumpstate ))
|
|
(typeattribute hal_identity_server)
|
|
(expandtypeattribute (hal_identity_server) false)
|
|
(typeattribute hal_input_classifier)
|
|
(expandtypeattribute (hal_input_classifier) true)
|
|
(typeattribute hal_input_classifier_client)
|
|
(expandtypeattribute (hal_input_classifier_client) true)
|
|
(typeattributeset hal_input_classifier_client (system_server ))
|
|
(typeattribute hal_input_classifier_server)
|
|
(expandtypeattribute (hal_input_classifier_server) false)
|
|
(typeattribute hal_input_processor)
|
|
(expandtypeattribute (hal_input_processor) true)
|
|
(typeattribute hal_input_processor_client)
|
|
(expandtypeattribute (hal_input_processor_client) true)
|
|
(typeattributeset hal_input_processor_client (dumpstate system_server ))
|
|
(typeattribute hal_input_processor_server)
|
|
(expandtypeattribute (hal_input_processor_server) false)
|
|
(typeattribute hal_ir)
|
|
(expandtypeattribute (hal_ir) true)
|
|
(typeattribute hal_ir_client)
|
|
(expandtypeattribute (hal_ir_client) true)
|
|
(typeattributeset hal_ir_client (system_server ))
|
|
(typeattribute hal_ir_server)
|
|
(expandtypeattribute (hal_ir_server) false)
|
|
(typeattribute hal_ivn)
|
|
(expandtypeattribute (hal_ivn) true)
|
|
(typeattribute hal_ivn_client)
|
|
(expandtypeattribute (hal_ivn_client) true)
|
|
(typeattribute hal_ivn_server)
|
|
(expandtypeattribute (hal_ivn_server) false)
|
|
(typeattribute hal_keymaster)
|
|
(expandtypeattribute (hal_keymaster) true)
|
|
(typeattribute hal_keymaster_client)
|
|
(expandtypeattribute (hal_keymaster_client) true)
|
|
(typeattributeset hal_keymaster_client (keystore odsign ))
|
|
(typeattribute hal_keymaster_server)
|
|
(expandtypeattribute (hal_keymaster_server) false)
|
|
(typeattribute hal_keymint)
|
|
(expandtypeattribute (hal_keymint) true)
|
|
(typeattribute hal_keymint_client)
|
|
(expandtypeattribute (hal_keymint_client) true)
|
|
(typeattributeset hal_keymint_client (credstore dumpstate keystore rkpdapp system_server ))
|
|
(typeattribute hal_keymint_server)
|
|
(expandtypeattribute (hal_keymint_server) false)
|
|
(typeattribute hal_light)
|
|
(expandtypeattribute (hal_light) true)
|
|
(typeattribute hal_light_client)
|
|
(expandtypeattribute (hal_light_client) true)
|
|
(typeattributeset hal_light_client (dumpstate system_server blank_screen ))
|
|
(typeattribute hal_light_server)
|
|
(expandtypeattribute (hal_light_server) false)
|
|
(typeattribute hal_lowpan)
|
|
(expandtypeattribute (hal_lowpan) true)
|
|
(typeattribute hal_lowpan_client)
|
|
(expandtypeattribute (hal_lowpan_client) true)
|
|
(typeattribute hal_lowpan_server)
|
|
(expandtypeattribute (hal_lowpan_server) false)
|
|
(typeattribute hal_macsec)
|
|
(expandtypeattribute (hal_macsec) true)
|
|
(typeattribute hal_macsec_client)
|
|
(expandtypeattribute (hal_macsec_client) true)
|
|
(typeattribute hal_macsec_server)
|
|
(expandtypeattribute (hal_macsec_server) false)
|
|
(typeattribute hal_memtrack)
|
|
(expandtypeattribute (hal_memtrack) true)
|
|
(typeattribute hal_memtrack_client)
|
|
(expandtypeattribute (hal_memtrack_client) true)
|
|
(typeattributeset hal_memtrack_client (dumpstate system_server ))
|
|
(typeattribute hal_memtrack_server)
|
|
(expandtypeattribute (hal_memtrack_server) false)
|
|
(typeattribute hal_neuralnetworks)
|
|
(expandtypeattribute (hal_neuralnetworks) true)
|
|
(typeattribute hal_neuralnetworks_client)
|
|
(expandtypeattribute (hal_neuralnetworks_client) true)
|
|
(typeattributeset hal_neuralnetworks_client (dumpstate system_server ))
|
|
(typeattribute hal_neuralnetworks_server)
|
|
(expandtypeattribute (hal_neuralnetworks_server) false)
|
|
(typeattribute hal_nfc)
|
|
(expandtypeattribute (hal_nfc) true)
|
|
(typeattribute hal_nfc_client)
|
|
(expandtypeattribute (hal_nfc_client) true)
|
|
(typeattributeset hal_nfc_client (dumpstate nfc ))
|
|
(typeattribute hal_nfc_server)
|
|
(expandtypeattribute (hal_nfc_server) false)
|
|
(typeattribute hal_nlinterceptor)
|
|
(expandtypeattribute (hal_nlinterceptor) true)
|
|
(typeattribute hal_nlinterceptor_client)
|
|
(expandtypeattribute (hal_nlinterceptor_client) true)
|
|
(typeattributeset hal_nlinterceptor_client (wificond ))
|
|
(typeattribute hal_nlinterceptor_server)
|
|
(expandtypeattribute (hal_nlinterceptor_server) false)
|
|
(typeattribute hal_oemlock)
|
|
(expandtypeattribute (hal_oemlock) true)
|
|
(typeattribute hal_oemlock_client)
|
|
(expandtypeattribute (hal_oemlock_client) true)
|
|
(typeattributeset hal_oemlock_client (dumpstate system_server ))
|
|
(typeattribute hal_oemlock_server)
|
|
(expandtypeattribute (hal_oemlock_server) false)
|
|
(typeattribute hal_omx)
|
|
(expandtypeattribute (hal_omx) true)
|
|
(typeattribute hal_omx_client)
|
|
(expandtypeattribute (hal_omx_client) true)
|
|
(typeattributeset hal_omx_client (cameraserver mediaserver mediaswcodec mediatranscoding surfaceflinger system_server virtual_camera ))
|
|
(typeattribute hal_omx_server)
|
|
(expandtypeattribute (hal_omx_server) false)
|
|
(typeattribute hal_power)
|
|
(expandtypeattribute (hal_power) true)
|
|
(typeattribute hal_power_client)
|
|
(expandtypeattribute (hal_power_client) true)
|
|
(typeattributeset hal_power_client (dumpstate statsd surfaceflinger system_server ))
|
|
(typeattribute hal_power_server)
|
|
(expandtypeattribute (hal_power_server) false)
|
|
(typeattribute hal_power_stats)
|
|
(expandtypeattribute (hal_power_stats) true)
|
|
(typeattribute hal_power_stats_client)
|
|
(expandtypeattribute (hal_power_stats_client) true)
|
|
(typeattributeset hal_power_stats_client (dumpstate statsd system_server traced_probes ))
|
|
(typeattribute hal_power_stats_server)
|
|
(expandtypeattribute (hal_power_stats_server) false)
|
|
(typeattribute hal_rebootescrow)
|
|
(expandtypeattribute (hal_rebootescrow) true)
|
|
(typeattribute hal_rebootescrow_client)
|
|
(expandtypeattribute (hal_rebootescrow_client) true)
|
|
(typeattributeset hal_rebootescrow_client (dumpstate system_server ))
|
|
(typeattribute hal_rebootescrow_server)
|
|
(expandtypeattribute (hal_rebootescrow_server) false)
|
|
(typeattribute hal_remoteaccess)
|
|
(expandtypeattribute (hal_remoteaccess) true)
|
|
(typeattribute hal_remoteaccess_client)
|
|
(expandtypeattribute (hal_remoteaccess_client) true)
|
|
(typeattribute hal_remoteaccess_server)
|
|
(expandtypeattribute (hal_remoteaccess_server) false)
|
|
(typeattribute hal_secretkeeper)
|
|
(expandtypeattribute (hal_secretkeeper) true)
|
|
(typeattribute hal_secretkeeper_client)
|
|
(expandtypeattribute (hal_secretkeeper_client) true)
|
|
(typeattributeset hal_secretkeeper_client (dumpstate virtualizationmanager virtualizationservice ))
|
|
(typeattribute hal_secretkeeper_server)
|
|
(expandtypeattribute (hal_secretkeeper_server) false)
|
|
(typeattribute hal_remotelyprovisionedcomponent_avf)
|
|
(expandtypeattribute (hal_remotelyprovisionedcomponent_avf) true)
|
|
(typeattributeset hal_remotelyprovisionedcomponent_avf (virtualizationservice ))
|
|
(typeattribute hal_remotelyprovisionedcomponent_avf_client)
|
|
(expandtypeattribute (hal_remotelyprovisionedcomponent_avf_client) true)
|
|
(typeattributeset hal_remotelyprovisionedcomponent_avf_client (rkpdapp system_server ))
|
|
(typeattribute hal_remotelyprovisionedcomponent_avf_server)
|
|
(expandtypeattribute (hal_remotelyprovisionedcomponent_avf_server) false)
|
|
(typeattributeset hal_remotelyprovisionedcomponent_avf_server (virtualizationservice ))
|
|
(typeattribute hal_secure_element)
|
|
(expandtypeattribute (hal_secure_element) true)
|
|
(typeattribute hal_secure_element_client)
|
|
(expandtypeattribute (hal_secure_element_client) true)
|
|
(typeattributeset hal_secure_element_client (secure_element ))
|
|
(typeattribute hal_secure_element_server)
|
|
(expandtypeattribute (hal_secure_element_server) false)
|
|
(typeattribute hal_sensors)
|
|
(expandtypeattribute (hal_sensors) true)
|
|
(typeattribute hal_sensors_client)
|
|
(expandtypeattribute (hal_sensors_client) true)
|
|
(typeattributeset hal_sensors_client (dumpstate system_server ))
|
|
(typeattribute hal_sensors_server)
|
|
(expandtypeattribute (hal_sensors_server) false)
|
|
(typeattribute hal_telephony)
|
|
(expandtypeattribute (hal_telephony) true)
|
|
(typeattribute hal_telephony_client)
|
|
(expandtypeattribute (hal_telephony_client) true)
|
|
(typeattributeset hal_telephony_client (bluetooth radio ))
|
|
(typeattribute hal_telephony_server)
|
|
(expandtypeattribute (hal_telephony_server) false)
|
|
(typeattribute hal_tetheroffload)
|
|
(expandtypeattribute (hal_tetheroffload) true)
|
|
(typeattribute hal_tetheroffload_client)
|
|
(expandtypeattribute (hal_tetheroffload_client) true)
|
|
(typeattributeset hal_tetheroffload_client (network_stack system_server ))
|
|
(typeattribute hal_tetheroffload_server)
|
|
(expandtypeattribute (hal_tetheroffload_server) false)
|
|
(typeattribute hal_thermal)
|
|
(expandtypeattribute (hal_thermal) true)
|
|
(typeattribute hal_thermal_client)
|
|
(expandtypeattribute (hal_thermal_client) true)
|
|
(typeattributeset hal_thermal_client (dumpstate statsd system_server ))
|
|
(typeattribute hal_thermal_server)
|
|
(expandtypeattribute (hal_thermal_server) false)
|
|
(typeattribute hal_threadnetwork)
|
|
(expandtypeattribute (hal_threadnetwork) true)
|
|
(typeattribute hal_threadnetwork_client)
|
|
(expandtypeattribute (hal_threadnetwork_client) true)
|
|
(typeattributeset hal_threadnetwork_client (system_server ot_daemon ))
|
|
(typeattribute hal_threadnetwork_server)
|
|
(expandtypeattribute (hal_threadnetwork_server) false)
|
|
(typeattribute hal_tv_cec)
|
|
(expandtypeattribute (hal_tv_cec) true)
|
|
(typeattribute hal_tv_cec_client)
|
|
(expandtypeattribute (hal_tv_cec_client) true)
|
|
(typeattributeset hal_tv_cec_client (system_server ))
|
|
(typeattribute hal_tv_cec_server)
|
|
(expandtypeattribute (hal_tv_cec_server) false)
|
|
(typeattribute hal_tv_hdmi_cec)
|
|
(expandtypeattribute (hal_tv_hdmi_cec) true)
|
|
(typeattribute hal_tv_hdmi_cec_client)
|
|
(expandtypeattribute (hal_tv_hdmi_cec_client) true)
|
|
(typeattributeset hal_tv_hdmi_cec_client (system_server ))
|
|
(typeattribute hal_tv_hdmi_cec_server)
|
|
(expandtypeattribute (hal_tv_hdmi_cec_server) false)
|
|
(typeattribute hal_tv_hdmi_connection)
|
|
(expandtypeattribute (hal_tv_hdmi_connection) true)
|
|
(typeattribute hal_tv_hdmi_connection_client)
|
|
(expandtypeattribute (hal_tv_hdmi_connection_client) true)
|
|
(typeattributeset hal_tv_hdmi_connection_client (system_server ))
|
|
(typeattribute hal_tv_hdmi_connection_server)
|
|
(expandtypeattribute (hal_tv_hdmi_connection_server) false)
|
|
(typeattribute hal_tv_hdmi_earc)
|
|
(expandtypeattribute (hal_tv_hdmi_earc) true)
|
|
(typeattribute hal_tv_hdmi_earc_client)
|
|
(expandtypeattribute (hal_tv_hdmi_earc_client) true)
|
|
(typeattributeset hal_tv_hdmi_earc_client (system_server ))
|
|
(typeattribute hal_tv_hdmi_earc_server)
|
|
(expandtypeattribute (hal_tv_hdmi_earc_server) false)
|
|
(typeattribute hal_tv_input)
|
|
(expandtypeattribute (hal_tv_input) true)
|
|
(typeattribute hal_tv_input_client)
|
|
(expandtypeattribute (hal_tv_input_client) true)
|
|
(typeattributeset hal_tv_input_client (system_server ))
|
|
(typeattribute hal_tv_input_server)
|
|
(expandtypeattribute (hal_tv_input_server) false)
|
|
(typeattribute hal_tv_tuner)
|
|
(expandtypeattribute (hal_tv_tuner) true)
|
|
(typeattribute hal_tv_tuner_client)
|
|
(expandtypeattribute (hal_tv_tuner_client) true)
|
|
(typeattributeset hal_tv_tuner_client (mediatuner ))
|
|
(typeattribute hal_tv_tuner_server)
|
|
(expandtypeattribute (hal_tv_tuner_server) false)
|
|
(typeattribute hal_usb)
|
|
(expandtypeattribute (hal_usb) true)
|
|
(typeattribute hal_usb_client)
|
|
(expandtypeattribute (hal_usb_client) true)
|
|
(typeattributeset hal_usb_client (system_server ))
|
|
(typeattribute hal_usb_server)
|
|
(expandtypeattribute (hal_usb_server) false)
|
|
(typeattribute hal_usb_gadget)
|
|
(expandtypeattribute (hal_usb_gadget) true)
|
|
(typeattribute hal_usb_gadget_client)
|
|
(expandtypeattribute (hal_usb_gadget_client) true)
|
|
(typeattributeset hal_usb_gadget_client (system_server usbd ))
|
|
(typeattribute hal_usb_gadget_server)
|
|
(expandtypeattribute (hal_usb_gadget_server) false)
|
|
(typeattribute hal_uwb)
|
|
(expandtypeattribute (hal_uwb) true)
|
|
(typeattribute hal_uwb_client)
|
|
(expandtypeattribute (hal_uwb_client) true)
|
|
(typeattributeset hal_uwb_client (system_server ))
|
|
(typeattribute hal_uwb_server)
|
|
(expandtypeattribute (hal_uwb_server) false)
|
|
(typeattribute hal_uwb_vendor)
|
|
(expandtypeattribute (hal_uwb_vendor) true)
|
|
(typeattribute hal_uwb_vendor_client)
|
|
(expandtypeattribute (hal_uwb_vendor_client) true)
|
|
(typeattribute hal_uwb_vendor_server)
|
|
(expandtypeattribute (hal_uwb_vendor_server) false)
|
|
(typeattribute hal_vehicle)
|
|
(expandtypeattribute (hal_vehicle) true)
|
|
(typeattribute hal_vehicle_client)
|
|
(expandtypeattribute (hal_vehicle_client) true)
|
|
(typeattributeset hal_vehicle_client (dumpstate vehicle_binding_util ))
|
|
(typeattribute hal_vehicle_server)
|
|
(expandtypeattribute (hal_vehicle_server) false)
|
|
(typeattribute hal_vibrator)
|
|
(expandtypeattribute (hal_vibrator) true)
|
|
(typeattribute hal_vibrator_client)
|
|
(expandtypeattribute (hal_vibrator_client) true)
|
|
(typeattributeset hal_vibrator_client (dumpstate system_server ))
|
|
(typeattribute hal_vibrator_server)
|
|
(expandtypeattribute (hal_vibrator_server) false)
|
|
(typeattribute hal_vr)
|
|
(expandtypeattribute (hal_vr) true)
|
|
(typeattribute hal_vr_client)
|
|
(expandtypeattribute (hal_vr_client) true)
|
|
(typeattributeset hal_vr_client (system_server ))
|
|
(typeattribute hal_vr_server)
|
|
(expandtypeattribute (hal_vr_server) false)
|
|
(typeattribute hal_weaver)
|
|
(expandtypeattribute (hal_weaver) true)
|
|
(typeattribute hal_weaver_client)
|
|
(expandtypeattribute (hal_weaver_client) true)
|
|
(typeattributeset hal_weaver_client (dumpstate system_server ))
|
|
(typeattribute hal_weaver_server)
|
|
(expandtypeattribute (hal_weaver_server) false)
|
|
(typeattribute hal_wifi)
|
|
(expandtypeattribute (hal_wifi) true)
|
|
(typeattribute hal_wifi_client)
|
|
(expandtypeattribute (hal_wifi_client) true)
|
|
(typeattributeset hal_wifi_client (dumpstate system_server ))
|
|
(typeattribute hal_wifi_server)
|
|
(expandtypeattribute (hal_wifi_server) false)
|
|
(typeattribute hal_wifi_hostapd)
|
|
(expandtypeattribute (hal_wifi_hostapd) true)
|
|
(typeattribute hal_wifi_hostapd_client)
|
|
(expandtypeattribute (hal_wifi_hostapd_client) true)
|
|
(typeattributeset hal_wifi_hostapd_client (system_server ))
|
|
(typeattribute hal_wifi_hostapd_server)
|
|
(expandtypeattribute (hal_wifi_hostapd_server) false)
|
|
(typeattribute hal_wifi_supplicant)
|
|
(expandtypeattribute (hal_wifi_supplicant) true)
|
|
(typeattribute hal_wifi_supplicant_client)
|
|
(expandtypeattribute (hal_wifi_supplicant_client) true)
|
|
(typeattributeset hal_wifi_supplicant_client (system_server ))
|
|
(typeattribute hal_wifi_supplicant_server)
|
|
(expandtypeattribute (hal_wifi_supplicant_server) false)
|
|
(typeattribute automotive_display_service_server)
|
|
(typeattributeset automotive_display_service_server (automotive_display_service ))
|
|
(typeattribute camera_service_server)
|
|
(typeattributeset camera_service_server (cameraserver ))
|
|
(typeattribute display_service_server)
|
|
(typeattributeset display_service_server (surfaceflinger ))
|
|
(typeattribute evsmanager_service_server)
|
|
(typeattributeset evsmanager_service_server (evsmanagerd ))
|
|
(typeattribute remote_provisioning_service_server)
|
|
(typeattributeset remote_provisioning_service_server (system_server ))
|
|
(typeattribute scheduler_service_server)
|
|
(typeattributeset scheduler_service_server (system_server ))
|
|
(typeattribute sensor_service_server)
|
|
(typeattributeset sensor_service_server (system_server ))
|
|
(typeattribute stats_service_server)
|
|
(typeattributeset stats_service_server (system_server ))
|
|
(typeattribute system_suspend_internal_server)
|
|
(typeattributeset system_suspend_internal_server (system_suspend ))
|
|
(typeattribute system_suspend_server)
|
|
(typeattributeset system_suspend_server (system_suspend ))
|
|
(typeattribute wifi_keystore_service_server)
|
|
(typeattributeset wifi_keystore_service_server (wificond ))
|
|
(typeattribute super_block_device_type)
|
|
(typeattributeset super_block_device_type (super_block_device ))
|
|
(typeattribute dmabuf_heap_device_type)
|
|
(expandtypeattribute (dmabuf_heap_device_type) false)
|
|
(typeattributeset dmabuf_heap_device_type (dmabuf_heap_device dmabuf_system_heap_device dmabuf_system_secure_heap_device ))
|
|
(typeattribute vm_manager_device_type)
|
|
(typeattributeset vm_manager_device_type (kvm_device ))
|
|
(typeattribute gsi_metadata_file_type)
|
|
(typeattributeset gsi_metadata_file_type (gsi_metadata_file gsi_public_metadata_file ))
|
|
(typeattribute apex_data_file_type)
|
|
(typeattributeset apex_data_file_type (apex_system_server_data_file apex_art_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file ))
|
|
(typeattribute charger_type)
|
|
(typeattributeset charger_type (charger charger_vendor ))
|
|
(typeattribute dalvik_config_prop_type)
|
|
(typeattributeset dalvik_config_prop_type (dalvik_config_prop dalvik_dynamic_config_prop ))
|
|
(type adbd)
|
|
(roletype object_r adbd)
|
|
(type adbd_exec)
|
|
(roletype object_r adbd_exec)
|
|
(type aidl_lazy_test_server)
|
|
(roletype object_r aidl_lazy_test_server)
|
|
(type aidl_lazy_test_server_exec)
|
|
(roletype object_r aidl_lazy_test_server_exec)
|
|
(type apexd)
|
|
(roletype object_r apexd)
|
|
(type apexd_exec)
|
|
(roletype object_r apexd_exec)
|
|
(type appdomain_tmpfs)
|
|
(roletype object_r appdomain_tmpfs)
|
|
(type app_zygote)
|
|
(roletype object_r app_zygote)
|
|
(type app_zygote_tmpfs)
|
|
(roletype object_r app_zygote_tmpfs)
|
|
(type artd)
|
|
(roletype object_r artd)
|
|
(type atrace)
|
|
(roletype object_r atrace)
|
|
(type audioserver)
|
|
(roletype object_r audioserver)
|
|
(type audioserver_tmpfs)
|
|
(roletype object_r audioserver_tmpfs)
|
|
(type blkid)
|
|
(roletype object_r blkid)
|
|
(type blkid_untrusted)
|
|
(roletype object_r blkid_untrusted)
|
|
(type bluetooth)
|
|
(roletype object_r bluetooth)
|
|
(type bootanim)
|
|
(roletype object_r bootanim)
|
|
(type bootanim_exec)
|
|
(roletype object_r bootanim_exec)
|
|
(type bootstat)
|
|
(roletype object_r bootstat)
|
|
(type bootstat_exec)
|
|
(roletype object_r bootstat_exec)
|
|
(type bpfloader)
|
|
(roletype object_r bpfloader)
|
|
(type bufferhubd)
|
|
(roletype object_r bufferhubd)
|
|
(type bufferhubd_exec)
|
|
(roletype object_r bufferhubd_exec)
|
|
(type cameraserver)
|
|
(roletype object_r cameraserver)
|
|
(type cameraserver_exec)
|
|
(roletype object_r cameraserver_exec)
|
|
(type cameraserver_tmpfs)
|
|
(roletype object_r cameraserver_tmpfs)
|
|
(type charger)
|
|
(roletype object_r charger)
|
|
(type charger_exec)
|
|
(roletype object_r charger_exec)
|
|
(type charger_vendor)
|
|
(roletype object_r charger_vendor)
|
|
(type crash_dump)
|
|
(roletype object_r crash_dump)
|
|
(type crash_dump_exec)
|
|
(roletype object_r crash_dump_exec)
|
|
(type credstore)
|
|
(roletype object_r credstore)
|
|
(type credstore_exec)
|
|
(roletype object_r credstore_exec)
|
|
(type device)
|
|
(roletype object_r device)
|
|
(type ashmem_device)
|
|
(roletype object_r ashmem_device)
|
|
(type ashmem_libcutils_device)
|
|
(roletype object_r ashmem_libcutils_device)
|
|
(type audio_device)
|
|
(roletype object_r audio_device)
|
|
(type binder_device)
|
|
(roletype object_r binder_device)
|
|
(type hwbinder_device)
|
|
(roletype object_r hwbinder_device)
|
|
(type vndbinder_device)
|
|
(roletype object_r vndbinder_device)
|
|
(type block_device)
|
|
(roletype object_r block_device)
|
|
(type bt_device)
|
|
(roletype object_r bt_device)
|
|
(type camera_device)
|
|
(roletype object_r camera_device)
|
|
(type dm_device)
|
|
(roletype object_r dm_device)
|
|
(type ublk_block_device)
|
|
(roletype object_r ublk_block_device)
|
|
(type dm_user_device)
|
|
(roletype object_r dm_user_device)
|
|
(type ublk_control_device)
|
|
(roletype object_r ublk_control_device)
|
|
(type keychord_device)
|
|
(roletype object_r keychord_device)
|
|
(type loop_control_device)
|
|
(roletype object_r loop_control_device)
|
|
(type loop_device)
|
|
(roletype object_r loop_device)
|
|
(type pmsg_device)
|
|
(roletype object_r pmsg_device)
|
|
(type radio_device)
|
|
(roletype object_r radio_device)
|
|
(type ram_device)
|
|
(roletype object_r ram_device)
|
|
(type rtc_device)
|
|
(roletype object_r rtc_device)
|
|
(type vd_device)
|
|
(roletype object_r vd_device)
|
|
(type vold_device)
|
|
(roletype object_r vold_device)
|
|
(type console_device)
|
|
(roletype object_r console_device)
|
|
(type fscklogs)
|
|
(roletype object_r fscklogs)
|
|
(type gpu_device)
|
|
(roletype object_r gpu_device)
|
|
(type graphics_device)
|
|
(roletype object_r graphics_device)
|
|
(type hw_random_device)
|
|
(roletype object_r hw_random_device)
|
|
(type input_device)
|
|
(roletype object_r input_device)
|
|
(type port_device)
|
|
(roletype object_r port_device)
|
|
(type lowpan_device)
|
|
(roletype object_r lowpan_device)
|
|
(type mtp_device)
|
|
(roletype object_r mtp_device)
|
|
(type nfc_device)
|
|
(roletype object_r nfc_device)
|
|
(type ptmx_device)
|
|
(roletype object_r ptmx_device)
|
|
(type kmsg_device)
|
|
(roletype object_r kmsg_device)
|
|
(type kmsg_debug_device)
|
|
(roletype object_r kmsg_debug_device)
|
|
(type null_device)
|
|
(roletype object_r null_device)
|
|
(type random_device)
|
|
(roletype object_r random_device)
|
|
(type secure_element_device)
|
|
(roletype object_r secure_element_device)
|
|
(type sensors_device)
|
|
(roletype object_r sensors_device)
|
|
(type serial_device)
|
|
(roletype object_r serial_device)
|
|
(type socket_device)
|
|
(roletype object_r socket_device)
|
|
(type owntty_device)
|
|
(roletype object_r owntty_device)
|
|
(type tty_device)
|
|
(roletype object_r tty_device)
|
|
(type video_device)
|
|
(roletype object_r video_device)
|
|
(type zero_device)
|
|
(roletype object_r zero_device)
|
|
(type fuse_device)
|
|
(roletype object_r fuse_device)
|
|
(type iio_device)
|
|
(roletype object_r iio_device)
|
|
(type ion_device)
|
|
(roletype object_r ion_device)
|
|
(type dmabuf_heap_device)
|
|
(roletype object_r dmabuf_heap_device)
|
|
(type dmabuf_system_heap_device)
|
|
(roletype object_r dmabuf_system_heap_device)
|
|
(type dmabuf_system_secure_heap_device)
|
|
(roletype object_r dmabuf_system_secure_heap_device)
|
|
(type qtaguid_device)
|
|
(roletype object_r qtaguid_device)
|
|
(type watchdog_device)
|
|
(roletype object_r watchdog_device)
|
|
(type uhid_device)
|
|
(roletype object_r uhid_device)
|
|
(type uio_device)
|
|
(roletype object_r uio_device)
|
|
(type tun_device)
|
|
(roletype object_r tun_device)
|
|
(type usbaccessory_device)
|
|
(roletype object_r usbaccessory_device)
|
|
(type usb_device)
|
|
(roletype object_r usb_device)
|
|
(type usb_serial_device)
|
|
(roletype object_r usb_serial_device)
|
|
(type gnss_device)
|
|
(roletype object_r gnss_device)
|
|
(type properties_device)
|
|
(roletype object_r properties_device)
|
|
(type properties_serial)
|
|
(roletype object_r properties_serial)
|
|
(type property_info)
|
|
(roletype object_r property_info)
|
|
(type hidraw_device)
|
|
(roletype object_r hidraw_device)
|
|
(type hci_attach_dev)
|
|
(roletype object_r hci_attach_dev)
|
|
(type rpmsg_device)
|
|
(roletype object_r rpmsg_device)
|
|
(type root_block_device)
|
|
(roletype object_r root_block_device)
|
|
(type frp_block_device)
|
|
(roletype object_r frp_block_device)
|
|
(type system_block_device)
|
|
(roletype object_r system_block_device)
|
|
(type recovery_block_device)
|
|
(roletype object_r recovery_block_device)
|
|
(type boot_block_device)
|
|
(roletype object_r boot_block_device)
|
|
(type dtbo_block_device)
|
|
(roletype object_r dtbo_block_device)
|
|
(type userdata_block_device)
|
|
(roletype object_r userdata_block_device)
|
|
(type zoned_block_device)
|
|
(roletype object_r zoned_block_device)
|
|
(type cache_block_device)
|
|
(roletype object_r cache_block_device)
|
|
(type swap_block_device)
|
|
(roletype object_r swap_block_device)
|
|
(type metadata_block_device)
|
|
(roletype object_r metadata_block_device)
|
|
(type misc_block_device)
|
|
(roletype object_r misc_block_device)
|
|
(type super_block_device)
|
|
(roletype object_r super_block_device)
|
|
(type sdcard_block_device)
|
|
(roletype object_r sdcard_block_device)
|
|
(type userdata_sysdev)
|
|
(roletype object_r userdata_sysdev)
|
|
(type rootdisk_sysdev)
|
|
(roletype object_r rootdisk_sysdev)
|
|
(type vfio_device)
|
|
(roletype object_r vfio_device)
|
|
(type dhcp)
|
|
(roletype object_r dhcp)
|
|
(type dhcp_exec)
|
|
(roletype object_r dhcp_exec)
|
|
(type dnsmasq)
|
|
(roletype object_r dnsmasq)
|
|
(type dnsmasq_exec)
|
|
(roletype object_r dnsmasq_exec)
|
|
(type drmserver)
|
|
(roletype object_r drmserver)
|
|
(type drmserver_exec)
|
|
(roletype object_r drmserver_exec)
|
|
(type drmserver_socket)
|
|
(roletype object_r drmserver_socket)
|
|
(type dumpstate)
|
|
(roletype object_r dumpstate)
|
|
(type dumpstate_exec)
|
|
(roletype object_r dumpstate_exec)
|
|
(type e2fs)
|
|
(roletype object_r e2fs)
|
|
(type e2fs_exec)
|
|
(roletype object_r e2fs_exec)
|
|
(type ephemeral_app)
|
|
(roletype object_r ephemeral_app)
|
|
(type evsmanagerd)
|
|
(roletype object_r evsmanagerd)
|
|
(type extra_free_kbytes)
|
|
(roletype object_r extra_free_kbytes)
|
|
(type extra_free_kbytes_exec)
|
|
(roletype object_r extra_free_kbytes_exec)
|
|
(type fastbootd)
|
|
(roletype object_r fastbootd)
|
|
(type labeledfs)
|
|
(roletype object_r labeledfs)
|
|
(type pipefs)
|
|
(roletype object_r pipefs)
|
|
(type sockfs)
|
|
(roletype object_r sockfs)
|
|
(type rootfs)
|
|
(roletype object_r rootfs)
|
|
(type proc)
|
|
(roletype object_r proc)
|
|
(type binderfs)
|
|
(roletype object_r binderfs)
|
|
(type binderfs_logs)
|
|
(roletype object_r binderfs_logs)
|
|
(type binderfs_logs_proc)
|
|
(roletype object_r binderfs_logs_proc)
|
|
(type binderfs_logs_stats)
|
|
(roletype object_r binderfs_logs_stats)
|
|
(type binderfs_features)
|
|
(roletype object_r binderfs_features)
|
|
(type proc_security)
|
|
(roletype object_r proc_security)
|
|
(type proc_drop_caches)
|
|
(roletype object_r proc_drop_caches)
|
|
(type proc_overcommit_memory)
|
|
(roletype object_r proc_overcommit_memory)
|
|
(type proc_min_free_order_shift)
|
|
(roletype object_r proc_min_free_order_shift)
|
|
(type proc_kpageflags)
|
|
(roletype object_r proc_kpageflags)
|
|
(type proc_watermark_boost_factor)
|
|
(roletype object_r proc_watermark_boost_factor)
|
|
(type proc_percpu_pagelist_high_fraction)
|
|
(roletype object_r proc_percpu_pagelist_high_fraction)
|
|
(type usermodehelper)
|
|
(roletype object_r usermodehelper)
|
|
(type sysfs_usermodehelper)
|
|
(roletype object_r sysfs_usermodehelper)
|
|
(type proc_qtaguid_ctrl)
|
|
(roletype object_r proc_qtaguid_ctrl)
|
|
(type proc_qtaguid_stat)
|
|
(roletype object_r proc_qtaguid_stat)
|
|
(type proc_bluetooth_writable)
|
|
(roletype object_r proc_bluetooth_writable)
|
|
(type proc_abi)
|
|
(roletype object_r proc_abi)
|
|
(type proc_asound)
|
|
(roletype object_r proc_asound)
|
|
(type proc_bootconfig)
|
|
(roletype object_r proc_bootconfig)
|
|
(type proc_bpf)
|
|
(roletype object_r proc_bpf)
|
|
(type proc_buddyinfo)
|
|
(roletype object_r proc_buddyinfo)
|
|
(type proc_cmdline)
|
|
(roletype object_r proc_cmdline)
|
|
(type proc_cpu_alignment)
|
|
(roletype object_r proc_cpu_alignment)
|
|
(type proc_cpuinfo)
|
|
(roletype object_r proc_cpuinfo)
|
|
(type proc_dirty)
|
|
(roletype object_r proc_dirty)
|
|
(type proc_diskstats)
|
|
(roletype object_r proc_diskstats)
|
|
(type proc_extra_free_kbytes)
|
|
(roletype object_r proc_extra_free_kbytes)
|
|
(type proc_filesystems)
|
|
(roletype object_r proc_filesystems)
|
|
(type proc_fs_verity)
|
|
(roletype object_r proc_fs_verity)
|
|
(type proc_hostname)
|
|
(roletype object_r proc_hostname)
|
|
(type proc_hung_task)
|
|
(roletype object_r proc_hung_task)
|
|
(type proc_interrupts)
|
|
(roletype object_r proc_interrupts)
|
|
(type proc_iomem)
|
|
(roletype object_r proc_iomem)
|
|
(type proc_kallsyms)
|
|
(roletype object_r proc_kallsyms)
|
|
(type proc_keys)
|
|
(roletype object_r proc_keys)
|
|
(type proc_kmsg)
|
|
(roletype object_r proc_kmsg)
|
|
(type proc_loadavg)
|
|
(roletype object_r proc_loadavg)
|
|
(type proc_locks)
|
|
(roletype object_r proc_locks)
|
|
(type proc_lowmemorykiller)
|
|
(roletype object_r proc_lowmemorykiller)
|
|
(type proc_max_map_count)
|
|
(roletype object_r proc_max_map_count)
|
|
(type proc_meminfo)
|
|
(roletype object_r proc_meminfo)
|
|
(type proc_misc)
|
|
(roletype object_r proc_misc)
|
|
(type proc_modules)
|
|
(roletype object_r proc_modules)
|
|
(type proc_mounts)
|
|
(roletype object_r proc_mounts)
|
|
(type proc_net)
|
|
(roletype object_r proc_net)
|
|
(type proc_net_tcp_udp)
|
|
(roletype object_r proc_net_tcp_udp)
|
|
(type proc_page_cluster)
|
|
(roletype object_r proc_page_cluster)
|
|
(type proc_pagetypeinfo)
|
|
(roletype object_r proc_pagetypeinfo)
|
|
(type proc_panic)
|
|
(roletype object_r proc_panic)
|
|
(type proc_perf)
|
|
(roletype object_r proc_perf)
|
|
(type proc_pid_max)
|
|
(roletype object_r proc_pid_max)
|
|
(type proc_pipe_conf)
|
|
(roletype object_r proc_pipe_conf)
|
|
(type proc_pressure_cpu)
|
|
(roletype object_r proc_pressure_cpu)
|
|
(type proc_pressure_io)
|
|
(roletype object_r proc_pressure_io)
|
|
(type proc_pressure_mem)
|
|
(roletype object_r proc_pressure_mem)
|
|
(type proc_random)
|
|
(roletype object_r proc_random)
|
|
(type proc_sched)
|
|
(roletype object_r proc_sched)
|
|
(type proc_slabinfo)
|
|
(roletype object_r proc_slabinfo)
|
|
(type proc_stat)
|
|
(roletype object_r proc_stat)
|
|
(type proc_swaps)
|
|
(roletype object_r proc_swaps)
|
|
(type proc_sysrq)
|
|
(roletype object_r proc_sysrq)
|
|
(type proc_timer)
|
|
(roletype object_r proc_timer)
|
|
(type proc_tty_drivers)
|
|
(roletype object_r proc_tty_drivers)
|
|
(type proc_uid_cputime_showstat)
|
|
(roletype object_r proc_uid_cputime_showstat)
|
|
(type proc_uid_cputime_removeuid)
|
|
(roletype object_r proc_uid_cputime_removeuid)
|
|
(type proc_uid_io_stats)
|
|
(roletype object_r proc_uid_io_stats)
|
|
(type proc_uid_procstat_set)
|
|
(roletype object_r proc_uid_procstat_set)
|
|
(type proc_uid_time_in_state)
|
|
(roletype object_r proc_uid_time_in_state)
|
|
(type proc_uid_concurrent_active_time)
|
|
(roletype object_r proc_uid_concurrent_active_time)
|
|
(type proc_uid_concurrent_policy_time)
|
|
(roletype object_r proc_uid_concurrent_policy_time)
|
|
(type proc_uid_cpupower)
|
|
(roletype object_r proc_uid_cpupower)
|
|
(type proc_uptime)
|
|
(roletype object_r proc_uptime)
|
|
(type proc_version)
|
|
(roletype object_r proc_version)
|
|
(type proc_vmallocinfo)
|
|
(roletype object_r proc_vmallocinfo)
|
|
(type proc_vmstat)
|
|
(roletype object_r proc_vmstat)
|
|
(type proc_watermark_scale_factor)
|
|
(roletype object_r proc_watermark_scale_factor)
|
|
(type proc_zoneinfo)
|
|
(roletype object_r proc_zoneinfo)
|
|
(type proc_vendor_sched)
|
|
(roletype object_r proc_vendor_sched)
|
|
(type selinuxfs)
|
|
(roletype object_r selinuxfs)
|
|
(type fusectlfs)
|
|
(roletype object_r fusectlfs)
|
|
(type cgroup)
|
|
(roletype object_r cgroup)
|
|
(type cgroup_v2)
|
|
(roletype object_r cgroup_v2)
|
|
(type sysfs)
|
|
(roletype object_r sysfs)
|
|
(type sysfs_android_usb)
|
|
(roletype object_r sysfs_android_usb)
|
|
(type sysfs_uio)
|
|
(roletype object_r sysfs_uio)
|
|
(type sysfs_batteryinfo)
|
|
(roletype object_r sysfs_batteryinfo)
|
|
(type sysfs_bluetooth_writable)
|
|
(roletype object_r sysfs_bluetooth_writable)
|
|
(type sysfs_devfreq_cur)
|
|
(roletype object_r sysfs_devfreq_cur)
|
|
(type sysfs_devfreq_dir)
|
|
(roletype object_r sysfs_devfreq_dir)
|
|
(type sysfs_devices_block)
|
|
(roletype object_r sysfs_devices_block)
|
|
(type sysfs_dm)
|
|
(roletype object_r sysfs_dm)
|
|
(type sysfs_dm_verity)
|
|
(roletype object_r sysfs_dm_verity)
|
|
(type sysfs_dma_heap)
|
|
(roletype object_r sysfs_dma_heap)
|
|
(type sysfs_dmabuf_stats)
|
|
(roletype object_r sysfs_dmabuf_stats)
|
|
(type sysfs_dt_firmware_android)
|
|
(roletype object_r sysfs_dt_firmware_android)
|
|
(type sysfs_extcon)
|
|
(roletype object_r sysfs_extcon)
|
|
(type sysfs_ion)
|
|
(roletype object_r sysfs_ion)
|
|
(type sysfs_ipv4)
|
|
(roletype object_r sysfs_ipv4)
|
|
(type sysfs_kernel_notes)
|
|
(roletype object_r sysfs_kernel_notes)
|
|
(type sysfs_leds)
|
|
(roletype object_r sysfs_leds)
|
|
(type sysfs_loop)
|
|
(roletype object_r sysfs_loop)
|
|
(type sysfs_gpu)
|
|
(roletype object_r sysfs_gpu)
|
|
(type sysfs_hwrandom)
|
|
(roletype object_r sysfs_hwrandom)
|
|
(type sysfs_nfc_power_writable)
|
|
(roletype object_r sysfs_nfc_power_writable)
|
|
(type sysfs_wake_lock)
|
|
(roletype object_r sysfs_wake_lock)
|
|
(type sysfs_net)
|
|
(roletype object_r sysfs_net)
|
|
(type sysfs_power)
|
|
(roletype object_r sysfs_power)
|
|
(type sysfs_rtc)
|
|
(roletype object_r sysfs_rtc)
|
|
(type sysfs_suspend_stats)
|
|
(roletype object_r sysfs_suspend_stats)
|
|
(type sysfs_switch)
|
|
(roletype object_r sysfs_switch)
|
|
(type sysfs_sync_on_suspend)
|
|
(roletype object_r sysfs_sync_on_suspend)
|
|
(type sysfs_transparent_hugepage)
|
|
(roletype object_r sysfs_transparent_hugepage)
|
|
(type sysfs_lru_gen_enabled)
|
|
(roletype object_r sysfs_lru_gen_enabled)
|
|
(type sysfs_usb)
|
|
(roletype object_r sysfs_usb)
|
|
(type sysfs_wakeup)
|
|
(roletype object_r sysfs_wakeup)
|
|
(type sysfs_wakeup_reasons)
|
|
(roletype object_r sysfs_wakeup_reasons)
|
|
(type sysfs_fs_ext4_features)
|
|
(roletype object_r sysfs_fs_ext4_features)
|
|
(type sysfs_fs_f2fs)
|
|
(roletype object_r sysfs_fs_f2fs)
|
|
(type sysfs_fs_fuse_bpf)
|
|
(roletype object_r sysfs_fs_fuse_bpf)
|
|
(type sysfs_fs_fuse_features)
|
|
(roletype object_r sysfs_fs_fuse_features)
|
|
(type sysfs_fs_incfs_features)
|
|
(roletype object_r sysfs_fs_incfs_features)
|
|
(type sysfs_fs_incfs_metrics)
|
|
(roletype object_r sysfs_fs_incfs_metrics)
|
|
(type sysfs_vendor_sched)
|
|
(roletype object_r sysfs_vendor_sched)
|
|
(type fs_bpf)
|
|
(roletype object_r fs_bpf)
|
|
(type fs_bpf_tethering)
|
|
(roletype object_r fs_bpf_tethering)
|
|
(type fs_bpf_vendor)
|
|
(roletype object_r fs_bpf_vendor)
|
|
(type configfs)
|
|
(roletype object_r configfs)
|
|
(type sysfs_devices_cs_etm)
|
|
(roletype object_r sysfs_devices_cs_etm)
|
|
(type sysfs_devices_system_cpu)
|
|
(roletype object_r sysfs_devices_system_cpu)
|
|
(type sysfs_lowmemorykiller)
|
|
(roletype object_r sysfs_lowmemorykiller)
|
|
(type sysfs_wlan_fwpath)
|
|
(roletype object_r sysfs_wlan_fwpath)
|
|
(type sysfs_vibrator)
|
|
(roletype object_r sysfs_vibrator)
|
|
(type sysfs_uhid)
|
|
(roletype object_r sysfs_uhid)
|
|
(type sysfs_thermal)
|
|
(roletype object_r sysfs_thermal)
|
|
(type sysfs_zram)
|
|
(roletype object_r sysfs_zram)
|
|
(type sysfs_zram_uevent)
|
|
(roletype object_r sysfs_zram_uevent)
|
|
(type inotify)
|
|
(roletype object_r inotify)
|
|
(type devpts)
|
|
(roletype object_r devpts)
|
|
(type tmpfs)
|
|
(roletype object_r tmpfs)
|
|
(type shm)
|
|
(roletype object_r shm)
|
|
(type mqueue)
|
|
(roletype object_r mqueue)
|
|
(type fuse)
|
|
(roletype object_r fuse)
|
|
(type fuseblk)
|
|
(roletype object_r fuseblk)
|
|
(type sdcardfs)
|
|
(roletype object_r sdcardfs)
|
|
(type vfat)
|
|
(roletype object_r vfat)
|
|
(type exfat)
|
|
(roletype object_r exfat)
|
|
(type debugfs)
|
|
(roletype object_r debugfs)
|
|
(type debugfs_kprobes)
|
|
(roletype object_r debugfs_kprobes)
|
|
(type debugfs_mmc)
|
|
(roletype object_r debugfs_mmc)
|
|
(type debugfs_mm_events_tracing)
|
|
(roletype object_r debugfs_mm_events_tracing)
|
|
(type debugfs_trace_marker)
|
|
(roletype object_r debugfs_trace_marker)
|
|
(type debugfs_tracing)
|
|
(roletype object_r debugfs_tracing)
|
|
(type debugfs_tracing_debug)
|
|
(roletype object_r debugfs_tracing_debug)
|
|
(type debugfs_tracing_instances)
|
|
(roletype object_r debugfs_tracing_instances)
|
|
(type debugfs_tracing_printk_formats)
|
|
(roletype object_r debugfs_tracing_printk_formats)
|
|
(type debugfs_wakeup_sources)
|
|
(roletype object_r debugfs_wakeup_sources)
|
|
(type debugfs_wifi_tracing)
|
|
(roletype object_r debugfs_wifi_tracing)
|
|
(type securityfs)
|
|
(roletype object_r securityfs)
|
|
(type pstorefs)
|
|
(roletype object_r pstorefs)
|
|
(type functionfs)
|
|
(roletype object_r functionfs)
|
|
(type oemfs)
|
|
(roletype object_r oemfs)
|
|
(type usbfs)
|
|
(roletype object_r usbfs)
|
|
(type binfmt_miscfs)
|
|
(roletype object_r binfmt_miscfs)
|
|
(type app_fusefs)
|
|
(roletype object_r app_fusefs)
|
|
(type unlabeled)
|
|
(roletype object_r unlabeled)
|
|
(type system_file)
|
|
(roletype object_r system_file)
|
|
(type system_asan_options_file)
|
|
(roletype object_r system_asan_options_file)
|
|
(type system_event_log_tags_file)
|
|
(roletype object_r system_event_log_tags_file)
|
|
(type system_lib_file)
|
|
(roletype object_r system_lib_file)
|
|
(type system_bootstrap_lib_file)
|
|
(roletype object_r system_bootstrap_lib_file)
|
|
(type system_group_file)
|
|
(roletype object_r system_group_file)
|
|
(type system_linker_exec)
|
|
(roletype object_r system_linker_exec)
|
|
(type system_linker_config_file)
|
|
(roletype object_r system_linker_config_file)
|
|
(type system_passwd_file)
|
|
(roletype object_r system_passwd_file)
|
|
(type system_seccomp_policy_file)
|
|
(roletype object_r system_seccomp_policy_file)
|
|
(type system_security_cacerts_file)
|
|
(roletype object_r system_security_cacerts_file)
|
|
(type tcpdump_exec)
|
|
(roletype object_r tcpdump_exec)
|
|
(type system_zoneinfo_file)
|
|
(roletype object_r system_zoneinfo_file)
|
|
(type cgroup_desc_file)
|
|
(roletype object_r cgroup_desc_file)
|
|
(type cgroup_desc_api_file)
|
|
(roletype object_r cgroup_desc_api_file)
|
|
(type vendor_cgroup_desc_file)
|
|
(roletype object_r vendor_cgroup_desc_file)
|
|
(type task_profiles_file)
|
|
(roletype object_r task_profiles_file)
|
|
(type task_profiles_api_file)
|
|
(roletype object_r task_profiles_api_file)
|
|
(type vendor_task_profiles_file)
|
|
(roletype object_r vendor_task_profiles_file)
|
|
(type art_apex_dir)
|
|
(roletype object_r art_apex_dir)
|
|
(type linkerconfig_file)
|
|
(roletype object_r linkerconfig_file)
|
|
(type incremental_control_file)
|
|
(roletype object_r incremental_control_file)
|
|
(type bootanim_oem_file)
|
|
(roletype object_r bootanim_oem_file)
|
|
(type vendor_hal_file)
|
|
(roletype object_r vendor_hal_file)
|
|
(type vendor_file)
|
|
(roletype object_r vendor_file)
|
|
(type vendor_app_file)
|
|
(roletype object_r vendor_app_file)
|
|
(type vendor_configs_file)
|
|
(roletype object_r vendor_configs_file)
|
|
(type same_process_hal_file)
|
|
(roletype object_r same_process_hal_file)
|
|
(type vndk_sp_file)
|
|
(roletype object_r vndk_sp_file)
|
|
(type vendor_framework_file)
|
|
(roletype object_r vendor_framework_file)
|
|
(type vendor_overlay_file)
|
|
(roletype object_r vendor_overlay_file)
|
|
(type vendor_public_lib_file)
|
|
(roletype object_r vendor_public_lib_file)
|
|
(type vendor_public_framework_file)
|
|
(roletype object_r vendor_public_framework_file)
|
|
(type vendor_microdroid_file)
|
|
(roletype object_r vendor_microdroid_file)
|
|
(type vendor_keylayout_file)
|
|
(roletype object_r vendor_keylayout_file)
|
|
(type vendor_keychars_file)
|
|
(roletype object_r vendor_keychars_file)
|
|
(type vendor_idc_file)
|
|
(roletype object_r vendor_idc_file)
|
|
(type vendor_uuid_mapping_config_file)
|
|
(roletype object_r vendor_uuid_mapping_config_file)
|
|
(type vendor_vm_file)
|
|
(roletype object_r vendor_vm_file)
|
|
(type vendor_vm_data_file)
|
|
(roletype object_r vendor_vm_data_file)
|
|
(type metadata_file)
|
|
(roletype object_r metadata_file)
|
|
(type vold_metadata_file)
|
|
(roletype object_r vold_metadata_file)
|
|
(type gsi_metadata_file)
|
|
(roletype object_r gsi_metadata_file)
|
|
(type gsi_public_metadata_file)
|
|
(roletype object_r gsi_public_metadata_file)
|
|
(type password_slot_metadata_file)
|
|
(roletype object_r password_slot_metadata_file)
|
|
(type apex_metadata_file)
|
|
(roletype object_r apex_metadata_file)
|
|
(type ota_metadata_file)
|
|
(roletype object_r ota_metadata_file)
|
|
(type metadata_bootstat_file)
|
|
(roletype object_r metadata_bootstat_file)
|
|
(type userspace_reboot_metadata_file)
|
|
(roletype object_r userspace_reboot_metadata_file)
|
|
(type staged_install_file)
|
|
(roletype object_r staged_install_file)
|
|
(type watchdog_metadata_file)
|
|
(roletype object_r watchdog_metadata_file)
|
|
(type repair_mode_metadata_file)
|
|
(roletype object_r repair_mode_metadata_file)
|
|
(type aconfig_storage_metadata_file)
|
|
(roletype object_r aconfig_storage_metadata_file)
|
|
(type aconfig_storage_flags_metadata_file)
|
|
(roletype object_r aconfig_storage_flags_metadata_file)
|
|
(type dev_cpu_variant)
|
|
(roletype object_r dev_cpu_variant)
|
|
(type runtime_event_log_tags_file)
|
|
(roletype object_r runtime_event_log_tags_file)
|
|
(type logcat_exec)
|
|
(roletype object_r logcat_exec)
|
|
(type cgroup_rc_file)
|
|
(roletype object_r cgroup_rc_file)
|
|
(type coredump_file)
|
|
(roletype object_r coredump_file)
|
|
(type system_data_root_file)
|
|
(roletype object_r system_data_root_file)
|
|
(type system_data_file)
|
|
(roletype object_r system_data_file)
|
|
(type system_userdir_file)
|
|
(roletype object_r system_userdir_file)
|
|
(type packages_list_file)
|
|
(roletype object_r packages_list_file)
|
|
(type game_mode_intervention_list_file)
|
|
(roletype object_r game_mode_intervention_list_file)
|
|
(type vendor_data_file)
|
|
(roletype object_r vendor_data_file)
|
|
(type vendor_userdir_file)
|
|
(roletype object_r vendor_userdir_file)
|
|
(type unencrypted_data_file)
|
|
(roletype object_r unencrypted_data_file)
|
|
(type install_data_file)
|
|
(roletype object_r install_data_file)
|
|
(type drm_data_file)
|
|
(roletype object_r drm_data_file)
|
|
(type adb_data_file)
|
|
(roletype object_r adb_data_file)
|
|
(type anr_data_file)
|
|
(roletype object_r anr_data_file)
|
|
(type tombstone_data_file)
|
|
(roletype object_r tombstone_data_file)
|
|
(type tombstone_wifi_data_file)
|
|
(roletype object_r tombstone_wifi_data_file)
|
|
(type apex_data_file)
|
|
(roletype object_r apex_data_file)
|
|
(type apk_data_file)
|
|
(roletype object_r apk_data_file)
|
|
(type apk_tmp_file)
|
|
(roletype object_r apk_tmp_file)
|
|
(type apk_private_data_file)
|
|
(roletype object_r apk_private_data_file)
|
|
(type apk_private_tmp_file)
|
|
(roletype object_r apk_private_tmp_file)
|
|
(type dalvikcache_data_file)
|
|
(roletype object_r dalvikcache_data_file)
|
|
(type ota_data_file)
|
|
(roletype object_r ota_data_file)
|
|
(type ota_package_file)
|
|
(roletype object_r ota_package_file)
|
|
(type user_profile_root_file)
|
|
(roletype object_r user_profile_root_file)
|
|
(type user_profile_data_file)
|
|
(roletype object_r user_profile_data_file)
|
|
(type profman_dump_data_file)
|
|
(roletype object_r profman_dump_data_file)
|
|
(type prereboot_data_file)
|
|
(roletype object_r prereboot_data_file)
|
|
(type resourcecache_data_file)
|
|
(roletype object_r resourcecache_data_file)
|
|
(type shell_data_file)
|
|
(roletype object_r shell_data_file)
|
|
(type property_data_file)
|
|
(roletype object_r property_data_file)
|
|
(type bootchart_data_file)
|
|
(roletype object_r bootchart_data_file)
|
|
(type dropbox_data_file)
|
|
(roletype object_r dropbox_data_file)
|
|
(type heapdump_data_file)
|
|
(roletype object_r heapdump_data_file)
|
|
(type nativetest_data_file)
|
|
(roletype object_r nativetest_data_file)
|
|
(type shell_test_data_file)
|
|
(roletype object_r shell_test_data_file)
|
|
(type ringtone_file)
|
|
(roletype object_r ringtone_file)
|
|
(type preloads_data_file)
|
|
(roletype object_r preloads_data_file)
|
|
(type preloads_media_file)
|
|
(roletype object_r preloads_media_file)
|
|
(type dhcp_data_file)
|
|
(roletype object_r dhcp_data_file)
|
|
(type server_configurable_flags_data_file)
|
|
(roletype object_r server_configurable_flags_data_file)
|
|
(type staging_data_file)
|
|
(roletype object_r staging_data_file)
|
|
(type vendor_apex_file)
|
|
(roletype object_r vendor_apex_file)
|
|
(type vendor_apex_metadata_file)
|
|
(roletype object_r vendor_apex_metadata_file)
|
|
(type shutdown_checkpoints_system_data_file)
|
|
(roletype object_r shutdown_checkpoints_system_data_file)
|
|
(type mnt_media_rw_file)
|
|
(roletype object_r mnt_media_rw_file)
|
|
(type mnt_user_file)
|
|
(roletype object_r mnt_user_file)
|
|
(type mnt_pass_through_file)
|
|
(roletype object_r mnt_pass_through_file)
|
|
(type mnt_expand_file)
|
|
(roletype object_r mnt_expand_file)
|
|
(type mnt_sdcard_file)
|
|
(roletype object_r mnt_sdcard_file)
|
|
(type storage_file)
|
|
(roletype object_r storage_file)
|
|
(type mnt_media_rw_stub_file)
|
|
(roletype object_r mnt_media_rw_stub_file)
|
|
(type storage_stub_file)
|
|
(roletype object_r storage_stub_file)
|
|
(type mnt_vendor_file)
|
|
(roletype object_r mnt_vendor_file)
|
|
(type mnt_product_file)
|
|
(roletype object_r mnt_product_file)
|
|
(type apex_mnt_dir)
|
|
(roletype object_r apex_mnt_dir)
|
|
(type apex_info_file)
|
|
(roletype object_r apex_info_file)
|
|
(type postinstall_mnt_dir)
|
|
(roletype object_r postinstall_mnt_dir)
|
|
(type postinstall_file)
|
|
(roletype object_r postinstall_file)
|
|
(type postinstall_apex_mnt_dir)
|
|
(roletype object_r postinstall_apex_mnt_dir)
|
|
(type mirror_data_file)
|
|
(roletype object_r mirror_data_file)
|
|
(type adb_keys_file)
|
|
(roletype object_r adb_keys_file)
|
|
(type apex_system_server_data_file)
|
|
(roletype object_r apex_system_server_data_file)
|
|
(type apex_module_data_file)
|
|
(roletype object_r apex_module_data_file)
|
|
(type apex_ota_reserved_file)
|
|
(roletype object_r apex_ota_reserved_file)
|
|
(type apex_rollback_data_file)
|
|
(roletype object_r apex_rollback_data_file)
|
|
(type appcompat_data_file)
|
|
(roletype object_r appcompat_data_file)
|
|
(type audio_data_file)
|
|
(roletype object_r audio_data_file)
|
|
(type audioserver_data_file)
|
|
(roletype object_r audioserver_data_file)
|
|
(type bluetooth_data_file)
|
|
(roletype object_r bluetooth_data_file)
|
|
(type bluetooth_logs_data_file)
|
|
(roletype object_r bluetooth_logs_data_file)
|
|
(type bootstat_data_file)
|
|
(roletype object_r bootstat_data_file)
|
|
(type boottrace_data_file)
|
|
(roletype object_r boottrace_data_file)
|
|
(type camera_data_file)
|
|
(roletype object_r camera_data_file)
|
|
(type credstore_data_file)
|
|
(roletype object_r credstore_data_file)
|
|
(type gatekeeper_data_file)
|
|
(roletype object_r gatekeeper_data_file)
|
|
(type incident_data_file)
|
|
(roletype object_r incident_data_file)
|
|
(type keychain_data_file)
|
|
(roletype object_r keychain_data_file)
|
|
(type keystore_data_file)
|
|
(roletype object_r keystore_data_file)
|
|
(type media_data_file)
|
|
(roletype object_r media_data_file)
|
|
(type media_rw_data_file)
|
|
(roletype object_r media_rw_data_file)
|
|
(type media_userdir_file)
|
|
(roletype object_r media_userdir_file)
|
|
(type misc_user_data_file)
|
|
(roletype object_r misc_user_data_file)
|
|
(type net_data_file)
|
|
(roletype object_r net_data_file)
|
|
(type network_watchlist_data_file)
|
|
(roletype object_r network_watchlist_data_file)
|
|
(type nfc_data_file)
|
|
(roletype object_r nfc_data_file)
|
|
(type nfc_logs_data_file)
|
|
(roletype object_r nfc_logs_data_file)
|
|
(type radio_data_file)
|
|
(roletype object_r radio_data_file)
|
|
(type recovery_data_file)
|
|
(roletype object_r recovery_data_file)
|
|
(type shared_relro_file)
|
|
(roletype object_r shared_relro_file)
|
|
(type snapshotctl_log_data_file)
|
|
(roletype object_r snapshotctl_log_data_file)
|
|
(type stats_config_data_file)
|
|
(roletype object_r stats_config_data_file)
|
|
(type stats_data_file)
|
|
(roletype object_r stats_data_file)
|
|
(type systemkeys_data_file)
|
|
(roletype object_r systemkeys_data_file)
|
|
(type textclassifier_data_file)
|
|
(roletype object_r textclassifier_data_file)
|
|
(type trace_data_file)
|
|
(roletype object_r trace_data_file)
|
|
(type vpn_data_file)
|
|
(roletype object_r vpn_data_file)
|
|
(type wifi_data_file)
|
|
(roletype object_r wifi_data_file)
|
|
(type vold_data_file)
|
|
(roletype object_r vold_data_file)
|
|
(type tee_data_file)
|
|
(roletype object_r tee_data_file)
|
|
(type update_engine_data_file)
|
|
(roletype object_r update_engine_data_file)
|
|
(type update_engine_log_data_file)
|
|
(roletype object_r update_engine_log_data_file)
|
|
(type snapuserd_log_data_file)
|
|
(roletype object_r snapuserd_log_data_file)
|
|
(type method_trace_data_file)
|
|
(roletype object_r method_trace_data_file)
|
|
(type gsi_data_file)
|
|
(roletype object_r gsi_data_file)
|
|
(type radio_core_data_file)
|
|
(roletype object_r radio_core_data_file)
|
|
(type app_data_file)
|
|
(roletype object_r app_data_file)
|
|
(type privapp_data_file)
|
|
(roletype object_r privapp_data_file)
|
|
(type system_app_data_file)
|
|
(roletype object_r system_app_data_file)
|
|
(type cache_file)
|
|
(roletype object_r cache_file)
|
|
(type overlayfs_file)
|
|
(roletype object_r overlayfs_file)
|
|
(type cache_backup_file)
|
|
(roletype object_r cache_backup_file)
|
|
(type cache_private_backup_file)
|
|
(roletype object_r cache_private_backup_file)
|
|
(type cache_recovery_file)
|
|
(roletype object_r cache_recovery_file)
|
|
(type efs_file)
|
|
(roletype object_r efs_file)
|
|
(type wallpaper_file)
|
|
(roletype object_r wallpaper_file)
|
|
(type shortcut_manager_icons)
|
|
(roletype object_r shortcut_manager_icons)
|
|
(type icon_file)
|
|
(roletype object_r icon_file)
|
|
(type asec_apk_file)
|
|
(roletype object_r asec_apk_file)
|
|
(type asec_public_file)
|
|
(roletype object_r asec_public_file)
|
|
(type asec_image_file)
|
|
(roletype object_r asec_image_file)
|
|
(type backup_data_file)
|
|
(roletype object_r backup_data_file)
|
|
(type bluetooth_efs_file)
|
|
(roletype object_r bluetooth_efs_file)
|
|
(type fingerprintd_data_file)
|
|
(roletype object_r fingerprintd_data_file)
|
|
(type fingerprint_vendor_data_file)
|
|
(roletype object_r fingerprint_vendor_data_file)
|
|
(type app_fuse_file)
|
|
(roletype object_r app_fuse_file)
|
|
(type face_vendor_data_file)
|
|
(roletype object_r face_vendor_data_file)
|
|
(type iris_vendor_data_file)
|
|
(roletype object_r iris_vendor_data_file)
|
|
(type adbd_socket)
|
|
(roletype object_r adbd_socket)
|
|
(type bluetooth_socket)
|
|
(roletype object_r bluetooth_socket)
|
|
(type dnsproxyd_socket)
|
|
(roletype object_r dnsproxyd_socket)
|
|
(type dumpstate_socket)
|
|
(roletype object_r dumpstate_socket)
|
|
(type fwmarkd_socket)
|
|
(roletype object_r fwmarkd_socket)
|
|
(type lmkd_socket)
|
|
(roletype object_r lmkd_socket)
|
|
(type logd_socket)
|
|
(roletype object_r logd_socket)
|
|
(type logdr_socket)
|
|
(roletype object_r logdr_socket)
|
|
(type logdw_socket)
|
|
(roletype object_r logdw_socket)
|
|
(type mdns_socket)
|
|
(roletype object_r mdns_socket)
|
|
(type mdnsd_socket)
|
|
(roletype object_r mdnsd_socket)
|
|
(type misc_logd_file)
|
|
(roletype object_r misc_logd_file)
|
|
(type mtpd_socket)
|
|
(roletype object_r mtpd_socket)
|
|
(type ot_daemon_socket)
|
|
(roletype object_r ot_daemon_socket)
|
|
(type property_socket)
|
|
(roletype object_r property_socket)
|
|
(type racoon_socket)
|
|
(roletype object_r racoon_socket)
|
|
(type recovery_socket)
|
|
(roletype object_r recovery_socket)
|
|
(type rild_socket)
|
|
(roletype object_r rild_socket)
|
|
(type rild_debug_socket)
|
|
(roletype object_r rild_debug_socket)
|
|
(type snapuserd_socket)
|
|
(roletype object_r snapuserd_socket)
|
|
(type snapuserd_proxy_socket)
|
|
(roletype object_r snapuserd_proxy_socket)
|
|
(type statsdw_socket)
|
|
(roletype object_r statsdw_socket)
|
|
(type system_wpa_socket)
|
|
(roletype object_r system_wpa_socket)
|
|
(type system_ndebug_socket)
|
|
(roletype object_r system_ndebug_socket)
|
|
(type system_unsolzygote_socket)
|
|
(roletype object_r system_unsolzygote_socket)
|
|
(type tombstoned_crash_socket)
|
|
(roletype object_r tombstoned_crash_socket)
|
|
(type tombstoned_java_trace_socket)
|
|
(roletype object_r tombstoned_java_trace_socket)
|
|
(type tombstoned_intercept_socket)
|
|
(roletype object_r tombstoned_intercept_socket)
|
|
(type traced_consumer_socket)
|
|
(roletype object_r traced_consumer_socket)
|
|
(type traced_perf_socket)
|
|
(roletype object_r traced_perf_socket)
|
|
(type traced_producer_socket)
|
|
(roletype object_r traced_producer_socket)
|
|
(type uncrypt_socket)
|
|
(roletype object_r uncrypt_socket)
|
|
(type wpa_socket)
|
|
(roletype object_r wpa_socket)
|
|
(type zygote_socket)
|
|
(roletype object_r zygote_socket)
|
|
(type heapprofd_socket)
|
|
(roletype object_r heapprofd_socket)
|
|
(type gps_control)
|
|
(roletype object_r gps_control)
|
|
(type pdx_display_dir)
|
|
(roletype object_r pdx_display_dir)
|
|
(type pdx_performance_dir)
|
|
(roletype object_r pdx_performance_dir)
|
|
(type pdx_bufferhub_dir)
|
|
(roletype object_r pdx_bufferhub_dir)
|
|
(type pdx_display_client_endpoint_socket)
|
|
(roletype object_r pdx_display_client_endpoint_socket)
|
|
(type pdx_display_client_channel_socket)
|
|
(roletype object_r pdx_display_client_channel_socket)
|
|
(type pdx_display_manager_endpoint_socket)
|
|
(roletype object_r pdx_display_manager_endpoint_socket)
|
|
(type pdx_display_manager_channel_socket)
|
|
(roletype object_r pdx_display_manager_channel_socket)
|
|
(type pdx_display_screenshot_endpoint_socket)
|
|
(roletype object_r pdx_display_screenshot_endpoint_socket)
|
|
(type pdx_display_screenshot_channel_socket)
|
|
(roletype object_r pdx_display_screenshot_channel_socket)
|
|
(type pdx_display_vsync_endpoint_socket)
|
|
(roletype object_r pdx_display_vsync_endpoint_socket)
|
|
(type pdx_display_vsync_channel_socket)
|
|
(roletype object_r pdx_display_vsync_channel_socket)
|
|
(type pdx_performance_client_endpoint_socket)
|
|
(roletype object_r pdx_performance_client_endpoint_socket)
|
|
(type pdx_performance_client_channel_socket)
|
|
(roletype object_r pdx_performance_client_channel_socket)
|
|
(type pdx_bufferhub_client_endpoint_socket)
|
|
(roletype object_r pdx_bufferhub_client_endpoint_socket)
|
|
(type pdx_bufferhub_client_channel_socket)
|
|
(roletype object_r pdx_bufferhub_client_channel_socket)
|
|
(type file_contexts_file)
|
|
(roletype object_r file_contexts_file)
|
|
(type mac_perms_file)
|
|
(roletype object_r mac_perms_file)
|
|
(type property_contexts_file)
|
|
(roletype object_r property_contexts_file)
|
|
(type seapp_contexts_file)
|
|
(roletype object_r seapp_contexts_file)
|
|
(type sepolicy_file)
|
|
(roletype object_r sepolicy_file)
|
|
(type service_contexts_file)
|
|
(roletype object_r service_contexts_file)
|
|
(type keystore2_key_contexts_file)
|
|
(roletype object_r keystore2_key_contexts_file)
|
|
(type vendor_service_contexts_file)
|
|
(roletype object_r vendor_service_contexts_file)
|
|
(type hwservice_contexts_file)
|
|
(roletype object_r hwservice_contexts_file)
|
|
(type vndservice_contexts_file)
|
|
(roletype object_r vndservice_contexts_file)
|
|
(type debugfs_bootreceiver_tracing)
|
|
(roletype object_r debugfs_bootreceiver_tracing)
|
|
(type vendor_kernel_modules)
|
|
(roletype object_r vendor_kernel_modules)
|
|
(type system_dlkm_file)
|
|
(roletype object_r system_dlkm_file)
|
|
(type audiohal_data_file)
|
|
(roletype object_r audiohal_data_file)
|
|
(type fingerprintd)
|
|
(roletype object_r fingerprintd)
|
|
(type fingerprintd_exec)
|
|
(roletype object_r fingerprintd_exec)
|
|
(type flags_health_check)
|
|
(roletype object_r flags_health_check)
|
|
(type flags_health_check_exec)
|
|
(roletype object_r flags_health_check_exec)
|
|
(type fsck)
|
|
(roletype object_r fsck)
|
|
(type fsck_exec)
|
|
(roletype object_r fsck_exec)
|
|
(type fsck_untrusted)
|
|
(roletype object_r fsck_untrusted)
|
|
(type gatekeeperd)
|
|
(roletype object_r gatekeeperd)
|
|
(type gatekeeperd_exec)
|
|
(roletype object_r gatekeeperd_exec)
|
|
(type gmscore_app)
|
|
(roletype object_r gmscore_app)
|
|
(type gpuservice)
|
|
(roletype object_r gpuservice)
|
|
(type hal_graphics_composer_server_tmpfs)
|
|
(roletype object_r hal_graphics_composer_server_tmpfs)
|
|
(typeattribute hal_graphics_composer_client_tmpfs)
|
|
(expandtypeattribute (hal_graphics_composer_client_tmpfs) true)
|
|
(typeattributeset hal_graphics_composer_client_tmpfs (surfaceflinger_tmpfs ))
|
|
(type healthd)
|
|
(roletype object_r healthd)
|
|
(type heapprofd)
|
|
(roletype object_r heapprofd)
|
|
(type default_android_hwservice)
|
|
(roletype object_r default_android_hwservice)
|
|
(type fwk_camera_hwservice)
|
|
(roletype object_r fwk_camera_hwservice)
|
|
(type fwk_display_hwservice)
|
|
(roletype object_r fwk_display_hwservice)
|
|
(type fwk_scheduler_hwservice)
|
|
(roletype object_r fwk_scheduler_hwservice)
|
|
(type fwk_sensor_hwservice)
|
|
(roletype object_r fwk_sensor_hwservice)
|
|
(type fwk_stats_hwservice)
|
|
(roletype object_r fwk_stats_hwservice)
|
|
(type fwk_automotive_display_hwservice)
|
|
(roletype object_r fwk_automotive_display_hwservice)
|
|
(type hal_atrace_hwservice)
|
|
(roletype object_r hal_atrace_hwservice)
|
|
(type hal_audio_hwservice)
|
|
(roletype object_r hal_audio_hwservice)
|
|
(type hal_audiocontrol_hwservice)
|
|
(roletype object_r hal_audiocontrol_hwservice)
|
|
(type hal_authsecret_hwservice)
|
|
(roletype object_r hal_authsecret_hwservice)
|
|
(type hal_bluetooth_hwservice)
|
|
(roletype object_r hal_bluetooth_hwservice)
|
|
(type hal_bootctl_hwservice)
|
|
(roletype object_r hal_bootctl_hwservice)
|
|
(type hal_broadcastradio_hwservice)
|
|
(roletype object_r hal_broadcastradio_hwservice)
|
|
(type hal_camera_hwservice)
|
|
(roletype object_r hal_camera_hwservice)
|
|
(type hal_can_bus_hwservice)
|
|
(roletype object_r hal_can_bus_hwservice)
|
|
(type hal_can_controller_hwservice)
|
|
(roletype object_r hal_can_controller_hwservice)
|
|
(type hal_confirmationui_hwservice)
|
|
(roletype object_r hal_confirmationui_hwservice)
|
|
(type hal_contexthub_hwservice)
|
|
(roletype object_r hal_contexthub_hwservice)
|
|
(type hal_dumpstate_hwservice)
|
|
(roletype object_r hal_dumpstate_hwservice)
|
|
(type hal_evs_hwservice)
|
|
(roletype object_r hal_evs_hwservice)
|
|
(type hal_face_hwservice)
|
|
(roletype object_r hal_face_hwservice)
|
|
(type hal_fingerprint_hwservice)
|
|
(roletype object_r hal_fingerprint_hwservice)
|
|
(type hal_gatekeeper_hwservice)
|
|
(roletype object_r hal_gatekeeper_hwservice)
|
|
(type hal_gnss_hwservice)
|
|
(roletype object_r hal_gnss_hwservice)
|
|
(type hal_graphics_composer_hwservice)
|
|
(roletype object_r hal_graphics_composer_hwservice)
|
|
(type hal_health_hwservice)
|
|
(roletype object_r hal_health_hwservice)
|
|
(type hal_health_storage_hwservice)
|
|
(roletype object_r hal_health_storage_hwservice)
|
|
(type hal_input_classifier_hwservice)
|
|
(roletype object_r hal_input_classifier_hwservice)
|
|
(type hal_ir_hwservice)
|
|
(roletype object_r hal_ir_hwservice)
|
|
(type hal_keymaster_hwservice)
|
|
(roletype object_r hal_keymaster_hwservice)
|
|
(type hal_light_hwservice)
|
|
(roletype object_r hal_light_hwservice)
|
|
(type hal_lowpan_hwservice)
|
|
(roletype object_r hal_lowpan_hwservice)
|
|
(type hal_memtrack_hwservice)
|
|
(roletype object_r hal_memtrack_hwservice)
|
|
(type hal_nfc_hwservice)
|
|
(roletype object_r hal_nfc_hwservice)
|
|
(type hal_oemlock_hwservice)
|
|
(roletype object_r hal_oemlock_hwservice)
|
|
(type hal_power_hwservice)
|
|
(roletype object_r hal_power_hwservice)
|
|
(type hal_power_stats_hwservice)
|
|
(roletype object_r hal_power_stats_hwservice)
|
|
(type hal_secure_element_hwservice)
|
|
(roletype object_r hal_secure_element_hwservice)
|
|
(type hal_sensors_hwservice)
|
|
(roletype object_r hal_sensors_hwservice)
|
|
(type hal_telephony_hwservice)
|
|
(roletype object_r hal_telephony_hwservice)
|
|
(type hal_tetheroffload_hwservice)
|
|
(roletype object_r hal_tetheroffload_hwservice)
|
|
(type hal_thermal_hwservice)
|
|
(roletype object_r hal_thermal_hwservice)
|
|
(type hal_tv_cec_hwservice)
|
|
(roletype object_r hal_tv_cec_hwservice)
|
|
(type hal_tv_input_hwservice)
|
|
(roletype object_r hal_tv_input_hwservice)
|
|
(type hal_tv_tuner_hwservice)
|
|
(roletype object_r hal_tv_tuner_hwservice)
|
|
(type hal_usb_gadget_hwservice)
|
|
(roletype object_r hal_usb_gadget_hwservice)
|
|
(type hal_usb_hwservice)
|
|
(roletype object_r hal_usb_hwservice)
|
|
(type hal_vehicle_hwservice)
|
|
(roletype object_r hal_vehicle_hwservice)
|
|
(type hal_vibrator_hwservice)
|
|
(roletype object_r hal_vibrator_hwservice)
|
|
(type hal_vr_hwservice)
|
|
(roletype object_r hal_vr_hwservice)
|
|
(type hal_weaver_hwservice)
|
|
(roletype object_r hal_weaver_hwservice)
|
|
(type hal_wifi_hostapd_hwservice)
|
|
(roletype object_r hal_wifi_hostapd_hwservice)
|
|
(type hal_wifi_hwservice)
|
|
(roletype object_r hal_wifi_hwservice)
|
|
(type hal_wifi_supplicant_hwservice)
|
|
(roletype object_r hal_wifi_supplicant_hwservice)
|
|
(type system_net_netd_hwservice)
|
|
(roletype object_r system_net_netd_hwservice)
|
|
(type system_suspend_hwservice)
|
|
(roletype object_r system_suspend_hwservice)
|
|
(type system_wifi_keystore_hwservice)
|
|
(roletype object_r system_wifi_keystore_hwservice)
|
|
(type fwk_bufferhub_hwservice)
|
|
(roletype object_r fwk_bufferhub_hwservice)
|
|
(type hal_cas_hwservice)
|
|
(roletype object_r hal_cas_hwservice)
|
|
(type hal_codec2_hwservice)
|
|
(roletype object_r hal_codec2_hwservice)
|
|
(type hal_configstore_ISurfaceFlingerConfigs)
|
|
(roletype object_r hal_configstore_ISurfaceFlingerConfigs)
|
|
(type hal_drm_hwservice)
|
|
(roletype object_r hal_drm_hwservice)
|
|
(type hal_graphics_allocator_hwservice)
|
|
(roletype object_r hal_graphics_allocator_hwservice)
|
|
(type hal_graphics_mapper_hwservice)
|
|
(roletype object_r hal_graphics_mapper_hwservice)
|
|
(type hal_neuralnetworks_hwservice)
|
|
(roletype object_r hal_neuralnetworks_hwservice)
|
|
(type hal_omx_hwservice)
|
|
(roletype object_r hal_omx_hwservice)
|
|
(type hal_renderscript_hwservice)
|
|
(roletype object_r hal_renderscript_hwservice)
|
|
(type hidl_allocator_hwservice)
|
|
(roletype object_r hidl_allocator_hwservice)
|
|
(type hidl_base_hwservice)
|
|
(roletype object_r hidl_base_hwservice)
|
|
(type hidl_manager_hwservice)
|
|
(roletype object_r hidl_manager_hwservice)
|
|
(type hidl_memory_hwservice)
|
|
(roletype object_r hidl_memory_hwservice)
|
|
(type hidl_token_hwservice)
|
|
(roletype object_r hidl_token_hwservice)
|
|
(type hwservicemanager)
|
|
(roletype object_r hwservicemanager)
|
|
(type hwservicemanager_exec)
|
|
(roletype object_r hwservicemanager_exec)
|
|
(type idmap)
|
|
(roletype object_r idmap)
|
|
(type idmap_exec)
|
|
(roletype object_r idmap_exec)
|
|
(type incident)
|
|
(roletype object_r incident)
|
|
(type incident_helper)
|
|
(roletype object_r incident_helper)
|
|
(type incidentd)
|
|
(roletype object_r incidentd)
|
|
(type init)
|
|
(roletype object_r init)
|
|
(type init_exec)
|
|
(roletype object_r init_exec)
|
|
(type init_tmpfs)
|
|
(roletype object_r init_tmpfs)
|
|
(type inputflinger)
|
|
(roletype object_r inputflinger)
|
|
(type inputflinger_exec)
|
|
(roletype object_r inputflinger_exec)
|
|
(type installd)
|
|
(roletype object_r installd)
|
|
(type installd_exec)
|
|
(roletype object_r installd_exec)
|
|
(type isolated_app)
|
|
(roletype object_r isolated_app)
|
|
(type isolated_compute_app)
|
|
(roletype object_r isolated_compute_app)
|
|
(type kernel)
|
|
(roletype object_r kernel)
|
|
(type keystore)
|
|
(roletype object_r keystore)
|
|
(type keystore_exec)
|
|
(roletype object_r keystore_exec)
|
|
(type wifi_key)
|
|
(roletype object_r wifi_key)
|
|
(type llkd)
|
|
(roletype object_r llkd)
|
|
(type llkd_exec)
|
|
(roletype object_r llkd_exec)
|
|
(type lmkd)
|
|
(roletype object_r lmkd)
|
|
(type lmkd_exec)
|
|
(roletype object_r lmkd_exec)
|
|
(type logd)
|
|
(roletype object_r logd)
|
|
(type logd_exec)
|
|
(roletype object_r logd_exec)
|
|
(type logpersist)
|
|
(roletype object_r logpersist)
|
|
(type mdnsd)
|
|
(roletype object_r mdnsd)
|
|
(type mediadrmserver)
|
|
(roletype object_r mediadrmserver)
|
|
(type mediadrmserver_exec)
|
|
(roletype object_r mediadrmserver_exec)
|
|
(type mediaextractor)
|
|
(roletype object_r mediaextractor)
|
|
(type mediaextractor_exec)
|
|
(roletype object_r mediaextractor_exec)
|
|
(type mediaextractor_tmpfs)
|
|
(roletype object_r mediaextractor_tmpfs)
|
|
(type mediametrics)
|
|
(roletype object_r mediametrics)
|
|
(type mediametrics_exec)
|
|
(roletype object_r mediametrics_exec)
|
|
(type mediaprovider)
|
|
(roletype object_r mediaprovider)
|
|
(type mediaserver)
|
|
(roletype object_r mediaserver)
|
|
(type mediaserver_exec)
|
|
(roletype object_r mediaserver_exec)
|
|
(type mediaserver_tmpfs)
|
|
(roletype object_r mediaserver_tmpfs)
|
|
(type mediaswcodec)
|
|
(roletype object_r mediaswcodec)
|
|
(type mediaswcodec_exec)
|
|
(roletype object_r mediaswcodec_exec)
|
|
(type mediatranscoding)
|
|
(roletype object_r mediatranscoding)
|
|
(type modprobe)
|
|
(roletype object_r modprobe)
|
|
(type mtp)
|
|
(roletype object_r mtp)
|
|
(type node)
|
|
(roletype object_r node)
|
|
(type netif)
|
|
(roletype object_r netif)
|
|
(type port)
|
|
(roletype object_r port)
|
|
(type netd)
|
|
(roletype object_r netd)
|
|
(type netd_exec)
|
|
(roletype object_r netd_exec)
|
|
(type netutils_wrapper)
|
|
(roletype object_r netutils_wrapper)
|
|
(type netutils_wrapper_exec)
|
|
(roletype object_r netutils_wrapper_exec)
|
|
(type network_stack)
|
|
(roletype object_r network_stack)
|
|
(type nfc)
|
|
(roletype object_r nfc)
|
|
(type otapreopt_chroot)
|
|
(roletype object_r otapreopt_chroot)
|
|
(type perfetto)
|
|
(roletype object_r perfetto)
|
|
(type performanced)
|
|
(roletype object_r performanced)
|
|
(type performanced_exec)
|
|
(roletype object_r performanced_exec)
|
|
(type platform_app)
|
|
(roletype object_r platform_app)
|
|
(type postinstall)
|
|
(roletype object_r postinstall)
|
|
(type ppp)
|
|
(roletype object_r ppp)
|
|
(type priv_app)
|
|
(roletype object_r priv_app)
|
|
(type prng_seeder)
|
|
(roletype object_r prng_seeder)
|
|
(type profman)
|
|
(roletype object_r profman)
|
|
(type profman_exec)
|
|
(roletype object_r profman_exec)
|
|
(type apexd_prop)
|
|
(roletype object_r apexd_prop)
|
|
(type bootloader_boot_reason_prop)
|
|
(roletype object_r bootloader_boot_reason_prop)
|
|
(type device_config_activity_manager_native_boot_prop)
|
|
(roletype object_r device_config_activity_manager_native_boot_prop)
|
|
(type device_config_boot_count_prop)
|
|
(roletype object_r device_config_boot_count_prop)
|
|
(type device_config_input_native_boot_prop)
|
|
(roletype object_r device_config_input_native_boot_prop)
|
|
(type device_config_netd_native_prop)
|
|
(roletype object_r device_config_netd_native_prop)
|
|
(type device_config_reset_performed_prop)
|
|
(roletype object_r device_config_reset_performed_prop)
|
|
(type firstboot_prop)
|
|
(roletype object_r firstboot_prop)
|
|
(type boottime_prop)
|
|
(roletype object_r boottime_prop)
|
|
(type charger_prop)
|
|
(roletype object_r charger_prop)
|
|
(type cold_boot_done_prop)
|
|
(roletype object_r cold_boot_done_prop)
|
|
(type ctl_adbd_prop)
|
|
(roletype object_r ctl_adbd_prop)
|
|
(type ctl_apexd_prop)
|
|
(roletype object_r ctl_apexd_prop)
|
|
(type ctl_bootanim_prop)
|
|
(roletype object_r ctl_bootanim_prop)
|
|
(type ctl_bugreport_prop)
|
|
(roletype object_r ctl_bugreport_prop)
|
|
(type ctl_console_prop)
|
|
(roletype object_r ctl_console_prop)
|
|
(type ctl_dumpstate_prop)
|
|
(roletype object_r ctl_dumpstate_prop)
|
|
(type ctl_fuse_prop)
|
|
(roletype object_r ctl_fuse_prop)
|
|
(type ctl_gsid_prop)
|
|
(roletype object_r ctl_gsid_prop)
|
|
(type ctl_interface_restart_prop)
|
|
(roletype object_r ctl_interface_restart_prop)
|
|
(type ctl_interface_stop_prop)
|
|
(roletype object_r ctl_interface_stop_prop)
|
|
(type ctl_mdnsd_prop)
|
|
(roletype object_r ctl_mdnsd_prop)
|
|
(type ctl_restart_prop)
|
|
(roletype object_r ctl_restart_prop)
|
|
(type ctl_rildaemon_prop)
|
|
(roletype object_r ctl_rildaemon_prop)
|
|
(type ctl_sigstop_prop)
|
|
(roletype object_r ctl_sigstop_prop)
|
|
(type dynamic_system_prop)
|
|
(roletype object_r dynamic_system_prop)
|
|
(type heapprofd_enabled_prop)
|
|
(roletype object_r heapprofd_enabled_prop)
|
|
(type llkd_prop)
|
|
(roletype object_r llkd_prop)
|
|
(type lpdumpd_prop)
|
|
(roletype object_r lpdumpd_prop)
|
|
(type mmc_prop)
|
|
(roletype object_r mmc_prop)
|
|
(type mock_ota_prop)
|
|
(roletype object_r mock_ota_prop)
|
|
(type net_dns_prop)
|
|
(roletype object_r net_dns_prop)
|
|
(type overlay_prop)
|
|
(roletype object_r overlay_prop)
|
|
(type persistent_properties_ready_prop)
|
|
(roletype object_r persistent_properties_ready_prop)
|
|
(type safemode_prop)
|
|
(roletype object_r safemode_prop)
|
|
(type system_lmk_prop)
|
|
(roletype object_r system_lmk_prop)
|
|
(type system_trace_prop)
|
|
(roletype object_r system_trace_prop)
|
|
(type test_boot_reason_prop)
|
|
(roletype object_r test_boot_reason_prop)
|
|
(type time_prop)
|
|
(roletype object_r time_prop)
|
|
(type traced_enabled_prop)
|
|
(roletype object_r traced_enabled_prop)
|
|
(type traced_lazy_prop)
|
|
(roletype object_r traced_lazy_prop)
|
|
(type aac_drc_prop)
|
|
(roletype object_r aac_drc_prop)
|
|
(type adaptive_haptics_prop)
|
|
(roletype object_r adaptive_haptics_prop)
|
|
(type apex_ready_prop)
|
|
(roletype object_r apex_ready_prop)
|
|
(type arm64_memtag_prop)
|
|
(roletype object_r arm64_memtag_prop)
|
|
(type binder_cache_bluetooth_server_prop)
|
|
(roletype object_r binder_cache_bluetooth_server_prop)
|
|
(type binder_cache_system_server_prop)
|
|
(roletype object_r binder_cache_system_server_prop)
|
|
(type binder_cache_telephony_server_prop)
|
|
(roletype object_r binder_cache_telephony_server_prop)
|
|
(type boot_status_prop)
|
|
(roletype object_r boot_status_prop)
|
|
(type bootanim_system_prop)
|
|
(roletype object_r bootanim_system_prop)
|
|
(type bootloader_prop)
|
|
(roletype object_r bootloader_prop)
|
|
(type boottime_public_prop)
|
|
(roletype object_r boottime_public_prop)
|
|
(type bq_config_prop)
|
|
(roletype object_r bq_config_prop)
|
|
(type build_bootimage_prop)
|
|
(roletype object_r build_bootimage_prop)
|
|
(type build_prop)
|
|
(roletype object_r build_prop)
|
|
(type composd_vm_art_prop)
|
|
(roletype object_r composd_vm_art_prop)
|
|
(type device_config_aconfig_flags_prop)
|
|
(roletype object_r device_config_aconfig_flags_prop)
|
|
(type device_config_camera_native_prop)
|
|
(roletype object_r device_config_camera_native_prop)
|
|
(type device_config_edgetpu_native_prop)
|
|
(roletype object_r device_config_edgetpu_native_prop)
|
|
(type device_config_media_native_prop)
|
|
(roletype object_r device_config_media_native_prop)
|
|
(type device_config_nnapi_native_prop)
|
|
(roletype object_r device_config_nnapi_native_prop)
|
|
(type device_config_runtime_native_boot_prop)
|
|
(roletype object_r device_config_runtime_native_boot_prop)
|
|
(type device_config_runtime_native_prop)
|
|
(roletype object_r device_config_runtime_native_prop)
|
|
(type device_config_surface_flinger_native_boot_prop)
|
|
(roletype object_r device_config_surface_flinger_native_boot_prop)
|
|
(type device_config_vendor_system_native_prop)
|
|
(roletype object_r device_config_vendor_system_native_prop)
|
|
(type device_config_vendor_system_native_boot_prop)
|
|
(roletype object_r device_config_vendor_system_native_boot_prop)
|
|
(type drm_forcel3_prop)
|
|
(roletype object_r drm_forcel3_prop)
|
|
(type fingerprint_prop)
|
|
(roletype object_r fingerprint_prop)
|
|
(type gwp_asan_prop)
|
|
(roletype object_r gwp_asan_prop)
|
|
(type hal_instrumentation_prop)
|
|
(roletype object_r hal_instrumentation_prop)
|
|
(type userdebug_or_eng_prop)
|
|
(roletype object_r userdebug_or_eng_prop)
|
|
(type init_service_status_prop)
|
|
(roletype object_r init_service_status_prop)
|
|
(type libc_debug_prop)
|
|
(roletype object_r libc_debug_prop)
|
|
(type module_sdkextensions_prop)
|
|
(roletype object_r module_sdkextensions_prop)
|
|
(type nnapi_ext_deny_product_prop)
|
|
(roletype object_r nnapi_ext_deny_product_prop)
|
|
(type persist_wm_debug_prop)
|
|
(roletype object_r persist_wm_debug_prop)
|
|
(type power_debug_prop)
|
|
(roletype object_r power_debug_prop)
|
|
(type property_service_version_prop)
|
|
(roletype object_r property_service_version_prop)
|
|
(type provisioned_prop)
|
|
(roletype object_r provisioned_prop)
|
|
(type restorecon_prop)
|
|
(roletype object_r restorecon_prop)
|
|
(type retaildemo_prop)
|
|
(roletype object_r retaildemo_prop)
|
|
(type servicemanager_prop)
|
|
(roletype object_r servicemanager_prop)
|
|
(type smart_idle_maint_enabled_prop)
|
|
(roletype object_r smart_idle_maint_enabled_prop)
|
|
(type socket_hook_prop)
|
|
(roletype object_r socket_hook_prop)
|
|
(type sqlite_log_prop)
|
|
(roletype object_r sqlite_log_prop)
|
|
(type surfaceflinger_display_prop)
|
|
(roletype object_r surfaceflinger_display_prop)
|
|
(type system_boot_reason_prop)
|
|
(roletype object_r system_boot_reason_prop)
|
|
(type system_jvmti_agent_prop)
|
|
(roletype object_r system_jvmti_agent_prop)
|
|
(type traced_oome_heap_session_count_prop)
|
|
(roletype object_r traced_oome_heap_session_count_prop)
|
|
(type ab_update_gki_prop)
|
|
(roletype object_r ab_update_gki_prop)
|
|
(type usb_prop)
|
|
(roletype object_r usb_prop)
|
|
(type userspace_reboot_exported_prop)
|
|
(roletype object_r userspace_reboot_exported_prop)
|
|
(type vold_status_prop)
|
|
(roletype object_r vold_status_prop)
|
|
(type vts_status_prop)
|
|
(roletype object_r vts_status_prop)
|
|
(type config_prop)
|
|
(roletype object_r config_prop)
|
|
(type cppreopt_prop)
|
|
(roletype object_r cppreopt_prop)
|
|
(type dalvik_prop)
|
|
(roletype object_r dalvik_prop)
|
|
(type debuggerd_prop)
|
|
(roletype object_r debuggerd_prop)
|
|
(type device_logging_prop)
|
|
(roletype object_r device_logging_prop)
|
|
(type dhcp_prop)
|
|
(roletype object_r dhcp_prop)
|
|
(type dumpstate_prop)
|
|
(roletype object_r dumpstate_prop)
|
|
(type exported3_system_prop)
|
|
(roletype object_r exported3_system_prop)
|
|
(type exported_dumpstate_prop)
|
|
(roletype object_r exported_dumpstate_prop)
|
|
(type exported_secure_prop)
|
|
(roletype object_r exported_secure_prop)
|
|
(type heapprofd_prop)
|
|
(roletype object_r heapprofd_prop)
|
|
(type net_radio_prop)
|
|
(roletype object_r net_radio_prop)
|
|
(type pan_result_prop)
|
|
(roletype object_r pan_result_prop)
|
|
(type persist_debug_prop)
|
|
(roletype object_r persist_debug_prop)
|
|
(type shell_prop)
|
|
(roletype object_r shell_prop)
|
|
(type test_harness_prop)
|
|
(roletype object_r test_harness_prop)
|
|
(type theme_prop)
|
|
(roletype object_r theme_prop)
|
|
(type use_memfd_prop)
|
|
(roletype object_r use_memfd_prop)
|
|
(type vold_prop)
|
|
(roletype object_r vold_prop)
|
|
(type apexd_config_prop)
|
|
(roletype object_r apexd_config_prop)
|
|
(type apexd_select_prop)
|
|
(roletype object_r apexd_select_prop)
|
|
(type aaudio_config_prop)
|
|
(roletype object_r aaudio_config_prop)
|
|
(type apk_verity_prop)
|
|
(roletype object_r apk_verity_prop)
|
|
(type audio_config_prop)
|
|
(roletype object_r audio_config_prop)
|
|
(type bootanim_config_prop)
|
|
(roletype object_r bootanim_config_prop)
|
|
(type bluetooth_config_prop)
|
|
(roletype object_r bluetooth_config_prop)
|
|
(type build_attestation_prop)
|
|
(roletype object_r build_attestation_prop)
|
|
(type build_config_prop)
|
|
(roletype object_r build_config_prop)
|
|
(type build_odm_prop)
|
|
(roletype object_r build_odm_prop)
|
|
(type build_vendor_prop)
|
|
(roletype object_r build_vendor_prop)
|
|
(type camera_calibration_prop)
|
|
(roletype object_r camera_calibration_prop)
|
|
(type camera_config_prop)
|
|
(roletype object_r camera_config_prop)
|
|
(type camera2_extensions_prop)
|
|
(roletype object_r camera2_extensions_prop)
|
|
(type camerax_extensions_prop)
|
|
(roletype object_r camerax_extensions_prop)
|
|
(type charger_config_prop)
|
|
(roletype object_r charger_config_prop)
|
|
(type codec2_config_prop)
|
|
(roletype object_r codec2_config_prop)
|
|
(type composd_vm_vendor_prop)
|
|
(roletype object_r composd_vm_vendor_prop)
|
|
(type cpu_variant_prop)
|
|
(roletype object_r cpu_variant_prop)
|
|
(type debugfs_restriction_prop)
|
|
(roletype object_r debugfs_restriction_prop)
|
|
(type drm_service_config_prop)
|
|
(roletype object_r drm_service_config_prop)
|
|
(type exported_camera_prop)
|
|
(roletype object_r exported_camera_prop)
|
|
(type exported_config_prop)
|
|
(roletype object_r exported_config_prop)
|
|
(type exported_default_prop)
|
|
(roletype object_r exported_default_prop)
|
|
(type ffs_config_prop)
|
|
(roletype object_r ffs_config_prop)
|
|
(type framework_watchdog_config_prop)
|
|
(roletype object_r framework_watchdog_config_prop)
|
|
(type graphics_config_prop)
|
|
(roletype object_r graphics_config_prop)
|
|
(type hdmi_config_prop)
|
|
(roletype object_r hdmi_config_prop)
|
|
(type hw_timeout_multiplier_prop)
|
|
(roletype object_r hw_timeout_multiplier_prop)
|
|
(type hypervisor_prop)
|
|
(roletype object_r hypervisor_prop)
|
|
(type hypervisor_restricted_prop)
|
|
(roletype object_r hypervisor_restricted_prop)
|
|
(type incremental_prop)
|
|
(roletype object_r incremental_prop)
|
|
(type input_device_config_prop)
|
|
(roletype object_r input_device_config_prop)
|
|
(type keyguard_config_prop)
|
|
(roletype object_r keyguard_config_prop)
|
|
(type keystore_config_prop)
|
|
(roletype object_r keystore_config_prop)
|
|
(type lmkd_config_prop)
|
|
(roletype object_r lmkd_config_prop)
|
|
(type media_config_prop)
|
|
(roletype object_r media_config_prop)
|
|
(type media_variant_prop)
|
|
(roletype object_r media_variant_prop)
|
|
(type mediadrm_config_prop)
|
|
(roletype object_r mediadrm_config_prop)
|
|
(type mm_events_config_prop)
|
|
(roletype object_r mm_events_config_prop)
|
|
(type oem_unlock_prop)
|
|
(roletype object_r oem_unlock_prop)
|
|
(type ota_build_prop)
|
|
(roletype object_r ota_build_prop)
|
|
(type packagemanager_config_prop)
|
|
(roletype object_r packagemanager_config_prop)
|
|
(type quick_start_prop)
|
|
(roletype object_r quick_start_prop)
|
|
(type recovery_config_prop)
|
|
(roletype object_r recovery_config_prop)
|
|
(type recovery_usb_config_prop)
|
|
(roletype object_r recovery_usb_config_prop)
|
|
(type sendbug_config_prop)
|
|
(roletype object_r sendbug_config_prop)
|
|
(type soc_prop)
|
|
(roletype object_r soc_prop)
|
|
(type storage_config_prop)
|
|
(roletype object_r storage_config_prop)
|
|
(type storagemanager_config_prop)
|
|
(roletype object_r storagemanager_config_prop)
|
|
(type surfaceflinger_prop)
|
|
(roletype object_r surfaceflinger_prop)
|
|
(type suspend_prop)
|
|
(roletype object_r suspend_prop)
|
|
(type systemsound_config_prop)
|
|
(roletype object_r systemsound_config_prop)
|
|
(type telephony_config_prop)
|
|
(roletype object_r telephony_config_prop)
|
|
(type threadnetwork_config_prop)
|
|
(roletype object_r threadnetwork_config_prop)
|
|
(type tombstone_config_prop)
|
|
(roletype object_r tombstone_config_prop)
|
|
(type usb_config_prop)
|
|
(roletype object_r usb_config_prop)
|
|
(type userspace_reboot_config_prop)
|
|
(roletype object_r userspace_reboot_config_prop)
|
|
(type vehicle_hal_prop)
|
|
(roletype object_r vehicle_hal_prop)
|
|
(type vendor_security_patch_level_prop)
|
|
(roletype object_r vendor_security_patch_level_prop)
|
|
(type vendor_socket_hook_prop)
|
|
(roletype object_r vendor_socket_hook_prop)
|
|
(type virtual_ab_prop)
|
|
(roletype object_r virtual_ab_prop)
|
|
(type vndk_prop)
|
|
(roletype object_r vndk_prop)
|
|
(type vts_config_prop)
|
|
(roletype object_r vts_config_prop)
|
|
(type vold_config_prop)
|
|
(roletype object_r vold_config_prop)
|
|
(type wifi_config_prop)
|
|
(roletype object_r wifi_config_prop)
|
|
(type zram_config_prop)
|
|
(roletype object_r zram_config_prop)
|
|
(type zygote_config_prop)
|
|
(roletype object_r zygote_config_prop)
|
|
(type dck_prop)
|
|
(roletype object_r dck_prop)
|
|
(type tuner_config_prop)
|
|
(roletype object_r tuner_config_prop)
|
|
(type usb_uvc_enabled_prop)
|
|
(roletype object_r usb_uvc_enabled_prop)
|
|
(type setupwizard_mode_prop)
|
|
(roletype object_r setupwizard_mode_prop)
|
|
(type pm_archiving_enabled_prop)
|
|
(roletype object_r pm_archiving_enabled_prop)
|
|
(type adbd_config_prop)
|
|
(roletype object_r adbd_config_prop)
|
|
(type audio_prop)
|
|
(roletype object_r audio_prop)
|
|
(type bluetooth_a2dp_offload_prop)
|
|
(roletype object_r bluetooth_a2dp_offload_prop)
|
|
(type bluetooth_audio_hal_prop)
|
|
(roletype object_r bluetooth_audio_hal_prop)
|
|
(type bluetooth_prop)
|
|
(roletype object_r bluetooth_prop)
|
|
(type bpf_progs_loaded_prop)
|
|
(roletype object_r bpf_progs_loaded_prop)
|
|
(type charger_status_prop)
|
|
(roletype object_r charger_status_prop)
|
|
(type ctl_default_prop)
|
|
(roletype object_r ctl_default_prop)
|
|
(type ctl_interface_start_prop)
|
|
(roletype object_r ctl_interface_start_prop)
|
|
(type ctl_start_prop)
|
|
(roletype object_r ctl_start_prop)
|
|
(type ctl_stop_prop)
|
|
(roletype object_r ctl_stop_prop)
|
|
(type dalvik_config_prop)
|
|
(roletype object_r dalvik_config_prop)
|
|
(type dalvik_dynamic_config_prop)
|
|
(roletype object_r dalvik_dynamic_config_prop)
|
|
(type dalvik_runtime_prop)
|
|
(roletype object_r dalvik_runtime_prop)
|
|
(type debug_prop)
|
|
(roletype object_r debug_prop)
|
|
(type device_config_memory_safety_native_boot_prop)
|
|
(roletype object_r device_config_memory_safety_native_boot_prop)
|
|
(type device_config_memory_safety_native_prop)
|
|
(roletype object_r device_config_memory_safety_native_prop)
|
|
(type dumpstate_options_prop)
|
|
(roletype object_r dumpstate_options_prop)
|
|
(type exported_system_prop)
|
|
(roletype object_r exported_system_prop)
|
|
(type exported_bluetooth_prop)
|
|
(roletype object_r exported_bluetooth_prop)
|
|
(type exported_overlay_prop)
|
|
(roletype object_r exported_overlay_prop)
|
|
(type exported_pm_prop)
|
|
(roletype object_r exported_pm_prop)
|
|
(type future_pm_prop)
|
|
(roletype object_r future_pm_prop)
|
|
(type ffs_control_prop)
|
|
(roletype object_r ffs_control_prop)
|
|
(type framework_status_prop)
|
|
(roletype object_r framework_status_prop)
|
|
(type gesture_prop)
|
|
(roletype object_r gesture_prop)
|
|
(type graphics_config_writable_prop)
|
|
(roletype object_r graphics_config_writable_prop)
|
|
(type hal_dumpstate_config_prop)
|
|
(roletype object_r hal_dumpstate_config_prop)
|
|
(type sota_prop)
|
|
(roletype object_r sota_prop)
|
|
(type hwservicemanager_prop)
|
|
(roletype object_r hwservicemanager_prop)
|
|
(type lmkd_prop)
|
|
(roletype object_r lmkd_prop)
|
|
(type locale_prop)
|
|
(roletype object_r locale_prop)
|
|
(type logd_prop)
|
|
(roletype object_r logd_prop)
|
|
(type logpersistd_logging_prop)
|
|
(roletype object_r logpersistd_logging_prop)
|
|
(type log_prop)
|
|
(roletype object_r log_prop)
|
|
(type log_tag_prop)
|
|
(roletype object_r log_tag_prop)
|
|
(type lowpan_prop)
|
|
(roletype object_r lowpan_prop)
|
|
(type nfc_prop)
|
|
(roletype object_r nfc_prop)
|
|
(type ota_prop)
|
|
(roletype object_r ota_prop)
|
|
(type permissive_mte_prop)
|
|
(roletype object_r permissive_mte_prop)
|
|
(type powerctl_prop)
|
|
(roletype object_r powerctl_prop)
|
|
(type qemu_hw_prop)
|
|
(roletype object_r qemu_hw_prop)
|
|
(type qemu_sf_lcd_density_prop)
|
|
(roletype object_r qemu_sf_lcd_density_prop)
|
|
(type radio_control_prop)
|
|
(roletype object_r radio_control_prop)
|
|
(type radio_prop)
|
|
(roletype object_r radio_prop)
|
|
(type serialno_prop)
|
|
(roletype object_r serialno_prop)
|
|
(type surfaceflinger_color_prop)
|
|
(roletype object_r surfaceflinger_color_prop)
|
|
(type system_prop)
|
|
(roletype object_r system_prop)
|
|
(type system_user_mode_emulation_prop)
|
|
(roletype object_r system_user_mode_emulation_prop)
|
|
(type telephony_status_prop)
|
|
(roletype object_r telephony_status_prop)
|
|
(type timezone_prop)
|
|
(roletype object_r timezone_prop)
|
|
(type usb_control_prop)
|
|
(roletype object_r usb_control_prop)
|
|
(type vold_post_fs_data_prop)
|
|
(roletype object_r vold_post_fs_data_prop)
|
|
(type wifi_hal_prop)
|
|
(roletype object_r wifi_hal_prop)
|
|
(type wifi_log_prop)
|
|
(roletype object_r wifi_log_prop)
|
|
(type wifi_prop)
|
|
(roletype object_r wifi_prop)
|
|
(type zram_control_prop)
|
|
(roletype object_r zram_control_prop)
|
|
(type default_prop)
|
|
(roletype object_r default_prop)
|
|
(type rebootescrow_hal_prop)
|
|
(roletype object_r rebootescrow_hal_prop)
|
|
(type virtual_face_hal_prop)
|
|
(roletype object_r virtual_face_hal_prop)
|
|
(type virtual_fingerprint_hal_prop)
|
|
(roletype object_r virtual_fingerprint_hal_prop)
|
|
(type persist_vendor_debug_wifi_prop)
|
|
(roletype object_r persist_vendor_debug_wifi_prop)
|
|
(type vendor_default_prop)
|
|
(roletype object_r vendor_default_prop)
|
|
(type radio)
|
|
(roletype object_r radio)
|
|
(type recovery)
|
|
(roletype object_r recovery)
|
|
(type recovery_persist)
|
|
(roletype object_r recovery_persist)
|
|
(type recovery_persist_exec)
|
|
(roletype object_r recovery_persist_exec)
|
|
(type recovery_refresh)
|
|
(roletype object_r recovery_refresh)
|
|
(type recovery_refresh_exec)
|
|
(roletype object_r recovery_refresh_exec)
|
|
(type rkpdapp)
|
|
(roletype object_r rkpdapp)
|
|
(type rs)
|
|
(roletype object_r rs)
|
|
(type rs_exec)
|
|
(roletype object_r rs_exec)
|
|
(type rss_hwm_reset)
|
|
(roletype object_r rss_hwm_reset)
|
|
(type runas)
|
|
(roletype object_r runas)
|
|
(type runas_exec)
|
|
(roletype object_r runas_exec)
|
|
(type runas_app)
|
|
(roletype object_r runas_app)
|
|
(type sdcardd)
|
|
(roletype object_r sdcardd)
|
|
(type sdcardd_exec)
|
|
(roletype object_r sdcardd_exec)
|
|
(type secure_element)
|
|
(roletype object_r secure_element)
|
|
(type aidl_lazy_test_service)
|
|
(roletype object_r aidl_lazy_test_service)
|
|
(type apc_service)
|
|
(roletype object_r apc_service)
|
|
(type apex_service)
|
|
(roletype object_r apex_service)
|
|
(type artd_service)
|
|
(roletype object_r artd_service)
|
|
(type artd_pre_reboot_service)
|
|
(roletype object_r artd_pre_reboot_service)
|
|
(type audioserver_service)
|
|
(roletype object_r audioserver_service)
|
|
(type authorization_service)
|
|
(roletype object_r authorization_service)
|
|
(type batteryproperties_service)
|
|
(roletype object_r batteryproperties_service)
|
|
(type bluetooth_service)
|
|
(roletype object_r bluetooth_service)
|
|
(type cameraserver_service)
|
|
(roletype object_r cameraserver_service)
|
|
(type fwk_camera_service)
|
|
(roletype object_r fwk_camera_service)
|
|
(type default_android_service)
|
|
(roletype object_r default_android_service)
|
|
(type device_config_updatable_service)
|
|
(roletype object_r device_config_updatable_service)
|
|
(type dexopt_chroot_setup_service)
|
|
(roletype object_r dexopt_chroot_setup_service)
|
|
(type dnsresolver_service)
|
|
(roletype object_r dnsresolver_service)
|
|
(type drmserver_service)
|
|
(roletype object_r drmserver_service)
|
|
(type dumpstate_service)
|
|
(roletype object_r dumpstate_service)
|
|
(type evsmanagerd_service)
|
|
(roletype object_r evsmanagerd_service)
|
|
(type fingerprintd_service)
|
|
(roletype object_r fingerprintd_service)
|
|
(type fwk_automotive_display_service)
|
|
(roletype object_r fwk_automotive_display_service)
|
|
(type gatekeeper_service)
|
|
(roletype object_r gatekeeper_service)
|
|
(type gpu_service)
|
|
(roletype object_r gpu_service)
|
|
(type idmap_service)
|
|
(roletype object_r idmap_service)
|
|
(type incident_service)
|
|
(roletype object_r incident_service)
|
|
(type installd_service)
|
|
(roletype object_r installd_service)
|
|
(type credstore_service)
|
|
(roletype object_r credstore_service)
|
|
(type keystore_compat_hal_service)
|
|
(roletype object_r keystore_compat_hal_service)
|
|
(type keystore_maintenance_service)
|
|
(roletype object_r keystore_maintenance_service)
|
|
(type keystore_metrics_service)
|
|
(roletype object_r keystore_metrics_service)
|
|
(type keystore_service)
|
|
(roletype object_r keystore_service)
|
|
(type legacykeystore_service)
|
|
(roletype object_r legacykeystore_service)
|
|
(type lpdump_service)
|
|
(roletype object_r lpdump_service)
|
|
(type mdns_service)
|
|
(roletype object_r mdns_service)
|
|
(type mediaserver_service)
|
|
(roletype object_r mediaserver_service)
|
|
(type mediametrics_service)
|
|
(roletype object_r mediametrics_service)
|
|
(type mediaextractor_service)
|
|
(roletype object_r mediaextractor_service)
|
|
(type mediadrmserver_service)
|
|
(roletype object_r mediadrmserver_service)
|
|
(type mediatranscoding_service)
|
|
(roletype object_r mediatranscoding_service)
|
|
(type netd_service)
|
|
(roletype object_r netd_service)
|
|
(type nfc_service)
|
|
(roletype object_r nfc_service)
|
|
(type ondevicepersonalization_system_service)
|
|
(roletype object_r ondevicepersonalization_system_service)
|
|
(type ot_daemon_service)
|
|
(roletype object_r ot_daemon_service)
|
|
(type profiling_service)
|
|
(roletype object_r profiling_service)
|
|
(type radio_service)
|
|
(roletype object_r radio_service)
|
|
(type secure_element_service)
|
|
(roletype object_r secure_element_service)
|
|
(type service_manager_service)
|
|
(roletype object_r service_manager_service)
|
|
(type storaged_service)
|
|
(roletype object_r storaged_service)
|
|
(type surfaceflinger_service)
|
|
(roletype object_r surfaceflinger_service)
|
|
(type system_app_service)
|
|
(roletype object_r system_app_service)
|
|
(type system_net_netd_service)
|
|
(roletype object_r system_net_netd_service)
|
|
(type system_suspend_control_internal_service)
|
|
(roletype object_r system_suspend_control_internal_service)
|
|
(type system_suspend_control_service)
|
|
(roletype object_r system_suspend_control_service)
|
|
(type update_engine_service)
|
|
(roletype object_r update_engine_service)
|
|
(type update_engine_stable_service)
|
|
(roletype object_r update_engine_stable_service)
|
|
(type virtualization_service)
|
|
(roletype object_r virtualization_service)
|
|
(type virtual_camera_service)
|
|
(roletype object_r virtual_camera_service)
|
|
(type virtual_touchpad_service)
|
|
(roletype object_r virtual_touchpad_service)
|
|
(type vold_service)
|
|
(roletype object_r vold_service)
|
|
(type vr_hwc_service)
|
|
(roletype object_r vr_hwc_service)
|
|
(type vrflinger_vsync_service)
|
|
(roletype object_r vrflinger_vsync_service)
|
|
(type accessibility_service)
|
|
(roletype object_r accessibility_service)
|
|
(type account_service)
|
|
(roletype object_r account_service)
|
|
(type activity_service)
|
|
(roletype object_r activity_service)
|
|
(type activity_task_service)
|
|
(roletype object_r activity_task_service)
|
|
(type adb_service)
|
|
(roletype object_r adb_service)
|
|
(type adservices_manager_service)
|
|
(roletype object_r adservices_manager_service)
|
|
(type alarm_service)
|
|
(roletype object_r alarm_service)
|
|
(type app_binding_service)
|
|
(roletype object_r app_binding_service)
|
|
(type app_hibernation_service)
|
|
(roletype object_r app_hibernation_service)
|
|
(type app_integrity_service)
|
|
(roletype object_r app_integrity_service)
|
|
(type app_prediction_service)
|
|
(roletype object_r app_prediction_service)
|
|
(type app_search_service)
|
|
(roletype object_r app_search_service)
|
|
(type appops_service)
|
|
(roletype object_r appops_service)
|
|
(type appwidget_service)
|
|
(roletype object_r appwidget_service)
|
|
(type archive_service)
|
|
(roletype object_r archive_service)
|
|
(type assetatlas_service)
|
|
(roletype object_r assetatlas_service)
|
|
(type attestation_verification_service)
|
|
(roletype object_r attestation_verification_service)
|
|
(type audio_service)
|
|
(roletype object_r audio_service)
|
|
(type auth_service)
|
|
(roletype object_r auth_service)
|
|
(type autofill_service)
|
|
(roletype object_r autofill_service)
|
|
(type backup_service)
|
|
(roletype object_r backup_service)
|
|
(type batterystats_service)
|
|
(roletype object_r batterystats_service)
|
|
(type battery_service)
|
|
(roletype object_r battery_service)
|
|
(type binder_calls_stats_service)
|
|
(roletype object_r binder_calls_stats_service)
|
|
(type blob_store_service)
|
|
(roletype object_r blob_store_service)
|
|
(type bluetooth_manager_service)
|
|
(roletype object_r bluetooth_manager_service)
|
|
(type broadcastradio_service)
|
|
(roletype object_r broadcastradio_service)
|
|
(type cacheinfo_service)
|
|
(roletype object_r cacheinfo_service)
|
|
(type cameraproxy_service)
|
|
(roletype object_r cameraproxy_service)
|
|
(type clipboard_service)
|
|
(roletype object_r clipboard_service)
|
|
(type cloudsearch_service)
|
|
(roletype object_r cloudsearch_service)
|
|
(type contexthub_service)
|
|
(roletype object_r contexthub_service)
|
|
(type contextual_search_service)
|
|
(roletype object_r contextual_search_service)
|
|
(type crossprofileapps_service)
|
|
(roletype object_r crossprofileapps_service)
|
|
(type IProxyService_service)
|
|
(roletype object_r IProxyService_service)
|
|
(type companion_device_service)
|
|
(roletype object_r companion_device_service)
|
|
(type connectivity_native_service)
|
|
(roletype object_r connectivity_native_service)
|
|
(type connectivity_service)
|
|
(roletype object_r connectivity_service)
|
|
(type connmetrics_service)
|
|
(roletype object_r connmetrics_service)
|
|
(type consumer_ir_service)
|
|
(roletype object_r consumer_ir_service)
|
|
(type content_capture_service)
|
|
(roletype object_r content_capture_service)
|
|
(type content_suggestions_service)
|
|
(roletype object_r content_suggestions_service)
|
|
(type content_service)
|
|
(roletype object_r content_service)
|
|
(type country_detector_service)
|
|
(roletype object_r country_detector_service)
|
|
(type coverage_service)
|
|
(roletype object_r coverage_service)
|
|
(type cpuinfo_service)
|
|
(roletype object_r cpuinfo_service)
|
|
(type cpu_monitor_service)
|
|
(roletype object_r cpu_monitor_service)
|
|
(type credential_service)
|
|
(roletype object_r credential_service)
|
|
(type dataloader_manager_service)
|
|
(roletype object_r dataloader_manager_service)
|
|
(type dbinfo_service)
|
|
(roletype object_r dbinfo_service)
|
|
(type device_config_service)
|
|
(roletype object_r device_config_service)
|
|
(type device_policy_service)
|
|
(roletype object_r device_policy_service)
|
|
(type device_state_service)
|
|
(roletype object_r device_state_service)
|
|
(type deviceidle_service)
|
|
(roletype object_r deviceidle_service)
|
|
(type device_identifiers_service)
|
|
(roletype object_r device_identifiers_service)
|
|
(type devicestoragemonitor_service)
|
|
(roletype object_r devicestoragemonitor_service)
|
|
(type diskstats_service)
|
|
(roletype object_r diskstats_service)
|
|
(type display_service)
|
|
(roletype object_r display_service)
|
|
(type domain_verification_service)
|
|
(roletype object_r domain_verification_service)
|
|
(type color_display_service)
|
|
(roletype object_r color_display_service)
|
|
(type ecm_enhanced_confirmation_service)
|
|
(roletype object_r ecm_enhanced_confirmation_service)
|
|
(type external_vibrator_service)
|
|
(roletype object_r external_vibrator_service)
|
|
(type file_integrity_service)
|
|
(roletype object_r file_integrity_service)
|
|
(type font_service)
|
|
(roletype object_r font_service)
|
|
(type netd_listener_service)
|
|
(roletype object_r netd_listener_service)
|
|
(type network_watchlist_service)
|
|
(roletype object_r network_watchlist_service)
|
|
(type devicelock_service)
|
|
(roletype object_r devicelock_service)
|
|
(type DockObserver_service)
|
|
(roletype object_r DockObserver_service)
|
|
(type dreams_service)
|
|
(roletype object_r dreams_service)
|
|
(type dropbox_service)
|
|
(roletype object_r dropbox_service)
|
|
(type ethernet_service)
|
|
(roletype object_r ethernet_service)
|
|
(type biometric_service)
|
|
(roletype object_r biometric_service)
|
|
(type bugreport_service)
|
|
(roletype object_r bugreport_service)
|
|
(type platform_compat_service)
|
|
(roletype object_r platform_compat_service)
|
|
(type face_service)
|
|
(roletype object_r face_service)
|
|
(type fingerprint_service)
|
|
(roletype object_r fingerprint_service)
|
|
(type fwk_altitude_service)
|
|
(roletype object_r fwk_altitude_service)
|
|
(type fwk_stats_service)
|
|
(roletype object_r fwk_stats_service)
|
|
(type fwk_sensor_service)
|
|
(roletype object_r fwk_sensor_service)
|
|
(type fwk_vibrator_control_service)
|
|
(roletype object_r fwk_vibrator_control_service)
|
|
(type game_service)
|
|
(roletype object_r game_service)
|
|
(type gfxinfo_service)
|
|
(roletype object_r gfxinfo_service)
|
|
(type gnss_time_update_service)
|
|
(roletype object_r gnss_time_update_service)
|
|
(type grammatical_inflection_service)
|
|
(roletype object_r grammatical_inflection_service)
|
|
(type graphicsstats_service)
|
|
(roletype object_r graphicsstats_service)
|
|
(type hardware_service)
|
|
(roletype object_r hardware_service)
|
|
(type hardware_properties_service)
|
|
(roletype object_r hardware_properties_service)
|
|
(type hdmi_control_service)
|
|
(roletype object_r hdmi_control_service)
|
|
(type healthconnect_service)
|
|
(roletype object_r healthconnect_service)
|
|
(type hint_service)
|
|
(roletype object_r hint_service)
|
|
(type imms_service)
|
|
(roletype object_r imms_service)
|
|
(type incremental_service)
|
|
(roletype object_r incremental_service)
|
|
(type input_method_service)
|
|
(roletype object_r input_method_service)
|
|
(type input_service)
|
|
(roletype object_r input_service)
|
|
(type ipsec_service)
|
|
(roletype object_r ipsec_service)
|
|
(type iris_service)
|
|
(roletype object_r iris_service)
|
|
(type jobscheduler_service)
|
|
(roletype object_r jobscheduler_service)
|
|
(type launcherapps_service)
|
|
(roletype object_r launcherapps_service)
|
|
(type legacy_permission_service)
|
|
(roletype object_r legacy_permission_service)
|
|
(type light_service)
|
|
(roletype object_r light_service)
|
|
(type locale_service)
|
|
(roletype object_r locale_service)
|
|
(type location_service)
|
|
(roletype object_r location_service)
|
|
(type location_time_zone_manager_service)
|
|
(roletype object_r location_time_zone_manager_service)
|
|
(type lock_settings_service)
|
|
(roletype object_r lock_settings_service)
|
|
(type looper_stats_service)
|
|
(roletype object_r looper_stats_service)
|
|
(type media_communication_service)
|
|
(roletype object_r media_communication_service)
|
|
(type media_metrics_service)
|
|
(roletype object_r media_metrics_service)
|
|
(type media_projection_service)
|
|
(roletype object_r media_projection_service)
|
|
(type media_router_service)
|
|
(roletype object_r media_router_service)
|
|
(type media_session_service)
|
|
(roletype object_r media_session_service)
|
|
(type meminfo_service)
|
|
(roletype object_r meminfo_service)
|
|
(type memtrackproxy_service)
|
|
(roletype object_r memtrackproxy_service)
|
|
(type midi_service)
|
|
(roletype object_r midi_service)
|
|
(type mount_service)
|
|
(roletype object_r mount_service)
|
|
(type music_recognition_service)
|
|
(roletype object_r music_recognition_service)
|
|
(type nearby_service)
|
|
(roletype object_r nearby_service)
|
|
(type netpolicy_service)
|
|
(roletype object_r netpolicy_service)
|
|
(type netstats_service)
|
|
(roletype object_r netstats_service)
|
|
(type network_management_service)
|
|
(roletype object_r network_management_service)
|
|
(type network_score_service)
|
|
(roletype object_r network_score_service)
|
|
(type network_stack_service)
|
|
(roletype object_r network_stack_service)
|
|
(type network_time_update_service)
|
|
(roletype object_r network_time_update_service)
|
|
(type notification_service)
|
|
(roletype object_r notification_service)
|
|
(type oem_lock_service)
|
|
(roletype object_r oem_lock_service)
|
|
(type otadexopt_service)
|
|
(roletype object_r otadexopt_service)
|
|
(type overlay_service)
|
|
(roletype object_r overlay_service)
|
|
(type pac_proxy_service)
|
|
(roletype object_r pac_proxy_service)
|
|
(type package_service)
|
|
(roletype object_r package_service)
|
|
(type package_native_service)
|
|
(roletype object_r package_native_service)
|
|
(type people_service)
|
|
(roletype object_r people_service)
|
|
(type permission_service)
|
|
(roletype object_r permission_service)
|
|
(type permissionmgr_service)
|
|
(roletype object_r permissionmgr_service)
|
|
(type permission_checker_service)
|
|
(roletype object_r permission_checker_service)
|
|
(type persistent_data_block_service)
|
|
(roletype object_r persistent_data_block_service)
|
|
(type pinner_service)
|
|
(roletype object_r pinner_service)
|
|
(type powerstats_service)
|
|
(roletype object_r powerstats_service)
|
|
(type power_service)
|
|
(roletype object_r power_service)
|
|
(type print_service)
|
|
(roletype object_r print_service)
|
|
(type processinfo_service)
|
|
(roletype object_r processinfo_service)
|
|
(type procstats_service)
|
|
(roletype object_r procstats_service)
|
|
(type reboot_readiness_service)
|
|
(roletype object_r reboot_readiness_service)
|
|
(type recovery_service)
|
|
(roletype object_r recovery_service)
|
|
(type registry_service)
|
|
(roletype object_r registry_service)
|
|
(type remote_auth_service)
|
|
(roletype object_r remote_auth_service)
|
|
(type remote_provisioning_service)
|
|
(roletype object_r remote_provisioning_service)
|
|
(type resources_manager_service)
|
|
(roletype object_r resources_manager_service)
|
|
(type restrictions_service)
|
|
(roletype object_r restrictions_service)
|
|
(type role_service)
|
|
(roletype object_r role_service)
|
|
(type rollback_service)
|
|
(roletype object_r rollback_service)
|
|
(type runtime_service)
|
|
(roletype object_r runtime_service)
|
|
(type rttmanager_service)
|
|
(roletype object_r rttmanager_service)
|
|
(type samplingprofiler_service)
|
|
(roletype object_r samplingprofiler_service)
|
|
(type scheduling_policy_service)
|
|
(roletype object_r scheduling_policy_service)
|
|
(type search_service)
|
|
(roletype object_r search_service)
|
|
(type search_ui_service)
|
|
(roletype object_r search_ui_service)
|
|
(type sec_key_att_app_id_provider_service)
|
|
(roletype object_r sec_key_att_app_id_provider_service)
|
|
(type security_state_service)
|
|
(roletype object_r security_state_service)
|
|
(type selection_toolbar_service)
|
|
(roletype object_r selection_toolbar_service)
|
|
(type sensitive_content_protection_service)
|
|
(roletype object_r sensitive_content_protection_service)
|
|
(type sensorservice_service)
|
|
(roletype object_r sensorservice_service)
|
|
(type sensor_privacy_service)
|
|
(roletype object_r sensor_privacy_service)
|
|
(type serial_service)
|
|
(roletype object_r serial_service)
|
|
(type servicediscovery_service)
|
|
(roletype object_r servicediscovery_service)
|
|
(type settings_service)
|
|
(roletype object_r settings_service)
|
|
(type shortcut_service)
|
|
(roletype object_r shortcut_service)
|
|
(type slice_service)
|
|
(roletype object_r slice_service)
|
|
(type smartspace_service)
|
|
(roletype object_r smartspace_service)
|
|
(type statusbar_service)
|
|
(roletype object_r statusbar_service)
|
|
(type storagestats_service)
|
|
(roletype object_r storagestats_service)
|
|
(type sdk_sandbox_service)
|
|
(roletype object_r sdk_sandbox_service)
|
|
(type system_config_service)
|
|
(roletype object_r system_config_service)
|
|
(type system_server_dumper_service)
|
|
(roletype object_r system_server_dumper_service)
|
|
(type system_update_service)
|
|
(roletype object_r system_update_service)
|
|
(type soundtrigger_middleware_service)
|
|
(roletype object_r soundtrigger_middleware_service)
|
|
(type speech_recognition_service)
|
|
(roletype object_r speech_recognition_service)
|
|
(type tare_service)
|
|
(roletype object_r tare_service)
|
|
(type task_service)
|
|
(roletype object_r task_service)
|
|
(type testharness_service)
|
|
(roletype object_r testharness_service)
|
|
(type textclassification_service)
|
|
(roletype object_r textclassification_service)
|
|
(type textservices_service)
|
|
(roletype object_r textservices_service)
|
|
(type texttospeech_service)
|
|
(roletype object_r texttospeech_service)
|
|
(type telecom_service)
|
|
(roletype object_r telecom_service)
|
|
(type thermal_service)
|
|
(roletype object_r thermal_service)
|
|
(type threadnetwork_service)
|
|
(roletype object_r threadnetwork_service)
|
|
(type timedetector_service)
|
|
(roletype object_r timedetector_service)
|
|
(type timezonedetector_service)
|
|
(roletype object_r timezonedetector_service)
|
|
(type translation_service)
|
|
(roletype object_r translation_service)
|
|
(type trust_service)
|
|
(roletype object_r trust_service)
|
|
(type tv_ad_service)
|
|
(roletype object_r tv_ad_service)
|
|
(type tv_iapp_service)
|
|
(roletype object_r tv_iapp_service)
|
|
(type tv_input_service)
|
|
(roletype object_r tv_input_service)
|
|
(type tv_tuner_resource_mgr_service)
|
|
(roletype object_r tv_tuner_resource_mgr_service)
|
|
(type uimode_service)
|
|
(roletype object_r uimode_service)
|
|
(type updatelock_service)
|
|
(roletype object_r updatelock_service)
|
|
(type uri_grants_service)
|
|
(roletype object_r uri_grants_service)
|
|
(type usagestats_service)
|
|
(roletype object_r usagestats_service)
|
|
(type usb_service)
|
|
(roletype object_r usb_service)
|
|
(type user_service)
|
|
(roletype object_r user_service)
|
|
(type uwb_service)
|
|
(roletype object_r uwb_service)
|
|
(type vcn_management_service)
|
|
(roletype object_r vcn_management_service)
|
|
(type vibrator_service)
|
|
(roletype object_r vibrator_service)
|
|
(type vibrator_manager_service)
|
|
(roletype object_r vibrator_manager_service)
|
|
(type virtual_device_service)
|
|
(roletype object_r virtual_device_service)
|
|
(type virtual_device_native_service)
|
|
(roletype object_r virtual_device_native_service)
|
|
(type voiceinteraction_service)
|
|
(roletype object_r voiceinteraction_service)
|
|
(type vpn_management_service)
|
|
(roletype object_r vpn_management_service)
|
|
(type vr_manager_service)
|
|
(roletype object_r vr_manager_service)
|
|
(type wallpaper_service)
|
|
(roletype object_r wallpaper_service)
|
|
(type wallpaper_effects_generation_service)
|
|
(roletype object_r wallpaper_effects_generation_service)
|
|
(type webviewupdate_service)
|
|
(roletype object_r webviewupdate_service)
|
|
(type wifip2p_service)
|
|
(roletype object_r wifip2p_service)
|
|
(type wifiscanner_service)
|
|
(roletype object_r wifiscanner_service)
|
|
(type wifi_service)
|
|
(roletype object_r wifi_service)
|
|
(type wifinl80211_service)
|
|
(roletype object_r wifinl80211_service)
|
|
(type wifiaware_service)
|
|
(roletype object_r wifiaware_service)
|
|
(type window_service)
|
|
(roletype object_r window_service)
|
|
(type inputflinger_service)
|
|
(roletype object_r inputflinger_service)
|
|
(type tethering_service)
|
|
(roletype object_r tethering_service)
|
|
(type emergency_affordance_service)
|
|
(roletype object_r emergency_affordance_service)
|
|
(type hal_audio_service)
|
|
(roletype object_r hal_audio_service)
|
|
(type hal_audiocontrol_service)
|
|
(roletype object_r hal_audiocontrol_service)
|
|
(type hal_authgraph_service)
|
|
(roletype object_r hal_authgraph_service)
|
|
(type hal_authsecret_service)
|
|
(roletype object_r hal_authsecret_service)
|
|
(type hal_bluetooth_service)
|
|
(roletype object_r hal_bluetooth_service)
|
|
(type hal_bootctl_service)
|
|
(roletype object_r hal_bootctl_service)
|
|
(type hal_broadcastradio_service)
|
|
(roletype object_r hal_broadcastradio_service)
|
|
(type hal_camera_service)
|
|
(roletype object_r hal_camera_service)
|
|
(type hal_can_controller_service)
|
|
(roletype object_r hal_can_controller_service)
|
|
(type hal_cas_service)
|
|
(roletype object_r hal_cas_service)
|
|
(type hal_codec2_service)
|
|
(roletype object_r hal_codec2_service)
|
|
(type hal_confirmationui_service)
|
|
(roletype object_r hal_confirmationui_service)
|
|
(type hal_contexthub_service)
|
|
(roletype object_r hal_contexthub_service)
|
|
(type hal_drm_service)
|
|
(roletype object_r hal_drm_service)
|
|
(type hal_dumpstate_service)
|
|
(roletype object_r hal_dumpstate_service)
|
|
(type hal_evs_service)
|
|
(roletype object_r hal_evs_service)
|
|
(type hal_face_service)
|
|
(roletype object_r hal_face_service)
|
|
(type hal_fastboot_service)
|
|
(roletype object_r hal_fastboot_service)
|
|
(type hal_fingerprint_service)
|
|
(roletype object_r hal_fingerprint_service)
|
|
(type hal_gnss_service)
|
|
(roletype object_r hal_gnss_service)
|
|
(type hal_graphics_allocator_service)
|
|
(roletype object_r hal_graphics_allocator_service)
|
|
(type hal_graphics_composer_service)
|
|
(roletype object_r hal_graphics_composer_service)
|
|
(type hal_graphics_mapper_service)
|
|
(roletype object_r hal_graphics_mapper_service)
|
|
(type hal_health_service)
|
|
(roletype object_r hal_health_service)
|
|
(type hal_health_storage_service)
|
|
(roletype object_r hal_health_storage_service)
|
|
(type hal_identity_service)
|
|
(roletype object_r hal_identity_service)
|
|
(type hal_input_processor_service)
|
|
(roletype object_r hal_input_processor_service)
|
|
(type hal_ir_service)
|
|
(roletype object_r hal_ir_service)
|
|
(type hal_ivn_service)
|
|
(roletype object_r hal_ivn_service)
|
|
(type hal_keymint_service)
|
|
(roletype object_r hal_keymint_service)
|
|
(type hal_light_service)
|
|
(roletype object_r hal_light_service)
|
|
(type hal_macsec_service)
|
|
(roletype object_r hal_macsec_service)
|
|
(type hal_memtrack_service)
|
|
(roletype object_r hal_memtrack_service)
|
|
(type hal_neuralnetworks_service)
|
|
(roletype object_r hal_neuralnetworks_service)
|
|
(type hal_nfc_service)
|
|
(roletype object_r hal_nfc_service)
|
|
(type hal_oemlock_service)
|
|
(roletype object_r hal_oemlock_service)
|
|
(type hal_power_service)
|
|
(roletype object_r hal_power_service)
|
|
(type hal_power_stats_service)
|
|
(roletype object_r hal_power_stats_service)
|
|
(type hal_radio_service)
|
|
(roletype object_r hal_radio_service)
|
|
(type hal_rebootescrow_service)
|
|
(roletype object_r hal_rebootescrow_service)
|
|
(type hal_remoteaccess_service)
|
|
(roletype object_r hal_remoteaccess_service)
|
|
(type hal_remotelyprovisionedcomponent_avf_service)
|
|
(roletype object_r hal_remotelyprovisionedcomponent_avf_service)
|
|
(type hal_remotelyprovisionedcomponent_service)
|
|
(roletype object_r hal_remotelyprovisionedcomponent_service)
|
|
(type hal_sensors_service)
|
|
(roletype object_r hal_sensors_service)
|
|
(type hal_secretkeeper_service)
|
|
(roletype object_r hal_secretkeeper_service)
|
|
(type hal_secureclock_service)
|
|
(roletype object_r hal_secureclock_service)
|
|
(type hal_secure_element_service)
|
|
(roletype object_r hal_secure_element_service)
|
|
(type hal_sharedsecret_service)
|
|
(roletype object_r hal_sharedsecret_service)
|
|
(type hal_system_suspend_service)
|
|
(roletype object_r hal_system_suspend_service)
|
|
(type hal_tetheroffload_service)
|
|
(roletype object_r hal_tetheroffload_service)
|
|
(type hal_thermal_service)
|
|
(roletype object_r hal_thermal_service)
|
|
(type hal_tv_hdmi_cec_service)
|
|
(roletype object_r hal_tv_hdmi_cec_service)
|
|
(type hal_tv_hdmi_connection_service)
|
|
(roletype object_r hal_tv_hdmi_connection_service)
|
|
(type hal_tv_hdmi_earc_service)
|
|
(roletype object_r hal_tv_hdmi_earc_service)
|
|
(type hal_tv_input_service)
|
|
(roletype object_r hal_tv_input_service)
|
|
(type hal_threadnetwork_service)
|
|
(roletype object_r hal_threadnetwork_service)
|
|
(type hal_tv_tuner_service)
|
|
(roletype object_r hal_tv_tuner_service)
|
|
(type hal_usb_service)
|
|
(roletype object_r hal_usb_service)
|
|
(type hal_usb_gadget_service)
|
|
(roletype object_r hal_usb_gadget_service)
|
|
(type hal_uwb_service)
|
|
(roletype object_r hal_uwb_service)
|
|
(type hal_vehicle_service)
|
|
(roletype object_r hal_vehicle_service)
|
|
(type hal_vibrator_service)
|
|
(roletype object_r hal_vibrator_service)
|
|
(type hal_weaver_service)
|
|
(roletype object_r hal_weaver_service)
|
|
(type hal_nlinterceptor_service)
|
|
(roletype object_r hal_nlinterceptor_service)
|
|
(type hal_wifi_service)
|
|
(roletype object_r hal_wifi_service)
|
|
(type hal_wifi_hostapd_service)
|
|
(roletype object_r hal_wifi_hostapd_service)
|
|
(type hal_wifi_supplicant_service)
|
|
(roletype object_r hal_wifi_supplicant_service)
|
|
(type hal_gatekeeper_service)
|
|
(roletype object_r hal_gatekeeper_service)
|
|
(type servicemanager)
|
|
(roletype object_r servicemanager)
|
|
(type servicemanager_exec)
|
|
(roletype object_r servicemanager_exec)
|
|
(type sgdisk)
|
|
(roletype object_r sgdisk)
|
|
(type sgdisk_exec)
|
|
(roletype object_r sgdisk_exec)
|
|
(type shared_relro)
|
|
(roletype object_r shared_relro)
|
|
(type shell)
|
|
(roletype object_r shell)
|
|
(type shell_exec)
|
|
(roletype object_r shell_exec)
|
|
(type simpleperf)
|
|
(roletype object_r simpleperf)
|
|
(type simpleperf_app_runner)
|
|
(roletype object_r simpleperf_app_runner)
|
|
(type simpleperf_app_runner_exec)
|
|
(roletype object_r simpleperf_app_runner_exec)
|
|
(type slideshow)
|
|
(roletype object_r slideshow)
|
|
(type statsd)
|
|
(roletype object_r statsd)
|
|
(type statsd_exec)
|
|
(roletype object_r statsd_exec)
|
|
(type su)
|
|
(roletype object_r su)
|
|
(type su_exec)
|
|
(roletype object_r su_exec)
|
|
(type surfaceflinger)
|
|
(roletype object_r surfaceflinger)
|
|
(type surfaceflinger_tmpfs)
|
|
(roletype object_r surfaceflinger_tmpfs)
|
|
(type system_app)
|
|
(roletype object_r system_app)
|
|
(type system_server)
|
|
(roletype object_r system_server)
|
|
(type system_server_tmpfs)
|
|
(roletype object_r system_server_tmpfs)
|
|
(type tee)
|
|
(roletype object_r tee)
|
|
(type tee_device)
|
|
(roletype object_r tee_device)
|
|
(type tombstoned)
|
|
(roletype object_r tombstoned)
|
|
(type tombstoned_exec)
|
|
(roletype object_r tombstoned_exec)
|
|
(type toolbox)
|
|
(roletype object_r toolbox)
|
|
(type toolbox_exec)
|
|
(roletype object_r toolbox_exec)
|
|
(type traced)
|
|
(roletype object_r traced)
|
|
(type traced_tmpfs)
|
|
(roletype object_r traced_tmpfs)
|
|
(type traced_perf)
|
|
(roletype object_r traced_perf)
|
|
(type traced_probes)
|
|
(roletype object_r traced_probes)
|
|
(type traceur_app)
|
|
(roletype object_r traceur_app)
|
|
(type ueventd)
|
|
(roletype object_r ueventd)
|
|
(type ueventd_tmpfs)
|
|
(roletype object_r ueventd_tmpfs)
|
|
(type uncrypt)
|
|
(roletype object_r uncrypt)
|
|
(type uncrypt_exec)
|
|
(roletype object_r uncrypt_exec)
|
|
(type untrusted_app)
|
|
(roletype object_r untrusted_app)
|
|
(type untrusted_app_32)
|
|
(roletype object_r untrusted_app_32)
|
|
(type untrusted_app_30)
|
|
(roletype object_r untrusted_app_30)
|
|
(type untrusted_app_29)
|
|
(roletype object_r untrusted_app_29)
|
|
(type untrusted_app_27)
|
|
(roletype object_r untrusted_app_27)
|
|
(type untrusted_app_25)
|
|
(roletype object_r untrusted_app_25)
|
|
(type update_engine)
|
|
(roletype object_r update_engine)
|
|
(type update_engine_exec)
|
|
(roletype object_r update_engine_exec)
|
|
(type update_verifier)
|
|
(roletype object_r update_verifier)
|
|
(type update_verifier_exec)
|
|
(roletype object_r update_verifier_exec)
|
|
(type usbd)
|
|
(roletype object_r usbd)
|
|
(type usbd_exec)
|
|
(roletype object_r usbd_exec)
|
|
(type vdc)
|
|
(roletype object_r vdc)
|
|
(type vdc_exec)
|
|
(roletype object_r vdc_exec)
|
|
(type vendor_init)
|
|
(roletype object_r vendor_init)
|
|
(type vendor_misc_writer)
|
|
(roletype object_r vendor_misc_writer)
|
|
(type vendor_misc_writer_exec)
|
|
(roletype object_r vendor_misc_writer_exec)
|
|
(type vendor_modprobe)
|
|
(roletype object_r vendor_modprobe)
|
|
(type vendor_shell)
|
|
(roletype object_r vendor_shell)
|
|
(type vendor_shell_exec)
|
|
(roletype object_r vendor_shell_exec)
|
|
(type vendor_toolbox_exec)
|
|
(roletype object_r vendor_toolbox_exec)
|
|
(type virtual_touchpad)
|
|
(roletype object_r virtual_touchpad)
|
|
(type virtual_touchpad_exec)
|
|
(roletype object_r virtual_touchpad_exec)
|
|
(type service_manager_vndservice)
|
|
(roletype object_r service_manager_vndservice)
|
|
(type default_android_vndservice)
|
|
(roletype object_r default_android_vndservice)
|
|
(type vndservicemanager)
|
|
(roletype object_r vndservicemanager)
|
|
(type vold)
|
|
(roletype object_r vold)
|
|
(type vold_exec)
|
|
(roletype object_r vold_exec)
|
|
(type vold_prepare_subdirs)
|
|
(roletype object_r vold_prepare_subdirs)
|
|
(type vold_prepare_subdirs_exec)
|
|
(roletype object_r vold_prepare_subdirs_exec)
|
|
(type watchdogd)
|
|
(roletype object_r watchdogd)
|
|
(type watchdogd_exec)
|
|
(roletype object_r watchdogd_exec)
|
|
(type webview_zygote)
|
|
(roletype object_r webview_zygote)
|
|
(type webview_zygote_exec)
|
|
(roletype object_r webview_zygote_exec)
|
|
(type webview_zygote_tmpfs)
|
|
(roletype object_r webview_zygote_tmpfs)
|
|
(type wificond)
|
|
(roletype object_r wificond)
|
|
(type wificond_exec)
|
|
(roletype object_r wificond_exec)
|
|
(type zygote)
|
|
(roletype object_r zygote)
|
|
(type zygote_tmpfs)
|
|
(roletype object_r zygote_tmpfs)
|
|
(type zygote_exec)
|
|
(roletype object_r zygote_exec)
|
|
(typeattribute hal_lazy_test)
|
|
(expandtypeattribute (hal_lazy_test) true)
|
|
(typeattribute hal_lazy_test_client)
|
|
(expandtypeattribute (hal_lazy_test_client) true)
|
|
(typeattribute hal_lazy_test_server)
|
|
(expandtypeattribute (hal_lazy_test_server) false)
|
|
(typeattribute mlsvendorcompat)
|
|
(typeattribute system_and_vendor_property_type)
|
|
(expandtypeattribute (system_and_vendor_property_type) false)
|
|
(typeattribute sdk_sandbox_all)
|
|
(typeattributeset sdk_sandbox_all (sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next ))
|
|
(typeattribute sdk_sandbox_current)
|
|
(typeattributeset sdk_sandbox_current (sdk_sandbox_34 sdk_sandbox_audit ))
|
|
(type aconfigd)
|
|
(roletype object_r aconfigd)
|
|
(type aconfigd_exec)
|
|
(roletype object_r aconfigd_exec)
|
|
(type apex_test_prepostinstall)
|
|
(roletype object_r apex_test_prepostinstall)
|
|
(type apex_test_prepostinstall_exec)
|
|
(roletype object_r apex_test_prepostinstall_exec)
|
|
(type apexd_devpts)
|
|
(roletype object_r apexd_devpts)
|
|
(type apexd_derive_classpath)
|
|
(roletype object_r apexd_derive_classpath)
|
|
(type app_zygote_userfaultfd)
|
|
(roletype object_r app_zygote_userfaultfd)
|
|
(type art_boot)
|
|
(roletype object_r art_boot)
|
|
(type art_boot_exec)
|
|
(roletype object_r art_boot_exec)
|
|
(type artd_exec)
|
|
(roletype object_r artd_exec)
|
|
(type artd_tmpfs)
|
|
(roletype object_r artd_tmpfs)
|
|
(type artd_userfaultfd)
|
|
(roletype object_r artd_userfaultfd)
|
|
(type atrace_exec)
|
|
(roletype object_r atrace_exec)
|
|
(type audioserver_exec)
|
|
(roletype object_r audioserver_exec)
|
|
(type auditctl)
|
|
(roletype object_r auditctl)
|
|
(type auditctl_exec)
|
|
(roletype object_r auditctl_exec)
|
|
(type automotive_display_service)
|
|
(roletype object_r automotive_display_service)
|
|
(type automotive_display_service_exec)
|
|
(roletype object_r automotive_display_service_exec)
|
|
(type blank_screen)
|
|
(roletype object_r blank_screen)
|
|
(type blank_screen_exec)
|
|
(roletype object_r blank_screen_exec)
|
|
(type blkid_exec)
|
|
(roletype object_r blkid_exec)
|
|
(type bluetooth_userfaultfd)
|
|
(roletype object_r bluetooth_userfaultfd)
|
|
(type boringssl_self_test)
|
|
(roletype object_r boringssl_self_test)
|
|
(type boringssl_self_test_exec)
|
|
(roletype object_r boringssl_self_test_exec)
|
|
(type vendor_boringssl_self_test)
|
|
(roletype object_r vendor_boringssl_self_test)
|
|
(type vendor_boringssl_self_test_exec)
|
|
(roletype object_r vendor_boringssl_self_test_exec)
|
|
(type boringssl_self_test_marker)
|
|
(roletype object_r boringssl_self_test_marker)
|
|
(type bpfloader_exec)
|
|
(roletype object_r bpfloader_exec)
|
|
(type canhalconfigurator)
|
|
(roletype object_r canhalconfigurator)
|
|
(type canhalconfigurator_exec)
|
|
(roletype object_r canhalconfigurator_exec)
|
|
(type clatd)
|
|
(roletype object_r clatd)
|
|
(type clatd_exec)
|
|
(roletype object_r clatd_exec)
|
|
(type compos_fd_server)
|
|
(roletype object_r compos_fd_server)
|
|
(type compos_verify)
|
|
(roletype object_r compos_verify)
|
|
(type compos_verify_exec)
|
|
(roletype object_r compos_verify_exec)
|
|
(type composd)
|
|
(roletype object_r composd)
|
|
(type composd_exec)
|
|
(roletype object_r composd_exec)
|
|
(type cppreopts)
|
|
(roletype object_r cppreopts)
|
|
(type cppreopts_exec)
|
|
(roletype object_r cppreopts_exec)
|
|
(type crosvm)
|
|
(roletype object_r crosvm)
|
|
(type crosvm_exec)
|
|
(roletype object_r crosvm_exec)
|
|
(type crosvm_tmpfs)
|
|
(roletype object_r crosvm_tmpfs)
|
|
(type derive_classpath)
|
|
(roletype object_r derive_classpath)
|
|
(type derive_classpath_exec)
|
|
(roletype object_r derive_classpath_exec)
|
|
(type derive_sdk)
|
|
(roletype object_r derive_sdk)
|
|
(type derive_sdk_exec)
|
|
(roletype object_r derive_sdk_exec)
|
|
(type device_as_webcam)
|
|
(roletype object_r device_as_webcam)
|
|
(type device_as_webcam_userfaultfd)
|
|
(roletype object_r device_as_webcam_userfaultfd)
|
|
(type dex2oat)
|
|
(roletype object_r dex2oat)
|
|
(type dex2oat_exec)
|
|
(roletype object_r dex2oat_exec)
|
|
(type dex2oat_userfaultfd)
|
|
(roletype object_r dex2oat_userfaultfd)
|
|
(type dexopt_chroot_setup)
|
|
(roletype object_r dexopt_chroot_setup)
|
|
(type dexopt_chroot_setup_exec)
|
|
(roletype object_r dexopt_chroot_setup_exec)
|
|
(type dexopt_chroot_setup_tmpfs)
|
|
(roletype object_r dexopt_chroot_setup_tmpfs)
|
|
(type dexopt_chroot_setup_userfaultfd)
|
|
(roletype object_r dexopt_chroot_setup_userfaultfd)
|
|
(type dexoptanalyzer)
|
|
(roletype object_r dexoptanalyzer)
|
|
(type dexoptanalyzer_exec)
|
|
(roletype object_r dexoptanalyzer_exec)
|
|
(type dexoptanalyzer_tmpfs)
|
|
(roletype object_r dexoptanalyzer_tmpfs)
|
|
(type dexoptanalyzer_userfaultfd)
|
|
(roletype object_r dexoptanalyzer_userfaultfd)
|
|
(type dmesgd)
|
|
(roletype object_r dmesgd)
|
|
(type dmesgd_exec)
|
|
(roletype object_r dmesgd_exec)
|
|
(type dumpstate_tmpfs)
|
|
(roletype object_r dumpstate_tmpfs)
|
|
(type ephemeral_app_userfaultfd)
|
|
(roletype object_r ephemeral_app_userfaultfd)
|
|
(type evsmanagerd_exec)
|
|
(roletype object_r evsmanagerd_exec)
|
|
(type fastbootd_iouring)
|
|
(roletype object_r fastbootd_iouring)
|
|
(type config_gz)
|
|
(roletype object_r config_gz)
|
|
(type fs_bpf_net_private)
|
|
(roletype object_r fs_bpf_net_private)
|
|
(type fs_bpf_net_shared)
|
|
(roletype object_r fs_bpf_net_shared)
|
|
(type fs_bpf_netd_readonly)
|
|
(roletype object_r fs_bpf_netd_readonly)
|
|
(type fs_bpf_netd_shared)
|
|
(roletype object_r fs_bpf_netd_shared)
|
|
(type fs_bpf_loader)
|
|
(roletype object_r fs_bpf_loader)
|
|
(type fs_bpf_uprobestats)
|
|
(roletype object_r fs_bpf_uprobestats)
|
|
(type storaged_data_file)
|
|
(roletype object_r storaged_data_file)
|
|
(type wm_trace_data_file)
|
|
(roletype object_r wm_trace_data_file)
|
|
(type accessibility_trace_data_file)
|
|
(roletype object_r accessibility_trace_data_file)
|
|
(type perfetto_traces_data_file)
|
|
(roletype object_r perfetto_traces_data_file)
|
|
(type perfetto_traces_bugreport_data_file)
|
|
(roletype object_r perfetto_traces_bugreport_data_file)
|
|
(type perfetto_traces_profiling_data_file)
|
|
(roletype object_r perfetto_traces_profiling_data_file)
|
|
(type perfetto_configs_data_file)
|
|
(roletype object_r perfetto_configs_data_file)
|
|
(type uprobestats_configs_data_file)
|
|
(roletype object_r uprobestats_configs_data_file)
|
|
(type oatdump_exec)
|
|
(roletype object_r oatdump_exec)
|
|
(type sdk_sandbox_system_data_file)
|
|
(roletype object_r sdk_sandbox_system_data_file)
|
|
(type sdk_sandbox_data_file)
|
|
(roletype object_r sdk_sandbox_data_file)
|
|
(type debugfs_kcov)
|
|
(roletype object_r debugfs_kcov)
|
|
(type app_exec_data_file)
|
|
(roletype object_r app_exec_data_file)
|
|
(type rollback_data_file)
|
|
(roletype object_r rollback_data_file)
|
|
(type checkin_data_file)
|
|
(roletype object_r checkin_data_file)
|
|
(type ota_image_data_file)
|
|
(roletype object_r ota_image_data_file)
|
|
(type gsi_persistent_data_file)
|
|
(roletype object_r gsi_persistent_data_file)
|
|
(type emergency_data_file)
|
|
(roletype object_r emergency_data_file)
|
|
(type profcollectd_data_file)
|
|
(roletype object_r profcollectd_data_file)
|
|
(type apex_art_data_file)
|
|
(roletype object_r apex_art_data_file)
|
|
(type apex_art_staging_data_file)
|
|
(roletype object_r apex_art_staging_data_file)
|
|
(type apex_compos_data_file)
|
|
(roletype object_r apex_compos_data_file)
|
|
(type apex_virt_data_file)
|
|
(roletype object_r apex_virt_data_file)
|
|
(type apex_tethering_data_file)
|
|
(roletype object_r apex_tethering_data_file)
|
|
(type apex_appsearch_data_file)
|
|
(roletype object_r apex_appsearch_data_file)
|
|
(type apex_permission_data_file)
|
|
(roletype object_r apex_permission_data_file)
|
|
(type apex_scheduling_data_file)
|
|
(roletype object_r apex_scheduling_data_file)
|
|
(type apex_wifi_data_file)
|
|
(roletype object_r apex_wifi_data_file)
|
|
(type font_data_file)
|
|
(roletype object_r font_data_file)
|
|
(type dmesgd_data_file)
|
|
(roletype object_r dmesgd_data_file)
|
|
(type odrefresh_data_file)
|
|
(roletype object_r odrefresh_data_file)
|
|
(type odsign_data_file)
|
|
(roletype object_r odsign_data_file)
|
|
(type odsign_metrics_file)
|
|
(roletype object_r odsign_metrics_file)
|
|
(type virtualizationservice_data_file)
|
|
(roletype object_r virtualizationservice_data_file)
|
|
(type environ_system_data_file)
|
|
(roletype object_r environ_system_data_file)
|
|
(type bootanim_data_file)
|
|
(roletype object_r bootanim_data_file)
|
|
(type kvm_device)
|
|
(roletype object_r kvm_device)
|
|
(type fd_server_exec)
|
|
(roletype object_r fd_server_exec)
|
|
(type compos_exec)
|
|
(roletype object_r compos_exec)
|
|
(type compos_key_helper_exec)
|
|
(roletype object_r compos_key_helper_exec)
|
|
(type art_exec_exec)
|
|
(roletype object_r art_exec_exec)
|
|
(type prng_seeder_socket)
|
|
(roletype object_r prng_seeder_socket)
|
|
(type sysfs_dt_avf)
|
|
(roletype object_r sysfs_dt_avf)
|
|
(type proc_dt_avf)
|
|
(roletype object_r proc_dt_avf)
|
|
(type system_font_fallback_file)
|
|
(roletype object_r system_font_fallback_file)
|
|
(type sysfs_uprobe)
|
|
(roletype object_r sysfs_uprobe)
|
|
(type aconfigd_socket)
|
|
(roletype object_r aconfigd_socket)
|
|
(type system_aconfig_storage_file)
|
|
(roletype object_r system_aconfig_storage_file)
|
|
(type vendor_aconfig_storage_file)
|
|
(roletype object_r vendor_aconfig_storage_file)
|
|
(type fsverity_init)
|
|
(roletype object_r fsverity_init)
|
|
(type fsverity_init_exec)
|
|
(roletype object_r fsverity_init_exec)
|
|
(type fuseblkd_exec)
|
|
(roletype object_r fuseblkd_exec)
|
|
(type fuseblkd)
|
|
(roletype object_r fuseblkd)
|
|
(type fuseblkd_untrusted_exec)
|
|
(roletype object_r fuseblkd_untrusted_exec)
|
|
(type fuseblkd_untrusted)
|
|
(roletype object_r fuseblkd_untrusted)
|
|
(type fwk_bufferhub)
|
|
(roletype object_r fwk_bufferhub)
|
|
(type fwk_bufferhub_exec)
|
|
(roletype object_r fwk_bufferhub_exec)
|
|
(type gki_apex_prepostinstall)
|
|
(roletype object_r gki_apex_prepostinstall)
|
|
(type gki_apex_prepostinstall_exec)
|
|
(roletype object_r gki_apex_prepostinstall_exec)
|
|
(type gmscore_app_userfaultfd)
|
|
(roletype object_r gmscore_app_userfaultfd)
|
|
(type gpuservice_exec)
|
|
(roletype object_r gpuservice_exec)
|
|
(type gsid)
|
|
(roletype object_r gsid)
|
|
(type gsid_exec)
|
|
(roletype object_r gsid_exec)
|
|
(type hal_allocator_default)
|
|
(roletype object_r hal_allocator_default)
|
|
(type hal_allocator_default_exec)
|
|
(roletype object_r hal_allocator_default_exec)
|
|
(type heapprofd_exec)
|
|
(roletype object_r heapprofd_exec)
|
|
(type heapprofd_tmpfs)
|
|
(roletype object_r heapprofd_tmpfs)
|
|
(type hidl_lazy_test_server)
|
|
(roletype object_r hidl_lazy_test_server)
|
|
(type hidl_lazy_test_server_exec)
|
|
(roletype object_r hidl_lazy_test_server_exec)
|
|
(type hal_lazy_test_hwservice)
|
|
(roletype object_r hal_lazy_test_hwservice)
|
|
(type incident_exec)
|
|
(roletype object_r incident_exec)
|
|
(type incident_helper_exec)
|
|
(roletype object_r incident_helper_exec)
|
|
(type incidentd_exec)
|
|
(roletype object_r incidentd_exec)
|
|
(type isolated_app_userfaultfd)
|
|
(roletype object_r isolated_app_userfaultfd)
|
|
(type isolated_compute_app_userfaultfd)
|
|
(roletype object_r isolated_compute_app_userfaultfd)
|
|
(type iw)
|
|
(roletype object_r iw)
|
|
(type iw_exec)
|
|
(roletype object_r iw_exec)
|
|
(type shell_key)
|
|
(roletype object_r shell_key)
|
|
(type su_key)
|
|
(roletype object_r su_key)
|
|
(type vold_key)
|
|
(roletype object_r vold_key)
|
|
(type odsign_key)
|
|
(roletype object_r odsign_key)
|
|
(type locksettings_key)
|
|
(roletype object_r locksettings_key)
|
|
(type resume_on_reboot_key)
|
|
(roletype object_r resume_on_reboot_key)
|
|
(type linkerconfig)
|
|
(roletype object_r linkerconfig)
|
|
(type linkerconfig_exec)
|
|
(roletype object_r linkerconfig_exec)
|
|
(type lpdumpd)
|
|
(roletype object_r lpdumpd)
|
|
(type lpdumpd_exec)
|
|
(roletype object_r lpdumpd_exec)
|
|
(type mdnsd_exec)
|
|
(roletype object_r mdnsd_exec)
|
|
(type mediaprovider_userfaultfd)
|
|
(roletype object_r mediaprovider_userfaultfd)
|
|
(type mediaprovider_app)
|
|
(roletype object_r mediaprovider_app)
|
|
(type mediaprovider_app_userfaultfd)
|
|
(roletype object_r mediaprovider_app_userfaultfd)
|
|
(type mediatranscoding_exec)
|
|
(roletype object_r mediatranscoding_exec)
|
|
(type mediatranscoding_tmpfs)
|
|
(roletype object_r mediatranscoding_tmpfs)
|
|
(type mediatuner)
|
|
(roletype object_r mediatuner)
|
|
(type mediatuner_exec)
|
|
(roletype object_r mediatuner_exec)
|
|
(type migrate_legacy_obb_data)
|
|
(roletype object_r migrate_legacy_obb_data)
|
|
(type migrate_legacy_obb_data_exec)
|
|
(roletype object_r migrate_legacy_obb_data_exec)
|
|
(type misctrl)
|
|
(roletype object_r misctrl)
|
|
(type misctrl_exec)
|
|
(roletype object_r misctrl_exec)
|
|
(type mm_events)
|
|
(roletype object_r mm_events)
|
|
(type mm_events_exec)
|
|
(roletype object_r mm_events_exec)
|
|
(type mtectrl)
|
|
(roletype object_r mtectrl)
|
|
(type mtectrl_exec)
|
|
(roletype object_r mtectrl_exec)
|
|
(type network_stack_userfaultfd)
|
|
(roletype object_r network_stack_userfaultfd)
|
|
(type nfc_userfaultfd)
|
|
(roletype object_r nfc_userfaultfd)
|
|
(type odrefresh)
|
|
(roletype object_r odrefresh)
|
|
(type odrefresh_exec)
|
|
(roletype object_r odrefresh_exec)
|
|
(type odrefresh_userfaultfd)
|
|
(roletype object_r odrefresh_userfaultfd)
|
|
(type odsign)
|
|
(roletype object_r odsign)
|
|
(type odsign_exec)
|
|
(roletype object_r odsign_exec)
|
|
(type odsign_devpts)
|
|
(roletype object_r odsign_devpts)
|
|
(type ot_daemon)
|
|
(roletype object_r ot_daemon)
|
|
(type ot_daemon_exec)
|
|
(roletype object_r ot_daemon_exec)
|
|
(type otapreopt_chroot_exec)
|
|
(roletype object_r otapreopt_chroot_exec)
|
|
(type otapreopt_slot)
|
|
(roletype object_r otapreopt_slot)
|
|
(type otapreopt_slot_exec)
|
|
(roletype object_r otapreopt_slot_exec)
|
|
(type perfetto_exec)
|
|
(roletype object_r perfetto_exec)
|
|
(type perfetto_tmpfs)
|
|
(roletype object_r perfetto_tmpfs)
|
|
(type permissioncontroller_app)
|
|
(roletype object_r permissioncontroller_app)
|
|
(type permissioncontroller_app_userfaultfd)
|
|
(roletype object_r permissioncontroller_app_userfaultfd)
|
|
(type platform_app_userfaultfd)
|
|
(roletype object_r platform_app_userfaultfd)
|
|
(type postinstall_exec)
|
|
(roletype object_r postinstall_exec)
|
|
(type postinstall_dexopt)
|
|
(roletype object_r postinstall_dexopt)
|
|
(type postinstall_dexopt_exec)
|
|
(roletype object_r postinstall_dexopt_exec)
|
|
(type postinstall_dexopt_tmpfs)
|
|
(roletype object_r postinstall_dexopt_tmpfs)
|
|
(type preloads_copy)
|
|
(roletype object_r preloads_copy)
|
|
(type preloads_copy_exec)
|
|
(roletype object_r preloads_copy_exec)
|
|
(type preopt2cachename)
|
|
(roletype object_r preopt2cachename)
|
|
(type preopt2cachename_exec)
|
|
(roletype object_r preopt2cachename_exec)
|
|
(type priv_app_userfaultfd)
|
|
(roletype object_r priv_app_userfaultfd)
|
|
(type priv_app_devpts)
|
|
(roletype object_r priv_app_devpts)
|
|
(type prng_seeder_exec)
|
|
(roletype object_r prng_seeder_exec)
|
|
(type profcollectd)
|
|
(roletype object_r profcollectd)
|
|
(type profcollectd_exec)
|
|
(roletype object_r profcollectd_exec)
|
|
(type adbd_prop)
|
|
(roletype object_r adbd_prop)
|
|
(type apexd_payload_metadata_prop)
|
|
(roletype object_r apexd_payload_metadata_prop)
|
|
(type ctl_snapuserd_prop)
|
|
(roletype object_r ctl_snapuserd_prop)
|
|
(type crashrecovery_prop)
|
|
(roletype object_r crashrecovery_prop)
|
|
(type device_config_core_experiments_team_internal_prop)
|
|
(roletype object_r device_config_core_experiments_team_internal_prop)
|
|
(type device_config_lmkd_native_prop)
|
|
(roletype object_r device_config_lmkd_native_prop)
|
|
(type device_config_mglru_native_prop)
|
|
(roletype object_r device_config_mglru_native_prop)
|
|
(type device_config_profcollect_native_boot_prop)
|
|
(roletype object_r device_config_profcollect_native_boot_prop)
|
|
(type device_config_remote_key_provisioning_native_prop)
|
|
(roletype object_r device_config_remote_key_provisioning_native_prop)
|
|
(type device_config_statsd_native_prop)
|
|
(roletype object_r device_config_statsd_native_prop)
|
|
(type device_config_statsd_native_boot_prop)
|
|
(roletype object_r device_config_statsd_native_boot_prop)
|
|
(type device_config_storage_native_boot_prop)
|
|
(roletype object_r device_config_storage_native_boot_prop)
|
|
(type device_config_sys_traced_prop)
|
|
(roletype object_r device_config_sys_traced_prop)
|
|
(type device_config_window_manager_native_boot_prop)
|
|
(roletype object_r device_config_window_manager_native_boot_prop)
|
|
(type device_config_configuration_prop)
|
|
(roletype object_r device_config_configuration_prop)
|
|
(type device_config_connectivity_prop)
|
|
(roletype object_r device_config_connectivity_prop)
|
|
(type device_config_swcodec_native_prop)
|
|
(roletype object_r device_config_swcodec_native_prop)
|
|
(type device_config_tethering_u_or_later_native_prop)
|
|
(roletype object_r device_config_tethering_u_or_later_native_prop)
|
|
(type dmesgd_start_prop)
|
|
(roletype object_r dmesgd_start_prop)
|
|
(type fastbootd_protocol_prop)
|
|
(roletype object_r fastbootd_protocol_prop)
|
|
(type gsid_prop)
|
|
(roletype object_r gsid_prop)
|
|
(type init_perf_lsm_hooks_prop)
|
|
(roletype object_r init_perf_lsm_hooks_prop)
|
|
(type init_service_status_private_prop)
|
|
(roletype object_r init_service_status_private_prop)
|
|
(type init_storage_prop)
|
|
(roletype object_r init_storage_prop)
|
|
(type init_svc_debug_prop)
|
|
(roletype object_r init_svc_debug_prop)
|
|
(type keystore_crash_prop)
|
|
(roletype object_r keystore_crash_prop)
|
|
(type keystore_listen_prop)
|
|
(roletype object_r keystore_listen_prop)
|
|
(type last_boot_reason_prop)
|
|
(roletype object_r last_boot_reason_prop)
|
|
(type localization_prop)
|
|
(roletype object_r localization_prop)
|
|
(type logd_auditrate_prop)
|
|
(roletype object_r logd_auditrate_prop)
|
|
(type lower_kptr_restrict_prop)
|
|
(roletype object_r lower_kptr_restrict_prop)
|
|
(type net_464xlat_fromvendor_prop)
|
|
(roletype object_r net_464xlat_fromvendor_prop)
|
|
(type net_connectivity_prop)
|
|
(roletype object_r net_connectivity_prop)
|
|
(type netd_stable_secret_prop)
|
|
(roletype object_r netd_stable_secret_prop)
|
|
(type next_boot_prop)
|
|
(roletype object_r next_boot_prop)
|
|
(type odsign_prop)
|
|
(roletype object_r odsign_prop)
|
|
(type misctrl_prop)
|
|
(roletype object_r misctrl_prop)
|
|
(type perf_drop_caches_prop)
|
|
(roletype object_r perf_drop_caches_prop)
|
|
(type pm_prop)
|
|
(roletype object_r pm_prop)
|
|
(type profcollectd_node_id_prop)
|
|
(roletype object_r profcollectd_node_id_prop)
|
|
(type radio_cdma_ecm_prop)
|
|
(roletype object_r radio_cdma_ecm_prop)
|
|
(type remote_prov_prop)
|
|
(roletype object_r remote_prov_prop)
|
|
(type rollback_test_prop)
|
|
(roletype object_r rollback_test_prop)
|
|
(type setupwizard_prop)
|
|
(roletype object_r setupwizard_prop)
|
|
(type snapuserd_prop)
|
|
(roletype object_r snapuserd_prop)
|
|
(type system_adbd_prop)
|
|
(roletype object_r system_adbd_prop)
|
|
(type system_audio_config_prop)
|
|
(roletype object_r system_audio_config_prop)
|
|
(type timezone_metadata_prop)
|
|
(roletype object_r timezone_metadata_prop)
|
|
(type traced_perf_enabled_prop)
|
|
(roletype object_r traced_perf_enabled_prop)
|
|
(type uprobestats_start_with_config_prop)
|
|
(roletype object_r uprobestats_start_with_config_prop)
|
|
(type tuner_server_ctl_prop)
|
|
(roletype object_r tuner_server_ctl_prop)
|
|
(type userspace_reboot_log_prop)
|
|
(roletype object_r userspace_reboot_log_prop)
|
|
(type userspace_reboot_test_prop)
|
|
(roletype object_r userspace_reboot_test_prop)
|
|
(type verity_status_prop)
|
|
(roletype object_r verity_status_prop)
|
|
(type zygote_wrap_prop)
|
|
(roletype object_r zygote_wrap_prop)
|
|
(type ctl_mediatranscoding_prop)
|
|
(roletype object_r ctl_mediatranscoding_prop)
|
|
(type ctl_odsign_prop)
|
|
(roletype object_r ctl_odsign_prop)
|
|
(type virtualizationservice_prop)
|
|
(roletype object_r virtualizationservice_prop)
|
|
(type ctl_apex_load_prop)
|
|
(roletype object_r ctl_apex_load_prop)
|
|
(type enable_16k_pages_prop)
|
|
(roletype object_r enable_16k_pages_prop)
|
|
(type sensors_config_prop)
|
|
(roletype object_r sensors_config_prop)
|
|
(type hypervisor_pvmfw_prop)
|
|
(roletype object_r hypervisor_pvmfw_prop)
|
|
(type hypervisor_virtualizationmanager_prop)
|
|
(roletype object_r hypervisor_virtualizationmanager_prop)
|
|
(type game_manager_config_prop)
|
|
(roletype object_r game_manager_config_prop)
|
|
(type hidl_memory_prop)
|
|
(roletype object_r hidl_memory_prop)
|
|
(type suspend_debug_prop)
|
|
(roletype object_r suspend_debug_prop)
|
|
(type device_config_virtualization_framework_native_prop)
|
|
(roletype object_r device_config_virtualization_framework_native_prop)
|
|
(type log_file_logger_prop)
|
|
(roletype object_r log_file_logger_prop)
|
|
(type persist_sysui_builder_extras_prop)
|
|
(roletype object_r persist_sysui_builder_extras_prop)
|
|
(type persist_sysui_ranking_update_prop)
|
|
(roletype object_r persist_sysui_ranking_update_prop)
|
|
(type radio_userfaultfd)
|
|
(roletype object_r radio_userfaultfd)
|
|
(type remount)
|
|
(roletype object_r remount)
|
|
(type remount_exec)
|
|
(roletype object_r remount_exec)
|
|
(type rkpd)
|
|
(roletype object_r rkpd)
|
|
(type rkpd_exec)
|
|
(roletype object_r rkpd_exec)
|
|
(type rkpdapp_userfaultfd)
|
|
(roletype object_r rkpdapp_userfaultfd)
|
|
(type rss_hwm_reset_exec)
|
|
(roletype object_r rss_hwm_reset_exec)
|
|
(type runas_app_userfaultfd)
|
|
(roletype object_r runas_app_userfaultfd)
|
|
(type sdk_sandbox_34)
|
|
(roletype object_r sdk_sandbox_34)
|
|
(type sdk_sandbox_34_userfaultfd)
|
|
(roletype object_r sdk_sandbox_34_userfaultfd)
|
|
(type sdk_sandbox_audit)
|
|
(roletype object_r sdk_sandbox_audit)
|
|
(type sdk_sandbox_audit_userfaultfd)
|
|
(roletype object_r sdk_sandbox_audit_userfaultfd)
|
|
(type sdk_sandbox_next)
|
|
(roletype object_r sdk_sandbox_next)
|
|
(type sdk_sandbox_next_userfaultfd)
|
|
(roletype object_r sdk_sandbox_next_userfaultfd)
|
|
(type secure_element_userfaultfd)
|
|
(roletype object_r secure_element_userfaultfd)
|
|
(type adaptive_auth_service)
|
|
(roletype object_r adaptive_auth_service)
|
|
(type ambient_context_service)
|
|
(roletype object_r ambient_context_service)
|
|
(type attention_service)
|
|
(roletype object_r attention_service)
|
|
(type bg_install_control_service)
|
|
(roletype object_r bg_install_control_service)
|
|
(type compos_service)
|
|
(roletype object_r compos_service)
|
|
(type communal_service)
|
|
(roletype object_r communal_service)
|
|
(type dynamic_system_service)
|
|
(roletype object_r dynamic_system_service)
|
|
(type feature_flags_service)
|
|
(roletype object_r feature_flags_service)
|
|
(type gsi_service)
|
|
(roletype object_r gsi_service)
|
|
(type incidentcompanion_service)
|
|
(roletype object_r incidentcompanion_service)
|
|
(type logcat_service)
|
|
(roletype object_r logcat_service)
|
|
(type logd_service)
|
|
(roletype object_r logd_service)
|
|
(type mediatuner_service)
|
|
(roletype object_r mediatuner_service)
|
|
(type profcollectd_service)
|
|
(roletype object_r profcollectd_service)
|
|
(type resolver_service)
|
|
(roletype object_r resolver_service)
|
|
(type rkpd_registrar_service)
|
|
(roletype object_r rkpd_registrar_service)
|
|
(type rkpd_refresh_service)
|
|
(roletype object_r rkpd_refresh_service)
|
|
(type safety_center_service)
|
|
(roletype object_r safety_center_service)
|
|
(type stats_service)
|
|
(roletype object_r stats_service)
|
|
(type statsbootstrap_service)
|
|
(roletype object_r statsbootstrap_service)
|
|
(type statscompanion_service)
|
|
(roletype object_r statscompanion_service)
|
|
(type statsmanager_service)
|
|
(roletype object_r statsmanager_service)
|
|
(type tracingproxy_service)
|
|
(roletype object_r tracingproxy_service)
|
|
(type transparency_service)
|
|
(roletype object_r transparency_service)
|
|
(type uce_service)
|
|
(roletype object_r uce_service)
|
|
(type wearable_sensing_service)
|
|
(roletype object_r wearable_sensing_service)
|
|
(type shared_relro_userfaultfd)
|
|
(roletype object_r shared_relro_userfaultfd)
|
|
(type shell_userfaultfd)
|
|
(roletype object_r shell_userfaultfd)
|
|
(type simpleperf_exec)
|
|
(roletype object_r simpleperf_exec)
|
|
(type simpleperf_userfaultfd)
|
|
(roletype object_r simpleperf_userfaultfd)
|
|
(type simpleperf_boot)
|
|
(roletype object_r simpleperf_boot)
|
|
(type simpleperf_boot_data_file)
|
|
(roletype object_r simpleperf_boot_data_file)
|
|
(type snapshotctl)
|
|
(roletype object_r snapshotctl)
|
|
(type snapshotctl_exec)
|
|
(roletype object_r snapshotctl_exec)
|
|
(type snapuserd)
|
|
(roletype object_r snapuserd)
|
|
(type snapuserd_exec)
|
|
(roletype object_r snapuserd_exec)
|
|
(type snapuserd_iouring)
|
|
(roletype object_r snapuserd_iouring)
|
|
(type stats)
|
|
(roletype object_r stats)
|
|
(type stats_exec)
|
|
(roletype object_r stats_exec)
|
|
(type storaged)
|
|
(roletype object_r storaged)
|
|
(type storaged_exec)
|
|
(roletype object_r storaged_exec)
|
|
(type surfaceflinger_exec)
|
|
(roletype object_r surfaceflinger_exec)
|
|
(type system_app_userfaultfd)
|
|
(roletype object_r system_app_userfaultfd)
|
|
(type system_server_userfaultfd)
|
|
(roletype object_r system_server_userfaultfd)
|
|
(type system_server_startup)
|
|
(roletype object_r system_server_startup)
|
|
(type system_server_startup_tmpfs)
|
|
(roletype object_r system_server_startup_tmpfs)
|
|
(type system_suspend)
|
|
(roletype object_r system_suspend)
|
|
(type system_suspend_exec)
|
|
(roletype object_r system_suspend_exec)
|
|
(type traced_exec)
|
|
(roletype object_r traced_exec)
|
|
(type traced_perf_exec)
|
|
(roletype object_r traced_perf_exec)
|
|
(type traced_probes_exec)
|
|
(roletype object_r traced_probes_exec)
|
|
(type traced_probes_tmpfs)
|
|
(roletype object_r traced_probes_tmpfs)
|
|
(type traceur_app_userfaultfd)
|
|
(roletype object_r traceur_app_userfaultfd)
|
|
(type untrusted_app_userfaultfd)
|
|
(roletype object_r untrusted_app_userfaultfd)
|
|
(type untrusted_app_25_userfaultfd)
|
|
(roletype object_r untrusted_app_25_userfaultfd)
|
|
(type untrusted_app_27_userfaultfd)
|
|
(roletype object_r untrusted_app_27_userfaultfd)
|
|
(type untrusted_app_29_userfaultfd)
|
|
(roletype object_r untrusted_app_29_userfaultfd)
|
|
(type untrusted_app_30_userfaultfd)
|
|
(roletype object_r untrusted_app_30_userfaultfd)
|
|
(type untrusted_app_32_userfaultfd)
|
|
(roletype object_r untrusted_app_32_userfaultfd)
|
|
(type untrusted_app_all_devpts)
|
|
(roletype object_r untrusted_app_all_devpts)
|
|
(type uprobestats)
|
|
(roletype object_r uprobestats)
|
|
(type uprobestats_exec)
|
|
(roletype object_r uprobestats_exec)
|
|
(type vehicle_binding_util)
|
|
(roletype object_r vehicle_binding_util)
|
|
(type vehicle_binding_util_exec)
|
|
(roletype object_r vehicle_binding_util_exec)
|
|
(type viewcompiler)
|
|
(roletype object_r viewcompiler)
|
|
(type viewcompiler_exec)
|
|
(roletype object_r viewcompiler_exec)
|
|
(type viewcompiler_tmpfs)
|
|
(roletype object_r viewcompiler_tmpfs)
|
|
(type virtual_camera)
|
|
(roletype object_r virtual_camera)
|
|
(type virtual_camera_exec)
|
|
(roletype object_r virtual_camera_exec)
|
|
(type virtualizationmanager)
|
|
(roletype object_r virtualizationmanager)
|
|
(type virtualizationmanager_exec)
|
|
(roletype object_r virtualizationmanager_exec)
|
|
(type virtualizationservice)
|
|
(roletype object_r virtualizationservice)
|
|
(type virtualizationservice_exec)
|
|
(roletype object_r virtualizationservice_exec)
|
|
(type vzwomatrigger_app)
|
|
(roletype object_r vzwomatrigger_app)
|
|
(type vzwomatrigger_app_userfaultfd)
|
|
(roletype object_r vzwomatrigger_app_userfaultfd)
|
|
(type wait_for_keymaster)
|
|
(roletype object_r wait_for_keymaster)
|
|
(type wait_for_keymaster_exec)
|
|
(roletype object_r wait_for_keymaster_exec)
|
|
(type webview_zygote_userfaultfd)
|
|
(roletype object_r webview_zygote_userfaultfd)
|
|
(type zygote_userfaultfd)
|
|
(roletype object_r zygote_userfaultfd)
|
|
(user u)
|
|
(userrole u object_r)
|
|
(userrole u r)
|
|
(userlevel u (s0 ))
|
|
(userrange u ((s0 ) (s0 (range c0 c1023))))
|
|
(sensitivity s0)
|
|
(sensitivitycategory s0 (c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 c15 c16 c17 c18 c19 c20 c21 c22 c23 c24 c25 c26 c27 c28 c29 c30 c31 c32 c33 c34 c35 c36 c37 c38 c39 c40 c41 c42 c43 c44 c45 c46 c47 c48 c49 c50 c51 c52 c53 c54 c55 c56 c57 c58 c59 c60 c61 c62 c63 c64 c65 c66 c67 c68 c69 c70 c71 c72 c73 c74 c75 c76 c77 c78 c79 c80 c81 c82 c83 c84 c85 c86 c87 c88 c89 c90 c91 c92 c93 c94 c95 c96 c97 c98 c99 c100 c101 c102 c103 c104 c105 c106 c107 c108 c109 c110 c111 c112 c113 c114 c115 c116 c117 c118 c119 c120 c121 c122 c123 c124 c125 c126 c127 c128 c129 c130 c131 c132 c133 c134 c135 c136 c137 c138 c139 c140 c141 c142 c143 c144 c145 c146 c147 c148 c149 c150 c151 c152 c153 c154 c155 c156 c157 c158 c159 c160 c161 c162 c163 c164 c165 c166 c167 c168 c169 c170 c171 c172 c173 c174 c175 c176 c177 c178 c179 c180 c181 c182 c183 c184 c185 c186 c187 c188 c189 c190 c191 c192 c193 c194 c195 c196 c197 c198 c199 c200 c201 c202 c203 c204 c205 c206 c207 c208 c209 c210 c211 c212 c213 c214 c215 c216 c217 c218 c219 c220 c221 c222 c223 c224 c225 c226 c227 c228 c229 c230 c231 c232 c233 c234 c235 c236 c237 c238 c239 c240 c241 c242 c243 c244 c245 c246 c247 c248 c249 c250 c251 c252 c253 c254 c255 c256 c257 c258 c259 c260 c261 c262 c263 c264 c265 c266 c267 c268 c269 c270 c271 c272 c273 c274 c275 c276 c277 c278 c279 c280 c281 c282 c283 c284 c285 c286 c287 c288 c289 c290 c291 c292 c293 c294 c295 c296 c297 c298 c299 c300 c301 c302 c303 c304 c305 c306 c307 c308 c309 c310 c311 c312 c313 c314 c315 c316 c317 c318 c319 c320 c321 c322 c323 c324 c325 c326 c327 c328 c329 c330 c331 c332 c333 c334 c335 c336 c337 c338 c339 c340 c341 c342 c343 c344 c345 c346 c347 c348 c349 c350 c351 c352 c353 c354 c355 c356 c357 c358 c359 c360 c361 c362 c363 c364 c365 c366 c367 c368 c369 c370 c371 c372 c373 c374 c375 c376 c377 c378 c379 c380 c381 c382 c383 c384 c385 c386 c387 c388 c389 c390 c391 c392 c393 c394 c395 c396 c397 c398 c399 c400 c401 c402 c403 c404 c405 c406 c407 c408 c409 c410 c411 c412 c413 c414 c415 c416 c417 c418 c419 c420 c421 c422 c423 c424 c425 c426 c427 c428 c429 c430 c431 c432 c433 c434 c435 c436 c437 c438 c439 c440 c441 c442 c443 c444 c445 c446 c447 c448 c449 c450 c451 c452 c453 c454 c455 c456 c457 c458 c459 c460 c461 c462 c463 c464 c465 c466 c467 c468 c469 c470 c471 c472 c473 c474 c475 c476 c477 c478 c479 c480 c481 c482 c483 c484 c485 c486 c487 c488 c489 c490 c491 c492 c493 c494 c495 c496 c497 c498 c499 c500 c501 c502 c503 c504 c505 c506 c507 c508 c509 c510 c511 c512 c513 c514 c515 c516 c517 c518 c519 c520 c521 c522 c523 c524 c525 c526 c527 c528 c529 c530 c531 c532 c533 c534 c535 c536 c537 c538 c539 c540 c541 c542 c543 c544 c545 c546 c547 c548 c549 c550 c551 c552 c553 c554 c555 c556 c557 c558 c559 c560 c561 c562 c563 c564 c565 c566 c567 c568 c569 c570 c571 c572 c573 c574 c575 c576 c577 c578 c579 c580 c581 c582 c583 c584 c585 c586 c587 c588 c589 c590 c591 c592 c593 c594 c595 c596 c597 c598 c599 c600 c601 c602 c603 c604 c605 c606 c607 c608 c609 c610 c611 c612 c613 c614 c615 c616 c617 c618 c619 c620 c621 c622 c623 c624 c625 c626 c627 c628 c629 c630 c631 c632 c633 c634 c635 c636 c637 c638 c639 c640 c641 c642 c643 c644 c645 c646 c647 c648 c649 c650 c651 c652 c653 c654 c655 c656 c657 c658 c659 c660 c661 c662 c663 c664 c665 c666 c667 c668 c669 c670 c671 c672 c673 c674 c675 c676 c677 c678 c679 c680 c681 c682 c683 c684 c685 c686 c687 c688 c689 c690 c691 c692 c693 c694 c695 c696 c697 c698 c699 c700 c701 c702 c703 c704 c705 c706 c707 c708 c709 c710 c711 c712 c713 c714 c715 c716 c717 c718 c719 c720 c721 c722 c723 c724 c725 c726 c727 c728 c729 c730 c731 c732 c733 c734 c735 c736 c737 c738 c739 c740 c741 c742 c743 c744 c745 c746 c747 c748 c749 c750 c751 c752 c753 c754 c755 c756 c757 c758 c759 c760 c761 c762 c763 c764 c765 c766 c767 c768 c769 c770 c771 c772 c773 c774 c775 c776 c777 c778 c779 c780 c781 c782 c783 c784 c785 c786 c787 c788 c789 c790 c791 c792 c793 c794 c795 c796 c797 c798 c799 c800 c801 c802 c803 c804 c805 c806 c807 c808 c809 c810 c811 c812 c813 c814 c815 c816 c817 c818 c819 c820 c821 c822 c823 c824 c825 c826 c827 c828 c829 c830 c831 c832 c833 c834 c835 c836 c837 c838 c839 c840 c841 c842 c843 c844 c845 c846 c847 c848 c849 c850 c851 c852 c853 c854 c855 c856 c857 c858 c859 c860 c861 c862 c863 c864 c865 c866 c867 c868 c869 c870 c871 c872 c873 c874 c875 c876 c877 c878 c879 c880 c881 c882 c883 c884 c885 c886 c887 c888 c889 c890 c891 c892 c893 c894 c895 c896 c897 c898 c899 c900 c901 c902 c903 c904 c905 c906 c907 c908 c909 c910 c911 c912 c913 c914 c915 c916 c917 c918 c919 c920 c921 c922 c923 c924 c925 c926 c927 c928 c929 c930 c931 c932 c933 c934 c935 c936 c937 c938 c939 c940 c941 c942 c943 c944 c945 c946 c947 c948 c949 c950 c951 c952 c953 c954 c955 c956 c957 c958 c959 c960 c961 c962 c963 c964 c965 c966 c967 c968 c969 c970 c971 c972 c973 c974 c975 c976 c977 c978 c979 c980 c981 c982 c983 c984 c985 c986 c987 c988 c989 c990 c991 c992 c993 c994 c995 c996 c997 c998 c999 c1000 c1001 c1002 c1003 c1004 c1005 c1006 c1007 c1008 c1009 c1010 c1011 c1012 c1013 c1014 c1015 c1016 c1017 c1018 c1019 c1020 c1021 c1022 c1023 ))
|
|
(sensitivityorder (s0 ))
|
|
(category c0)
|
|
(category c1)
|
|
(category c2)
|
|
(category c3)
|
|
(category c4)
|
|
(category c5)
|
|
(category c6)
|
|
(category c7)
|
|
(category c8)
|
|
(category c9)
|
|
(category c10)
|
|
(category c11)
|
|
(category c12)
|
|
(category c13)
|
|
(category c14)
|
|
(category c15)
|
|
(category c16)
|
|
(category c17)
|
|
(category c18)
|
|
(category c19)
|
|
(category c20)
|
|
(category c21)
|
|
(category c22)
|
|
(category c23)
|
|
(category c24)
|
|
(category c25)
|
|
(category c26)
|
|
(category c27)
|
|
(category c28)
|
|
(category c29)
|
|
(category c30)
|
|
(category c31)
|
|
(category c32)
|
|
(category c33)
|
|
(category c34)
|
|
(category c35)
|
|
(category c36)
|
|
(category c37)
|
|
(category c38)
|
|
(category c39)
|
|
(category c40)
|
|
(category c41)
|
|
(category c42)
|
|
(category c43)
|
|
(category c44)
|
|
(category c45)
|
|
(category c46)
|
|
(category c47)
|
|
(category c48)
|
|
(category c49)
|
|
(category c50)
|
|
(category c51)
|
|
(category c52)
|
|
(category c53)
|
|
(category c54)
|
|
(category c55)
|
|
(category c56)
|
|
(category c57)
|
|
(category c58)
|
|
(category c59)
|
|
(category c60)
|
|
(category c61)
|
|
(category c62)
|
|
(category c63)
|
|
(category c64)
|
|
(category c65)
|
|
(category c66)
|
|
(category c67)
|
|
(category c68)
|
|
(category c69)
|
|
(category c70)
|
|
(category c71)
|
|
(category c72)
|
|
(category c73)
|
|
(category c74)
|
|
(category c75)
|
|
(category c76)
|
|
(category c77)
|
|
(category c78)
|
|
(category c79)
|
|
(category c80)
|
|
(category c81)
|
|
(category c82)
|
|
(category c83)
|
|
(category c84)
|
|
(category c85)
|
|
(category c86)
|
|
(category c87)
|
|
(category c88)
|
|
(category c89)
|
|
(category c90)
|
|
(category c91)
|
|
(category c92)
|
|
(category c93)
|
|
(category c94)
|
|
(category c95)
|
|
(category c96)
|
|
(category c97)
|
|
(category c98)
|
|
(category c99)
|
|
(category c100)
|
|
(category c101)
|
|
(category c102)
|
|
(category c103)
|
|
(category c104)
|
|
(category c105)
|
|
(category c106)
|
|
(category c107)
|
|
(category c108)
|
|
(category c109)
|
|
(category c110)
|
|
(category c111)
|
|
(category c112)
|
|
(category c113)
|
|
(category c114)
|
|
(category c115)
|
|
(category c116)
|
|
(category c117)
|
|
(category c118)
|
|
(category c119)
|
|
(category c120)
|
|
(category c121)
|
|
(category c122)
|
|
(category c123)
|
|
(category c124)
|
|
(category c125)
|
|
(category c126)
|
|
(category c127)
|
|
(category c128)
|
|
(category c129)
|
|
(category c130)
|
|
(category c131)
|
|
(category c132)
|
|
(category c133)
|
|
(category c134)
|
|
(category c135)
|
|
(category c136)
|
|
(category c137)
|
|
(category c138)
|
|
(category c139)
|
|
(category c140)
|
|
(category c141)
|
|
(category c142)
|
|
(category c143)
|
|
(category c144)
|
|
(category c145)
|
|
(category c146)
|
|
(category c147)
|
|
(category c148)
|
|
(category c149)
|
|
(category c150)
|
|
(category c151)
|
|
(category c152)
|
|
(category c153)
|
|
(category c154)
|
|
(category c155)
|
|
(category c156)
|
|
(category c157)
|
|
(category c158)
|
|
(category c159)
|
|
(category c160)
|
|
(category c161)
|
|
(category c162)
|
|
(category c163)
|
|
(category c164)
|
|
(category c165)
|
|
(category c166)
|
|
(category c167)
|
|
(category c168)
|
|
(category c169)
|
|
(category c170)
|
|
(category c171)
|
|
(category c172)
|
|
(category c173)
|
|
(category c174)
|
|
(category c175)
|
|
(category c176)
|
|
(category c177)
|
|
(category c178)
|
|
(category c179)
|
|
(category c180)
|
|
(category c181)
|
|
(category c182)
|
|
(category c183)
|
|
(category c184)
|
|
(category c185)
|
|
(category c186)
|
|
(category c187)
|
|
(category c188)
|
|
(category c189)
|
|
(category c190)
|
|
(category c191)
|
|
(category c192)
|
|
(category c193)
|
|
(category c194)
|
|
(category c195)
|
|
(category c196)
|
|
(category c197)
|
|
(category c198)
|
|
(category c199)
|
|
(category c200)
|
|
(category c201)
|
|
(category c202)
|
|
(category c203)
|
|
(category c204)
|
|
(category c205)
|
|
(category c206)
|
|
(category c207)
|
|
(category c208)
|
|
(category c209)
|
|
(category c210)
|
|
(category c211)
|
|
(category c212)
|
|
(category c213)
|
|
(category c214)
|
|
(category c215)
|
|
(category c216)
|
|
(category c217)
|
|
(category c218)
|
|
(category c219)
|
|
(category c220)
|
|
(category c221)
|
|
(category c222)
|
|
(category c223)
|
|
(category c224)
|
|
(category c225)
|
|
(category c226)
|
|
(category c227)
|
|
(category c228)
|
|
(category c229)
|
|
(category c230)
|
|
(category c231)
|
|
(category c232)
|
|
(category c233)
|
|
(category c234)
|
|
(category c235)
|
|
(category c236)
|
|
(category c237)
|
|
(category c238)
|
|
(category c239)
|
|
(category c240)
|
|
(category c241)
|
|
(category c242)
|
|
(category c243)
|
|
(category c244)
|
|
(category c245)
|
|
(category c246)
|
|
(category c247)
|
|
(category c248)
|
|
(category c249)
|
|
(category c250)
|
|
(category c251)
|
|
(category c252)
|
|
(category c253)
|
|
(category c254)
|
|
(category c255)
|
|
(category c256)
|
|
(category c257)
|
|
(category c258)
|
|
(category c259)
|
|
(category c260)
|
|
(category c261)
|
|
(category c262)
|
|
(category c263)
|
|
(category c264)
|
|
(category c265)
|
|
(category c266)
|
|
(category c267)
|
|
(category c268)
|
|
(category c269)
|
|
(category c270)
|
|
(category c271)
|
|
(category c272)
|
|
(category c273)
|
|
(category c274)
|
|
(category c275)
|
|
(category c276)
|
|
(category c277)
|
|
(category c278)
|
|
(category c279)
|
|
(category c280)
|
|
(category c281)
|
|
(category c282)
|
|
(category c283)
|
|
(category c284)
|
|
(category c285)
|
|
(category c286)
|
|
(category c287)
|
|
(category c288)
|
|
(category c289)
|
|
(category c290)
|
|
(category c291)
|
|
(category c292)
|
|
(category c293)
|
|
(category c294)
|
|
(category c295)
|
|
(category c296)
|
|
(category c297)
|
|
(category c298)
|
|
(category c299)
|
|
(category c300)
|
|
(category c301)
|
|
(category c302)
|
|
(category c303)
|
|
(category c304)
|
|
(category c305)
|
|
(category c306)
|
|
(category c307)
|
|
(category c308)
|
|
(category c309)
|
|
(category c310)
|
|
(category c311)
|
|
(category c312)
|
|
(category c313)
|
|
(category c314)
|
|
(category c315)
|
|
(category c316)
|
|
(category c317)
|
|
(category c318)
|
|
(category c319)
|
|
(category c320)
|
|
(category c321)
|
|
(category c322)
|
|
(category c323)
|
|
(category c324)
|
|
(category c325)
|
|
(category c326)
|
|
(category c327)
|
|
(category c328)
|
|
(category c329)
|
|
(category c330)
|
|
(category c331)
|
|
(category c332)
|
|
(category c333)
|
|
(category c334)
|
|
(category c335)
|
|
(category c336)
|
|
(category c337)
|
|
(category c338)
|
|
(category c339)
|
|
(category c340)
|
|
(category c341)
|
|
(category c342)
|
|
(category c343)
|
|
(category c344)
|
|
(category c345)
|
|
(category c346)
|
|
(category c347)
|
|
(category c348)
|
|
(category c349)
|
|
(category c350)
|
|
(category c351)
|
|
(category c352)
|
|
(category c353)
|
|
(category c354)
|
|
(category c355)
|
|
(category c356)
|
|
(category c357)
|
|
(category c358)
|
|
(category c359)
|
|
(category c360)
|
|
(category c361)
|
|
(category c362)
|
|
(category c363)
|
|
(category c364)
|
|
(category c365)
|
|
(category c366)
|
|
(category c367)
|
|
(category c368)
|
|
(category c369)
|
|
(category c370)
|
|
(category c371)
|
|
(category c372)
|
|
(category c373)
|
|
(category c374)
|
|
(category c375)
|
|
(category c376)
|
|
(category c377)
|
|
(category c378)
|
|
(category c379)
|
|
(category c380)
|
|
(category c381)
|
|
(category c382)
|
|
(category c383)
|
|
(category c384)
|
|
(category c385)
|
|
(category c386)
|
|
(category c387)
|
|
(category c388)
|
|
(category c389)
|
|
(category c390)
|
|
(category c391)
|
|
(category c392)
|
|
(category c393)
|
|
(category c394)
|
|
(category c395)
|
|
(category c396)
|
|
(category c397)
|
|
(category c398)
|
|
(category c399)
|
|
(category c400)
|
|
(category c401)
|
|
(category c402)
|
|
(category c403)
|
|
(category c404)
|
|
(category c405)
|
|
(category c406)
|
|
(category c407)
|
|
(category c408)
|
|
(category c409)
|
|
(category c410)
|
|
(category c411)
|
|
(category c412)
|
|
(category c413)
|
|
(category c414)
|
|
(category c415)
|
|
(category c416)
|
|
(category c417)
|
|
(category c418)
|
|
(category c419)
|
|
(category c420)
|
|
(category c421)
|
|
(category c422)
|
|
(category c423)
|
|
(category c424)
|
|
(category c425)
|
|
(category c426)
|
|
(category c427)
|
|
(category c428)
|
|
(category c429)
|
|
(category c430)
|
|
(category c431)
|
|
(category c432)
|
|
(category c433)
|
|
(category c434)
|
|
(category c435)
|
|
(category c436)
|
|
(category c437)
|
|
(category c438)
|
|
(category c439)
|
|
(category c440)
|
|
(category c441)
|
|
(category c442)
|
|
(category c443)
|
|
(category c444)
|
|
(category c445)
|
|
(category c446)
|
|
(category c447)
|
|
(category c448)
|
|
(category c449)
|
|
(category c450)
|
|
(category c451)
|
|
(category c452)
|
|
(category c453)
|
|
(category c454)
|
|
(category c455)
|
|
(category c456)
|
|
(category c457)
|
|
(category c458)
|
|
(category c459)
|
|
(category c460)
|
|
(category c461)
|
|
(category c462)
|
|
(category c463)
|
|
(category c464)
|
|
(category c465)
|
|
(category c466)
|
|
(category c467)
|
|
(category c468)
|
|
(category c469)
|
|
(category c470)
|
|
(category c471)
|
|
(category c472)
|
|
(category c473)
|
|
(category c474)
|
|
(category c475)
|
|
(category c476)
|
|
(category c477)
|
|
(category c478)
|
|
(category c479)
|
|
(category c480)
|
|
(category c481)
|
|
(category c482)
|
|
(category c483)
|
|
(category c484)
|
|
(category c485)
|
|
(category c486)
|
|
(category c487)
|
|
(category c488)
|
|
(category c489)
|
|
(category c490)
|
|
(category c491)
|
|
(category c492)
|
|
(category c493)
|
|
(category c494)
|
|
(category c495)
|
|
(category c496)
|
|
(category c497)
|
|
(category c498)
|
|
(category c499)
|
|
(category c500)
|
|
(category c501)
|
|
(category c502)
|
|
(category c503)
|
|
(category c504)
|
|
(category c505)
|
|
(category c506)
|
|
(category c507)
|
|
(category c508)
|
|
(category c509)
|
|
(category c510)
|
|
(category c511)
|
|
(category c512)
|
|
(category c513)
|
|
(category c514)
|
|
(category c515)
|
|
(category c516)
|
|
(category c517)
|
|
(category c518)
|
|
(category c519)
|
|
(category c520)
|
|
(category c521)
|
|
(category c522)
|
|
(category c523)
|
|
(category c524)
|
|
(category c525)
|
|
(category c526)
|
|
(category c527)
|
|
(category c528)
|
|
(category c529)
|
|
(category c530)
|
|
(category c531)
|
|
(category c532)
|
|
(category c533)
|
|
(category c534)
|
|
(category c535)
|
|
(category c536)
|
|
(category c537)
|
|
(category c538)
|
|
(category c539)
|
|
(category c540)
|
|
(category c541)
|
|
(category c542)
|
|
(category c543)
|
|
(category c544)
|
|
(category c545)
|
|
(category c546)
|
|
(category c547)
|
|
(category c548)
|
|
(category c549)
|
|
(category c550)
|
|
(category c551)
|
|
(category c552)
|
|
(category c553)
|
|
(category c554)
|
|
(category c555)
|
|
(category c556)
|
|
(category c557)
|
|
(category c558)
|
|
(category c559)
|
|
(category c560)
|
|
(category c561)
|
|
(category c562)
|
|
(category c563)
|
|
(category c564)
|
|
(category c565)
|
|
(category c566)
|
|
(category c567)
|
|
(category c568)
|
|
(category c569)
|
|
(category c570)
|
|
(category c571)
|
|
(category c572)
|
|
(category c573)
|
|
(category c574)
|
|
(category c575)
|
|
(category c576)
|
|
(category c577)
|
|
(category c578)
|
|
(category c579)
|
|
(category c580)
|
|
(category c581)
|
|
(category c582)
|
|
(category c583)
|
|
(category c584)
|
|
(category c585)
|
|
(category c586)
|
|
(category c587)
|
|
(category c588)
|
|
(category c589)
|
|
(category c590)
|
|
(category c591)
|
|
(category c592)
|
|
(category c593)
|
|
(category c594)
|
|
(category c595)
|
|
(category c596)
|
|
(category c597)
|
|
(category c598)
|
|
(category c599)
|
|
(category c600)
|
|
(category c601)
|
|
(category c602)
|
|
(category c603)
|
|
(category c604)
|
|
(category c605)
|
|
(category c606)
|
|
(category c607)
|
|
(category c608)
|
|
(category c609)
|
|
(category c610)
|
|
(category c611)
|
|
(category c612)
|
|
(category c613)
|
|
(category c614)
|
|
(category c615)
|
|
(category c616)
|
|
(category c617)
|
|
(category c618)
|
|
(category c619)
|
|
(category c620)
|
|
(category c621)
|
|
(category c622)
|
|
(category c623)
|
|
(category c624)
|
|
(category c625)
|
|
(category c626)
|
|
(category c627)
|
|
(category c628)
|
|
(category c629)
|
|
(category c630)
|
|
(category c631)
|
|
(category c632)
|
|
(category c633)
|
|
(category c634)
|
|
(category c635)
|
|
(category c636)
|
|
(category c637)
|
|
(category c638)
|
|
(category c639)
|
|
(category c640)
|
|
(category c641)
|
|
(category c642)
|
|
(category c643)
|
|
(category c644)
|
|
(category c645)
|
|
(category c646)
|
|
(category c647)
|
|
(category c648)
|
|
(category c649)
|
|
(category c650)
|
|
(category c651)
|
|
(category c652)
|
|
(category c653)
|
|
(category c654)
|
|
(category c655)
|
|
(category c656)
|
|
(category c657)
|
|
(category c658)
|
|
(category c659)
|
|
(category c660)
|
|
(category c661)
|
|
(category c662)
|
|
(category c663)
|
|
(category c664)
|
|
(category c665)
|
|
(category c666)
|
|
(category c667)
|
|
(category c668)
|
|
(category c669)
|
|
(category c670)
|
|
(category c671)
|
|
(category c672)
|
|
(category c673)
|
|
(category c674)
|
|
(category c675)
|
|
(category c676)
|
|
(category c677)
|
|
(category c678)
|
|
(category c679)
|
|
(category c680)
|
|
(category c681)
|
|
(category c682)
|
|
(category c683)
|
|
(category c684)
|
|
(category c685)
|
|
(category c686)
|
|
(category c687)
|
|
(category c688)
|
|
(category c689)
|
|
(category c690)
|
|
(category c691)
|
|
(category c692)
|
|
(category c693)
|
|
(category c694)
|
|
(category c695)
|
|
(category c696)
|
|
(category c697)
|
|
(category c698)
|
|
(category c699)
|
|
(category c700)
|
|
(category c701)
|
|
(category c702)
|
|
(category c703)
|
|
(category c704)
|
|
(category c705)
|
|
(category c706)
|
|
(category c707)
|
|
(category c708)
|
|
(category c709)
|
|
(category c710)
|
|
(category c711)
|
|
(category c712)
|
|
(category c713)
|
|
(category c714)
|
|
(category c715)
|
|
(category c716)
|
|
(category c717)
|
|
(category c718)
|
|
(category c719)
|
|
(category c720)
|
|
(category c721)
|
|
(category c722)
|
|
(category c723)
|
|
(category c724)
|
|
(category c725)
|
|
(category c726)
|
|
(category c727)
|
|
(category c728)
|
|
(category c729)
|
|
(category c730)
|
|
(category c731)
|
|
(category c732)
|
|
(category c733)
|
|
(category c734)
|
|
(category c735)
|
|
(category c736)
|
|
(category c737)
|
|
(category c738)
|
|
(category c739)
|
|
(category c740)
|
|
(category c741)
|
|
(category c742)
|
|
(category c743)
|
|
(category c744)
|
|
(category c745)
|
|
(category c746)
|
|
(category c747)
|
|
(category c748)
|
|
(category c749)
|
|
(category c750)
|
|
(category c751)
|
|
(category c752)
|
|
(category c753)
|
|
(category c754)
|
|
(category c755)
|
|
(category c756)
|
|
(category c757)
|
|
(category c758)
|
|
(category c759)
|
|
(category c760)
|
|
(category c761)
|
|
(category c762)
|
|
(category c763)
|
|
(category c764)
|
|
(category c765)
|
|
(category c766)
|
|
(category c767)
|
|
(category c768)
|
|
(category c769)
|
|
(category c770)
|
|
(category c771)
|
|
(category c772)
|
|
(category c773)
|
|
(category c774)
|
|
(category c775)
|
|
(category c776)
|
|
(category c777)
|
|
(category c778)
|
|
(category c779)
|
|
(category c780)
|
|
(category c781)
|
|
(category c782)
|
|
(category c783)
|
|
(category c784)
|
|
(category c785)
|
|
(category c786)
|
|
(category c787)
|
|
(category c788)
|
|
(category c789)
|
|
(category c790)
|
|
(category c791)
|
|
(category c792)
|
|
(category c793)
|
|
(category c794)
|
|
(category c795)
|
|
(category c796)
|
|
(category c797)
|
|
(category c798)
|
|
(category c799)
|
|
(category c800)
|
|
(category c801)
|
|
(category c802)
|
|
(category c803)
|
|
(category c804)
|
|
(category c805)
|
|
(category c806)
|
|
(category c807)
|
|
(category c808)
|
|
(category c809)
|
|
(category c810)
|
|
(category c811)
|
|
(category c812)
|
|
(category c813)
|
|
(category c814)
|
|
(category c815)
|
|
(category c816)
|
|
(category c817)
|
|
(category c818)
|
|
(category c819)
|
|
(category c820)
|
|
(category c821)
|
|
(category c822)
|
|
(category c823)
|
|
(category c824)
|
|
(category c825)
|
|
(category c826)
|
|
(category c827)
|
|
(category c828)
|
|
(category c829)
|
|
(category c830)
|
|
(category c831)
|
|
(category c832)
|
|
(category c833)
|
|
(category c834)
|
|
(category c835)
|
|
(category c836)
|
|
(category c837)
|
|
(category c838)
|
|
(category c839)
|
|
(category c840)
|
|
(category c841)
|
|
(category c842)
|
|
(category c843)
|
|
(category c844)
|
|
(category c845)
|
|
(category c846)
|
|
(category c847)
|
|
(category c848)
|
|
(category c849)
|
|
(category c850)
|
|
(category c851)
|
|
(category c852)
|
|
(category c853)
|
|
(category c854)
|
|
(category c855)
|
|
(category c856)
|
|
(category c857)
|
|
(category c858)
|
|
(category c859)
|
|
(category c860)
|
|
(category c861)
|
|
(category c862)
|
|
(category c863)
|
|
(category c864)
|
|
(category c865)
|
|
(category c866)
|
|
(category c867)
|
|
(category c868)
|
|
(category c869)
|
|
(category c870)
|
|
(category c871)
|
|
(category c872)
|
|
(category c873)
|
|
(category c874)
|
|
(category c875)
|
|
(category c876)
|
|
(category c877)
|
|
(category c878)
|
|
(category c879)
|
|
(category c880)
|
|
(category c881)
|
|
(category c882)
|
|
(category c883)
|
|
(category c884)
|
|
(category c885)
|
|
(category c886)
|
|
(category c887)
|
|
(category c888)
|
|
(category c889)
|
|
(category c890)
|
|
(category c891)
|
|
(category c892)
|
|
(category c893)
|
|
(category c894)
|
|
(category c895)
|
|
(category c896)
|
|
(category c897)
|
|
(category c898)
|
|
(category c899)
|
|
(category c900)
|
|
(category c901)
|
|
(category c902)
|
|
(category c903)
|
|
(category c904)
|
|
(category c905)
|
|
(category c906)
|
|
(category c907)
|
|
(category c908)
|
|
(category c909)
|
|
(category c910)
|
|
(category c911)
|
|
(category c912)
|
|
(category c913)
|
|
(category c914)
|
|
(category c915)
|
|
(category c916)
|
|
(category c917)
|
|
(category c918)
|
|
(category c919)
|
|
(category c920)
|
|
(category c921)
|
|
(category c922)
|
|
(category c923)
|
|
(category c924)
|
|
(category c925)
|
|
(category c926)
|
|
(category c927)
|
|
(category c928)
|
|
(category c929)
|
|
(category c930)
|
|
(category c931)
|
|
(category c932)
|
|
(category c933)
|
|
(category c934)
|
|
(category c935)
|
|
(category c936)
|
|
(category c937)
|
|
(category c938)
|
|
(category c939)
|
|
(category c940)
|
|
(category c941)
|
|
(category c942)
|
|
(category c943)
|
|
(category c944)
|
|
(category c945)
|
|
(category c946)
|
|
(category c947)
|
|
(category c948)
|
|
(category c949)
|
|
(category c950)
|
|
(category c951)
|
|
(category c952)
|
|
(category c953)
|
|
(category c954)
|
|
(category c955)
|
|
(category c956)
|
|
(category c957)
|
|
(category c958)
|
|
(category c959)
|
|
(category c960)
|
|
(category c961)
|
|
(category c962)
|
|
(category c963)
|
|
(category c964)
|
|
(category c965)
|
|
(category c966)
|
|
(category c967)
|
|
(category c968)
|
|
(category c969)
|
|
(category c970)
|
|
(category c971)
|
|
(category c972)
|
|
(category c973)
|
|
(category c974)
|
|
(category c975)
|
|
(category c976)
|
|
(category c977)
|
|
(category c978)
|
|
(category c979)
|
|
(category c980)
|
|
(category c981)
|
|
(category c982)
|
|
(category c983)
|
|
(category c984)
|
|
(category c985)
|
|
(category c986)
|
|
(category c987)
|
|
(category c988)
|
|
(category c989)
|
|
(category c990)
|
|
(category c991)
|
|
(category c992)
|
|
(category c993)
|
|
(category c994)
|
|
(category c995)
|
|
(category c996)
|
|
(category c997)
|
|
(category c998)
|
|
(category c999)
|
|
(category c1000)
|
|
(category c1001)
|
|
(category c1002)
|
|
(category c1003)
|
|
(category c1004)
|
|
(category c1005)
|
|
(category c1006)
|
|
(category c1007)
|
|
(category c1008)
|
|
(category c1009)
|
|
(category c1010)
|
|
(category c1011)
|
|
(category c1012)
|
|
(category c1013)
|
|
(category c1014)
|
|
(category c1015)
|
|
(category c1016)
|
|
(category c1017)
|
|
(category c1018)
|
|
(category c1019)
|
|
(category c1020)
|
|
(category c1021)
|
|
(category c1022)
|
|
(category c1023)
|
|
(categoryorder (c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 c15 c16 c17 c18 c19 c20 c21 c22 c23 c24 c25 c26 c27 c28 c29 c30 c31 c32 c33 c34 c35 c36 c37 c38 c39 c40 c41 c42 c43 c44 c45 c46 c47 c48 c49 c50 c51 c52 c53 c54 c55 c56 c57 c58 c59 c60 c61 c62 c63 c64 c65 c66 c67 c68 c69 c70 c71 c72 c73 c74 c75 c76 c77 c78 c79 c80 c81 c82 c83 c84 c85 c86 c87 c88 c89 c90 c91 c92 c93 c94 c95 c96 c97 c98 c99 c100 c101 c102 c103 c104 c105 c106 c107 c108 c109 c110 c111 c112 c113 c114 c115 c116 c117 c118 c119 c120 c121 c122 c123 c124 c125 c126 c127 c128 c129 c130 c131 c132 c133 c134 c135 c136 c137 c138 c139 c140 c141 c142 c143 c144 c145 c146 c147 c148 c149 c150 c151 c152 c153 c154 c155 c156 c157 c158 c159 c160 c161 c162 c163 c164 c165 c166 c167 c168 c169 c170 c171 c172 c173 c174 c175 c176 c177 c178 c179 c180 c181 c182 c183 c184 c185 c186 c187 c188 c189 c190 c191 c192 c193 c194 c195 c196 c197 c198 c199 c200 c201 c202 c203 c204 c205 c206 c207 c208 c209 c210 c211 c212 c213 c214 c215 c216 c217 c218 c219 c220 c221 c222 c223 c224 c225 c226 c227 c228 c229 c230 c231 c232 c233 c234 c235 c236 c237 c238 c239 c240 c241 c242 c243 c244 c245 c246 c247 c248 c249 c250 c251 c252 c253 c254 c255 c256 c257 c258 c259 c260 c261 c262 c263 c264 c265 c266 c267 c268 c269 c270 c271 c272 c273 c274 c275 c276 c277 c278 c279 c280 c281 c282 c283 c284 c285 c286 c287 c288 c289 c290 c291 c292 c293 c294 c295 c296 c297 c298 c299 c300 c301 c302 c303 c304 c305 c306 c307 c308 c309 c310 c311 c312 c313 c314 c315 c316 c317 c318 c319 c320 c321 c322 c323 c324 c325 c326 c327 c328 c329 c330 c331 c332 c333 c334 c335 c336 c337 c338 c339 c340 c341 c342 c343 c344 c345 c346 c347 c348 c349 c350 c351 c352 c353 c354 c355 c356 c357 c358 c359 c360 c361 c362 c363 c364 c365 c366 c367 c368 c369 c370 c371 c372 c373 c374 c375 c376 c377 c378 c379 c380 c381 c382 c383 c384 c385 c386 c387 c388 c389 c390 c391 c392 c393 c394 c395 c396 c397 c398 c399 c400 c401 c402 c403 c404 c405 c406 c407 c408 c409 c410 c411 c412 c413 c414 c415 c416 c417 c418 c419 c420 c421 c422 c423 c424 c425 c426 c427 c428 c429 c430 c431 c432 c433 c434 c435 c436 c437 c438 c439 c440 c441 c442 c443 c444 c445 c446 c447 c448 c449 c450 c451 c452 c453 c454 c455 c456 c457 c458 c459 c460 c461 c462 c463 c464 c465 c466 c467 c468 c469 c470 c471 c472 c473 c474 c475 c476 c477 c478 c479 c480 c481 c482 c483 c484 c485 c486 c487 c488 c489 c490 c491 c492 c493 c494 c495 c496 c497 c498 c499 c500 c501 c502 c503 c504 c505 c506 c507 c508 c509 c510 c511 c512 c513 c514 c515 c516 c517 c518 c519 c520 c521 c522 c523 c524 c525 c526 c527 c528 c529 c530 c531 c532 c533 c534 c535 c536 c537 c538 c539 c540 c541 c542 c543 c544 c545 c546 c547 c548 c549 c550 c551 c552 c553 c554 c555 c556 c557 c558 c559 c560 c561 c562 c563 c564 c565 c566 c567 c568 c569 c570 c571 c572 c573 c574 c575 c576 c577 c578 c579 c580 c581 c582 c583 c584 c585 c586 c587 c588 c589 c590 c591 c592 c593 c594 c595 c596 c597 c598 c599 c600 c601 c602 c603 c604 c605 c606 c607 c608 c609 c610 c611 c612 c613 c614 c615 c616 c617 c618 c619 c620 c621 c622 c623 c624 c625 c626 c627 c628 c629 c630 c631 c632 c633 c634 c635 c636 c637 c638 c639 c640 c641 c642 c643 c644 c645 c646 c647 c648 c649 c650 c651 c652 c653 c654 c655 c656 c657 c658 c659 c660 c661 c662 c663 c664 c665 c666 c667 c668 c669 c670 c671 c672 c673 c674 c675 c676 c677 c678 c679 c680 c681 c682 c683 c684 c685 c686 c687 c688 c689 c690 c691 c692 c693 c694 c695 c696 c697 c698 c699 c700 c701 c702 c703 c704 c705 c706 c707 c708 c709 c710 c711 c712 c713 c714 c715 c716 c717 c718 c719 c720 c721 c722 c723 c724 c725 c726 c727 c728 c729 c730 c731 c732 c733 c734 c735 c736 c737 c738 c739 c740 c741 c742 c743 c744 c745 c746 c747 c748 c749 c750 c751 c752 c753 c754 c755 c756 c757 c758 c759 c760 c761 c762 c763 c764 c765 c766 c767 c768 c769 c770 c771 c772 c773 c774 c775 c776 c777 c778 c779 c780 c781 c782 c783 c784 c785 c786 c787 c788 c789 c790 c791 c792 c793 c794 c795 c796 c797 c798 c799 c800 c801 c802 c803 c804 c805 c806 c807 c808 c809 c810 c811 c812 c813 c814 c815 c816 c817 c818 c819 c820 c821 c822 c823 c824 c825 c826 c827 c828 c829 c830 c831 c832 c833 c834 c835 c836 c837 c838 c839 c840 c841 c842 c843 c844 c845 c846 c847 c848 c849 c850 c851 c852 c853 c854 c855 c856 c857 c858 c859 c860 c861 c862 c863 c864 c865 c866 c867 c868 c869 c870 c871 c872 c873 c874 c875 c876 c877 c878 c879 c880 c881 c882 c883 c884 c885 c886 c887 c888 c889 c890 c891 c892 c893 c894 c895 c896 c897 c898 c899 c900 c901 c902 c903 c904 c905 c906 c907 c908 c909 c910 c911 c912 c913 c914 c915 c916 c917 c918 c919 c920 c921 c922 c923 c924 c925 c926 c927 c928 c929 c930 c931 c932 c933 c934 c935 c936 c937 c938 c939 c940 c941 c942 c943 c944 c945 c946 c947 c948 c949 c950 c951 c952 c953 c954 c955 c956 c957 c958 c959 c960 c961 c962 c963 c964 c965 c966 c967 c968 c969 c970 c971 c972 c973 c974 c975 c976 c977 c978 c979 c980 c981 c982 c983 c984 c985 c986 c987 c988 c989 c990 c991 c992 c993 c994 c995 c996 c997 c998 c999 c1000 c1001 c1002 c1003 c1004 c1005 c1006 c1007 c1008 c1009 c1010 c1011 c1012 c1013 c1014 c1015 c1016 c1017 c1018 c1019 c1020 c1021 c1022 c1023 ))
|
|
;;* lmx 330 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_1 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 330 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_2 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 330 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_3 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 331 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_4 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 331 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_5 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 331 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_6 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 332 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_7 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 332 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_8 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 332 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_9 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 333 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_10 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 333 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_11 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 333 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_12 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 334 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_13 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 334 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_14 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 334 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_15 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 335 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_16 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 335 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_17 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 335 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_18 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 336 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_19 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 336 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_20 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 336 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_21 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 337 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_22 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 337 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_23 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 337 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_24 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 338 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_25 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 338 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_26 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 338 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_27 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 339 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_28 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 339 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_29 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 339 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_30 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 340 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_31 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 340 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_32 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 340 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_33 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 341 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_34 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 341 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_35 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 341 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_36 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 342 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_37 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 342 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_38 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 342 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_39 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 343 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_40 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 343 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_41 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 343 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_42 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 344 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_43 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 344 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_44 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 344 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_45 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 345 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_46 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 345 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_47 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 345 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_48 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 346 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_49 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 346 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_50 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 346 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_51 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 347 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_52 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 347 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_53 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 347 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_54 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 348 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_55 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 348 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_56 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 348 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_57 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 349 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_58 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 349 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_59 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 349 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_60 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 350 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_61 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 350 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_62 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 350 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_63 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 351 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_64 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 351 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_65 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 351 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_66 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 352 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_67 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 352 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_68 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 352 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_69 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 353 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_70 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 353 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_71 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 353 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_72 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 354 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_73 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 354 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_74 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 354 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_75 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 355 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_76 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 355 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_77 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 355 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_78 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 356 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_79 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 356 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_80 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 356 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_81 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 357 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_82 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 357 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_83 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 357 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_84 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 358 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_85 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 358 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_86 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 358 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_87 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 359 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_88 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 359 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_89 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 359 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_90 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 360 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_91 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 360 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_92 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 360 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_93 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 361 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_94 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 361 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_95 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 361 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_96 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 362 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_97 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 362 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_98 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 362 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_99 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 363 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_100 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 363 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_101 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 363 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_102 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 364 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_103 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 364 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_104 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 364 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_105 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 365 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_106 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 365 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_107 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 365 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_108 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 366 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_109 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 366 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_110 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 366 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_111 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 367 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_112 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 367 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_113 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 367 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_114 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 368 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_115 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 368 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_116 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 368 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_117 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 369 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_118 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 369 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_119 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 369 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_120 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 370 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_121 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 370 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_122 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 370 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_123 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 371 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_124 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 371 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_125 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 371 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_126 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 372 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_127 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 372 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_128 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 372 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_129 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 373 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_130 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 373 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_131 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 373 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_132 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 374 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_133 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 374 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_134 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 374 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_135 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 375 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_136 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 375 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_137 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 375 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_138 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 376 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_139 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 376 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_140 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 376 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_141 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 377 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_142 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 377 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_143 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 377 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_144 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 378 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_145 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 378 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_146 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 378 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_147 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 379 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_148 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 379 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_149 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 379 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_150 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 380 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_151 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 380 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_152 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 380 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_153 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 381 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_154 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 381 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_155 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 381 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_156 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 382 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_157 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 382 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_158 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 382 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_159 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 383 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_160 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 383 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_161 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 383 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_162 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 384 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_163 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 384 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_164 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 384 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_165 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 385 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_166 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 385 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_167 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 385 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_168 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 386 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_169 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 386 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_170 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 386 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_171 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 387 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_172 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 387 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_173 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 387 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_174 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 388 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_175 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 388 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_176 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 388 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_177 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 389 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_178 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 389 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_179 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 389 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_180 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 390 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_181 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 390 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_182 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 390 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_183 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 391 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_184 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 391 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_185 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 391 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_186 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 392 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_187 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 392 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_188 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 392 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_189 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 393 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_190 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 393 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_191 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 393 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_192 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 394 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_193 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 394 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_194 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 394 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_195 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 395 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_196 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 395 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_197 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 395 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_198 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 398 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_199 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 398 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_200 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 398 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_201 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 399 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_202 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 399 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_203 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 399 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_204 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 400 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_205 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 400 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_206 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 400 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_207 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 401 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_208 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 401 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_209 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 401 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_210 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 402 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_211 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 402 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_212 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 402 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_213 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 403 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_214 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 403 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_215 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 403 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_216 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 404 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_217 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 404 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_218 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 404 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_219 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 405 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_220 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 405 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_221 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 405 system/sepolicy/public/attributes
|
|
|
|
(neverallow base_typeattr_222 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/adbd.te
|
|
|
|
(neverallow base_typeattr_223 adbd (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/public/adbd.te
|
|
|
|
(neverallow base_typeattr_224 adbd (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allow adbd shell_test_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow adbd shell_test_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow adbd shell_test_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow apexd servicemanager (binder (call transfer)))
|
|
(allow servicemanager apexd (binder (call transfer)))
|
|
(allow servicemanager apexd (dir (search)))
|
|
(allow servicemanager apexd (file (read open)))
|
|
(allow servicemanager apexd (process (getattr)))
|
|
(allow apexd apex_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/apexd.te
|
|
|
|
(neverallow base_typeattr_225 apex_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/apexd.te
|
|
|
|
(neverallow base_typeattr_226 apex_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/public/apexd.te
|
|
|
|
(neverallow base_typeattr_227 apexd (binder (call)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/public/apexd.te
|
|
|
|
(neverallow domain apexd (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 20 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_228 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow base_typeattr_228 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
(neverallow base_typeattr_228 self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow base_typeattr_228 self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/public/app.te
|
|
|
|
(neverallow isolated_app graphics_device (chr_file (read write)))
|
|
(neverallow shell graphics_device (chr_file (read write)))
|
|
(neverallow untrusted_app graphics_device (chr_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 29 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_229 nfc_device (chr_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 31 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_230 hci_attach_dev (chr_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 32 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain tee_device (chr_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_231 domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow base_typeattr_231 domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow base_typeattr_231 domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow base_typeattr_231 domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow base_typeattr_231 domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 48 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_231 domain (netlink_kobject_uevent_socket (write append)))
|
|
;;* lme
|
|
|
|
;;* lmx 51 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain socket_device (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain adbd_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 55 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_232 rild_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 58 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain base_typeattr_233 (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_234 appdomain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 76 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain base_typeattr_233 (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 77 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 base_typeattr_233 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 86 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain base_typeattr_236 (process (sigkill sigstop signal)))
|
|
;;* lme
|
|
|
|
;;* lmx 90 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain rootfs (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain rootfs (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain rootfs (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain rootfs (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain rootfs (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain rootfs (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain rootfs (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 94 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain system_file_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_file_type (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_file_type (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_file_type (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_file_type (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_file_type (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_file_type (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 98 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain exec_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 105 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain system_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain system_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 109 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain drm_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain drm_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain drm_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain drm_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain drm_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain drm_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain drm_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 112 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_237 apk_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 115 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_237 apk_private_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 118 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_private_tmp_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 121 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 shell_data_file (file (create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_235 shell_data_file (dir (create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_235 shell_data_file (lnk_file (create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_235 shell_data_file (chr_file (create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_235 shell_data_file (blk_file (create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_235 shell_data_file (sock_file (create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_235 shell_data_file (fifo_file (create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 124 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_230 bluetooth_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_230 bluetooth_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_230 bluetooth_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_230 bluetooth_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_230 bluetooth_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_230 bluetooth_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_230 bluetooth_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 125 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_238 credstore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_238 credstore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow base_typeattr_238 credstore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_238 credstore_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_238 credstore_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_238 credstore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_238 credstore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 128 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain keystore_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain keystore_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain keystore_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain keystore_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain keystore_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain keystore_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain keystore_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 131 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain systemkeys_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain systemkeys_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain systemkeys_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain systemkeys_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain systemkeys_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain systemkeys_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain systemkeys_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 134 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain wifi_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain wifi_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain wifi_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain wifi_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain wifi_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain wifi_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain wifi_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 137 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain dhcp_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain dhcp_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain dhcp_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain dhcp_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain dhcp_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain dhcp_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow appdomain dhcp_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 142 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_237 apk_tmp_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_tmp_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_tmp_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_tmp_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_tmp_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_tmp_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
(neverallow base_typeattr_237 apk_tmp_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 145 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_239 apk_tmp_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_239 apk_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow base_typeattr_239 apk_tmp_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_tmp_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_239 apk_tmp_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_tmp_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_tmp_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_239 apk_private_tmp_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 147 system/sepolicy/public/app.te
|
|
|
|
(neverallow untrusted_app_all apk_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow untrusted_app_all apk_tmp_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_tmp_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_all apk_tmp_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_tmp_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_tmp_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow isolated_app_all apk_tmp_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_tmp_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all apk_tmp_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_tmp_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_tmp_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 148 system/sepolicy/public/app.te
|
|
|
|
(neverallow untrusted_app_all apk_tmp_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_all apk_private_tmp_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all apk_tmp_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all apk_private_tmp_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 151 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain efs_file (file (write)))
|
|
(neverallow appdomain efs_file (dir (write)))
|
|
(neverallow appdomain efs_file (lnk_file (write)))
|
|
(neverallow appdomain efs_file (chr_file (write)))
|
|
(neverallow appdomain efs_file (blk_file (write)))
|
|
(neverallow appdomain efs_file (sock_file (write)))
|
|
(neverallow appdomain efs_file (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 152 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 efs_file (file (read)))
|
|
(neverallow base_typeattr_235 efs_file (dir (read)))
|
|
(neverallow base_typeattr_235 efs_file (lnk_file (read)))
|
|
(neverallow base_typeattr_235 efs_file (chr_file (read)))
|
|
(neverallow base_typeattr_235 efs_file (blk_file (read)))
|
|
(neverallow base_typeattr_235 efs_file (sock_file (read)))
|
|
(neverallow base_typeattr_235 efs_file (fifo_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 156 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_240 sysfs (file (write)))
|
|
(neverallow base_typeattr_240 sysfs (dir (write)))
|
|
(neverallow base_typeattr_240 sysfs (lnk_file (write)))
|
|
(neverallow base_typeattr_240 sysfs (chr_file (write)))
|
|
(neverallow base_typeattr_240 sysfs (blk_file (write)))
|
|
(neverallow base_typeattr_240 sysfs (sock_file (write)))
|
|
(neverallow base_typeattr_240 sysfs (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 158 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain proc (file (write)))
|
|
(neverallow appdomain proc (dir (write)))
|
|
(neverallow appdomain proc (lnk_file (write)))
|
|
(neverallow appdomain proc (chr_file (write)))
|
|
(neverallow appdomain proc (blk_file (write)))
|
|
(neverallow appdomain proc (sock_file (write)))
|
|
(neverallow appdomain proc (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 161 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain kernel (system (syslog_read syslog_mod syslog_console)))
|
|
;;* lme
|
|
|
|
;;* lmx 164 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 base_typeattr_224 (security (compute_av check_context)))
|
|
;;* lme
|
|
|
|
;;* lmx 165 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 base_typeattr_224 (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 169 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain fs_type (filesystem (mount remount unmount relabelfrom relabelto associate quotamod quotaget watch)))
|
|
;;* lme
|
|
|
|
;;* lmx 180 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain dev_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow appdomain rootfs (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow appdomain tmpfs (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow appdomain system_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow appdomain apk_data_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow appdomain cache_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow appdomain cache_recovery_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 186 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 input_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 194 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_241 bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow base_typeattr_241 bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow base_typeattr_241 bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow base_typeattr_241 exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lme
|
|
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app nfc_prop (property_service (set)))
|
|
(allow system_app nfc_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app radio_control_prop (property_service (set)))
|
|
(allow system_app radio_control_prop (file (read getattr map open)))
|
|
;;* lmx 202 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain proc_uid_time_in_state (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 205 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain proc_uid_concurrent_active_time (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 208 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain proc_uid_concurrent_policy_time (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 211 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain proc_uid_cpupower (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 216 system/sepolicy/public/app.te
|
|
|
|
(neverallow base_typeattr_235 proc_net_tcp_udp (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 224 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain system_bootstrap_lib_file (file (read write append map execute open execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 226 system/sepolicy/public/app.te
|
|
|
|
(neverallow appdomain system_bootstrap_lib_file (dir (read getattr open search)))
|
|
;;* lme
|
|
|
|
(allow audioserver hal_audio_server (process (signal)))
|
|
(allow audioserver sensorservice_service (service_manager (find)))
|
|
(allow audioserver system_server (unix_stream_socket (read write)))
|
|
(allow bootanim servicemanager (binder (call transfer)))
|
|
(allow servicemanager bootanim (binder (call transfer)))
|
|
(allow servicemanager bootanim (dir (search)))
|
|
(allow servicemanager bootanim (file (read open)))
|
|
(allow servicemanager bootanim (process (getattr)))
|
|
(allow bootanim surfaceflinger (binder (call transfer)))
|
|
(allow surfaceflinger bootanim (binder (transfer)))
|
|
(allow bootanim surfaceflinger (fd (use)))
|
|
(allow bootanim audioserver (binder (call transfer)))
|
|
(allow audioserver bootanim (binder (transfer)))
|
|
(allow bootanim audioserver (fd (use)))
|
|
(allow bootanim hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager bootanim (binder (call transfer)))
|
|
(allow hwservicemanager bootanim (dir (search)))
|
|
(allow hwservicemanager bootanim (file (read map open)))
|
|
(allow hwservicemanager bootanim (process (getattr)))
|
|
(allow bootanim gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bootanim gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bootanim sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootanim oemfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bootanim bootanim_oem_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootanim audio_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bootanim audio_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bootanim audioserver_service (service_manager (find)))
|
|
(allow bootanim surfaceflinger_service (service_manager (find)))
|
|
(allow bootanim surfaceflinger (unix_stream_socket (read write)))
|
|
(allow bootanim ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bootanim dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootanim hal_graphics_allocator (fd (use)))
|
|
(allow bootanim hal_graphics_composer (fd (use)))
|
|
(allow bootanim proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootanim system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bootstat runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootstat bootstat_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow bootstat bootstat_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow bootstat metadata_file (dir (search)))
|
|
(allow bootstat metadata_bootstat_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow bootstat metadata_bootstat_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow bootstat pstorefs (dir (search)))
|
|
(allow bootstat pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootstat kernel (system (syslog_read)))
|
|
(allow bootstat logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow bootstat logdr_socket (sock_file (write)))
|
|
(allow bootstat logd (unix_stream_socket (connectto)))
|
|
(allow bootstat statsdw_socket (sock_file (write)))
|
|
(allow bootstat statsd (unix_dgram_socket (sendto)))
|
|
;;* lmx 32 system/sepolicy/public/bootstat.te
|
|
|
|
(neverallow base_typeattr_242 system_boot_reason_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (create bind)))
|
|
(allow bufferhubd pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
|
|
(allow bufferhubd self (process (setsockcreate)))
|
|
(allow bufferhubd pdx_bufferhub_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 8 system/sepolicy/public/bufferhubd.te
|
|
|
|
(neverallow base_typeattr_243 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (listen accept)))
|
|
;;* lme
|
|
|
|
(allow bufferhubd pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bufferhubd pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bufferhubd pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow bufferhubd pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow bufferhubd pdx_performance_client_server_type (fd (use)))
|
|
(allow pdx_performance_client_server_type bufferhubd (fd (use)))
|
|
(allow bufferhubd gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bufferhubd ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bufferhubd hal_omx_server (fd (use)))
|
|
(allow bufferhubd hal_codec2_server (fd (use)))
|
|
(allow camera_service_server fwk_camera_hwservice (hwservice_manager (add find)))
|
|
(allow camera_service_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 1 system/sepolicy/public/camera_service_server.te
|
|
|
|
(neverallow base_typeattr_244 fwk_camera_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow cameraserver servicemanager (binder (call transfer)))
|
|
(allow servicemanager cameraserver (binder (call transfer)))
|
|
(allow servicemanager cameraserver (dir (search)))
|
|
(allow servicemanager cameraserver (file (read open)))
|
|
(allow servicemanager cameraserver (process (getattr)))
|
|
(allow cameraserver binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain cameraserver (binder (transfer)))
|
|
(allow cameraserver binderservicedomain (fd (use)))
|
|
(allow cameraserver appdomain (binder (call transfer)))
|
|
(allow appdomain cameraserver (binder (transfer)))
|
|
(allow cameraserver appdomain (fd (use)))
|
|
(allow cameraserver ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow cameraserver dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow cameraserver hal_graphics_composer (fd (use)))
|
|
(allow cameraserver cameraserver_service (service_manager (add find)))
|
|
;;* lmx 21 system/sepolicy/public/cameraserver.te
|
|
|
|
(neverallow base_typeattr_245 cameraserver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow cameraserver fwk_camera_service (service_manager (add find)))
|
|
;;* lmx 22 system/sepolicy/public/cameraserver.te
|
|
|
|
(neverallow base_typeattr_245 fwk_camera_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow cameraserver fwk_camera_hwservice (hwservice_manager (add find)))
|
|
(allow cameraserver hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 23 system/sepolicy/public/cameraserver.te
|
|
|
|
(neverallow base_typeattr_245 fwk_camera_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow cameraserver activity_service (service_manager (find)))
|
|
(allow cameraserver appops_service (service_manager (find)))
|
|
(allow cameraserver audioserver_service (service_manager (find)))
|
|
(allow cameraserver batterystats_service (service_manager (find)))
|
|
(allow cameraserver cameraproxy_service (service_manager (find)))
|
|
(allow cameraserver mediaserver_service (service_manager (find)))
|
|
(allow cameraserver package_native_service (service_manager (find)))
|
|
(allow cameraserver permission_checker_service (service_manager (find)))
|
|
(allow cameraserver processinfo_service (service_manager (find)))
|
|
(allow cameraserver scheduling_policy_service (service_manager (find)))
|
|
(allow cameraserver sensor_privacy_service (service_manager (find)))
|
|
(allow cameraserver surfaceflinger_service (service_manager (find)))
|
|
(allow cameraserver hidl_token_hwservice (hwservice_manager (find)))
|
|
(allow cameraserver hal_camera_service (service_manager (find)))
|
|
(allow cameraserver virtual_camera_service (service_manager (find)))
|
|
(allow cameraserver surfaceflinger (unix_stream_socket (read write)))
|
|
;;* lmx 51 system/sepolicy/public/cameraserver.te
|
|
|
|
(neverallow cameraserver fs_type (file (execute_no_trans)))
|
|
(neverallow cameraserver file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 63 system/sepolicy/public/cameraserver.te
|
|
|
|
(neverallow cameraserver domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow cameraserver domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 64 system/sepolicy/public/cameraserver.te
|
|
|
|
(neverallow cameraserver domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
(allow cameraserver adbd (fd (use)))
|
|
(allow cameraserver adbd (unix_stream_socket (read write)))
|
|
(allow cameraserver shell (fd (use)))
|
|
(allow cameraserver shell (unix_stream_socket (read write)))
|
|
(allow cameraserver shell (fifo_file (read write)))
|
|
(allow cameraserver mediametrics_service (service_manager (find)))
|
|
(allow charger_type kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow charger_type rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type self (capability (sys_boot sys_tty_config)))
|
|
(allow charger_type self (cap_userns (sys_boot sys_tty_config)))
|
|
(allow charger_type sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow charger_type self (capability2 (block_suspend)))
|
|
(allow charger_type self (cap2_userns (block_suspend)))
|
|
(allow charger_type system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server charger_type (binder (transfer)))
|
|
(allow charger_type system_suspend_server (fd (use)))
|
|
(allow charger_type system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow charger_type hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager charger_type (binder (call transfer)))
|
|
(allow hwservicemanager charger_type (dir (search)))
|
|
(allow hwservicemanager charger_type (file (read map open)))
|
|
(allow hwservicemanager charger_type (process (getattr)))
|
|
(allow charger_type hwservicemanager_prop (file (read getattr map open)))
|
|
(allow charger_type hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow charger_type hal_system_suspend_service (service_manager (find)))
|
|
(allow charger_type servicemanager (binder (call transfer)))
|
|
(allow servicemanager charger_type (binder (call transfer)))
|
|
(allow servicemanager charger_type (dir (search)))
|
|
(allow servicemanager charger_type (file (read open)))
|
|
(allow servicemanager charger_type (process (getattr)))
|
|
(allow charger_type self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow charger_type sysfs_power (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow charger_type sysfs_batteryinfo (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type sysfs_batteryinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type sysfs_batteryinfo (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type pstorefs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type graphics_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow charger_type input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow charger_type input_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow charger_type tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow charger_type proc_sysrq (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit crash_dump self (capability (sys_ptrace)))
|
|
(dontaudit crash_dump self (cap_userns (sys_ptrace)))
|
|
(allow crash_dump domain (fd (use)))
|
|
(allow crash_dump domain (fifo_file (read write)))
|
|
(allow crash_dump domain (fifo_file (append)))
|
|
(allow crash_dump domain (process (getattr)))
|
|
(allow crash_dump domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow crash_dump domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump exec_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump dalvikcache_data_file (dir (getattr search)))
|
|
(allow crash_dump dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump apex_module_data_file (dir (getattr search)))
|
|
(allow crash_dump proc_uptime (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow crash_dump apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump vendor_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow crash_dump same_process_hal_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow crash_dump vendor_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump vendor_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump same_process_hal_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump same_process_hal_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump shell_test_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow crash_dump shell_test_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump shell_test_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump tombstoned_crash_socket (sock_file (write)))
|
|
(allow crash_dump tombstoned (unix_stream_socket (connectto)))
|
|
(allow crash_dump system_ndebug_socket (sock_file (write)))
|
|
(allow crash_dump system_server (unix_stream_socket (connectto)))
|
|
(allow crash_dump anr_data_file (file (getattr append)))
|
|
(allow crash_dump tombstone_data_file (file (getattr append)))
|
|
(allow crash_dump logdr_socket (sock_file (write)))
|
|
(allow crash_dump logd (unix_stream_socket (connectto)))
|
|
(dontaudit crash_dump core_data_file_type (dir (search)))
|
|
(dontaudit crash_dump vendor_file_type (dir (search)))
|
|
(dontaudit crash_dump system_data_file (file (read)))
|
|
(dontaudit crash_dump system_data_file (lnk_file (read)))
|
|
(dontaudit crash_dump property_type (file (read)))
|
|
;;* lmx 80 system/sepolicy/public/crash_dump.te
|
|
|
|
(neverallow domain crash_dump_exec (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow credstore servicemanager (binder (call transfer)))
|
|
(allow servicemanager credstore (binder (call transfer)))
|
|
(allow servicemanager credstore (dir (search)))
|
|
(allow servicemanager credstore (file (read open)))
|
|
(allow servicemanager credstore (process (getattr)))
|
|
(allow credstore system_server (binder (call transfer)))
|
|
(allow system_server credstore (binder (transfer)))
|
|
(allow credstore system_server (fd (use)))
|
|
(allow credstore credstore_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow credstore credstore_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow credstore credstore_service (service_manager (add find)))
|
|
;;* lmx 12 system/sepolicy/public/credstore.te
|
|
|
|
(neverallow base_typeattr_246 credstore_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow credstore sec_key_att_app_id_provider_service (service_manager (find)))
|
|
(allow credstore dropbox_service (service_manager (find)))
|
|
(allow credstore authorization_service (service_manager (find)))
|
|
(allow credstore keystore (keystore2 (get_auth_token)))
|
|
(allow credstore cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow credstore cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow credstore cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow credstore cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow credstore cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow credstore cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dhcp cgroup (dir (write create add_name)))
|
|
(allow dhcp cgroup_v2 (dir (write create add_name)))
|
|
(allow dhcp self (capability (setgid setuid net_bind_service net_admin net_raw)))
|
|
(allow dhcp self (cap_userns (setgid setuid net_bind_service net_admin net_raw)))
|
|
(allow dhcp self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow dhcp self (netlink_route_socket (nlmsg_write)))
|
|
(allow dhcp shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dhcp system_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dhcp toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dhcp proc_net_type (file (write)))
|
|
(allow dhcp dhcp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow dhcp dhcp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow dhcp netd (fd (use)))
|
|
(allow dhcp netd (fifo_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow dhcp netd (udp_socket (read write)))
|
|
(allow dhcp netd (unix_stream_socket (read write)))
|
|
(allow dhcp netd (unix_dgram_socket (read write)))
|
|
(allow dhcp netd (netlink_route_socket (read write)))
|
|
(allow dhcp netd (netlink_nflog_socket (read write)))
|
|
(allow dhcp netd (netlink_kobject_uevent_socket (read write)))
|
|
(allow display_service_server fwk_display_hwservice (hwservice_manager (add find)))
|
|
(allow display_service_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 1 system/sepolicy/public/display_service_server.te
|
|
|
|
(neverallow base_typeattr_247 fwk_display_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allowx dnsmasq self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx dnsmasq self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx dnsmasq self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow dnsmasq self (capability (dac_override dac_read_search)))
|
|
(allow dnsmasq self (cap_userns (dac_override dac_read_search)))
|
|
(allow dnsmasq self (capability (setgid setuid net_bind_service net_admin net_raw)))
|
|
(allow dnsmasq self (cap_userns (setgid setuid net_bind_service net_admin net_raw)))
|
|
(allow dnsmasq dhcp_data_file (dir (write lock open add_name remove_name search)))
|
|
(allow dnsmasq dhcp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow dnsmasq netd (fd (use)))
|
|
(allow dnsmasq netd (fifo_file (read write getattr)))
|
|
(allow dnsmasq netd (netlink_kobject_uevent_socket (read write)))
|
|
(allow dnsmasq netd (netlink_nflog_socket (read write)))
|
|
(allow dnsmasq netd (netlink_route_socket (read write)))
|
|
(allow dnsmasq netd (unix_stream_socket (read write getattr)))
|
|
(allow dnsmasq netd (unix_dgram_socket (read write)))
|
|
(allow dnsmasq netd (udp_socket (read write)))
|
|
(allow domain init (process (sigchld)))
|
|
(allow domain self (process (fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit)))
|
|
(allow domain self (fd (use)))
|
|
(allow domain proc (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain proc_net_type (dir (search)))
|
|
(allow domain self (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain self (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain self (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain self (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain self (fifo_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain self (unix_dgram_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown sendto)))
|
|
(allow domain self (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown connectto)))
|
|
(allow domain init (fd (use)))
|
|
(allow domain device_config_aconfig_flags_prop (file (read getattr map open)))
|
|
(allow domain tmpfs (dir (getattr search)))
|
|
(allow domain rootfs (dir (search)))
|
|
(allow domain rootfs (lnk_file (read getattr)))
|
|
(allow domain device (dir (search)))
|
|
(allow domain dev_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain devpts (dir (search)))
|
|
(allow domain dmabuf_heap_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain socket_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain owntty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain null_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain zero_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain ashmem_device (chr_file (ioctl read write getattr lock append map)))
|
|
(allow domain ashmem_libcutils_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_248 binder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_248 servicemanager_prop (file (read getattr map open)))
|
|
(allowx domain binder_device (ioctl chr_file (0x6201 0x6203 (range 0x6205 0x6209) (range 0x620b 0x620d) (range 0x6210 0x6211))))
|
|
(allow domain binderfs (dir (getattr search)))
|
|
(allow domain binderfs_logs_proc (dir (search)))
|
|
(allow domain binderfs_features (dir (search)))
|
|
(allow domain binderfs_features (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_249 hwbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain ptmx_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain random_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow domain proc_random (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain proc_random (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain properties_device (dir (getattr search)))
|
|
(allow domain properties_serial (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain property_info (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain log_property_type (file (read getattr map open)))
|
|
(dontaudit domain property_type (file (audit_access)))
|
|
(allow domain property_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain init (key (search)))
|
|
(allow domain vold (key (search)))
|
|
(allow domain logdw_socket (sock_file (write)))
|
|
(allow domain logd (unix_dgram_socket (sendto)))
|
|
(allow domain pmsg_device (chr_file (write lock append map open)))
|
|
(allow domain system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain system_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain system_seccomp_policy_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain system_security_cacerts_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain system_file (lnk_file (read getattr)))
|
|
(allow domain system_seccomp_policy_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain system_security_cacerts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain system_group_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain system_passwd_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain system_linker_exec (file (read getattr map execute open)))
|
|
(allow domain system_linker_config_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain system_lib_file (file (read getattr map execute open)))
|
|
(allow domain system_linker_exec (lnk_file (read getattr open)))
|
|
(allow domain system_lib_file (lnk_file (read getattr open)))
|
|
(allow domain system_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain system_file (file (read getattr map execute open)))
|
|
(allow coredomain system_file (file (read getattr map execute open)))
|
|
(allow domain vendor_hal_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain same_process_hal_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_250 same_process_hal_file (file (read getattr map execute open)))
|
|
(allow domain vndk_sp_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain vndk_sp_file (file (read getattr map execute open)))
|
|
(allow domain vendor_configs_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain vendor_configs_file (file (read getattr map open)))
|
|
(allow domain vendor_file_type (lnk_file (read getattr open)))
|
|
(allow domain vendor_file (dir (getattr search)))
|
|
(allow base_typeattr_250 vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_250 vendor_file_type (file (read getattr map execute open)))
|
|
(allow base_typeattr_250 vendor_file_type (lnk_file (read getattr)))
|
|
(allow domain sysfs (lnk_file (read getattr)))
|
|
(allow domain system_zoneinfo_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain system_zoneinfo_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain sysfs_devices_system_cpu (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain sysfs_devices_system_cpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_devices_system_cpu (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_usb (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain sysfs_usb (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_usb (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_transparent_hugepage (dir (search)))
|
|
(allow domain sysfs_transparent_hugepage (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain system_data_file (dir (getattr)))
|
|
(allow coredomain system_data_file (dir (getattr)))
|
|
(allow domain system_data_root_file (dir (getattr search)))
|
|
(allow domain system_data_file (dir (search)))
|
|
(allow appdomain system_userdir_file (dir (getattr search)))
|
|
(allow coredomain system_userdir_file (dir (getattr search)))
|
|
(allow appdomain media_userdir_file (dir (search)))
|
|
(allow coredomain media_userdir_file (dir (search)))
|
|
(allow domain vendor_userdir_file (dir (getattr search)))
|
|
(allow domain vendor_data_file (dir (getattr search)))
|
|
(allow domain proc (lnk_file (read getattr)))
|
|
(allow domain proc_cpuinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain dev_cpu_variant (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain proc_perf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain selinuxfs (dir (search)))
|
|
(allow domain selinuxfs (file (getattr)))
|
|
(allow domain sysfs (dir (search)))
|
|
(allow domain selinuxfs (filesystem (getattr)))
|
|
(allow domain debugfs (dir (search)))
|
|
(allow domain debugfs_tracing (dir (search)))
|
|
(allow domain debugfs_tracing_debug (dir (search)))
|
|
(allow domain debugfs_trace_marker (file (write lock append map open)))
|
|
(allow domain self (lockdown (integrity confidentiality)))
|
|
(allow domain fs_type (filesystem (getattr)))
|
|
(allow domain fs_type (dir (getattr)))
|
|
(allowx domain domain (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl icmp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl tcp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx domain domain (ioctl udp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx domain domain (ioctl rawip_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx domain domain (ioctl icmp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx domain domain (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx domain domain (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx domain domain (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx domain domain (ioctl icmp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx domain domain (ioctl unix_stream_socket (0x5401 0x5411 (range 0x5413 0x5414) 0x541b (range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl unix_dgram_socket (0x5401 0x5411 (range 0x5413 0x5414) 0x541b (range 0x5450 0x5451))))
|
|
(allowx domain pdx_channel_socket_type (ioctl unix_stream_socket (0x5401 0x5411 (range 0x5413 0x5414) 0x541b (range 0x5450 0x5451))))
|
|
(allowx domain pdx_channel_socket_type (ioctl unix_dgram_socket (0x5401 0x5411 (range 0x5413 0x5414) 0x541b (range 0x5450 0x5451))))
|
|
(allowx domain devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx domain dev_type (ioctl file ((range 0x5450 0x5451))))
|
|
(allowx domain dev_type (ioctl dir ((range 0x5450 0x5451))))
|
|
(allowx domain dev_type (ioctl lnk_file ((range 0x5450 0x5451))))
|
|
(allowx domain dev_type (ioctl blk_file ((range 0x5450 0x5451))))
|
|
(allowx domain dev_type (ioctl sock_file ((range 0x5450 0x5451))))
|
|
(allowx domain dev_type (ioctl fifo_file ((range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl file ((range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl dir ((range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl lnk_file ((range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl blk_file ((range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl sock_file ((range 0x5450 0x5451))))
|
|
(allowx domain domain (ioctl fifo_file ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl file ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl dir ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl lnk_file ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl blk_file ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl sock_file ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl fifo_file ((range 0x5450 0x5451))))
|
|
(allowx domain file_type (ioctl file ((range 0x5450 0x5451))))
|
|
(allowx domain file_type (ioctl dir ((range 0x5450 0x5451))))
|
|
(allowx domain file_type (ioctl lnk_file ((range 0x5450 0x5451))))
|
|
(allowx domain file_type (ioctl blk_file ((range 0x5450 0x5451))))
|
|
(allowx domain file_type (ioctl sock_file ((range 0x5450 0x5451))))
|
|
(allowx domain file_type (ioctl fifo_file ((range 0x5450 0x5451))))
|
|
(allowx domain tun_device (ioctl chr_file ((range 0x5450 0x5451))))
|
|
(allowx domain fs_type (ioctl file (0x5401)))
|
|
(allowx domain file_type (ioctl file (0x5401)))
|
|
(allowx domain domain (ioctl fifo_file (0x5401)))
|
|
(allowx domain dev_type (ioctl blk_file (0x1268 0x1272)))
|
|
(allowx domain file_type (ioctl file ((range 0xf501 0xf502) 0xf505 (range 0xf50c 0xf50e))))
|
|
(allowx domain sdcard_type (ioctl file ((range 0xf501 0xf502) 0xf505 (range 0xf50c 0xf50e))))
|
|
(allow base_typeattr_251 hwservice_manager_type (hwservice_manager (add find)))
|
|
(allow base_typeattr_251 vndservice_manager_type (service_manager (add find)))
|
|
(allow domain apex_mnt_dir (dir (getattr search)))
|
|
(allow domain apex_mnt_dir (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain device_config_media_native_prop (file (read getattr map open)))
|
|
(allow domain aconfig_storage_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 357 system/sepolicy/public/domain.te
|
|
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl file (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl dir (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl lnk_file (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl blk_file (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl sock_file (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl fifo_file (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl tcp_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl udp_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl rawip_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl packet_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl key_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl unix_stream_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl unix_dgram_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_route_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_tcpdiag_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_nflog_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_xfrm_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_selinux_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_audit_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_dnrt_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_kobject_uevent_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl appletalk_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl tun_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_iscsi_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_fib_lookup_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_connector_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_netfilter_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_generic_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_scsitransport_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_rdma_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netlink_crypto_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl sctp_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl icmp_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl ax25_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl ipx_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl netrom_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl atmpvc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl x25_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl rose_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl decnet_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl atmsvc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl rds_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl irda_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl pppox_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl llc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl can_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl tipc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl bluetooth_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl iucv_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl rxrpc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl isdn_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl phonet_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl ieee802154_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl caif_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl alg_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl nfc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl vsock_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl kcm_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl qipcrtr_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl smc_socket (0x0)))
|
|
(neverallowx base_typeattr_224 base_typeattr_224 (ioctl xdp_socket (0x0)))
|
|
;;* lme
|
|
|
|
;;* lmx 361 system/sepolicy/public/domain.te
|
|
|
|
(neverallowx domain domain (ioctl socket (0x8905)))
|
|
(neverallowx domain domain (ioctl tcp_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl udp_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl rawip_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl packet_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl key_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl unix_stream_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl unix_dgram_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_route_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_tcpdiag_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_nflog_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_xfrm_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_selinux_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_audit_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_dnrt_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_kobject_uevent_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl appletalk_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl tun_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_iscsi_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_fib_lookup_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_connector_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_netfilter_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_generic_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_scsitransport_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_rdma_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netlink_crypto_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl sctp_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl icmp_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl ax25_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl ipx_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl netrom_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl atmpvc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl x25_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl rose_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl decnet_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl atmsvc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl rds_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl irda_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl pppox_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl llc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl can_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl tipc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl bluetooth_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl iucv_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl rxrpc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl isdn_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl phonet_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl ieee802154_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl caif_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl alg_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl nfc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl vsock_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl kcm_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl qipcrtr_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl smc_socket (0x8905)))
|
|
(neverallowx domain domain (ioctl xdp_socket (0x8905)))
|
|
;;* lme
|
|
|
|
;;* lmx 366 system/sepolicy/public/domain.te
|
|
|
|
(neverallowx base_typeattr_224 devpts (ioctl chr_file (0x5412)))
|
|
;;* lme
|
|
|
|
;;* lmx 369 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_252 unlabeled (file (create)))
|
|
(neverallow base_typeattr_252 unlabeled (dir (create)))
|
|
(neverallow base_typeattr_252 unlabeled (lnk_file (create)))
|
|
(neverallow base_typeattr_252 unlabeled (chr_file (create)))
|
|
(neverallow base_typeattr_252 unlabeled (blk_file (create)))
|
|
(neverallow base_typeattr_252 unlabeled (sock_file (create)))
|
|
(neverallow base_typeattr_252 unlabeled (fifo_file (create)))
|
|
;;* lme
|
|
|
|
;;* lmx 378 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_253 self (capability (mknod)))
|
|
(neverallow base_typeattr_253 self (cap_userns (mknod)))
|
|
;;* lme
|
|
|
|
;;* lmx 381 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 self (memprotect (mmap_zero)))
|
|
;;* lme
|
|
|
|
;;* lmx 384 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 self (capability2 (mac_override)))
|
|
(neverallow base_typeattr_224 self (cap2_userns (mac_override)))
|
|
;;* lme
|
|
|
|
;;* lmx 389 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 self (capability2 (mac_admin)))
|
|
(neverallow base_typeattr_224 self (cap2_userns (mac_admin)))
|
|
;;* lme
|
|
|
|
;;* lmx 393 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 kernel (security (load_policy)))
|
|
;;* lme
|
|
|
|
;;* lmx 399 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 kernel (security (setenforce)))
|
|
;;* lme
|
|
|
|
;;* lmx 400 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_254 kernel (security (setcheckreqprot)))
|
|
;;* lme
|
|
|
|
;;* lmx 403 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 kernel (security (setbool)))
|
|
;;* lme
|
|
|
|
;;* lmx 408 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 kernel (security (setsecparam)))
|
|
;;* lme
|
|
|
|
;;* lmx 416 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_255 hw_random_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 422 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_256 keychord_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 425 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_257 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(dontaudit domain postinstall_mnt_dir (dir (audit_access)))
|
|
;;* lmx 437 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_256 port_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 438 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 port_device (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 441 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 usermodehelper (file (write append)))
|
|
;;* lme
|
|
|
|
;;* lmx 442 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_258 sysfs_usermodehelper (file (write append)))
|
|
;;* lme
|
|
|
|
;;* lmx 443 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 proc_security (file (read write append open)))
|
|
;;* lme
|
|
|
|
;;* lmx 447 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 init (binder (impersonate call set_context_mgr transfer)))
|
|
;;* lme
|
|
|
|
;;* lmx 448 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 vendor_init (binder (impersonate call set_context_mgr transfer)))
|
|
;;* lme
|
|
|
|
;;* lmx 451 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_260 binderfs_logs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_260 binderfs_logs_proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 452 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_261 binderfs_logs_stats (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 456 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_262 block_device (blk_file (read write open)))
|
|
;;* lme
|
|
|
|
;;* lmx 461 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_224 (chr_file (rename)))
|
|
(neverallow base_typeattr_224 base_typeattr_224 (blk_file (rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 465 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain device (chr_file (read write open)))
|
|
;;* lme
|
|
|
|
;;* lmx 468 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain cache_file (file (execute)))
|
|
(neverallow domain cache_backup_file (file (execute)))
|
|
(neverallow domain cache_private_backup_file (file (execute)))
|
|
(neverallow domain cache_recovery_file (file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 471 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain nativetest_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain nativetest_data_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain nativetest_data_file (chr_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain nativetest_data_file (blk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain nativetest_data_file (sock_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain nativetest_data_file (fifo_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 472 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain nativetest_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 473 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain nativetest_data_file (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 475 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_263 shell_test_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow base_typeattr_263 shell_test_data_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow base_typeattr_263 shell_test_data_file (chr_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow base_typeattr_263 shell_test_data_file (blk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow base_typeattr_263 shell_test_data_file (sock_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow base_typeattr_263 shell_test_data_file (fifo_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 476 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_263 shell_test_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 477 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_264 shell_test_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 478 system/sepolicy/public/domain.te
|
|
|
|
(neverallow heapprofd shell_test_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 479 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_263 shell_test_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 482 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 property_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 483 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 property_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 484 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 property_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 485 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 properties_device (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 486 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 properties_serial (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 500 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain exec_type (file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain exec_type (dir (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain exec_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain exec_type (chr_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain exec_type (blk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain exec_type (sock_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain exec_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (dir (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (chr_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (blk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (sock_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain system_file_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (dir (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (chr_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (blk_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (sock_file (write create setattr relabelfrom append unlink link rename)))
|
|
(neverallow domain vendor_file_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 502 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_254 exec_type (file (relabelto)))
|
|
(neverallow base_typeattr_254 exec_type (dir (relabelto)))
|
|
(neverallow base_typeattr_254 exec_type (lnk_file (relabelto)))
|
|
(neverallow base_typeattr_254 exec_type (chr_file (relabelto)))
|
|
(neverallow base_typeattr_254 exec_type (blk_file (relabelto)))
|
|
(neverallow base_typeattr_254 exec_type (sock_file (relabelto)))
|
|
(neverallow base_typeattr_254 exec_type (fifo_file (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (file (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (dir (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (lnk_file (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (chr_file (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (blk_file (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (sock_file (relabelto)))
|
|
(neverallow base_typeattr_254 system_file_type (fifo_file (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (file (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (dir (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (lnk_file (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (chr_file (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (blk_file (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (sock_file (relabelto)))
|
|
(neverallow base_typeattr_254 vendor_file_type (fifo_file (relabelto)))
|
|
;;* lme
|
|
|
|
;;* lmx 505 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 exec_type (file (mounton)))
|
|
(neverallow base_typeattr_224 exec_type (dir (mounton)))
|
|
(neverallow base_typeattr_224 exec_type (lnk_file (mounton)))
|
|
(neverallow base_typeattr_224 exec_type (chr_file (mounton)))
|
|
(neverallow base_typeattr_224 exec_type (blk_file (mounton)))
|
|
(neverallow base_typeattr_224 exec_type (sock_file (mounton)))
|
|
(neverallow base_typeattr_224 exec_type (fifo_file (mounton)))
|
|
;;* lme
|
|
|
|
;;* lmx 508 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 rootfs (file (write create setattr relabelto append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 512 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_265 (filesystem (relabelto)))
|
|
;;* lme
|
|
|
|
;;* lmx 518 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 contextmount_type (file (create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow base_typeattr_224 contextmount_type (dir (create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow base_typeattr_224 contextmount_type (lnk_file (create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow base_typeattr_224 contextmount_type (chr_file (create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow base_typeattr_224 contextmount_type (blk_file (create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow base_typeattr_224 contextmount_type (sock_file (create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow base_typeattr_224 contextmount_type (fifo_file (create setattr relabelfrom relabelto append link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 519 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain contextmount_type (file (write unlink)))
|
|
(neverallow domain contextmount_type (dir (write unlink)))
|
|
(neverallow domain contextmount_type (lnk_file (write unlink)))
|
|
(neverallow domain contextmount_type (chr_file (write unlink)))
|
|
(neverallow domain contextmount_type (blk_file (write unlink)))
|
|
(neverallow domain contextmount_type (sock_file (write unlink)))
|
|
(neverallow domain contextmount_type (fifo_file (write unlink)))
|
|
;;* lme
|
|
|
|
;;* lmx 526 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 default_android_service (service_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 527 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 default_android_vndservice (service_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 528 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 default_android_hwservice (hwservice_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 537 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 hidl_base_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 541 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 mmc_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 542 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 vndk_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 544 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 mmc_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 544 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 exported_default_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 544 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 exported_secure_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 544 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 vendor_default_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 544 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 storage_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 544 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_259 hw_timeout_multiplier_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 553 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_266 exported_pm_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 553 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_267 exported_pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 559 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_260 future_pm_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 560 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_260 future_pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit domain future_pm_prop (file (read)))
|
|
;;* lmx 566 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 aac_drc_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 567 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 build_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 568 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 userdebug_or_eng_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 589 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_268 serialno_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 597 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_269 frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 611 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_270 metadata_block_device (blk_file (ioctl read write lock append link rename open)))
|
|
;;* lme
|
|
|
|
;;* lmx 621 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_271 system_block_device (blk_file (write append)))
|
|
;;* lme
|
|
|
|
;;* lmx 624 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_272 base_typeattr_224 (binder (set_context_mgr)))
|
|
;;* lme
|
|
|
|
;;* lmx 626 system/sepolicy/public/domain.te
|
|
|
|
(neverallow servicemanager hwbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 627 system/sepolicy/public/domain.te
|
|
|
|
(neverallow servicemanager vndbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 628 system/sepolicy/public/domain.te
|
|
|
|
(neverallow hwservicemanager binder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 629 system/sepolicy/public/domain.te
|
|
|
|
(neverallow hwservicemanager vndbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 630 system/sepolicy/public/domain.te
|
|
|
|
(neverallow vndservicemanager binder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 631 system/sepolicy/public/domain.te
|
|
|
|
(neverallow vndservicemanager hwbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 633 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_273 base_typeattr_274 (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 670 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_275 vndbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 678 system/sepolicy/public/domain.te
|
|
|
|
(neverallow ueventd vndbinder_device (chr_file (ioctl read write append)))
|
|
;;* lme
|
|
|
|
;;* lmx 681 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_276 vndservice_manager_type (service_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 688 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_276 vndservicemanager (binder (impersonate call set_context_mgr transfer)))
|
|
;;* lme
|
|
|
|
;;* lmx 705 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_277 base_typeattr_278 (socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (tcp_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (udp_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (rawip_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (packet_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (key_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (unix_stream_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (unix_dgram_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_route_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_tcpdiag_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_nflog_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_xfrm_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_selinux_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_audit_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_dnrt_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_kobject_uevent_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (appletalk_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (tun_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_iscsi_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_fib_lookup_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_connector_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_netfilter_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_generic_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_scsitransport_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_rdma_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netlink_crypto_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (sctp_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (icmp_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (ax25_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (ipx_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (netrom_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (atmpvc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (x25_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (rose_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (decnet_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (atmsvc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (rds_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (irda_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (pppox_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (llc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (can_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (tipc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (bluetooth_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (iucv_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (rxrpc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (isdn_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (phonet_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (ieee802154_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (caif_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (alg_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (nfc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (vsock_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (kcm_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (qipcrtr_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (smc_socket (connect sendto)))
|
|
(neverallow base_typeattr_277 base_typeattr_278 (xdp_socket (connect sendto)))
|
|
;;* lme
|
|
|
|
;;* lmx 705 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_277 base_typeattr_278 (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 718 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_279 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_279 coredomain_socket (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_279 unlabeled (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 732 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_273 base_typeattr_280 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 748 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_281 base_typeattr_282 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 772 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_283 base_typeattr_284 (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_283 base_typeattr_284 (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_283 base_typeattr_284 (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_283 base_typeattr_284 (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_283 base_typeattr_284 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_283 base_typeattr_284 (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 787 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_283 base_typeattr_285 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 804 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_286 core_data_file_type (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_286 core_data_file_type (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_286 core_data_file_type (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_286 core_data_file_type (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_286 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_286 core_data_file_type (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 804 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_287 base_typeattr_288 (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_287 base_typeattr_288 (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_287 base_typeattr_288 (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_287 base_typeattr_288 (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_287 base_typeattr_288 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_287 base_typeattr_288 (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 804 system/sepolicy/public/domain.te
|
|
|
|
(neverallow vendor_init unencrypted_data_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 828 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_286 base_typeattr_289 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 828 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_287 base_typeattr_290 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 828 system/sepolicy/public/domain.te
|
|
|
|
(neverallow vendor_init unencrypted_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 860 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_291 system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 872 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_292 vendor_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 885 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_293 vendor_data_file (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_293 vendor_data_file (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_293 vendor_data_file (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_293 vendor_data_file (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_293 vendor_data_file (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_293 vendor_data_file (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 896 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_294 vendor_shell_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 907 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_295 base_typeattr_296 (file (execute execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 929 system/sepolicy/public/domain.te
|
|
|
|
(neverallow coredomain base_typeattr_297 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 929 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_250 base_typeattr_298 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 946 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_299 base_typeattr_300 (file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 965 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_301 base_typeattr_302 (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 976 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_295 base_typeattr_303 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 1013 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_304 zygote (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 1014 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_305 zygote_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 1016 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_306 webview_zygote (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 1017 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_305 webview_zygote (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 1018 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_305 app_zygote (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 1020 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain tombstoned_crash_socket (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 1024 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_307 tombstoned_intercept_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 1025 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_307 tombstoned_intercept_socket (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 1028 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_308 heapdump_data_file (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 1046 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_224 (sem (create destroy getattr setattr read write associate unix_read unix_write)))
|
|
(neverallow base_typeattr_224 base_typeattr_224 (msg (send receive)))
|
|
(neverallow base_typeattr_224 base_typeattr_224 (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
|
|
(neverallow base_typeattr_224 base_typeattr_224 (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
|
|
;;* lme
|
|
|
|
;;* lmx 1050 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 dev_type (lnk_file (mounton)))
|
|
(neverallow base_typeattr_224 dev_type (sock_file (mounton)))
|
|
(neverallow base_typeattr_224 dev_type (fifo_file (mounton)))
|
|
(neverallow base_typeattr_224 fs_type (lnk_file (mounton)))
|
|
(neverallow base_typeattr_224 fs_type (sock_file (mounton)))
|
|
(neverallow base_typeattr_224 fs_type (fifo_file (mounton)))
|
|
(neverallow base_typeattr_224 file_type (lnk_file (mounton)))
|
|
(neverallow base_typeattr_224 file_type (sock_file (mounton)))
|
|
(neverallow base_typeattr_224 file_type (fifo_file (mounton)))
|
|
;;* lme
|
|
|
|
;;* lmx 1055 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain su_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1067 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_309 (file (execmod)))
|
|
;;* lme
|
|
|
|
;;* lmx 1072 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 self (process (execstack execheap)))
|
|
;;* lme
|
|
|
|
;;* lmx 1076 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_310 file_type (file (execmod)))
|
|
;;* lme
|
|
|
|
;;* lmx 1078 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_223 proc (file (mounton)))
|
|
(neverallow base_typeattr_223 proc (dir (mounton)))
|
|
;;* lme
|
|
|
|
;;* lmx 1079 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_311 proc_type (file (mounton)))
|
|
(neverallow base_typeattr_311 proc_type (dir (mounton)))
|
|
;;* lme
|
|
|
|
;;* lmx 1087 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_312 domain (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 1106 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_313 system_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 1109 system/sepolicy/public/domain.te
|
|
|
|
(neverallow installd system_data_file (file (write create setattr relabelto append link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 1122 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_314 shell (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 1129 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_315 base_typeattr_316 (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 1138 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_317 app_data_file (lnk_file (read)))
|
|
(neverallow base_typeattr_317 privapp_data_file (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 1145 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_318 shell_data_file (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 1152 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_319 (service_manager (list)))
|
|
;;* lme
|
|
|
|
;;* lmx 1157 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_320 (hwservice_manager (list)))
|
|
;;* lme
|
|
|
|
;;* lmx 1176 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 domain (file (execute execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 1182 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_260 debugfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_260 debugfs (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1185 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain debugfs_type (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1188 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_321 fusectlfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1197 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_322 profman_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1203 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_323 (system (module_load)))
|
|
;;* lme
|
|
|
|
;;* lmx 1207 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 self (capability (setfcap)))
|
|
(neverallow base_typeattr_224 self (cap_userns (setfcap)))
|
|
;;* lme
|
|
|
|
;;* lmx 1210 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain crash_dump (process (noatsecure)))
|
|
;;* lme
|
|
|
|
;;* lmx 1214 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_324 coredomain_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 1219 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_224 same_process_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 1230 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain proc_type (dir (write create link rename add_name remove_name reparent rmdir)))
|
|
(neverallow domain sysfs_type (dir (write create link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1233 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain cgroup (file (create)))
|
|
;;* lme
|
|
|
|
;;* lmx 1234 system/sepolicy/public/domain.te
|
|
|
|
(neverallow domain cgroup_v2 (file (create)))
|
|
;;* lme
|
|
|
|
(dontaudit domain proc_type (dir (write)))
|
|
(dontaudit domain sysfs_type (dir (write)))
|
|
(dontaudit domain cgroup (file (create)))
|
|
(dontaudit domain cgroup_v2 (file (create)))
|
|
;;* lmx 1257 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_325 mnt_vendor_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1260 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_326 vendor_public_lib_file (file (execute execute_no_trans)))
|
|
(neverallow base_typeattr_326 vendor_public_framework_file (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1271 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_250 mnt_product_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1274 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_327 sysfs_batteryinfo (file (read open)))
|
|
;;* lme
|
|
|
|
;;* lmx 1297 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_328 hal_codec2_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 1306 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_329 ashmem_device (chr_file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 1308 system/sepolicy/public/domain.te
|
|
|
|
(neverallow base_typeattr_330 debugfs_tracing_printk_formats (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow drmserver servicemanager (binder (call transfer)))
|
|
(allow servicemanager drmserver (binder (call transfer)))
|
|
(allow servicemanager drmserver (dir (search)))
|
|
(allow servicemanager drmserver (file (read open)))
|
|
(allow servicemanager drmserver (process (getattr)))
|
|
(allow drmserver system_server (binder (call transfer)))
|
|
(allow system_server drmserver (binder (transfer)))
|
|
(allow drmserver system_server (fd (use)))
|
|
(allow drmserver appdomain (binder (call transfer)))
|
|
(allow appdomain drmserver (binder (transfer)))
|
|
(allow drmserver appdomain (fd (use)))
|
|
(allow drmserver mediametrics (binder (call transfer)))
|
|
(allow mediametrics drmserver (binder (transfer)))
|
|
(allow drmserver mediametrics (fd (use)))
|
|
(allow drmserver system_server (fd (use)))
|
|
(allow drmserver mediaserver (binder (call transfer)))
|
|
(allow mediaserver drmserver (binder (transfer)))
|
|
(allow drmserver mediaserver (fd (use)))
|
|
(allow drmserver sdcard_type (dir (search)))
|
|
(allow drmserver fuse (dir (search)))
|
|
(allow drmserver drm_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow drmserver drm_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow drmserver app_data_file (file (read write getattr map)))
|
|
(allow drmserver privapp_data_file (file (read write getattr map)))
|
|
(allow drmserver sdcard_type (file (read write getattr map)))
|
|
(allow drmserver fuse (file (read write getattr map)))
|
|
(allow drmserver efs_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow drmserver efs_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver efs_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver apk_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(auditallow drmserver apk_data_file (dir (write add_name)))
|
|
(allow drmserver drmserver_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(auditallow drmserver drmserver_socket (sock_file (create)))
|
|
(allow drmserver apk_data_file (sock_file (unlink)))
|
|
(allow drmserver media_rw_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow drmserver media_rw_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver media_rw_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver apk_data_file (file (read getattr map)))
|
|
(allow drmserver asec_apk_file (file (read getattr map)))
|
|
(allow drmserver ringtone_file (file (read getattr map)))
|
|
(allow drmserver radio_data_file (file (read getattr map)))
|
|
(allow drmserver oemfs (dir (search)))
|
|
(allow drmserver oemfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver vendor_overlay_file (file (read map)))
|
|
(allow drmserver drmserver_service (service_manager (add find)))
|
|
;;* lmx 57 system/sepolicy/public/drmserver.te
|
|
|
|
(neverallow base_typeattr_331 drmserver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow drmserver permission_service (service_manager (find)))
|
|
(allow drmserver mediametrics_service (service_manager (find)))
|
|
(allow drmserver selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow drmserver selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver selinuxfs (file (write lock append map open)))
|
|
(allow drmserver kernel (security (compute_av)))
|
|
(allow drmserver self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow drmserver cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow drmserver cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow drmserver cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow drmserver system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow drmserver system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate servicemanager (binder (call transfer)))
|
|
(allow servicemanager dumpstate (binder (call transfer)))
|
|
(allow servicemanager dumpstate (dir (search)))
|
|
(allow servicemanager dumpstate (file (read open)))
|
|
(allow servicemanager dumpstate (process (getattr)))
|
|
(allow dumpstate sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow dumpstate self (capability2 (block_suspend)))
|
|
(allow dumpstate self (cap2_userns (block_suspend)))
|
|
(allow dumpstate system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server dumpstate (binder (transfer)))
|
|
(allow dumpstate system_suspend_server (fd (use)))
|
|
(allow dumpstate system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow dumpstate hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager dumpstate (binder (call transfer)))
|
|
(allow hwservicemanager dumpstate (dir (search)))
|
|
(allow hwservicemanager dumpstate (file (read map open)))
|
|
(allow hwservicemanager dumpstate (process (getattr)))
|
|
(allow dumpstate hwservicemanager_prop (file (read getattr map open)))
|
|
(allow dumpstate hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow dumpstate hal_system_suspend_service (service_manager (find)))
|
|
(allow dumpstate servicemanager (binder (call transfer)))
|
|
(allow servicemanager dumpstate (binder (call transfer)))
|
|
(allow servicemanager dumpstate (dir (search)))
|
|
(allow servicemanager dumpstate (file (read open)))
|
|
(allow servicemanager dumpstate (process (getattr)))
|
|
(allow dumpstate self (capability (setgid setuid sys_resource)))
|
|
(allow dumpstate self (cap_userns (setgid setuid sys_resource)))
|
|
(allow dumpstate domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate self (capability (kill net_admin net_raw)))
|
|
(allow dumpstate self (cap_userns (kill net_admin net_raw)))
|
|
(allow dumpstate system_file (file (execute_no_trans)))
|
|
(allow dumpstate toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dumpstate system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate self (capability (chown dac_override dac_read_search fowner fsetid)))
|
|
(allow dumpstate self (cap_userns (chown dac_override dac_read_search fowner fsetid)))
|
|
(allow dumpstate anr_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow dumpstate anr_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow dumpstate system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate app_data_file (file (append)))
|
|
(allow dumpstate privapp_data_file (file (append)))
|
|
(allow dumpstate self (capability2 (syslog)))
|
|
(allow dumpstate self (cap2_userns (syslog)))
|
|
(allow dumpstate kernel (system (syslog_read)))
|
|
(allow dumpstate pstorefs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate domain (process (getattr)))
|
|
(allow dumpstate appdomain (process (signal)))
|
|
(allow dumpstate app_zygote (process (signal)))
|
|
(allow dumpstate system_server (process (signal)))
|
|
(allow dumpstate zygote (process (signal)))
|
|
(allow dumpstate hal_audio_server (process (signal)))
|
|
(allow dumpstate hal_audiocontrol_server (process (signal)))
|
|
(allow dumpstate hal_bluetooth_server (process (signal)))
|
|
(allow dumpstate hal_broadcastradio_server (process (signal)))
|
|
(allow dumpstate hal_camera_server (process (signal)))
|
|
(allow dumpstate hal_codec2_server (process (signal)))
|
|
(allow dumpstate hal_drm_server (process (signal)))
|
|
(allow dumpstate hal_evs_server (process (signal)))
|
|
(allow dumpstate hal_face_server (process (signal)))
|
|
(allow dumpstate hal_fingerprint_server (process (signal)))
|
|
(allow dumpstate hal_graphics_allocator_server (process (signal)))
|
|
(allow dumpstate hal_graphics_composer_server (process (signal)))
|
|
(allow dumpstate hal_health_server (process (signal)))
|
|
(allow dumpstate hal_input_processor_server (process (signal)))
|
|
(allow dumpstate hal_neuralnetworks_server (process (signal)))
|
|
(allow dumpstate hal_omx_server (process (signal)))
|
|
(allow dumpstate hal_power_server (process (signal)))
|
|
(allow dumpstate hal_power_stats_server (process (signal)))
|
|
(allow dumpstate hal_sensors_server (process (signal)))
|
|
(allow dumpstate hal_thermal_server (process (signal)))
|
|
(allow dumpstate hal_vehicle_server (process (signal)))
|
|
(allow dumpstate hal_vr_server (process (signal)))
|
|
(allow dumpstate system_suspend_server (process (signal)))
|
|
(allow dumpstate audioserver (process (signal)))
|
|
(allow dumpstate cameraserver (process (signal)))
|
|
(allow dumpstate drmserver (process (signal)))
|
|
(allow dumpstate evsmanagerd (process (signal)))
|
|
(allow dumpstate inputflinger (process (signal)))
|
|
(allow dumpstate mediadrmserver (process (signal)))
|
|
(allow dumpstate mediaextractor (process (signal)))
|
|
(allow dumpstate mediametrics (process (signal)))
|
|
(allow dumpstate mediaserver (process (signal)))
|
|
(allow dumpstate mediaswcodec (process (signal)))
|
|
(allow dumpstate sdcardd (process (signal)))
|
|
(allow dumpstate surfaceflinger (process (signal)))
|
|
(allow dumpstate vold (process (signal)))
|
|
(allow dumpstate tombstoned_intercept_socket (sock_file (write)))
|
|
(allow dumpstate tombstoned (unix_stream_socket (connectto)))
|
|
(allow dumpstate sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate sysfs_devices_block (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate sysfs_loop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate sysfs_usb (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate sysfs_zram (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit dumpstate sysfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate block_device (dir (getattr search)))
|
|
(allow dumpstate rootfs (dir (getattr search)))
|
|
(allow dumpstate selinuxfs (dir (getattr search)))
|
|
(allow dumpstate tmpfs (dir (getattr search)))
|
|
(allow dumpstate metadata_file (dir (getattr search)))
|
|
(allow dumpstate storage_file (dir (getattr search)))
|
|
(allow dumpstate cache_file (dir (getattr search)))
|
|
(allow dumpstate fuse_device (chr_file (getattr)))
|
|
(allow dumpstate dm_device (blk_file (getattr)))
|
|
(allow dumpstate cache_block_device (blk_file (getattr)))
|
|
(allow dumpstate rootfs (lnk_file (read getattr)))
|
|
(allow dumpstate cache_file (lnk_file (read getattr)))
|
|
(allow dumpstate cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain dumpstate (binder (transfer)))
|
|
(allow dumpstate binderservicedomain (fd (use)))
|
|
(allow dumpstate appdomain (binder (call transfer)))
|
|
(allow dumpstate artd (binder (call transfer)))
|
|
(allow dumpstate netd (binder (call transfer)))
|
|
(allow dumpstate wificond (binder (call transfer)))
|
|
(allow appdomain dumpstate (binder (transfer)))
|
|
(allow artd dumpstate (binder (transfer)))
|
|
(allow netd dumpstate (binder (transfer)))
|
|
(allow wificond dumpstate (binder (transfer)))
|
|
(allow dumpstate appdomain (fd (use)))
|
|
(allow dumpstate artd (fd (use)))
|
|
(allow dumpstate netd (fd (use)))
|
|
(allow dumpstate wificond (fd (use)))
|
|
(allow hal_audio_server dumpstate (fifo_file (write)))
|
|
(allow hal_audio_server dumpstate (fd (use)))
|
|
(allow hal_audiocontrol_server dumpstate (fifo_file (write)))
|
|
(allow hal_audiocontrol_server dumpstate (fd (use)))
|
|
(allow hal_authgraph_server dumpstate (fifo_file (write)))
|
|
(allow hal_authgraph_server dumpstate (fd (use)))
|
|
(allow hal_authsecret_server dumpstate (fifo_file (write)))
|
|
(allow hal_authsecret_server dumpstate (fd (use)))
|
|
(allow hal_bluetooth_server dumpstate (fifo_file (write)))
|
|
(allow hal_bluetooth_server dumpstate (fd (use)))
|
|
(allow hal_broadcastradio_server dumpstate (fifo_file (write)))
|
|
(allow hal_broadcastradio_server dumpstate (fd (use)))
|
|
(allow hal_camera_server dumpstate (fifo_file (write)))
|
|
(allow hal_camera_server dumpstate (fd (use)))
|
|
(allow hal_codec2_server dumpstate (fifo_file (write)))
|
|
(allow hal_codec2_server dumpstate (fd (use)))
|
|
(allow hal_contexthub_server dumpstate (fifo_file (write)))
|
|
(allow hal_contexthub_server dumpstate (fd (use)))
|
|
(allow hal_drm_server dumpstate (fifo_file (write)))
|
|
(allow hal_drm_server dumpstate (fd (use)))
|
|
(allow hal_dumpstate_server dumpstate (fifo_file (write)))
|
|
(allow hal_dumpstate_server dumpstate (fd (use)))
|
|
(allow hal_evs_server dumpstate (fifo_file (write)))
|
|
(allow hal_evs_server dumpstate (fd (use)))
|
|
(allow hal_face_server dumpstate (fifo_file (write)))
|
|
(allow hal_face_server dumpstate (fd (use)))
|
|
(allow hal_fingerprint_server dumpstate (fifo_file (write)))
|
|
(allow hal_fingerprint_server dumpstate (fd (use)))
|
|
(allow hal_gnss_server dumpstate (fifo_file (write)))
|
|
(allow hal_gnss_server dumpstate (fd (use)))
|
|
(allow hal_graphics_allocator_server dumpstate (fifo_file (write)))
|
|
(allow hal_graphics_allocator_server dumpstate (fd (use)))
|
|
(allow hal_graphics_composer_server dumpstate (fifo_file (write)))
|
|
(allow hal_graphics_composer_server dumpstate (fd (use)))
|
|
(allow hal_health_server dumpstate (fifo_file (write)))
|
|
(allow hal_health_server dumpstate (fd (use)))
|
|
(allow hal_identity_server dumpstate (fifo_file (write)))
|
|
(allow hal_identity_server dumpstate (fd (use)))
|
|
(allow hal_input_processor_server dumpstate (fifo_file (write)))
|
|
(allow hal_input_processor_server dumpstate (fd (use)))
|
|
(allow hal_keymint_server dumpstate (fifo_file (write)))
|
|
(allow hal_keymint_server dumpstate (fd (use)))
|
|
(allow hal_light_server dumpstate (fifo_file (write)))
|
|
(allow hal_light_server dumpstate (fd (use)))
|
|
(allow hal_memtrack_server dumpstate (fifo_file (write)))
|
|
(allow hal_memtrack_server dumpstate (fd (use)))
|
|
(allow hal_neuralnetworks_server dumpstate (fifo_file (write)))
|
|
(allow hal_neuralnetworks_server dumpstate (fd (use)))
|
|
(allow hal_nfc_server dumpstate (fifo_file (write)))
|
|
(allow hal_nfc_server dumpstate (fd (use)))
|
|
(allow hal_oemlock_server dumpstate (fifo_file (write)))
|
|
(allow hal_oemlock_server dumpstate (fd (use)))
|
|
(allow hal_power_server dumpstate (fifo_file (write)))
|
|
(allow hal_power_server dumpstate (fd (use)))
|
|
(allow hal_power_stats_server dumpstate (fifo_file (write)))
|
|
(allow hal_power_stats_server dumpstate (fd (use)))
|
|
(allow hal_rebootescrow_server dumpstate (fifo_file (write)))
|
|
(allow hal_rebootescrow_server dumpstate (fd (use)))
|
|
(allow hal_secretkeeper_server dumpstate (fifo_file (write)))
|
|
(allow hal_secretkeeper_server dumpstate (fd (use)))
|
|
(allow hal_sensors_server dumpstate (fifo_file (write)))
|
|
(allow hal_sensors_server dumpstate (fd (use)))
|
|
(allow hal_thermal_server dumpstate (fifo_file (write)))
|
|
(allow hal_thermal_server dumpstate (fd (use)))
|
|
(allow hal_vehicle_server dumpstate (fifo_file (write)))
|
|
(allow hal_vehicle_server dumpstate (fd (use)))
|
|
(allow hal_weaver_server dumpstate (fifo_file (write)))
|
|
(allow hal_weaver_server dumpstate (fd (use)))
|
|
(allow hal_wifi_server dumpstate (fifo_file (write)))
|
|
(allow hal_wifi_server dumpstate (fd (use)))
|
|
(allow dumpstate self (capability (sys_ptrace)))
|
|
(allow dumpstate self (cap_userns (sys_ptrace)))
|
|
(allow dumpstate shell_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow dumpstate shell_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow dumpstate shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dumpstate zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dumpstate bluetooth_data_file (dir (search)))
|
|
(allow dumpstate bluetooth_logs_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate bluetooth_logs_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate nfc_logs_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate nfc_logs_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow dumpstate gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dumpstate logdr_socket (sock_file (write)))
|
|
(allow dumpstate logd (unix_stream_socket (connectto)))
|
|
(allow dumpstate logd_socket (sock_file (write)))
|
|
(allow dumpstate logd (unix_stream_socket (connectto)))
|
|
(allow dumpstate runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_qtaguid_ctrl (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_qtaguid_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_buddyinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_modules (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pipe_conf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_slabinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_vmallocinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate net_data_file (dir (search)))
|
|
(allow dumpstate net_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate self (netlink_tcpdiag_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read)))
|
|
(allow dumpstate tombstone_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate tombstone_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate cache_recovery_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate cache_recovery_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate recovery_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate recovery_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate update_engine_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate update_engine_log_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate update_engine_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate update_engine_log_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate snapuserd_log_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate snapuserd_log_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate misc_logd_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate misc_logd_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate prereboot_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate prereboot_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate app_fuse_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate overlayfs_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate base_typeattr_332 (service_manager (find)))
|
|
(dontaudit dumpstate hal_service_type (service_manager (find)))
|
|
(dontaudit dumpstate apex_service (service_manager (find)))
|
|
(dontaudit dumpstate dumpstate_service (service_manager (find)))
|
|
(dontaudit dumpstate gatekeeper_service (service_manager (find)))
|
|
(dontaudit dumpstate virtual_touchpad_service (service_manager (find)))
|
|
(dontaudit dumpstate vold_service (service_manager (find)))
|
|
(dontaudit dumpstate hwservice_manager_type (hwservice_manager (find)))
|
|
(allow dumpstate servicemanager (service_manager (list)))
|
|
(allow dumpstate hwservicemanager (hwservice_manager (list)))
|
|
(allow dumpstate devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow dumpstate property_type (file (read getattr map open)))
|
|
(allow dumpstate media_rw_data_file (dir (getattr)))
|
|
(allow dumpstate proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_zoneinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate dumpstate_service (service_manager (add find)))
|
|
;;* lmx 324 system/sepolicy/public/dumpstate.te
|
|
|
|
(neverallow base_typeattr_333 dumpstate_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow dumpstate ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pressure_cpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pressure_mem (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pressure_io (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pid_max (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate installd (binder (call transfer)))
|
|
(allow installd dumpstate (binder (transfer)))
|
|
(allow dumpstate installd (fd (use)))
|
|
(allow dumpstate self (netlink_xfrm_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read)))
|
|
(allow dumpstate self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow dumpstate self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow dumpstate domain (socket (getattr)))
|
|
(allow dumpstate domain (tcp_socket (getattr)))
|
|
(allow dumpstate domain (udp_socket (getattr)))
|
|
(allow dumpstate domain (rawip_socket (getattr)))
|
|
(allow dumpstate domain (netlink_socket (getattr)))
|
|
(allow dumpstate domain (packet_socket (getattr)))
|
|
(allow dumpstate domain (key_socket (getattr)))
|
|
(allow dumpstate domain (unix_stream_socket (getattr)))
|
|
(allow dumpstate domain (unix_dgram_socket (getattr)))
|
|
(allow dumpstate domain (netlink_route_socket (getattr)))
|
|
(allow dumpstate domain (netlink_tcpdiag_socket (getattr)))
|
|
(allow dumpstate domain (netlink_nflog_socket (getattr)))
|
|
(allow dumpstate domain (netlink_xfrm_socket (getattr)))
|
|
(allow dumpstate domain (netlink_selinux_socket (getattr)))
|
|
(allow dumpstate domain (netlink_audit_socket (getattr)))
|
|
(allow dumpstate domain (netlink_dnrt_socket (getattr)))
|
|
(allow dumpstate domain (netlink_kobject_uevent_socket (getattr)))
|
|
(allow dumpstate domain (appletalk_socket (getattr)))
|
|
(allow dumpstate domain (tun_socket (getattr)))
|
|
(allow dumpstate domain (netlink_iscsi_socket (getattr)))
|
|
(allow dumpstate domain (netlink_fib_lookup_socket (getattr)))
|
|
(allow dumpstate domain (netlink_connector_socket (getattr)))
|
|
(allow dumpstate domain (netlink_netfilter_socket (getattr)))
|
|
(allow dumpstate domain (netlink_generic_socket (getattr)))
|
|
(allow dumpstate domain (netlink_scsitransport_socket (getattr)))
|
|
(allow dumpstate domain (netlink_rdma_socket (getattr)))
|
|
(allow dumpstate domain (netlink_crypto_socket (getattr)))
|
|
(allow dumpstate domain (sctp_socket (getattr)))
|
|
(allow dumpstate domain (icmp_socket (getattr)))
|
|
(allow dumpstate domain (ax25_socket (getattr)))
|
|
(allow dumpstate domain (ipx_socket (getattr)))
|
|
(allow dumpstate domain (netrom_socket (getattr)))
|
|
(allow dumpstate domain (atmpvc_socket (getattr)))
|
|
(allow dumpstate domain (x25_socket (getattr)))
|
|
(allow dumpstate domain (rose_socket (getattr)))
|
|
(allow dumpstate domain (decnet_socket (getattr)))
|
|
(allow dumpstate domain (atmsvc_socket (getattr)))
|
|
(allow dumpstate domain (rds_socket (getattr)))
|
|
(allow dumpstate domain (irda_socket (getattr)))
|
|
(allow dumpstate domain (pppox_socket (getattr)))
|
|
(allow dumpstate domain (llc_socket (getattr)))
|
|
(allow dumpstate domain (can_socket (getattr)))
|
|
(allow dumpstate domain (tipc_socket (getattr)))
|
|
(allow dumpstate domain (bluetooth_socket (getattr)))
|
|
(allow dumpstate domain (iucv_socket (getattr)))
|
|
(allow dumpstate domain (rxrpc_socket (getattr)))
|
|
(allow dumpstate domain (isdn_socket (getattr)))
|
|
(allow dumpstate domain (phonet_socket (getattr)))
|
|
(allow dumpstate domain (ieee802154_socket (getattr)))
|
|
(allow dumpstate domain (caif_socket (getattr)))
|
|
(allow dumpstate domain (alg_socket (getattr)))
|
|
(allow dumpstate domain (nfc_socket (getattr)))
|
|
(allow dumpstate domain (vsock_socket (getattr)))
|
|
(allow dumpstate domain (kcm_socket (getattr)))
|
|
(allow dumpstate domain (qipcrtr_socket (getattr)))
|
|
(allow dumpstate domain (smc_socket (getattr)))
|
|
(allow dumpstate domain (xdp_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (tcp_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (udp_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (rawip_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (packet_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (key_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (unix_stream_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (unix_dgram_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_route_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_tcpdiag_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_nflog_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_xfrm_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_selinux_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_audit_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_dnrt_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_kobject_uevent_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (appletalk_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (tun_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_iscsi_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_fib_lookup_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_connector_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_netfilter_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_generic_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_scsitransport_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_rdma_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netlink_crypto_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (sctp_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (icmp_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (ax25_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (ipx_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (netrom_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (atmpvc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (x25_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (rose_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (decnet_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (atmsvc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (rds_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (irda_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (pppox_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (llc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (can_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (tipc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (bluetooth_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (iucv_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (rxrpc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (isdn_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (phonet_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (ieee802154_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (caif_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (alg_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (nfc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (vsock_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (kcm_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (qipcrtr_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (smc_socket (getattr)))
|
|
(allow dumpstate pdx_endpoint_socket_type (xdp_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (tcp_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (udp_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (rawip_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (packet_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (key_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (unix_stream_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (unix_dgram_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_route_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_tcpdiag_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_nflog_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_xfrm_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_selinux_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_audit_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_dnrt_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_kobject_uevent_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (appletalk_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (tun_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_iscsi_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_fib_lookup_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_connector_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_netfilter_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_generic_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_scsitransport_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_rdma_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netlink_crypto_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (sctp_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (icmp_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (ax25_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (ipx_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (netrom_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (atmpvc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (x25_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (rose_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (decnet_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (atmsvc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (rds_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (irda_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (pppox_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (llc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (can_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (tipc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (bluetooth_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (iucv_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (rxrpc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (isdn_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (phonet_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (ieee802154_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (caif_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (alg_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (nfc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (vsock_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (kcm_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (qipcrtr_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (smc_socket (getattr)))
|
|
(allow dumpstate pdx_channel_socket_type (xdp_socket (getattr)))
|
|
(allow dumpstate linkerconfig_file (dir (read open)))
|
|
(dontaudit dumpstate mnt_user_file (dir (search)))
|
|
(dontaudit dumpstate mnt_vendor_file (dir (search)))
|
|
(dontaudit dumpstate mnt_product_file (dir (search)))
|
|
(dontaudit dumpstate mirror_data_file (dir (search)))
|
|
(dontaudit dumpstate linkerconfig_file (dir (getattr)))
|
|
(dontaudit dumpstate mnt_user_file (dir (getattr)))
|
|
(dontaudit dumpstate apex_mnt_dir (dir (getattr)))
|
|
(dontaudit dumpstate mirror_data_file (dir (getattr)))
|
|
(allow dumpstate bufferhubd (binder (call transfer)))
|
|
(allow bufferhubd dumpstate (binder (transfer)))
|
|
(allow dumpstate bufferhubd (fd (use)))
|
|
(allow dumpstate mediaswcodec (binder (call transfer)))
|
|
(allow mediaswcodec dumpstate (binder (transfer)))
|
|
(allow dumpstate mediaswcodec (fd (use)))
|
|
(allow dumpstate snapshotctl_log_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate snapshotctl_log_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate binderfs_logs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate binderfs_logs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate binderfs_logs_proc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate binderfs_logs_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate shutdown_checkpoints_system_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate shutdown_checkpoints_system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 398 system/sepolicy/public/dumpstate.te
|
|
|
|
(neverallow dumpstate base_typeattr_224 (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 407 system/sepolicy/public/dumpstate.te
|
|
|
|
(neverallow base_typeattr_334 dumpstate_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow e2fs devpts (chr_file (ioctl read write getattr)))
|
|
(allow e2fs dev_type (blk_file (getattr)))
|
|
(allow e2fs block_device (dir (search)))
|
|
(allow e2fs userdata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow e2fs metadata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow e2fs dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow e2fs zoned_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow e2fs vold (fd (use)))
|
|
(allow e2fs sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow e2fs sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allowx e2fs dm_device (ioctl blk_file (0x125e 0x1277 (range 0x127b 0x127d) (range 0x1282 0x1283))))
|
|
(allowx e2fs userdata_block_device (ioctl blk_file (0x125e 0x1277 (range 0x127b 0x127d) (range 0x1282 0x1283))))
|
|
(allowx e2fs zoned_block_device (ioctl blk_file (0x125e 0x1277 (range 0x127b 0x127d) (range 0x1282 0x1283))))
|
|
(allowx e2fs metadata_block_device (ioctl blk_file (0x125e 0x1277 (range 0x127b 0x127d) (range 0x1282 0x1283))))
|
|
(allow e2fs proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow e2fs proc_mounts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow e2fs proc_swaps (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow e2fs sysfs_fs_ext4_features (dir (search)))
|
|
(allow e2fs sysfs_fs_ext4_features (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow e2fs file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow extra_free_kbytes shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow extra_free_kbytes system_file (file (getattr map execute execute_no_trans)))
|
|
(allow extra_free_kbytes toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow extra_free_kbytes proc_extra_free_kbytes (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow extra_free_kbytes proc_watermark_scale_factor (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow extra_free_kbytes proc_zoneinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 129 system/sepolicy/public/fastbootd.te
|
|
|
|
(neverallow fastbootd data_file_type (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow fs_type self (filesystem (associate)))
|
|
(allow cgroup tmpfs (filesystem (associate)))
|
|
(allow cgroup_v2 tmpfs (filesystem (associate)))
|
|
(allow cgroup_rc_file tmpfs (filesystem (associate)))
|
|
(allow sysfs_type sysfs (filesystem (associate)))
|
|
(allow debugfs_type debugfs (filesystem (associate)))
|
|
(allow debugfs_type debugfs_tracing (filesystem (associate)))
|
|
(allow debugfs_type debugfs_tracing_debug (filesystem (associate)))
|
|
(allow file_type labeledfs (filesystem (associate)))
|
|
(allow file_type tmpfs (filesystem (associate)))
|
|
(allow file_type rootfs (filesystem (associate)))
|
|
(allow dev_type tmpfs (filesystem (associate)))
|
|
(allow app_fuse_file app_fusefs (filesystem (associate)))
|
|
(allow postinstall_file self (filesystem (associate)))
|
|
(allow proc_net proc (filesystem (associate)))
|
|
;;* lmx 651 system/sepolicy/public/file.te
|
|
|
|
(neverallow fs_type file_type (filesystem (associate)))
|
|
;;* lme
|
|
|
|
(allow fingerprintd servicemanager (binder (call transfer)))
|
|
(allow servicemanager fingerprintd (binder (call transfer)))
|
|
(allow servicemanager fingerprintd (dir (search)))
|
|
(allow servicemanager fingerprintd (file (read open)))
|
|
(allow servicemanager fingerprintd (process (getattr)))
|
|
(allow fingerprintd system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow fingerprintd fingerprintd_service (service_manager (add find)))
|
|
;;* lmx 10 system/sepolicy/public/fingerprintd.te
|
|
|
|
(neverallow base_typeattr_335 fingerprintd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow fingerprintd fingerprintd_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow fingerprintd fingerprintd_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow keystore fingerprintd (dir (search)))
|
|
(allow keystore fingerprintd (file (read open)))
|
|
(allow keystore fingerprintd (process (getattr)))
|
|
(allow fingerprintd apc_service (service_manager (find)))
|
|
(allow fingerprintd keystore_service (service_manager (find)))
|
|
(allow fingerprintd legacykeystore_service (service_manager (find)))
|
|
(allow fingerprintd keystore (binder (call transfer)))
|
|
(allow keystore fingerprintd (binder (transfer)))
|
|
(allow fingerprintd keystore (fd (use)))
|
|
(allow keystore fingerprintd (binder (call transfer)))
|
|
(allow fingerprintd keystore (binder (transfer)))
|
|
(allow keystore fingerprintd (fd (use)))
|
|
(allow fingerprintd keystore (keystore2 (add_auth)))
|
|
(allow fingerprintd system_server (binder (call transfer)))
|
|
(allow system_server fingerprintd (binder (transfer)))
|
|
(allow fingerprintd system_server (fd (use)))
|
|
(allow fingerprintd permission_service (service_manager (find)))
|
|
(allow fingerprintd ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow flags_health_check server_configurable_flags_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow flags_health_check server_configurable_flags_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lmx 12 system/sepolicy/public/flags_health_check.te
|
|
|
|
(neverallow base_typeattr_336 server_configurable_flags_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow fsck tmpfs (chr_file (ioctl read write)))
|
|
(allow fsck devpts (chr_file (ioctl read write getattr)))
|
|
(allow fsck vold (fd (use)))
|
|
(allow fsck vold (fifo_file (read write getattr)))
|
|
(allow fsck userdata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow fsck cache_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow fsck dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow fsck zoned_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow fsck metadata_file (dir (getattr)))
|
|
(allow fsck block_device (dir (search)))
|
|
(allow fsck mirror_data_file (dir (search)))
|
|
(allowx fsck dev_type (ioctl blk_file (0x125e 0x127c 0x1282)))
|
|
(allow fsck dev_type (blk_file (getattr)))
|
|
(allow fsck proc_mounts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow fsck proc_swaps (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow fsck sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow fsck rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow fsck sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
;;* lmx 72 system/sepolicy/public/fsck.te
|
|
|
|
(neverallow fsck vold_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck root_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck system_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck recovery_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck boot_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck swap_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 75 system/sepolicy/public/fsck.te
|
|
|
|
(neverallow base_typeattr_337 fsck (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 76 system/sepolicy/public/fsck.te
|
|
|
|
(neverallow base_typeattr_224 fsck (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 77 system/sepolicy/public/fsck.te
|
|
|
|
(neverallow fsck base_typeattr_338 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(allow fsck_untrusted devpts (chr_file (ioctl read write getattr)))
|
|
(allow fsck_untrusted vold (fd (use)))
|
|
(allow fsck_untrusted vold (fifo_file (read write getattr)))
|
|
(allow fsck_untrusted block_device (dir (search)))
|
|
(allow fsck_untrusted vold_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow fsck_untrusted proc_mounts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow fsck_untrusted dev_type (blk_file (getattr)))
|
|
;;* lmx 45 system/sepolicy/public/fsck_untrusted.te
|
|
|
|
(neverallow fsck_untrusted dm_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted root_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted system_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted recovery_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted boot_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted userdata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted cache_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted swap_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fsck_untrusted metadata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 48 system/sepolicy/public/fsck_untrusted.te
|
|
|
|
(neverallow base_typeattr_339 fsck_untrusted (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 49 system/sepolicy/public/fsck_untrusted.te
|
|
|
|
(neverallow base_typeattr_224 fsck_untrusted (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 50 system/sepolicy/public/fsck_untrusted.te
|
|
|
|
(neverallow fsck_untrusted base_typeattr_338 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 55 system/sepolicy/public/fsck_untrusted.te
|
|
|
|
(neverallow fsck_untrusted self (capability (setgid setuid sys_admin)))
|
|
(neverallow fsck_untrusted self (cap_userns (setgid setuid sys_admin)))
|
|
;;* lme
|
|
|
|
(dontaudit fsck_untrusted sysfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit fsck_untrusted sysfs_dm (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit fsck_untrusted sysfs_dm (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(dontaudit fsck_untrusted tmpfs (lnk_file (read)))
|
|
(allow gatekeeperd servicemanager (binder (call transfer)))
|
|
(allow servicemanager gatekeeperd (binder (call transfer)))
|
|
(allow servicemanager gatekeeperd (dir (search)))
|
|
(allow servicemanager gatekeeperd (file (read open)))
|
|
(allow servicemanager gatekeeperd (process (getattr)))
|
|
(allow gatekeeperd ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gatekeeperd system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gatekeeperd gatekeeper_service (service_manager (add find)))
|
|
;;* lmx 21 system/sepolicy/public/gatekeeperd.te
|
|
|
|
(neverallow base_typeattr_340 gatekeeper_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore gatekeeperd (dir (search)))
|
|
(allow keystore gatekeeperd (file (read open)))
|
|
(allow keystore gatekeeperd (process (getattr)))
|
|
(allow gatekeeperd apc_service (service_manager (find)))
|
|
(allow gatekeeperd keystore_service (service_manager (find)))
|
|
(allow gatekeeperd legacykeystore_service (service_manager (find)))
|
|
(allow gatekeeperd keystore (binder (call transfer)))
|
|
(allow keystore gatekeeperd (binder (transfer)))
|
|
(allow gatekeeperd keystore (fd (use)))
|
|
(allow keystore gatekeeperd (binder (call transfer)))
|
|
(allow gatekeeperd keystore (binder (transfer)))
|
|
(allow keystore gatekeeperd (fd (use)))
|
|
(allow gatekeeperd keystore (keystore2 (add_auth)))
|
|
(allow gatekeeperd authorization_service (service_manager (find)))
|
|
(allow gatekeeperd system_server (binder (call)))
|
|
(allow gatekeeperd permission_service (service_manager (find)))
|
|
(allow gatekeeperd gatekeeper_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow gatekeeperd gatekeeper_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gatekeeperd hardware_properties_service (service_manager (find)))
|
|
(allow gatekeeperd cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gatekeeperd cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gatekeeperd cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gatekeeperd cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gatekeeperd cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gatekeeperd cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_allocator_client hal_allocator_server (binder (call transfer)))
|
|
(allow hal_allocator_server hal_allocator_client (binder (transfer)))
|
|
(allow hal_allocator_client hal_allocator_server (fd (use)))
|
|
(allow hal_allocator_client hidl_allocator_hwservice (hwservice_manager (find)))
|
|
(allow hal_allocator_server hidl_allocator_hwservice (hwservice_manager (add find)))
|
|
(allow hal_allocator_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_allocator.te
|
|
|
|
(neverallow base_typeattr_341 hidl_allocator_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_allocator.te
|
|
|
|
(neverallow base_typeattr_342 hidl_allocator_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_allocator_client hidl_memory_hwservice (hwservice_manager (find)))
|
|
(allow hal_allocator_client same_process_hal_file (file (read getattr map execute open)))
|
|
(allow hal_atrace_client hal_atrace_server (binder (call transfer)))
|
|
(allow hal_atrace_server hal_atrace_client (binder (transfer)))
|
|
(allow hal_atrace_client hal_atrace_server (fd (use)))
|
|
(allow hal_atrace_client hal_atrace_hwservice (hwservice_manager (find)))
|
|
(allow hal_atrace_server hal_atrace_hwservice (hwservice_manager (add find)))
|
|
(allow hal_atrace_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_atrace.te
|
|
|
|
(neverallow base_typeattr_343 hal_atrace_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_atrace.te
|
|
|
|
(neverallow base_typeattr_344 hal_atrace_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_audio_client hal_audio_server (binder (call transfer)))
|
|
(allow hal_audio_server hal_audio_client (binder (transfer)))
|
|
(allow hal_audio_client hal_audio_server (fd (use)))
|
|
(allow hal_audio_server hal_audio_client (binder (call transfer)))
|
|
(allow hal_audio_client hal_audio_server (binder (transfer)))
|
|
(allow hal_audio_server hal_audio_client (fd (use)))
|
|
(allow hal_audio_client hal_audio_hwservice (hwservice_manager (find)))
|
|
(allow hal_audio_server hal_audio_hwservice (hwservice_manager (add find)))
|
|
(allow hal_audio_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_audio.te
|
|
|
|
(neverallow base_typeattr_345 hal_audio_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_audio.te
|
|
|
|
(neverallow base_typeattr_346 hal_audio_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_audio_client hal_audio_service (service_manager (find)))
|
|
(allow hal_audio_server hal_audio_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_audio.te
|
|
|
|
(neverallow base_typeattr_345 hal_audio_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_audio.te
|
|
|
|
(neverallow base_typeattr_347 hal_audio_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_audio ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_audio_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_audio_server (binder (transfer)))
|
|
(allow hal_audio_server servicemanager (fd (use)))
|
|
(allow hal_audio proc (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_audio proc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_audio proc (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_audio proc_asound (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_audio proc_asound (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_audio proc_asound (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_audio_server audio_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_audio_server audio_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_audio shell (fd (use)))
|
|
(allow hal_audio shell (fifo_file (write)))
|
|
(allow hal_audio dumpstate (fd (use)))
|
|
(allow hal_audio dumpstate (fifo_file (write)))
|
|
(allow hal_audio_server appdomain (fd (use)))
|
|
(allow hal_audio_server system_server_tmpfs (file (read getattr map)))
|
|
(allow hal_audio_server self (capability (sys_nice)))
|
|
(allow hal_audio_server self (cap_userns (sys_nice)))
|
|
(allow hal_audio vndbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_audio vndservicemanager (binder (call transfer)))
|
|
(allow vndservicemanager hal_audio (dir (search)))
|
|
(allow vndservicemanager hal_audio (file (read map open)))
|
|
(allow vndservicemanager hal_audio (process (getattr)))
|
|
;;* lmx 39 system/sepolicy/public/hal_audio.te
|
|
|
|
(neverallow hal_audio_server fs_type (file (execute_no_trans)))
|
|
(neverallow hal_audio_server file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/public/hal_audio.te
|
|
|
|
(neverallow base_typeattr_348 audio_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow hal_audio audio_config_prop (file (read getattr map open)))
|
|
(allow hal_audio bluetooth_a2dp_offload_prop (file (read getattr map open)))
|
|
(allow hal_audio bluetooth_audio_hal_prop (file (read getattr map open)))
|
|
(allow hal_audiocontrol_client hal_audiocontrol_server (binder (call transfer)))
|
|
(allow hal_audiocontrol_server hal_audiocontrol_client (binder (transfer)))
|
|
(allow hal_audiocontrol_client hal_audiocontrol_server (fd (use)))
|
|
(allow hal_audiocontrol_server hal_audiocontrol_client (binder (call transfer)))
|
|
(allow hal_audiocontrol_client hal_audiocontrol_server (binder (transfer)))
|
|
(allow hal_audiocontrol_server hal_audiocontrol_client (fd (use)))
|
|
(allow hal_audiocontrol_client hal_audiocontrol_hwservice (hwservice_manager (find)))
|
|
(allow hal_audiocontrol_server hal_audiocontrol_hwservice (hwservice_manager (add find)))
|
|
(allow hal_audiocontrol_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_audiocontrol.te
|
|
|
|
(neverallow base_typeattr_349 hal_audiocontrol_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_audiocontrol.te
|
|
|
|
(neverallow base_typeattr_350 hal_audiocontrol_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_audiocontrol_client hal_audiocontrol_service (service_manager (find)))
|
|
(allow hal_audiocontrol_server hal_audiocontrol_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_audiocontrol.te
|
|
|
|
(neverallow base_typeattr_349 hal_audiocontrol_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_audiocontrol.te
|
|
|
|
(neverallow base_typeattr_351 hal_audiocontrol_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_audiocontrol_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_audiocontrol_server (binder (transfer)))
|
|
(allow hal_audiocontrol_server servicemanager (fd (use)))
|
|
(allow hal_authgraph_client hal_authgraph_server (binder (call transfer)))
|
|
(allow hal_authgraph_server hal_authgraph_client (binder (transfer)))
|
|
(allow hal_authgraph_client hal_authgraph_server (fd (use)))
|
|
(allow hal_authgraph_client hal_authgraph_service (service_manager (find)))
|
|
(allow hal_authgraph_server hal_authgraph_service (service_manager (add find)))
|
|
;;* lmx 3 system/sepolicy/public/hal_authgraph.te
|
|
|
|
(neverallow base_typeattr_352 hal_authgraph_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/public/hal_authgraph.te
|
|
|
|
(neverallow base_typeattr_353 hal_authgraph_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_authgraph_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_authgraph_server (binder (transfer)))
|
|
(allow hal_authgraph_server servicemanager (fd (use)))
|
|
(allow hal_authgraph_server tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_authgraph_server ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_authsecret_client hal_authsecret_server (binder (call transfer)))
|
|
(allow hal_authsecret_server hal_authsecret_client (binder (transfer)))
|
|
(allow hal_authsecret_client hal_authsecret_server (fd (use)))
|
|
(allow hal_authsecret_client hal_authsecret_hwservice (hwservice_manager (find)))
|
|
(allow hal_authsecret_server hal_authsecret_hwservice (hwservice_manager (add find)))
|
|
(allow hal_authsecret_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_authsecret.te
|
|
|
|
(neverallow base_typeattr_354 hal_authsecret_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_authsecret.te
|
|
|
|
(neverallow base_typeattr_355 hal_authsecret_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_authsecret_client hal_authsecret_service (service_manager (find)))
|
|
(allow hal_authsecret_server hal_authsecret_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_authsecret.te
|
|
|
|
(neverallow base_typeattr_354 hal_authsecret_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_authsecret.te
|
|
|
|
(neverallow base_typeattr_356 hal_authsecret_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_authsecret_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_authsecret_server (binder (transfer)))
|
|
(allow hal_authsecret_server servicemanager (fd (use)))
|
|
(allow hal_bluetooth_client hal_bluetooth_server (binder (call transfer)))
|
|
(allow hal_bluetooth_server hal_bluetooth_client (binder (transfer)))
|
|
(allow hal_bluetooth_client hal_bluetooth_server (fd (use)))
|
|
(allow hal_bluetooth_server hal_bluetooth_client (binder (call transfer)))
|
|
(allow hal_bluetooth_client hal_bluetooth_server (binder (transfer)))
|
|
(allow hal_bluetooth_server hal_bluetooth_client (fd (use)))
|
|
(allow hal_bluetooth_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_bluetooth_server (binder (transfer)))
|
|
(allow hal_bluetooth_server servicemanager (fd (use)))
|
|
(allow hal_bluetooth_client hal_bluetooth_hwservice (hwservice_manager (find)))
|
|
(allow hal_bluetooth_server hal_bluetooth_hwservice (hwservice_manager (add find)))
|
|
(allow hal_bluetooth_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/public/hal_bluetooth.te
|
|
|
|
(neverallow base_typeattr_357 hal_bluetooth_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_bluetooth.te
|
|
|
|
(neverallow base_typeattr_358 hal_bluetooth_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_bluetooth_client hal_bluetooth_service (service_manager (find)))
|
|
(allow hal_bluetooth_server hal_bluetooth_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_bluetooth.te
|
|
|
|
(neverallow base_typeattr_357 hal_bluetooth_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_bluetooth.te
|
|
|
|
(neverallow base_typeattr_359 hal_bluetooth_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_bluetooth sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_bluetooth self (capability2 (block_suspend)))
|
|
(allow hal_bluetooth self (cap2_userns (block_suspend)))
|
|
(allow hal_bluetooth system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server hal_bluetooth (binder (transfer)))
|
|
(allow hal_bluetooth system_suspend_server (fd (use)))
|
|
(allow hal_bluetooth system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow hal_bluetooth hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager hal_bluetooth (binder (call transfer)))
|
|
(allow hwservicemanager hal_bluetooth (dir (search)))
|
|
(allow hwservicemanager hal_bluetooth (file (read map open)))
|
|
(allow hwservicemanager hal_bluetooth (process (getattr)))
|
|
(allow hal_bluetooth hwservicemanager_prop (file (read getattr map open)))
|
|
(allow hal_bluetooth hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow hal_bluetooth hal_system_suspend_service (service_manager (find)))
|
|
(allow hal_bluetooth servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_bluetooth (binder (call transfer)))
|
|
(allow servicemanager hal_bluetooth (dir (search)))
|
|
(allow servicemanager hal_bluetooth (file (read open)))
|
|
(allow servicemanager hal_bluetooth (process (getattr)))
|
|
(allow hal_bluetooth self (capability (net_admin)))
|
|
(allow hal_bluetooth self (cap_userns (net_admin)))
|
|
(allow hal_bluetooth bluetooth_efs_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_bluetooth bluetooth_efs_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_bluetooth bluetooth_efs_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_bluetooth uhid_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_bluetooth hci_attach_dev (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_bluetooth sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_bluetooth sysfs_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_bluetooth sysfs_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_bluetooth sysfs_bluetooth_writable (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_bluetooth self (capability2 (wake_alarm)))
|
|
(allow hal_bluetooth self (cap2_userns (wake_alarm)))
|
|
(allow hal_bluetooth property_socket (sock_file (write)))
|
|
(allow hal_bluetooth init (unix_stream_socket (connectto)))
|
|
(allow hal_bluetooth bluetooth_a2dp_offload_prop (property_service (set)))
|
|
(allow hal_bluetooth bluetooth_a2dp_offload_prop (file (read getattr map open)))
|
|
(allow hal_bluetooth property_socket (sock_file (write)))
|
|
(allow hal_bluetooth init (unix_stream_socket (connectto)))
|
|
(allow hal_bluetooth bluetooth_audio_hal_prop (property_service (set)))
|
|
(allow hal_bluetooth bluetooth_audio_hal_prop (file (read getattr map open)))
|
|
(allow hal_bluetooth property_socket (sock_file (write)))
|
|
(allow hal_bluetooth init (unix_stream_socket (connectto)))
|
|
(allow hal_bluetooth bluetooth_prop (property_service (set)))
|
|
(allow hal_bluetooth bluetooth_prop (file (read getattr map open)))
|
|
(allow hal_bluetooth property_socket (sock_file (write)))
|
|
(allow hal_bluetooth init (unix_stream_socket (connectto)))
|
|
(allow hal_bluetooth exported_bluetooth_prop (property_service (set)))
|
|
(allow hal_bluetooth exported_bluetooth_prop (file (read getattr map open)))
|
|
(allow hal_bluetooth proc_bluetooth_writable (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_bluetooth self (capability (sys_nice)))
|
|
(allow hal_bluetooth self (cap_userns (sys_nice)))
|
|
(allow hal_bootctl_client hal_bootctl_server (binder (call transfer)))
|
|
(allow hal_bootctl_server hal_bootctl_client (binder (transfer)))
|
|
(allow hal_bootctl_client hal_bootctl_server (fd (use)))
|
|
(allow hal_bootctl_server hal_bootctl_client (binder (call transfer)))
|
|
(allow hal_bootctl_client hal_bootctl_server (binder (transfer)))
|
|
(allow hal_bootctl_server hal_bootctl_client (fd (use)))
|
|
(allow hal_bootctl_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_bootctl_server (binder (call transfer)))
|
|
(allow servicemanager hal_bootctl_server (dir (search)))
|
|
(allow servicemanager hal_bootctl_server (file (read open)))
|
|
(allow servicemanager hal_bootctl_server (process (getattr)))
|
|
(allow hal_bootctl_client hal_bootctl_hwservice (hwservice_manager (find)))
|
|
(allow hal_bootctl_server hal_bootctl_hwservice (hwservice_manager (add find)))
|
|
(allow hal_bootctl_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/public/hal_bootctl.te
|
|
|
|
(neverallow base_typeattr_360 hal_bootctl_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_bootctl.te
|
|
|
|
(neverallow base_typeattr_361 hal_bootctl_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_bootctl_server proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_bootctl_client hal_bootctl_service (service_manager (find)))
|
|
(allow hal_bootctl_server hal_bootctl_service (service_manager (add find)))
|
|
;;* lmx 10 system/sepolicy/public/hal_bootctl.te
|
|
|
|
(neverallow base_typeattr_360 hal_bootctl_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/public/hal_bootctl.te
|
|
|
|
(neverallow base_typeattr_362 hal_bootctl_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_broadcastradio_client hal_broadcastradio_server (binder (call transfer)))
|
|
(allow hal_broadcastradio_server hal_broadcastradio_client (binder (transfer)))
|
|
(allow hal_broadcastradio_client hal_broadcastradio_server (fd (use)))
|
|
(allow hal_broadcastradio_server hal_broadcastradio_client (binder (call transfer)))
|
|
(allow hal_broadcastradio_client hal_broadcastradio_server (binder (transfer)))
|
|
(allow hal_broadcastradio_server hal_broadcastradio_client (fd (use)))
|
|
(allow hal_broadcastradio_client hal_broadcastradio_hwservice (hwservice_manager (find)))
|
|
(allow hal_broadcastradio_server hal_broadcastradio_hwservice (hwservice_manager (add find)))
|
|
(allow hal_broadcastradio_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_broadcastradio.te
|
|
|
|
(neverallow base_typeattr_363 hal_broadcastradio_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_broadcastradio.te
|
|
|
|
(neverallow base_typeattr_364 hal_broadcastradio_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_broadcastradio_client hal_broadcastradio_service (service_manager (find)))
|
|
(allow hal_broadcastradio_server hal_broadcastradio_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_broadcastradio.te
|
|
|
|
(neverallow base_typeattr_363 hal_broadcastradio_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_broadcastradio.te
|
|
|
|
(neverallow base_typeattr_365 hal_broadcastradio_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_broadcastradio_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_broadcastradio_server (binder (transfer)))
|
|
(allow hal_broadcastradio_server servicemanager (fd (use)))
|
|
(allow hal_camera_client hal_camera_server (binder (call transfer)))
|
|
(allow hal_camera_server hal_camera_client (binder (transfer)))
|
|
(allow hal_camera_client hal_camera_server (fd (use)))
|
|
(allow hal_camera_server hal_camera_client (binder (call transfer)))
|
|
(allow hal_camera_client hal_camera_server (binder (transfer)))
|
|
(allow hal_camera_server hal_camera_client (fd (use)))
|
|
(allow hal_camera_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_camera_server (binder (call transfer)))
|
|
(allow servicemanager hal_camera_server (dir (search)))
|
|
(allow servicemanager hal_camera_server (file (read open)))
|
|
(allow servicemanager hal_camera_server (process (getattr)))
|
|
(allow hal_camera_client hal_camera_hwservice (hwservice_manager (find)))
|
|
(allow hal_camera_server hal_camera_hwservice (hwservice_manager (add find)))
|
|
(allow hal_camera_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 8 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow base_typeattr_366 hal_camera_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow base_typeattr_367 hal_camera_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_camera_client hal_camera_service (service_manager (find)))
|
|
(allow hal_camera_server hal_camera_service (service_manager (add find)))
|
|
;;* lmx 9 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow base_typeattr_366 hal_camera_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow base_typeattr_368 hal_camera_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_camera device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_camera video_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_camera video_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_camera camera_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_camera ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_camera dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_camera_client hal_graphics_allocator (fd (use)))
|
|
(allow hal_camera_server hal_graphics_allocator (fd (use)))
|
|
(allow hal_camera base_typeattr_369 (fd (use)))
|
|
(allow hal_camera surfaceflinger (fd (use)))
|
|
(allow hal_camera hal_allocator_server (fd (use)))
|
|
(allow hal_camera shell (fd (use)))
|
|
(allow hal_camera shell (fifo_file (write)))
|
|
;;* lmx 36 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow hal_camera_server fs_type (file (execute_no_trans)))
|
|
(neverallow hal_camera_server file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 39 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow hal_camera_server domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
(neverallow hal_camera_server domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow hal_camera_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/public/hal_camera.te
|
|
|
|
(neverallow base_typeattr_370 camera_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow hal_can_controller_client hal_can_controller_server (binder (call transfer)))
|
|
(allow hal_can_controller_server hal_can_controller_client (binder (transfer)))
|
|
(allow hal_can_controller_client hal_can_controller_server (fd (use)))
|
|
(allow hal_can_controller_server hal_can_controller_client (binder (call transfer)))
|
|
(allow hal_can_controller_client hal_can_controller_server (binder (transfer)))
|
|
(allow hal_can_controller_server hal_can_controller_client (fd (use)))
|
|
(allow hal_can_controller_client hal_can_controller_hwservice (hwservice_manager (find)))
|
|
(allow hal_can_controller_server hal_can_controller_hwservice (hwservice_manager (add find)))
|
|
(allow hal_can_controller_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_can.te
|
|
|
|
(neverallow base_typeattr_371 hal_can_controller_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_can.te
|
|
|
|
(neverallow base_typeattr_372 hal_can_controller_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_can_bus_client hal_can_bus_server (binder (call transfer)))
|
|
(allow hal_can_bus_server hal_can_bus_client (binder (transfer)))
|
|
(allow hal_can_bus_client hal_can_bus_server (fd (use)))
|
|
(allow hal_can_bus_server hal_can_bus_client (binder (call transfer)))
|
|
(allow hal_can_bus_client hal_can_bus_server (binder (transfer)))
|
|
(allow hal_can_bus_server hal_can_bus_client (fd (use)))
|
|
(allow hal_can_bus_client hal_can_bus_hwservice (hwservice_manager (find)))
|
|
(allow hal_can_bus_server hal_can_bus_hwservice (hwservice_manager (add find)))
|
|
(allow hal_can_bus_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 9 system/sepolicy/public/hal_can.te
|
|
|
|
(neverallow base_typeattr_373 hal_can_bus_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/public/hal_can.te
|
|
|
|
(neverallow base_typeattr_374 hal_can_bus_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_can_controller_client hal_can_controller_service (service_manager (find)))
|
|
(allow hal_can_controller_server hal_can_controller_service (service_manager (add find)))
|
|
;;* lmx 12 system/sepolicy/public/hal_can.te
|
|
|
|
(neverallow base_typeattr_371 hal_can_controller_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 12 system/sepolicy/public/hal_can.te
|
|
|
|
(neverallow base_typeattr_375 hal_can_controller_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_can_controller servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_can_controller (binder (call transfer)))
|
|
(allow servicemanager hal_can_controller (dir (search)))
|
|
(allow servicemanager hal_can_controller (file (read open)))
|
|
(allow servicemanager hal_can_controller (process (getattr)))
|
|
(allow hal_cas_client hal_cas_server (binder (call transfer)))
|
|
(allow hal_cas_server hal_cas_client (binder (transfer)))
|
|
(allow hal_cas_client hal_cas_server (fd (use)))
|
|
(allow hal_cas_server hal_cas_client (binder (call transfer)))
|
|
(allow hal_cas_client hal_cas_server (binder (transfer)))
|
|
(allow hal_cas_server hal_cas_client (fd (use)))
|
|
(allow hal_cas_client hal_cas_hwservice (hwservice_manager (find)))
|
|
(allow hal_cas_server hal_cas_hwservice (hwservice_manager (add find)))
|
|
(allow hal_cas_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallow base_typeattr_376 hal_cas_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallow base_typeattr_377 hal_cas_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_cas_server hidl_memory_hwservice (hwservice_manager (find)))
|
|
(allow hal_cas_client hal_cas_service (service_manager (find)))
|
|
(allow hal_cas_server hal_cas_service (service_manager (add find)))
|
|
;;* lmx 8 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallow base_typeattr_376 hal_cas_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallow base_typeattr_378 hal_cas_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_cas_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_cas_server (binder (transfer)))
|
|
(allow hal_cas_server servicemanager (fd (use)))
|
|
(allow hal_cas_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_cas_client (binder (transfer)))
|
|
(allow hal_cas_client servicemanager (fd (use)))
|
|
(allow hal_cas_server serialno_prop (file (read getattr map open)))
|
|
(allow hal_cas system_data_file (file (read getattr)))
|
|
(allow hal_cas cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_cas cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_cas cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_cas cgroup (dir (write search)))
|
|
(allow hal_cas cgroup (file (write lock append map open)))
|
|
(allow hal_cas cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_cas cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_cas cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_cas cgroup_v2 (dir (write search)))
|
|
(allow hal_cas cgroup_v2 (file (write lock append map open)))
|
|
(allow hal_cas ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_cas hal_graphics_allocator (fd (use)))
|
|
(allow hal_cas tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lmx 40 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallow hal_cas_server fs_type (file (execute_no_trans)))
|
|
(neverallow hal_cas_server file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallowx hal_cas_server domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx hal_cas_server domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx hal_cas_server domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallowx hal_cas_server domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx hal_cas_server domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx hal_cas_server domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/public/hal_cas.te
|
|
|
|
(neverallowx hal_cas_server domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx hal_cas_server domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx hal_cas_server domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
(allow hal_codec2_client media_variant_prop (file (read getattr map open)))
|
|
(allow hal_codec2_server media_variant_prop (file (read getattr map open)))
|
|
(allow hal_codec2_client codec2_config_prop (file (read getattr map open)))
|
|
(allow hal_codec2_server codec2_config_prop (file (read getattr map open)))
|
|
(allow hal_codec2_client hal_codec2_server (binder (call transfer)))
|
|
(allow hal_codec2_server hal_codec2_client (binder (transfer)))
|
|
(allow hal_codec2_client hal_codec2_server (fd (use)))
|
|
(allow hal_codec2_server hal_codec2_client (binder (call transfer)))
|
|
(allow hal_codec2_client hal_codec2_server (binder (transfer)))
|
|
(allow hal_codec2_server hal_codec2_client (fd (use)))
|
|
(allow hal_codec2_client hal_codec2_hwservice (hwservice_manager (find)))
|
|
(allow hal_codec2_server hal_codec2_hwservice (hwservice_manager (add find)))
|
|
(allow hal_codec2_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 9 system/sepolicy/public/hal_codec2.te
|
|
|
|
(neverallow base_typeattr_379 hal_codec2_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/public/hal_codec2.te
|
|
|
|
(neverallow base_typeattr_380 hal_codec2_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_codec2_client hal_codec2_service (service_manager (find)))
|
|
(allow hal_codec2_server hal_codec2_service (service_manager (add find)))
|
|
;;* lmx 10 system/sepolicy/public/hal_codec2.te
|
|
|
|
(neverallow base_typeattr_379 hal_codec2_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/public/hal_codec2.te
|
|
|
|
(neverallow base_typeattr_381 hal_codec2_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_codec2_server hal_graphics_composer (fd (use)))
|
|
(allow hal_codec2_server ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_codec2_server hal_camera (fd (use)))
|
|
(allow hal_codec2_server bufferhubd (fd (use)))
|
|
(allow hal_codec2_client ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_codec2_server su (fifo_file (read)))
|
|
(allow hal_codec2_server mediaserver (fifo_file (read)))
|
|
(allow hal_codec2_server base_typeattr_382 (fifo_file (read)))
|
|
(allow hal_configstore_client hal_configstore_server (binder (call transfer)))
|
|
(allow hal_configstore_server hal_configstore_client (binder (transfer)))
|
|
(allow hal_configstore_client hal_configstore_server (fd (use)))
|
|
(allow hal_configstore_client hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (find)))
|
|
(allow hal_configstore_server hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (add find)))
|
|
(allow hal_configstore_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow base_typeattr_383 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow base_typeattr_384 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_configstore_server anr_data_file (file (append)))
|
|
(allow hal_configstore_server dumpstate (fd (use)))
|
|
(allow hal_configstore_server incidentd (fd (use)))
|
|
(allow hal_configstore_server dumpstate (fifo_file (write append)))
|
|
(allow hal_configstore_server incidentd (fifo_file (write append)))
|
|
(allow hal_configstore_server system_server (fifo_file (write append)))
|
|
(allow hal_configstore_server tombstoned (unix_stream_socket (connectto)))
|
|
(allow hal_configstore_server tombstoned (fd (use)))
|
|
(allow hal_configstore_server tombstoned_crash_socket (sock_file (write)))
|
|
(allow hal_configstore_server tombstone_data_file (file (append)))
|
|
;;* lmx 15 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server fs_type (file (execute_no_trans)))
|
|
(neverallow hal_configstore_server file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 29 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
(neverallow hal_configstore_server domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow hal_configstore_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv nlmsg_getneigh)))
|
|
(neverallow hal_configstore_server domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow hal_configstore_server domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow hal_configstore_server domain (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow hal_configstore_server domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow hal_configstore_server domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_configstore_server domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 37 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server base_typeattr_385 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
|
|
(neverallow hal_configstore_server base_typeattr_385 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server base_typeattr_386 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_configstore_server base_typeattr_386 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow hal_configstore_server base_typeattr_386 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 51 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_configstore_server fuse (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_configstore_server fuseblk (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_configstore_server sdcardfs (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_configstore_server vfat (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_configstore_server exfat (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 55 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_configstore_server fuse (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_configstore_server fuseblk (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_configstore_server sdcardfs (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_configstore_server vfat (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_configstore_server exfat (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 58 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server base_typeattr_224 (service_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 61 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow hal_configstore_server self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
(neverallow hal_configstore_server self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow hal_configstore_server self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
;;* lme
|
|
|
|
;;* lmx 64 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server base_typeattr_224 (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 67 system/sepolicy/public/hal_configstore.te
|
|
|
|
(neverallow hal_configstore_server base_typeattr_224 (file (relabelfrom relabelto)))
|
|
(neverallow hal_configstore_server base_typeattr_224 (dir (relabelfrom relabelto)))
|
|
(neverallow hal_configstore_server base_typeattr_224 (lnk_file (relabelfrom relabelto)))
|
|
(neverallow hal_configstore_server base_typeattr_224 (chr_file (relabelfrom relabelto)))
|
|
(neverallow hal_configstore_server base_typeattr_224 (blk_file (relabelfrom relabelto)))
|
|
(neverallow hal_configstore_server base_typeattr_224 (sock_file (relabelfrom relabelto)))
|
|
(neverallow hal_configstore_server base_typeattr_224 (fifo_file (relabelfrom relabelto)))
|
|
;;* lme
|
|
|
|
(allow hal_confirmationui_client hal_confirmationui_server (binder (call transfer)))
|
|
(allow hal_confirmationui_server hal_confirmationui_client (binder (transfer)))
|
|
(allow hal_confirmationui_client hal_confirmationui_server (fd (use)))
|
|
(allow hal_confirmationui_client hal_confirmationui_hwservice (hwservice_manager (find)))
|
|
(allow hal_confirmationui_server hal_confirmationui_hwservice (hwservice_manager (add find)))
|
|
(allow hal_confirmationui_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_confirmationui.te
|
|
|
|
(neverallow base_typeattr_387 hal_confirmationui_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_confirmationui.te
|
|
|
|
(neverallow base_typeattr_388 hal_confirmationui_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_confirmationui_client hal_confirmationui_service (service_manager (find)))
|
|
(allow hal_confirmationui_server hal_confirmationui_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_confirmationui.te
|
|
|
|
(neverallow base_typeattr_387 hal_confirmationui_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_confirmationui.te
|
|
|
|
(neverallow base_typeattr_389 hal_confirmationui_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_confirmationui_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_confirmationui_server (binder (transfer)))
|
|
(allow hal_confirmationui_server servicemanager (fd (use)))
|
|
(allow hal_contexthub_client hal_contexthub_server (binder (call transfer)))
|
|
(allow hal_contexthub_server hal_contexthub_client (binder (transfer)))
|
|
(allow hal_contexthub_client hal_contexthub_server (fd (use)))
|
|
(allow hal_contexthub_server hal_contexthub_client (binder (call transfer)))
|
|
(allow hal_contexthub_client hal_contexthub_server (binder (transfer)))
|
|
(allow hal_contexthub_server hal_contexthub_client (fd (use)))
|
|
(allow hal_contexthub_server hal_contexthub_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_contexthub.te
|
|
|
|
(neverallow base_typeattr_390 hal_contexthub_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow hal_contexthub_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_contexthub_server (binder (transfer)))
|
|
(allow hal_contexthub_server servicemanager (fd (use)))
|
|
(allow hal_contexthub_client hal_contexthub_service (service_manager (find)))
|
|
(allow hal_contexthub_client hal_contexthub_hwservice (hwservice_manager (find)))
|
|
(allow hal_contexthub_server hal_contexthub_hwservice (hwservice_manager (add find)))
|
|
(allow hal_contexthub_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 10 system/sepolicy/public/hal_contexthub.te
|
|
|
|
(neverallow base_typeattr_390 hal_contexthub_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/public/hal_contexthub.te
|
|
|
|
(neverallow base_typeattr_391 hal_contexthub_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_drm_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_drm_server (binder (call transfer)))
|
|
(allow servicemanager hal_drm_server (dir (search)))
|
|
(allow servicemanager hal_drm_server (file (read open)))
|
|
(allow servicemanager hal_drm_server (process (getattr)))
|
|
(allow hal_drm_client hal_drm_server (binder (call transfer)))
|
|
(allow hal_drm_server hal_drm_client (binder (transfer)))
|
|
(allow hal_drm_client hal_drm_server (fd (use)))
|
|
(allow hal_drm_server hal_drm_client (binder (call transfer)))
|
|
(allow hal_drm_client hal_drm_server (binder (transfer)))
|
|
(allow hal_drm_server hal_drm_client (fd (use)))
|
|
(allow hal_drm_client hal_drm_hwservice (hwservice_manager (find)))
|
|
(allow hal_drm_server hal_drm_hwservice (hwservice_manager (add find)))
|
|
(allow hal_drm_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallow base_typeattr_392 hal_drm_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallow base_typeattr_393 hal_drm_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_drm_client hal_drm_service (service_manager (find)))
|
|
(allow hal_drm_server hal_drm_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallow base_typeattr_392 hal_drm_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallow base_typeattr_394 hal_drm_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_drm hidl_memory_hwservice (hwservice_manager (find)))
|
|
(allow hal_drm self (process (execmem)))
|
|
(allow hal_drm_server serialno_prop (file (read getattr map open)))
|
|
(allow hal_drm_server drm_forcel3_prop (file (read getattr map open)))
|
|
(allow hal_drm system_data_file (file (read getattr)))
|
|
(allow hal_drm cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_drm cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_drm cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_drm cgroup (dir (write search)))
|
|
(allow hal_drm cgroup (file (write lock append map open)))
|
|
(allow hal_drm cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_drm cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_drm cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_drm cgroup_v2 (dir (write search)))
|
|
(allow hal_drm cgroup_v2 (file (write lock append map open)))
|
|
(allow hal_drm ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_drm hal_graphics_allocator (fd (use)))
|
|
(allow hal_drm hal_allocator_server (fd (use)))
|
|
(allow hal_drm mediaserver (fd (use)))
|
|
(allow hal_drm sysfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_drm tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_drm_server base_typeattr_369 (fd (use)))
|
|
(allowx hal_drm self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx hal_drm self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx hal_drm self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx hal_drm self (ioctl tcp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx hal_drm self (ioctl udp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx hal_drm self (ioctl rawip_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx hal_drm self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx hal_drm self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx hal_drm self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
;;* lmx 63 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallow hal_drm_server fs_type (file (execute_no_trans)))
|
|
(neverallow hal_drm_server file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallowx hal_drm_server domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx hal_drm_server domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx hal_drm_server domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallowx hal_drm_server domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx hal_drm_server domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx hal_drm_server domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/public/hal_drm.te
|
|
|
|
(neverallowx hal_drm_server domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx hal_drm_server domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx hal_drm_server domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
(allow hal_dumpstate_client hal_dumpstate_server (binder (call transfer)))
|
|
(allow hal_dumpstate_server hal_dumpstate_client (binder (transfer)))
|
|
(allow hal_dumpstate_client hal_dumpstate_server (fd (use)))
|
|
(allow hal_dumpstate_server hal_dumpstate_client (binder (call transfer)))
|
|
(allow hal_dumpstate_client hal_dumpstate_server (binder (transfer)))
|
|
(allow hal_dumpstate_server hal_dumpstate_client (fd (use)))
|
|
(allow hal_dumpstate_server property_socket (sock_file (write)))
|
|
(allow hal_dumpstate_server init (unix_stream_socket (connectto)))
|
|
(allow hal_dumpstate_server hal_dumpstate_config_prop (property_service (set)))
|
|
(allow hal_dumpstate_server hal_dumpstate_config_prop (file (read getattr map open)))
|
|
(allow hal_dumpstate_client hal_dumpstate_hwservice (hwservice_manager (find)))
|
|
(allow hal_dumpstate_server hal_dumpstate_hwservice (hwservice_manager (add find)))
|
|
(allow hal_dumpstate_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 7 system/sepolicy/public/hal_dumpstate.te
|
|
|
|
(neverallow base_typeattr_395 hal_dumpstate_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_dumpstate.te
|
|
|
|
(neverallow base_typeattr_396 hal_dumpstate_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_dumpstate_client hal_dumpstate_service (service_manager (find)))
|
|
(allow hal_dumpstate_server hal_dumpstate_service (service_manager (add find)))
|
|
;;* lmx 8 system/sepolicy/public/hal_dumpstate.te
|
|
|
|
(neverallow base_typeattr_395 hal_dumpstate_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_dumpstate.te
|
|
|
|
(neverallow base_typeattr_397 hal_dumpstate_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_dumpstate_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_dumpstate_server (binder (transfer)))
|
|
(allow hal_dumpstate_server servicemanager (fd (use)))
|
|
(allow hal_dumpstate_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_dumpstate_server (binder (call transfer)))
|
|
(allow servicemanager hal_dumpstate_server (dir (search)))
|
|
(allow servicemanager hal_dumpstate_server (file (read open)))
|
|
(allow servicemanager hal_dumpstate_server (process (getattr)))
|
|
(allow hal_dumpstate shell_data_file (file (write)))
|
|
(allow hal_dumpstate proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_dumpstate fscklogs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_dumpstate fscklogs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_dumpstate fscklogs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_evs_client hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager hal_evs_client (binder (call transfer)))
|
|
(allow hwservicemanager hal_evs_client (dir (search)))
|
|
(allow hwservicemanager hal_evs_client (file (read map open)))
|
|
(allow hwservicemanager hal_evs_client (process (getattr)))
|
|
(allow hal_evs_server hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager hal_evs_server (binder (call transfer)))
|
|
(allow hwservicemanager hal_evs_server (dir (search)))
|
|
(allow hwservicemanager hal_evs_server (file (read map open)))
|
|
(allow hwservicemanager hal_evs_server (process (getattr)))
|
|
(allow hal_evs_client hal_evs_server (binder (call transfer)))
|
|
(allow hal_evs_server hal_evs_client (binder (transfer)))
|
|
(allow hal_evs_client hal_evs_server (fd (use)))
|
|
(allow hal_evs_server hal_evs_client (binder (call transfer)))
|
|
(allow hal_evs_client hal_evs_server (binder (transfer)))
|
|
(allow hal_evs_server hal_evs_client (fd (use)))
|
|
(allow hal_evs_client hal_evs_hwservice (hwservice_manager (find)))
|
|
(allow hal_evs_server hal_evs_hwservice (hwservice_manager (add find)))
|
|
(allow hal_evs_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 12 system/sepolicy/public/hal_evs.te
|
|
|
|
(neverallow base_typeattr_398 hal_evs_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow hal_evs_client hal_evs_service (service_manager (find)))
|
|
(allow hal_evs_server hal_evs_service (service_manager (add find)))
|
|
;;* lmx 15 system/sepolicy/public/hal_evs.te
|
|
|
|
(neverallow base_typeattr_399 hal_evs_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/hal_evs.te
|
|
|
|
(neverallow base_typeattr_400 hal_evs_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_face_client hal_face_server (binder (call transfer)))
|
|
(allow hal_face_server hal_face_client (binder (transfer)))
|
|
(allow hal_face_client hal_face_server (fd (use)))
|
|
(allow hal_face_server hal_face_client (binder (call transfer)))
|
|
(allow hal_face_client hal_face_server (binder (transfer)))
|
|
(allow hal_face_server hal_face_client (fd (use)))
|
|
(allow hal_face_client hal_face_hwservice (hwservice_manager (find)))
|
|
(allow hal_face_server hal_face_hwservice (hwservice_manager (add find)))
|
|
(allow hal_face_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_face.te
|
|
|
|
(neverallow base_typeattr_401 hal_face_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_face.te
|
|
|
|
(neverallow base_typeattr_402 hal_face_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_face_client hal_face_service (service_manager (find)))
|
|
(allow hal_face_server hal_face_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_face.te
|
|
|
|
(neverallow base_typeattr_401 hal_face_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_face.te
|
|
|
|
(neverallow base_typeattr_403 hal_face_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_face_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_face_server (binder (call transfer)))
|
|
(allow servicemanager hal_face_server (dir (search)))
|
|
(allow servicemanager hal_face_server (file (read open)))
|
|
(allow servicemanager hal_face_server (process (getattr)))
|
|
(allow hal_face ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_face face_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow hal_face face_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow hal_fastboot_client hal_fastboot_server (binder (call transfer)))
|
|
(allow hal_fastboot_server hal_fastboot_client (binder (transfer)))
|
|
(allow hal_fastboot_client hal_fastboot_server (fd (use)))
|
|
(allow hal_fastboot_client hal_fastboot_service (service_manager (find)))
|
|
(allow hal_fastboot_server hal_fastboot_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_fastboot.te
|
|
|
|
(neverallow base_typeattr_404 hal_fastboot_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_fastboot.te
|
|
|
|
(neverallow base_typeattr_405 hal_fastboot_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_fastboot_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_fastboot_server (binder (transfer)))
|
|
(allow hal_fastboot_server servicemanager (fd (use)))
|
|
(allow hal_fingerprint_client hal_fingerprint_server (binder (call transfer)))
|
|
(allow hal_fingerprint_server hal_fingerprint_client (binder (transfer)))
|
|
(allow hal_fingerprint_client hal_fingerprint_server (fd (use)))
|
|
(allow hal_fingerprint_server hal_fingerprint_client (binder (call transfer)))
|
|
(allow hal_fingerprint_client hal_fingerprint_server (binder (transfer)))
|
|
(allow hal_fingerprint_server hal_fingerprint_client (fd (use)))
|
|
(allow hal_fingerprint_client hal_fingerprint_hwservice (hwservice_manager (find)))
|
|
(allow hal_fingerprint_server hal_fingerprint_hwservice (hwservice_manager (add find)))
|
|
(allow hal_fingerprint_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_fingerprint.te
|
|
|
|
(neverallow base_typeattr_406 hal_fingerprint_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_fingerprint.te
|
|
|
|
(neverallow base_typeattr_407 hal_fingerprint_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_fingerprint_client hal_fingerprint_service (service_manager (find)))
|
|
(allow hal_fingerprint_server hal_fingerprint_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_fingerprint.te
|
|
|
|
(neverallow base_typeattr_406 hal_fingerprint_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_fingerprint.te
|
|
|
|
(neverallow base_typeattr_408 hal_fingerprint_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_fingerprint_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_fingerprint_server (binder (call transfer)))
|
|
(allow servicemanager hal_fingerprint_server (dir (search)))
|
|
(allow servicemanager hal_fingerprint_server (file (read open)))
|
|
(allow servicemanager hal_fingerprint_server (process (getattr)))
|
|
(allow hal_fingerprint ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_fingerprint fingerprint_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow hal_fingerprint fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow hal_fingerprint cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_fingerprint cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_fingerprint cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_fingerprint cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_fingerprint cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_fingerprint cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_fingerprint sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_fingerprint sysfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_fingerprint sysfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_gatekeeper_client hal_gatekeeper_server (binder (call transfer)))
|
|
(allow hal_gatekeeper_server hal_gatekeeper_client (binder (transfer)))
|
|
(allow hal_gatekeeper_client hal_gatekeeper_server (fd (use)))
|
|
(allow hal_gatekeeper_client hal_gatekeeper_hwservice (hwservice_manager (find)))
|
|
(allow hal_gatekeeper_server hal_gatekeeper_hwservice (hwservice_manager (add find)))
|
|
(allow hal_gatekeeper_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 3 system/sepolicy/public/hal_gatekeeper.te
|
|
|
|
(neverallow base_typeattr_409 hal_gatekeeper_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/public/hal_gatekeeper.te
|
|
|
|
(neverallow base_typeattr_410 hal_gatekeeper_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_gatekeeper_client hal_gatekeeper_service (service_manager (find)))
|
|
(allow hal_gatekeeper_server hal_gatekeeper_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_gatekeeper.te
|
|
|
|
(neverallow base_typeattr_409 hal_gatekeeper_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_gatekeeper.te
|
|
|
|
(neverallow base_typeattr_411 hal_gatekeeper_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_gatekeeper_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_gatekeeper_server (binder (transfer)))
|
|
(allow hal_gatekeeper_server servicemanager (fd (use)))
|
|
(allow hal_gatekeeper tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_gatekeeper ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_gnss_client hal_gnss_server (binder (call transfer)))
|
|
(allow hal_gnss_server hal_gnss_client (binder (transfer)))
|
|
(allow hal_gnss_client hal_gnss_server (fd (use)))
|
|
(allow hal_gnss_server hal_gnss_client (binder (call transfer)))
|
|
(allow hal_gnss_client hal_gnss_server (binder (transfer)))
|
|
(allow hal_gnss_server hal_gnss_client (fd (use)))
|
|
(allow hal_gnss_client hal_gnss_hwservice (hwservice_manager (find)))
|
|
(allow hal_gnss_server hal_gnss_hwservice (hwservice_manager (add find)))
|
|
(allow hal_gnss_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_gnss.te
|
|
|
|
(neverallow base_typeattr_412 hal_gnss_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_gnss.te
|
|
|
|
(neverallow base_typeattr_413 hal_gnss_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_gnss_client hal_gnss_service (service_manager (find)))
|
|
(allow hal_gnss_server hal_gnss_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_gnss.te
|
|
|
|
(neverallow base_typeattr_412 hal_gnss_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_gnss.te
|
|
|
|
(neverallow base_typeattr_414 hal_gnss_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_gnss_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_gnss_server (binder (call transfer)))
|
|
(allow servicemanager hal_gnss_server (dir (search)))
|
|
(allow servicemanager hal_gnss_server (file (read open)))
|
|
(allow servicemanager hal_gnss_server (process (getattr)))
|
|
(allow hal_gnss_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_gnss_client (binder (call transfer)))
|
|
(allow servicemanager hal_gnss_client (dir (search)))
|
|
(allow servicemanager hal_gnss_client (file (read open)))
|
|
(allow servicemanager hal_gnss_client (process (getattr)))
|
|
(allow hal_graphics_allocator_client hal_graphics_allocator_server (binder (call transfer)))
|
|
(allow hal_graphics_allocator_server hal_graphics_allocator_client (binder (transfer)))
|
|
(allow hal_graphics_allocator_client hal_graphics_allocator_server (fd (use)))
|
|
(allow hal_graphics_allocator_client hal_graphics_allocator_hwservice (hwservice_manager (find)))
|
|
(allow hal_graphics_allocator_server hal_graphics_allocator_hwservice (hwservice_manager (add find)))
|
|
(allow hal_graphics_allocator_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_graphics_allocator.te
|
|
|
|
(neverallow base_typeattr_415 hal_graphics_allocator_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_graphics_allocator.te
|
|
|
|
(neverallow base_typeattr_416 hal_graphics_allocator_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_graphics_allocator_client hal_graphics_mapper_hwservice (hwservice_manager (find)))
|
|
(allow hal_graphics_allocator_client hal_graphics_mapper_service (service_manager (find)))
|
|
(allow hal_graphics_allocator_client same_process_hal_file (file (read getattr map execute open)))
|
|
(allow hal_graphics_allocator gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_graphics_allocator gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_graphics_allocator ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_graphics_allocator dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_graphics_allocator dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_graphics_allocator self (capability (sys_nice)))
|
|
(allow hal_graphics_allocator self (cap_userns (sys_nice)))
|
|
(allow hal_graphics_allocator_client hal_graphics_allocator_service (service_manager (find)))
|
|
(allow hal_graphics_allocator_server hal_graphics_allocator_service (service_manager (add find)))
|
|
;;* lmx 22 system/sepolicy/public/hal_graphics_allocator.te
|
|
|
|
(neverallow base_typeattr_415 hal_graphics_allocator_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 22 system/sepolicy/public/hal_graphics_allocator.te
|
|
|
|
(neverallow base_typeattr_417 hal_graphics_allocator_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_graphics_allocator_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_graphics_allocator_server (binder (transfer)))
|
|
(allow hal_graphics_allocator_server servicemanager (fd (use)))
|
|
(allow hal_graphics_allocator_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_graphics_allocator_client (binder (transfer)))
|
|
(allow hal_graphics_allocator_client servicemanager (fd (use)))
|
|
(allow hal_graphics_composer_client hal_graphics_composer_server (binder (call transfer)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_client (binder (transfer)))
|
|
(allow hal_graphics_composer_client hal_graphics_composer_server (fd (use)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_client (binder (call transfer)))
|
|
(allow hal_graphics_composer_client hal_graphics_composer_server (binder (transfer)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_client (fd (use)))
|
|
(allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs (file (read write getattr map)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs (file (read write getattr map)))
|
|
(allow hal_graphics_composer_client hal_graphics_composer_hwservice (hwservice_manager (find)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_hwservice (hwservice_manager (add find)))
|
|
(allow hal_graphics_composer_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 11 system/sepolicy/public/hal_graphics_composer.te
|
|
|
|
(neverallow base_typeattr_418 hal_graphics_composer_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/public/hal_graphics_composer.te
|
|
|
|
(neverallow base_typeattr_419 hal_graphics_composer_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_graphics_composer_server hal_graphics_mapper_hwservice (hwservice_manager (find)))
|
|
(allow hal_graphics_composer gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_graphics_composer gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_graphics_composer ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_graphics_composer dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_graphics_composer hal_graphics_allocator (fd (use)))
|
|
(allow hal_graphics_composer graphics_device (dir (search)))
|
|
(allow hal_graphics_composer graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_graphics_composer system_server (fd (use)))
|
|
(allow hal_graphics_composer bootanim (fd (use)))
|
|
(allow hal_graphics_composer appdomain (fd (use)))
|
|
(allow hal_graphics_composer self (capability (sys_nice)))
|
|
(allow hal_graphics_composer self (cap_userns (sys_nice)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_client (fifo_file (write)))
|
|
(allow hal_graphics_composer_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_graphics_composer_client (binder (transfer)))
|
|
(allow hal_graphics_composer_client servicemanager (fd (use)))
|
|
(allow hal_graphics_composer_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_graphics_composer_server (binder (transfer)))
|
|
(allow hal_graphics_composer_server servicemanager (fd (use)))
|
|
(allow hal_graphics_composer_client hal_graphics_composer_service (service_manager (find)))
|
|
(allow hal_graphics_composer_server hal_graphics_composer_service (service_manager (add find)))
|
|
;;* lmx 42 system/sepolicy/public/hal_graphics_composer.te
|
|
|
|
(neverallow base_typeattr_418 hal_graphics_composer_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/public/hal_graphics_composer.te
|
|
|
|
(neverallow base_typeattr_420 hal_graphics_composer_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_health_client hal_health_server (binder (call transfer)))
|
|
(allow hal_health_server hal_health_client (binder (transfer)))
|
|
(allow hal_health_client hal_health_server (fd (use)))
|
|
(allow hal_health_server hal_health_client (binder (call transfer)))
|
|
(allow hal_health_client hal_health_server (binder (transfer)))
|
|
(allow hal_health_server hal_health_client (fd (use)))
|
|
(allow hal_health_client hal_health_hwservice (hwservice_manager (find)))
|
|
(allow hal_health_server hal_health_hwservice (hwservice_manager (add find)))
|
|
(allow hal_health_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_health.te
|
|
|
|
(neverallow base_typeattr_421 hal_health_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_health.te
|
|
|
|
(neverallow base_typeattr_422 hal_health_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_health_client hal_health_service (service_manager (find)))
|
|
(allow hal_health_server hal_health_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_health.te
|
|
|
|
(neverallow base_typeattr_421 hal_health_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_health.te
|
|
|
|
(neverallow base_typeattr_423 hal_health_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_health_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_health_server sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_health_server sysfs_batteryinfo (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_health_server sysfs_batteryinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_health_server sysfs_batteryinfo (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_health_server sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_health_server self (capability2 (block_suspend)))
|
|
(allow hal_health_server self (cap2_userns (block_suspend)))
|
|
(allow hal_health_server system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server hal_health_server (binder (transfer)))
|
|
(allow hal_health_server system_suspend_server (fd (use)))
|
|
(allow hal_health_server system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow hal_health_server hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager hal_health_server (binder (call transfer)))
|
|
(allow hwservicemanager hal_health_server (dir (search)))
|
|
(allow hwservicemanager hal_health_server (file (read map open)))
|
|
(allow hwservicemanager hal_health_server (process (getattr)))
|
|
(allow hal_health_server hwservicemanager_prop (file (read getattr map open)))
|
|
(allow hal_health_server hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow hal_health_server hal_system_suspend_service (service_manager (find)))
|
|
(allow hal_health_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_health_server (binder (call transfer)))
|
|
(allow servicemanager hal_health_server (dir (search)))
|
|
(allow servicemanager hal_health_server (file (read open)))
|
|
(allow servicemanager hal_health_server (process (getattr)))
|
|
(allow hal_health_server kmsg_device (chr_file (write getattr lock append map open)))
|
|
(allow hal_health_server self (capability2 (wake_alarm)))
|
|
(allow hal_health_server fs_bpf_vendor (dir (search)))
|
|
(allow hal_health_server fs_bpf_vendor (file (read)))
|
|
(allow hal_health_server bpfloader (bpf (prog_run)))
|
|
(allow hal_health_storage_client hal_health_storage_server (binder (call transfer)))
|
|
(allow hal_health_storage_server hal_health_storage_client (binder (transfer)))
|
|
(allow hal_health_storage_client hal_health_storage_server (fd (use)))
|
|
(allow hal_health_storage_server hal_health_storage_client (binder (call transfer)))
|
|
(allow hal_health_storage_client hal_health_storage_server (binder (transfer)))
|
|
(allow hal_health_storage_server hal_health_storage_client (fd (use)))
|
|
(allow hal_health_storage_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_health_storage_server (binder (call transfer)))
|
|
(allow servicemanager hal_health_storage_server (dir (search)))
|
|
(allow servicemanager hal_health_storage_server (file (read open)))
|
|
(allow servicemanager hal_health_storage_server (process (getattr)))
|
|
(allow hal_health_storage_client hal_health_storage_hwservice (hwservice_manager (find)))
|
|
(allow hal_health_storage_server hal_health_storage_hwservice (hwservice_manager (add find)))
|
|
(allow hal_health_storage_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 7 system/sepolicy/public/hal_health_storage.te
|
|
|
|
(neverallow base_typeattr_424 hal_health_storage_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_health_storage.te
|
|
|
|
(neverallow base_typeattr_425 hal_health_storage_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_health_storage_client hal_health_storage_service (service_manager (find)))
|
|
(allow hal_health_storage_server hal_health_storage_service (service_manager (add find)))
|
|
;;* lmx 8 system/sepolicy/public/hal_health_storage.te
|
|
|
|
(neverallow base_typeattr_424 hal_health_storage_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_health_storage.te
|
|
|
|
(neverallow base_typeattr_426 hal_health_storage_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_health_storage_server gsi_metadata_file_type (dir (search)))
|
|
(allow hal_health_storage_server metadata_file (dir (search)))
|
|
(allow hal_health_storage_server gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_health_storage_server proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_health_storage_server proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_identity_client hal_identity_server (binder (call transfer)))
|
|
(allow hal_identity_server hal_identity_client (binder (transfer)))
|
|
(allow hal_identity_client hal_identity_server (fd (use)))
|
|
(allow hal_identity_client hal_identity_service (service_manager (find)))
|
|
(allow hal_identity_server hal_identity_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_identity.te
|
|
|
|
(neverallow base_typeattr_427 hal_identity_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_identity.te
|
|
|
|
(neverallow base_typeattr_428 hal_identity_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_identity_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_identity_server (binder (transfer)))
|
|
(allow hal_identity_server servicemanager (fd (use)))
|
|
(allow hal_input_classifier_client hal_input_classifier_server (binder (call transfer)))
|
|
(allow hal_input_classifier_server hal_input_classifier_client (binder (transfer)))
|
|
(allow hal_input_classifier_client hal_input_classifier_server (fd (use)))
|
|
(allow hal_input_classifier_client hal_input_classifier_hwservice (hwservice_manager (find)))
|
|
(allow hal_input_classifier_server hal_input_classifier_hwservice (hwservice_manager (add find)))
|
|
(allow hal_input_classifier_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_input_classifier.te
|
|
|
|
(neverallow base_typeattr_429 hal_input_classifier_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_input_classifier.te
|
|
|
|
(neverallow base_typeattr_430 hal_input_classifier_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_input_processor_client hal_input_processor_server (binder (call transfer)))
|
|
(allow hal_input_processor_server hal_input_processor_client (binder (transfer)))
|
|
(allow hal_input_processor_client hal_input_processor_server (fd (use)))
|
|
(allow hal_input_processor_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_input_processor_server (binder (transfer)))
|
|
(allow hal_input_processor_server servicemanager (fd (use)))
|
|
(allow hal_input_processor_client hal_input_processor_service (service_manager (find)))
|
|
(allow hal_input_processor_server hal_input_processor_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_input_processor.te
|
|
|
|
(neverallow base_typeattr_431 hal_input_processor_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_input_processor.te
|
|
|
|
(neverallow base_typeattr_432 hal_input_processor_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_input_processor_server dumpstate (fifo_file (write)))
|
|
(allow hal_ir_client hal_ir_server (binder (call transfer)))
|
|
(allow hal_ir_server hal_ir_client (binder (transfer)))
|
|
(allow hal_ir_client hal_ir_server (fd (use)))
|
|
(allow hal_ir_server hal_ir_client (binder (call transfer)))
|
|
(allow hal_ir_client hal_ir_server (binder (transfer)))
|
|
(allow hal_ir_server hal_ir_client (fd (use)))
|
|
(allow hal_ir_client hal_ir_service (service_manager (find)))
|
|
(allow hal_ir_server hal_ir_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_ir.te
|
|
|
|
(neverallow base_typeattr_433 hal_ir_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_ir.te
|
|
|
|
(neverallow base_typeattr_434 hal_ir_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_ir_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_ir_server (binder (transfer)))
|
|
(allow hal_ir_server servicemanager (fd (use)))
|
|
(allow hal_ir_client hal_ir_hwservice (hwservice_manager (find)))
|
|
(allow hal_ir_server hal_ir_hwservice (hwservice_manager (add find)))
|
|
(allow hal_ir_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 8 system/sepolicy/public/hal_ir.te
|
|
|
|
(neverallow base_typeattr_433 hal_ir_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_ir.te
|
|
|
|
(neverallow base_typeattr_435 hal_ir_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_ivn_client hal_ivn_server (binder (call transfer)))
|
|
(allow hal_ivn_server hal_ivn_client (binder (transfer)))
|
|
(allow hal_ivn_client hal_ivn_server (fd (use)))
|
|
(allow hal_ivn_client hal_ivn_service (service_manager (find)))
|
|
(allow hal_ivn_server hal_ivn_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_ivn.te
|
|
|
|
(neverallow base_typeattr_436 hal_ivn_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_ivn.te
|
|
|
|
(neverallow base_typeattr_437 hal_ivn_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_keymaster_client hal_keymaster_server (binder (call transfer)))
|
|
(allow hal_keymaster_server hal_keymaster_client (binder (transfer)))
|
|
(allow hal_keymaster_client hal_keymaster_server (fd (use)))
|
|
(allow hal_keymaster_client hal_keymaster_hwservice (hwservice_manager (find)))
|
|
(allow hal_keymaster_server hal_keymaster_hwservice (hwservice_manager (add find)))
|
|
(allow hal_keymaster_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_keymaster.te
|
|
|
|
(neverallow base_typeattr_438 hal_keymaster_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_keymaster.te
|
|
|
|
(neverallow base_typeattr_439 hal_keymaster_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_keymaster tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_keymaster ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_keymint_client hal_keymint_server (binder (call transfer)))
|
|
(allow hal_keymint_server hal_keymint_client (binder (transfer)))
|
|
(allow hal_keymint_client hal_keymint_server (fd (use)))
|
|
(allow hal_keymint_client hal_keymint_service (service_manager (find)))
|
|
(allow hal_keymint_server hal_keymint_service (service_manager (add find)))
|
|
;;* lmx 3 system/sepolicy/public/hal_keymint.te
|
|
|
|
(neverallow base_typeattr_440 hal_keymint_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/public/hal_keymint.te
|
|
|
|
(neverallow base_typeattr_441 hal_keymint_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_keymint_client hal_remotelyprovisionedcomponent_service (service_manager (find)))
|
|
(allow hal_keymint_server hal_remotelyprovisionedcomponent_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_keymint.te
|
|
|
|
(neverallow base_typeattr_440 hal_remotelyprovisionedcomponent_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_keymint.te
|
|
|
|
(neverallow base_typeattr_441 hal_remotelyprovisionedcomponent_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_keymint_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_keymint_server (binder (transfer)))
|
|
(allow hal_keymint_server servicemanager (fd (use)))
|
|
(allow hal_keymint_server tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_keymint_server ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_light_client hal_light_server (binder (call transfer)))
|
|
(allow hal_light_server hal_light_client (binder (transfer)))
|
|
(allow hal_light_client hal_light_server (fd (use)))
|
|
(allow hal_light_server hal_light_client (binder (call transfer)))
|
|
(allow hal_light_client hal_light_server (binder (transfer)))
|
|
(allow hal_light_server hal_light_client (fd (use)))
|
|
(allow hal_light_client hal_light_hwservice (hwservice_manager (find)))
|
|
(allow hal_light_server hal_light_hwservice (hwservice_manager (add find)))
|
|
(allow hal_light_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_light.te
|
|
|
|
(neverallow base_typeattr_442 hal_light_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_light.te
|
|
|
|
(neverallow base_typeattr_443 hal_light_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_light_client hal_light_service (service_manager (find)))
|
|
(allow hal_light_server hal_light_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_light.te
|
|
|
|
(neverallow base_typeattr_442 hal_light_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_light.te
|
|
|
|
(neverallow base_typeattr_444 hal_light_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_light_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_light_server (binder (transfer)))
|
|
(allow hal_light_server servicemanager (fd (use)))
|
|
(allow hal_light_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_light_client (binder (call transfer)))
|
|
(allow servicemanager hal_light_client (dir (search)))
|
|
(allow servicemanager hal_light_client (file (read open)))
|
|
(allow servicemanager hal_light_client (process (getattr)))
|
|
(allow hal_light_server dumpstate (fifo_file (write)))
|
|
(allow hal_light sysfs_leds (lnk_file (read)))
|
|
(allow hal_light sysfs_leds (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_light sysfs_leds (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_lowpan_client hal_lowpan_server (binder (call transfer)))
|
|
(allow hal_lowpan_server hal_lowpan_client (binder (transfer)))
|
|
(allow hal_lowpan_client hal_lowpan_server (fd (use)))
|
|
(allow hal_lowpan_server hal_lowpan_client (binder (call transfer)))
|
|
(allow hal_lowpan_client hal_lowpan_server (binder (transfer)))
|
|
(allow hal_lowpan_server hal_lowpan_client (fd (use)))
|
|
(allow hal_lowpan_client hal_lowpan_hwservice (hwservice_manager (find)))
|
|
(allow hal_lowpan_server hal_lowpan_hwservice (hwservice_manager (add find)))
|
|
(allow hal_lowpan_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 7 system/sepolicy/public/hal_lowpan.te
|
|
|
|
(neverallow base_typeattr_445 hal_lowpan_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_lowpan.te
|
|
|
|
(neverallow base_typeattr_446 hal_lowpan_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_lowpan_server property_socket (sock_file (write)))
|
|
(allow hal_lowpan_server init (unix_stream_socket (connectto)))
|
|
(allow hal_lowpan_server lowpan_prop (property_service (set)))
|
|
(allow hal_lowpan_server lowpan_prop (file (read getattr map open)))
|
|
(allow hal_lowpan_server lowpan_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lmx 20 system/sepolicy/public/hal_lowpan.te
|
|
|
|
(neverallow base_typeattr_447 lowpan_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow hal_macsec_client hal_macsec_server (binder (call transfer)))
|
|
(allow hal_macsec_server hal_macsec_client (binder (transfer)))
|
|
(allow hal_macsec_client hal_macsec_server (fd (use)))
|
|
(allow hal_macsec_server hal_macsec_client (binder (call transfer)))
|
|
(allow hal_macsec_client hal_macsec_server (binder (transfer)))
|
|
(allow hal_macsec_server hal_macsec_client (fd (use)))
|
|
(allow hal_macsec_client hal_macsec_service (service_manager (find)))
|
|
(allow hal_macsec_server hal_macsec_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_macsec.te
|
|
|
|
(neverallow base_typeattr_448 hal_macsec_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_macsec.te
|
|
|
|
(neverallow base_typeattr_449 hal_macsec_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_macsec_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_macsec_server (binder (call transfer)))
|
|
(allow servicemanager hal_macsec_server (dir (search)))
|
|
(allow servicemanager hal_macsec_server (file (read open)))
|
|
(allow servicemanager hal_macsec_server (process (getattr)))
|
|
(allow hal_memtrack_client hal_memtrack_server (binder (call transfer)))
|
|
(allow hal_memtrack_server hal_memtrack_client (binder (transfer)))
|
|
(allow hal_memtrack_client hal_memtrack_server (fd (use)))
|
|
(allow hal_memtrack_client hal_memtrack_hwservice (hwservice_manager (find)))
|
|
(allow hal_memtrack_server hal_memtrack_hwservice (hwservice_manager (add find)))
|
|
(allow hal_memtrack_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_memtrack.te
|
|
|
|
(neverallow base_typeattr_450 hal_memtrack_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_memtrack.te
|
|
|
|
(neverallow base_typeattr_451 hal_memtrack_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_memtrack_client hal_memtrack_service (service_manager (find)))
|
|
(allow hal_memtrack_server hal_memtrack_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_memtrack.te
|
|
|
|
(neverallow base_typeattr_450 hal_memtrack_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_memtrack.te
|
|
|
|
(neverallow base_typeattr_452 hal_memtrack_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_memtrack_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_memtrack_server (binder (transfer)))
|
|
(allow hal_memtrack_server servicemanager (fd (use)))
|
|
(allow hal_neuralnetworks_client hal_neuralnetworks_server (binder (call transfer)))
|
|
(allow hal_neuralnetworks_server hal_neuralnetworks_client (binder (transfer)))
|
|
(allow hal_neuralnetworks_client hal_neuralnetworks_server (fd (use)))
|
|
(allow hal_neuralnetworks_server hal_neuralnetworks_client (binder (call transfer)))
|
|
(allow hal_neuralnetworks_client hal_neuralnetworks_server (binder (transfer)))
|
|
(allow hal_neuralnetworks_server hal_neuralnetworks_client (fd (use)))
|
|
(allow hal_neuralnetworks_client hal_neuralnetworks_hwservice (hwservice_manager (find)))
|
|
(allow hal_neuralnetworks_server hal_neuralnetworks_hwservice (hwservice_manager (add find)))
|
|
(allow hal_neuralnetworks_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_neuralnetworks.te
|
|
|
|
(neverallow base_typeattr_453 hal_neuralnetworks_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_neuralnetworks.te
|
|
|
|
(neverallow base_typeattr_454 hal_neuralnetworks_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_neuralnetworks hidl_memory_hwservice (hwservice_manager (find)))
|
|
(allow hal_neuralnetworks hal_allocator (fd (use)))
|
|
(allow hal_neuralnetworks hal_graphics_mapper_hwservice (hwservice_manager (find)))
|
|
(allow hal_neuralnetworks hal_graphics_allocator (fd (use)))
|
|
(allow hal_neuralnetworks gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_neuralnetworks gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_neuralnetworks_server app_data_file (file (read write getattr map)))
|
|
(allow hal_neuralnetworks_server privapp_data_file (file (read write getattr map)))
|
|
(allow hal_neuralnetworks_server shell_data_file (file (read write getattr map)))
|
|
(allow hal_neuralnetworks_server ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_neuralnetworks_server storage_file (file (read getattr map)))
|
|
(allow hal_neuralnetworks_server apk_data_file (file (read getattr map)))
|
|
(allow hal_neuralnetworks_client nnapi_ext_deny_product_prop (file (read getattr map open)))
|
|
(allow hal_neuralnetworks_client device_config_nnapi_native_prop (file (read getattr map open)))
|
|
;;* lmx 39 system/sepolicy/public/hal_neuralnetworks.te
|
|
|
|
(neverallow base_typeattr_223 nnapi_ext_deny_product_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow hal_neuralnetworks_client hal_neuralnetworks_service (service_manager (find)))
|
|
(allow hal_neuralnetworks_server hal_neuralnetworks_service (service_manager (add find)))
|
|
;;* lmx 42 system/sepolicy/public/hal_neuralnetworks.te
|
|
|
|
(neverallow base_typeattr_453 hal_neuralnetworks_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/public/hal_neuralnetworks.te
|
|
|
|
(neverallow base_typeattr_455 hal_neuralnetworks_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_neuralnetworks_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_neuralnetworks_server (binder (transfer)))
|
|
(allow hal_neuralnetworks_server servicemanager (fd (use)))
|
|
(allow hal_neuralnetworks_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_neuralnetworks_server (binder (call transfer)))
|
|
(allow servicemanager hal_neuralnetworks_server (dir (search)))
|
|
(allow servicemanager hal_neuralnetworks_server (file (read open)))
|
|
(allow servicemanager hal_neuralnetworks_server (process (getattr)))
|
|
(allow hal_neuralnetworks_server dumpstate (fifo_file (write)))
|
|
;;* lmx 16 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow base_typeattr_456 self (capability (net_admin net_raw)))
|
|
(neverallow base_typeattr_456 self (cap_userns (net_admin net_raw)))
|
|
;;* lme
|
|
|
|
;;* lmx 38 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow base_typeattr_457 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow base_typeattr_457 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow base_typeattr_458 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
;;* lmx 58 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow hal_uwb_vendor_server self (capability (net_raw)))
|
|
(neverallow hal_uwb_vendor_server self (cap_userns (net_raw)))
|
|
;;* lme
|
|
|
|
;;* lmx 62 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow hal_uwb_vendor_server domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv nlmsg_getneigh)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow hal_uwb_vendor_server domain (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 95 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow base_typeattr_459 base_typeattr_460 (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 97 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow base_typeattr_223 halserverdomain (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 101 system/sepolicy/public/hal_neverallows.te
|
|
|
|
(neverallow base_typeattr_224 halserverdomain (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allow hal_nfc_client hal_nfc_server (binder (call transfer)))
|
|
(allow hal_nfc_server hal_nfc_client (binder (transfer)))
|
|
(allow hal_nfc_client hal_nfc_server (fd (use)))
|
|
(allow hal_nfc_server hal_nfc_client (binder (call transfer)))
|
|
(allow hal_nfc_client hal_nfc_server (binder (transfer)))
|
|
(allow hal_nfc_server hal_nfc_client (fd (use)))
|
|
(allow hal_nfc_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_nfc_server (binder (transfer)))
|
|
(allow hal_nfc_server servicemanager (fd (use)))
|
|
(allow hal_nfc_client hal_nfc_hwservice (hwservice_manager (find)))
|
|
(allow hal_nfc_server hal_nfc_hwservice (hwservice_manager (add find)))
|
|
(allow hal_nfc_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/public/hal_nfc.te
|
|
|
|
(neverallow base_typeattr_461 hal_nfc_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_nfc.te
|
|
|
|
(neverallow base_typeattr_462 hal_nfc_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_nfc_client hal_nfc_service (service_manager (find)))
|
|
(allow hal_nfc_server hal_nfc_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_nfc.te
|
|
|
|
(neverallow base_typeattr_461 hal_nfc_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_nfc.te
|
|
|
|
(neverallow base_typeattr_463 hal_nfc_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_nfc property_socket (sock_file (write)))
|
|
(allow hal_nfc init (unix_stream_socket (connectto)))
|
|
(allow hal_nfc nfc_prop (property_service (set)))
|
|
(allow hal_nfc nfc_prop (file (read getattr map open)))
|
|
(allow hal_nfc nfc_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_nlinterceptor_client hal_nlinterceptor_server (binder (call transfer)))
|
|
(allow hal_nlinterceptor_server hal_nlinterceptor_client (binder (transfer)))
|
|
(allow hal_nlinterceptor_client hal_nlinterceptor_server (fd (use)))
|
|
(allow hal_nlinterceptor_client hal_nlinterceptor_service (service_manager (find)))
|
|
(allow hal_nlinterceptor_server hal_nlinterceptor_service (service_manager (add find)))
|
|
;;* lmx 3 system/sepolicy/public/hal_nlinterceptor.te
|
|
|
|
(neverallow base_typeattr_464 hal_nlinterceptor_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/public/hal_nlinterceptor.te
|
|
|
|
(neverallow base_typeattr_465 hal_nlinterceptor_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_nlinterceptor servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_nlinterceptor (binder (transfer)))
|
|
(allow hal_nlinterceptor servicemanager (fd (use)))
|
|
(allow hal_nlinterceptor self (capability (net_admin)))
|
|
(allow hal_nlinterceptor self (cap_userns (net_admin)))
|
|
(allow hal_nlinterceptor self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_nlinterceptor self (netlink_route_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_write nlmsg_readpriv)))
|
|
(allow hal_oemlock_client hal_oemlock_server (binder (call transfer)))
|
|
(allow hal_oemlock_server hal_oemlock_client (binder (transfer)))
|
|
(allow hal_oemlock_client hal_oemlock_server (fd (use)))
|
|
(allow hal_oemlock_client hal_oemlock_hwservice (hwservice_manager (find)))
|
|
(allow hal_oemlock_server hal_oemlock_hwservice (hwservice_manager (add find)))
|
|
(allow hal_oemlock_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_oemlock.te
|
|
|
|
(neverallow base_typeattr_466 hal_oemlock_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_oemlock.te
|
|
|
|
(neverallow base_typeattr_467 hal_oemlock_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_oemlock_client hal_oemlock_service (service_manager (find)))
|
|
(allow hal_oemlock_server hal_oemlock_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_oemlock.te
|
|
|
|
(neverallow base_typeattr_466 hal_oemlock_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_oemlock.te
|
|
|
|
(neverallow base_typeattr_468 hal_oemlock_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_oemlock_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_oemlock_server (binder (transfer)))
|
|
(allow hal_oemlock_server servicemanager (fd (use)))
|
|
(allow hal_omx_server binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain hal_omx_server (binder (transfer)))
|
|
(allow hal_omx_server binderservicedomain (fd (use)))
|
|
(allow hal_omx_server base_typeattr_369 (binder (call transfer)))
|
|
(allow base_typeattr_369 hal_omx_server (binder (transfer)))
|
|
(allow hal_omx_server base_typeattr_369 (fd (use)))
|
|
(allow hal_omx_server hal_graphics_composer (fd (use)))
|
|
(allow hal_omx_server ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_omx_server hal_camera (fd (use)))
|
|
(allow hal_omx_server anr_data_file (file (append)))
|
|
(allow hal_omx_server dumpstate (fd (use)))
|
|
(allow hal_omx_server incidentd (fd (use)))
|
|
(allow hal_omx_server dumpstate (fifo_file (write append)))
|
|
(allow hal_omx_server incidentd (fifo_file (write append)))
|
|
(allow hal_omx_server system_server (fifo_file (write append)))
|
|
(allow hal_omx_server tombstoned (unix_stream_socket (connectto)))
|
|
(allow hal_omx_server tombstoned (fd (use)))
|
|
(allow hal_omx_server tombstoned_crash_socket (sock_file (write)))
|
|
(allow hal_omx_server tombstone_data_file (file (append)))
|
|
(allow hal_omx_server bufferhubd (fd (use)))
|
|
(allow hal_omx_client hal_omx_hwservice (hwservice_manager (find)))
|
|
(allow hal_omx_server hal_omx_hwservice (hwservice_manager (add find)))
|
|
(allow hal_omx_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 21 system/sepolicy/public/hal_omx.te
|
|
|
|
(neverallow base_typeattr_469 hal_omx_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 21 system/sepolicy/public/hal_omx.te
|
|
|
|
(neverallow base_typeattr_470 hal_omx_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_omx_client hidl_token_hwservice (hwservice_manager (find)))
|
|
(allow hal_omx_client media_variant_prop (file (read getattr map open)))
|
|
(allow hal_omx_server media_variant_prop (file (read getattr map open)))
|
|
(allow hal_omx_client hal_omx_server (binder (call transfer)))
|
|
(allow hal_omx_server hal_omx_client (binder (transfer)))
|
|
(allow hal_omx_client hal_omx_server (fd (use)))
|
|
(allow hal_omx_server hal_omx_client (binder (call transfer)))
|
|
(allow hal_omx_client hal_omx_server (binder (transfer)))
|
|
(allow hal_omx_server hal_omx_client (fd (use)))
|
|
;;* lmx 37 system/sepolicy/public/hal_omx.te
|
|
|
|
(neverallow hal_omx_server fs_type (file (execute_no_trans)))
|
|
(neverallow hal_omx_server file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 49 system/sepolicy/public/hal_omx.te
|
|
|
|
(neverallow hal_omx_server domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow hal_omx_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 50 system/sepolicy/public/hal_omx.te
|
|
|
|
(neverallow hal_omx_server domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
(allow hal_power_client hal_power_server (binder (call transfer)))
|
|
(allow hal_power_server hal_power_client (binder (transfer)))
|
|
(allow hal_power_client hal_power_server (fd (use)))
|
|
(allow hal_power_server hal_power_client (binder (call transfer)))
|
|
(allow hal_power_client hal_power_server (binder (transfer)))
|
|
(allow hal_power_server hal_power_client (fd (use)))
|
|
(allow hal_power_client hal_power_hwservice (hwservice_manager (find)))
|
|
(allow hal_power_server hal_power_hwservice (hwservice_manager (add find)))
|
|
(allow hal_power_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_power.te
|
|
|
|
(neverallow base_typeattr_471 hal_power_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_power.te
|
|
|
|
(neverallow base_typeattr_472 hal_power_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_power_client hal_power_service (service_manager (find)))
|
|
(allow hal_power_server hal_power_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_power.te
|
|
|
|
(neverallow base_typeattr_471 hal_power_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_power.te
|
|
|
|
(neverallow base_typeattr_473 hal_power_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_power_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_power_server (binder (transfer)))
|
|
(allow hal_power_server servicemanager (fd (use)))
|
|
(allow hal_power_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_power_client (binder (transfer)))
|
|
(allow hal_power_client servicemanager (fd (use)))
|
|
(allow hal_power_stats_client hal_power_stats_server (binder (call transfer)))
|
|
(allow hal_power_stats_server hal_power_stats_client (binder (transfer)))
|
|
(allow hal_power_stats_client hal_power_stats_server (fd (use)))
|
|
(allow hal_power_stats_server hal_power_stats_client (binder (call transfer)))
|
|
(allow hal_power_stats_client hal_power_stats_server (binder (transfer)))
|
|
(allow hal_power_stats_server hal_power_stats_client (fd (use)))
|
|
(allow hal_power_stats_client hal_power_stats_hwservice (hwservice_manager (find)))
|
|
(allow hal_power_stats_server hal_power_stats_hwservice (hwservice_manager (add find)))
|
|
(allow hal_power_stats_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_power_stats.te
|
|
|
|
(neverallow base_typeattr_474 hal_power_stats_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_power_stats.te
|
|
|
|
(neverallow base_typeattr_475 hal_power_stats_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_power_stats_client hal_power_stats_service (service_manager (find)))
|
|
(allow hal_power_stats_server hal_power_stats_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_power_stats.te
|
|
|
|
(neverallow base_typeattr_474 hal_power_stats_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_power_stats.te
|
|
|
|
(neverallow base_typeattr_476 hal_power_stats_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_power_stats_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_power_stats_server (binder (transfer)))
|
|
(allow hal_power_stats_server servicemanager (fd (use)))
|
|
(allow hal_power_stats_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_power_stats_client (binder (transfer)))
|
|
(allow hal_power_stats_client servicemanager (fd (use)))
|
|
(allow hal_rebootescrow_client hal_rebootescrow_server (binder (call transfer)))
|
|
(allow hal_rebootescrow_server hal_rebootescrow_client (binder (transfer)))
|
|
(allow hal_rebootescrow_client hal_rebootescrow_server (fd (use)))
|
|
(allow hal_rebootescrow_client hal_rebootescrow_service (service_manager (find)))
|
|
(allow hal_rebootescrow_server hal_rebootescrow_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_rebootescrow.te
|
|
|
|
(neverallow base_typeattr_477 hal_rebootescrow_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_rebootescrow.te
|
|
|
|
(neverallow base_typeattr_478 hal_rebootescrow_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_rebootescrow_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_rebootescrow_server (binder (call transfer)))
|
|
(allow servicemanager hal_rebootescrow_server (dir (search)))
|
|
(allow servicemanager hal_rebootescrow_server (file (read open)))
|
|
(allow servicemanager hal_rebootescrow_server (process (getattr)))
|
|
(allow hal_remoteaccess_client hal_remoteaccess_server (binder (call transfer)))
|
|
(allow hal_remoteaccess_server hal_remoteaccess_client (binder (transfer)))
|
|
(allow hal_remoteaccess_client hal_remoteaccess_server (fd (use)))
|
|
(allow hal_remoteaccess_server hal_remoteaccess_client (binder (call transfer)))
|
|
(allow hal_remoteaccess_client hal_remoteaccess_server (binder (transfer)))
|
|
(allow hal_remoteaccess_server hal_remoteaccess_client (fd (use)))
|
|
(allow hal_remoteaccess_client hal_remoteaccess_service (service_manager (find)))
|
|
(allow hal_remoteaccess_server hal_remoteaccess_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_remoteaccess.te
|
|
|
|
(neverallow base_typeattr_479 hal_remoteaccess_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_remoteaccess.te
|
|
|
|
(neverallow base_typeattr_480 hal_remoteaccess_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server (binder (call transfer)))
|
|
(allow hal_remotelyprovisionedcomponent_avf_server hal_remotelyprovisionedcomponent_avf_client (binder (transfer)))
|
|
(allow hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server (fd (use)))
|
|
(allow hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
|
|
(allow hal_remotelyprovisionedcomponent_avf_server hal_remotelyprovisionedcomponent_avf_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_remotelyprovisionedcomponent_avf.te
|
|
|
|
(neverallow base_typeattr_481 hal_remotelyprovisionedcomponent_avf_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_remotelyprovisionedcomponent_avf.te
|
|
|
|
(neverallow base_typeattr_482 hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_remotelyprovisionedcomponent_avf_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (binder (call transfer)))
|
|
(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (dir (search)))
|
|
(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (file (read open)))
|
|
(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (process (getattr)))
|
|
(allow hal_secretkeeper_client hal_secretkeeper_server (binder (call transfer)))
|
|
(allow hal_secretkeeper_server hal_secretkeeper_client (binder (transfer)))
|
|
(allow hal_secretkeeper_client hal_secretkeeper_server (fd (use)))
|
|
(allow hal_secretkeeper_client hal_secretkeeper_service (service_manager (find)))
|
|
(allow hal_secretkeeper_server hal_secretkeeper_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_secretkeeper.te
|
|
|
|
(neverallow base_typeattr_483 hal_secretkeeper_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_secretkeeper.te
|
|
|
|
(neverallow base_typeattr_484 hal_secretkeeper_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_secretkeeper_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_secretkeeper_server (binder (call transfer)))
|
|
(allow servicemanager hal_secretkeeper_server (dir (search)))
|
|
(allow servicemanager hal_secretkeeper_server (file (read open)))
|
|
(allow servicemanager hal_secretkeeper_server (process (getattr)))
|
|
(allow hal_secretkeeper_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_secretkeeper_client (binder (call transfer)))
|
|
(allow servicemanager hal_secretkeeper_client (dir (search)))
|
|
(allow servicemanager hal_secretkeeper_client (file (read open)))
|
|
(allow servicemanager hal_secretkeeper_client (process (getattr)))
|
|
(allow hal_secretkeeper_server tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_secure_element_client hal_secure_element_server (binder (call transfer)))
|
|
(allow hal_secure_element_server hal_secure_element_client (binder (transfer)))
|
|
(allow hal_secure_element_client hal_secure_element_server (fd (use)))
|
|
(allow hal_secure_element_server hal_secure_element_client (binder (call transfer)))
|
|
(allow hal_secure_element_client hal_secure_element_server (binder (transfer)))
|
|
(allow hal_secure_element_server hal_secure_element_client (fd (use)))
|
|
(allow hal_secure_element_client hal_secure_element_hwservice (hwservice_manager (find)))
|
|
(allow hal_secure_element_server hal_secure_element_hwservice (hwservice_manager (add find)))
|
|
(allow hal_secure_element_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_secure_element.te
|
|
|
|
(neverallow base_typeattr_485 hal_secure_element_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_secure_element.te
|
|
|
|
(neverallow base_typeattr_486 hal_secure_element_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_secure_element_client hal_secure_element_service (service_manager (find)))
|
|
(allow hal_secure_element_server hal_secure_element_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_secure_element.te
|
|
|
|
(neverallow base_typeattr_485 hal_secure_element_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_secure_element.te
|
|
|
|
(neverallow base_typeattr_487 hal_secure_element_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_secure_element_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_secure_element_server (binder (call transfer)))
|
|
(allow servicemanager hal_secure_element_server (dir (search)))
|
|
(allow servicemanager hal_secure_element_server (file (read open)))
|
|
(allow servicemanager hal_secure_element_server (process (getattr)))
|
|
(allow hal_secure_element_client hal_secure_element_service (service_manager (find)))
|
|
(allow hal_sensors_client hal_sensors_server (binder (call transfer)))
|
|
(allow hal_sensors_server hal_sensors_client (binder (transfer)))
|
|
(allow hal_sensors_client hal_sensors_server (fd (use)))
|
|
(allow hal_sensors_client hal_sensors_hwservice (hwservice_manager (find)))
|
|
(allow hal_sensors_server hal_sensors_hwservice (hwservice_manager (add find)))
|
|
(allow hal_sensors_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_sensors.te
|
|
|
|
(neverallow base_typeattr_488 hal_sensors_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_sensors.te
|
|
|
|
(neverallow base_typeattr_489 hal_sensors_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_sensors base_typeattr_369 (fd (use)))
|
|
(allow hal_sensors hal_allocator (fd (use)))
|
|
(allow hal_sensors self (capability (sys_nice)))
|
|
(allow hal_sensors self (cap_userns (sys_nice)))
|
|
(allow hal_sensors_server hal_sensors_service (service_manager (add find)))
|
|
;;* lmx 16 system/sepolicy/public/hal_sensors.te
|
|
|
|
(neverallow base_typeattr_488 hal_sensors_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow hal_sensors_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_sensors_server (binder (transfer)))
|
|
(allow hal_sensors_server servicemanager (fd (use)))
|
|
(allow hal_sensors_client hal_sensors_service (service_manager (find)))
|
|
(allow hal_telephony_client hal_telephony_server (binder (call transfer)))
|
|
(allow hal_telephony_server hal_telephony_client (binder (transfer)))
|
|
(allow hal_telephony_client hal_telephony_server (fd (use)))
|
|
(allow hal_telephony_server hal_telephony_client (binder (call transfer)))
|
|
(allow hal_telephony_client hal_telephony_server (binder (transfer)))
|
|
(allow hal_telephony_server hal_telephony_client (fd (use)))
|
|
(allow hal_telephony_client hal_telephony_hwservice (hwservice_manager (find)))
|
|
(allow hal_telephony_server hal_telephony_hwservice (hwservice_manager (add find)))
|
|
(allow hal_telephony_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_telephony.te
|
|
|
|
(neverallow base_typeattr_490 hal_telephony_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_telephony.te
|
|
|
|
(neverallow base_typeattr_491 hal_telephony_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_telephony_client hal_radio_service (service_manager (find)))
|
|
(allow hal_telephony_server hal_radio_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_telephony.te
|
|
|
|
(neverallow base_typeattr_490 hal_radio_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_telephony.te
|
|
|
|
(neverallow base_typeattr_492 hal_radio_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allowx hal_telephony_server self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx hal_telephony_server self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx hal_telephony_server self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow hal_telephony_server self (netlink_route_socket (nlmsg_write)))
|
|
(allow hal_telephony_server self (capability (setgid setuid setpcap net_admin net_raw)))
|
|
(allow hal_telephony_server self (cap_userns (setgid setuid setpcap net_admin net_raw)))
|
|
(allow hal_telephony_server cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow hal_telephony_server cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow hal_telephony_server cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server radio_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_telephony_server radio_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server efs_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow hal_telephony_server efs_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow hal_telephony_server vendor_shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow hal_telephony_server bluetooth_efs_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server bluetooth_efs_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_telephony_server telephony_config_prop (file (read getattr map open)))
|
|
(allow hal_telephony_server property_socket (sock_file (write)))
|
|
(allow hal_telephony_server init (unix_stream_socket (connectto)))
|
|
(allow hal_telephony_server radio_control_prop (property_service (set)))
|
|
(allow hal_telephony_server radio_control_prop (file (read getattr map open)))
|
|
(allow hal_telephony_server property_socket (sock_file (write)))
|
|
(allow hal_telephony_server init (unix_stream_socket (connectto)))
|
|
(allow hal_telephony_server radio_prop (property_service (set)))
|
|
(allow hal_telephony_server radio_prop (file (read getattr map open)))
|
|
(allow hal_telephony_server property_socket (sock_file (write)))
|
|
(allow hal_telephony_server init (unix_stream_socket (connectto)))
|
|
(allow hal_telephony_server telephony_status_prop (property_service (set)))
|
|
(allow hal_telephony_server telephony_status_prop (file (read getattr map open)))
|
|
(allow hal_telephony_server tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_telephony_server self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_telephony_server self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_telephony_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_telephony_server sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_telephony_server self (capability2 (block_suspend)))
|
|
(allow hal_telephony_server self (cap2_userns (block_suspend)))
|
|
(allow hal_telephony_server system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server hal_telephony_server (binder (transfer)))
|
|
(allow hal_telephony_server system_suspend_server (fd (use)))
|
|
(allow hal_telephony_server system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow hal_telephony_server hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager hal_telephony_server (binder (call transfer)))
|
|
(allow hwservicemanager hal_telephony_server (dir (search)))
|
|
(allow hwservicemanager hal_telephony_server (file (read map open)))
|
|
(allow hwservicemanager hal_telephony_server (process (getattr)))
|
|
(allow hal_telephony_server hwservicemanager_prop (file (read getattr map open)))
|
|
(allow hal_telephony_server hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow hal_telephony_server hal_system_suspend_service (service_manager (find)))
|
|
(allow hal_telephony_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_telephony_server (binder (call transfer)))
|
|
(allow servicemanager hal_telephony_server (dir (search)))
|
|
(allow servicemanager hal_telephony_server (file (read open)))
|
|
(allow servicemanager hal_telephony_server (process (getattr)))
|
|
(allow hal_telephony_server proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_telephony_server proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_telephony_server sysfs_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server sysfs_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_telephony_server self (socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_telephony_server hal_telephony_server (binder (call transfer)))
|
|
(allow hal_telephony_server hal_telephony_server (binder (transfer)))
|
|
(allow hal_telephony_server hal_telephony_server (fd (use)))
|
|
(allow hal_tetheroffload_client hal_tetheroffload_server (binder (call transfer)))
|
|
(allow hal_tetheroffload_server hal_tetheroffload_client (binder (transfer)))
|
|
(allow hal_tetheroffload_client hal_tetheroffload_server (fd (use)))
|
|
(allow hal_tetheroffload_server hal_tetheroffload_client (binder (call transfer)))
|
|
(allow hal_tetheroffload_client hal_tetheroffload_server (binder (transfer)))
|
|
(allow hal_tetheroffload_server hal_tetheroffload_client (fd (use)))
|
|
(allow hal_tetheroffload_client hal_tetheroffload_hwservice (hwservice_manager (find)))
|
|
(allow hal_tetheroffload_server hal_tetheroffload_hwservice (hwservice_manager (add find)))
|
|
(allow hal_tetheroffload_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_tetheroffload.te
|
|
|
|
(neverallow base_typeattr_493 hal_tetheroffload_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_tetheroffload.te
|
|
|
|
(neverallow base_typeattr_494 hal_tetheroffload_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tetheroffload_client hal_tetheroffload_service (service_manager (find)))
|
|
(allow hal_tetheroffload_server hal_tetheroffload_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_tetheroffload.te
|
|
|
|
(neverallow base_typeattr_493 hal_tetheroffload_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_tetheroffload.te
|
|
|
|
(neverallow base_typeattr_495 hal_tetheroffload_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tetheroffload_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tetheroffload_server (binder (call transfer)))
|
|
(allow servicemanager hal_tetheroffload_server (dir (search)))
|
|
(allow servicemanager hal_tetheroffload_server (file (read open)))
|
|
(allow servicemanager hal_tetheroffload_server (process (getattr)))
|
|
(allow hal_tetheroffload_server hal_tetheroffload_client (netlink_netfilter_socket (read write getattr setopt)))
|
|
(allow hal_thermal_client hal_thermal_server (binder (call transfer)))
|
|
(allow hal_thermal_server hal_thermal_client (binder (transfer)))
|
|
(allow hal_thermal_client hal_thermal_server (fd (use)))
|
|
(allow hal_thermal_server hal_thermal_client (binder (call transfer)))
|
|
(allow hal_thermal_client hal_thermal_server (binder (transfer)))
|
|
(allow hal_thermal_server hal_thermal_client (fd (use)))
|
|
(allow hal_thermal_client hal_thermal_hwservice (hwservice_manager (find)))
|
|
(allow hal_thermal_server hal_thermal_hwservice (hwservice_manager (add find)))
|
|
(allow hal_thermal_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_thermal.te
|
|
|
|
(neverallow base_typeattr_496 hal_thermal_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_thermal.te
|
|
|
|
(neverallow base_typeattr_497 hal_thermal_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_thermal_client hal_thermal_service (service_manager (find)))
|
|
(allow hal_thermal_server hal_thermal_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_thermal.te
|
|
|
|
(neverallow base_typeattr_496 hal_thermal_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_thermal.te
|
|
|
|
(neverallow base_typeattr_498 hal_thermal_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_thermal_server hal_thermal_service (service_manager (add find)))
|
|
;;* lmx 8 system/sepolicy/public/hal_thermal.te
|
|
|
|
(neverallow base_typeattr_496 hal_thermal_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow hal_thermal_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_thermal_server (binder (transfer)))
|
|
(allow hal_thermal_server servicemanager (fd (use)))
|
|
(allow hal_thermal_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_thermal_client (binder (transfer)))
|
|
(allow hal_thermal_client servicemanager (fd (use)))
|
|
(allow hal_threadnetwork_client hal_threadnetwork_server (binder (call transfer)))
|
|
(allow hal_threadnetwork_server hal_threadnetwork_client (binder (transfer)))
|
|
(allow hal_threadnetwork_client hal_threadnetwork_server (fd (use)))
|
|
(allow hal_threadnetwork_server hal_threadnetwork_client (binder (call transfer)))
|
|
(allow hal_threadnetwork_client hal_threadnetwork_server (binder (transfer)))
|
|
(allow hal_threadnetwork_server hal_threadnetwork_client (fd (use)))
|
|
(allow hal_threadnetwork_client hal_threadnetwork_service (service_manager (find)))
|
|
(allow hal_threadnetwork_server hal_threadnetwork_service (service_manager (add find)))
|
|
;;* lmx 4 system/sepolicy/public/hal_threadnetwork.te
|
|
|
|
(neverallow base_typeattr_499 hal_threadnetwork_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_threadnetwork.te
|
|
|
|
(neverallow base_typeattr_500 hal_threadnetwork_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_threadnetwork_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_threadnetwork_server (binder (transfer)))
|
|
(allow hal_threadnetwork_server servicemanager (fd (use)))
|
|
(allow hal_threadnetwork_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_threadnetwork_client (binder (transfer)))
|
|
(allow hal_threadnetwork_client servicemanager (fd (use)))
|
|
(allow hal_tv_cec_client hal_tv_cec_server (binder (call transfer)))
|
|
(allow hal_tv_cec_server hal_tv_cec_client (binder (transfer)))
|
|
(allow hal_tv_cec_client hal_tv_cec_server (fd (use)))
|
|
(allow hal_tv_cec_server hal_tv_cec_client (binder (call transfer)))
|
|
(allow hal_tv_cec_client hal_tv_cec_server (binder (transfer)))
|
|
(allow hal_tv_cec_server hal_tv_cec_client (fd (use)))
|
|
(allow hal_tv_cec_client hal_tv_cec_hwservice (hwservice_manager (find)))
|
|
(allow hal_tv_cec_server hal_tv_cec_hwservice (hwservice_manager (add find)))
|
|
(allow hal_tv_cec_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_tv_cec.te
|
|
|
|
(neverallow base_typeattr_501 hal_tv_cec_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_tv_cec.te
|
|
|
|
(neverallow base_typeattr_502 hal_tv_cec_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server (binder (call transfer)))
|
|
(allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_client (binder (transfer)))
|
|
(allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server (fd (use)))
|
|
(allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_client (binder (call transfer)))
|
|
(allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server (binder (transfer)))
|
|
(allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_client (fd (use)))
|
|
(allow hal_tv_hdmi_cec_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_cec_client (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_cec_client (dir (search)))
|
|
(allow servicemanager hal_tv_hdmi_cec_client (file (read open)))
|
|
(allow servicemanager hal_tv_hdmi_cec_client (process (getattr)))
|
|
(allow hal_tv_hdmi_cec_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_cec_server (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_cec_server (dir (search)))
|
|
(allow servicemanager hal_tv_hdmi_cec_server (file (read open)))
|
|
(allow servicemanager hal_tv_hdmi_cec_server (process (getattr)))
|
|
(allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_service (service_manager (find)))
|
|
(allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_tv_hdmi_cec.te
|
|
|
|
(neverallow base_typeattr_503 hal_tv_hdmi_cec_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_tv_hdmi_cec.te
|
|
|
|
(neverallow base_typeattr_504 hal_tv_hdmi_cec_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server (binder (call transfer)))
|
|
(allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_client (binder (transfer)))
|
|
(allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server (fd (use)))
|
|
(allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_client (binder (call transfer)))
|
|
(allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server (binder (transfer)))
|
|
(allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_client (fd (use)))
|
|
(allow hal_tv_hdmi_connection_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_connection_client (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_connection_client (dir (search)))
|
|
(allow servicemanager hal_tv_hdmi_connection_client (file (read open)))
|
|
(allow servicemanager hal_tv_hdmi_connection_client (process (getattr)))
|
|
(allow hal_tv_hdmi_connection_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_connection_server (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_connection_server (dir (search)))
|
|
(allow servicemanager hal_tv_hdmi_connection_server (file (read open)))
|
|
(allow servicemanager hal_tv_hdmi_connection_server (process (getattr)))
|
|
(allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_service (service_manager (find)))
|
|
(allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_tv_hdmi_connection.te
|
|
|
|
(neverallow base_typeattr_505 hal_tv_hdmi_connection_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_tv_hdmi_connection.te
|
|
|
|
(neverallow base_typeattr_506 hal_tv_hdmi_connection_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server (binder (call transfer)))
|
|
(allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_client (binder (transfer)))
|
|
(allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server (fd (use)))
|
|
(allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_client (binder (call transfer)))
|
|
(allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server (binder (transfer)))
|
|
(allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_client (fd (use)))
|
|
(allow hal_tv_hdmi_earc_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_earc_client (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_earc_client (dir (search)))
|
|
(allow servicemanager hal_tv_hdmi_earc_client (file (read open)))
|
|
(allow servicemanager hal_tv_hdmi_earc_client (process (getattr)))
|
|
(allow hal_tv_hdmi_earc_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_earc_server (binder (call transfer)))
|
|
(allow servicemanager hal_tv_hdmi_earc_server (dir (search)))
|
|
(allow servicemanager hal_tv_hdmi_earc_server (file (read open)))
|
|
(allow servicemanager hal_tv_hdmi_earc_server (process (getattr)))
|
|
(allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_service (service_manager (find)))
|
|
(allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_tv_hdmi_earc.te
|
|
|
|
(neverallow base_typeattr_507 hal_tv_hdmi_earc_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_tv_hdmi_earc.te
|
|
|
|
(neverallow base_typeattr_508 hal_tv_hdmi_earc_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_input_client hal_tv_input_server (binder (call transfer)))
|
|
(allow hal_tv_input_server hal_tv_input_client (binder (transfer)))
|
|
(allow hal_tv_input_client hal_tv_input_server (fd (use)))
|
|
(allow hal_tv_input_server hal_tv_input_client (binder (call transfer)))
|
|
(allow hal_tv_input_client hal_tv_input_server (binder (transfer)))
|
|
(allow hal_tv_input_server hal_tv_input_client (fd (use)))
|
|
(allow hal_tv_input_client hal_tv_input_hwservice (hwservice_manager (find)))
|
|
(allow hal_tv_input_server hal_tv_input_hwservice (hwservice_manager (add find)))
|
|
(allow hal_tv_input_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_tv_input.te
|
|
|
|
(neverallow base_typeattr_509 hal_tv_input_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_tv_input.te
|
|
|
|
(neverallow base_typeattr_510 hal_tv_input_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_input_client hal_tv_input_service (service_manager (find)))
|
|
(allow hal_tv_input_server hal_tv_input_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_tv_input.te
|
|
|
|
(neverallow base_typeattr_509 hal_tv_input_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_tv_input.te
|
|
|
|
(neverallow base_typeattr_511 hal_tv_input_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_input_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_input_server (binder (transfer)))
|
|
(allow hal_tv_input_server servicemanager (fd (use)))
|
|
(allow hal_tv_input_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_input_client (binder (transfer)))
|
|
(allow hal_tv_input_client servicemanager (fd (use)))
|
|
(allow hal_tv_tuner_client hal_tv_tuner_server (binder (call transfer)))
|
|
(allow hal_tv_tuner_server hal_tv_tuner_client (binder (transfer)))
|
|
(allow hal_tv_tuner_client hal_tv_tuner_server (fd (use)))
|
|
(allow hal_tv_tuner_server hal_tv_tuner_client (binder (call transfer)))
|
|
(allow hal_tv_tuner_client hal_tv_tuner_server (binder (transfer)))
|
|
(allow hal_tv_tuner_server hal_tv_tuner_client (fd (use)))
|
|
(allow hal_tv_tuner_client hal_tv_tuner_hwservice (hwservice_manager (find)))
|
|
(allow hal_tv_tuner_server hal_tv_tuner_hwservice (hwservice_manager (add find)))
|
|
(allow hal_tv_tuner_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_tv_tuner.te
|
|
|
|
(neverallow base_typeattr_512 hal_tv_tuner_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_tv_tuner.te
|
|
|
|
(neverallow base_typeattr_513 hal_tv_tuner_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_tuner_client hal_tv_tuner_service (service_manager (find)))
|
|
(allow hal_tv_tuner_server hal_tv_tuner_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_tv_tuner.te
|
|
|
|
(neverallow base_typeattr_512 hal_tv_tuner_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_tv_tuner.te
|
|
|
|
(neverallow base_typeattr_514 hal_tv_tuner_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_tv_tuner_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_tuner_server (binder (transfer)))
|
|
(allow hal_tv_tuner_server servicemanager (fd (use)))
|
|
(allow hal_tv_tuner_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_tv_tuner_client (binder (transfer)))
|
|
(allow hal_tv_tuner_client servicemanager (fd (use)))
|
|
(allow hal_usb_client hal_usb_server (binder (call transfer)))
|
|
(allow hal_usb_server hal_usb_client (binder (transfer)))
|
|
(allow hal_usb_client hal_usb_server (fd (use)))
|
|
(allow hal_usb_server hal_usb_client (binder (call transfer)))
|
|
(allow hal_usb_client hal_usb_server (binder (transfer)))
|
|
(allow hal_usb_server hal_usb_client (fd (use)))
|
|
(allow hal_usb_client hal_usb_service (service_manager (find)))
|
|
(allow hal_usb_server hal_usb_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_usb.te
|
|
|
|
(neverallow base_typeattr_515 hal_usb_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_usb.te
|
|
|
|
(neverallow base_typeattr_516 hal_usb_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_usb_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_usb_server (binder (transfer)))
|
|
(allow hal_usb_server servicemanager (fd (use)))
|
|
(allow hal_usb_client hal_usb_hwservice (hwservice_manager (find)))
|
|
(allow hal_usb_server hal_usb_hwservice (hwservice_manager (add find)))
|
|
(allow hal_usb_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 8 system/sepolicy/public/hal_usb.te
|
|
|
|
(neverallow base_typeattr_515 hal_usb_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_usb.te
|
|
|
|
(neverallow base_typeattr_517 hal_usb_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_usb self (netlink_kobject_uevent_socket (create)))
|
|
(allow hal_usb self (netlink_kobject_uevent_socket (setopt)))
|
|
(allow hal_usb self (netlink_kobject_uevent_socket (getopt)))
|
|
(allow hal_usb self (netlink_kobject_uevent_socket (bind)))
|
|
(allow hal_usb self (netlink_kobject_uevent_socket (read)))
|
|
(allow hal_usb sysfs (dir (open)))
|
|
(allow hal_usb sysfs (dir (read)))
|
|
(allow hal_usb sysfs (file (read)))
|
|
(allow hal_usb sysfs (file (open)))
|
|
(allow hal_usb sysfs (file (write)))
|
|
(allow hal_usb sysfs (file (getattr)))
|
|
(allow hal_usb_gadget_client hal_usb_gadget_server (binder (call transfer)))
|
|
(allow hal_usb_gadget_server hal_usb_gadget_client (binder (transfer)))
|
|
(allow hal_usb_gadget_client hal_usb_gadget_server (fd (use)))
|
|
(allow hal_usb_gadget_server hal_usb_gadget_client (binder (call transfer)))
|
|
(allow hal_usb_gadget_client hal_usb_gadget_server (binder (transfer)))
|
|
(allow hal_usb_gadget_server hal_usb_gadget_client (fd (use)))
|
|
(allow hal_usb_gadget_client hal_usb_gadget_service (service_manager (find)))
|
|
(allow hal_usb_gadget_server hal_usb_gadget_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_usb_gadget.te
|
|
|
|
(neverallow base_typeattr_518 hal_usb_gadget_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_usb_gadget.te
|
|
|
|
(neverallow base_typeattr_519 hal_usb_gadget_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_usb_gadget_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_usb_gadget_server (binder (transfer)))
|
|
(allow hal_usb_gadget_server servicemanager (fd (use)))
|
|
(allow hal_usb_gadget_client hal_usb_gadget_hwservice (hwservice_manager (find)))
|
|
(allow hal_usb_gadget_server hal_usb_gadget_hwservice (hwservice_manager (add find)))
|
|
(allow hal_usb_gadget_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 8 system/sepolicy/public/hal_usb_gadget.te
|
|
|
|
(neverallow base_typeattr_518 hal_usb_gadget_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/hal_usb_gadget.te
|
|
|
|
(neverallow base_typeattr_520 hal_usb_gadget_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_usb_gadget_server configfs (lnk_file (read create unlink)))
|
|
(allow hal_usb_gadget_server configfs (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow hal_usb_gadget_server configfs (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow hal_usb_gadget_server functionfs (dir (read search)))
|
|
(allow hal_usb_gadget_server functionfs (file (read)))
|
|
(allow hal_usb_gadget_server proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_usb_gadget_server usb_uvc_enabled_prop (file (read getattr map open)))
|
|
(allow hal_uwb_client hal_uwb_server (binder (call transfer)))
|
|
(allow hal_uwb_server hal_uwb_client (binder (transfer)))
|
|
(allow hal_uwb_client hal_uwb_server (fd (use)))
|
|
(allow hal_uwb_server hal_uwb_client (binder (call transfer)))
|
|
(allow hal_uwb_client hal_uwb_server (binder (transfer)))
|
|
(allow hal_uwb_server hal_uwb_client (fd (use)))
|
|
(allow hal_uwb_client hal_uwb_service (service_manager (find)))
|
|
(allow hal_uwb_server hal_uwb_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_uwb.te
|
|
|
|
(neverallow base_typeattr_521 hal_uwb_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_uwb.te
|
|
|
|
(neverallow base_typeattr_522 hal_uwb_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_uwb_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_uwb_server (binder (transfer)))
|
|
(allow hal_uwb_server servicemanager (fd (use)))
|
|
(allow hal_uwb_client servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_uwb_client (binder (transfer)))
|
|
(allow hal_uwb_client servicemanager (fd (use)))
|
|
(allow hal_vehicle_client hal_vehicle_server (binder (call transfer)))
|
|
(allow hal_vehicle_server hal_vehicle_client (binder (transfer)))
|
|
(allow hal_vehicle_client hal_vehicle_server (fd (use)))
|
|
(allow hal_vehicle_server hal_vehicle_client (binder (call transfer)))
|
|
(allow hal_vehicle_client hal_vehicle_server (binder (transfer)))
|
|
(allow hal_vehicle_server hal_vehicle_client (fd (use)))
|
|
(allow hal_vehicle_client hal_vehicle_hwservice (hwservice_manager (find)))
|
|
(allow hal_vehicle_server hal_vehicle_hwservice (hwservice_manager (add find)))
|
|
(allow hal_vehicle_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/public/hal_vehicle.te
|
|
|
|
(neverallow base_typeattr_523 hal_vehicle_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_vehicle.te
|
|
|
|
(neverallow base_typeattr_524 hal_vehicle_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_vehicle_client hal_vehicle_service (service_manager (find)))
|
|
(allow hal_vehicle_server hal_vehicle_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/public/hal_vehicle.te
|
|
|
|
(neverallow base_typeattr_523 hal_vehicle_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/hal_vehicle.te
|
|
|
|
(neverallow base_typeattr_525 hal_vehicle_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_vibrator_client hal_vibrator_server (binder (call transfer)))
|
|
(allow hal_vibrator_server hal_vibrator_client (binder (transfer)))
|
|
(allow hal_vibrator_client hal_vibrator_server (fd (use)))
|
|
(allow hal_vibrator_server hal_vibrator_client (binder (call transfer)))
|
|
(allow hal_vibrator_client hal_vibrator_server (binder (transfer)))
|
|
(allow hal_vibrator_server hal_vibrator_client (fd (use)))
|
|
(allow hal_vibrator_client hal_vibrator_hwservice (hwservice_manager (find)))
|
|
(allow hal_vibrator_server hal_vibrator_hwservice (hwservice_manager (add find)))
|
|
(allow hal_vibrator_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_vibrator.te
|
|
|
|
(neverallow base_typeattr_526 hal_vibrator_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_vibrator.te
|
|
|
|
(neverallow base_typeattr_527 hal_vibrator_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_vibrator_client hal_vibrator_service (service_manager (find)))
|
|
(allow hal_vibrator_server hal_vibrator_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_vibrator.te
|
|
|
|
(neverallow base_typeattr_526 hal_vibrator_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_vibrator.te
|
|
|
|
(neverallow base_typeattr_528 hal_vibrator_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_vibrator_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_vibrator_server (binder (transfer)))
|
|
(allow hal_vibrator_server servicemanager (fd (use)))
|
|
(allow hal_vibrator_server dumpstate (fifo_file (write)))
|
|
(allow hal_vibrator sysfs_vibrator (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow hal_vibrator sysfs_vibrator (dir (search)))
|
|
(allow hal_vibrator fwk_vibrator_control_service (service_manager (find)))
|
|
(allow hal_vr_client hal_vr_server (binder (call transfer)))
|
|
(allow hal_vr_server hal_vr_client (binder (transfer)))
|
|
(allow hal_vr_client hal_vr_server (fd (use)))
|
|
(allow hal_vr_server hal_vr_client (binder (call transfer)))
|
|
(allow hal_vr_client hal_vr_server (binder (transfer)))
|
|
(allow hal_vr_server hal_vr_client (fd (use)))
|
|
(allow hal_vr_client hal_vr_hwservice (hwservice_manager (find)))
|
|
(allow hal_vr_server hal_vr_hwservice (hwservice_manager (add find)))
|
|
(allow hal_vr_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_vr.te
|
|
|
|
(neverallow base_typeattr_529 hal_vr_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_vr.te
|
|
|
|
(neverallow base_typeattr_530 hal_vr_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_weaver_client hal_weaver_server (binder (call transfer)))
|
|
(allow hal_weaver_server hal_weaver_client (binder (transfer)))
|
|
(allow hal_weaver_client hal_weaver_server (fd (use)))
|
|
(allow hal_weaver_client hal_weaver_hwservice (hwservice_manager (find)))
|
|
(allow hal_weaver_server hal_weaver_hwservice (hwservice_manager (add find)))
|
|
(allow hal_weaver_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 4 system/sepolicy/public/hal_weaver.te
|
|
|
|
(neverallow base_typeattr_531 hal_weaver_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/public/hal_weaver.te
|
|
|
|
(neverallow base_typeattr_532 hal_weaver_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_weaver_client hal_weaver_service (service_manager (find)))
|
|
(allow hal_weaver_server hal_weaver_service (service_manager (add find)))
|
|
;;* lmx 5 system/sepolicy/public/hal_weaver.te
|
|
|
|
(neverallow base_typeattr_531 hal_weaver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_weaver.te
|
|
|
|
(neverallow base_typeattr_533 hal_weaver_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_weaver_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_weaver_server (binder (transfer)))
|
|
(allow hal_weaver_server servicemanager (fd (use)))
|
|
(allow hal_wifi_client hal_wifi_server (binder (call transfer)))
|
|
(allow hal_wifi_server hal_wifi_client (binder (transfer)))
|
|
(allow hal_wifi_client hal_wifi_server (fd (use)))
|
|
(allow hal_wifi_server hal_wifi_client (binder (call transfer)))
|
|
(allow hal_wifi_client hal_wifi_server (binder (transfer)))
|
|
(allow hal_wifi_server hal_wifi_client (fd (use)))
|
|
(allow hal_wifi_client hal_wifi_hwservice (hwservice_manager (find)))
|
|
(allow hal_wifi_server hal_wifi_hwservice (hwservice_manager (add find)))
|
|
(allow hal_wifi_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_wifi.te
|
|
|
|
(neverallow base_typeattr_534 hal_wifi_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_wifi.te
|
|
|
|
(neverallow base_typeattr_535 hal_wifi_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_wifi_client hal_wifi_service (service_manager (find)))
|
|
(allow hal_wifi_server hal_wifi_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_wifi.te
|
|
|
|
(neverallow base_typeattr_534 hal_wifi_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_wifi.te
|
|
|
|
(neverallow base_typeattr_536 hal_wifi_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_wifi_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_wifi_server (binder (call transfer)))
|
|
(allow servicemanager hal_wifi_server (dir (search)))
|
|
(allow servicemanager hal_wifi_server (file (read open)))
|
|
(allow servicemanager hal_wifi_server (process (getattr)))
|
|
(allow hal_wifi proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_wifi proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_wifi sysfs_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi sysfs_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi_server property_socket (sock_file (write)))
|
|
(allow hal_wifi_server init (unix_stream_socket (connectto)))
|
|
(allow hal_wifi_server wifi_hal_prop (property_service (set)))
|
|
(allow hal_wifi_server wifi_hal_prop (file (read getattr map open)))
|
|
(allow hal_wifi property_socket (sock_file (write)))
|
|
(allow hal_wifi init (unix_stream_socket (connectto)))
|
|
(allow hal_wifi wifi_prop (property_service (set)))
|
|
(allow hal_wifi wifi_prop (file (read getattr map open)))
|
|
(allow hal_wifi self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allowx hal_wifi self (ioctl udp_socket (0x8914 0x8924 0x8946)))
|
|
(allow hal_wifi self (capability (net_admin net_raw)))
|
|
(allow hal_wifi self (cap_userns (net_admin net_raw)))
|
|
(allow hal_wifi self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi sysfs_wlan_fwpath (file (write lock append map open)))
|
|
(allow hal_wifi proc_modules (file (read getattr open)))
|
|
(allow hal_wifi dumpstate (fifo_file (write)))
|
|
(allow hal_wifi_server tombstone_wifi_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow hal_wifi_server tombstone_wifi_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow hal_wifi_hostapd_client hal_wifi_hostapd_server (binder (call transfer)))
|
|
(allow hal_wifi_hostapd_server hal_wifi_hostapd_client (binder (transfer)))
|
|
(allow hal_wifi_hostapd_client hal_wifi_hostapd_server (fd (use)))
|
|
(allow hal_wifi_hostapd_server hal_wifi_hostapd_client (binder (call transfer)))
|
|
(allow hal_wifi_hostapd_client hal_wifi_hostapd_server (binder (transfer)))
|
|
(allow hal_wifi_hostapd_server hal_wifi_hostapd_client (fd (use)))
|
|
(allow hal_wifi_hostapd_client hal_wifi_hostapd_hwservice (hwservice_manager (find)))
|
|
(allow hal_wifi_hostapd_server hal_wifi_hostapd_hwservice (hwservice_manager (add find)))
|
|
(allow hal_wifi_hostapd_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_wifi_hostapd.te
|
|
|
|
(neverallow base_typeattr_537 hal_wifi_hostapd_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_wifi_hostapd.te
|
|
|
|
(neverallow base_typeattr_538 hal_wifi_hostapd_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_wifi_hostapd_client hal_wifi_hostapd_service (service_manager (find)))
|
|
(allow hal_wifi_hostapd_server hal_wifi_hostapd_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_wifi_hostapd.te
|
|
|
|
(neverallow base_typeattr_537 hal_wifi_hostapd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_wifi_hostapd.te
|
|
|
|
(neverallow base_typeattr_539 hal_wifi_hostapd_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_wifi_hostapd_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_wifi_hostapd_server (binder (call transfer)))
|
|
(allow servicemanager hal_wifi_hostapd_server (dir (search)))
|
|
(allow servicemanager hal_wifi_hostapd_server (file (read open)))
|
|
(allow servicemanager hal_wifi_hostapd_server (process (getattr)))
|
|
(allow hal_wifi_hostapd_server dumpstate (fifo_file (write)))
|
|
(allow hal_wifi_hostapd_server self (capability (net_admin net_raw)))
|
|
(allow hal_wifi_hostapd_server self (cap_userns (net_admin net_raw)))
|
|
(allow hal_wifi_hostapd_server sysfs_net (dir (search)))
|
|
(allow hal_wifi_hostapd_server proc_net_type (file (read getattr open)))
|
|
(allowx hal_wifi_hostapd_server self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx hal_wifi_hostapd_server self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx hal_wifi_hostapd_server self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow hal_wifi_hostapd_server self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi_hostapd_server self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi_hostapd_server self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi_hostapd_server self (netlink_route_socket (nlmsg_write)))
|
|
;;* lmx 31 system/sepolicy/public/hal_wifi_hostapd.te
|
|
|
|
(neverallow hal_wifi_hostapd_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_wifi_hostapd_server fuse (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 32 system/sepolicy/public/hal_wifi_hostapd.te
|
|
|
|
(neverallow hal_wifi_hostapd_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_wifi_hostapd_server fuse (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (call transfer)))
|
|
(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (transfer)))
|
|
(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (fd (use)))
|
|
(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (call transfer)))
|
|
(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (transfer)))
|
|
(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (fd (use)))
|
|
(allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice (hwservice_manager (find)))
|
|
(allow hal_wifi_supplicant_server hal_wifi_supplicant_hwservice (hwservice_manager (add find)))
|
|
(allow hal_wifi_supplicant_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/public/hal_wifi_supplicant.te
|
|
|
|
(neverallow base_typeattr_540 hal_wifi_supplicant_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/public/hal_wifi_supplicant.te
|
|
|
|
(neverallow base_typeattr_541 hal_wifi_supplicant_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
(allow hal_wifi_supplicant_client hal_wifi_supplicant_service (service_manager (find)))
|
|
(allow hal_wifi_supplicant_server hal_wifi_supplicant_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/hal_wifi_supplicant.te
|
|
|
|
(neverallow base_typeattr_540 hal_wifi_supplicant_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/hal_wifi_supplicant.te
|
|
|
|
(neverallow base_typeattr_542 hal_wifi_supplicant_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allowx hal_wifi_supplicant self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx hal_wifi_supplicant self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx hal_wifi_supplicant self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow hal_wifi_supplicant sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_wifi_supplicant sysfs_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi_supplicant sysfs_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi_supplicant proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hal_wifi_supplicant proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi_supplicant proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hal_wifi_supplicant self (capability (setgid setuid net_admin net_raw)))
|
|
(allow hal_wifi_supplicant self (cap_userns (setgid setuid net_admin net_raw)))
|
|
(allow hal_wifi_supplicant cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow hal_wifi_supplicant cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow hal_wifi_supplicant self (netlink_route_socket (nlmsg_write)))
|
|
(allow hal_wifi_supplicant self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi_supplicant self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow hal_wifi_supplicant self (packet_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allowx hal_wifi_supplicant self (ioctl packet_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx hal_wifi_supplicant self (ioctl packet_socket (0x6900 0x6902)))
|
|
(allowx hal_wifi_supplicant self (ioctl packet_socket ((range 0x8906 0x8907) (range 0x890b 0x890d) (range 0x8910 0x8927) 0x8929 (range 0x8930 0x8939) (range 0x8940 0x8943) (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx hal_wifi_supplicant self (ioctl packet_socket ((range 0x8b00 0x8b02) (range 0x8b04 0x8b1d) (range 0x8b20 0x8b2d) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow keystore hal_wifi_supplicant (dir (search)))
|
|
(allow keystore hal_wifi_supplicant (file (read open)))
|
|
(allow keystore hal_wifi_supplicant (process (getattr)))
|
|
(allow hal_wifi_supplicant apc_service (service_manager (find)))
|
|
(allow hal_wifi_supplicant keystore_service (service_manager (find)))
|
|
(allow hal_wifi_supplicant legacykeystore_service (service_manager (find)))
|
|
(allow hal_wifi_supplicant keystore (binder (call transfer)))
|
|
(allow keystore hal_wifi_supplicant (binder (transfer)))
|
|
(allow hal_wifi_supplicant keystore (fd (use)))
|
|
(allow keystore hal_wifi_supplicant (binder (call transfer)))
|
|
(allow hal_wifi_supplicant keystore (binder (transfer)))
|
|
(allow keystore hal_wifi_supplicant (fd (use)))
|
|
(allow hal_wifi_supplicant_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager hal_wifi_supplicant_server (binder (call transfer)))
|
|
(allow servicemanager hal_wifi_supplicant_server (dir (search)))
|
|
(allow servicemanager hal_wifi_supplicant_server (file (read open)))
|
|
(allow servicemanager hal_wifi_supplicant_server (process (getattr)))
|
|
(allow hal_wifi_supplicant wifi_key (keystore2_key (get_info use)))
|
|
;;* lmx 37 system/sepolicy/public/hal_wifi_supplicant.te
|
|
|
|
(neverallow hal_wifi_supplicant_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow hal_wifi_supplicant_server fuse (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 38 system/sepolicy/public/hal_wifi_supplicant.te
|
|
|
|
(neverallow hal_wifi_supplicant_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow hal_wifi_supplicant_server fuse (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 102 system/sepolicy/public/hwservice.te
|
|
|
|
(neverallow domain base_typeattr_543 (hwservice_manager (add find)))
|
|
;;* lme
|
|
|
|
(allow hwservicemanager self (binder (set_context_mgr)))
|
|
(allow hwservicemanager system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hwservicemanager hwservice_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hwservicemanager selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hwservicemanager selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hwservicemanager selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hwservicemanager selinuxfs (file (write lock append map open)))
|
|
(allow hwservicemanager kernel (security (compute_av)))
|
|
(allow hwservicemanager self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow idmap resourcecache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow idmap resourcecache_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow idmap apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap apk_data_file (dir (search)))
|
|
(allow idmap apk_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap apk_private_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap apk_tmp_file (dir (search)))
|
|
(allow idmap apk_private_tmp_file (dir (search)))
|
|
(allow idmap vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow idmap vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow idmap vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow idmap servicemanager (binder (call transfer)))
|
|
(allow servicemanager idmap (binder (call transfer)))
|
|
(allow servicemanager idmap (dir (search)))
|
|
(allow servicemanager idmap (file (read open)))
|
|
(allow servicemanager idmap (process (getattr)))
|
|
(allow idmap idmap_service (service_manager (add find)))
|
|
;;* lmx 26 system/sepolicy/public/idmap.te
|
|
|
|
(neverallow base_typeattr_544 idmap_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow init tmpfs (chr_file (ioctl read write create getattr setattr lock append map unlink open watch watch_reads)))
|
|
(allow init tmpfs (chr_file (relabelfrom)))
|
|
(allow init kmsg_device (chr_file (write getattr relabelto)))
|
|
(allow init properties_device (dir (relabelto)))
|
|
(allow init properties_serial (file (write relabelto)))
|
|
(allow init property_type (file (read write create getattr setattr relabelto append map unlink rename open)))
|
|
(allow init properties_device (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init property_info (file (relabelto)))
|
|
(allow init device (file (relabelfrom)))
|
|
(allow init runtime_event_log_tags_file (file (write create setattr relabelto open)))
|
|
(allow init device (dir (relabelto)))
|
|
(allow init dm_user_device (dir (relabelto)))
|
|
(allow init socket_device (dir (relabelto)))
|
|
(allow init lmkd_socket (sock_file (write)))
|
|
(allow init lmkd (unix_stream_socket (connectto)))
|
|
(allow init console_device (chr_file (relabelto)))
|
|
(allow init ptmx_device (chr_file (relabelto)))
|
|
(allow init null_device (chr_file (relabelto)))
|
|
(allow init random_device (chr_file (relabelto)))
|
|
(allow init tmpfs (chr_file (relabelfrom)))
|
|
(allow init tmpfs (blk_file (relabelfrom)))
|
|
(allow init tmpfs (blk_file (getattr)))
|
|
(allow init block_device (dir (relabelto)))
|
|
(allow init block_device (lnk_file (relabelto)))
|
|
(allow init block_device (blk_file (relabelto)))
|
|
(allow init dm_device (chr_file (relabelto)))
|
|
(allow init dm_device (blk_file (relabelto)))
|
|
(allow init dm_user_device (chr_file (relabelto)))
|
|
(allow init kernel (fd (use)))
|
|
(allow init tmpfs (lnk_file (read getattr relabelfrom)))
|
|
(allow init system_block_device (lnk_file (relabelto)))
|
|
(allow init system_block_device (blk_file (relabelto)))
|
|
(allow init recovery_block_device (lnk_file (relabelto)))
|
|
(allow init recovery_block_device (blk_file (relabelto)))
|
|
(allow init userdata_block_device (lnk_file (relabelto)))
|
|
(allow init userdata_block_device (blk_file (relabelto)))
|
|
(allow init metadata_block_device (lnk_file (relabelto)))
|
|
(allow init metadata_block_device (blk_file (relabelto)))
|
|
(allow init misc_block_device (lnk_file (relabelto)))
|
|
(allow init misc_block_device (blk_file (relabelto)))
|
|
(allow init dtbo_block_device (lnk_file (relabelto)))
|
|
(allow init super_block_device (lnk_file (relabelto)))
|
|
(allow init mnt_sdcard_file (lnk_file (create)))
|
|
(allow init self (capability (sys_resource)))
|
|
(allow init self (cap_userns (sys_resource)))
|
|
(allow init tmpfs (file (getattr unlink)))
|
|
(allow init devpts (chr_file (read write open)))
|
|
(allow init fscklogs (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init tmpfs (chr_file (write)))
|
|
(allow init console_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init self (capability (sys_admin)))
|
|
(allow init self (cap_userns (sys_admin)))
|
|
(allow init self (capability (sys_chroot)))
|
|
(allow init self (cap_userns (sys_chroot)))
|
|
(allow init rootfs (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init rootfs (dir (mounton)))
|
|
(allow init cgroup (dir (mounton)))
|
|
(allow init system_file (dir (mounton)))
|
|
(allow init linkerconfig_file (dir (mounton)))
|
|
(allow init vendor_file (dir (mounton)))
|
|
(allow init system_data_root_file (dir (mounton)))
|
|
(allow init system_data_file (dir (mounton)))
|
|
(allow init shell_data_file (dir (mounton)))
|
|
(allow init mnt_user_file (dir (mounton)))
|
|
(allow init storage_file (dir (mounton)))
|
|
(allow init postinstall_mnt_dir (dir (mounton)))
|
|
(allow init mirror_data_file (dir (mounton)))
|
|
(allow init cache_file (dir (mounton)))
|
|
(allow init system_dlkm_file (dir (mounton)))
|
|
(allow init fs_bpf (dir (mounton)))
|
|
(allow init device (dir (mounton)))
|
|
(allow init apex_mnt_dir (dir (mounton)))
|
|
(allow init art_apex_dir (dir (mounton)))
|
|
(allow init rootfs (lnk_file (create unlink)))
|
|
(allow init sysfs (dir (mounton)))
|
|
(allow init tmpfs (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init tmpfs (dir (mounton)))
|
|
(allow init cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init cgroup (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init cgroup_rc_file (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init cgroup_desc_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init cgroup_desc_api_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init vendor_cgroup_desc_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init cgroup_v2 (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init cgroup_v2 (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init configfs (dir (mounton)))
|
|
(allow init configfs (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init configfs (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init configfs (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init metadata_file (dir (mounton)))
|
|
(allow init tmpfs (dir (relabelfrom)))
|
|
(allow init self (capability (dac_override dac_read_search)))
|
|
(allow init self (cap_userns (dac_override dac_read_search)))
|
|
(allow init self (capability (sys_time)))
|
|
(allow init self (cap_userns (sys_time)))
|
|
(allow init self (capability (sys_rawio mknod)))
|
|
(allow init self (cap_userns (sys_rawio mknod)))
|
|
(allow init dev_type (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allowx init dev_type (ioctl blk_file (0x125d)))
|
|
(allowx init system_data_root_file (ioctl dir (0x587d)))
|
|
(allow init base_typeattr_545 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
|
|
(allow init debugfs_tracing_debug (filesystem (mount)))
|
|
(allow init unlabeled (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
|
|
(allow init contextmount_type (filesystem (relabelto)))
|
|
(allow init contextmount_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init contextmount_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init contextmount_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init contextmount_type (sock_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init contextmount_type (fifo_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init rootfs (file (relabelfrom)))
|
|
(allow init rootfs (dir (relabelfrom)))
|
|
(allow init self (capability (chown fowner fsetid)))
|
|
(allow init self (cap_userns (chown fowner fsetid)))
|
|
(allow init base_typeattr_546 (dir (ioctl read create getattr setattr open search)))
|
|
(allow init base_typeattr_547 (dir (write relabelfrom add_name remove_name rmdir)))
|
|
(allow init base_typeattr_548 (file (read write create getattr setattr relabelfrom map unlink open)))
|
|
(allow init tracefs_type (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow init apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init base_typeattr_549 (sock_file (read create getattr setattr relabelfrom unlink open)))
|
|
(allow init base_typeattr_549 (fifo_file (read create getattr setattr relabelfrom unlink open)))
|
|
(allow init base_typeattr_550 (lnk_file (create getattr setattr relabelfrom unlink)))
|
|
(allow init cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init base_typeattr_551 (file (relabelto)))
|
|
(allow init base_typeattr_551 (dir (relabelto)))
|
|
(allow init base_typeattr_551 (lnk_file (relabelto)))
|
|
(allow init base_typeattr_551 (chr_file (relabelto)))
|
|
(allow init base_typeattr_551 (blk_file (relabelto)))
|
|
(allow init base_typeattr_551 (sock_file (relabelto)))
|
|
(allow init base_typeattr_551 (fifo_file (relabelto)))
|
|
(allow init sysfs (file (getattr relabelfrom)))
|
|
(allow init sysfs (dir (getattr relabelfrom)))
|
|
(allow init sysfs (lnk_file (getattr relabelfrom)))
|
|
(allow init debugfs_tracing (file (getattr relabelfrom)))
|
|
(allow init debugfs_tracing (dir (getattr relabelfrom)))
|
|
(allow init debugfs_tracing (lnk_file (getattr relabelfrom)))
|
|
(allow init debugfs_tracing_debug (file (getattr relabelfrom)))
|
|
(allow init debugfs_tracing_debug (dir (getattr relabelfrom)))
|
|
(allow init debugfs_tracing_debug (lnk_file (getattr relabelfrom)))
|
|
(allow init sysfs_type (file (getattr relabelto)))
|
|
(allow init sysfs_type (dir (getattr relabelto)))
|
|
(allow init sysfs_type (lnk_file (getattr relabelto)))
|
|
(allow init tracefs_type (file (getattr relabelto)))
|
|
(allow init tracefs_type (dir (getattr relabelto)))
|
|
(allow init tracefs_type (lnk_file (getattr relabelto)))
|
|
(allow init dev_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init dev_type (lnk_file (create)))
|
|
(allow init debugfs_tracing (file (write lock append map open)))
|
|
(allow init debugfs_tracing_instances (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init debugfs_tracing_instances (file (write lock append map open)))
|
|
(allow init debugfs_wifi_tracing (file (write lock append map open)))
|
|
(allow init base_typeattr_552 (file (read setattr open)))
|
|
(allow init base_typeattr_553 (dir (read setattr open search)))
|
|
(allow init binder_device (chr_file (read open)))
|
|
(allow init hwbinder_device (chr_file (read open)))
|
|
(allow init dm_device (chr_file (read open)))
|
|
(allow init pmsg_device (chr_file (read open)))
|
|
(allow init console_device (chr_file (read open)))
|
|
(allow init input_device (chr_file (read open)))
|
|
(allow init ptmx_device (chr_file (read open)))
|
|
(allow init kmsg_device (chr_file (read open)))
|
|
(allow init null_device (chr_file (read open)))
|
|
(allow init random_device (chr_file (read open)))
|
|
(allow init owntty_device (chr_file (read open)))
|
|
(allow init tty_device (chr_file (read open)))
|
|
(allow init zero_device (chr_file (read open)))
|
|
(allow init devpts (chr_file (read open)))
|
|
(allow init unlabeled (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init unlabeled (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow init unlabeled (lnk_file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow init unlabeled (sock_file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow init unlabeled (fifo_file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow init kernel (system (syslog_mod)))
|
|
(allow init self (capability2 (syslog)))
|
|
(allow init self (cap2_userns (syslog)))
|
|
(allow init proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_diskstats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_kmsg (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_uptime (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init proc_net_type (file (write lock append map open)))
|
|
(allow init proc_overcommit_memory (file (write lock append map open)))
|
|
(allow init proc_min_free_order_shift (file (write lock append map open)))
|
|
(allow init proc_watermark_boost_factor (file (write lock append map open)))
|
|
(allow init proc_abi (file (write lock append map open)))
|
|
(allow init proc_cpu_alignment (file (write lock append map open)))
|
|
(allow init proc_dirty (file (write lock append map open)))
|
|
(allow init proc_extra_free_kbytes (file (write lock append map open)))
|
|
(allow init proc_hostname (file (write lock append map open)))
|
|
(allow init proc_hung_task (file (write lock append map open)))
|
|
(allow init proc_max_map_count (file (write lock append map open)))
|
|
(allow init proc_page_cluster (file (write lock append map open)))
|
|
(allow init proc_panic (file (write lock append map open)))
|
|
(allow init proc_perf (file (write lock append map open)))
|
|
(allow init proc_sched (file (write lock append map open)))
|
|
(allow init proc_sysrq (file (write lock append map open)))
|
|
(allow init proc_security (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init proc_qtaguid_ctrl (file (setattr)))
|
|
(allow init proc_qtaguid_stat (file (setattr)))
|
|
(allow init proc_bootconfig (file (setattr)))
|
|
(allow init proc_cmdline (file (setattr)))
|
|
(allow init proc_kmsg (file (setattr)))
|
|
(allow init proc_net (file (setattr)))
|
|
(allow init proc_pagetypeinfo (file (setattr)))
|
|
(allow init proc_slabinfo (file (setattr)))
|
|
(allow init proc_sysrq (file (setattr)))
|
|
(allow init proc_vmallocinfo (file (setattr)))
|
|
(allow init sysfs_android_usb (file (write lock append map open)))
|
|
(allow init sysfs_dm (file (write lock append map open)))
|
|
(allow init sysfs_dm_verity (file (write lock append map open)))
|
|
(allow init sysfs_leds (file (write lock append map open)))
|
|
(allow init sysfs_power (file (write lock append map open)))
|
|
(allow init sysfs_lru_gen_enabled (file (write lock append map open)))
|
|
(allow init sysfs_fs_f2fs (file (write lock append map open)))
|
|
(allow init sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init sysfs_fs_ext4_features (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init sysfs_zram (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init loop_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx init loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c03 0x4c04) (range 0x4c08 0x4c09) 0x4c82)))
|
|
(allow init sysfs_vibrator (file (write lock append map open)))
|
|
(allow init sysfs_android_usb (file (setattr)))
|
|
(allow init sysfs_ipv4 (file (setattr)))
|
|
(allow init sysfs_leds (file (setattr)))
|
|
(allow init sysfs_wake_lock (file (setattr)))
|
|
(allow init sysfs_power (file (setattr)))
|
|
(allow init sysfs_devices_system_cpu (file (setattr)))
|
|
(allow init sysfs_lowmemorykiller (file (setattr)))
|
|
(allow init sysfs_vibrator (file (setattr)))
|
|
(allow init sysfs_zram (file (setattr)))
|
|
(allow init usermodehelper (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init sysfs_usermodehelper (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init self (capability (net_admin)))
|
|
(allow init self (cap_userns (net_admin)))
|
|
(allow init self (capability (sys_boot)))
|
|
(allow init self (cap_userns (sys_boot)))
|
|
(allow init misc_logd_file (dir (read write create getattr setattr open add_name search)))
|
|
(allow init misc_logd_file (file (write create getattr setattr open)))
|
|
(allow init self (capability (kill)))
|
|
(allow init self (cap_userns (kill)))
|
|
(allow init domain (process (sigkill signal getpgid)))
|
|
(allow init credstore_data_file (dir (read create getattr setattr open search)))
|
|
(allow init credstore_data_file (file (getattr)))
|
|
(allow init keystore_data_file (dir (read create getattr setattr open search)))
|
|
(allow init keystore_data_file (file (getattr)))
|
|
(allow init vold_data_file (dir (read create getattr setattr open search)))
|
|
(allow init vold_data_file (file (getattr)))
|
|
(allow init shell_data_file (dir (read create getattr setattr open search)))
|
|
(allow init shell_data_file (file (getattr)))
|
|
(allow init self (capability (setgid setuid setpcap)))
|
|
(allow init self (cap_userns (setgid setuid setpcap)))
|
|
(allow init domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init self (process (setexec setfscreate setsockcreate)))
|
|
(allow init file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init sepolicy_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init selinuxfs (file (write lock append map open)))
|
|
(allow init kernel (security (compute_av)))
|
|
(allow init self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow init kernel (security (compute_create)))
|
|
(allow init domain (unix_stream_socket (create bind setopt)))
|
|
(allow init domain (unix_dgram_socket (create bind setopt)))
|
|
(allow init property_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init property_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init property_type (property_service (set)))
|
|
(allow init self (netlink_audit_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_relay)))
|
|
(allow init self (capability (audit_write)))
|
|
(allow init self (cap_userns (audit_write)))
|
|
(allow init self (udp_socket (ioctl create)))
|
|
(allowx init self (ioctl udp_socket (0x8914)))
|
|
(allow init self (capability (net_raw)))
|
|
(allow init self (cap_userns (net_raw)))
|
|
(allow init kernel (process (getsched setsched)))
|
|
(allow init swap_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init device (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init dm_user_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init metadata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init pstorefs (dir (search)))
|
|
(allow init pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init kernel (system (syslog_read)))
|
|
(allow init init (key (write search setattr)))
|
|
(allow init unencrypted_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allowx init data_file_type (ioctl dir (0x6613 0x6615)))
|
|
(allowx init unlabeled (ioctl dir (0x6613 0x6615)))
|
|
(allow init misc_block_device (blk_file (write lock append map open)))
|
|
(allow init system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init system_dlkm_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init system_dlkm_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init system_dlkm_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init vendor_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init vendor_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init system_data_file (file (read getattr)))
|
|
(allow init system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init vendor_shell_exec (file (execute)))
|
|
(allow init vold_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init vold_metadata_file (file (getattr)))
|
|
(allow init metadata_bootstat_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow init metadata_bootstat_file (file (write lock append map open)))
|
|
(allow init userspace_reboot_metadata_file (file (write lock append map open)))
|
|
(allow init proc_pressure_mem (file (ioctl read write getattr setattr lock append map open watch watch_reads)))
|
|
(allow init system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init system_bootstrap_lib_file (file (read getattr map execute open)))
|
|
(allow init fuse (dir (getattr search)))
|
|
(allow init userdata_sysdev (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow init rootdisk_sysdev (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lmx 659 system/sepolicy/public/init.te
|
|
|
|
(neverallow domain init (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 660 system/sepolicy/public/init.te
|
|
|
|
(neverallow base_typeattr_254 init (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 661 system/sepolicy/public/init.te
|
|
|
|
(neverallow init base_typeattr_554 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 664 system/sepolicy/public/init.te
|
|
|
|
(neverallow init shell_data_file (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 665 system/sepolicy/public/init.te
|
|
|
|
(neverallow init app_data_file_type (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 668 system/sepolicy/public/init.te
|
|
|
|
(neverallow init fs_type (file (execute_no_trans)))
|
|
(neverallow init file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 677 system/sepolicy/public/init.te
|
|
|
|
(neverallow init base_typeattr_224 (process (noatsecure)))
|
|
;;* lme
|
|
|
|
;;* lmx 680 system/sepolicy/public/init.te
|
|
|
|
(neverallow init service_manager_type (service_manager (add find)))
|
|
;;* lme
|
|
|
|
;;* lmx 682 system/sepolicy/public/init.te
|
|
|
|
(neverallow init servicemanager (service_manager (list)))
|
|
;;* lme
|
|
|
|
;;* lmx 685 system/sepolicy/public/init.te
|
|
|
|
(neverallow init shell_data_file (dir (write add_name remove_name)))
|
|
;;* lme
|
|
|
|
;;* lmx 688 system/sepolicy/public/init.te
|
|
|
|
(neverallow init sysfs (file (write open)))
|
|
;;* lme
|
|
|
|
;;* lmx 691 system/sepolicy/public/init.te
|
|
|
|
(neverallow base_typeattr_224 init (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 696 system/sepolicy/public/init.te
|
|
|
|
(neverallow base_typeattr_555 system_data_root_file (dir (write add_name remove_name)))
|
|
;;* lme
|
|
|
|
(allow inputflinger servicemanager (binder (call transfer)))
|
|
(allow servicemanager inputflinger (binder (call transfer)))
|
|
(allow servicemanager inputflinger (dir (search)))
|
|
(allow servicemanager inputflinger (file (read open)))
|
|
(allow servicemanager inputflinger (process (getattr)))
|
|
(allow inputflinger system_server (binder (call transfer)))
|
|
(allow system_server inputflinger (binder (transfer)))
|
|
(allow inputflinger system_server (fd (use)))
|
|
(allow inputflinger sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow inputflinger self (capability2 (block_suspend)))
|
|
(allow inputflinger self (cap2_userns (block_suspend)))
|
|
(allow inputflinger system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server inputflinger (binder (transfer)))
|
|
(allow inputflinger system_suspend_server (fd (use)))
|
|
(allow inputflinger system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow inputflinger hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager inputflinger (binder (call transfer)))
|
|
(allow hwservicemanager inputflinger (dir (search)))
|
|
(allow hwservicemanager inputflinger (file (read map open)))
|
|
(allow hwservicemanager inputflinger (process (getattr)))
|
|
(allow inputflinger hwservicemanager_prop (file (read getattr map open)))
|
|
(allow inputflinger hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow inputflinger hal_system_suspend_service (service_manager (find)))
|
|
(allow inputflinger servicemanager (binder (call transfer)))
|
|
(allow servicemanager inputflinger (binder (call transfer)))
|
|
(allow servicemanager inputflinger (dir (search)))
|
|
(allow servicemanager inputflinger (file (read open)))
|
|
(allow servicemanager inputflinger (process (getattr)))
|
|
(allow inputflinger input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow inputflinger input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow inputflinger cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow inputflinger cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow inputflinger cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow inputflinger cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow inputflinger cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow inputflinger cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid sys_admin)))
|
|
(allow installd self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid sys_admin)))
|
|
(allow installd dalvikcache_data_file (dir (relabelto)))
|
|
(allow installd dalvikcache_data_file (file (relabelto link)))
|
|
(allow installd apk_data_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd apk_data_file (file (ioctl read write create getattr setattr lock relabelfrom append map unlink link rename open watch watch_reads)))
|
|
(allow installd apk_data_file (lnk_file (ioctl read create getattr lock map unlink open watch watch_reads)))
|
|
(allow installd asec_apk_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd apk_tmp_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow installd apk_tmp_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd oemfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd oemfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd mnt_expand_file (dir (getattr search)))
|
|
(allow installd selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd selinuxfs (file (write lock append map open)))
|
|
(allow installd kernel (security (check_context)))
|
|
(allow installd rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_framework_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd vendor_framework_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_framework_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd vendor_apex_metadata_file (dir (getattr search)))
|
|
(allow installd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd asec_image_file (dir (search)))
|
|
(allow installd asec_image_file (file (getattr)))
|
|
(allow installd system_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd system_data_file (lnk_file (read create getattr setattr unlink)))
|
|
(allow installd mnt_pass_through_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd media_rw_data_file (file (getattr unlink)))
|
|
(allow installd system_data_file (dir (relabelfrom)))
|
|
(allow installd media_rw_data_file (dir (relabelto)))
|
|
(allow installd media_userdir_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd storage_file (dir (search)))
|
|
(allow installd sdcard_type (dir (read write getattr open remove_name search rmdir)))
|
|
(allow installd fuse (dir (read write getattr open remove_name search rmdir)))
|
|
(allow installd sdcard_type (file (getattr unlink)))
|
|
(allow installd fuse (file (getattr unlink)))
|
|
(allow installd mirror_data_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd system_userdir_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow installd misc_user_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd misc_user_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow installd keychain_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd keychain_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow installd install_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow installd install_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow installd dalvikcache_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd dalvikcache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow installd dalvikcache_data_file (lnk_file (getattr)))
|
|
(allow installd resourcecache_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow installd resourcecache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow installd unlabeled (dir (ioctl read write getattr lock relabelfrom open watch watch_reads add_name remove_name search rmdir)))
|
|
(allow installd unlabeled (file (getattr setattr relabelfrom unlink rename)))
|
|
(allow installd unlabeled (lnk_file (getattr setattr relabelfrom unlink rename)))
|
|
(allow installd unlabeled (sock_file (getattr setattr relabelfrom unlink rename)))
|
|
(allow installd unlabeled (fifo_file (getattr setattr relabelfrom unlink rename)))
|
|
(allow installd unlabeled (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd system_data_file (file (getattr relabelfrom unlink)))
|
|
(allow installd system_data_file (lnk_file (getattr relabelfrom unlink)))
|
|
(allow installd system_data_file (sock_file (getattr relabelfrom unlink)))
|
|
(allow installd system_data_file (fifo_file (getattr relabelfrom unlink)))
|
|
(allow installd app_data_file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd app_data_file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open watch watch_reads)))
|
|
(allow installd app_data_file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open watch watch_reads)))
|
|
(allow installd app_data_file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open watch watch_reads)))
|
|
(allow installd app_data_file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open watch watch_reads)))
|
|
(allowx installd app_data_file_type (ioctl file ((range 0x581f 0x5820))))
|
|
(allowx installd app_data_file_type (ioctl dir ((range 0x581f 0x5820))))
|
|
(allowx installd system_data_file (ioctl file ((range 0x581f 0x5820))))
|
|
(allowx installd system_data_file (ioctl dir ((range 0x581f 0x5820))))
|
|
(allowx installd install_data_file (ioctl file ((range 0x581f 0x5820))))
|
|
(allowx installd install_data_file (ioctl dir ((range 0x581f 0x5820))))
|
|
(allowx installd app_data_file_type (ioctl file ((range 0x6601 0x6602))))
|
|
(allowx installd app_data_file_type (ioctl dir ((range 0x6601 0x6602))))
|
|
(allowx installd system_data_file (ioctl file ((range 0x6601 0x6602))))
|
|
(allowx installd system_data_file (ioctl dir ((range 0x6601 0x6602))))
|
|
(allowx installd install_data_file (ioctl file ((range 0x6601 0x6602))))
|
|
(allowx installd install_data_file (ioctl dir ((range 0x6601 0x6602))))
|
|
(allow installd user_profile_root_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd user_profile_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd user_profile_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow installd user_profile_data_file (file (unlink)))
|
|
(allow installd labeledfs (filesystem (unmount)))
|
|
(allow installd profman_dump_data_file (dir (write add_name search)))
|
|
(allow installd profman_dump_data_file (file (write create setattr open)))
|
|
(allow installd devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow installd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow installd servicemanager (binder (call transfer)))
|
|
(allow servicemanager installd (binder (call transfer)))
|
|
(allow servicemanager installd (dir (search)))
|
|
(allow servicemanager installd (file (read open)))
|
|
(allow servicemanager installd (process (getattr)))
|
|
(allow installd installd_service (service_manager (add find)))
|
|
;;* lmx 145 system/sepolicy/public/installd.te
|
|
|
|
(neverallow base_typeattr_556 installd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow installd dumpstate (fifo_file (write getattr)))
|
|
(allow installd system_server (binder (call transfer)))
|
|
(allow system_server installd (binder (transfer)))
|
|
(allow installd system_server (fd (use)))
|
|
(allow installd permission_service (service_manager (find)))
|
|
(allow installd block_device (dir (search)))
|
|
(allow installd labeledfs (filesystem (quotamod quotaget)))
|
|
(allow installd preloads_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow installd preloads_data_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search rmdir)))
|
|
(allow installd preloads_media_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow installd preloads_media_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search rmdir)))
|
|
(allow installd proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd storage_config_prop (file (read getattr map open)))
|
|
(allow installd vold (fd (use)))
|
|
;;* lmx 178 system/sepolicy/public/installd.te
|
|
|
|
(neverallow base_typeattr_557 installd_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 179 system/sepolicy/public/installd.te
|
|
|
|
(neverallow base_typeattr_558 installd (binder (call)))
|
|
;;* lme
|
|
|
|
;;* lmx 185 system/sepolicy/public/installd.te
|
|
|
|
(neverallow installd base_typeattr_559 (binder (call)))
|
|
;;* lme
|
|
|
|
(allow kernel self (capability (sys_nice)))
|
|
(allow kernel self (cap_userns (sys_nice)))
|
|
(allow kernel rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow kernel rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow kernel rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow kernel proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow kernel proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow kernel selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow kernel selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow kernel file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow kernel rootfs (file (relabelfrom)))
|
|
(allow kernel init_exec (file (relabelto)))
|
|
(allow kernel init (process (share)))
|
|
(allow kernel unlabeled (dir (search)))
|
|
(allow kernel usbfs (filesystem (mount)))
|
|
(allow kernel usbfs (dir (search)))
|
|
(dontaudit kernel self (security (setenforce)))
|
|
(allow kernel self (capability (sys_resource)))
|
|
(allow kernel self (cap_userns (sys_resource)))
|
|
(allow kernel self (capability (sys_boot)))
|
|
(allow kernel self (cap_userns (sys_boot)))
|
|
(allow kernel proc_sysrq (file (write lock append map open)))
|
|
(allow kernel tmpfs (chr_file (write)))
|
|
(allow kernel selinuxfs (file (write)))
|
|
(allow kernel self (security (setcheckreqprot)))
|
|
(allow kernel sdcard_type (file (read write)))
|
|
(allow kernel fuse (file (read write)))
|
|
(allow kernel mediaprovider (fd (use)))
|
|
(allow kernel vold (fd (use)))
|
|
(allow kernel app_data_file (file (read)))
|
|
(allow kernel privapp_data_file (file (read)))
|
|
(allow kernel asec_image_file (file (read)))
|
|
(allow kernel media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow kernel media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow kernel vold_data_file (file (read write)))
|
|
(allow kernel apexd (fd (use)))
|
|
(allow kernel apex_data_file (file (read)))
|
|
(allow kernel staging_data_file (file (read)))
|
|
(allow kernel vendor_apex_file (file (read)))
|
|
(allow kernel system_file (file (execute)))
|
|
(allow kernel appdomain_tmpfs (file (read write)))
|
|
;;* lmx 128 system/sepolicy/public/kernel.te
|
|
|
|
(neverallow base_typeattr_224 kernel (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 138 system/sepolicy/public/kernel.te
|
|
|
|
(neverallow kernel base_typeattr_224 (file (execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 143 system/sepolicy/public/kernel.te
|
|
|
|
(neverallow kernel self (capability (dac_override dac_read_search)))
|
|
(neverallow kernel self (cap_userns (dac_override dac_read_search)))
|
|
;;* lme
|
|
|
|
;;* lmx 146 system/sepolicy/public/kernel.te
|
|
|
|
(neverallow base_typeattr_224 kernel (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow keystore servicemanager (binder (call transfer)))
|
|
(allow servicemanager keystore (binder (call transfer)))
|
|
(allow servicemanager keystore (dir (search)))
|
|
(allow servicemanager keystore (file (read open)))
|
|
(allow servicemanager keystore (process (getattr)))
|
|
(allow keystore remote_provisioning_service_server (binder (call transfer)))
|
|
(allow remote_provisioning_service_server keystore (binder (transfer)))
|
|
(allow keystore remote_provisioning_service_server (fd (use)))
|
|
(allow keystore system_server (binder (call transfer)))
|
|
(allow system_server keystore (binder (transfer)))
|
|
(allow keystore system_server (fd (use)))
|
|
(allow keystore wificond (binder (call transfer)))
|
|
(allow wificond keystore (binder (transfer)))
|
|
(allow keystore wificond (fd (use)))
|
|
(allow keystore keystore_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow keystore keystore_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow keystore keystore_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow keystore keystore_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow keystore keystore_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow keystore keystore_exec (file (getattr)))
|
|
(allow keystore keystore_service (service_manager (add find)))
|
|
;;* lmx 16 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 keystore_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore sec_key_att_app_id_provider_service (service_manager (find)))
|
|
(allow keystore dropbox_service (service_manager (find)))
|
|
(allow keystore remote_provisioning_service (service_manager (find)))
|
|
(allow keystore apc_service (service_manager (add find)))
|
|
;;* lmx 20 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 apc_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore keystore_compat_hal_service (service_manager (add find)))
|
|
;;* lmx 21 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 keystore_compat_hal_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore authorization_service (service_manager (add find)))
|
|
;;* lmx 22 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 authorization_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore keystore_maintenance_service (service_manager (add find)))
|
|
;;* lmx 23 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 keystore_maintenance_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore keystore_metrics_service (service_manager (add find)))
|
|
;;* lmx 24 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 keystore_metrics_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore legacykeystore_service (service_manager (add find)))
|
|
;;* lmx 25 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 legacykeystore_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow keystore selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow keystore selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore selinuxfs (file (write lock append map open)))
|
|
(allow keystore kernel (security (compute_av)))
|
|
(allow keystore self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow keystore cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow keystore cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow keystore cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 39 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 keystore_data_file (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 40 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_560 keystore_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_560 keystore_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_560 keystore_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_560 keystore_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_561 keystore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow base_typeattr_561 keystore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_561 keystore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_561 keystore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_561 keystore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 46 system/sepolicy/public/keystore.te
|
|
|
|
(neverallow domain keystore (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow keystore vendor_security_patch_level_prop (file (read getattr map open)))
|
|
(allow keystore keystore_config_prop (file (read getattr map open)))
|
|
(allow lmkd self (capability (dac_override dac_read_search kill sys_resource)))
|
|
(allow lmkd self (cap_userns (dac_override dac_read_search kill sys_resource)))
|
|
(allow lmkd self (capability (ipc_lock)))
|
|
(allow lmkd self (cap_userns (ipc_lock)))
|
|
(allow lmkd domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow lmkd domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd domain (file (write)))
|
|
(allow lmkd sysfs_lowmemorykiller (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow lmkd sysfs_lowmemorykiller (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd sysfs_lowmemorykiller (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd sysfs_lowmemorykiller (file (write lock append map open)))
|
|
(allow lmkd domain (process (sigkill setsched)))
|
|
(allow lmkd kernel (process (setsched)))
|
|
(allow lmkd cgroup (dir (remove_name rmdir)))
|
|
(allow lmkd cgroup_v2 (dir (remove_name rmdir)))
|
|
(allow lmkd cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd self (capability (sys_nice)))
|
|
(allow lmkd self (cap_userns (sys_nice)))
|
|
(allow lmkd proc_zoneinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd domain (dir (read open search)))
|
|
(allow lmkd domain (file (read open)))
|
|
(allow lmkd proc_sysrq (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow lmkd proc_lowmemorykiller (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd proc_pressure_cpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd proc_pressure_io (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lmkd proc_pressure_mem (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow lmkd lmkd_socket (sock_file (write)))
|
|
(allow lmkd statsdw_socket (sock_file (write)))
|
|
(allow lmkd statsd (unix_dgram_socket (sendto)))
|
|
;;* lmx 71 system/sepolicy/public/lmkd.te
|
|
|
|
(neverallow base_typeattr_224 lmkd (process (noatsecure)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/public/lmkd.te
|
|
|
|
(neverallow lmkd self (capability (sys_ptrace)))
|
|
(neverallow lmkd self (cap_userns (sys_ptrace)))
|
|
;;* lme
|
|
|
|
(allow logd cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow logd cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow logd cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd proc_kmsg (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow logd proc_kmsg (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd proc_kmsg (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd proc_meminfo (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow logd proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd proc_meminfo (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd self (capability (setgid setuid setpcap sys_nice audit_control)))
|
|
(allow logd self (cap_userns (setgid setuid setpcap sys_nice audit_control)))
|
|
(allow logd self (capability2 (syslog)))
|
|
(allow logd self (cap2_userns (syslog)))
|
|
(allow logd self (netlink_audit_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_write)))
|
|
(allow logd kernel (system (syslog_read)))
|
|
(allow logd kmsg_device (chr_file (write getattr lock append map open)))
|
|
(allow logd system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd pstorefs (dir (search)))
|
|
(allow logd pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd runtime_event_log_tags_file (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow logd domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow logd domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow logd kernel (system (syslog_mod)))
|
|
(allow logd logd_socket (sock_file (write)))
|
|
(allow logd logd (unix_stream_socket (connectto)))
|
|
(allow logd runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runtime_event_log_tags_file tmpfs (filesystem (associate)))
|
|
(dontaudit domain runtime_event_log_tags_file (file (read map open)))
|
|
(allow logd property_socket (sock_file (write)))
|
|
(allow logd init (unix_stream_socket (connectto)))
|
|
(allow logd logd_prop (property_service (set)))
|
|
(allow logd logd_prop (file (read getattr map open)))
|
|
;;* lmx 51 system/sepolicy/public/logd.te
|
|
|
|
(neverallow logd dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/public/logd.te
|
|
|
|
(neverallow logd domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 57 system/sepolicy/public/logd.te
|
|
|
|
(neverallow domain logd (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 60 system/sepolicy/public/logd.te
|
|
|
|
(neverallow logd system_file_type (file (write)))
|
|
(neverallow logd system_file_type (dir (write)))
|
|
(neverallow logd system_file_type (lnk_file (write)))
|
|
(neverallow logd system_file_type (chr_file (write)))
|
|
(neverallow logd system_file_type (blk_file (write)))
|
|
(neverallow logd system_file_type (sock_file (write)))
|
|
(neverallow logd system_file_type (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 68 system/sepolicy/public/logd.te
|
|
|
|
(neverallow logd base_typeattr_562 (file (write)))
|
|
(neverallow logd base_typeattr_562 (dir (write)))
|
|
(neverallow logd base_typeattr_562 (lnk_file (write)))
|
|
(neverallow logd base_typeattr_562 (chr_file (write)))
|
|
(neverallow logd base_typeattr_562 (blk_file (write)))
|
|
(neverallow logd base_typeattr_562 (sock_file (write)))
|
|
(neverallow logd base_typeattr_562 (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 71 system/sepolicy/public/logd.te
|
|
|
|
(neverallow base_typeattr_223 logd (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/public/logd.te
|
|
|
|
(neverallow base_typeattr_224 logd (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/public/logd.te
|
|
|
|
(neverallow base_typeattr_563 runtime_event_log_tags_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow logpersist shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow logpersist logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
;;* lmx 15 system/sepolicy/public/logpersist.te
|
|
|
|
(neverallow logpersist dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 18 system/sepolicy/public/logpersist.te
|
|
|
|
(neverallow logpersist domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 21 system/sepolicy/public/logpersist.te
|
|
|
|
(neverallow logpersist app_data_file_type (file (write)))
|
|
(neverallow logpersist app_data_file_type (dir (write)))
|
|
(neverallow logpersist app_data_file_type (lnk_file (write)))
|
|
(neverallow logpersist app_data_file_type (chr_file (write)))
|
|
(neverallow logpersist app_data_file_type (blk_file (write)))
|
|
(neverallow logpersist app_data_file_type (sock_file (write)))
|
|
(neverallow logpersist app_data_file_type (fifo_file (write)))
|
|
(neverallow logpersist system_data_file (file (write)))
|
|
(neverallow logpersist system_data_file (dir (write)))
|
|
(neverallow logpersist system_data_file (lnk_file (write)))
|
|
(neverallow logpersist system_data_file (chr_file (write)))
|
|
(neverallow logpersist system_data_file (blk_file (write)))
|
|
(neverallow logpersist system_data_file (sock_file (write)))
|
|
(neverallow logpersist system_data_file (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 31 system/sepolicy/public/logpersist.te
|
|
|
|
(neverallow base_typeattr_224 logpersist (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allowx logpersist misc_logd_file (ioctl file (0x6602)))
|
|
(allowx logpersist misc_logd_file (ioctl file (0xf512)))
|
|
(allow mediadrmserver servicemanager (binder (call transfer)))
|
|
(allow servicemanager mediadrmserver (binder (call transfer)))
|
|
(allow servicemanager mediadrmserver (dir (search)))
|
|
(allow servicemanager mediadrmserver (file (read open)))
|
|
(allow servicemanager mediadrmserver (process (getattr)))
|
|
(allow mediadrmserver binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain mediadrmserver (binder (transfer)))
|
|
(allow mediadrmserver binderservicedomain (fd (use)))
|
|
(allow mediadrmserver appdomain (binder (call transfer)))
|
|
(allow appdomain mediadrmserver (binder (transfer)))
|
|
(allow mediadrmserver appdomain (fd (use)))
|
|
(allow mediadrmserver mediadrmserver_service (service_manager (add find)))
|
|
;;* lmx 14 system/sepolicy/public/mediadrmserver.te
|
|
|
|
(neverallow base_typeattr_564 mediadrmserver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow mediadrmserver mediaserver_service (service_manager (find)))
|
|
(allow mediadrmserver mediametrics_service (service_manager (find)))
|
|
(allow mediadrmserver processinfo_service (service_manager (find)))
|
|
(allow mediadrmserver surfaceflinger_service (service_manager (find)))
|
|
(allow mediadrmserver system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediadrmserver hal_omx_server (binder (call transfer)))
|
|
(allow hal_omx_server mediadrmserver (binder (transfer)))
|
|
(allow mediadrmserver hal_omx_server (fd (use)))
|
|
;;* lmx 30 system/sepolicy/public/mediadrmserver.te
|
|
|
|
(neverallow mediadrmserver fs_type (file (execute_no_trans)))
|
|
(neverallow mediadrmserver file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 33 system/sepolicy/public/mediadrmserver.te
|
|
|
|
(neverallowx mediadrmserver domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx mediadrmserver domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx mediadrmserver domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 33 system/sepolicy/public/mediadrmserver.te
|
|
|
|
(neverallowx mediadrmserver domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediadrmserver domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediadrmserver domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 33 system/sepolicy/public/mediadrmserver.te
|
|
|
|
(neverallowx mediadrmserver domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediadrmserver domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediadrmserver domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
(allow mediaextractor servicemanager (binder (call transfer)))
|
|
(allow servicemanager mediaextractor (binder (call transfer)))
|
|
(allow servicemanager mediaextractor (dir (search)))
|
|
(allow servicemanager mediaextractor (file (read open)))
|
|
(allow servicemanager mediaextractor (process (getattr)))
|
|
(allow mediaextractor binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain mediaextractor (binder (transfer)))
|
|
(allow mediaextractor binderservicedomain (fd (use)))
|
|
(allow mediaextractor appdomain (binder (call transfer)))
|
|
(allow appdomain mediaextractor (binder (transfer)))
|
|
(allow mediaextractor appdomain (fd (use)))
|
|
(allow mediaextractor mediaextractor_service (service_manager (add find)))
|
|
;;* lmx 13 system/sepolicy/public/mediaextractor.te
|
|
|
|
(neverallow base_typeattr_565 mediaextractor_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow mediaextractor mediametrics_service (service_manager (find)))
|
|
(allow mediaextractor hidl_token_hwservice (hwservice_manager (find)))
|
|
(allow mediaextractor system_server (fd (use)))
|
|
(allow mediaextractor cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaextractor cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaextractor cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaextractor cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaextractor cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaextractor cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaextractor proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaextractor anr_data_file (file (append)))
|
|
(allow mediaextractor dumpstate (fd (use)))
|
|
(allow mediaextractor incidentd (fd (use)))
|
|
(allow mediaextractor dumpstate (fifo_file (write append)))
|
|
(allow mediaextractor incidentd (fifo_file (write append)))
|
|
(allow mediaextractor system_server (fifo_file (write append)))
|
|
(allow mediaextractor tombstoned (unix_stream_socket (connectto)))
|
|
(allow mediaextractor tombstoned (fd (use)))
|
|
(allow mediaextractor tombstoned_crash_socket (sock_file (write)))
|
|
(allow mediaextractor tombstone_data_file (file (append)))
|
|
(allow mediaextractor sdcard_type (file (read getattr)))
|
|
(allow mediaextractor fuse (file (read getattr)))
|
|
(allow mediaextractor media_rw_data_file (file (read getattr)))
|
|
(allow mediaextractor app_data_file (file (read getattr)))
|
|
(allow mediaextractor privapp_data_file (file (read getattr)))
|
|
(allow mediaextractor apk_data_file (file (read getattr)))
|
|
(allow mediaextractor asec_apk_file (file (read getattr)))
|
|
(allow mediaextractor ringtone_file (file (read getattr)))
|
|
(allow mediaextractor vendor_overlay_file (file (read map)))
|
|
(allow mediaextractor system_file (dir (read open)))
|
|
;;* lmx 50 system/sepolicy/public/mediaextractor.te
|
|
|
|
(neverallow mediaextractor fs_type (file (execute_no_trans)))
|
|
(neverallow mediaextractor file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 62 system/sepolicy/public/mediaextractor.te
|
|
|
|
(neverallow mediaextractor domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow mediaextractor domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 63 system/sepolicy/public/mediaextractor.te
|
|
|
|
(neverallow mediaextractor domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/public/mediaextractor.te
|
|
|
|
(neverallow mediaextractor data_file_type (file (open)))
|
|
;;* lme
|
|
|
|
(allow mediametrics servicemanager (binder (call transfer)))
|
|
(allow servicemanager mediametrics (binder (call transfer)))
|
|
(allow servicemanager mediametrics (dir (search)))
|
|
(allow servicemanager mediametrics (file (read open)))
|
|
(allow servicemanager mediametrics (process (getattr)))
|
|
(allow mediametrics binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain mediametrics (binder (transfer)))
|
|
(allow mediametrics binderservicedomain (fd (use)))
|
|
(allow mediametrics mediametrics_service (service_manager (add find)))
|
|
;;* lmx 10 system/sepolicy/public/mediametrics.te
|
|
|
|
(neverallow base_typeattr_566 mediametrics_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow mediametrics system_server (fd (use)))
|
|
(allow mediametrics cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediametrics cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediametrics cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediametrics cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediametrics cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediametrics cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediametrics proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediametrics app_data_file (file (write)))
|
|
(allow mediametrics privapp_data_file (file (write)))
|
|
(allow mediametrics package_native_service (service_manager (find)))
|
|
(allow mediametrics statsdw_socket (sock_file (write)))
|
|
(allow mediametrics statsd (unix_dgram_socket (sendto)))
|
|
;;* lmx 33 system/sepolicy/public/mediametrics.te
|
|
|
|
(neverallow mediametrics fs_type (file (execute_no_trans)))
|
|
(neverallow mediametrics file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/public/mediametrics.te
|
|
|
|
(neverallow mediametrics domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow mediametrics domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 46 system/sepolicy/public/mediametrics.te
|
|
|
|
(neverallow mediametrics domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
(allow mediaserver sdcard_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver sdcard_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver sdcard_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver fuse (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver fuse (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver fuse (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver proc (lnk_file (getattr)))
|
|
(allow mediaserver system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver servicemanager (binder (call transfer)))
|
|
(allow servicemanager mediaserver (binder (call transfer)))
|
|
(allow servicemanager mediaserver (dir (search)))
|
|
(allow servicemanager mediaserver (file (read open)))
|
|
(allow servicemanager mediaserver (process (getattr)))
|
|
(allow mediaserver binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain mediaserver (binder (transfer)))
|
|
(allow mediaserver binderservicedomain (fd (use)))
|
|
(allow mediaserver appdomain (binder (call transfer)))
|
|
(allow appdomain mediaserver (binder (transfer)))
|
|
(allow mediaserver appdomain (fd (use)))
|
|
(allow mediaserver media_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mediaserver media_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow mediaserver app_data_file (file (ioctl read write getattr lock append map)))
|
|
(allow mediaserver privapp_data_file (file (ioctl read write getattr lock append map)))
|
|
(allow mediaserver sdcard_type (file (write)))
|
|
(allow mediaserver fuse (file (write)))
|
|
(allow mediaserver gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediaserver gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver video_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver video_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediaserver apk_data_file (file (read getattr)))
|
|
(allow mediaserver asec_apk_file (file (read getattr)))
|
|
(allow mediaserver ringtone_file (file (read getattr)))
|
|
(allow mediaserver radio_data_file (file (read getattr)))
|
|
(allow mediaserver appdomain (fifo_file (read write getattr)))
|
|
(allow mediaserver rpmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediaserver system_server (fifo_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver media_rw_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaserver media_rw_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver media_rw_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver app_fuse_file (file (read getattr)))
|
|
(allow mediaserver drmserver_socket (sock_file (write)))
|
|
(allow mediaserver drmserver (unix_stream_socket (connectto)))
|
|
(allow mediaserver bluetooth_socket (sock_file (write)))
|
|
(allow mediaserver bluetooth (unix_stream_socket (connectto)))
|
|
(allow mediaserver statsdw_socket (sock_file (write)))
|
|
(allow mediaserver statsd (unix_dgram_socket (sendto)))
|
|
(allow mediaserver mediaserver_service (service_manager (add find)))
|
|
;;* lmx 72 system/sepolicy/public/mediaserver.te
|
|
|
|
(neverallow base_typeattr_567 mediaserver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow mediaserver activity_service (service_manager (find)))
|
|
(allow mediaserver appops_service (service_manager (find)))
|
|
(allow mediaserver audio_service (service_manager (find)))
|
|
(allow mediaserver audioserver_service (service_manager (find)))
|
|
(allow mediaserver cameraserver_service (service_manager (find)))
|
|
(allow mediaserver batterystats_service (service_manager (find)))
|
|
(allow mediaserver drmserver_service (service_manager (find)))
|
|
(allow mediaserver mediaextractor_service (service_manager (find)))
|
|
(allow mediaserver mediametrics_service (service_manager (find)))
|
|
(allow mediaserver media_session_service (service_manager (find)))
|
|
(allow mediaserver package_native_service (service_manager (find)))
|
|
(allow mediaserver permission_service (service_manager (find)))
|
|
(allow mediaserver permission_checker_service (service_manager (find)))
|
|
(allow mediaserver power_service (service_manager (find)))
|
|
(allow mediaserver processinfo_service (service_manager (find)))
|
|
(allow mediaserver scheduling_policy_service (service_manager (find)))
|
|
(allow mediaserver surfaceflinger_service (service_manager (find)))
|
|
(allow mediaserver mediadrmserver_service (service_manager (find)))
|
|
(allow mediaserver hidl_token_hwservice (hwservice_manager (find)))
|
|
(allow mediaserver oemfs (dir (search)))
|
|
(allow mediaserver oemfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver bootanim_oem_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver vendor_app_file (file (read getattr map)))
|
|
(allow drmserver mediaserver (dir (search)))
|
|
(allow drmserver mediaserver (file (read open)))
|
|
(allow drmserver mediaserver (process (getattr)))
|
|
(allow mediaserver drmserver (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread)))
|
|
(allowx mediaserver self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx mediaserver self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx mediaserver self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx mediaserver self (ioctl tcp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx mediaserver self (ioctl udp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx mediaserver self (ioctl rawip_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx mediaserver self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx mediaserver self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx mediaserver self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allow mediaserver media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mediaserver media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow mediaserver preloads_media_file (file (ioctl read getattr)))
|
|
(allow mediaserver ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaserver hal_graphics_allocator (fd (use)))
|
|
(allow mediaserver hal_graphics_composer (fd (use)))
|
|
(allow mediaserver hal_camera (fd (use)))
|
|
(allow mediaserver system_server (fd (use)))
|
|
(allow mediaserver vold (fd (use)))
|
|
(allow mediaserver vendor_overlay_file (file (read getattr map)))
|
|
;;* lmx 155 system/sepolicy/public/mediaserver.te
|
|
|
|
(neverallow mediaserver fs_type (file (execute_no_trans)))
|
|
(neverallow mediaserver file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 158 system/sepolicy/public/mediaserver.te
|
|
|
|
(neverallowx mediaserver domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaserver domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaserver domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 158 system/sepolicy/public/mediaserver.te
|
|
|
|
(neverallowx mediaserver domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaserver domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaserver domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 158 system/sepolicy/public/mediaserver.te
|
|
|
|
(neverallowx mediaserver domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaserver domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaserver domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
(allow mediaswcodec aac_drc_prop (file (read getattr map open)))
|
|
(allow mediaswcodec anr_data_file (file (append)))
|
|
(allow mediaswcodec dumpstate (fd (use)))
|
|
(allow mediaswcodec incidentd (fd (use)))
|
|
(allow mediaswcodec dumpstate (fifo_file (write append)))
|
|
(allow mediaswcodec incidentd (fifo_file (write append)))
|
|
(allow mediaswcodec system_server (fifo_file (write append)))
|
|
(allow mediaswcodec tombstoned (unix_stream_socket (connectto)))
|
|
(allow mediaswcodec tombstoned (fd (use)))
|
|
(allow mediaswcodec tombstoned_crash_socket (sock_file (write)))
|
|
(allow mediaswcodec tombstone_data_file (file (append)))
|
|
;;* lmx 21 system/sepolicy/public/mediaswcodec.te
|
|
|
|
(neverallow mediaswcodec fs_type (file (execute_no_trans)))
|
|
(neverallow mediaswcodec file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 27 system/sepolicy/public/mediaswcodec.te
|
|
|
|
(neverallow mediaswcodec domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow mediaswcodec domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 28 system/sepolicy/public/mediaswcodec.te
|
|
|
|
(neverallow mediaswcodec domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
(allow mediaswcodec dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaswcodec dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaswcodec gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediaswcodec gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow modprobe proc_modules (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow modprobe proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow modprobe self (capability (sys_module)))
|
|
(allow modprobe self (cap_userns (sys_module)))
|
|
(allow modprobe kernel (key (search)))
|
|
(allow modprobe system_dlkm_file (dir (search)))
|
|
(allow modprobe system_dlkm_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow modprobe system_dlkm_file (system (module_load)))
|
|
(allow netdomain self (tcp_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
(allow netdomain self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netdomain self (rawip_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netdomain self (icmp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netdomain port_type (tcp_socket (name_connect)))
|
|
(allow netdomain self (netlink_route_socket (read write create getattr setattr lock append connect getopt setopt shutdown nlmsg_read)))
|
|
(allow netdomain dnsproxyd_socket (sock_file (write)))
|
|
(allow netdomain netd (unix_stream_socket (connectto)))
|
|
(allow netdomain fwmarkd_socket (sock_file (write)))
|
|
(allow netdomain netd (unix_stream_socket (connectto)))
|
|
(allow netd mdnsd_socket (sock_file (write)))
|
|
(allow netd mdnsd (unix_stream_socket (connectto)))
|
|
(allowx netd self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx netd self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx netd self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow netd cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netd cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd system_server (fd (use)))
|
|
(allow netd self (capability (kill net_admin net_raw)))
|
|
(allow netd self (cap_userns (kill net_admin net_raw)))
|
|
(dontaudit netd self (capability (fsetid)))
|
|
(dontaudit netd self (cap_userns (fsetid)))
|
|
(allow netd tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx netd tun_device (ioctl chr_file (0x54ca 0x54d2)))
|
|
(allow netd self (tun_socket (create)))
|
|
(allow netd self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netd self (netlink_route_socket (nlmsg_write)))
|
|
(allow netd self (netlink_nflog_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netd self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netd self (netlink_tcpdiag_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
|
|
(allow netd self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netd self (netlink_netfilter_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow netd system_file (file (getattr map execute execute_no_trans)))
|
|
(allow netd devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow netd system_file (file (lock)))
|
|
(dontaudit netd system_file (dir (write)))
|
|
(allow netd proc_qtaguid_ctrl (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow netd qtaguid_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netd proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd proc_net_type (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow netd sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netd sysfs_net (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netd sysfs_net (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd sysfs_net (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd sysfs_net (file (write lock append map open)))
|
|
(allow netd sysfs_usb (file (write)))
|
|
(allow netd cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netd cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netd self (capability (chown dac_override dac_read_search)))
|
|
(allow netd self (cap_userns (chown dac_override dac_read_search)))
|
|
(allow netd net_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow netd net_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow netd self (capability (fowner)))
|
|
(allow netd self (cap_userns (fowner)))
|
|
(allow netd system_file (file (lock)))
|
|
(allow netd dnsmasq (process (sigkill signal)))
|
|
(allow netd servicemanager (binder (call transfer)))
|
|
(allow servicemanager netd (binder (call transfer)))
|
|
(allow servicemanager netd (dir (search)))
|
|
(allow servicemanager netd (file (read open)))
|
|
(allow servicemanager netd (process (getattr)))
|
|
(allow netd netd_service (service_manager (add find)))
|
|
;;* lmx 87 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_568 netd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow netd dnsresolver_service (service_manager (add find)))
|
|
;;* lmx 88 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_568 dnsresolver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow netd mdns_service (service_manager (add find)))
|
|
;;* lmx 89 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_568 mdns_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow netd dumpstate (fifo_file (write getattr)))
|
|
(allow netd system_server (binder (call)))
|
|
(allow netd permission_service (service_manager (find)))
|
|
(allow netd netd_listener_service (service_manager (find)))
|
|
(allow netd netdomain (tcp_socket (read write getattr setattr getopt setopt)))
|
|
(allow netd netdomain (udp_socket (read write getattr setattr getopt setopt)))
|
|
(allow netd netdomain (rawip_socket (read write getattr setattr getopt setopt)))
|
|
(allow netd netdomain (tun_socket (read write getattr setattr getopt setopt)))
|
|
(allow netd netdomain (icmp_socket (read write getattr setattr getopt setopt)))
|
|
(allow netd netdomain (fd (use)))
|
|
(allow netd self (netlink_xfrm_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
|
|
(allow netd system_net_netd_hwservice (hwservice_manager (add find)))
|
|
(allow netd hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 113 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_568 system_net_netd_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow netd hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager netd (binder (call transfer)))
|
|
(allow hwservicemanager netd (dir (search)))
|
|
(allow hwservicemanager netd (file (read map open)))
|
|
(allow hwservicemanager netd (process (getattr)))
|
|
(allow system_net_netd_service servicemanager (binder (call transfer)))
|
|
(allow servicemanager system_net_netd_service (binder (transfer)))
|
|
(allow system_net_netd_service servicemanager (fd (use)))
|
|
(allow netd system_net_netd_service (service_manager (add find)))
|
|
;;* lmx 118 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_568 system_net_netd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 126 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 129 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 132 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd system_file_type (file (write)))
|
|
(neverallow netd system_file_type (dir (write)))
|
|
(neverallow netd system_file_type (lnk_file (write)))
|
|
(neverallow netd system_file_type (chr_file (write)))
|
|
(neverallow netd system_file_type (blk_file (write)))
|
|
(neverallow netd system_file_type (sock_file (write)))
|
|
(neverallow netd system_file_type (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 135 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd app_data_file_type (file (write)))
|
|
(neverallow netd app_data_file_type (dir (write)))
|
|
(neverallow netd app_data_file_type (lnk_file (write)))
|
|
(neverallow netd app_data_file_type (chr_file (write)))
|
|
(neverallow netd app_data_file_type (blk_file (write)))
|
|
(neverallow netd app_data_file_type (sock_file (write)))
|
|
(neverallow netd app_data_file_type (fifo_file (write)))
|
|
(neverallow netd system_data_file (file (write)))
|
|
(neverallow netd system_data_file (dir (write)))
|
|
(neverallow netd system_data_file (lnk_file (write)))
|
|
(neverallow netd system_data_file (chr_file (write)))
|
|
(neverallow netd system_data_file (blk_file (write)))
|
|
(neverallow netd system_data_file (sock_file (write)))
|
|
(neverallow netd system_data_file (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 145 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_569 netd_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 155 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_569 dnsresolver_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 165 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_569 mdns_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 168 system/sepolicy/public/netd.te
|
|
|
|
(neverallow base_typeattr_231 netd (binder (call)))
|
|
;;* lme
|
|
|
|
;;* lmx 169 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd base_typeattr_231 (binder (call)))
|
|
;;* lme
|
|
|
|
;;* lmx 174 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd proc_net (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
(dontaudit netd proc_net (dir (write)))
|
|
;;* lmx 177 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd sysfs_net (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
(dontaudit netd sysfs_net (dir (write)))
|
|
;;* lmx 181 system/sepolicy/public/netd.te
|
|
|
|
(neverallow netd self (capability (sys_admin)))
|
|
;;* lme
|
|
|
|
(dontaudit netd self (capability (sys_admin)))
|
|
(dontaudit netd self (capability (sys_module)))
|
|
(dontaudit netd appdomain (unix_stream_socket (read write)))
|
|
;;* lmx 5 system/sepolicy/public/netutils_wrapper.te
|
|
|
|
(neverallow domain netutils_wrapper_exec (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow performanced servicemanager (binder (call transfer)))
|
|
(allow servicemanager performanced (binder (call transfer)))
|
|
(allow servicemanager performanced (dir (search)))
|
|
(allow servicemanager performanced (file (read open)))
|
|
(allow servicemanager performanced (process (getattr)))
|
|
(allow performanced system_server (binder (call transfer)))
|
|
(allow system_server performanced (binder (transfer)))
|
|
(allow performanced system_server (fd (use)))
|
|
(allow performanced permission_service (service_manager (find)))
|
|
(allow init pdx_performance_client_endpoint_socket_type (unix_stream_socket (create bind)))
|
|
(allow performanced pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
|
|
(allow performanced self (process (setsockcreate)))
|
|
(allow performanced pdx_performance_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 10 system/sepolicy/public/performanced.te
|
|
|
|
(neverallow base_typeattr_570 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
|
|
;;* lme
|
|
|
|
(allow performanced self (capability (setgid setuid sys_nice)))
|
|
(allow performanced self (cap_userns (setgid setuid sys_nice)))
|
|
(allow performanced appdomain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow performanced bufferhubd (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow performanced kernel (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow performanced surfaceflinger (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow performanced appdomain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced appdomain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced bufferhubd (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced bufferhubd (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced kernel (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced kernel (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced surfaceflinger (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced surfaceflinger (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit performanced domain (dir (read)))
|
|
(allow performanced appdomain (process (setsched)))
|
|
(allow performanced bufferhubd (process (setsched)))
|
|
(allow performanced kernel (process (setsched)))
|
|
(allow performanced surfaceflinger (process (setsched)))
|
|
(allow performanced cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow performanced cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow performanced cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow performanced cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall update_engine_common (fd (use)))
|
|
(allow postinstall update_engine_common (fifo_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow postinstall postinstall_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow postinstall postinstall_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall postinstall_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow postinstall system_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow postinstall toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow postinstall servicemanager (binder (call transfer)))
|
|
(allow servicemanager postinstall (binder (call transfer)))
|
|
(allow servicemanager postinstall (dir (search)))
|
|
(allow servicemanager postinstall (file (read open)))
|
|
(allow servicemanager postinstall (process (getattr)))
|
|
(allow postinstall system_server (binder (call transfer)))
|
|
(allow system_server postinstall (binder (transfer)))
|
|
(allow postinstall system_server (fd (use)))
|
|
(allow postinstall otadexopt_service (service_manager (find)))
|
|
(allow postinstall sysfs_fs_f2fs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow postinstall sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
;;* lmx 45 system/sepolicy/public/postinstall.te
|
|
|
|
(neverallow base_typeattr_571 postinstall (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
(allow profman user_profile_data_file (file (read write getattr lock map)))
|
|
(allow profman asec_apk_file (file (read map)))
|
|
(allow profman apk_data_file (file (read getattr map)))
|
|
(allow profman apk_data_file (dir (read getattr search)))
|
|
(allow profman oemfs (file (read map)))
|
|
(allow profman tmpfs (file (read map)))
|
|
(allow profman profman_dump_data_file (file (write map)))
|
|
(allow profman app_data_file (file (read write getattr lock map)))
|
|
(allow profman privapp_data_file (file (read write getattr lock map)))
|
|
(allow profman app_data_file (dir (read getattr search)))
|
|
(allow profman privapp_data_file (dir (read getattr search)))
|
|
(allow profman device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow profman device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
;;* lmx 31 system/sepolicy/public/profman.te
|
|
|
|
(neverallow profman app_data_file_type (file (open)))
|
|
(neverallow profman app_data_file_type (lnk_file (open)))
|
|
(neverallow profman app_data_file_type (sock_file (open)))
|
|
(neverallow profman app_data_file_type (fifo_file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 apexd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 bootloader_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_activity_manager_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_boot_count_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_input_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_netd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 12 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_reset_performed_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 firstboot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 boottime_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 charger_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 cold_boot_done_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_apexd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_bootanim_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_bugreport_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_console_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_dumpstate_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_fuse_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_gsid_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_interface_restart_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_interface_stop_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_mdnsd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_restart_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_rildaemon_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_sigstop_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 dynamic_system_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 heapprofd_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 llkd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 lpdumpd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 mmc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 mock_ota_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 net_dns_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 overlay_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 persistent_properties_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 safemode_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 system_lmk_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 system_trace_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 test_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 time_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 traced_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 traced_lazy_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 53 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 aac_drc_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 adaptive_haptics_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 55 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 apex_ready_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 56 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 arm64_memtag_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 57 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 binder_cache_bluetooth_server_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 58 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 binder_cache_system_server_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 59 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 binder_cache_telephony_server_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 60 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 boot_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 61 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 bootanim_system_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 62 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 bootloader_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 63 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 boottime_public_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 64 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 bq_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 65 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 build_bootimage_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 build_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 67 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 composd_vm_art_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 68 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_aconfig_flags_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_camera_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 70 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_edgetpu_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 71 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_media_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_nnapi_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 73 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_runtime_native_boot_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 74 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_runtime_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 75 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_surface_flinger_native_boot_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 76 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_vendor_system_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 77 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_vendor_system_native_boot_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 78 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 drm_forcel3_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 fingerprint_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 80 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 gwp_asan_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 81 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 hal_instrumentation_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 82 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 userdebug_or_eng_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 83 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 init_service_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 84 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 libc_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 85 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 module_sdkextensions_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 86 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 nnapi_ext_deny_product_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 87 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 persist_wm_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 88 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 power_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 89 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 property_service_version_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 90 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 provisioned_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 91 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 restorecon_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 92 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 retaildemo_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 93 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 servicemanager_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 94 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 smart_idle_maint_enabled_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 95 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 socket_hook_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 96 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 sqlite_log_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 97 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 surfaceflinger_display_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 98 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 system_boot_reason_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 99 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 system_jvmti_agent_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 100 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 traced_oome_heap_session_count_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 101 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 ab_update_gki_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 102 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 usb_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 103 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 userspace_reboot_exported_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 104 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 vold_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 105 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 vts_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 cppreopt_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 dalvik_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 debuggerd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 device_logging_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 dhcp_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 dumpstate_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 exported3_system_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 exported_dumpstate_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 exported_secure_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 heapprofd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 net_radio_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 pan_result_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 persist_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 shell_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 test_harness_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 theme_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 use_memfd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 107 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 vold_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init apexd_config_prop (property_service (set)))
|
|
(allow vendor_init apexd_config_prop (file (read getattr map open)))
|
|
;;* lmx 131 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 apexd_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init apexd_select_prop (property_service (set)))
|
|
(allow vendor_init apexd_select_prop (file (read getattr map open)))
|
|
;;* lmx 132 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 apexd_select_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init aaudio_config_prop (property_service (set)))
|
|
(allow vendor_init aaudio_config_prop (file (read getattr map open)))
|
|
;;* lmx 133 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 aaudio_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init apk_verity_prop (property_service (set)))
|
|
(allow vendor_init apk_verity_prop (file (read getattr map open)))
|
|
;;* lmx 134 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 apk_verity_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init audio_config_prop (property_service (set)))
|
|
(allow vendor_init audio_config_prop (file (read getattr map open)))
|
|
;;* lmx 135 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 audio_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init bootanim_config_prop (property_service (set)))
|
|
(allow vendor_init bootanim_config_prop (file (read getattr map open)))
|
|
;;* lmx 136 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 bootanim_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init bluetooth_config_prop (property_service (set)))
|
|
(allow vendor_init bluetooth_config_prop (file (read getattr map open)))
|
|
;;* lmx 137 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 bluetooth_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init build_attestation_prop (property_service (set)))
|
|
(allow vendor_init build_attestation_prop (file (read getattr map open)))
|
|
;;* lmx 138 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 build_attestation_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init build_config_prop (property_service (set)))
|
|
(allow vendor_init build_config_prop (file (read getattr map open)))
|
|
;;* lmx 139 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 build_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init build_odm_prop (property_service (set)))
|
|
(allow vendor_init build_odm_prop (file (read getattr map open)))
|
|
;;* lmx 140 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 build_odm_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init build_vendor_prop (property_service (set)))
|
|
(allow vendor_init build_vendor_prop (file (read getattr map open)))
|
|
;;* lmx 141 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 build_vendor_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init camera_calibration_prop (property_service (set)))
|
|
(allow vendor_init camera_calibration_prop (file (read getattr map open)))
|
|
;;* lmx 142 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 camera_calibration_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init camera_config_prop (property_service (set)))
|
|
(allow vendor_init camera_config_prop (file (read getattr map open)))
|
|
;;* lmx 143 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 camera_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init camera2_extensions_prop (property_service (set)))
|
|
(allow vendor_init camera2_extensions_prop (file (read getattr map open)))
|
|
;;* lmx 144 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 camera2_extensions_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init camerax_extensions_prop (property_service (set)))
|
|
(allow vendor_init camerax_extensions_prop (file (read getattr map open)))
|
|
;;* lmx 145 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 camerax_extensions_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init charger_config_prop (property_service (set)))
|
|
(allow vendor_init charger_config_prop (file (read getattr map open)))
|
|
;;* lmx 146 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 charger_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init codec2_config_prop (property_service (set)))
|
|
(allow vendor_init codec2_config_prop (file (read getattr map open)))
|
|
;;* lmx 147 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 codec2_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init composd_vm_vendor_prop (property_service (set)))
|
|
(allow vendor_init composd_vm_vendor_prop (file (read getattr map open)))
|
|
;;* lmx 148 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 composd_vm_vendor_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init cpu_variant_prop (property_service (set)))
|
|
(allow vendor_init cpu_variant_prop (file (read getattr map open)))
|
|
;;* lmx 149 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 cpu_variant_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init debugfs_restriction_prop (property_service (set)))
|
|
(allow vendor_init debugfs_restriction_prop (file (read getattr map open)))
|
|
;;* lmx 150 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 debugfs_restriction_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init drm_service_config_prop (property_service (set)))
|
|
(allow vendor_init drm_service_config_prop (file (read getattr map open)))
|
|
;;* lmx 151 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 drm_service_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_camera_prop (property_service (set)))
|
|
(allow vendor_init exported_camera_prop (file (read getattr map open)))
|
|
;;* lmx 152 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 exported_camera_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_config_prop (property_service (set)))
|
|
(allow vendor_init exported_config_prop (file (read getattr map open)))
|
|
;;* lmx 153 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 exported_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_default_prop (property_service (set)))
|
|
(allow vendor_init exported_default_prop (file (read getattr map open)))
|
|
;;* lmx 154 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 exported_default_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init ffs_config_prop (property_service (set)))
|
|
(allow vendor_init ffs_config_prop (file (read getattr map open)))
|
|
;;* lmx 155 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 ffs_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init framework_watchdog_config_prop (property_service (set)))
|
|
(allow vendor_init framework_watchdog_config_prop (file (read getattr map open)))
|
|
;;* lmx 156 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 framework_watchdog_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init graphics_config_prop (property_service (set)))
|
|
(allow vendor_init graphics_config_prop (file (read getattr map open)))
|
|
;;* lmx 157 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 graphics_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init hdmi_config_prop (property_service (set)))
|
|
(allow vendor_init hdmi_config_prop (file (read getattr map open)))
|
|
;;* lmx 158 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 hdmi_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init hw_timeout_multiplier_prop (property_service (set)))
|
|
(allow vendor_init hw_timeout_multiplier_prop (file (read getattr map open)))
|
|
;;* lmx 159 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 hw_timeout_multiplier_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init hypervisor_prop (property_service (set)))
|
|
(allow vendor_init hypervisor_prop (file (read getattr map open)))
|
|
;;* lmx 160 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 hypervisor_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init hypervisor_restricted_prop (property_service (set)))
|
|
(allow vendor_init hypervisor_restricted_prop (file (read getattr map open)))
|
|
;;* lmx 161 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 hypervisor_restricted_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init incremental_prop (property_service (set)))
|
|
(allow vendor_init incremental_prop (file (read getattr map open)))
|
|
;;* lmx 162 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 incremental_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init input_device_config_prop (property_service (set)))
|
|
(allow vendor_init input_device_config_prop (file (read getattr map open)))
|
|
;;* lmx 163 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 input_device_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init keyguard_config_prop (property_service (set)))
|
|
(allow vendor_init keyguard_config_prop (file (read getattr map open)))
|
|
;;* lmx 164 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 keyguard_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init keystore_config_prop (property_service (set)))
|
|
(allow vendor_init keystore_config_prop (file (read getattr map open)))
|
|
;;* lmx 165 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 keystore_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init lmkd_config_prop (property_service (set)))
|
|
(allow vendor_init lmkd_config_prop (file (read getattr map open)))
|
|
;;* lmx 166 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 lmkd_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init media_config_prop (property_service (set)))
|
|
(allow vendor_init media_config_prop (file (read getattr map open)))
|
|
;;* lmx 167 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 media_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init media_variant_prop (property_service (set)))
|
|
(allow vendor_init media_variant_prop (file (read getattr map open)))
|
|
;;* lmx 168 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 media_variant_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init mediadrm_config_prop (property_service (set)))
|
|
(allow vendor_init mediadrm_config_prop (file (read getattr map open)))
|
|
;;* lmx 169 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 mediadrm_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init mm_events_config_prop (property_service (set)))
|
|
(allow vendor_init mm_events_config_prop (file (read getattr map open)))
|
|
;;* lmx 170 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 mm_events_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init oem_unlock_prop (property_service (set)))
|
|
(allow vendor_init oem_unlock_prop (file (read getattr map open)))
|
|
;;* lmx 171 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 oem_unlock_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init ota_build_prop (property_service (set)))
|
|
(allow vendor_init ota_build_prop (file (read getattr map open)))
|
|
;;* lmx 172 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 ota_build_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init packagemanager_config_prop (property_service (set)))
|
|
(allow vendor_init packagemanager_config_prop (file (read getattr map open)))
|
|
;;* lmx 173 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 packagemanager_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init quick_start_prop (property_service (set)))
|
|
(allow vendor_init quick_start_prop (file (read getattr map open)))
|
|
;;* lmx 174 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 quick_start_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init recovery_config_prop (property_service (set)))
|
|
(allow vendor_init recovery_config_prop (file (read getattr map open)))
|
|
;;* lmx 175 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 recovery_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init recovery_usb_config_prop (property_service (set)))
|
|
(allow vendor_init recovery_usb_config_prop (file (read getattr map open)))
|
|
;;* lmx 176 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 recovery_usb_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init sendbug_config_prop (property_service (set)))
|
|
(allow vendor_init sendbug_config_prop (file (read getattr map open)))
|
|
;;* lmx 177 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 sendbug_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init soc_prop (property_service (set)))
|
|
(allow vendor_init soc_prop (file (read getattr map open)))
|
|
;;* lmx 178 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 soc_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init storage_config_prop (property_service (set)))
|
|
(allow vendor_init storage_config_prop (file (read getattr map open)))
|
|
;;* lmx 179 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 storage_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init storagemanager_config_prop (property_service (set)))
|
|
(allow vendor_init storagemanager_config_prop (file (read getattr map open)))
|
|
;;* lmx 180 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 storagemanager_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init surfaceflinger_prop (property_service (set)))
|
|
(allow vendor_init surfaceflinger_prop (file (read getattr map open)))
|
|
;;* lmx 181 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 surfaceflinger_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init suspend_prop (property_service (set)))
|
|
(allow vendor_init suspend_prop (file (read getattr map open)))
|
|
;;* lmx 182 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 suspend_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init systemsound_config_prop (property_service (set)))
|
|
(allow vendor_init systemsound_config_prop (file (read getattr map open)))
|
|
;;* lmx 183 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 systemsound_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init telephony_config_prop (property_service (set)))
|
|
(allow vendor_init telephony_config_prop (file (read getattr map open)))
|
|
;;* lmx 184 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 telephony_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init threadnetwork_config_prop (property_service (set)))
|
|
(allow vendor_init threadnetwork_config_prop (file (read getattr map open)))
|
|
;;* lmx 185 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 threadnetwork_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init tombstone_config_prop (property_service (set)))
|
|
(allow vendor_init tombstone_config_prop (file (read getattr map open)))
|
|
;;* lmx 186 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 tombstone_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init usb_config_prop (property_service (set)))
|
|
(allow vendor_init usb_config_prop (file (read getattr map open)))
|
|
;;* lmx 187 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 usb_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init userspace_reboot_config_prop (property_service (set)))
|
|
(allow vendor_init userspace_reboot_config_prop (file (read getattr map open)))
|
|
;;* lmx 188 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 userspace_reboot_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vehicle_hal_prop (property_service (set)))
|
|
(allow vendor_init vehicle_hal_prop (file (read getattr map open)))
|
|
;;* lmx 189 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 vehicle_hal_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vendor_security_patch_level_prop (property_service (set)))
|
|
(allow vendor_init vendor_security_patch_level_prop (file (read getattr map open)))
|
|
;;* lmx 190 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 vendor_security_patch_level_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vendor_socket_hook_prop (property_service (set)))
|
|
(allow vendor_init vendor_socket_hook_prop (file (read getattr map open)))
|
|
;;* lmx 191 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 vendor_socket_hook_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init virtual_ab_prop (property_service (set)))
|
|
(allow vendor_init virtual_ab_prop (file (read getattr map open)))
|
|
;;* lmx 192 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 virtual_ab_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vndk_prop (property_service (set)))
|
|
(allow vendor_init vndk_prop (file (read getattr map open)))
|
|
;;* lmx 193 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 vndk_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vts_config_prop (property_service (set)))
|
|
(allow vendor_init vts_config_prop (file (read getattr map open)))
|
|
;;* lmx 194 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 vts_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vold_config_prop (property_service (set)))
|
|
(allow vendor_init vold_config_prop (file (read getattr map open)))
|
|
;;* lmx 195 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 vold_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init wifi_config_prop (property_service (set)))
|
|
(allow vendor_init wifi_config_prop (file (read getattr map open)))
|
|
;;* lmx 196 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 wifi_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init zram_config_prop (property_service (set)))
|
|
(allow vendor_init zram_config_prop (file (read getattr map open)))
|
|
;;* lmx 197 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 zram_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init zygote_config_prop (property_service (set)))
|
|
(allow vendor_init zygote_config_prop (file (read getattr map open)))
|
|
;;* lmx 198 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 zygote_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init dck_prop (property_service (set)))
|
|
(allow vendor_init dck_prop (file (read getattr map open)))
|
|
;;* lmx 199 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 dck_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init tuner_config_prop (property_service (set)))
|
|
(allow vendor_init tuner_config_prop (file (read getattr map open)))
|
|
;;* lmx 200 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 tuner_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init usb_uvc_enabled_prop (property_service (set)))
|
|
(allow vendor_init usb_uvc_enabled_prop (file (read getattr map open)))
|
|
;;* lmx 201 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 usb_uvc_enabled_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init setupwizard_mode_prop (property_service (set)))
|
|
(allow vendor_init setupwizard_mode_prop (file (read getattr map open)))
|
|
;;* lmx 202 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 setupwizard_mode_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init pm_archiving_enabled_prop (property_service (set)))
|
|
(allow vendor_init pm_archiving_enabled_prop (file (read getattr map open)))
|
|
;;* lmx 203 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_259 pm_archiving_enabled_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 265 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_250 default_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 268 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_572 rebootescrow_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 271 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_572 virtual_face_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 274 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_572 virtual_fingerprint_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 341 system/sepolicy/public/property.te
|
|
|
|
(neverallow base_typeattr_572 vendor_default_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow property_type tmpfs (filesystem (associate)))
|
|
(allow radio radio_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow radio radio_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow radio radio_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow radio radio_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow radio radio_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow radio radio_core_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow radio radio_core_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow radio net_data_file (dir (search)))
|
|
(allow radio net_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow radio radio_service (service_manager (add find)))
|
|
;;* lmx 20 system/sepolicy/public/radio.te
|
|
|
|
(neverallow base_typeattr_573 radio_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow radio audioserver_service (service_manager (find)))
|
|
(allow radio cameraserver_service (service_manager (find)))
|
|
(allow radio drmserver_service (service_manager (find)))
|
|
(allow radio mediaserver_service (service_manager (find)))
|
|
(allow radio nfc_service (service_manager (find)))
|
|
(allow radio app_api_service (service_manager (find)))
|
|
(allow radio system_api_service (service_manager (find)))
|
|
(allow radio timedetector_service (service_manager (find)))
|
|
(allow radio timezonedetector_service (service_manager (find)))
|
|
(allow radio hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager radio (binder (call transfer)))
|
|
(allow hwservicemanager radio (dir (search)))
|
|
(allow hwservicemanager radio (file (read map open)))
|
|
(allow hwservicemanager radio (process (getattr)))
|
|
(allow radio proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 165 system/sepolicy/public/recovery.te
|
|
|
|
(neverallow recovery base_typeattr_574 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 171 system/sepolicy/public/recovery.te
|
|
|
|
(neverallow recovery base_typeattr_574 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
(allow recovery_persist pstorefs (dir (search)))
|
|
(allow recovery_persist pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow recovery_persist recovery_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow recovery_persist recovery_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow recovery_persist cache_file (dir (search)))
|
|
(allow recovery_persist cache_file (lnk_file (read)))
|
|
(allow recovery_persist cache_recovery_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow recovery_persist cache_recovery_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
;;* lmx 23 system/sepolicy/public/recovery_persist.te
|
|
|
|
(neverallow recovery_persist dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/public/recovery_persist.te
|
|
|
|
(neverallow recovery_persist domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 29 system/sepolicy/public/recovery_persist.te
|
|
|
|
(neverallow recovery_persist system_file_type (file (write)))
|
|
(neverallow recovery_persist system_file_type (dir (write)))
|
|
(neverallow recovery_persist system_file_type (lnk_file (write)))
|
|
(neverallow recovery_persist system_file_type (chr_file (write)))
|
|
(neverallow recovery_persist system_file_type (blk_file (write)))
|
|
(neverallow recovery_persist system_file_type (sock_file (write)))
|
|
(neverallow recovery_persist system_file_type (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 32 system/sepolicy/public/recovery_persist.te
|
|
|
|
(neverallow recovery_persist app_data_file_type (file (write)))
|
|
(neverallow recovery_persist app_data_file_type (dir (write)))
|
|
(neverallow recovery_persist app_data_file_type (lnk_file (write)))
|
|
(neverallow recovery_persist app_data_file_type (chr_file (write)))
|
|
(neverallow recovery_persist app_data_file_type (blk_file (write)))
|
|
(neverallow recovery_persist app_data_file_type (sock_file (write)))
|
|
(neverallow recovery_persist app_data_file_type (fifo_file (write)))
|
|
(neverallow recovery_persist system_data_file (file (write)))
|
|
(neverallow recovery_persist system_data_file (dir (write)))
|
|
(neverallow recovery_persist system_data_file (lnk_file (write)))
|
|
(neverallow recovery_persist system_data_file (chr_file (write)))
|
|
(neverallow recovery_persist system_data_file (blk_file (write)))
|
|
(neverallow recovery_persist system_data_file (sock_file (write)))
|
|
(neverallow recovery_persist system_data_file (fifo_file (write)))
|
|
;;* lme
|
|
|
|
(allow recovery_refresh pstorefs (dir (search)))
|
|
(allow recovery_refresh pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 16 system/sepolicy/public/recovery_refresh.te
|
|
|
|
(neverallow recovery_refresh dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 19 system/sepolicy/public/recovery_refresh.te
|
|
|
|
(neverallow recovery_refresh domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 22 system/sepolicy/public/recovery_refresh.te
|
|
|
|
(neverallow recovery_refresh system_file_type (file (write)))
|
|
(neverallow recovery_refresh system_file_type (dir (write)))
|
|
(neverallow recovery_refresh system_file_type (lnk_file (write)))
|
|
(neverallow recovery_refresh system_file_type (chr_file (write)))
|
|
(neverallow recovery_refresh system_file_type (blk_file (write)))
|
|
(neverallow recovery_refresh system_file_type (sock_file (write)))
|
|
(neverallow recovery_refresh system_file_type (fifo_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 25 system/sepolicy/public/recovery_refresh.te
|
|
|
|
(neverallow recovery_refresh app_data_file_type (file (write)))
|
|
(neverallow recovery_refresh app_data_file_type (dir (write)))
|
|
(neverallow recovery_refresh app_data_file_type (lnk_file (write)))
|
|
(neverallow recovery_refresh app_data_file_type (chr_file (write)))
|
|
(neverallow recovery_refresh app_data_file_type (blk_file (write)))
|
|
(neverallow recovery_refresh app_data_file_type (sock_file (write)))
|
|
(neverallow recovery_refresh app_data_file_type (fifo_file (write)))
|
|
(neverallow recovery_refresh system_data_file (file (write)))
|
|
(neverallow recovery_refresh system_data_file (dir (write)))
|
|
(neverallow recovery_refresh system_data_file (lnk_file (write)))
|
|
(neverallow recovery_refresh system_data_file (chr_file (write)))
|
|
(neverallow recovery_refresh system_data_file (blk_file (write)))
|
|
(neverallow recovery_refresh system_data_file (sock_file (write)))
|
|
(neverallow recovery_refresh system_data_file (fifo_file (write)))
|
|
;;* lme
|
|
|
|
(allow remote_provisioning_service_server remote_provisioning_service (service_manager (add find)))
|
|
;;* lmx 3 system/sepolicy/public/remote_provisioning_service_server.te
|
|
|
|
(neverallow base_typeattr_575 remote_provisioning_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow remote_provisioning_service_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager remote_provisioning_service_server (binder (call transfer)))
|
|
(allow servicemanager remote_provisioning_service_server (dir (search)))
|
|
(allow servicemanager remote_provisioning_service_server (file (read open)))
|
|
(allow servicemanager remote_provisioning_service_server (process (getattr)))
|
|
(allow rootdisk_sysdev sysfs (filesystem (associate)))
|
|
(allow runas adbd (fd (use)))
|
|
(allow runas adbd (process (sigchld)))
|
|
(allow runas adbd (unix_stream_socket (read write)))
|
|
(allow runas shell (fd (use)))
|
|
(allow runas shell (fifo_file (read write)))
|
|
(allow runas shell (unix_stream_socket (read write)))
|
|
(allow runas devpts (chr_file (ioctl read write)))
|
|
(allow runas shell_data_file (file (read write)))
|
|
(allow runas system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runas system_data_file (lnk_file (getattr)))
|
|
(allow runas packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runas system_data_file (lnk_file (read)))
|
|
(dontaudit runas self (capability (dac_override dac_read_search)))
|
|
(dontaudit runas self (cap_userns (dac_override dac_read_search)))
|
|
(allow runas app_data_file (dir (getattr search)))
|
|
(allow runas self (capability (setgid setuid)))
|
|
(allow runas self (cap_userns (setgid setuid)))
|
|
(allow runas selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow runas selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runas selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runas selinuxfs (file (write lock append map open)))
|
|
(allow runas kernel (security (check_context)))
|
|
(allow runas self (process (setcurrent)))
|
|
(allow runas base_typeattr_576 (process (dyntransition)))
|
|
(allow runas seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 42 system/sepolicy/public/runas.te
|
|
|
|
(neverallow runas self (capability (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow runas self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/public/runas.te
|
|
|
|
(neverallow runas self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
(neverallow runas self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
;;* lme
|
|
|
|
(allow scheduler_service_server fwk_scheduler_hwservice (hwservice_manager (add find)))
|
|
(allow scheduler_service_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 1 system/sepolicy/public/scheduler_service_server.te
|
|
|
|
(neverallow base_typeattr_577 fwk_scheduler_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow sdcardd cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow sdcardd cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow sdcardd fuse_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow sdcardd rootfs (dir (mounton)))
|
|
(allow sdcardd sdcardfs (filesystem (remount)))
|
|
(allow sdcardd tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow sdcardd mnt_media_rw_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow sdcardd storage_file (dir (search)))
|
|
(allow sdcardd storage_stub_file (dir (mounton search)))
|
|
(allow sdcardd sdcard_type (filesystem (mount unmount)))
|
|
(allow sdcardd fuse (filesystem (mount unmount)))
|
|
(allow sdcardd self (capability (dac_override dac_read_search setgid setuid sys_admin sys_resource)))
|
|
(allow sdcardd self (cap_userns (dac_override dac_read_search setgid setuid sys_admin sys_resource)))
|
|
(allow sdcardd sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow sdcardd fuse (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow sdcardd sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow sdcardd fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow sdcardd media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow sdcardd media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow sdcardd system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow sdcardd packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow sdcardd install_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow sdcardd install_data_file (dir (search)))
|
|
(allow sdcardd vold (fd (use)))
|
|
(allow sdcardd vold (fifo_file (read write getattr)))
|
|
(allow sdcardd mnt_expand_file (dir (search)))
|
|
(allow sdcardd proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 46 system/sepolicy/public/sdcardd.te
|
|
|
|
(neverallow init sdcardd_exec (file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 47 system/sepolicy/public/sdcardd.te
|
|
|
|
(neverallow init sdcardd (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
(allow sensor_service_server fwk_sensor_hwservice (hwservice_manager (add find)))
|
|
(allow sensor_service_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 1 system/sepolicy/public/sensor_service_server.te
|
|
|
|
(neverallow base_typeattr_578 fwk_sensor_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 366 system/sepolicy/public/service.te
|
|
|
|
(neverallow domain base_typeattr_579 (service_manager (add find)))
|
|
;;* lme
|
|
|
|
(allow servicemanager self (binder (set_context_mgr)))
|
|
(allow servicemanager base_typeattr_580 (binder (transfer)))
|
|
(allow servicemanager service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager vendor_service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager service_manager_service (service_manager (add find)))
|
|
;;* lmx 27 system/sepolicy/public/servicemanager.te
|
|
|
|
(neverallow base_typeattr_581 service_manager_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow servicemanager dumpstate (fd (use)))
|
|
(allow servicemanager dumpstate (fifo_file (write)))
|
|
(allow servicemanager selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow servicemanager selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager selinuxfs (file (write lock append map open)))
|
|
(allow servicemanager kernel (security (compute_av)))
|
|
(allow servicemanager self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow servicemanager kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow sgdisk block_device (dir (search)))
|
|
(allow sgdisk vold_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx sgdisk vold_device (ioctl blk_file (0x301)))
|
|
(allowx sgdisk vold_device (ioctl blk_file (0x1260)))
|
|
(allowx sgdisk vold_device (ioctl blk_file (0x125f)))
|
|
(allowx sgdisk vold_device (ioctl blk_file (0x127b)))
|
|
(allow sgdisk devpts (chr_file (ioctl read write getattr)))
|
|
(allow sgdisk vold (fd (use)))
|
|
(allow sgdisk vold (fifo_file (read write getattr)))
|
|
(allow sgdisk self (capability (sys_admin)))
|
|
(allow sgdisk self (cap_userns (sys_admin)))
|
|
;;* lmx 35 system/sepolicy/public/sgdisk.te
|
|
|
|
(neverallow base_typeattr_339 sgdisk (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 36 system/sepolicy/public/sgdisk.te
|
|
|
|
(neverallow base_typeattr_224 sgdisk (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 37 system/sepolicy/public/sgdisk.te
|
|
|
|
(neverallow sgdisk base_typeattr_582 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(allow shell logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell logdr_socket (sock_file (write)))
|
|
(allow shell logd (unix_stream_socket (connectto)))
|
|
(allow shell logd_socket (sock_file (write)))
|
|
(allow shell logd (unix_stream_socket (connectto)))
|
|
(allow shell logd_prop (file (read getattr map open)))
|
|
(allow shell pstorefs (dir (search)))
|
|
(allow shell pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell anr_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell anr_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell shell_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow shell shell_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell shell_data_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell shell_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell shell_test_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow shell shell_test_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell shell_test_data_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell shell_test_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell shell_test_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell trace_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow shell trace_data_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search)))
|
|
(allow shell profman_dump_data_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search)))
|
|
(allow shell profman_dump_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow shell dumpstate_socket (sock_file (write)))
|
|
(allow shell dumpstate (unix_stream_socket (connectto)))
|
|
(allow shell devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow shell tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow shell console_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow shell input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell input_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell system_file (file (getattr map execute execute_no_trans)))
|
|
(allow shell toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell servicemanager (service_manager (list)))
|
|
(allow shell base_typeattr_583 (service_manager (find)))
|
|
(allow shell dumpstate (binder (call)))
|
|
(allow shell hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager shell (binder (call transfer)))
|
|
(allow hwservicemanager shell (dir (search)))
|
|
(allow hwservicemanager shell (file (read map open)))
|
|
(allow hwservicemanager shell (process (getattr)))
|
|
(allow shell hwservicemanager (hwservice_manager (list)))
|
|
(allow shell proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_asound (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_loadavg (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_modules (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_pid_max (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_slabinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_timer (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_uptime (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_zoneinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell sysfs_net (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell cgroup_desc_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell cgroup_desc_api_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell vendor_cgroup_desc_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell domain (dir (read getattr open search)))
|
|
(allow shell domain (file (read getattr open)))
|
|
(allow shell domain (lnk_file (read getattr open)))
|
|
(allow shell labeledfs (filesystem (getattr)))
|
|
(allow shell proc (filesystem (getattr)))
|
|
(allow shell device (dir (getattr)))
|
|
(allow shell domain (process (getattr)))
|
|
(allow shell selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell bootchart_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow shell bootchart_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell self (process (ptrace)))
|
|
(allow shell sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell sysfs_batteryinfo (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell sysfs_batteryinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow shell dev_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell dev_type (chr_file (getattr)))
|
|
(allow shell proc (lnk_file (getattr)))
|
|
(allow shell dev_type (blk_file (getattr)))
|
|
(allow shell file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell property_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell sepolicy_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell vendor_shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
;;* lmx 206 system/sepolicy/public/shell.te
|
|
|
|
(neverallow shell hal_keymint_service (service_manager (find)))
|
|
(neverallow shell hal_secureclock_service (service_manager (find)))
|
|
(neverallow shell hal_sharedsecret_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 214 system/sepolicy/public/shell.te
|
|
|
|
(neverallow shell file_type (file (link)))
|
|
;;* lme
|
|
|
|
;;* lmx 217 system/sepolicy/public/shell.te
|
|
|
|
(neverallowx shell domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx shell domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx shell domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 217 system/sepolicy/public/shell.te
|
|
|
|
(neverallowx shell domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx shell domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx shell domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 217 system/sepolicy/public/shell.te
|
|
|
|
(neverallowx shell domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx shell domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx shell domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
;;* lmx 225 system/sepolicy/public/shell.te
|
|
|
|
(neverallow shell hw_random_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow shell port_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow shell fuse_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 228 system/sepolicy/public/shell.te
|
|
|
|
(neverallow shell dev_type (blk_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 237 system/sepolicy/public/shell.te
|
|
|
|
(neverallow shell input_device (chr_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow slideshow kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow slideshow sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow slideshow self (capability2 (block_suspend)))
|
|
(allow slideshow self (cap2_userns (block_suspend)))
|
|
(allow slideshow system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server slideshow (binder (transfer)))
|
|
(allow slideshow system_suspend_server (fd (use)))
|
|
(allow slideshow system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow slideshow hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager slideshow (binder (call transfer)))
|
|
(allow hwservicemanager slideshow (dir (search)))
|
|
(allow hwservicemanager slideshow (file (read map open)))
|
|
(allow hwservicemanager slideshow (process (getattr)))
|
|
(allow slideshow hwservicemanager_prop (file (read getattr map open)))
|
|
(allow slideshow hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow slideshow hal_system_suspend_service (service_manager (find)))
|
|
(allow slideshow servicemanager (binder (call transfer)))
|
|
(allow servicemanager slideshow (binder (call transfer)))
|
|
(allow servicemanager slideshow (dir (search)))
|
|
(allow servicemanager slideshow (file (read open)))
|
|
(allow servicemanager slideshow (process (getattr)))
|
|
(allow slideshow device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow slideshow self (capability (sys_tty_config)))
|
|
(allow slideshow self (cap_userns (sys_tty_config)))
|
|
(allow slideshow graphics_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow slideshow graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow slideshow input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow slideshow input_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow slideshow tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow stats_service_server fwk_stats_hwservice (hwservice_manager (add find)))
|
|
(allow stats_service_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 1 system/sepolicy/public/stats_service_server.te
|
|
|
|
(neverallow base_typeattr_584 fwk_stats_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow stats_service_server fwk_stats_service (service_manager (add find)))
|
|
;;* lmx 2 system/sepolicy/public/stats_service_server.te
|
|
|
|
(neverallow base_typeattr_584 fwk_stats_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow stats_service_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager stats_service_server (binder (call transfer)))
|
|
(allow servicemanager stats_service_server (dir (search)))
|
|
(allow servicemanager stats_service_server (file (read open)))
|
|
(allow servicemanager stats_service_server (process (getattr)))
|
|
(allow statsd servicemanager (binder (call transfer)))
|
|
(allow servicemanager statsd (binder (call transfer)))
|
|
(allow servicemanager statsd (dir (search)))
|
|
(allow servicemanager statsd (file (read open)))
|
|
(allow servicemanager statsd (process (getattr)))
|
|
(allow statsd domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow statsd domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow statsd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow statsd devpts (chr_file (ioctl read write getattr)))
|
|
(allow statsd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow statsd system_file (file (execute_no_trans)))
|
|
(allow statsd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow statsd stats_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow statsd stats_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow statsd stats_config_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow statsd stats_config_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow statsd appdomain (binder (call transfer)))
|
|
(allow appdomain statsd (binder (transfer)))
|
|
(allow statsd appdomain (fd (use)))
|
|
(allow statsd incidentd (binder (call transfer)))
|
|
(allow incidentd statsd (binder (transfer)))
|
|
(allow statsd incidentd (fd (use)))
|
|
(allow statsd system_server (binder (call transfer)))
|
|
(allow system_server statsd (binder (transfer)))
|
|
(allow statsd system_server (fd (use)))
|
|
(allow statsd traced_probes (binder (call transfer)))
|
|
(allow traced_probes statsd (binder (transfer)))
|
|
(allow statsd traced_probes (fd (use)))
|
|
(allow statsd gpu_service (service_manager (find)))
|
|
(allow statsd gpuservice (binder (call transfer)))
|
|
(allow gpuservice statsd (binder (transfer)))
|
|
(allow statsd gpuservice (fd (use)))
|
|
(allow statsd keystore_service (service_manager (find)))
|
|
(allow statsd keystore (binder (call transfer)))
|
|
(allow keystore statsd (binder (transfer)))
|
|
(allow statsd keystore (fd (use)))
|
|
(allow statsd mediametrics_service (service_manager (find)))
|
|
(allow statsd mediametrics (binder (call transfer)))
|
|
(allow mediametrics statsd (binder (transfer)))
|
|
(allow statsd mediametrics (fd (use)))
|
|
(allow statsd mediaserver_service (service_manager (find)))
|
|
(allow statsd mediaserver (binder (call transfer)))
|
|
(allow mediaserver statsd (binder (transfer)))
|
|
(allow statsd mediaserver (fd (use)))
|
|
(allow statsd logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow statsd logdr_socket (sock_file (write)))
|
|
(allow statsd logd (unix_stream_socket (connectto)))
|
|
(allow statsd logd_socket (sock_file (write)))
|
|
(allow statsd logd (unix_stream_socket (connectto)))
|
|
(allow statsd app_api_service (service_manager (find)))
|
|
(allow statsd system_api_service (service_manager (find)))
|
|
(allow statsd incident_service (service_manager (find)))
|
|
(allow statsd hal_health_hwservice (hwservice_manager (find)))
|
|
(allow statsd dumpstate (fd (use)))
|
|
(allow statsd dumpstate (fifo_file (write getattr)))
|
|
(allow statsd proc_uid_cputime_showstat (file (read getattr open)))
|
|
(allow statsd adbd (fd (use)))
|
|
(allow statsd adbd (unix_stream_socket (read write getattr)))
|
|
(allow statsd shell (fifo_file (read write getattr)))
|
|
(allow statsd statsdw_socket (sock_file (write)))
|
|
(allow statsd statsd (unix_dgram_socket (sendto)))
|
|
;;* lmx 94 system/sepolicy/public/statsd.te
|
|
|
|
(neverallow base_typeattr_585 stats_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 95 system/sepolicy/public/statsd.te
|
|
|
|
(neverallow base_typeattr_586 stats_config_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 99 system/sepolicy/public/statsd.te
|
|
|
|
(neverallow base_typeattr_585 stats_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 100 system/sepolicy/public/statsd.te
|
|
|
|
(neverallow base_typeattr_586 stats_config_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
(allow system_server power_debug_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server power_debug_prop (property_service (set)))
|
|
(allow system_server power_debug_prop (file (read getattr map open)))
|
|
;;* lmx 18 system/sepolicy/public/system_server.te
|
|
|
|
(neverallow base_typeattr_587 power_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow system_suspend_internal_server system_suspend_control_internal_service (service_manager (add find)))
|
|
;;* lmx 2 system/sepolicy/public/system_suspend_internal_server.te
|
|
|
|
(neverallow base_typeattr_588 system_suspend_control_internal_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/public/system_suspend_internal_server.te
|
|
|
|
(neverallow base_typeattr_589 system_suspend_control_internal_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow system_suspend_server hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager system_suspend_server (binder (call transfer)))
|
|
(allow hwservicemanager system_suspend_server (dir (search)))
|
|
(allow hwservicemanager system_suspend_server (file (read map open)))
|
|
(allow hwservicemanager system_suspend_server (process (getattr)))
|
|
(allow system_suspend_server hwservicemanager_prop (file (read getattr map open)))
|
|
(allow system_suspend_server system_suspend_hwservice (hwservice_manager (add find)))
|
|
(allow system_suspend_server hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/public/system_suspend_server.te
|
|
|
|
(neverallow base_typeattr_590 system_suspend_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow tee fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow tee fingerprint_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow tombstoned domain (fd (use)))
|
|
(allow tombstoned domain (fifo_file (write)))
|
|
(allow tombstoned domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow tombstoned domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow tombstoned tombstone_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow tombstoned tombstone_data_file (file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow tombstoned anr_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow tombstoned anr_data_file (file (create getattr append unlink link open)))
|
|
(allow toolbox tmpfs (chr_file (ioctl read write)))
|
|
(allow toolbox devpts (chr_file (ioctl read write getattr)))
|
|
(allow toolbox block_device (dir (search)))
|
|
(allow toolbox swap_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lmx 22 system/sepolicy/public/toolbox.te
|
|
|
|
(neverallow base_typeattr_223 toolbox (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/public/toolbox.te
|
|
|
|
(neverallow base_typeattr_224 toolbox (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 24 system/sepolicy/public/toolbox.te
|
|
|
|
(neverallow toolbox base_typeattr_591 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(allow toolbox system_data_root_file (dir (write remove_name)))
|
|
(allow toolbox system_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search rmdir)))
|
|
(allow toolbox system_data_file (file (getattr unlink)))
|
|
(allow toolbox media_userdir_file (dir (ioctl read getattr setattr lock open watch watch_reads search)))
|
|
(allowx toolbox media_userdir_file (ioctl dir ((range 0x6601 0x6602))))
|
|
(allow traceur_app servicemanager (service_manager (list)))
|
|
(allow traceur_app hwservicemanager (hwservice_manager (list)))
|
|
(allow traceur_app base_typeattr_592 (service_manager (find)))
|
|
(dontaudit traceur_app service_manager_type (service_manager (find)))
|
|
(dontaudit traceur_app hwservice_manager_type (hwservice_manager (find)))
|
|
(dontaudit traceur_app domain (binder (call)))
|
|
(allow ueventd kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow ueventd self (capability (chown dac_override dac_read_search fowner fsetid setgid setuid net_admin sys_rawio mknod)))
|
|
(allow ueventd self (cap_userns (chown dac_override dac_read_search fowner fsetid setgid setuid net_admin sys_rawio mknod)))
|
|
(allow ueventd device (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow ueventd rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow ueventd rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd sysfs_type (file (write lock append map open)))
|
|
(allow ueventd sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow ueventd sysfs_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd sysfs_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd sysfs_type (file (setattr relabelfrom relabelto)))
|
|
(allow ueventd sysfs_type (lnk_file (setattr relabelfrom relabelto)))
|
|
(allow ueventd sysfs_type (dir (setattr relabelfrom relabelto)))
|
|
(allow ueventd tmpfs (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow ueventd dev_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow ueventd dev_type (lnk_file (create unlink)))
|
|
(allow ueventd dev_type (chr_file (create getattr setattr unlink)))
|
|
(allow ueventd dev_type (blk_file (create getattr setattr relabelfrom relabelto unlink)))
|
|
(allow ueventd self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow ueventd efs_file (dir (search)))
|
|
(allow ueventd efs_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow ueventd selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd base_typeattr_593 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow ueventd base_typeattr_593 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd base_typeattr_593 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow ueventd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd self (process (setfscreate)))
|
|
(allow ueventd proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ueventd proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit ueventd postinstall_mnt_dir (dir (getattr)))
|
|
(allow ueventd self (capability (sys_module)))
|
|
(allow ueventd self (cap_userns (sys_module)))
|
|
(allow ueventd vendor_file (system (module_load)))
|
|
(allow ueventd kernel (key (search)))
|
|
(allow ueventd system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow ueventd system_bootstrap_lib_file (file (read getattr map execute open)))
|
|
(allow ueventd vendor_shell_exec (file (execute)))
|
|
(allow ueventd dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow ueventd self (capability (sys_admin)))
|
|
(allow ueventd apexd_prop (file (read getattr map open)))
|
|
;;* lmx 80 system/sepolicy/public/ueventd.te
|
|
|
|
(neverallow ueventd dev_type (blk_file (ioctl read write lock append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 83 system/sepolicy/public/ueventd.te
|
|
|
|
(neverallow ueventd port_device (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 86 system/sepolicy/public/ueventd.te
|
|
|
|
(neverallow base_typeattr_224 ueventd (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 89 system/sepolicy/public/ueventd.te
|
|
|
|
(neverallow ueventd fs_type (file (execute_no_trans)))
|
|
(neverallow ueventd file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow uncrypt self (capability (dac_override dac_read_search)))
|
|
(allow uncrypt self (cap_userns (dac_override dac_read_search)))
|
|
(allow uncrypt cache_file (dir (search)))
|
|
(allow uncrypt cache_recovery_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow uncrypt cache_recovery_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow uncrypt ota_package_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow uncrypt ota_package_file (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow uncrypt uncrypt_socket (sock_file (write)))
|
|
(allow uncrypt uncrypt (unix_stream_socket (connectto)))
|
|
(allow uncrypt self (capability (sys_rawio)))
|
|
(allow uncrypt self (cap_userns (sys_rawio)))
|
|
(allow uncrypt misc_block_device (blk_file (write lock append map open)))
|
|
(allow uncrypt block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow uncrypt userdata_block_device (blk_file (write lock append map open)))
|
|
(allow uncrypt rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow uncrypt rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow uncrypt sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt sysfs_dt_firmware_android (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt gsi_metadata_file_type (dir (search)))
|
|
(allow uncrypt metadata_file (dir (search)))
|
|
(allow uncrypt gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uncrypt proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine self (process (setsched)))
|
|
(allow update_engine self (capability (fowner sys_admin)))
|
|
(allow update_engine self (cap_userns (fowner sys_admin)))
|
|
(dontaudit update_engine self (capability (fsetid)))
|
|
(dontaudit update_engine self (cap_userns (fsetid)))
|
|
(allow update_engine kmsg_device (chr_file (write getattr lock append map open)))
|
|
(allow update_engine update_engine_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow update_engine sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow update_engine self (capability2 (block_suspend)))
|
|
(allow update_engine self (cap2_userns (block_suspend)))
|
|
(allow update_engine system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server update_engine (binder (transfer)))
|
|
(allow update_engine system_suspend_server (fd (use)))
|
|
(allow update_engine system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow update_engine hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager update_engine (binder (call transfer)))
|
|
(allow hwservicemanager update_engine (dir (search)))
|
|
(allow hwservicemanager update_engine (file (read map open)))
|
|
(allow hwservicemanager update_engine (process (getattr)))
|
|
(allow update_engine hwservicemanager_prop (file (read getattr map open)))
|
|
(allow update_engine hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow update_engine hal_system_suspend_service (service_manager (find)))
|
|
(allow update_engine servicemanager (binder (call transfer)))
|
|
(allow servicemanager update_engine (binder (call transfer)))
|
|
(allow servicemanager update_engine (dir (search)))
|
|
(allow servicemanager update_engine (file (read open)))
|
|
(allow servicemanager update_engine (process (getattr)))
|
|
(dontaudit update_engine kernel (process (setsched)))
|
|
(dontaudit update_engine self (capability (sys_rawio)))
|
|
(dontaudit update_engine self (cap_userns (sys_rawio)))
|
|
(allow update_engine update_engine_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow update_engine update_engine_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow update_engine update_engine_log_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow update_engine update_engine_log_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow update_engine servicemanager (binder (call transfer)))
|
|
(allow servicemanager update_engine (binder (call transfer)))
|
|
(allow servicemanager update_engine (dir (search)))
|
|
(allow servicemanager update_engine (file (read open)))
|
|
(allow servicemanager update_engine (process (getattr)))
|
|
(allow update_engine update_engine_service (service_manager (add find)))
|
|
;;* lmx 34 system/sepolicy/public/update_engine.te
|
|
|
|
(neverallow base_typeattr_594 update_engine_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow update_engine update_engine_stable_service (service_manager (add find)))
|
|
;;* lmx 35 system/sepolicy/public/update_engine.te
|
|
|
|
(neverallow base_typeattr_594 update_engine_stable_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow update_engine priv_app (binder (call transfer)))
|
|
(allow priv_app update_engine (binder (transfer)))
|
|
(allow update_engine priv_app (fd (use)))
|
|
(allow update_engine gmscore_app (binder (call transfer)))
|
|
(allow gmscore_app update_engine (binder (transfer)))
|
|
(allow update_engine gmscore_app (fd (use)))
|
|
(allow update_engine system_server (binder (call transfer)))
|
|
(allow system_server update_engine (binder (transfer)))
|
|
(allow update_engine system_server (fd (use)))
|
|
(allow update_engine ota_package_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine ota_package_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine proc_misc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine gsi_metadata_file_type (dir (search)))
|
|
(allow update_engine metadata_file (dir (search)))
|
|
(allow update_engine gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common block_device (dir (search)))
|
|
(allow update_engine_common boot_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow update_engine_common system_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx update_engine_common dev_type (ioctl blk_file ((range 0x125d 0x125e) 0x1277 (range 0x127c 0x127d) 0x127f)))
|
|
(allow update_engine_common misc_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow update_engine_common rootfs (dir (getattr)))
|
|
(allow update_engine_common rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common postinstall_mnt_dir (dir (getattr mounton search)))
|
|
(allow update_engine_common postinstall_file (filesystem (mount unmount relabelfrom relabelto)))
|
|
(allow update_engine_common labeledfs (filesystem (mount unmount relabelfrom)))
|
|
(allow update_engine_common postinstall_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow update_engine_common postinstall_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common postinstall_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common cache_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common cache_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow update_engine_common postinstall (process (sigkill sigstop signal)))
|
|
(allow update_engine_common proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common sysfs_dt_firmware_android (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common sysfs_dm (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow update_engine_common dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow update_engine dm_user_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine dm_user_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_engine_common super_block_device_type (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx update_engine_common super_block_device_type (ioctl blk_file (0x1278 0x127a)))
|
|
(allow update_engine_common block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_engine_common statsdw_socket (sock_file (write)))
|
|
(allow update_engine_common statsd (unix_dgram_socket (sendto)))
|
|
(allow update_engine_common virtual_ab_prop (file (read getattr map open)))
|
|
(allow update_engine_common ab_update_gki_prop (file (read getattr map open)))
|
|
(allow update_engine_common build_bootimage_prop (file (read getattr map open)))
|
|
(allow update_engine_common metadata_file (dir (search)))
|
|
(allow update_engine_common ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow update_engine_common ota_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow update_verifier block_device (dir (search)))
|
|
(allow update_verifier ota_package_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_verifier ota_package_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_verifier sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_verifier sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow update_verifier sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_verifier dm_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow update_verifier kmsg_device (chr_file (write getattr lock append map open)))
|
|
(allow update_verifier vold_service (service_manager (find)))
|
|
(allow update_verifier servicemanager (binder (call transfer)))
|
|
(allow servicemanager update_verifier (binder (transfer)))
|
|
(allow update_verifier servicemanager (fd (use)))
|
|
(allow update_verifier vold (binder (call transfer)))
|
|
(allow vold update_verifier (binder (transfer)))
|
|
(allow update_verifier vold (fd (use)))
|
|
(allow usbd servicemanager (binder (call transfer)))
|
|
(allow servicemanager usbd (binder (transfer)))
|
|
(allow usbd servicemanager (fd (use)))
|
|
(allow userdata_sysdev sysfs (filesystem (associate)))
|
|
(allow vdc devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vdc kmsg_device (chr_file (write getattr lock append map open)))
|
|
(allow vdc servicemanager (binder (call transfer)))
|
|
(allow servicemanager vdc (binder (call transfer)))
|
|
(allow servicemanager vdc (dir (search)))
|
|
(allow servicemanager vdc (file (read open)))
|
|
(allow servicemanager vdc (process (getattr)))
|
|
(allow vdc vold (binder (call transfer)))
|
|
(allow vold vdc (binder (transfer)))
|
|
(allow vdc vold (fd (use)))
|
|
(allow vdc vold_service (service_manager (find)))
|
|
(allow vendor_init init (unix_stream_socket (read write)))
|
|
(allow vendor_init kmsg_device (chr_file (write getattr open)))
|
|
(allow vendor_init device (dir (mounton)))
|
|
(allow vendor_init rootfs (lnk_file (create unlink)))
|
|
(allow vendor_init cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vendor_init cgroup (file (write lock append map open)))
|
|
(allow vendor_init cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vendor_init cgroup_v2 (file (write lock append map open)))
|
|
(allow vendor_init configfs (dir (mounton)))
|
|
(allow vendor_init configfs (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vendor_init configfs (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vendor_init configfs (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vendor_init self (capability (dac_override dac_read_search)))
|
|
(allow vendor_init self (cap_userns (dac_override dac_read_search)))
|
|
(allow vendor_init self (capability (chown fowner fsetid)))
|
|
(allow vendor_init self (cap_userns (chown fowner fsetid)))
|
|
(allow vendor_init unencrypted_data_file (dir (search)))
|
|
(allow vendor_init unencrypted_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allowx vendor_init data_file_type (ioctl dir (0x6613 0x6615)))
|
|
(allow vendor_init system_data_file (dir (getattr)))
|
|
(allow vendor_init base_typeattr_595 (dir (ioctl read write create getattr setattr relabelfrom open add_name remove_name search rmdir)))
|
|
(allow vendor_init unlabeled (file (getattr relabelfrom)))
|
|
(allow vendor_init unlabeled (dir (getattr relabelfrom)))
|
|
(allow vendor_init unlabeled (lnk_file (getattr relabelfrom)))
|
|
(allow vendor_init unlabeled (sock_file (getattr relabelfrom)))
|
|
(allow vendor_init unlabeled (fifo_file (getattr relabelfrom)))
|
|
(allow vendor_init base_typeattr_596 (file (read write create getattr setattr relabelfrom map unlink open)))
|
|
(allow vendor_init base_typeattr_597 (sock_file (read create getattr setattr relabelfrom unlink open)))
|
|
(allow vendor_init base_typeattr_597 (fifo_file (read create getattr setattr relabelfrom unlink open)))
|
|
(allow vendor_init base_typeattr_598 (lnk_file (create getattr setattr relabelfrom unlink)))
|
|
(allow vendor_init base_typeattr_599 (file (relabelto)))
|
|
(allow vendor_init base_typeattr_599 (dir (relabelto)))
|
|
(allow vendor_init base_typeattr_599 (lnk_file (relabelto)))
|
|
(allow vendor_init base_typeattr_599 (chr_file (relabelto)))
|
|
(allow vendor_init base_typeattr_599 (blk_file (relabelto)))
|
|
(allow vendor_init base_typeattr_599 (sock_file (relabelto)))
|
|
(allow vendor_init base_typeattr_599 (fifo_file (relabelto)))
|
|
(allow vendor_init dev_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vendor_init dev_type (lnk_file (create)))
|
|
(allow vendor_init debugfs_tracing (file (write lock append map open)))
|
|
(allow vendor_init base_typeattr_600 (file (read setattr map open)))
|
|
(allow vendor_init tracefs_type (file (read setattr map open)))
|
|
(allow vendor_init base_typeattr_601 (dir (read setattr open search)))
|
|
(allow vendor_init dev_type (blk_file (getattr)))
|
|
(allow vendor_init proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vendor_init proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_init proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_init proc_net_type (file (write lock append map open)))
|
|
(allow vendor_init self (capability (net_admin)))
|
|
(allow vendor_init self (cap_userns (net_admin)))
|
|
(allow vendor_init proc_page_cluster (file (write lock append map open)))
|
|
(allow vendor_init sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vendor_init sysfs_type (lnk_file (read)))
|
|
(allow vendor_init base_typeattr_602 (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vendor_init self (process (setfscreate)))
|
|
(allow vendor_init vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vendor_init vendor_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_init vendor_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_init serialno_prop (file (read getattr map open)))
|
|
(allow vendor_init self (capability (sys_admin)))
|
|
(allow vendor_init self (cap_userns (sys_admin)))
|
|
(allow vendor_init misc_block_device (blk_file (write lock append map open)))
|
|
(allow vendor_init system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vendor_init system_bootstrap_lib_file (file (read getattr map execute open)))
|
|
(allow vendor_init userdata_sysdev (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vendor_init file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_init self (capability (sys_nice)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init apk_verity_prop (property_service (set)))
|
|
(allow vendor_init apk_verity_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init bluetooth_a2dp_offload_prop (property_service (set)))
|
|
(allow vendor_init bluetooth_a2dp_offload_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init bluetooth_audio_hal_prop (property_service (set)))
|
|
(allow vendor_init bluetooth_audio_hal_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init bluetooth_config_prop (property_service (set)))
|
|
(allow vendor_init bluetooth_config_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init camera2_extensions_prop (property_service (set)))
|
|
(allow vendor_init camera2_extensions_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init camerax_extensions_prop (property_service (set)))
|
|
(allow vendor_init camerax_extensions_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init cpu_variant_prop (property_service (set)))
|
|
(allow vendor_init cpu_variant_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init dalvik_config_prop (property_service (set)))
|
|
(allow vendor_init dalvik_config_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init dalvik_dynamic_config_prop (property_service (set)))
|
|
(allow vendor_init dalvik_dynamic_config_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init dalvik_runtime_prop (property_service (set)))
|
|
(allow vendor_init dalvik_runtime_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init debug_prop (property_service (set)))
|
|
(allow vendor_init debug_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_bluetooth_prop (property_service (set)))
|
|
(allow vendor_init exported_bluetooth_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_camera_prop (property_service (set)))
|
|
(allow vendor_init exported_camera_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_config_prop (property_service (set)))
|
|
(allow vendor_init exported_config_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_default_prop (property_service (set)))
|
|
(allow vendor_init exported_default_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_overlay_prop (property_service (set)))
|
|
(allow vendor_init exported_overlay_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init exported_pm_prop (property_service (set)))
|
|
(allow vendor_init exported_pm_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init ffs_control_prop (property_service (set)))
|
|
(allow vendor_init ffs_control_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init hw_timeout_multiplier_prop (property_service (set)))
|
|
(allow vendor_init hw_timeout_multiplier_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init incremental_prop (property_service (set)))
|
|
(allow vendor_init incremental_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init lmkd_prop (property_service (set)))
|
|
(allow vendor_init lmkd_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init logd_prop (property_service (set)))
|
|
(allow vendor_init logd_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init log_tag_prop (property_service (set)))
|
|
(allow vendor_init log_tag_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init log_prop (property_service (set)))
|
|
(allow vendor_init log_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init graphics_config_writable_prop (property_service (set)))
|
|
(allow vendor_init graphics_config_writable_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init qemu_hw_prop (property_service (set)))
|
|
(allow vendor_init qemu_hw_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init radio_control_prop (property_service (set)))
|
|
(allow vendor_init radio_control_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init rebootescrow_hal_prop (property_service (set)))
|
|
(allow vendor_init rebootescrow_hal_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init serialno_prop (property_service (set)))
|
|
(allow vendor_init serialno_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init soc_prop (property_service (set)))
|
|
(allow vendor_init soc_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init surfaceflinger_color_prop (property_service (set)))
|
|
(allow vendor_init surfaceflinger_color_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init usb_control_prop (property_service (set)))
|
|
(allow vendor_init usb_control_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init userspace_reboot_config_prop (property_service (set)))
|
|
(allow vendor_init userspace_reboot_config_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vehicle_hal_prop (property_service (set)))
|
|
(allow vendor_init vehicle_hal_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vendor_default_prop (property_service (set)))
|
|
(allow vendor_init vendor_default_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init keystore_config_prop (property_service (set)))
|
|
(allow vendor_init keystore_config_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vendor_security_patch_level_prop (property_service (set)))
|
|
(allow vendor_init vendor_security_patch_level_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vndk_prop (property_service (set)))
|
|
(allow vendor_init vndk_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init virtual_ab_prop (property_service (set)))
|
|
(allow vendor_init virtual_ab_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init vold_post_fs_data_prop (property_service (set)))
|
|
(allow vendor_init vold_post_fs_data_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init wifi_hal_prop (property_service (set)))
|
|
(allow vendor_init wifi_hal_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init wifi_log_prop (property_service (set)))
|
|
(allow vendor_init wifi_log_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init zram_control_prop (property_service (set)))
|
|
(allow vendor_init zram_control_prop (file (read getattr map open)))
|
|
(allow vendor_init boot_status_prop (file (read getattr map open)))
|
|
(allow vendor_init exported3_system_prop (file (read getattr map open)))
|
|
(allow vendor_init ota_prop (file (read getattr map open)))
|
|
(allow vendor_init power_debug_prop (file (read getattr map open)))
|
|
(allow vendor_init provisioned_prop (file (read getattr map open)))
|
|
(allow vendor_init retaildemo_prop (file (read getattr map open)))
|
|
(allow vendor_init surfaceflinger_display_prop (file (read getattr map open)))
|
|
(allow vendor_init test_harness_prop (file (read getattr map open)))
|
|
(allow vendor_init theme_prop (file (read getattr map open)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init dck_prop (property_service (set)))
|
|
(allow vendor_init dck_prop (file (read getattr map open)))
|
|
(allow vendor_init device_config_vendor_system_native_prop (file (read getattr map open)))
|
|
(allow vendor_init device_config_vendor_system_native_boot_prop (file (read getattr map open)))
|
|
;;* lmx 305 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init base_typeattr_603 (socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (tcp_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (udp_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (rawip_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (packet_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (key_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (unix_stream_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (unix_dgram_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_route_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_tcpdiag_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_nflog_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_xfrm_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_selinux_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_audit_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_dnrt_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_kobject_uevent_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (appletalk_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (tun_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_iscsi_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_fib_lookup_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_connector_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_netfilter_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_generic_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_scsitransport_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_rdma_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netlink_crypto_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (sctp_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (icmp_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (ax25_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (ipx_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (netrom_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (atmpvc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (x25_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (rose_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (decnet_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (atmsvc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (rds_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (irda_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (pppox_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (llc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (can_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (tipc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (bluetooth_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (iucv_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (rxrpc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (isdn_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (phonet_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (ieee802154_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (caif_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (alg_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (nfc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (vsock_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (kcm_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (qipcrtr_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (smc_socket (connect sendto)))
|
|
(neverallow vendor_init base_typeattr_603 (xdp_socket (connect sendto)))
|
|
;;* lme
|
|
|
|
;;* lmx 305 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init base_typeattr_603 (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 310 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow domain vendor_init (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 311 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow base_typeattr_223 vendor_init (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 312 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init base_typeattr_554 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 315 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init app_data_file_type (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 316 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init shell_data_file (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 318 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init shell_data_file (dir (write add_name remove_name)))
|
|
;;* lme
|
|
|
|
;;* lmx 321 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init fs_type (file (execute_no_trans)))
|
|
(neverallow vendor_init file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 324 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init service_manager_type (service_manager (add find)))
|
|
;;* lme
|
|
|
|
;;* lmx 325 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow vendor_init servicemanager (service_manager (list)))
|
|
;;* lme
|
|
|
|
;;* lmx 328 system/sepolicy/public/vendor_init.te
|
|
|
|
(neverallow base_typeattr_224 vendor_init (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow vendor_misc_writer misc_block_device (blk_file (write lock append map open)))
|
|
(allow vendor_misc_writer block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit vendor_misc_writer proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit vendor_misc_writer sysfs_dt_firmware_android (dir (search)))
|
|
(dontaudit vendor_misc_writer proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_misc_writer gsi_metadata_file_type (dir (search)))
|
|
(allow vendor_misc_writer metadata_file (dir (search)))
|
|
(allow vendor_misc_writer gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_misc_writer proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_misc_writer proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vendor_shell vendor_shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow vendor_shell vendor_toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow vendor_shell shell (fd (use)))
|
|
(allow vendor_shell adbd (fd (use)))
|
|
(allow vendor_shell adbd (process (sigchld)))
|
|
(allow vendor_shell adbd (unix_stream_socket (ioctl read write getattr)))
|
|
(allow vendor_shell devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vendor_shell tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vendor_shell console_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vendor_shell input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vendor_shell input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lmx 8 system/sepolicy/public/vendor_toolbox.te
|
|
|
|
(neverallow base_typeattr_604 vendor_toolbox_exec (file (execute execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow virtual_touchpad servicemanager (binder (call transfer)))
|
|
(allow servicemanager virtual_touchpad (binder (call transfer)))
|
|
(allow servicemanager virtual_touchpad (dir (search)))
|
|
(allow servicemanager virtual_touchpad (file (read open)))
|
|
(allow servicemanager virtual_touchpad (process (getattr)))
|
|
(allow virtual_touchpad virtual_touchpad_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/public/virtual_touchpad.te
|
|
|
|
(neverallow base_typeattr_605 virtual_touchpad_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow virtual_touchpad system_server (binder (call transfer)))
|
|
(allow system_server virtual_touchpad (binder (transfer)))
|
|
(allow virtual_touchpad system_server (fd (use)))
|
|
(allow virtual_touchpad uhid_device (chr_file (ioctl write lock append map open)))
|
|
(allow virtual_touchpad permission_service (service_manager (find)))
|
|
(allow vold cache_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vold cache_file (file (read getattr)))
|
|
(allow vold cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold base_typeattr_606 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vold base_typeattr_606 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold base_typeattr_606 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold sysfs (file (write lock append map open)))
|
|
(allow vold sysfs_devices_block (file (write lock append map open)))
|
|
(allow vold sysfs_dm (file (write lock append map open)))
|
|
(allow vold sysfs_loop (file (write lock append map open)))
|
|
(allow vold sysfs_usb (file (write lock append map open)))
|
|
(allow vold sysfs_fs_f2fs (file (write lock append map open)))
|
|
(allow vold sysfs_zram_uevent (file (write lock append map open)))
|
|
(allow vold rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vold rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vold metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_drop_caches (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_mounts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold self (process (setexec)))
|
|
(allow vold e2fs_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allowx vold fs_type (ioctl dir (0x5879)))
|
|
(allowx vold file_type (ioctl dir (0x5879)))
|
|
(allowx vold data_file_type (ioctl dir (0x6613 0x6615 (range 0x6617 0x6618) 0x661a)))
|
|
;;* lmx 63 system/sepolicy/public/vold.te
|
|
|
|
(neverallowx base_typeattr_321 data_file_type (ioctl dir (0x6613)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/public/vold.te
|
|
|
|
(neverallowx base_typeattr_339 data_file_type (ioctl dir ((range 0x6617 0x6618) 0x661a)))
|
|
;;* lme
|
|
|
|
(allowx vold vold_metadata_file (ioctl file (0x660b)))
|
|
(allowx vold vold_data_file (ioctl file (0x660b)))
|
|
(allowx vold vold_metadata_file (ioctl file (0xf514)))
|
|
(allowx vold vold_data_file (ioctl file (0xf514)))
|
|
(allow vold self (process (setfscreate)))
|
|
(allow vold system_file (file (getattr map execute execute_no_trans)))
|
|
(allow vold block_device (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold device (dir (write)))
|
|
(allow vold devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold rootfs (dir (mounton)))
|
|
(allow vold sdcard_type (dir (mounton)))
|
|
(allow vold fuse (dir (mounton)))
|
|
(allow vold sdcard_type (filesystem (mount remount unmount)))
|
|
(allow vold fuse (filesystem (mount remount unmount)))
|
|
(allow vold sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold fuse (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold mnt_media_rw_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold storage_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold mnt_media_rw_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold storage_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold media_rw_data_file (dir (mounton)))
|
|
(allowx vold media_rw_data_file (ioctl file ((range 0x581f 0x5820))))
|
|
(allowx vold media_rw_data_file (ioctl dir ((range 0x581f 0x5820))))
|
|
(allowx vold media_rw_data_file (ioctl file ((range 0x6601 0x6602))))
|
|
(allowx vold media_rw_data_file (ioctl dir ((range 0x6601 0x6602))))
|
|
(allow vold mnt_media_rw_stub_file (dir (create getattr setattr mounton rmdir)))
|
|
(allow vold storage_stub_file (dir (create getattr setattr mounton rmdir)))
|
|
(allow vold mnt_user_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold mnt_user_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold mnt_user_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold mnt_pass_through_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold mnt_pass_through_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold mnt_expand_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold apk_data_file (dir (create getattr setattr)))
|
|
(allow vold shell_data_file (dir (create getattr setattr)))
|
|
(allow vold system_userdir_file (dir (create getattr setattr)))
|
|
(allow vold media_userdir_file (dir (ioctl read create getattr setattr open)))
|
|
(allowx vold media_userdir_file (ioctl dir ((range 0x6601 0x6602))))
|
|
(allow vold apk_data_file (dir (ioctl read write getattr lock mounton open watch watch_reads add_name remove_name search)))
|
|
(allow vold apk_data_file (file (ioctl read write getattr lock append map unlink open watch watch_reads)))
|
|
(allow vold apk_tmp_file (dir (ioctl read getattr lock mounton open watch watch_reads search)))
|
|
(allow vold incremental_control_file (file (ioctl read getattr lock relabelto map open watch watch_reads)))
|
|
(allow vold tmpfs (filesystem (mount unmount)))
|
|
(allow vold tmpfs (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold tmpfs (dir (mounton)))
|
|
(allow vold self (capability (chown dac_override dac_read_search fowner fsetid net_admin sys_admin mknod)))
|
|
(allow vold self (cap_userns (chown dac_override dac_read_search fowner fsetid net_admin sys_admin mknod)))
|
|
(allow vold self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow vold loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold loop_device (blk_file (ioctl read write create getattr setattr lock append map unlink open watch watch_reads)))
|
|
(allowx vold loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c04 0x4c05) 0x4c82)))
|
|
(allow vold vold_device (blk_file (ioctl read write create getattr setattr lock append map unlink open watch watch_reads)))
|
|
(allowx vold vold_device (ioctl blk_file (0x1260 0x1277)))
|
|
(allow vold dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx vold dm_device (ioctl blk_file (0x1277 0x127d (range 0x1282 0x1283))))
|
|
(allow vold domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow vold domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold domain (process (sigkill signal)))
|
|
(allow vold self (capability (kill sys_ptrace)))
|
|
(allow vold self (cap_userns (kill sys_ptrace)))
|
|
(allow vold kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold fsck_exec (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow vold fscklogs (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow vold fscklogs (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold labeledfs (filesystem (mount remount unmount)))
|
|
(allow vold system_data_root_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold system_data_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold system_data_file (lnk_file (getattr)))
|
|
(allow vold vendor_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold system_data_file (file (read)))
|
|
(allow vold kernel (process (setsched)))
|
|
(allow vold asec_image_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold asec_image_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow vold asec_apk_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold asec_public_file (dir (setattr relabelto)))
|
|
(allow vold asec_apk_file (file (ioctl read getattr setattr lock relabelfrom relabelto map open watch watch_reads)))
|
|
(allow vold asec_public_file (file (setattr relabelto)))
|
|
(allow vold unlabeled (dir (ioctl read getattr setattr lock relabelfrom open watch watch_reads search)))
|
|
(allow vold unlabeled (file (ioctl read getattr setattr lock relabelfrom map open watch watch_reads)))
|
|
(allow vold fusectlfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold fusectlfs (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow vold sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold self (capability2 (block_suspend)))
|
|
(allow vold self (cap2_userns (block_suspend)))
|
|
(allow vold system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server vold (binder (transfer)))
|
|
(allow vold system_suspend_server (fd (use)))
|
|
(allow vold system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow vold hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager vold (binder (call transfer)))
|
|
(allow hwservicemanager vold (dir (search)))
|
|
(allow hwservicemanager vold (file (read map open)))
|
|
(allow hwservicemanager vold (process (getattr)))
|
|
(allow vold hwservicemanager_prop (file (read getattr map open)))
|
|
(allow vold hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow vold hal_system_suspend_service (service_manager (find)))
|
|
(allow vold servicemanager (binder (call transfer)))
|
|
(allow servicemanager vold (binder (call transfer)))
|
|
(allow servicemanager vold (dir (search)))
|
|
(allow servicemanager vold (file (read open)))
|
|
(allow servicemanager vold (process (getattr)))
|
|
(allow vold servicemanager (binder (call transfer)))
|
|
(allow servicemanager vold (binder (call transfer)))
|
|
(allow servicemanager vold (dir (search)))
|
|
(allow servicemanager vold (file (read open)))
|
|
(allow servicemanager vold (process (getattr)))
|
|
(allow vold vold_service (service_manager (add find)))
|
|
;;* lmx 218 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_339 vold_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow vold system_server (binder (call transfer)))
|
|
(allow system_server vold (binder (transfer)))
|
|
(allow vold system_server (fd (use)))
|
|
(allow vold permission_service (service_manager (find)))
|
|
(allow vold userdata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx vold userdata_block_device (ioctl blk_file (0x127d)))
|
|
(allow vold zoned_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold metadata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx vold metadata_block_device (ioctl blk_file (0x127d)))
|
|
(allow vold unencrypted_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold unencrypted_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold proc_drop_caches (file (write lock append map open)))
|
|
(allow vold vold_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold vold_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold vold_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold vold_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vold init (key (write search setattr)))
|
|
(allow vold vold (key (write search setattr)))
|
|
(allow vold self (capability (sys_nice)))
|
|
(allow vold self (cap_userns (sys_nice)))
|
|
(allow vold self (capability (sys_chroot)))
|
|
(allow vold self (cap_userns (sys_chroot)))
|
|
(allow vold storage_file (dir (mounton)))
|
|
(allow vold fuse_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold fuse (filesystem (relabelfrom)))
|
|
(allow vold app_fusefs (filesystem (relabelfrom relabelto)))
|
|
(allow vold app_fusefs (filesystem (mount unmount)))
|
|
(allow vold app_fuse_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow vold app_fuse_file (file (read write getattr append open)))
|
|
(allow vold toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow vold user_profile_root_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold user_profile_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold misc_block_device (blk_file (write lock append map open)))
|
|
(allow vold mnt_vendor_file (dir (search)))
|
|
(dontaudit vold self (capability (sys_resource)))
|
|
(dontaudit vold self (cap_userns (sys_resource)))
|
|
(allow vold gsi_metadata_file_type (dir (search)))
|
|
(allow vold metadata_file (dir (search)))
|
|
(allow vold gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 299 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_607 vold_data_file (dir (write lock append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 306 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_608 vold_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 312 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_337 vold_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 319 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_609 vold_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_609 vold_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_609 vold_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_609 vold_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 326 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_608 vold_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_608 vold_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_608 vold_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_608 vold_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 334 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_610 vold_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_610 vold_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_610 vold_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_610 vold_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_610 vold_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_610 vold_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_610 vold_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_610 vold_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 336 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_337 restorecon_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 349 system/sepolicy/public/vold.te
|
|
|
|
(neverallow vold base_typeattr_611 (binder (call)))
|
|
;;* lme
|
|
|
|
;;* lmx 351 system/sepolicy/public/vold.te
|
|
|
|
(neverallow vold fsck_exec (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 352 system/sepolicy/public/vold.te
|
|
|
|
(neverallow base_typeattr_223 vold (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 353 system/sepolicy/public/vold.te
|
|
|
|
(neverallow vold base_typeattr_224 (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 354 system/sepolicy/public/vold.te
|
|
|
|
(neverallow vold base_typeattr_224 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
(allow watchdogd watchdog_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow watchdogd kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow wificond servicemanager (binder (call transfer)))
|
|
(allow servicemanager wificond (binder (call transfer)))
|
|
(allow servicemanager wificond (dir (search)))
|
|
(allow servicemanager wificond (file (read open)))
|
|
(allow servicemanager wificond (process (getattr)))
|
|
(allow wificond system_server (binder (call transfer)))
|
|
(allow system_server wificond (binder (transfer)))
|
|
(allow wificond system_server (fd (use)))
|
|
(allow wificond keystore (binder (call transfer)))
|
|
(allow keystore wificond (binder (transfer)))
|
|
(allow wificond keystore (fd (use)))
|
|
(allow wificond wifinl80211_service (service_manager (add find)))
|
|
;;* lmx 9 system/sepolicy/public/wificond.te
|
|
|
|
(neverallow base_typeattr_612 wifinl80211_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow wificond self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allowx wificond self (ioctl udp_socket (0x8914 0x8924)))
|
|
(allow wificond self (capability (net_admin net_raw)))
|
|
(allow wificond self (cap_userns (net_admin net_raw)))
|
|
(allow wificond self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow wificond self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow wificond proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow wificond proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow wificond proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow wificond permission_service (service_manager (find)))
|
|
(allow wificond dumpstate (fd (use)))
|
|
(allow wificond dumpstate (fifo_file (write)))
|
|
(allow wificond hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager wificond (binder (call transfer)))
|
|
(allow hwservicemanager wificond (dir (search)))
|
|
(allow hwservicemanager wificond (file (read map open)))
|
|
(allow hwservicemanager wificond (process (getattr)))
|
|
(allow wificond system_wifi_keystore_hwservice (hwservice_manager (add find)))
|
|
(allow wificond hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 34 system/sepolicy/public/wificond.te
|
|
|
|
(neverallow base_typeattr_612 system_wifi_keystore_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow wificond keystore_service (service_manager (find)))
|
|
(allow wificond wifi_key (keystore2_key (get_info use)))
|
|
;;* lmx 1 system/sepolicy/private/attributes
|
|
|
|
(neverallow base_typeattr_613 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 1 system/sepolicy/private/attributes
|
|
|
|
(neverallow base_typeattr_614 domain (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 1 system/sepolicy/private/attributes
|
|
|
|
(neverallow base_typeattr_615 domain (process (fork)))
|
|
;;* lme
|
|
|
|
(allow init aconfigd_exec (file (read getattr map execute open)))
|
|
(allow init aconfigd (process (transition)))
|
|
(allow aconfigd aconfigd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init aconfigd (process (noatsecure)))
|
|
(allow init aconfigd (process (siginh rlimitinh)))
|
|
(typetransition init aconfigd_exec process aconfigd)
|
|
;;* lmx 10 system/sepolicy/private/aconfigd.te
|
|
|
|
(neverallow base_typeattr_223 aconfigd (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/private/aconfigd.te
|
|
|
|
(neverallow base_typeattr_224 aconfigd (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allow aconfigd metadata_file (dir (search)))
|
|
(allow aconfigd aconfig_storage_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow aconfigd aconfig_storage_flags_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow aconfigd aconfig_storage_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow aconfigd aconfig_storage_flags_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow aconfigd aconfigd_socket (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow aconfigd kmsg_device (chr_file (write lock append map open)))
|
|
(allow aconfigd system_aconfig_storage_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow aconfigd system_aconfig_storage_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow aconfigd vendor_aconfig_storage_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow aconfigd vendor_aconfig_storage_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init adbd_exec (file (read getattr map execute open)))
|
|
(allow init adbd (process (transition)))
|
|
(allow adbd adbd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init adbd (process (noatsecure)))
|
|
(allow init adbd (process (siginh rlimitinh)))
|
|
(typetransition init adbd_exec process adbd)
|
|
(allow adbd shell_exec (file (read getattr map execute open)))
|
|
(allow adbd shell (process (transition)))
|
|
(allow shell shell_exec (file (read getattr map execute open entrypoint)))
|
|
(allow shell adbd (process (sigchld)))
|
|
(dontaudit adbd shell (process (noatsecure)))
|
|
(allow adbd shell (process (siginh rlimitinh)))
|
|
(typetransition adbd shell_exec process shell)
|
|
(allow adbd traced_consumer_socket (sock_file (write)))
|
|
(allow adbd traced (unix_stream_socket (connectto)))
|
|
(allow adbd shell (process (signal noatsecure)))
|
|
(allow adbd self (capability (setgid setuid)))
|
|
(allow adbd self (cap_userns (setgid setuid)))
|
|
(allow adbd self (capability (setpcap)))
|
|
(allow adbd self (cap_userns (setpcap)))
|
|
(dontaudit adbd self (capability (sys_resource)))
|
|
(dontaudit adbd self (cap_userns (sys_resource)))
|
|
(dontaudit adbd self (socket (create)))
|
|
(dontaudit adbd self (vsock_socket (create)))
|
|
(allow adbd self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
(allow adbd mdnsd_socket (sock_file (write)))
|
|
(allow adbd mdnsd (unix_stream_socket (connectto)))
|
|
(allow adbd functionfs (dir (search)))
|
|
(allow adbd functionfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx adbd functionfs (ioctl file (0x6703 0x6782)))
|
|
(allow adbd devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow adbd shell_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow adbd shell_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow adbd trace_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd trace_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd profman_dump_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd profman_dump_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd tmpfs (dir (search)))
|
|
(allow adbd rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd tmpfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow adbd fuse (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow adbd sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow adbd fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow adbd anr_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd anr_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd vendor_framework_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd vendor_framework_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd property_socket (sock_file (write)))
|
|
(allow adbd init (unix_stream_socket (connectto)))
|
|
(allow adbd shell_prop (property_service (set)))
|
|
(allow adbd shell_prop (file (read getattr map open)))
|
|
(allow adbd property_socket (sock_file (write)))
|
|
(allow adbd init (unix_stream_socket (connectto)))
|
|
(allow adbd powerctl_prop (property_service (set)))
|
|
(allow adbd powerctl_prop (file (read getattr map open)))
|
|
(allow adbd ffs_config_prop (file (read getattr map open)))
|
|
(allow adbd property_socket (sock_file (write)))
|
|
(allow adbd init (unix_stream_socket (connectto)))
|
|
(allow adbd ffs_control_prop (property_service (set)))
|
|
(allow adbd ffs_control_prop (file (read getattr map open)))
|
|
(allow adbd property_socket (sock_file (write)))
|
|
(allow adbd init (unix_stream_socket (connectto)))
|
|
(allow adbd adbd_prop (property_service (set)))
|
|
(allow adbd adbd_prop (file (read getattr map open)))
|
|
(allow adbd property_socket (sock_file (write)))
|
|
(allow adbd init (unix_stream_socket (connectto)))
|
|
(allow adbd adbd_config_prop (property_service (set)))
|
|
(allow adbd adbd_config_prop (file (read getattr map open)))
|
|
(allow adbd property_socket (sock_file (write)))
|
|
(allow adbd init (unix_stream_socket (connectto)))
|
|
(allow adbd ctl_mdnsd_prop (property_service (set)))
|
|
(allow adbd ctl_mdnsd_prop (file (read getattr map open)))
|
|
(allow adbd device_logging_prop (file (read getattr map open)))
|
|
(allow adbd serialno_prop (file (read getattr map open)))
|
|
(allow adbd test_harness_prop (file (read getattr map open)))
|
|
(allow adbd system_adbd_prop (file (read getattr map open)))
|
|
(allow adbd system_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow adbd servicemanager (binder (call transfer)))
|
|
(allow servicemanager adbd (binder (call transfer)))
|
|
(allow servicemanager adbd (dir (search)))
|
|
(allow servicemanager adbd (file (read open)))
|
|
(allow servicemanager adbd (process (getattr)))
|
|
(allow adbd surfaceflinger (binder (call transfer)))
|
|
(allow surfaceflinger adbd (binder (transfer)))
|
|
(allow adbd surfaceflinger (fd (use)))
|
|
(allow adbd gpuservice (binder (call transfer)))
|
|
(allow gpuservice adbd (binder (transfer)))
|
|
(allow adbd gpuservice (fd (use)))
|
|
(allow adbd gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow adbd gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow adbd system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd adb_keys_file (dir (search)))
|
|
(allow adbd adb_keys_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd app_data_file (dir (search)))
|
|
(allow adbd app_data_file (sock_file (write)))
|
|
(allow adbd appdomain (unix_stream_socket (connectto)))
|
|
(allow adbd zygote_exec (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd kernel (security (read_policy)))
|
|
(allow adbd service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd property_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd sepolicy_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd config_gz (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd proc_net_tcp_udp (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd gpu_service (service_manager (find)))
|
|
(allow adbd surfaceflinger_service (service_manager (find)))
|
|
(allow adbd bootchart_data_file (dir (search)))
|
|
(allow adbd bootchart_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd storage_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd storage_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd mnt_user_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd mnt_user_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow adbd media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow adbd apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd perfetto (process (signal)))
|
|
(allow adbd perfetto_traces_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd perfetto_traces_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd perfetto_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow adbd perfetto_configs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow adbd shell (unix_stream_socket (read write shutdown)))
|
|
(allow adbd shell (fd (use)))
|
|
(allow adbd vendor_apex_file (dir (search)))
|
|
(allow adbd vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd apex_data_file (dir (search)))
|
|
(allow adbd staging_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow adbd tombstone_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow adbd tombstone_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 240 system/sepolicy/private/adbd.te
|
|
|
|
(neverallow adbd base_typeattr_616 (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 241 system/sepolicy/private/adbd.te
|
|
|
|
(neverallow adbd domain (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allow init apexd_exec (file (read getattr map execute open)))
|
|
(allow init apexd (process (transition)))
|
|
(allow apexd apexd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init apexd (process (noatsecure)))
|
|
(allow init apexd (process (siginh rlimitinh)))
|
|
(typetransition init apexd_exec process apexd)
|
|
(allow apexd apex_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow apexd apex_data_file (file (relabelfrom)))
|
|
(allow apexd metadata_file (dir (search)))
|
|
(allow apexd apex_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow apexd apex_ota_reserved_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_ota_reserved_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow apexd apex_data_file_type (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_data_file_type (file (ioctl read write create getattr setattr lock relabelto append map unlink rename open watch watch_reads)))
|
|
(allow apexd apex_module_data_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_module_data_file (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow apexd apex_rollback_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_rollback_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow apexd system_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd system_userdir_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow apexd loop_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx apexd loop_device (ioctl blk_file (0x1261)))
|
|
(allowx apexd loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c04 0x4c05) (range 0x4c08 0x4c0a))))
|
|
(allow apexd dev_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd dev_type (blk_file (getattr)))
|
|
(allow apexd vd_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow apexd dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow apexd self (capability (chown dac_override dac_read_search fowner sys_admin)))
|
|
(allow apexd self (cap_userns (chown dac_override dac_read_search fowner sys_admin)))
|
|
(dontaudit apexd self (capability (fsetid)))
|
|
(dontaudit apexd self (cap_userns (fsetid)))
|
|
(allow apexd apex_mnt_dir (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd apex_mnt_dir (filesystem (mount unmount)))
|
|
(allow apexd apex_mnt_dir (dir (mounton)))
|
|
(allow apexd apex_mnt_dir (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow apexd apex_mnt_dir (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename mounton open watch watch_reads)))
|
|
(allow apexd apex_info_file (file (relabelto)))
|
|
(allow apexd apex_info_file (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow apexd staging_data_file (file (unlink)))
|
|
(allow apexd staging_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd staging_data_file (file (ioctl read getattr lock map link open watch watch_reads)))
|
|
(allow apexd staging_data_file (file (relabelto)))
|
|
(allow apexd vendor_apex_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd vendor_apex_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd labeledfs (filesystem (mount unmount)))
|
|
(allow apexd sysfs_type (dir (search)))
|
|
(allow apexd sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd sysfs_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd sysfs_dm (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow apexd sysfs_loop (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd sysfs_loop (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow apexd kmsg_device (chr_file (write lock append map open)))
|
|
(allow apexd property_socket (sock_file (write)))
|
|
(allow apexd init (unix_stream_socket (connectto)))
|
|
(allow apexd powerctl_prop (property_service (set)))
|
|
(allow apexd powerctl_prop (file (read getattr map open)))
|
|
(allow apexd property_socket (sock_file (write)))
|
|
(allow apexd init (unix_stream_socket (connectto)))
|
|
(allow apexd ctl_apexd_prop (property_service (set)))
|
|
(allow apexd ctl_apexd_prop (file (read getattr map open)))
|
|
(allow apexd property_socket (sock_file (write)))
|
|
(allow apexd init (unix_stream_socket (connectto)))
|
|
(allow apexd ctl_apex_load_prop (property_service (set)))
|
|
(allow apexd ctl_apex_load_prop (file (read getattr map open)))
|
|
(allow apexd vold_service (service_manager (find)))
|
|
(allow apexd vold (binder (call transfer)))
|
|
(allow vold apexd (binder (transfer)))
|
|
(allow apexd vold (fd (use)))
|
|
(allow apexd system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow apexd system_bootstrap_lib_file (file (read getattr map execute open)))
|
|
(allow apexd devpts (chr_file (read write)))
|
|
(typetransition apexd devpts chr_file apexd_devpts)
|
|
(allow apexd apexd_devpts (chr_file (ioctl read write getattr open)))
|
|
(allowx apexd apexd_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
;;* lmx 141 system/sepolicy/private/apexd.te
|
|
|
|
(neverallowx base_typeattr_224 apexd_devpts (ioctl chr_file (0x5412)))
|
|
;;* lme
|
|
|
|
(allow apexd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allowx apexd staging_data_file (ioctl file (0x6601)))
|
|
(allowx apexd staging_data_file (ioctl file (0xf512)))
|
|
(allow apexd cold_boot_done_prop (file (read getattr map open)))
|
|
(allow apexd apexd_config_prop (file (read getattr map open)))
|
|
(allow apexd apexd_select_prop (file (read getattr map open)))
|
|
(allow apexd apexd_payload_metadata_prop (file (read getattr map open)))
|
|
;;* lmx 169 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_617 apex_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 170 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_617 apex_metadata_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 171 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_618 apex_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 172 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_618 apex_metadata_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 173 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_225 apex_mnt_dir (lnk_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 175 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_619 apex_module_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 176 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_619 apex_module_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 178 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_619 apex_rollback_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 179 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_619 apex_rollback_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow apexd property_socket (sock_file (write)))
|
|
(allow apexd init (unix_stream_socket (connectto)))
|
|
(allow apexd apexd_prop (property_service (set)))
|
|
(allow apexd apexd_prop (file (read getattr map open)))
|
|
;;* lmx 183 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_617 apexd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 186 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_225 apex_info_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 192 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_620 apex_mnt_dir (filesystem (mount unmount)))
|
|
;;* lme
|
|
|
|
;;* lmx 193 system/sepolicy/private/apexd.te
|
|
|
|
(neverallow base_typeattr_620 apex_mnt_dir (dir (mounton)))
|
|
;;* lme
|
|
|
|
(allow apexd otapreopt_chroot (fd (use)))
|
|
(allow apexd postinstall_apex_mnt_dir (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow apexd postinstall_apex_mnt_dir (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow apexd postinstall_apex_mnt_dir (lnk_file (create)))
|
|
(allow apexd proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow apexd derive_classpath_exec (file (read getattr map execute open)))
|
|
(allow apexd apexd_derive_classpath (process (transition)))
|
|
(allow apexd_derive_classpath derive_classpath_exec (file (read getattr map execute open entrypoint)))
|
|
(allow apexd_derive_classpath apexd (process (sigchld)))
|
|
(dontaudit apexd apexd_derive_classpath (process (noatsecure)))
|
|
(allow apexd apexd_derive_classpath (process (siginh rlimitinh)))
|
|
(typetransition apexd derive_classpath_exec process apexd_derive_classpath)
|
|
(allow apexd property_socket (sock_file (write)))
|
|
(allow apexd init (unix_stream_socket (connectto)))
|
|
(allow apexd apex_ready_prop (property_service (set)))
|
|
(allow apexd apex_ready_prop (file (read getattr map open)))
|
|
(allow apexd_derive_classpath apexd (fd (use)))
|
|
(allow apexd_derive_classpath apex_mnt_dir (file (write open)))
|
|
(allow apexd_derive_classpath apexd_devpts (chr_file (read write)))
|
|
(allow base_typeattr_621 proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_621 proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_621 proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain test_harness_prop (file (read getattr map open)))
|
|
(allow appdomain boot_status_prop (file (read getattr map open)))
|
|
(allow appdomain dalvik_config_prop_type (file (read getattr map open)))
|
|
(allow appdomain media_config_prop (file (read getattr map open)))
|
|
(allow appdomain packagemanager_config_prop (file (read getattr map open)))
|
|
(allow appdomain radio_control_prop (file (read getattr map open)))
|
|
(allow appdomain surfaceflinger_color_prop (file (read getattr map open)))
|
|
(allow appdomain systemsound_config_prop (file (read getattr map open)))
|
|
(allow appdomain telephony_config_prop (file (read getattr map open)))
|
|
(allow appdomain userspace_reboot_config_prop (file (read getattr map open)))
|
|
(allow appdomain vold_config_prop (file (read getattr map open)))
|
|
(allow appdomain adbd_config_prop (file (read getattr map open)))
|
|
(allow appdomain dck_prop (file (read getattr map open)))
|
|
(allow appdomain persist_wm_debug_prop (file (read getattr map open)))
|
|
(allow appdomain persist_sysui_builder_extras_prop (file (read getattr map open)))
|
|
(allow appdomain persist_sysui_ranking_update_prop (file (read getattr map open)))
|
|
(allow appdomain traced_oome_heap_session_count_prop (file (read getattr map open)))
|
|
(allow appdomain camera2_extensions_prop (file (read getattr map open)))
|
|
(allow appdomain camerax_extensions_prop (file (read getattr map open)))
|
|
(dontaudit appdomain storage_stub_file (dir (getattr)))
|
|
(dontaudit appdomain system_data_file (dir (write)))
|
|
(dontaudit appdomain vendor_default_prop (file (read)))
|
|
(allow base_typeattr_622 mnt_media_rw_file (dir (search)))
|
|
(allow appdomain system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
;;* lmx 89 system/sepolicy/private/app.te
|
|
|
|
(neverallow appdomain system_server (udp_socket (ioctl create setattr lock relabelfrom relabelto append bind listen accept shutdown name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 98 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_235 base_typeattr_623 (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 100 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_235 base_typeattr_233 (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 103 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_624 storage_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit appdomain system_font_fallback_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 107 system/sepolicy/private/app.te
|
|
|
|
(neverallow appdomain system_font_fallback_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow appdomain sendbug_config_prop (file (read getattr map open)))
|
|
(allow appdomain graphics_config_prop (file (read getattr map open)))
|
|
(allow appdomain camera_calibration_prop (file (read getattr map open)))
|
|
(allow appdomain sqlite_log_prop (file (read getattr map open)))
|
|
(allow appdomain font_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain font_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain apex_module_data_file (dir (search)))
|
|
(allow appdomain apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain apex_art_data_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow appdomain tombstone_data_file (file (read getattr)))
|
|
;;* lmx 137 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_235 tombstone_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow base_typeattr_625 shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow base_typeattr_625 toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow base_typeattr_625 vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_625 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_625 vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_625 vendor_app_file (file (execute)))
|
|
(allow base_typeattr_626 vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_626 vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain sdk_sandbox_all (binder (call transfer)))
|
|
(allow sdk_sandbox_all appdomain (binder (transfer)))
|
|
(allow appdomain sdk_sandbox_all (fd (use)))
|
|
(allow appdomain virtual_camera (binder (call transfer)))
|
|
(allow virtual_camera appdomain (binder (transfer)))
|
|
(allow appdomain virtual_camera (fd (use)))
|
|
(allow base_typeattr_626 storage_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 storage_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_626 mnt_user_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 mnt_user_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_626 sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow base_typeattr_626 fuse (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow base_typeattr_626 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow base_typeattr_626 fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow base_typeattr_626 media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow base_typeattr_626 media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow base_typeattr_626 usb_device (chr_file (ioctl read write getattr)))
|
|
(allow base_typeattr_626 usbaccessory_device (chr_file (read write getattr)))
|
|
(allow base_typeattr_625 logd_socket (sock_file (write)))
|
|
(allow base_typeattr_625 logd (unix_stream_socket (connectto)))
|
|
(allow base_typeattr_626 keystore (keystore2_key (delete get_info rebind update use)))
|
|
(allow base_typeattr_626 keystore_maintenance_service (service_manager (find)))
|
|
(allow keystore base_typeattr_626 (dir (search)))
|
|
(allow keystore base_typeattr_626 (file (read open)))
|
|
(allow keystore base_typeattr_626 (process (getattr)))
|
|
(allow base_typeattr_626 apc_service (service_manager (find)))
|
|
(allow base_typeattr_626 keystore_service (service_manager (find)))
|
|
(allow base_typeattr_626 legacykeystore_service (service_manager (find)))
|
|
(allow base_typeattr_626 keystore (binder (call transfer)))
|
|
(allow keystore base_typeattr_626 (binder (transfer)))
|
|
(allow base_typeattr_626 keystore (fd (use)))
|
|
(allow keystore base_typeattr_626 (binder (call transfer)))
|
|
(allow base_typeattr_626 keystore (binder (transfer)))
|
|
(allow keystore base_typeattr_626 (fd (use)))
|
|
(allow credstore base_typeattr_626 (dir (search)))
|
|
(allow credstore base_typeattr_626 (file (read open)))
|
|
(allow credstore base_typeattr_626 (process (getattr)))
|
|
(allow base_typeattr_626 credstore_service (service_manager (find)))
|
|
(allow base_typeattr_626 credstore (binder (call transfer)))
|
|
(allow credstore base_typeattr_626 (binder (transfer)))
|
|
(allow base_typeattr_626 credstore (fd (use)))
|
|
(allow credstore base_typeattr_626 (binder (call transfer)))
|
|
(allow base_typeattr_626 credstore (binder (transfer)))
|
|
(allow credstore base_typeattr_626 (fd (use)))
|
|
(allow base_typeattr_626 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_626 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow base_typeattr_626 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow base_typeattr_626 pdx_display_client_server_type (fd (use)))
|
|
(allow pdx_display_client_server_type base_typeattr_626 (fd (use)))
|
|
(allow base_typeattr_626 pdx_display_manager_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 pdx_display_manager_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_626 pdx_display_manager_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow base_typeattr_626 pdx_display_manager_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow base_typeattr_626 pdx_display_manager_server_type (fd (use)))
|
|
(allow pdx_display_manager_server_type base_typeattr_626 (fd (use)))
|
|
(allow base_typeattr_626 pdx_display_vsync_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 pdx_display_vsync_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_626 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow base_typeattr_626 pdx_display_vsync_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow base_typeattr_626 pdx_display_vsync_server_type (fd (use)))
|
|
(allow pdx_display_vsync_server_type base_typeattr_626 (fd (use)))
|
|
(allow base_typeattr_626 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_626 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_626 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow base_typeattr_626 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow base_typeattr_626 pdx_performance_client_server_type (fd (use)))
|
|
(allow pdx_performance_client_server_type base_typeattr_626 (fd (use)))
|
|
(allow base_typeattr_626 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow base_typeattr_626 pdx_bufferhub_client_server_type (fd (use)))
|
|
(allow pdx_bufferhub_client_server_type base_typeattr_626 (fd (use)))
|
|
(allow base_typeattr_626 tun_device (chr_file (ioctl read write getattr append)))
|
|
(allowx base_typeattr_626 tun_device (ioctl chr_file (0x54d2)))
|
|
(allow appdomain self (process (execmem)))
|
|
(allow appdomain ashmem_device (chr_file (execute)))
|
|
(allow appdomain ashmem_libcutils_device (chr_file (execute)))
|
|
(allow appdomain zygote (fd (use)))
|
|
(allow appdomain app_zygote (fd (use)))
|
|
(allow appdomain zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow appdomain zygote (process (sigchld)))
|
|
(allow appdomain dalvikcache_data_file (dir (getattr search)))
|
|
(allow appdomain dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_627 rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_627 tmpfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_622 tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain zygote (fifo_file (write)))
|
|
(allow appdomain shell (process (sigchld)))
|
|
(allow appdomain adbd (process (sigchld)))
|
|
(allow appdomain devpts (chr_file (ioctl read write getattr)))
|
|
(allow appdomain system_server (fd (use)))
|
|
(allow appdomain system_server (fifo_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow appdomain system_server (unix_stream_socket (read write getattr getopt setopt shutdown)))
|
|
(allow appdomain system_server (tcp_socket (read write getattr getopt shutdown)))
|
|
(allow appdomain vold (fd (use)))
|
|
(allow appdomain appdomain (fifo_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow appdomain surfaceflinger (unix_stream_socket (read write getattr getopt setopt shutdown)))
|
|
(allow base_typeattr_628 app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow base_typeattr_628 privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow base_typeattr_628 app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow base_typeattr_628 privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allowx base_typeattr_628 app_data_file (ioctl file (0x6686)))
|
|
(allowx base_typeattr_628 privapp_data_file (ioctl file (0x6686)))
|
|
(allow base_typeattr_627 app_data_file (file (read write getattr map)))
|
|
(allow base_typeattr_627 privapp_data_file (file (read write getattr map)))
|
|
(allow base_typeattr_627 system_app_data_file (file (read write getattr map)))
|
|
(allow appdomain sdk_sandbox_data_file (file (read getattr)))
|
|
(allow appdomain mnt_expand_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain keychain_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain keychain_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain keychain_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain misc_user_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain misc_user_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_382 textclassifier_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_382 textclassifier_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_382 textclassifier_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain oemfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain oemfs (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow appdomain system_file (file (getattr map execute execute_no_trans)))
|
|
(allow appdomain system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain system_file (lnk_file (read getattr open)))
|
|
(allow base_typeattr_382 vendor_file (dir (read open)))
|
|
(allow appdomain vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain vendor_framework_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain vendor_framework_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain vendor_framework_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain vendor_public_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain vendor_public_framework_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain vendor_public_lib_file (file (read getattr map execute open)))
|
|
(allow appdomain vendor_public_framework_file (file (read getattr map execute open)))
|
|
(allow appdomain wallpaper_file (file (read write getattr map)))
|
|
(allow appdomain ringtone_file (file (read write getattr map)))
|
|
(allow appdomain shortcut_manager_icons (file (read getattr map)))
|
|
(allow appdomain icon_file (file (read getattr map)))
|
|
(allow appdomain anr_data_file (dir (search)))
|
|
(allow appdomain anr_data_file (file (append open)))
|
|
(allow appdomain tombstoned_java_trace_socket (sock_file (write)))
|
|
(allow appdomain tombstoned (unix_stream_socket (connectto)))
|
|
(allow appdomain tombstoned (fd (use)))
|
|
(allow appdomain dumpstate (fifo_file (append)))
|
|
(allow appdomain incidentd (fifo_file (append)))
|
|
(allow appdomain dumpstate (fd (use)))
|
|
(allow appdomain dumpstate (unix_stream_socket (read write getattr getopt shutdown)))
|
|
(allow appdomain dumpstate (fifo_file (write getattr)))
|
|
(allow appdomain shell_data_file (file (write getattr)))
|
|
(allow appdomain incidentd (fd (use)))
|
|
(allow appdomain incidentd (fifo_file (write getattr)))
|
|
(allow appdomain statsdw_socket (sock_file (write)))
|
|
(allow appdomain statsd (unix_dgram_socket (sendto)))
|
|
(allow appdomain user_profile_root_file (dir (search)))
|
|
(allow appdomain user_profile_data_file (dir (write lock open add_name remove_name search)))
|
|
(allow appdomain user_profile_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow appdomain traced (fd (use)))
|
|
(allow appdomain traced_tmpfs (file (read write getattr map)))
|
|
(allow appdomain traced_producer_socket (sock_file (write)))
|
|
(allow appdomain traced (unix_stream_socket (connectto)))
|
|
(allow traced appdomain (fd (use)))
|
|
(allow base_typeattr_382 gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow base_typeattr_382 gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow base_typeattr_382 sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain servicemanager (binder (call transfer)))
|
|
(allow servicemanager appdomain (binder (call transfer)))
|
|
(allow servicemanager appdomain (dir (search)))
|
|
(allow servicemanager appdomain (file (read open)))
|
|
(allow servicemanager appdomain (process (getattr)))
|
|
(allow appdomain binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain appdomain (binder (transfer)))
|
|
(allow appdomain binderservicedomain (fd (use)))
|
|
(allow appdomain appdomain (binder (call transfer)))
|
|
(allow appdomain appdomain (binder (transfer)))
|
|
(allow appdomain appdomain (fd (use)))
|
|
(allow appdomain ephemeral_app (binder (call transfer)))
|
|
(allow ephemeral_app appdomain (binder (transfer)))
|
|
(allow appdomain ephemeral_app (fd (use)))
|
|
(allow base_typeattr_382 gpuservice (binder (call transfer)))
|
|
(allow gpuservice base_typeattr_382 (binder (transfer)))
|
|
(allow base_typeattr_382 gpuservice (fd (use)))
|
|
(allow appdomain hal_graphics_composer (fd (use)))
|
|
(allow appdomain appdomain (unix_stream_socket (read write getattr getopt shutdown)))
|
|
(allow appdomain backup_data_file (file (read write getattr map)))
|
|
(allow appdomain cache_backup_file (file (read write getattr map)))
|
|
(allow appdomain cache_backup_file (dir (getattr)))
|
|
(allow appdomain system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain system_data_file (file (read getattr map)))
|
|
(allow base_typeattr_627 media_rw_data_file (file (read getattr)))
|
|
(allow base_typeattr_382 radio_data_file (file (read write getattr)))
|
|
(allow appdomain dalvikcache_data_file (file (execute)))
|
|
(allow appdomain dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain shared_relro_file (dir (search)))
|
|
(allow appdomain shared_relro_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain apk_data_file (dir (ioctl read getattr lock open search)))
|
|
(allow appdomain apk_data_file (file (ioctl read getattr lock map execute open execute_no_trans)))
|
|
(allow appdomain resourcecache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain resourcecache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow appdomain logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow appdomain logdr_socket (sock_file (write)))
|
|
(allow appdomain logd (unix_stream_socket (connectto)))
|
|
(allow appdomain zygote (unix_dgram_socket (write)))
|
|
(allow appdomain console_device (chr_file (read write)))
|
|
(allowx base_typeattr_230 self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx base_typeattr_230 self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx base_typeattr_230 self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(allowx base_typeattr_230 self (ioctl tcp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx base_typeattr_230 self (ioctl udp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx base_typeattr_230 self (ioctl rawip_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
|
|
(allowx base_typeattr_230 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx base_typeattr_230 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allowx base_typeattr_230 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
|
|
(allow base_typeattr_382 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_382 dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_382 dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_382 hal_audio (fd (use)))
|
|
(allow base_typeattr_382 hal_camera (fd (use)))
|
|
(allow base_typeattr_382 hal_tv_tuner_server (fd (use)))
|
|
(allow base_typeattr_382 hal_renderscript_hwservice (hwservice_manager (find)))
|
|
(allow appdomain same_process_hal_file (file (read getattr map execute open)))
|
|
(allow appdomain proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow appdomain app_fuse_file (file (read write getattr append map)))
|
|
(allow appdomain runas_exec (file (getattr)))
|
|
(allow appdomain adbd (unix_stream_socket (connectto)))
|
|
(allow appdomain adbd (fd (use)))
|
|
(allow appdomain adbd (unix_stream_socket (ioctl read write getattr getopt shutdown)))
|
|
(allow appdomain cache_file (dir (getattr)))
|
|
(allow appdomain dropbox_data_file (file (read getattr)))
|
|
(allow appdomain audioserver_tmpfs (file (read write getattr map)))
|
|
(allow appdomain system_server_tmpfs (file (read write getattr map)))
|
|
(allow appdomain zygote_tmpfs (file (read map)))
|
|
;;* lmx 522 system/sepolicy/private/app.te
|
|
|
|
(neverallow isolated_app_all base_typeattr_629 (file (execute execute_no_trans)))
|
|
(neverallow bluetooth base_typeattr_629 (file (execute execute_no_trans)))
|
|
(neverallow nfc base_typeattr_629 (file (execute execute_no_trans)))
|
|
(neverallow radio base_typeattr_629 (file (execute execute_no_trans)))
|
|
(neverallow shared_relro base_typeattr_629 (file (execute execute_no_trans)))
|
|
(neverallow system_app base_typeattr_629 (file (execute execute_no_trans)))
|
|
(neverallow sdk_sandbox_all base_typeattr_629 (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 531 system/sepolicy/private/app.te
|
|
|
|
(neverallow appdomain audio_device (chr_file (read write)))
|
|
(neverallow appdomain camera_device (chr_file (read write)))
|
|
(neverallow appdomain dm_device (chr_file (read write)))
|
|
(neverallow appdomain radio_device (chr_file (read write)))
|
|
(neverallow appdomain rpmsg_device (chr_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 538 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_630 video_device (chr_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 550 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_631 apk_data_file (dir (watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 558 system/sepolicy/private/app.te
|
|
|
|
(neverallow base_typeattr_631 apk_data_file (file (watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 20 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow ephemeral_app kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_compute_app kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_30 kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_29 kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_27 kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_25 kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider_app kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 30 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all base_typeattr_632 (file (read)))
|
|
(neverallow isolated_app_all base_typeattr_632 (file (read)))
|
|
(neverallow ephemeral_app base_typeattr_632 (file (read)))
|
|
(neverallow isolated_app base_typeattr_632 (file (read)))
|
|
(neverallow isolated_compute_app base_typeattr_632 (file (read)))
|
|
(neverallow mediaprovider base_typeattr_632 (file (read)))
|
|
(neverallow untrusted_app base_typeattr_632 (file (read)))
|
|
(neverallow untrusted_app_30 base_typeattr_632 (file (read)))
|
|
(neverallow untrusted_app_29 base_typeattr_632 (file (read)))
|
|
(neverallow untrusted_app_27 base_typeattr_632 (file (read)))
|
|
(neverallow untrusted_app_25 base_typeattr_632 (file (read)))
|
|
(neverallow mediaprovider_app base_typeattr_632 (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 31 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all debugfs_type (file (read)))
|
|
(neverallow untrusted_app_all debugfs_type (lnk_file (read)))
|
|
(neverallow isolated_app_all debugfs_type (file (read)))
|
|
(neverallow isolated_app_all debugfs_type (lnk_file (read)))
|
|
(neverallow ephemeral_app debugfs_type (file (read)))
|
|
(neverallow ephemeral_app debugfs_type (lnk_file (read)))
|
|
(neverallow isolated_app debugfs_type (file (read)))
|
|
(neverallow isolated_app debugfs_type (lnk_file (read)))
|
|
(neverallow isolated_compute_app debugfs_type (file (read)))
|
|
(neverallow isolated_compute_app debugfs_type (lnk_file (read)))
|
|
(neverallow mediaprovider debugfs_type (file (read)))
|
|
(neverallow mediaprovider debugfs_type (lnk_file (read)))
|
|
(neverallow untrusted_app debugfs_type (file (read)))
|
|
(neverallow untrusted_app debugfs_type (lnk_file (read)))
|
|
(neverallow untrusted_app_30 debugfs_type (file (read)))
|
|
(neverallow untrusted_app_30 debugfs_type (lnk_file (read)))
|
|
(neverallow untrusted_app_29 debugfs_type (file (read)))
|
|
(neverallow untrusted_app_29 debugfs_type (lnk_file (read)))
|
|
(neverallow untrusted_app_27 debugfs_type (file (read)))
|
|
(neverallow untrusted_app_27 debugfs_type (lnk_file (read)))
|
|
(neverallow untrusted_app_25 debugfs_type (file (read)))
|
|
(neverallow untrusted_app_25 debugfs_type (lnk_file (read)))
|
|
(neverallow mediaprovider_app debugfs_type (file (read)))
|
|
(neverallow mediaprovider_app debugfs_type (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 36 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all service_manager_type (service_manager (add)))
|
|
(neverallow isolated_app_all service_manager_type (service_manager (add)))
|
|
(neverallow ephemeral_app service_manager_type (service_manager (add)))
|
|
(neverallow isolated_app service_manager_type (service_manager (add)))
|
|
(neverallow isolated_compute_app service_manager_type (service_manager (add)))
|
|
(neverallow mediaprovider service_manager_type (service_manager (add)))
|
|
(neverallow untrusted_app service_manager_type (service_manager (add)))
|
|
(neverallow untrusted_app_30 service_manager_type (service_manager (add)))
|
|
(neverallow untrusted_app_29 service_manager_type (service_manager (add)))
|
|
(neverallow untrusted_app_27 service_manager_type (service_manager (add)))
|
|
(neverallow untrusted_app_25 service_manager_type (service_manager (add)))
|
|
(neverallow mediaprovider_app service_manager_type (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 39 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow ephemeral_app vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_compute_app vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_30 vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_29 vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_27 vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_25 vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider_app vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 40 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow isolated_app_all vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow ephemeral_app vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow isolated_app vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow isolated_compute_app vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow mediaprovider vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow untrusted_app vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow untrusted_app_30 vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow untrusted_app_29 vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow untrusted_app_27 vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow untrusted_app_25 vndservice_manager_type (service_manager (add find list)))
|
|
(neverallow mediaprovider_app vndservice_manager_type (service_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 44 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_633 property_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_633 init (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 46 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_633 property_type (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 49 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all net_dns_prop (file (read)))
|
|
(neverallow isolated_app_all net_dns_prop (file (read)))
|
|
(neverallow ephemeral_app net_dns_prop (file (read)))
|
|
(neverallow isolated_app net_dns_prop (file (read)))
|
|
(neverallow isolated_compute_app net_dns_prop (file (read)))
|
|
(neverallow mediaprovider net_dns_prop (file (read)))
|
|
(neverallow untrusted_app net_dns_prop (file (read)))
|
|
(neverallow untrusted_app_30 net_dns_prop (file (read)))
|
|
(neverallow untrusted_app_29 net_dns_prop (file (read)))
|
|
(neverallow untrusted_app_27 net_dns_prop (file (read)))
|
|
(neverallow untrusted_app_25 net_dns_prop (file (read)))
|
|
(neverallow mediaprovider_app net_dns_prop (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 52 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all radio_cdma_ecm_prop (file (read)))
|
|
(neverallow isolated_app_all radio_cdma_ecm_prop (file (read)))
|
|
(neverallow ephemeral_app radio_cdma_ecm_prop (file (read)))
|
|
(neverallow isolated_app radio_cdma_ecm_prop (file (read)))
|
|
(neverallow isolated_compute_app radio_cdma_ecm_prop (file (read)))
|
|
(neverallow mediaprovider radio_cdma_ecm_prop (file (read)))
|
|
(neverallow untrusted_app radio_cdma_ecm_prop (file (read)))
|
|
(neverallow untrusted_app_30 radio_cdma_ecm_prop (file (read)))
|
|
(neverallow untrusted_app_29 radio_cdma_ecm_prop (file (read)))
|
|
(neverallow untrusted_app_27 radio_cdma_ecm_prop (file (read)))
|
|
(neverallow untrusted_app_25 radio_cdma_ecm_prop (file (read)))
|
|
(neverallow mediaprovider_app radio_cdma_ecm_prop (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 58 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow isolated_app_all app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow ephemeral_app app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow isolated_app app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow isolated_compute_app app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow mediaprovider app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow untrusted_app app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow untrusted_app_30 app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow untrusted_app_29 app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow untrusted_app_27 app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow untrusted_app_25 app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
(neverallow mediaprovider_app app_exec_data_file (file (write create setattr relabelfrom relabelto append link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_634 app_data_file (file (execute_no_trans)))
|
|
(neverallow base_typeattr_634 privapp_data_file (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 78 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_635 dex2oat_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 88 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all mlstrustedsubject (process (fork)))
|
|
(neverallow isolated_app_all mlstrustedsubject (process (fork)))
|
|
(neverallow ephemeral_app mlstrustedsubject (process (fork)))
|
|
(neverallow isolated_app mlstrustedsubject (process (fork)))
|
|
(neverallow isolated_compute_app mlstrustedsubject (process (fork)))
|
|
(neverallow mediaprovider mlstrustedsubject (process (fork)))
|
|
(neverallow untrusted_app mlstrustedsubject (process (fork)))
|
|
(neverallow untrusted_app_30 mlstrustedsubject (process (fork)))
|
|
(neverallow untrusted_app_29 mlstrustedsubject (process (fork)))
|
|
(neverallow untrusted_app_27 mlstrustedsubject (process (fork)))
|
|
(neverallow untrusted_app_25 mlstrustedsubject (process (fork)))
|
|
(neverallow mediaprovider_app mlstrustedsubject (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 96 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all file_type (file (link)))
|
|
(neverallow isolated_app_all file_type (file (link)))
|
|
(neverallow ephemeral_app file_type (file (link)))
|
|
(neverallow isolated_app file_type (file (link)))
|
|
(neverallow isolated_compute_app file_type (file (link)))
|
|
(neverallow mediaprovider file_type (file (link)))
|
|
(neverallow untrusted_app file_type (file (link)))
|
|
(neverallow untrusted_app_30 file_type (file (link)))
|
|
(neverallow untrusted_app_29 file_type (file (link)))
|
|
(neverallow untrusted_app_27 file_type (file (link)))
|
|
(neverallow untrusted_app_25 file_type (file (link)))
|
|
(neverallow mediaprovider_app file_type (file (link)))
|
|
;;* lme
|
|
|
|
;;* lmx 99 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow ephemeral_app sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_compute_app sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_30 sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_29 sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_27 sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_25 sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider_app sysfs_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 102 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow isolated_app_all sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow ephemeral_app sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow isolated_app sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow isolated_compute_app sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow mediaprovider sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow untrusted_app sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow untrusted_app_30 sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow untrusted_app_29 sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow untrusted_app_27 sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow untrusted_app_25 sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
(neverallow mediaprovider_app sysfs_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 105 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow ephemeral_app sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_compute_app sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_30 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_29 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_27 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_25 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider_app sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 109 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallowx untrusted_app_all domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_all domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_all domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_all domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app_all domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app_all domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app_all domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app_all domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx ephemeral_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx ephemeral_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx ephemeral_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx ephemeral_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_compute_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_compute_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_compute_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx isolated_compute_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_30 domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_30 domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_30 domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_30 domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_29 domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_29 domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_29 domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_29 domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_27 domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_27 domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_27 domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_27 domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_25 domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_25 domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_25 domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx untrusted_app_25 domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx mediaprovider_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 109 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallowx untrusted_app_all domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_all domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_all domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_all domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app_all domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app_all domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app_all domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app_all domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx ephemeral_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx ephemeral_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx ephemeral_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx ephemeral_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_compute_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_compute_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_compute_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx isolated_compute_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediaprovider_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 109 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallowx untrusted_app_all domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_all domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_all domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_all domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app_all domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app_all domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app_all domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app_all domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx ephemeral_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx ephemeral_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx ephemeral_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx ephemeral_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_compute_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_compute_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_compute_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx isolated_compute_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_30 domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_29 domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_27 domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx untrusted_app_25 domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediaprovider_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
;;* lmx 110 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
;;* lme
|
|
|
|
;;* lmx 123 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_all base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow isolated_app_all base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow ephemeral_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow isolated_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow mediaprovider base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow untrusted_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 128 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app_all base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow ephemeral_app base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_app base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 131 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow isolated_app_all domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow ephemeral_app domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow isolated_app domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow isolated_compute_app domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow mediaprovider domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow untrusted_app domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow untrusted_app_30 domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow untrusted_app_29 domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow untrusted_app_27 domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow untrusted_app_25 domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
(neverallow mediaprovider_app domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
;;* lme
|
|
|
|
;;* lmx 132 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow priv_app domain (netlink_route_socket (bind nlmsg_readpriv)))
|
|
;;* lme
|
|
|
|
;;* lmx 141 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_636 domain (netlink_route_socket (nlmsg_getneigh)))
|
|
;;* lme
|
|
|
|
;;* lmx 144 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_633 cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
(neverallow base_typeattr_633 cache_recovery_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 145 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_633 cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_633 cache_recovery_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 167 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_633 base_typeattr_637 (file (create unlink)))
|
|
(neverallow base_typeattr_633 base_typeattr_637 (dir (create unlink)))
|
|
(neverallow base_typeattr_633 base_typeattr_637 (lnk_file (create unlink)))
|
|
(neverallow base_typeattr_633 base_typeattr_637 (chr_file (create unlink)))
|
|
(neverallow base_typeattr_633 base_typeattr_637 (blk_file (create unlink)))
|
|
(neverallow base_typeattr_633 base_typeattr_637 (sock_file (create unlink)))
|
|
(neverallow base_typeattr_633 base_typeattr_637 (fifo_file (create unlink)))
|
|
;;* lme
|
|
|
|
;;* lmx 170 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_638 fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 173 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all tun_device (chr_file (open)))
|
|
(neverallow isolated_app_all tun_device (chr_file (open)))
|
|
(neverallow ephemeral_app tun_device (chr_file (open)))
|
|
(neverallow isolated_app tun_device (chr_file (open)))
|
|
(neverallow isolated_compute_app tun_device (chr_file (open)))
|
|
(neverallow mediaprovider tun_device (chr_file (open)))
|
|
(neverallow untrusted_app tun_device (chr_file (open)))
|
|
(neverallow untrusted_app_30 tun_device (chr_file (open)))
|
|
(neverallow untrusted_app_29 tun_device (chr_file (open)))
|
|
(neverallow untrusted_app_27 tun_device (chr_file (open)))
|
|
(neverallow untrusted_app_25 tun_device (chr_file (open)))
|
|
(neverallow mediaprovider_app tun_device (chr_file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 177 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallowx untrusted_app_all tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx isolated_app_all tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx ephemeral_app tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx isolated_app tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx isolated_compute_app tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx mediaprovider tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx untrusted_app tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx untrusted_app_30 tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx untrusted_app_29 tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx untrusted_app_27 tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx untrusted_app_25 tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
(neverallowx mediaprovider_app tun_device (ioctl chr_file ((range 0x0 0x53ff) (range 0x5500 0xffff))))
|
|
;;* lme
|
|
|
|
;;* lmx 177 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallowx untrusted_app_all tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx isolated_app_all tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx ephemeral_app tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx isolated_app tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx isolated_compute_app tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx mediaprovider tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx untrusted_app tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx untrusted_app_30 tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx untrusted_app_29 tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx untrusted_app_27 tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx untrusted_app_25 tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
(neverallowx mediaprovider_app tun_device (ioctl chr_file ((range 0x5400 0x544f) (range 0x5452 0x54d1) (range 0x54d3 0x54ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 180 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow ephemeral_app anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_compute_app anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_30 anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_29 anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_27 anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_25 anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider_app anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 181 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow isolated_app_all anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow ephemeral_app anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow isolated_app anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow isolated_compute_app anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow mediaprovider anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow untrusted_app anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow untrusted_app_30 anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow untrusted_app_29 anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow untrusted_app_27 anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow untrusted_app_25 anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow mediaprovider_app anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 199 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_all proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_asound (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_kmsg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_loadavg (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_mounts (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_pagetypeinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_slabinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_stat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_swaps (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_uptime (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 203 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_638 proc_filesystems (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 206 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app_all config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow ephemeral_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow isolated_compute_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_30 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_29 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_27 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow untrusted_app_25 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
(neverallow mediaprovider_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 209 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow ephemeral_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_compute_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_30 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_29 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_27 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_25 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 213 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all system_file (file (lock)))
|
|
(neverallow isolated_app_all system_file (file (lock)))
|
|
(neverallow ephemeral_app system_file (file (lock)))
|
|
(neverallow isolated_app system_file (file (lock)))
|
|
(neverallow isolated_compute_app system_file (file (lock)))
|
|
(neverallow mediaprovider system_file (file (lock)))
|
|
(neverallow untrusted_app system_file (file (lock)))
|
|
(neverallow untrusted_app_30 system_file (file (lock)))
|
|
(neverallow untrusted_app_29 system_file (file (lock)))
|
|
(neverallow untrusted_app_27 system_file (file (lock)))
|
|
(neverallow untrusted_app_25 system_file (file (lock)))
|
|
(neverallow mediaprovider_app system_file (file (lock)))
|
|
;;* lme
|
|
|
|
;;* lmx 217 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow isolated_app_all base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow ephemeral_app base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow isolated_app base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow isolated_compute_app base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow mediaprovider base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow untrusted_app base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow untrusted_app_30 base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow untrusted_app_29 base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow untrusted_app_27 base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow untrusted_app_25 base_typeattr_224 (hwservice_manager (add list)))
|
|
(neverallow mediaprovider_app base_typeattr_224 (hwservice_manager (add list)))
|
|
;;* lme
|
|
|
|
;;* lmx 232 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all protected_hwservice (hwservice_manager (find)))
|
|
(neverallow isolated_app_all protected_hwservice (hwservice_manager (find)))
|
|
(neverallow ephemeral_app protected_hwservice (hwservice_manager (find)))
|
|
(neverallow isolated_app protected_hwservice (hwservice_manager (find)))
|
|
(neverallow isolated_compute_app protected_hwservice (hwservice_manager (find)))
|
|
(neverallow mediaprovider protected_hwservice (hwservice_manager (find)))
|
|
(neverallow untrusted_app protected_hwservice (hwservice_manager (find)))
|
|
(neverallow untrusted_app_30 protected_hwservice (hwservice_manager (find)))
|
|
(neverallow untrusted_app_29 protected_hwservice (hwservice_manager (find)))
|
|
(neverallow untrusted_app_27 protected_hwservice (hwservice_manager (find)))
|
|
(neverallow untrusted_app_25 protected_hwservice (hwservice_manager (find)))
|
|
(neverallow mediaprovider_app protected_hwservice (hwservice_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 233 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all protected_service (service_manager (find)))
|
|
(neverallow isolated_app_all protected_service (service_manager (find)))
|
|
(neverallow ephemeral_app protected_service (service_manager (find)))
|
|
(neverallow isolated_app protected_service (service_manager (find)))
|
|
(neverallow isolated_compute_app protected_service (service_manager (find)))
|
|
(neverallow mediaprovider protected_service (service_manager (find)))
|
|
(neverallow untrusted_app protected_service (service_manager (find)))
|
|
(neverallow untrusted_app_30 protected_service (service_manager (find)))
|
|
(neverallow untrusted_app_29 protected_service (service_manager (find)))
|
|
(neverallow untrusted_app_27 protected_service (service_manager (find)))
|
|
(neverallow untrusted_app_25 protected_service (service_manager (find)))
|
|
(neverallow mediaprovider_app protected_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 236 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow ephemeral_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_compute_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_30 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_29 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_27 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_25 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 243 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_639 proc_tty_drivers (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 244 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow ephemeral_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow isolated_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow isolated_compute_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_30 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_29 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_27 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_25 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 247 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow ephemeral_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_compute_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_30 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_29 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_27 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_25 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 248 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow ephemeral_app cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_compute_app cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_30 cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_29 cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_27 cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_25 cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider_app cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 256 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_635 mnt_sdcard_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 259 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all incident_service (service_manager (find)))
|
|
(neverallow isolated_app_all incident_service (service_manager (find)))
|
|
(neverallow ephemeral_app incident_service (service_manager (find)))
|
|
(neverallow isolated_app incident_service (service_manager (find)))
|
|
(neverallow isolated_compute_app incident_service (service_manager (find)))
|
|
(neverallow mediaprovider incident_service (service_manager (find)))
|
|
(neverallow untrusted_app incident_service (service_manager (find)))
|
|
(neverallow untrusted_app_30 incident_service (service_manager (find)))
|
|
(neverallow untrusted_app_29 incident_service (service_manager (find)))
|
|
(neverallow untrusted_app_27 incident_service (service_manager (find)))
|
|
(neverallow untrusted_app_25 incident_service (service_manager (find)))
|
|
(neverallow mediaprovider_app incident_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 262 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all stats_service (service_manager (find)))
|
|
(neverallow isolated_app_all stats_service (service_manager (find)))
|
|
(neverallow ephemeral_app stats_service (service_manager (find)))
|
|
(neverallow isolated_app stats_service (service_manager (find)))
|
|
(neverallow isolated_compute_app stats_service (service_manager (find)))
|
|
(neverallow mediaprovider stats_service (service_manager (find)))
|
|
(neverallow untrusted_app stats_service (service_manager (find)))
|
|
(neverallow untrusted_app_30 stats_service (service_manager (find)))
|
|
(neverallow untrusted_app_29 stats_service (service_manager (find)))
|
|
(neverallow untrusted_app_27 stats_service (service_manager (find)))
|
|
(neverallow untrusted_app_25 stats_service (service_manager (find)))
|
|
(neverallow mediaprovider_app stats_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 272 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_640 userdebug_or_eng_prop (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 286 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_641 mdnsd_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 294 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow base_typeattr_641 mdnsd (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 300 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow ephemeral_app domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_compute_app domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_30 domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_29 domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_27 domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow untrusted_app_25 domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow mediaprovider_app domain (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 303 system/sepolicy/private/app_neverallows.te
|
|
|
|
(neverallow untrusted_app_all hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow ephemeral_app hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_compute_app hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_30 hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_29 hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_27 hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow untrusted_app_25 hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow mediaprovider_app hidraw_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(typetransition app_zygote tmpfs file app_zygote_tmpfs)
|
|
(allow app_zygote app_zygote_tmpfs (file (read write getattr map)))
|
|
(allow app_zygote self (capability (setgid setuid)))
|
|
(allow app_zygote self (cap_userns (setgid setuid)))
|
|
(allow app_zygote self (capability (setpcap)))
|
|
(allow app_zygote self (cap_userns (setpcap)))
|
|
(allow app_zygote self (process (setcurrent)))
|
|
(allow app_zygote isolated_app (process (dyntransition)))
|
|
(allow app_zygote self (process (execmem)))
|
|
(allow app_zygote app_zygote_tmpfs (file (execute)))
|
|
(allow app_zygote debugfs_trace_marker (file (getattr)))
|
|
(allow app_zygote system_server (process (getpgid)))
|
|
(allow app_zygote isolated_app (process (setpgid)))
|
|
(dontaudit app_zygote mnt_expand_file (dir (getattr)))
|
|
(allow app_zygote seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow app_zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote selinuxfs (file (write lock append map open)))
|
|
(allow app_zygote kernel (security (check_context)))
|
|
(allow app_zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow app_zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote selinuxfs (file (write lock append map open)))
|
|
(allow app_zygote kernel (security (compute_av)))
|
|
(allow app_zygote self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow app_zygote zygote_tmpfs (file (read getattr)))
|
|
(allow app_zygote zygote (fd (use)))
|
|
(allow app_zygote zygote (process (sigchld)))
|
|
(allow app_zygote dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow app_zygote dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote dalvikcache_data_file (file (execute)))
|
|
(allow app_zygote app_zygote_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su app_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 63 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow base_typeattr_642 app_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow app_zygote apex_module_data_file (dir (search)))
|
|
(allow app_zygote apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow app_zygote apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote apex_art_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow app_zygote apk_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow app_zygote oemfs (dir (search)))
|
|
(allow app_zygote vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow app_zygote vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote vendor_apex_metadata_file (dir (getattr search)))
|
|
(allow app_zygote system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote system_data_file (file (read getattr map)))
|
|
(allow app_zygote system_unsolzygote_socket (sock_file (write)))
|
|
(allow app_zygote system_server (unix_dgram_socket (sendto)))
|
|
(allow app_zygote device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow app_zygote device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow app_zygote odsign_prop (file (read getattr map open)))
|
|
(allow app_zygote resourcecache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow app_zygote resourcecache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
;;* lmx 105 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_643 (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 108 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_644 (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 112 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_224 (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 116 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow base_typeattr_645 app_zygote (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 119 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote property_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 120 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote property_type (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 123 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote app_data_file_type (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 129 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_646 (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 132 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 135 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 136 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 152 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
(neverallow app_zygote domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow app_zygote domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow app_zygote domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv nlmsg_getneigh)))
|
|
(neverallow app_zygote domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow app_zygote domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow app_zygote domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow app_zygote domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow app_zygote domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow app_zygote domain (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow app_zygote domain (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow app_zygote domain (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 163 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_647 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 170 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_648 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 173 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote base_typeattr_224 (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 182 system/sepolicy/private/app_zygote.te
|
|
|
|
(neverallow app_zygote bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow app_zygote bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow app_zygote bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow app_zygote exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lme
|
|
|
|
(allow init art_boot_exec (file (read getattr map execute open)))
|
|
(allow init art_boot (process (transition)))
|
|
(allow art_boot art_boot_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init art_boot (process (noatsecure)))
|
|
(allow init art_boot (process (siginh rlimitinh)))
|
|
(typetransition init art_boot_exec process art_boot)
|
|
(allow art_boot device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow art_boot device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow art_boot property_socket (sock_file (write)))
|
|
(allow art_boot init (unix_stream_socket (connectto)))
|
|
(allow art_boot dalvik_config_prop_type (property_service (set)))
|
|
(allow art_boot dalvik_config_prop_type (file (read getattr map open)))
|
|
(allow artd servicemanager (binder (call transfer)))
|
|
(allow servicemanager artd (binder (call transfer)))
|
|
(allow servicemanager artd (dir (search)))
|
|
(allow servicemanager artd (file (read open)))
|
|
(allow servicemanager artd (process (getattr)))
|
|
(allow artd artd_service (service_manager (add find)))
|
|
;;* lmx 9 system/sepolicy/private/artd.te
|
|
|
|
(neverallow base_typeattr_649 artd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow artd artd_pre_reboot_service (service_manager (add find)))
|
|
;;* lmx 10 system/sepolicy/private/artd.te
|
|
|
|
(neverallow base_typeattr_649 artd_pre_reboot_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow artd dumpstate (fifo_file (write getattr)))
|
|
(allow artd dumpstate (fd (use)))
|
|
(allow init artd_exec (file (read getattr map execute open)))
|
|
(allow init artd (process (transition)))
|
|
(allow artd artd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init artd (process (noatsecure)))
|
|
(allow init artd (process (siginh rlimitinh)))
|
|
(typetransition init artd_exec process artd)
|
|
(allow artd device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow artd device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow artd odsign_prop (file (read getattr map open)))
|
|
(typetransition artd tmpfs file artd_tmpfs)
|
|
(allow artd artd_tmpfs (file (read write getattr map)))
|
|
(allow artd artd_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su artd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 32 system/sepolicy/private/artd.te
|
|
|
|
(neverallow base_typeattr_649 artd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow artd mnt_expand_file (dir (getattr search)))
|
|
(allow artd apk_data_file (dir (ioctl read write create getattr setattr lock relabelfrom open watch watch_reads add_name remove_name search)))
|
|
(allow artd apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd oemfs (dir (getattr search)))
|
|
(allow artd vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd vendor_apex_metadata_file (dir (getattr search)))
|
|
(allow artd vendor_framework_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd vendor_framework_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd vendor_framework_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd dalvikcache_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow artd dalvikcache_data_file (file (ioctl read write create getattr setattr lock relabelto append map unlink rename open watch watch_reads)))
|
|
(allow artd apex_module_data_file (dir (getattr search)))
|
|
(allow artd apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd apex_art_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd self (capability (chown dac_override dac_read_search fowner)))
|
|
(allow artd self (cap_userns (chown dac_override dac_read_search fowner)))
|
|
(allow artd user_profile_root_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd user_profile_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow artd user_profile_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow artd app_data_file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow artd app_data_file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open watch watch_reads)))
|
|
(allow artd privapp_data_file (lnk_file (read getattr)))
|
|
(allow artd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd selinuxfs (file (write lock append map open)))
|
|
(allow artd kernel (security (check_context)))
|
|
(allow artd rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd system_data_root_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd mnt_expand_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd system_userdir_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd system_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
;;* lmx 127 system/sepolicy/private/artd.te
|
|
|
|
(neverallow artd base_typeattr_650 (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow artd art_exec_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow artd profman_exec (file (read getattr map execute open)))
|
|
(allow artd profman (process (transition)))
|
|
(allow profman profman_exec (file (read getattr map execute open entrypoint)))
|
|
(allow profman artd (process (sigchld)))
|
|
(dontaudit artd profman (process (noatsecure)))
|
|
(allow artd profman (process (siginh rlimitinh)))
|
|
(typetransition artd profman_exec process profman)
|
|
(allow artd dex2oat_exec (file (read getattr map execute open)))
|
|
(allow artd dex2oat (process (transition)))
|
|
(allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dex2oat artd (process (sigchld)))
|
|
(dontaudit artd dex2oat (process (noatsecure)))
|
|
(allow artd dex2oat (process (siginh rlimitinh)))
|
|
(typetransition artd dex2oat_exec process dex2oat)
|
|
(allow artd profman (process (sigkill)))
|
|
(allow artd dex2oat (process (sigkill)))
|
|
(allow artd profman (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd profman (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd profman (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd dex2oat (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow artd dex2oat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd dex2oat (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow artd artd_tmpfs (file (open)))
|
|
(allow atrace boottrace_data_file (dir (search)))
|
|
(allow atrace boottrace_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow atrace debugfs_tracing (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow atrace debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow atrace debugfs_trace_marker (file (getattr)))
|
|
(allow atrace traced_probes (fd (use)))
|
|
(allow atrace traced_probes (fifo_file (write getattr)))
|
|
(allow atrace property_socket (sock_file (write)))
|
|
(allow atrace init (unix_stream_socket (connectto)))
|
|
(allow atrace debug_prop (property_service (set)))
|
|
(allow atrace debug_prop (file (read getattr map open)))
|
|
(allow atrace base_typeattr_651 (service_manager (find)))
|
|
(allow atrace servicemanager (service_manager (list)))
|
|
(allow atrace servicemanager (binder (call transfer)))
|
|
(allow servicemanager atrace (binder (call transfer)))
|
|
(allow servicemanager atrace (dir (search)))
|
|
(allow servicemanager atrace (file (read open)))
|
|
(allow servicemanager atrace (process (getattr)))
|
|
(allow atrace surfaceflinger (binder (call)))
|
|
(allow atrace system_server (binder (call)))
|
|
(allow atrace cameraserver (binder (call)))
|
|
(dontaudit atrace hwservice_manager_type (hwservice_manager (find)))
|
|
(dontaudit atrace service_manager_type (service_manager (find)))
|
|
(dontaudit atrace domain (binder (call)))
|
|
(allow atrace hwservicemanager_prop (file (read getattr map open)))
|
|
(dontaudit atrace debugfs_tracing_debug (file (audit_access)))
|
|
(allow init audioserver_exec (file (read getattr map execute open)))
|
|
(allow init audioserver (process (transition)))
|
|
(allow audioserver audioserver_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init audioserver (process (noatsecure)))
|
|
(allow init audioserver (process (siginh rlimitinh)))
|
|
(typetransition init audioserver_exec process audioserver)
|
|
(typetransition audioserver tmpfs file audioserver_tmpfs)
|
|
(allow audioserver audioserver_tmpfs (file (read write getattr map)))
|
|
(allow audioserver sdcard_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow audioserver sdcard_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow audioserver sdcard_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow audioserver fuse (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow audioserver fuse (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow audioserver fuse (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow audioserver servicemanager (binder (call transfer)))
|
|
(allow servicemanager audioserver (binder (call transfer)))
|
|
(allow servicemanager audioserver (dir (search)))
|
|
(allow servicemanager audioserver (file (read open)))
|
|
(allow servicemanager audioserver (process (getattr)))
|
|
(allow audioserver binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain audioserver (binder (transfer)))
|
|
(allow audioserver binderservicedomain (fd (use)))
|
|
(allow audioserver appdomain (binder (call transfer)))
|
|
(allow appdomain audioserver (binder (transfer)))
|
|
(allow audioserver appdomain (fd (use)))
|
|
(allow audioserver system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow audioserver system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow audioserver system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow audioserver audioserver_service (service_manager (add find)))
|
|
;;* lmx 33 system/sepolicy/private/audioserver.te
|
|
|
|
(neverallow base_typeattr_652 audioserver_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow audioserver activity_service (service_manager (find)))
|
|
(allow audioserver appops_service (service_manager (find)))
|
|
(allow audioserver batterystats_service (service_manager (find)))
|
|
(allow audioserver external_vibrator_service (service_manager (find)))
|
|
(allow audioserver package_native_service (service_manager (find)))
|
|
(allow audioserver permission_service (service_manager (find)))
|
|
(allow audioserver permission_checker_service (service_manager (find)))
|
|
(allow audioserver power_service (service_manager (find)))
|
|
(allow audioserver scheduling_policy_service (service_manager (find)))
|
|
(allow audioserver mediametrics_service (service_manager (find)))
|
|
(allow audioserver sensor_privacy_service (service_manager (find)))
|
|
(allow audioserver soundtrigger_middleware_service (service_manager (find)))
|
|
(allow audioserver audio_service (service_manager (find)))
|
|
(allow audioserver property_socket (sock_file (write)))
|
|
(allow audioserver init (unix_stream_socket (connectto)))
|
|
(allow audioserver bluetooth_a2dp_offload_prop (property_service (set)))
|
|
(allow audioserver bluetooth_a2dp_offload_prop (file (read getattr map open)))
|
|
(allow audioserver property_socket (sock_file (write)))
|
|
(allow audioserver init (unix_stream_socket (connectto)))
|
|
(allow audioserver bluetooth_audio_hal_prop (property_service (set)))
|
|
(allow audioserver bluetooth_audio_hal_prop (file (read getattr map open)))
|
|
(allow audioserver property_socket (sock_file (write)))
|
|
(allow audioserver init (unix_stream_socket (connectto)))
|
|
(allow audioserver bluetooth_prop (property_service (set)))
|
|
(allow audioserver bluetooth_prop (file (read getattr map open)))
|
|
(allow audioserver property_socket (sock_file (write)))
|
|
(allow audioserver init (unix_stream_socket (connectto)))
|
|
(allow audioserver exported_bluetooth_prop (property_service (set)))
|
|
(allow audioserver exported_bluetooth_prop (file (read getattr map open)))
|
|
(allow audioserver audio_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow audioserver audio_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow audioserver audio_device (chr_file (read write)))
|
|
(allow audioserver bluetooth_socket (sock_file (write)))
|
|
(allow audioserver bluetooth (unix_stream_socket (connectto)))
|
|
(allow audioserver adbd (fd (use)))
|
|
(allow audioserver adbd (unix_stream_socket (read write)))
|
|
(allow audioserver shell (fifo_file (read write)))
|
|
(allow audioserver property_socket (sock_file (write)))
|
|
(allow audioserver init (unix_stream_socket (connectto)))
|
|
(allow audioserver log_tag_prop (property_service (set)))
|
|
(allow audioserver log_tag_prop (file (read getattr map open)))
|
|
;;* lmx 88 system/sepolicy/private/audioserver.te
|
|
|
|
(neverallow audioserver fs_type (file (execute_no_trans)))
|
|
(neverallow audioserver file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 100 system/sepolicy/private/audioserver.te
|
|
|
|
(neverallow audioserver domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow audioserver domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 101 system/sepolicy/private/audioserver.te
|
|
|
|
(neverallow audioserver domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
(allow audioserver sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow audioserver self (capability2 (block_suspend)))
|
|
(allow audioserver self (cap2_userns (block_suspend)))
|
|
(allow audioserver system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server audioserver (binder (transfer)))
|
|
(allow audioserver system_suspend_server (fd (use)))
|
|
(allow audioserver system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow audioserver hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager audioserver (binder (call transfer)))
|
|
(allow hwservicemanager audioserver (dir (search)))
|
|
(allow hwservicemanager audioserver (file (read map open)))
|
|
(allow hwservicemanager audioserver (process (getattr)))
|
|
(allow audioserver hwservicemanager_prop (file (read getattr map open)))
|
|
(allow audioserver hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow audioserver hal_system_suspend_service (service_manager (find)))
|
|
(allow audioserver servicemanager (binder (call transfer)))
|
|
(allow servicemanager audioserver (binder (call transfer)))
|
|
(allow servicemanager audioserver (dir (search)))
|
|
(allow servicemanager audioserver (file (read open)))
|
|
(allow servicemanager audioserver (process (getattr)))
|
|
(allow audioserver audio_config_prop (file (read getattr map open)))
|
|
(allow audioserver system_audio_config_prop (file (read getattr map open)))
|
|
(allow init auditctl_exec (file (read getattr map execute open)))
|
|
(allow init auditctl (process (transition)))
|
|
(allow auditctl auditctl_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init auditctl (process (noatsecure)))
|
|
(allow init auditctl (process (siginh rlimitinh)))
|
|
(typetransition init auditctl_exec process auditctl)
|
|
(allow auditctl self (capability (audit_control)))
|
|
(allow auditctl self (cap_userns (audit_control)))
|
|
(allow auditctl self (netlink_audit_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_write)))
|
|
(allow automotive_display_service fwk_automotive_display_hwservice (hwservice_manager (add find)))
|
|
(allow automotive_display_service hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 8 system/sepolicy/private/automotive_display_service.te
|
|
|
|
(neverallow base_typeattr_653 fwk_automotive_display_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow init automotive_display_service_exec (file (read getattr map execute open)))
|
|
(allow init automotive_display_service (process (transition)))
|
|
(allow automotive_display_service automotive_display_service_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init automotive_display_service (process (noatsecure)))
|
|
(allow init automotive_display_service (process (siginh rlimitinh)))
|
|
(typetransition init automotive_display_service_exec process automotive_display_service)
|
|
(allow automotive_display_service servicemanager (binder (call transfer)))
|
|
(allow servicemanager automotive_display_service (binder (call transfer)))
|
|
(allow servicemanager automotive_display_service (dir (search)))
|
|
(allow servicemanager automotive_display_service (file (read open)))
|
|
(allow servicemanager automotive_display_service (process (getattr)))
|
|
(allow automotive_display_service hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager automotive_display_service (binder (call transfer)))
|
|
(allow hwservicemanager automotive_display_service (dir (search)))
|
|
(allow hwservicemanager automotive_display_service (file (read map open)))
|
|
(allow hwservicemanager automotive_display_service (process (getattr)))
|
|
(allow automotive_display_service hwservicemanager_prop (file (read getattr map open)))
|
|
(allow automotive_display_service surfaceflinger_service (service_manager (find)))
|
|
(allow automotive_display_service surfaceflinger (binder (call transfer)))
|
|
(allow surfaceflinger automotive_display_service (binder (transfer)))
|
|
(allow automotive_display_service surfaceflinger (fd (use)))
|
|
(allow automotive_display_service hal_graphics_mapper_hwservice (hwservice_manager (find)))
|
|
(allow automotive_display_service hidl_token_hwservice (hwservice_manager (find)))
|
|
(allow automotive_display_service gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow automotive_display_service gpu_device (dir (search)))
|
|
(allow automotive_display_service fwk_automotive_display_service (service_manager (add find)))
|
|
;;* lmx 41 system/sepolicy/private/automotive_display_service.te
|
|
|
|
(neverallow base_typeattr_653 fwk_automotive_display_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow automotive_display_service hal_evs (binder (call transfer)))
|
|
(allow hal_evs automotive_display_service (binder (transfer)))
|
|
(allow automotive_display_service hal_evs (fd (use)))
|
|
(allow binderservicedomain dumpstate (fd (use)))
|
|
(allow binderservicedomain incidentd (fd (use)))
|
|
(allow binderservicedomain dumpstate (unix_stream_socket (read write getattr getopt)))
|
|
(allow binderservicedomain incidentd (unix_stream_socket (read write getattr getopt)))
|
|
(allow binderservicedomain dumpstate (fifo_file (write getattr)))
|
|
(allow binderservicedomain incidentd (fifo_file (write getattr)))
|
|
(allow binderservicedomain shell_data_file (file (write getattr)))
|
|
(allow binderservicedomain devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow binderservicedomain console_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow binderservicedomain appdomain (fd (use)))
|
|
(allow binderservicedomain appdomain (fifo_file (write)))
|
|
(allow binderservicedomain permission_service (service_manager (find)))
|
|
(allow binderservicedomain keystore (keystore2_key (delete get_info rebind use)))
|
|
(allow keystore binderservicedomain (dir (search)))
|
|
(allow keystore binderservicedomain (file (read open)))
|
|
(allow keystore binderservicedomain (process (getattr)))
|
|
(allow binderservicedomain apc_service (service_manager (find)))
|
|
(allow binderservicedomain keystore_service (service_manager (find)))
|
|
(allow binderservicedomain legacykeystore_service (service_manager (find)))
|
|
(allow binderservicedomain keystore (binder (call transfer)))
|
|
(allow keystore binderservicedomain (binder (transfer)))
|
|
(allow binderservicedomain keystore (fd (use)))
|
|
(allow keystore binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain keystore (binder (transfer)))
|
|
(allow keystore binderservicedomain (fd (use)))
|
|
(allow binderservicedomain apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow binderservicedomain apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow binderservicedomain vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow binderservicedomain vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow binderservicedomain vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init blank_screen_exec (file (read getattr map execute open)))
|
|
(allow init blank_screen (process (transition)))
|
|
(allow blank_screen blank_screen_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init blank_screen (process (noatsecure)))
|
|
(allow init blank_screen (process (siginh rlimitinh)))
|
|
(typetransition init blank_screen_exec process blank_screen)
|
|
(allow blkid block_device (dir (search)))
|
|
(allow blkid userdata_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow blkid dm_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow blkid vold (fd (use)))
|
|
(allow blkid vold (fifo_file (read write getattr)))
|
|
(allow blkid blkid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
;;* lmx 21 system/sepolicy/private/blkid.te
|
|
|
|
(neverallow base_typeattr_339 blkid (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 22 system/sepolicy/private/blkid.te
|
|
|
|
(neverallow base_typeattr_224 blkid (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/private/blkid.te
|
|
|
|
(neverallow blkid base_typeattr_654 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(allow blkid_untrusted block_device (dir (search)))
|
|
(allow blkid_untrusted vold_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow blkid_untrusted vold (fd (use)))
|
|
(allow blkid_untrusted vold (fifo_file (read write getattr)))
|
|
(allow blkid_untrusted blkid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
;;* lmx 33 system/sepolicy/private/blkid_untrusted.te
|
|
|
|
(neverallow blkid_untrusted dm_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted root_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted system_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted recovery_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted boot_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted userdata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted cache_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted swap_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow blkid_untrusted metadata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 36 system/sepolicy/private/blkid_untrusted.te
|
|
|
|
(neverallow base_typeattr_339 blkid_untrusted (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 37 system/sepolicy/private/blkid_untrusted.te
|
|
|
|
(neverallow base_typeattr_224 blkid_untrusted (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 38 system/sepolicy/private/blkid_untrusted.te
|
|
|
|
(neverallow blkid_untrusted base_typeattr_654 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(typetransition bluetooth tmpfs file appdomain_tmpfs)
|
|
(allow bluetooth bluetooth_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su bluetooth_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 5 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow base_typeattr_655 bluetooth_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow bluetooth appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 5 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow base_typeattr_656 base_typeattr_655 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow base_typeattr_657 bluetooth (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow base_typeattr_658 bluetooth (process (ptrace)))
|
|
;;* lme
|
|
|
|
(typetransition bluetooth bluetooth_data_file sock_file bluetooth_socket)
|
|
(allowx bluetooth self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx bluetooth self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx bluetooth self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow bluetooth sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bluetooth self (capability2 (block_suspend)))
|
|
(allow bluetooth self (cap2_userns (block_suspend)))
|
|
(allow bluetooth system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server bluetooth (binder (transfer)))
|
|
(allow bluetooth system_suspend_server (fd (use)))
|
|
(allow bluetooth system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow bluetooth hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager bluetooth (binder (call transfer)))
|
|
(allow hwservicemanager bluetooth (dir (search)))
|
|
(allow hwservicemanager bluetooth (file (read map open)))
|
|
(allow hwservicemanager bluetooth (process (getattr)))
|
|
(allow bluetooth hwservicemanager_prop (file (read getattr map open)))
|
|
(allow bluetooth hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow bluetooth hal_system_suspend_service (service_manager (find)))
|
|
(allow bluetooth servicemanager (binder (call transfer)))
|
|
(allow servicemanager bluetooth (binder (call transfer)))
|
|
(allow servicemanager bluetooth (dir (search)))
|
|
(allow servicemanager bluetooth (file (read open)))
|
|
(allow servicemanager bluetooth (process (getattr)))
|
|
(allow bluetooth bluetooth_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow bluetooth bluetooth_data_file (file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow bluetooth bluetooth_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow bluetooth bluetooth_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow bluetooth bluetooth_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow bluetooth bluetooth_logs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow bluetooth bluetooth_logs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow bluetooth bluetooth_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow bluetooth self (capability (net_admin)))
|
|
(allow bluetooth self (cap_userns (net_admin)))
|
|
(allow bluetooth self (capability2 (wake_alarm)))
|
|
(allow bluetooth self (cap2_userns (wake_alarm)))
|
|
(allow bluetooth self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow bluetooth self (capability (net_bind_service net_admin net_raw)))
|
|
(allow bluetooth self (cap_userns (net_bind_service net_admin net_raw)))
|
|
(allow bluetooth self (tun_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow bluetooth tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx bluetooth tun_device (ioctl chr_file (0x54ca 0x54d2)))
|
|
(allow bluetooth efs_file (dir (search)))
|
|
(allow bluetooth uhid_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bluetooth gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bluetooth gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bluetooth proc_bluetooth_writable (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow bluetooth proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bluetooth incremental_prop (file (read getattr map open)))
|
|
(allow bluetooth device_logging_prop (file (read getattr map open)))
|
|
(allow bluetooth property_socket (sock_file (write)))
|
|
(allow bluetooth init (unix_stream_socket (connectto)))
|
|
(allow bluetooth binder_cache_bluetooth_server_prop (property_service (set)))
|
|
(allow bluetooth binder_cache_bluetooth_server_prop (file (read getattr map open)))
|
|
;;* lmx 55 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow base_typeattr_659 binder_cache_bluetooth_server_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow bluetooth property_socket (sock_file (write)))
|
|
(allow bluetooth init (unix_stream_socket (connectto)))
|
|
(allow bluetooth bluetooth_a2dp_offload_prop (property_service (set)))
|
|
(allow bluetooth bluetooth_a2dp_offload_prop (file (read getattr map open)))
|
|
(allow bluetooth property_socket (sock_file (write)))
|
|
(allow bluetooth init (unix_stream_socket (connectto)))
|
|
(allow bluetooth bluetooth_audio_hal_prop (property_service (set)))
|
|
(allow bluetooth bluetooth_audio_hal_prop (file (read getattr map open)))
|
|
(allow bluetooth property_socket (sock_file (write)))
|
|
(allow bluetooth init (unix_stream_socket (connectto)))
|
|
(allow bluetooth bluetooth_prop (property_service (set)))
|
|
(allow bluetooth bluetooth_prop (file (read getattr map open)))
|
|
(allow bluetooth property_socket (sock_file (write)))
|
|
(allow bluetooth init (unix_stream_socket (connectto)))
|
|
(allow bluetooth exported_bluetooth_prop (property_service (set)))
|
|
(allow bluetooth exported_bluetooth_prop (file (read getattr map open)))
|
|
(allow bluetooth property_socket (sock_file (write)))
|
|
(allow bluetooth init (unix_stream_socket (connectto)))
|
|
(allow bluetooth pan_result_prop (property_service (set)))
|
|
(allow bluetooth pan_result_prop (file (read getattr map open)))
|
|
(allow bluetooth audioserver_service (service_manager (find)))
|
|
(allow bluetooth bluetooth_service (service_manager (find)))
|
|
(allow bluetooth drmserver_service (service_manager (find)))
|
|
(allow bluetooth mediaserver_service (service_manager (find)))
|
|
(allow bluetooth radio_service (service_manager (find)))
|
|
(allow bluetooth app_api_service (service_manager (find)))
|
|
(allow bluetooth system_api_service (service_manager (find)))
|
|
(allow bluetooth network_stack_service (service_manager (find)))
|
|
(allow bluetooth system_suspend_control_service (service_manager (find)))
|
|
(allow bluetooth hal_audio_service (service_manager (find)))
|
|
(allow bluetooth shell_data_file (file (read)))
|
|
(allow bluetooth self (capability (sys_nice)))
|
|
(allow bluetooth self (cap_userns (sys_nice)))
|
|
(allow bluetooth runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 97 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow bluetooth self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow bluetooth self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
;;* lme
|
|
|
|
;;* lmx 98 system/sepolicy/private/bluetooth.te
|
|
|
|
(neverallow bluetooth self (capability2 (mac_override mac_admin syslog audit_read perfmon)))
|
|
(neverallow bluetooth self (cap2_userns (mac_override mac_admin syslog audit_read perfmon)))
|
|
;;* lme
|
|
|
|
(allow bluetoothdomain bluetooth (unix_stream_socket (ioctl read write getattr getopt setopt shutdown)))
|
|
(allow init bootanim_exec (file (read getattr map execute open)))
|
|
(allow init bootanim (process (transition)))
|
|
(allow bootanim bootanim_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init bootanim (process (noatsecure)))
|
|
(allow init bootanim (process (siginh rlimitinh)))
|
|
(typetransition init bootanim_exec process bootanim)
|
|
(dontaudit bootanim unlabeled (dir (search)))
|
|
(dontaudit bootanim vendor_default_prop (file (read)))
|
|
(allow bootanim bootloader_boot_reason_prop (file (read getattr map open)))
|
|
(allow bootanim bootanim_config_prop (file (read getattr map open)))
|
|
(allow bootanim property_socket (sock_file (write)))
|
|
(allow bootanim init (unix_stream_socket (connectto)))
|
|
(allow bootanim bootanim_system_prop (property_service (set)))
|
|
(allow bootanim bootanim_system_prop (file (read getattr map open)))
|
|
(allow bootanim bootanim_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow bootanim bootanim_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootanim bootanim_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bootanim vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init bootstat_exec (file (read getattr map execute open)))
|
|
(allow init bootstat (process (transition)))
|
|
(allow bootstat bootstat_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init bootstat (process (noatsecure)))
|
|
(allow init bootstat (process (siginh rlimitinh)))
|
|
(typetransition init bootstat_exec process bootstat)
|
|
(allow bootstat boottime_prop (file (read getattr map open)))
|
|
(allow bootstat property_socket (sock_file (write)))
|
|
(allow bootstat init (unix_stream_socket (connectto)))
|
|
(allow bootstat bootloader_boot_reason_prop (property_service (set)))
|
|
(allow bootstat bootloader_boot_reason_prop (file (read getattr map open)))
|
|
(allow bootstat property_socket (sock_file (write)))
|
|
(allow bootstat init (unix_stream_socket (connectto)))
|
|
(allow bootstat system_boot_reason_prop (property_service (set)))
|
|
(allow bootstat system_boot_reason_prop (file (read getattr map open)))
|
|
(allow bootstat property_socket (sock_file (write)))
|
|
(allow bootstat init (unix_stream_socket (connectto)))
|
|
(allow bootstat last_boot_reason_prop (property_service (set)))
|
|
(allow bootstat last_boot_reason_prop (file (read getattr map open)))
|
|
;;* lmx 24 system/sepolicy/private/bootstat.te
|
|
|
|
(neverallow base_typeattr_660 bootloader_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(neverallow base_typeattr_660 last_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/private/bootstat.te
|
|
|
|
(neverallow bootanim last_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(neverallow recovery last_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 33 system/sepolicy/private/bootstat.te
|
|
|
|
(neverallow base_typeattr_661 bootloader_boot_reason_prop (property_service (set)))
|
|
(neverallow base_typeattr_661 last_boot_reason_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 35 system/sepolicy/private/bootstat.te
|
|
|
|
(neverallow system_server bootloader_boot_reason_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init boringssl_self_test_exec (file (read getattr map execute open)))
|
|
(allow init boringssl_self_test (process (transition)))
|
|
(allow boringssl_self_test boringssl_self_test_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init boringssl_self_test (process (noatsecure)))
|
|
(allow init boringssl_self_test (process (siginh rlimitinh)))
|
|
(typetransition init boringssl_self_test_exec process boringssl_self_test)
|
|
(allow init vendor_boringssl_self_test_exec (file (read getattr map execute open)))
|
|
(allow init vendor_boringssl_self_test (process (transition)))
|
|
(allow vendor_boringssl_self_test vendor_boringssl_self_test_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init vendor_boringssl_self_test (process (noatsecure)))
|
|
(allow init vendor_boringssl_self_test (process (siginh rlimitinh)))
|
|
(typetransition init vendor_boringssl_self_test_exec process vendor_boringssl_self_test)
|
|
(allow boringssl_self_test boringssl_self_test_marker (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow vendor_boringssl_self_test boringssl_self_test_marker (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow boringssl_self_test boringssl_self_test_marker (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow vendor_boringssl_self_test boringssl_self_test_marker (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow boringssl_self_test kmsg_debug_device (chr_file (ioctl write getattr lock append map open)))
|
|
(allow vendor_boringssl_self_test kmsg_debug_device (chr_file (ioctl write getattr lock append map open)))
|
|
;;* lmx 66 system/sepolicy/private/boringssl_self_test.te
|
|
|
|
(neverallow base_typeattr_662 boringssl_self_test_marker (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 74 system/sepolicy/private/boringssl_self_test.te
|
|
|
|
(neverallow base_typeattr_662 boringssl_self_test_marker (dir (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/private/bpfdomain.te
|
|
|
|
(neverallow base_typeattr_663 self (capability (net_admin net_raw)))
|
|
(neverallow base_typeattr_663 self (cap_userns (net_admin net_raw)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/bpfdomain.te
|
|
|
|
(neverallow base_typeattr_664 base_typeattr_224 (bpf (map_create map_read map_write prog_load prog_run)))
|
|
;;* lme
|
|
|
|
(allow bpfdomain fs_bpf (dir (search)))
|
|
(allow bpfdomain bpffs_type (lnk_file (read)))
|
|
(allow bpfdomain bpf_progs_loaded_prop (file (read getattr map open)))
|
|
(allow bpfloader kmsg_device (chr_file (write lock append map open)))
|
|
(allow bpfloader bpffs_type (dir (write create add_name remove_name search)))
|
|
(allow bpfloader bpffs_type (file (read create getattr setattr rename)))
|
|
(allow bpfloader bpffs_type (lnk_file (read create getattr)))
|
|
(allow base_typeattr_665 fs_bpf (filesystem (associate)))
|
|
(allow bpfloader self (bpf (map_create map_read map_write prog_load prog_run)))
|
|
(allow bpfloader self (capability (chown net_admin sys_admin)))
|
|
(allow bpfloader sysfs_fs_fuse_bpf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow bpfloader proc_bpf (file (write lock append map open)))
|
|
(allow bpfloader property_socket (sock_file (write)))
|
|
(allow bpfloader init (unix_stream_socket (connectto)))
|
|
(allow bpfloader bpf_progs_loaded_prop (property_service (set)))
|
|
(allow bpfloader bpf_progs_loaded_prop (file (read getattr map open)))
|
|
(allow bpfloader bpfloader_exec (file (execute_no_trans)))
|
|
;;* lmx 32 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow domain bpffs_type (dir (ioctl read setattr lock relabelfrom relabelto append map unlink link rename execute quotaon audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 33 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 bpffs_type (dir (write create add_name remove_name)))
|
|
;;* lme
|
|
|
|
;;* lmx 35 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow domain bpffs_type (file (ioctl lock relabelfrom relabelto append unlink link execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 36 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 bpffs_type (file (create setattr map rename open)))
|
|
;;* lme
|
|
|
|
;;* lmx 37 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_667 fs_bpf (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 38 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 fs_bpf_loader (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 39 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_668 fs_bpf_net_private (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 40 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_669 fs_bpf_net_shared (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 41 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_670 fs_bpf_netd_readonly (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_671 fs_bpf_netd_shared (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_668 fs_bpf_tethering (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 44 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_672 fs_bpf_uprobestats (file (read getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_673 base_typeattr_674 (file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 47 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 bpffs_type (lnk_file (ioctl write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 48 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_664 bpffs_type (lnk_file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 50 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 base_typeattr_224 (bpf (map_create prog_load)))
|
|
;;* lme
|
|
|
|
;;* lmx 53 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 fs_bpf_loader (bpf (map_create map_read map_write prog_load prog_run)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 fs_bpf_loader (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 67 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_675 base_typeattr_224 (bpf (prog_run)))
|
|
;;* lme
|
|
|
|
;;* lmx 68 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_676 base_typeattr_224 (bpf (map_read map_write)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_677 bpfloader_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 71 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_678 fs_bpf_vendor (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 73 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow bpfloader base_typeattr_224 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
(neverallow bpfloader base_typeattr_224 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow bpfloader base_typeattr_224 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 76 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow domain bpfloader (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 78 system/sepolicy/private/bpfloader.te
|
|
|
|
(neverallow base_typeattr_666 proc_bpf (file (write)))
|
|
;;* lme
|
|
|
|
(allow init bufferhubd_exec (file (read getattr map execute open)))
|
|
(allow init bufferhubd (process (transition)))
|
|
(allow bufferhubd bufferhubd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init bufferhubd (process (noatsecure)))
|
|
(allow init bufferhubd (process (siginh rlimitinh)))
|
|
(typetransition init bufferhubd_exec process bufferhubd)
|
|
(allow init cameraserver_exec (file (read getattr map execute open)))
|
|
(allow init cameraserver (process (transition)))
|
|
(allow cameraserver cameraserver_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init cameraserver (process (noatsecure)))
|
|
(allow init cameraserver (process (siginh rlimitinh)))
|
|
(typetransition init cameraserver_exec process cameraserver)
|
|
(typetransition cameraserver tmpfs file cameraserver_tmpfs)
|
|
(allow cameraserver cameraserver_tmpfs (file (read write getattr map)))
|
|
(allow cameraserver gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow cameraserver gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow cameraserver virtual_camera (binder (call)))
|
|
(allow init canhalconfigurator_exec (file (read getattr map execute open)))
|
|
(allow init canhalconfigurator (process (transition)))
|
|
(allow canhalconfigurator canhalconfigurator_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init canhalconfigurator (process (noatsecure)))
|
|
(allow init canhalconfigurator (process (siginh rlimitinh)))
|
|
(typetransition init canhalconfigurator_exec process canhalconfigurator)
|
|
(allow canhalconfigurator servicemanager (binder (call transfer)))
|
|
(allow servicemanager canhalconfigurator (binder (call transfer)))
|
|
(allow servicemanager canhalconfigurator (dir (search)))
|
|
(allow servicemanager canhalconfigurator (file (read open)))
|
|
(allow servicemanager canhalconfigurator (process (getattr)))
|
|
(allow hal_can_controller canhalconfigurator (binder (call transfer)))
|
|
(allow canhalconfigurator hal_can_controller (binder (transfer)))
|
|
(allow hal_can_controller canhalconfigurator (fd (use)))
|
|
(allow charger property_socket (sock_file (write)))
|
|
(allow charger init (unix_stream_socket (connectto)))
|
|
(allow charger system_prop (property_service (set)))
|
|
(allow charger system_prop (file (read getattr map open)))
|
|
(allow charger property_socket (sock_file (write)))
|
|
(allow charger init (unix_stream_socket (connectto)))
|
|
(allow charger exported_system_prop (property_service (set)))
|
|
(allow charger exported_system_prop (file (read getattr map open)))
|
|
(allow charger property_socket (sock_file (write)))
|
|
(allow charger init (unix_stream_socket (connectto)))
|
|
(allow charger exported3_system_prop (property_service (set)))
|
|
(allow charger exported3_system_prop (file (read getattr map open)))
|
|
(allow charger charger_prop (file (read getattr map open)))
|
|
;;* lmx 13 system/sepolicy/private/charger.te
|
|
|
|
(neverallow base_typeattr_679 charger_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow charger_type property_socket (sock_file (write)))
|
|
(allow charger_type init (unix_stream_socket (connectto)))
|
|
(allow charger_type charger_status_prop (property_service (set)))
|
|
(allow charger_type charger_status_prop (file (read getattr map open)))
|
|
(allow charger_type charger_config_prop (file (read getattr map open)))
|
|
(allow charger_type recovery_config_prop (file (read getattr map open)))
|
|
;;* lmx 16 system/sepolicy/private/charger_type.te
|
|
|
|
(neverallow base_typeattr_259 charger_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/private/charger_type.te
|
|
|
|
(neverallow base_typeattr_680 charger_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 38 system/sepolicy/private/charger_type.te
|
|
|
|
(neverallow base_typeattr_681 charger_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_681 charger_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow clatd system_server (fd (use)))
|
|
(allow clatd system_server (packet_socket (read write)))
|
|
(allow clatd system_server (rawip_socket (read write)))
|
|
(allow clatd tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow compos_fd_server composd (fd (use)))
|
|
(allow compos_fd_server apex_art_staging_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow compos_fd_server apex_art_staging_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow compos_fd_server apex_art_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow compos_fd_server apex_art_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow compos_fd_server composd (fifo_file (write)))
|
|
(allow compos_fd_server composd (fifo_file (read)))
|
|
(allow compos_fd_server self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 26 system/sepolicy/private/compos_fd_server.te
|
|
|
|
(neverallow base_typeattr_682 compos_fd_server (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 27 system/sepolicy/private/compos_fd_server.te
|
|
|
|
(neverallow base_typeattr_224 compos_fd_server (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allow compos_verify servicemanager (binder (call transfer)))
|
|
(allow servicemanager compos_verify (binder (call transfer)))
|
|
(allow servicemanager compos_verify (dir (search)))
|
|
(allow servicemanager compos_verify (file (read open)))
|
|
(allow servicemanager compos_verify (process (getattr)))
|
|
(allow compos_verify virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow compos_verify virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager compos_verify (process (sigchld)))
|
|
(dontaudit compos_verify virtualizationmanager (process (noatsecure)))
|
|
(allow compos_verify virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition compos_verify virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm compos_verify (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager compos_verify (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm compos_verify (fd (use)))
|
|
(allow virtualizationmanager compos_verify (fd (use)))
|
|
(allow compos_verify virtualizationmanager (fd (use)))
|
|
(allow crosvm compos_verify (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager compos_verify (fifo_file (ioctl read write getattr)))
|
|
(allow compos_verify virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow compos_verify hypervisor_prop (file (read getattr map open)))
|
|
(allow compos_verify virtualizationservice_data_file (file (read getattr)))
|
|
(allow compos_verify apex_module_data_file (dir (search)))
|
|
(allow compos_verify apex_compos_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow compos_verify apex_compos_data_file (file (ioctl read write create getattr lock append map open watch watch_reads)))
|
|
(allow compos_verify apex_art_data_file (dir (search)))
|
|
(allow compos_verify apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow compos_verify odsign (fd (use)))
|
|
(allow compos_verify odsign_devpts (chr_file (read write)))
|
|
;;* lmx 23 system/sepolicy/private/compos_verify.te
|
|
|
|
(neverallow base_typeattr_683 compos_verify (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 24 system/sepolicy/private/compos_verify.te
|
|
|
|
(neverallow base_typeattr_224 compos_verify (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(allow init composd_exec (file (read getattr map execute open)))
|
|
(allow init composd (process (transition)))
|
|
(allow composd composd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init composd (process (noatsecure)))
|
|
(allow init composd (process (siginh rlimitinh)))
|
|
(typetransition init composd_exec process composd)
|
|
(allow composd servicemanager (binder (call transfer)))
|
|
(allow servicemanager composd (binder (call transfer)))
|
|
(allow servicemanager composd (dir (search)))
|
|
(allow servicemanager composd (file (read open)))
|
|
(allow servicemanager composd (process (getattr)))
|
|
(allow composd compos_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/private/composd.te
|
|
|
|
(neverallow base_typeattr_682 compos_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow composd system_server (binder (call transfer)))
|
|
(allow system_server composd (binder (transfer)))
|
|
(allow composd system_server (fd (use)))
|
|
(allow composd virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow composd virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager composd (process (sigchld)))
|
|
(dontaudit composd virtualizationmanager (process (noatsecure)))
|
|
(allow composd virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition composd virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm composd (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager composd (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm composd (fd (use)))
|
|
(allow virtualizationmanager composd (fd (use)))
|
|
(allow composd virtualizationmanager (fd (use)))
|
|
(allow crosvm composd (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager composd (fifo_file (ioctl read write getattr)))
|
|
(allow composd virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow composd hypervisor_prop (file (read getattr map open)))
|
|
(allow composd virtualizationservice_data_file (file (read getattr)))
|
|
(allow composd apex_art_data_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow composd apex_art_staging_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow composd apex_art_staging_data_file (file (getattr unlink)))
|
|
(allow composd apex_art_data_file (file (ioctl read write unlink open)))
|
|
(allowx composd apex_art_data_file (ioctl file (0x6685)))
|
|
(allow composd apex_module_data_file (dir (search)))
|
|
(allow composd apex_compos_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow composd apex_compos_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow composd fd_server_exec (file (read getattr map execute open)))
|
|
(allow composd compos_fd_server (process (transition)))
|
|
(allow compos_fd_server fd_server_exec (file (read getattr map execute open entrypoint)))
|
|
(allow compos_fd_server composd (process (sigchld)))
|
|
(dontaudit composd compos_fd_server (process (noatsecure)))
|
|
(allow composd compos_fd_server (process (siginh rlimitinh)))
|
|
(typetransition composd fd_server_exec process compos_fd_server)
|
|
(allow composd compos_fd_server (process (signal)))
|
|
(allow composd composd_vm_art_prop (file (read getattr map open)))
|
|
(allow composd composd_vm_vendor_prop (file (read getattr map open)))
|
|
(allow composd dalvik_config_prop_type (file (read getattr map open)))
|
|
(allow composd device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
;;* lmx 42 system/sepolicy/private/composd.te
|
|
|
|
(neverallow composd apex_art_data_file (file (create)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/composd.te
|
|
|
|
(neverallow base_typeattr_223 composd_vm_art_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow coredomain apex_ready_prop (file (read getattr map open)))
|
|
(allow coredomain boot_status_prop (file (read getattr map open)))
|
|
(allow coredomain camera_config_prop (file (read getattr map open)))
|
|
(allow coredomain dalvik_config_prop_type (file (read getattr map open)))
|
|
(allow coredomain dalvik_runtime_prop (file (read getattr map open)))
|
|
(allow coredomain exported_pm_prop (file (read getattr map open)))
|
|
(allow coredomain ffs_config_prop (file (read getattr map open)))
|
|
(allow coredomain graphics_config_prop (file (read getattr map open)))
|
|
(allow coredomain graphics_config_writable_prop (file (read getattr map open)))
|
|
(allow coredomain hdmi_config_prop (file (read getattr map open)))
|
|
(allow coredomain init_service_status_private_prop (file (read getattr map open)))
|
|
(allow coredomain lmkd_config_prop (file (read getattr map open)))
|
|
(allow coredomain localization_prop (file (read getattr map open)))
|
|
(allow coredomain pm_prop (file (read getattr map open)))
|
|
(allow coredomain radio_control_prop (file (read getattr map open)))
|
|
(allow coredomain rollback_test_prop (file (read getattr map open)))
|
|
(allow coredomain setupwizard_prop (file (read getattr map open)))
|
|
(allow coredomain setupwizard_mode_prop (file (read getattr map open)))
|
|
(allow coredomain sqlite_log_prop (file (read getattr map open)))
|
|
(allow coredomain storagemanager_config_prop (file (read getattr map open)))
|
|
(allow coredomain surfaceflinger_color_prop (file (read getattr map open)))
|
|
(allow coredomain systemsound_config_prop (file (read getattr map open)))
|
|
(allow coredomain telephony_config_prop (file (read getattr map open)))
|
|
(allow coredomain usb_config_prop (file (read getattr map open)))
|
|
(allow coredomain usb_control_prop (file (read getattr map open)))
|
|
(allow coredomain userspace_reboot_config_prop (file (read getattr map open)))
|
|
(allow coredomain vold_config_prop (file (read getattr map open)))
|
|
(allow coredomain vts_status_prop (file (read getattr map open)))
|
|
(allow coredomain zygote_config_prop (file (read getattr map open)))
|
|
(allow coredomain zygote_wrap_prop (file (read getattr map open)))
|
|
(allow coredomain default_prop (file (read getattr map open)))
|
|
;;* lmx 35 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_684 sysfs_leds (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 51 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_685 vendor_app_file (dir (read getattr open search)))
|
|
;;* lme
|
|
|
|
;;* lmx 70 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_686 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 92 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_687 vendor_overlay_file (dir (read getattr open search)))
|
|
;;* lme
|
|
|
|
;;* lmx 114 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_687 vendor_overlay_file (file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_688 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_684 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_689 device (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_689 device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow coredomain debugfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_690 debugfs_tracing (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_691 inotify (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_692 pstorefs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_693 configfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_694 functionfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_691 usbfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_691 binfmt_miscfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 140 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow base_typeattr_695 base_typeattr_696 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 254 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow coredomain radio_device (chr_file (ioctl read write append open)))
|
|
(neverallow coredomain iio_device (chr_file (ioctl read write append open)))
|
|
;;* lme
|
|
|
|
;;* lmx 258 system/sepolicy/private/coredomain.te
|
|
|
|
(neverallow coredomain tee_device (chr_file (ioctl read write append open)))
|
|
;;* lme
|
|
|
|
(allow init cppreopts_exec (file (read getattr map execute open)))
|
|
(allow init cppreopts (process (transition)))
|
|
(allow cppreopts cppreopts_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init cppreopts (process (noatsecure)))
|
|
(allow init cppreopts (process (siginh rlimitinh)))
|
|
(typetransition init cppreopts_exec process cppreopts)
|
|
(allow cppreopts preopt2cachename_exec (file (read getattr map execute open)))
|
|
(allow cppreopts preopt2cachename (process (transition)))
|
|
(allow preopt2cachename preopt2cachename_exec (file (read getattr map execute open entrypoint)))
|
|
(allow preopt2cachename cppreopts (process (sigchld)))
|
|
(dontaudit cppreopts preopt2cachename (process (noatsecure)))
|
|
(allow cppreopts preopt2cachename (process (siginh rlimitinh)))
|
|
(typetransition cppreopts preopt2cachename_exec process preopt2cachename)
|
|
(allow cppreopts dalvikcache_data_file (dir (write add_name remove_name search)))
|
|
(allow cppreopts dalvikcache_data_file (file (read write create getattr unlink rename open)))
|
|
(allow cppreopts shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow cppreopts system_file (dir (read open)))
|
|
(allow cppreopts toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(dontaudit cppreopts postinstall_mnt_dir (dir (search)))
|
|
(dontaudit crash_dump dev_type (chr_file (read write)))
|
|
(dontaudit crash_dump devpts (chr_file (read write)))
|
|
(allow crash_dump base_typeattr_697 (process (sigchld sigkill sigstop signal ptrace)))
|
|
(allow crash_dump apex_art_data_file (dir (getattr search)))
|
|
(allow crash_dump apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump system_bootstrap_lib_file (dir (getattr search)))
|
|
(allow crash_dump system_bootstrap_lib_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow crash_dump vendor_apex_metadata_file (dir (getattr search)))
|
|
;;* lmx 64 system/sepolicy/private/crash_dump.te
|
|
|
|
(neverallow crash_dump apexd (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump bpfloader (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump init (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump kernel (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump keystore (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump llkd (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump logd (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump ueventd (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump vendor_init (process (sigkill sigstop signal ptrace)))
|
|
(neverallow crash_dump vold (process (sigkill sigstop signal ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/private/crash_dump.te
|
|
|
|
(neverallow crash_dump self (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 67 system/sepolicy/private/crash_dump.te
|
|
|
|
(neverallow crash_dump gpu_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow init credstore_exec (file (read getattr map execute open)))
|
|
(allow init credstore (process (transition)))
|
|
(allow credstore credstore_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init credstore (process (noatsecure)))
|
|
(allow init credstore (process (siginh rlimitinh)))
|
|
(typetransition init credstore_exec process credstore)
|
|
(allow credstore remote_prov_prop (file (read getattr map open)))
|
|
(allow credstore remote_provisioning_service (service_manager (find)))
|
|
(allow crosvm vm_manager_device_type (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lmx 10 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow base_typeattr_698 kvm_device (chr_file (getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow base_typeattr_699 kvm_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 12 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallowx base_typeattr_700 kvm_device (ioctl chr_file ((range 0x0 0xadff) (range 0xaf00 0xffff))))
|
|
;;* lme
|
|
|
|
;;* lmx 12 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallowx base_typeattr_700 kvm_device (ioctl chr_file ((range 0xae00 0xae02) (range 0xae04 0xaeff))))
|
|
;;* lme
|
|
|
|
;;* lmx 17 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow base_typeattr_701 vm_manager_device_type (chr_file (getattr)))
|
|
;;* lme
|
|
|
|
;;* lmx 18 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow base_typeattr_702 vm_manager_device_type (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(typetransition crosvm tmpfs file crosvm_tmpfs)
|
|
(allow crosvm crosvm_tmpfs (file (read write getattr map)))
|
|
(allow crosvm virtualizationmanager (fd (use)))
|
|
(allow crosvm virtualizationmanager (fifo_file (write)))
|
|
(allow crosvm vendor_microdroid_file (file (ioctl read getattr lock)))
|
|
(allow crosvm apk_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm shell_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm staging_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm app_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm privapp_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm apex_compos_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm apex_virt_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm virtualizationservice_data_file (file (ioctl read getattr lock)))
|
|
(allow crosvm virtualizationservice_data_file (dir (search)))
|
|
(allow crosvm self (capability (sys_nice)))
|
|
(allow crosvm self (cap_userns (sys_nice)))
|
|
(allow crosvm virtualizationmanager (unix_stream_socket (read write getattr accept getopt)))
|
|
(allow crosvm app_data_file (file (write)))
|
|
(allow crosvm privapp_data_file (file (write)))
|
|
(allow crosvm apex_compos_data_file (file (write)))
|
|
(allow crosvm apex_virt_data_file (file (write)))
|
|
(allow crosvm virtualizationservice_data_file (file (write)))
|
|
(allow crosvm adbd (fd (use)))
|
|
(allow crosvm adbd (unix_stream_socket (read write)))
|
|
(allow crosvm devpts (chr_file (ioctl read write getattr)))
|
|
(dontaudit crosvm self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow crosvm shell_data_file (file (write)))
|
|
(dontaudit crosvm virtualizationmanager (fifo_file (read getattr)))
|
|
(allow crosvm self (tcp_socket (read write create bind listen accept setopt)))
|
|
(allow crosvm port (tcp_socket (name_bind)))
|
|
(allow crosvm adbd (unix_stream_socket (ioctl)))
|
|
(allow crosvm node (tcp_socket (node_bind)))
|
|
(allow crosvm vfio_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow crosvm vfio_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow crosvm virtualizationmanager (fd (use)))
|
|
(allow crosvm virtualizationservice_data_file (file (read)))
|
|
;;* lmx 125 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow crosvm apk_data_file (file (open)))
|
|
(neverallow crosvm staging_data_file (file (open)))
|
|
(neverallow crosvm app_data_file (file (open)))
|
|
(neverallow crosvm privapp_data_file (file (open)))
|
|
(neverallow crosvm virtualizationservice_data_file (file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 128 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow crosvm base_typeattr_703 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 151 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow crosvm base_typeattr_704 (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 158 system/sepolicy/private/crosvm.te
|
|
|
|
(neverallow base_typeattr_705 crosvm_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow init derive_classpath_exec (file (read getattr map execute open)))
|
|
(allow init derive_classpath (process (transition)))
|
|
(allow derive_classpath derive_classpath_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init derive_classpath (process (noatsecure)))
|
|
(allow init derive_classpath (process (siginh rlimitinh)))
|
|
(typetransition init derive_classpath_exec process derive_classpath)
|
|
(allow derive_classpath apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow derive_classpath vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow derive_classpath environ_system_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow derive_classpath environ_system_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow derive_classpath unlabeled (dir (search)))
|
|
(allow derive_classpath postinstall_apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow derive_classpath postinstall_dexopt (dir (search)))
|
|
(allow derive_classpath postinstall_dexopt (fd (use)))
|
|
(allow derive_classpath postinstall_dexopt (file (read)))
|
|
(allow derive_classpath postinstall_dexopt (lnk_file (read)))
|
|
(allow derive_classpath postinstall_dexopt_tmpfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init derive_sdk_exec (file (read getattr map execute open)))
|
|
(allow init derive_sdk (process (transition)))
|
|
(allow derive_sdk derive_sdk_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init derive_sdk (process (noatsecure)))
|
|
(allow init derive_sdk (process (siginh rlimitinh)))
|
|
(typetransition init derive_sdk_exec process derive_sdk)
|
|
(allow derive_sdk apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow derive_sdk vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow derive_sdk property_socket (sock_file (write)))
|
|
(allow derive_sdk init (unix_stream_socket (connectto)))
|
|
(allow derive_sdk module_sdkextensions_prop (property_service (set)))
|
|
(allow derive_sdk module_sdkextensions_prop (file (read getattr map open)))
|
|
;;* lmx 13 system/sepolicy/private/derive_sdk.te
|
|
|
|
(neverallow base_typeattr_706 module_sdkextensions_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow derive_sdk dumpstate (fd (use)))
|
|
(allow derive_sdk dumpstate (unix_stream_socket (read write)))
|
|
(allow derive_sdk shell_data_file (file (read write getattr append)))
|
|
(typetransition device_as_webcam tmpfs file appdomain_tmpfs)
|
|
(allow device_as_webcam device_as_webcam_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su device_as_webcam_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
|
|
|
|
(neverallow base_typeattr_707 device_as_webcam_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow device_as_webcam appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
|
|
|
|
(neverallow base_typeattr_708 base_typeattr_707 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
|
|
|
|
(neverallow base_typeattr_709 device_as_webcam (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
|
|
|
|
(neverallow base_typeattr_710 device_as_webcam (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow device_as_webcam system_app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow device_as_webcam system_app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow device_as_webcam app_api_service (service_manager (find)))
|
|
(allow device_as_webcam cameraserver_service (service_manager (find)))
|
|
(allow device_as_webcam usb_uvc_enabled_prop (file (read getattr map open)))
|
|
(allow device_as_webcam device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow device_as_webcam video_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow device_as_webcam video_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow dex2oat dex2oat_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su dex2oat_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 5 system/sepolicy/private/dex2oat.te
|
|
|
|
(neverallow base_typeattr_711 dex2oat_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow dex2oat apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat vendor_framework_file (dir (getattr search)))
|
|
(allow dex2oat vendor_framework_file (file (read getattr map open)))
|
|
(allow dex2oat vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat vendor_apex_metadata_file (dir (getattr search)))
|
|
(allow dex2oat tmpfs (file (read getattr map)))
|
|
(allow dex2oat dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat dalvikcache_data_file (file (write)))
|
|
(allow dex2oat system_file (file (lock)))
|
|
(allow dex2oat postinstall_file (file (lock)))
|
|
(allow dex2oat asec_apk_file (file (read map)))
|
|
(allow dex2oat unlabeled (file (read map)))
|
|
(allow dex2oat oemfs (file (read map)))
|
|
(allow dex2oat apk_tmp_file (dir (search)))
|
|
(allow dex2oat apk_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat user_profile_data_file (file (read getattr lock map)))
|
|
(allow dex2oat app_data_file (file (read write getattr lock map)))
|
|
(allow dex2oat privapp_data_file (file (read write getattr lock map)))
|
|
(allow dex2oat apex_module_data_file (dir (search)))
|
|
(allow dex2oat odsign_devpts (chr_file (read write)))
|
|
(allow dex2oat apex_art_staging_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat apex_art_staging_data_file (file (read write getattr map unlink)))
|
|
(allow dex2oat apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow dex2oat device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow dex2oat apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat artd (fd (use)))
|
|
(allow dex2oat installd (fd (use)))
|
|
(allow dex2oat odrefresh (fd (use)))
|
|
(allow dex2oat odsign (fd (use)))
|
|
(allow dex2oat proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat postinstall_dexopt (fd (use)))
|
|
(allow dex2oat postinstall_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dex2oat postinstall_file (filesystem (getattr)))
|
|
(allow dex2oat postinstall_file (lnk_file (read getattr)))
|
|
(allow dex2oat postinstall_file (file (read)))
|
|
(allow dex2oat postinstall_file (file (getattr execute open)))
|
|
(allow dex2oat postinstall_apex_mnt_dir (dir (getattr search)))
|
|
(allow dex2oat postinstall_apex_mnt_dir (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat postinstall_apex_mnt_dir (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat ota_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow dex2oat ota_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dex2oat ota_data_file (lnk_file (read create)))
|
|
(allow dex2oat ota_data_file (file (write create setattr lock append map open)))
|
|
(allow dex2oat apexd (fd (use)))
|
|
;;* lmx 115 system/sepolicy/private/dex2oat.te
|
|
|
|
(neverallow dex2oat app_data_file_type (file (open)))
|
|
(neverallow dex2oat app_data_file_type (lnk_file (open)))
|
|
(neverallow dex2oat app_data_file_type (sock_file (open)))
|
|
(neverallow dex2oat app_data_file_type (fifo_file (open)))
|
|
;;* lme
|
|
|
|
(allow dexopt_chroot_setup servicemanager (binder (call transfer)))
|
|
(allow servicemanager dexopt_chroot_setup (binder (call transfer)))
|
|
(allow servicemanager dexopt_chroot_setup (dir (search)))
|
|
(allow servicemanager dexopt_chroot_setup (file (read open)))
|
|
(allow servicemanager dexopt_chroot_setup (process (getattr)))
|
|
(allow dexopt_chroot_setup dexopt_chroot_setup_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/private/dexopt_chroot_setup.te
|
|
|
|
(neverallow base_typeattr_712 dexopt_chroot_setup_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow dexopt_chroot_setup dumpstate (fifo_file (write getattr)))
|
|
(allow dexopt_chroot_setup dumpstate (fd (use)))
|
|
(allow init dexopt_chroot_setup_exec (file (read getattr map execute open)))
|
|
(allow init dexopt_chroot_setup (process (transition)))
|
|
(allow dexopt_chroot_setup dexopt_chroot_setup_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init dexopt_chroot_setup (process (noatsecure)))
|
|
(allow init dexopt_chroot_setup (process (siginh rlimitinh)))
|
|
(typetransition init dexopt_chroot_setup_exec process dexopt_chroot_setup)
|
|
(typetransition dexopt_chroot_setup tmpfs file dexopt_chroot_setup_tmpfs)
|
|
(allow dexopt_chroot_setup dexopt_chroot_setup_tmpfs (file (read write getattr map)))
|
|
(allow dexopt_chroot_setup apex_module_data_file (dir (getattr search)))
|
|
(allow dexopt_chroot_setup apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dexopt_chroot_setup apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexopt_chroot_setup apex_art_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexopt_chroot_setup dexopt_chroot_setup_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su dexopt_chroot_setup_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 23 system/sepolicy/private/dexopt_chroot_setup.te
|
|
|
|
(neverallow base_typeattr_712 dexopt_chroot_setup_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow dexoptanalyzer apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dexoptanalyzer apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexoptanalyzer apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexoptanalyzer vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dexoptanalyzer vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexoptanalyzer vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(typetransition dexoptanalyzer tmpfs file dexoptanalyzer_tmpfs)
|
|
(allow dexoptanalyzer dexoptanalyzer_tmpfs (file (read write getattr map)))
|
|
(allow dexoptanalyzer dexoptanalyzer_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su dexoptanalyzer_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 17 system/sepolicy/private/dexoptanalyzer.te
|
|
|
|
(neverallow base_typeattr_713 dexoptanalyzer_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow dexoptanalyzer dalvikcache_data_file (dir (getattr search)))
|
|
(allow dexoptanalyzer dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexoptanalyzer dalvikcache_data_file (lnk_file (read)))
|
|
(allow dexoptanalyzer apex_module_data_file (dir (getattr search)))
|
|
(allow dexoptanalyzer apex_art_data_file (dir (getattr search)))
|
|
(allow dexoptanalyzer apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dexoptanalyzer odrefresh (fd (use)))
|
|
(allow dexoptanalyzer odsign (fd (use)))
|
|
(allow dexoptanalyzer odsign_devpts (chr_file (read write)))
|
|
(allow dexoptanalyzer installd (fd (use)))
|
|
(allow dexoptanalyzer installd (fifo_file (write getattr)))
|
|
(allow dexoptanalyzer system_file (file (lock)))
|
|
(allow dexoptanalyzer app_data_file (file (read getattr map)))
|
|
(allow dexoptanalyzer privapp_data_file (file (read getattr map)))
|
|
(dontaudit dexoptanalyzer app_data_file (dir (search)))
|
|
(dontaudit dexoptanalyzer privapp_data_file (dir (search)))
|
|
(allow dexoptanalyzer system_data_file (lnk_file (getattr)))
|
|
(allow dexoptanalyzer device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow dexoptanalyzer device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow dexoptanalyzer apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init dhcp_exec (file (read getattr map execute open)))
|
|
(allow init dhcp (process (transition)))
|
|
(allow dhcp dhcp_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init dhcp (process (noatsecure)))
|
|
(allow init dhcp (process (siginh rlimitinh)))
|
|
(typetransition init dhcp_exec process dhcp)
|
|
(typetransition dhcp system_data_file dir dhcp_data_file)
|
|
(typetransition dhcp system_data_file file dhcp_data_file)
|
|
(allow dhcp property_socket (sock_file (write)))
|
|
(allow dhcp init (unix_stream_socket (connectto)))
|
|
(allow dhcp dhcp_prop (property_service (set)))
|
|
(allow dhcp dhcp_prop (file (read getattr map open)))
|
|
(allow dhcp property_socket (sock_file (write)))
|
|
(allow dhcp init (unix_stream_socket (connectto)))
|
|
(allow dhcp pan_result_prop (property_service (set)))
|
|
(allow dhcp pan_result_prop (file (read getattr map open)))
|
|
(allow init dmesgd_exec (file (read getattr map execute open)))
|
|
(allow init dmesgd (process (transition)))
|
|
(allow dmesgd dmesgd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init dmesgd (process (noatsecure)))
|
|
(allow init dmesgd (process (siginh rlimitinh)))
|
|
(typetransition init dmesgd_exec process dmesgd)
|
|
(allow dmesgd dmesgd_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow dmesgd dmesgd_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow dmesgd kernel (system (syslog_read)))
|
|
(allow dmesgd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dmesgd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dmesgd servicemanager (binder (call transfer)))
|
|
(allow servicemanager dmesgd (binder (call transfer)))
|
|
(allow servicemanager dmesgd (dir (search)))
|
|
(allow servicemanager dmesgd (file (read open)))
|
|
(allow servicemanager dmesgd (process (getattr)))
|
|
(allow dmesgd system_server (binder (call transfer)))
|
|
(allow system_server dmesgd (binder (transfer)))
|
|
(allow dmesgd system_server (fd (use)))
|
|
(allow dmesgd dropbox_service (service_manager (find)))
|
|
(allow dmesgd proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain crash_dump_exec (file (read getattr map execute open)))
|
|
(allow domain crash_dump (process (transition)))
|
|
(allow crash_dump crash_dump_exec (file (read getattr map execute open entrypoint)))
|
|
(allow crash_dump domain (process (sigchld)))
|
|
(dontaudit domain crash_dump (process (noatsecure)))
|
|
(allow domain crash_dump (process (siginh rlimitinh)))
|
|
(typetransition domain crash_dump_exec process crash_dump)
|
|
(allow domain crash_dump (process (sigchld)))
|
|
(allow domain heapprofd_prop (file (read getattr map open)))
|
|
(allow heapprofd base_typeattr_714 (process (signal)))
|
|
(allow base_typeattr_714 heapprofd_socket (sock_file (write)))
|
|
(allow base_typeattr_714 heapprofd (unix_stream_socket (connectto)))
|
|
(allow heapprofd base_typeattr_714 (fd (use)))
|
|
(allow base_typeattr_714 heapprofd_tmpfs (file (read write getattr map)))
|
|
(allow base_typeattr_714 heapprofd (fd (use)))
|
|
(allow heapprofd base_typeattr_714 (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow heapprofd base_typeattr_714 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf base_typeattr_715 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf base_typeattr_715 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf base_typeattr_715 (process (signal)))
|
|
(allow base_typeattr_715 traced_perf_socket (sock_file (write)))
|
|
(allow base_typeattr_715 traced_perf (unix_stream_socket (connectto)))
|
|
(allow traced_perf base_typeattr_715 (fd (use)))
|
|
(allow domain sysfs_fs_incfs_features (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain sysfs_fs_incfs_features (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_fs_incfs_features (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_fs_fuse_features (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow domain sysfs_fs_fuse_features (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain sysfs_fs_fuse_features (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain cgroup (dir (search)))
|
|
(allow base_typeattr_716 cgroup (dir (write lock open add_name remove_name search)))
|
|
(allow base_typeattr_716 cgroup (file (write lock append map open)))
|
|
(allow domain cgroup_v2 (dir (search)))
|
|
(allow base_typeattr_716 cgroup_v2 (dir (write lock open add_name remove_name search)))
|
|
(allow base_typeattr_716 cgroup_v2 (file (write lock append map open)))
|
|
(allow domain cgroup_rc_file (dir (search)))
|
|
(allow domain cgroup_rc_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain task_profiles_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain task_profiles_api_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain vendor_task_profiles_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain use_memfd_prop (file (read getattr map open)))
|
|
(allow domain module_sdkextensions_prop (file (read getattr map open)))
|
|
(allow domain bq_config_prop (file (read getattr map open)))
|
|
(allow domain permissive_mte_prop (file (read getattr map open)))
|
|
(allow domain device_config_memory_safety_native_boot_prop (file (read getattr map open)))
|
|
(allow domain device_config_memory_safety_native_prop (file (read getattr map open)))
|
|
(allow domain device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow domain device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow appdomain core_property_type (file (read getattr map open)))
|
|
(allow coredomain core_property_type (file (read getattr map open)))
|
|
(allow shell core_property_type (file (read getattr map open)))
|
|
(allow appdomain exported3_system_prop (file (read getattr map open)))
|
|
(allow coredomain exported3_system_prop (file (read getattr map open)))
|
|
(allow shell exported3_system_prop (file (read getattr map open)))
|
|
(allow appdomain exported_camera_prop (file (read getattr map open)))
|
|
(allow coredomain exported_camera_prop (file (read getattr map open)))
|
|
(allow shell exported_camera_prop (file (read getattr map open)))
|
|
(allow coredomain userspace_reboot_exported_prop (file (read getattr map open)))
|
|
(allow shell userspace_reboot_exported_prop (file (read getattr map open)))
|
|
(allow coredomain userspace_reboot_log_prop (file (read getattr map open)))
|
|
(allow shell userspace_reboot_log_prop (file (read getattr map open)))
|
|
(allow coredomain userspace_reboot_test_prop (file (read getattr map open)))
|
|
(allow shell userspace_reboot_test_prop (file (read getattr map open)))
|
|
(allow base_typeattr_717 vendor_default_prop (file (read getattr map open)))
|
|
(allow domain aaudio_config_prop (file (read getattr map open)))
|
|
(allow domain apexd_select_prop (file (read getattr map open)))
|
|
(allow domain arm64_memtag_prop (file (read getattr map open)))
|
|
(allow domain bluetooth_config_prop (file (read getattr map open)))
|
|
(allow domain bootloader_prop (file (read getattr map open)))
|
|
(allow domain build_odm_prop (file (read getattr map open)))
|
|
(allow domain build_prop (file (read getattr map open)))
|
|
(allow domain build_vendor_prop (file (read getattr map open)))
|
|
(allow domain debug_prop (file (read getattr map open)))
|
|
(allow domain exported_config_prop (file (read getattr map open)))
|
|
(allow domain exported_default_prop (file (read getattr map open)))
|
|
(allow domain exported_dumpstate_prop (file (read getattr map open)))
|
|
(allow domain exported_secure_prop (file (read getattr map open)))
|
|
(allow domain exported_system_prop (file (read getattr map open)))
|
|
(allow domain fingerprint_prop (file (read getattr map open)))
|
|
(allow domain framework_status_prop (file (read getattr map open)))
|
|
(allow domain gwp_asan_prop (file (read getattr map open)))
|
|
(allow domain hal_instrumentation_prop (file (read getattr map open)))
|
|
(allow domain hw_timeout_multiplier_prop (file (read getattr map open)))
|
|
(allow domain init_service_status_prop (file (read getattr map open)))
|
|
(allow domain libc_debug_prop (file (read getattr map open)))
|
|
(allow domain locale_prop (file (read getattr map open)))
|
|
(allow domain logd_prop (file (read getattr map open)))
|
|
(allow domain mediadrm_config_prop (file (read getattr map open)))
|
|
(allow domain property_service_version_prop (file (read getattr map open)))
|
|
(allow domain soc_prop (file (read getattr map open)))
|
|
(allow domain socket_hook_prop (file (read getattr map open)))
|
|
(allow domain surfaceflinger_prop (file (read getattr map open)))
|
|
(allow domain telephony_status_prop (file (read getattr map open)))
|
|
(allow domain timezone_prop (file (read getattr map open)))
|
|
(allow base_typeattr_718 userdebug_or_eng_prop (file (read getattr map open)))
|
|
(allow domain vendor_socket_hook_prop (file (read getattr map open)))
|
|
(allow domain vndk_prop (file (read getattr map open)))
|
|
(allow domain vold_status_prop (file (read getattr map open)))
|
|
(allow domain vts_config_prop (file (read getattr map open)))
|
|
(allow domain binder_cache_bluetooth_server_prop (file (read getattr map open)))
|
|
(allow domain binder_cache_system_server_prop (file (read getattr map open)))
|
|
(allow domain binder_cache_telephony_server_prop (file (read getattr map open)))
|
|
(allow domain kernel (key (search)))
|
|
(allow domain fsverity_init (key (search)))
|
|
(allow domain linkerconfig_file (dir (search)))
|
|
(allow domain linkerconfig_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow domain boringssl_self_test_marker (dir (search)))
|
|
(allow domain log_file_logger_prop (file (read getattr map open)))
|
|
(allow domain prng_seeder_socket (sock_file (write)))
|
|
(allow domain prng_seeder (unix_stream_socket (connectto)))
|
|
(allow base_typeattr_719 shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow base_typeattr_719 toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
;;* lmx 230 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_720 misc_block_device (blk_file (ioctl read write lock relabelfrom append link rename open)))
|
|
;;* lme
|
|
|
|
;;* lmx 244 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_721 self (capability (sys_ptrace)))
|
|
(neverallow base_typeattr_721 self (cap_userns (sys_ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 247 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_722 base_typeattr_224 (keystore2_key (gen_unique_id)))
|
|
;;* lme
|
|
|
|
;;* lmx 248 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_305 base_typeattr_224 (keystore2_key (use_dev_id)))
|
|
;;* lme
|
|
|
|
;;* lmx 249 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_305 keystore (keystore2 (clear_ns lock reset unlock)))
|
|
;;* lme
|
|
|
|
;;* lmx 256 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_259 debugfs_tracing_debug (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 265 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_308 dropbox_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 271 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_308 dropbox_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 280 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_317 app_data_file (file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (dir (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (lnk_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (chr_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (blk_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (sock_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (fifo_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (dir (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (lnk_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (chr_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (blk_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (sock_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (fifo_file (create unlink)))
|
|
;;* lme
|
|
|
|
;;* lmx 298 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_723 app_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow base_typeattr_723 privapp_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 308 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_724 app_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
(neverallow base_typeattr_724 privapp_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 317 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_725 app_data_file (file (open)))
|
|
(neverallow base_typeattr_725 app_data_file (lnk_file (open)))
|
|
(neverallow base_typeattr_725 app_data_file (chr_file (open)))
|
|
(neverallow base_typeattr_725 app_data_file (blk_file (open)))
|
|
(neverallow base_typeattr_725 app_data_file (sock_file (open)))
|
|
(neverallow base_typeattr_725 app_data_file (fifo_file (open)))
|
|
(neverallow base_typeattr_725 privapp_data_file (file (open)))
|
|
(neverallow base_typeattr_725 privapp_data_file (lnk_file (open)))
|
|
(neverallow base_typeattr_725 privapp_data_file (chr_file (open)))
|
|
(neverallow base_typeattr_725 privapp_data_file (blk_file (open)))
|
|
(neverallow base_typeattr_725 privapp_data_file (sock_file (open)))
|
|
(neverallow base_typeattr_725 privapp_data_file (fifo_file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 324 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_317 app_data_file (file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (dir (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (lnk_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (chr_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (blk_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (sock_file (create unlink)))
|
|
(neverallow base_typeattr_317 app_data_file (fifo_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (dir (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (lnk_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (chr_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (blk_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (sock_file (create unlink)))
|
|
(neverallow base_typeattr_317 privapp_data_file (fifo_file (create unlink)))
|
|
;;* lme
|
|
|
|
;;* lmx 330 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_726 app_data_file (file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 app_data_file (dir (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 app_data_file (lnk_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 app_data_file (chr_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 app_data_file (blk_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 app_data_file (sock_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 app_data_file (fifo_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (dir (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (lnk_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (chr_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (blk_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (sock_file (relabelfrom relabelto)))
|
|
(neverallow base_typeattr_726 privapp_data_file (fifo_file (relabelfrom relabelto)))
|
|
;;* lme
|
|
|
|
;;* lmx 344 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_727 staging_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 358 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_728 staging_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 359 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_729 staging_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 363 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_308 staging_data_file (file (write create setattr relabelfrom append rename execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 370 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_730 base_typeattr_731 (file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 399 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_732 base_typeattr_733 (file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 406 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_259 cgroup_rc_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 419 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_734 dalvikcache_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 431 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_734 dalvikcache_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 446 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_735 apex_art_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 459 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_735 apex_art_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 471 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_233 base_typeattr_629 (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 499 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_736 self (capability (dac_override)))
|
|
(neverallow base_typeattr_736 self (cap_userns (dac_override)))
|
|
;;* lme
|
|
|
|
;;* lmx 509 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_737 self (capability (dac_read_search)))
|
|
(neverallow base_typeattr_737 self (cap_userns (dac_read_search)))
|
|
;;* lme
|
|
|
|
;;* lmx 528 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_738 base_typeattr_739 (filesystem (mount remount relabelfrom relabelto)))
|
|
;;* lme
|
|
|
|
;;* lmx 530 system/sepolicy/private/domain.te
|
|
|
|
(neverallow domain base_typeattr_740 (filesystem (mount remount relabelfrom relabelto)))
|
|
;;* lme
|
|
|
|
;;* lmx 549 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_741 self (capability (sys_rawio)))
|
|
(neverallow base_typeattr_741 self (cap_userns (sys_rawio)))
|
|
;;* lme
|
|
|
|
;;* lmx 558 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_742 mirror_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 561 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_266 net_dns_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 562 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_261 net_dns_prop (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 565 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_308 pm_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 566 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_250 pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 569 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_743 firstboot_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 573 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_744 dalvik_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 576 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_259 debugfs_kprobes (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 580 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_745 vendor_file (file (write create setattr relabelfrom append unlink link rename execute open execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 597 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_746 base_typeattr_747 (socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (tcp_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (udp_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (rawip_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (packet_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (key_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (unix_stream_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (unix_dgram_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_route_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_tcpdiag_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_nflog_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_xfrm_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_selinux_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_audit_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_dnrt_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_kobject_uevent_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (appletalk_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (tun_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_iscsi_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_fib_lookup_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_connector_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_netfilter_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_generic_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_scsitransport_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_rdma_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netlink_crypto_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (sctp_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (icmp_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (ax25_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (ipx_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (netrom_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (atmpvc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (x25_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (rose_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (decnet_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (atmsvc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (rds_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (irda_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (pppox_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (llc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (can_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (tipc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (bluetooth_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (iucv_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (rxrpc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (isdn_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (phonet_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (ieee802154_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (caif_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (alg_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (nfc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (vsock_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (kcm_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (qipcrtr_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (smc_socket (connect sendto)))
|
|
(neverallow base_typeattr_746 base_typeattr_747 (xdp_socket (connect sendto)))
|
|
;;* lme
|
|
|
|
;;* lmx 597 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_746 base_typeattr_747 (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 618 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_748 base_typeattr_749 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 663 system/sepolicy/private/domain.te
|
|
|
|
(neverallow domain mlsvendorcompat (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 667 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_750 system_file_type (file (mounton)))
|
|
(neverallow base_typeattr_750 system_file_type (dir (mounton)))
|
|
(neverallow base_typeattr_750 system_file_type (lnk_file (mounton)))
|
|
(neverallow base_typeattr_750 system_file_type (chr_file (mounton)))
|
|
(neverallow base_typeattr_750 system_file_type (blk_file (mounton)))
|
|
(neverallow base_typeattr_750 system_file_type (sock_file (mounton)))
|
|
(neverallow base_typeattr_750 system_file_type (fifo_file (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (file (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (dir (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (lnk_file (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (chr_file (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (blk_file (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (sock_file (mounton)))
|
|
(neverallow base_typeattr_750 vendor_file_type (fifo_file (mounton)))
|
|
;;* lme
|
|
|
|
;;* lmx 676 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_260 mm_events_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 689 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_751 proc_kallsyms (file (read open)))
|
|
;;* lme
|
|
|
|
;;* lmx 695 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_752 base_typeattr_753 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 711 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_754 sysfs_devices_cs_etm (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 721 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_755 self (capability2 (perfmon)))
|
|
;;* lme
|
|
|
|
;;* lmx 741 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_756 shell_data_file (file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 759 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_757 shell_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 772 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_758 shell_data_file (dir (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 787 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_758 shell_data_file (dir (search)))
|
|
;;* lme
|
|
|
|
;;* lmx 799 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_759 system_app_data_file (file (create unlink open)))
|
|
(neverallow base_typeattr_759 system_app_data_file (dir (create unlink open)))
|
|
(neverallow base_typeattr_759 system_app_data_file (lnk_file (create unlink open)))
|
|
(neverallow base_typeattr_759 system_app_data_file (chr_file (create unlink open)))
|
|
(neverallow base_typeattr_759 system_app_data_file (blk_file (create unlink open)))
|
|
(neverallow base_typeattr_759 system_app_data_file (sock_file (create unlink open)))
|
|
(neverallow base_typeattr_759 system_app_data_file (fifo_file (create unlink open)))
|
|
;;* lme
|
|
|
|
;;* lmx 806 system/sepolicy/private/domain.te
|
|
|
|
(neverallow untrusted_app_all system_app_data_file (file (create unlink open)))
|
|
(neverallow untrusted_app_all system_app_data_file (dir (create unlink open)))
|
|
(neverallow untrusted_app_all system_app_data_file (lnk_file (create unlink open)))
|
|
(neverallow untrusted_app_all system_app_data_file (chr_file (create unlink open)))
|
|
(neverallow untrusted_app_all system_app_data_file (blk_file (create unlink open)))
|
|
(neverallow untrusted_app_all system_app_data_file (sock_file (create unlink open)))
|
|
(neverallow untrusted_app_all system_app_data_file (fifo_file (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (file (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (dir (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (lnk_file (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (chr_file (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (blk_file (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (sock_file (create unlink open)))
|
|
(neverallow isolated_app_all system_app_data_file (fifo_file (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (file (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (dir (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (lnk_file (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (chr_file (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (blk_file (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (sock_file (create unlink open)))
|
|
(neverallow ephemeral_app system_app_data_file (fifo_file (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (file (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (dir (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (lnk_file (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (chr_file (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (blk_file (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (sock_file (create unlink open)))
|
|
(neverallow priv_app system_app_data_file (fifo_file (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (file (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (dir (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (lnk_file (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (chr_file (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (blk_file (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (sock_file (create unlink open)))
|
|
(neverallow sdk_sandbox_all system_app_data_file (fifo_file (create unlink open)))
|
|
;;* lme
|
|
|
|
;;* lmx 808 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_223 mtectrl (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 811 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_760 checkin_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_760 checkin_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 814 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_761 aconfig_storage_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 815 system/sepolicy/private/domain.te
|
|
|
|
(neverallow base_typeattr_761 aconfig_storage_metadata_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow init drmserver_exec (file (read getattr map execute open)))
|
|
(allow init drmserver (process (transition)))
|
|
(allow drmserver drmserver_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init drmserver (process (noatsecure)))
|
|
(allow init drmserver (process (siginh rlimitinh)))
|
|
(typetransition init drmserver_exec process drmserver)
|
|
(typetransition drmserver apk_data_file sock_file drmserver_socket)
|
|
(allow drmserver drm_service_config_prop (file (read getattr map open)))
|
|
(allow init dumpstate_exec (file (read getattr map execute open)))
|
|
(allow init dumpstate (process (transition)))
|
|
(allow dumpstate dumpstate_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init dumpstate (process (noatsecure)))
|
|
(allow init dumpstate (process (siginh rlimitinh)))
|
|
(typetransition init dumpstate_exec process dumpstate)
|
|
(allow dumpstate vdc_exec (file (read getattr map execute open)))
|
|
(allow dumpstate vdc (process (transition)))
|
|
(allow vdc vdc_exec (file (read getattr map execute open entrypoint)))
|
|
(allow vdc dumpstate (process (sigchld)))
|
|
(dontaudit dumpstate vdc (process (noatsecure)))
|
|
(allow dumpstate vdc (process (siginh rlimitinh)))
|
|
(typetransition dumpstate vdc_exec process vdc)
|
|
(typetransition dumpstate tmpfs file dumpstate_tmpfs)
|
|
(allow dumpstate dumpstate_tmpfs (file (read write getattr map)))
|
|
(allow dumpstate system_file (file (lock)))
|
|
(allow dumpstate storaged_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dumpstate incidentd (binder (call transfer)))
|
|
(allow incidentd dumpstate (binder (transfer)))
|
|
(allow dumpstate incidentd (fd (use)))
|
|
(allow dumpstate incident (process (sigkill signal)))
|
|
(allow dumpstate storaged (binder (call transfer)))
|
|
(allow storaged dumpstate (binder (transfer)))
|
|
(allow dumpstate storaged (fd (use)))
|
|
(allow dumpstate statsd (binder (call transfer)))
|
|
(allow statsd dumpstate (binder (transfer)))
|
|
(allow dumpstate statsd (fd (use)))
|
|
(allow dumpstate gpuservice (binder (call transfer)))
|
|
(allow gpuservice dumpstate (binder (transfer)))
|
|
(allow dumpstate gpuservice (fd (use)))
|
|
(allow dumpstate idmap (binder (call transfer)))
|
|
(allow idmap dumpstate (binder (transfer)))
|
|
(allow dumpstate idmap (fd (use)))
|
|
(allow dumpstate automotive_display_service (binder (call transfer)))
|
|
(allow automotive_display_service dumpstate (binder (transfer)))
|
|
(allow dumpstate automotive_display_service (fd (use)))
|
|
(allow dumpstate virtual_camera (binder (call transfer)))
|
|
(allow virtual_camera dumpstate (binder (transfer)))
|
|
(allow dumpstate virtual_camera (fd (use)))
|
|
(allow dumpstate ot_daemon (binder (call transfer)))
|
|
(allow ot_daemon dumpstate (binder (transfer)))
|
|
(allow dumpstate ot_daemon (fd (use)))
|
|
(allow dumpstate boottime_prop (file (read getattr map open)))
|
|
(allow dumpstate misctrl_prop (file (read getattr map open)))
|
|
(allow dumpstate mediatranscoding (process (signal)))
|
|
(allow dumpstate netd (process (signal)))
|
|
(allow dumpstate statsd (process (signal)))
|
|
(allow dumpstate ot_daemon (process (signal)))
|
|
(allow dumpstate virtual_camera (process (signal)))
|
|
(dontaudit dumpstate keystore (process (signal)))
|
|
(allow dumpstate dev_type (blk_file (getattr)))
|
|
(allow dumpstate webview_zygote (process (signal)))
|
|
(allow dumpstate sysfs_dmabuf_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit dumpstate update_engine (binder (call)))
|
|
(allow dumpstate proc_net_tcp_udp (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate proc_pid_max (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate config_gz (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate incidentcompanion_service (binder (call transfer)))
|
|
(allow incidentcompanion_service dumpstate (binder (transfer)))
|
|
(allow dumpstate incidentcompanion_service (fd (use)))
|
|
(allow dumpstate property_socket (sock_file (write)))
|
|
(allow dumpstate init (unix_stream_socket (connectto)))
|
|
(allow dumpstate dumpstate_prop (property_service (set)))
|
|
(allow dumpstate dumpstate_prop (file (read getattr map open)))
|
|
(allow dumpstate property_socket (sock_file (write)))
|
|
(allow dumpstate init (unix_stream_socket (connectto)))
|
|
(allow dumpstate exported_dumpstate_prop (property_service (set)))
|
|
(allow dumpstate exported_dumpstate_prop (file (read getattr map open)))
|
|
(allow dumpstate property_socket (sock_file (write)))
|
|
(allow dumpstate init (unix_stream_socket (connectto)))
|
|
(allow dumpstate dumpstate_options_prop (property_service (set)))
|
|
(allow dumpstate dumpstate_options_prop (file (read getattr map open)))
|
|
(allow dumpstate property_socket (sock_file (write)))
|
|
(allow dumpstate init (unix_stream_socket (connectto)))
|
|
(allow dumpstate ctl_dumpstate_prop (property_service (set)))
|
|
(allow dumpstate ctl_dumpstate_prop (file (read getattr map open)))
|
|
(allow dumpstate property_socket (sock_file (write)))
|
|
(allow dumpstate init (unix_stream_socket (connectto)))
|
|
(allow dumpstate lpdumpd_prop (property_service (set)))
|
|
(allow dumpstate lpdumpd_prop (file (read getattr map open)))
|
|
(allow dumpstate lpdumpd (binder (call transfer)))
|
|
(allow lpdumpd dumpstate (binder (transfer)))
|
|
(allow dumpstate lpdumpd (fd (use)))
|
|
(allow dumpstate hypervisor_prop (file (read getattr map open)))
|
|
(allow dumpstate gsid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow dumpstate property_socket (sock_file (write)))
|
|
(allow dumpstate init (unix_stream_socket (connectto)))
|
|
(allow dumpstate ctl_gsid_prop (property_service (set)))
|
|
(allow dumpstate ctl_gsid_prop (file (read getattr map open)))
|
|
(allow dumpstate gsid (binder (call transfer)))
|
|
(allow gsid dumpstate (binder (transfer)))
|
|
(allow dumpstate gsid (fd (use)))
|
|
(allow dumpstate ota_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow dumpstate ota_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate ota_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow dumpstate perfetto_exec (file (read getattr map execute open)))
|
|
(allow dumpstate perfetto (process (transition)))
|
|
(allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
|
|
(allow perfetto dumpstate (process (sigchld)))
|
|
(dontaudit dumpstate perfetto (process (noatsecure)))
|
|
(allow dumpstate perfetto (process (siginh rlimitinh)))
|
|
(typetransition dumpstate perfetto_exec process perfetto)
|
|
(allow dumpstate perfetto (process (signal)))
|
|
(allow dumpstate perfetto_traces_data_file (dir (search)))
|
|
(allow dumpstate perfetto_traces_bugreport_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow dumpstate perfetto_traces_bugreport_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow perfetto dumpstate_tmpfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow perfetto dumpstate (fd (use)))
|
|
(allow dumpstate system_dlkm_file (dir (getattr)))
|
|
(allow dumpstate derive_sdk_exec (file (read getattr map execute open)))
|
|
(allow dumpstate derive_sdk (process (transition)))
|
|
(allow derive_sdk derive_sdk_exec (file (read getattr map execute open entrypoint)))
|
|
(allow derive_sdk dumpstate (process (sigchld)))
|
|
(dontaudit dumpstate derive_sdk (process (noatsecure)))
|
|
(allow dumpstate derive_sdk (process (siginh rlimitinh)))
|
|
(typetransition dumpstate derive_sdk_exec process derive_sdk)
|
|
(typetransition ephemeral_app tmpfs file appdomain_tmpfs)
|
|
(allow ephemeral_app ephemeral_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow base_typeattr_762 ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow ephemeral_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow base_typeattr_763 base_typeattr_762 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow base_typeattr_764 ephemeral_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow base_typeattr_765 ephemeral_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow ephemeral_app sdcard_type (file (ioctl read write getattr lock append)))
|
|
(allow ephemeral_app fuse (file (ioctl read write getattr lock append)))
|
|
(allow ephemeral_app media_rw_data_file (file (ioctl read write getattr lock append)))
|
|
(allow ephemeral_app privapp_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow ephemeral_app app_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow ephemeral_app privapp_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow ephemeral_app rs_exec (file (read getattr map execute open)))
|
|
(allow ephemeral_app rs (process (transition)))
|
|
(allow rs rs_exec (file (read getattr map execute open entrypoint)))
|
|
(allow rs ephemeral_app (process (sigchld)))
|
|
(dontaudit ephemeral_app rs (process (noatsecure)))
|
|
(allow ephemeral_app rs (process (siginh rlimitinh)))
|
|
(typetransition ephemeral_app rs_exec process rs)
|
|
(allow ephemeral_app app_exec_data_file (file (ioctl read getattr lock map unlink execute open watch watch_reads)))
|
|
(allow ephemeral_app audioserver_service (service_manager (find)))
|
|
(allow ephemeral_app cameraserver_service (service_manager (find)))
|
|
(allow ephemeral_app mediaserver_service (service_manager (find)))
|
|
(allow ephemeral_app mediaextractor_service (service_manager (find)))
|
|
(allow ephemeral_app mediametrics_service (service_manager (find)))
|
|
(allow ephemeral_app mediadrmserver_service (service_manager (find)))
|
|
(allow ephemeral_app drmserver_service (service_manager (find)))
|
|
(allow ephemeral_app radio_service (service_manager (find)))
|
|
(allow ephemeral_app ephemeral_app_api_service (service_manager (find)))
|
|
(allow ephemeral_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
(allow ephemeral_app ashmem_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lmx 59 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app app_data_file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 62 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 65 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app debugfs_type (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app gpu_device (chr_file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 75 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app sysfs (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 82 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app sdcard_type (file (create open)))
|
|
(neverallow ephemeral_app fuse (file (create open)))
|
|
(neverallow ephemeral_app media_rw_data_file (file (create open)))
|
|
;;* lme
|
|
|
|
;;* lmx 83 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app sdcard_type (dir (search)))
|
|
(neverallow ephemeral_app fuse (dir (search)))
|
|
(neverallow ephemeral_app media_rw_data_file (dir (search)))
|
|
;;* lme
|
|
|
|
;;* lmx 87 system/sepolicy/private/ephemeral_app.te
|
|
|
|
(neverallow ephemeral_app proc_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow init evsmanagerd_exec (file (read getattr map execute open)))
|
|
(allow init evsmanagerd (process (transition)))
|
|
(allow evsmanagerd evsmanagerd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init evsmanagerd (process (noatsecure)))
|
|
(allow init evsmanagerd (process (siginh rlimitinh)))
|
|
(typetransition init evsmanagerd_exec process evsmanagerd)
|
|
(allow evsmanagerd evsmanagerd_service (service_manager (add find)))
|
|
;;* lmx 13 system/sepolicy/private/evsmanagerd.te
|
|
|
|
(neverallow base_typeattr_766 evsmanagerd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow evsmanagerd servicemanager (binder (call transfer)))
|
|
(allow servicemanager evsmanagerd (binder (call transfer)))
|
|
(allow servicemanager evsmanagerd (dir (search)))
|
|
(allow servicemanager evsmanagerd (file (read open)))
|
|
(allow servicemanager evsmanagerd (process (getattr)))
|
|
(allow evsmanagerd system_server (binder (call transfer)))
|
|
(allow system_server evsmanagerd (binder (transfer)))
|
|
(allow evsmanagerd system_server (fd (use)))
|
|
(allow evsmanagerd shell (fd (use)))
|
|
(allow evsmanagerd shell (fifo_file (write)))
|
|
(allow evsmanagerd hal_graphics_allocator (fd (use)))
|
|
(allow evsmanagerd statsbootstrap_service (service_manager (find)))
|
|
(allow evsmanagerd appdomain (binder (call transfer)))
|
|
(allow appdomain evsmanagerd (binder (transfer)))
|
|
(allow evsmanagerd appdomain (fd (use)))
|
|
(allow evsmanagerd hal_evs_hwservice (hwservice_manager (add)))
|
|
(allow evsmanagerd hidl_base_hwservice (hwservice_manager (add)))
|
|
(allow init extra_free_kbytes_exec (file (read getattr map execute open)))
|
|
(allow init extra_free_kbytes (process (transition)))
|
|
(allow extra_free_kbytes extra_free_kbytes_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init extra_free_kbytes (process (noatsecure)))
|
|
(allow init extra_free_kbytes (process (siginh rlimitinh)))
|
|
(typetransition init extra_free_kbytes_exec process extra_free_kbytes)
|
|
(allow extra_free_kbytes property_socket (sock_file (write)))
|
|
(allow extra_free_kbytes init (unix_stream_socket (connectto)))
|
|
(allow extra_free_kbytes init_storage_prop (property_service (set)))
|
|
(allow extra_free_kbytes init_storage_prop (file (read getattr map open)))
|
|
(allow fastbootd self (capability (ipc_lock)))
|
|
(allow fastbootd fastbootd_iouring (anon_inode (read write create map)))
|
|
(allow fastbootd self (io_uring (sqpoll)))
|
|
;;* lmx 57 system/sepolicy/private/fastbootd.te
|
|
|
|
(neverallow base_typeattr_767 fastbootd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit fastbootd self (capability (ipc_lock)))
|
|
(dontaudit fastbootd self (cap_userns (ipc_lock)))
|
|
(allow init fingerprintd_exec (file (read getattr map execute open)))
|
|
(allow init fingerprintd (process (transition)))
|
|
(allow fingerprintd fingerprintd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init fingerprintd (process (noatsecure)))
|
|
(allow init fingerprintd (process (siginh rlimitinh)))
|
|
(typetransition init fingerprintd_exec process fingerprintd)
|
|
(allow init flags_health_check_exec (file (read getattr map execute open)))
|
|
(allow init flags_health_check (process (transition)))
|
|
(allow flags_health_check flags_health_check_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init flags_health_check (process (noatsecure)))
|
|
(allow init flags_health_check (process (siginh rlimitinh)))
|
|
(typetransition init flags_health_check_exec process flags_health_check)
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_boot_count_prop (property_service (set)))
|
|
(allow flags_health_check device_config_boot_count_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_core_experiments_team_internal_prop (property_service (set)))
|
|
(allow flags_health_check device_config_core_experiments_team_internal_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_edgetpu_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_edgetpu_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_reset_performed_prop (property_service (set)))
|
|
(allow flags_health_check device_config_reset_performed_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_runtime_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_runtime_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_input_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_input_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_lmkd_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_lmkd_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_netd_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_netd_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_nnapi_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_nnapi_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_activity_manager_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_activity_manager_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_media_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_media_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_mglru_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_mglru_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_profcollect_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_profcollect_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_statsd_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_statsd_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_statsd_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_statsd_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_storage_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_storage_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_swcodec_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_swcodec_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_sys_traced_prop (property_service (set)))
|
|
(allow flags_health_check device_config_sys_traced_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_window_manager_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_window_manager_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_configuration_prop (property_service (set)))
|
|
(allow flags_health_check device_config_configuration_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_connectivity_prop (property_service (set)))
|
|
(allow flags_health_check device_config_connectivity_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_surface_flinger_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_surface_flinger_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_aconfig_flags_prop (property_service (set)))
|
|
(allow flags_health_check device_config_aconfig_flags_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_vendor_system_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_vendor_system_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_vendor_system_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_vendor_system_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_virtualization_framework_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_virtualization_framework_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_memory_safety_native_boot_prop (property_service (set)))
|
|
(allow flags_health_check device_config_memory_safety_native_boot_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_memory_safety_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_memory_safety_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_remote_key_provisioning_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_camera_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_camera_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check device_config_tethering_u_or_later_native_prop (property_service (set)))
|
|
(allow flags_health_check device_config_tethering_u_or_later_native_prop (file (read getattr map open)))
|
|
(allow flags_health_check property_socket (sock_file (write)))
|
|
(allow flags_health_check init (unix_stream_socket (connectto)))
|
|
(allow flags_health_check next_boot_prop (property_service (set)))
|
|
(allow flags_health_check next_boot_prop (file (read getattr map open)))
|
|
;;* lmx 43 system/sepolicy/private/flags_health_check.te
|
|
|
|
(neverallow base_typeattr_336 device_config_boot_count_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 48 system/sepolicy/private/flags_health_check.te
|
|
|
|
(neverallow base_typeattr_336 device_config_reset_performed_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init fsck_exec (file (read getattr map execute open)))
|
|
(allow init fsck (process (transition)))
|
|
(allow fsck fsck_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init fsck (process (noatsecure)))
|
|
(allow init fsck (process (siginh rlimitinh)))
|
|
(typetransition init fsck_exec process fsck)
|
|
(allow fsck metadata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init fsverity_init_exec (file (read getattr map execute open)))
|
|
(allow init fsverity_init (process (transition)))
|
|
(allow fsverity_init fsverity_init_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init fsverity_init (process (noatsecure)))
|
|
(allow init fsverity_init (process (siginh rlimitinh)))
|
|
(typetransition init fsverity_init_exec process fsverity_init)
|
|
(allow fsverity_init proc_keys (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit fsverity_init domain (key (view)))
|
|
(allow fsverity_init kernel (key (view write search setattr)))
|
|
(allow fsverity_init fsverity_init (key (view write search)))
|
|
(allow fsverity_init odsign (fd (use)))
|
|
(allow fsverity_init odsign_data_file (file (read getattr)))
|
|
(allow fuseblkd self (capability (sys_admin)))
|
|
(allow fuseblkd self (cap_userns (sys_admin)))
|
|
(allow fuseblkd fuse_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow fuseblkd fuseblk (filesystem (mount unmount)))
|
|
(allow fuseblkd fuseblkd_untrusted (fd (use)))
|
|
(allow fuseblkd block_device (dir (search)))
|
|
(allow fuseblkd mnt_media_rw_file (dir (search)))
|
|
(allow fuseblkd mnt_media_rw_stub_file (dir (mounton)))
|
|
;;* lmx 30 system/sepolicy/private/fuseblkd.te
|
|
|
|
(neverallow base_typeattr_768 fuseblkd (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 31 system/sepolicy/private/fuseblkd.te
|
|
|
|
(neverallow base_typeattr_224 fuseblkd (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 32 system/sepolicy/private/fuseblkd.te
|
|
|
|
(neverallow fuseblkd base_typeattr_769 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
(allow fuseblkd_untrusted fuseblkd_exec (file (read getattr map execute open)))
|
|
(allow fuseblkd_untrusted fuseblkd (process (transition)))
|
|
(allow fuseblkd fuseblkd_exec (file (read getattr map execute open entrypoint)))
|
|
(allow fuseblkd fuseblkd_untrusted (process (sigchld)))
|
|
(dontaudit fuseblkd_untrusted fuseblkd (process (noatsecure)))
|
|
(allow fuseblkd_untrusted fuseblkd (process (siginh rlimitinh)))
|
|
(typetransition fuseblkd_untrusted fuseblkd_exec process fuseblkd)
|
|
(allow fuseblkd_untrusted vold (fd (use)))
|
|
(allow fuseblkd_untrusted block_device (dir (search)))
|
|
(allow fuseblkd_untrusted super_block_device (blk_file (getattr)))
|
|
(allow fuseblkd_untrusted fuse_device (chr_file (read write getattr open)))
|
|
(allow fuseblkd_untrusted mnt_media_rw_file (dir (getattr search)))
|
|
(allow fuseblkd_untrusted mnt_media_rw_stub_file (dir (getattr)))
|
|
(allow fuseblkd_untrusted sysfs_dm (dir (search)))
|
|
(allow fuseblkd_untrusted sysfs_dm (file (read getattr open)))
|
|
(allow fuseblkd_untrusted dm_device (blk_file (getattr)))
|
|
(allow fuseblkd_untrusted tmpfs (lnk_file (read)))
|
|
(allow fuseblkd_untrusted loop_device (blk_file (getattr)))
|
|
(allow fuseblkd_untrusted proc_filesystems (file (read getattr open)))
|
|
(dontaudit fuseblkd_untrusted self (capability (sys_admin)))
|
|
;;* lmx 65 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow fuseblkd_untrusted dm_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted root_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted system_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted recovery_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted boot_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted userdata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted cache_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted swap_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow fuseblkd_untrusted metadata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 68 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow base_typeattr_339 fuseblkd_untrusted (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow base_typeattr_224 fuseblkd_untrusted (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 70 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow fuseblkd_untrusted base_typeattr_770 (file (entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 77 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow fuseblkd_untrusted self (capability (setgid setuid sys_admin)))
|
|
;;* lme
|
|
|
|
;;* lmx 78 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow fuseblkd_untrusted self (capability (setgid setuid sys_admin)))
|
|
(neverallow fuseblkd_untrusted self (cap_userns (setgid setuid sys_admin)))
|
|
;;* lme
|
|
|
|
;;* lmx 82 system/sepolicy/private/fuseblkd_untrusted.te
|
|
|
|
(neverallow fuseblkd_untrusted fuseblk (filesystem (mount unmount relabelfrom relabelto)))
|
|
;;* lme
|
|
|
|
(allow fwk_bufferhub ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init fwk_bufferhub_exec (file (read getattr map execute open)))
|
|
(allow init fwk_bufferhub (process (transition)))
|
|
(allow fwk_bufferhub fwk_bufferhub_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init fwk_bufferhub (process (noatsecure)))
|
|
(allow init fwk_bufferhub (process (siginh rlimitinh)))
|
|
(typetransition init fwk_bufferhub_exec process fwk_bufferhub)
|
|
(allow init gatekeeperd_exec (file (read getattr map execute open)))
|
|
(allow init gatekeeperd (process (transition)))
|
|
(allow gatekeeperd gatekeeperd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init gatekeeperd (process (noatsecure)))
|
|
(allow init gatekeeperd (process (siginh rlimitinh)))
|
|
(typetransition init gatekeeperd_exec process gatekeeperd)
|
|
(allow gatekeeperd gsid_prop (file (read getattr map open)))
|
|
(allow gki_apex_prepostinstall shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow gki_apex_prepostinstall toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow gki_apex_prepostinstall gki_apex_prepostinstall_exec (file (execute_no_trans)))
|
|
(allow gki_apex_prepostinstall servicemanager (binder (call transfer)))
|
|
(allow servicemanager gki_apex_prepostinstall (binder (call transfer)))
|
|
(allow servicemanager gki_apex_prepostinstall (dir (search)))
|
|
(allow servicemanager gki_apex_prepostinstall (file (read open)))
|
|
(allow servicemanager gki_apex_prepostinstall (process (getattr)))
|
|
(allow gki_apex_prepostinstall update_engine_stable_service (service_manager (find)))
|
|
(allow gki_apex_prepostinstall update_engine (binder (call transfer)))
|
|
(allow update_engine gki_apex_prepostinstall (binder (transfer)))
|
|
(allow gki_apex_prepostinstall update_engine (fd (use)))
|
|
(allow gki_apex_prepostinstall apexd (fd (use)))
|
|
(typetransition gmscore_app tmpfs file appdomain_tmpfs)
|
|
(allow gmscore_app gmscore_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 6 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow base_typeattr_771 gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow gmscore_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 6 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow base_typeattr_772 base_typeattr_771 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow base_typeattr_773 gmscore_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow base_typeattr_774 gmscore_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow gmscore_app sysfs_type (dir (search)))
|
|
(allow gmscore_app sysfs_zram (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gmscore_app sysfs_zram (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app sysfs_zram (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gmscore_app rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app config_gz (file (read getattr open)))
|
|
(allow gmscore_app update_engine (binder (call transfer)))
|
|
(allow update_engine gmscore_app (binder (transfer)))
|
|
(allow gmscore_app update_engine (fd (use)))
|
|
(allow gmscore_app update_engine_service (service_manager (find)))
|
|
(allow gmscore_app storaged (binder (call transfer)))
|
|
(allow storaged gmscore_app (binder (transfer)))
|
|
(allow gmscore_app storaged (fd (use)))
|
|
(allow gmscore_app storaged_service (service_manager (find)))
|
|
(allow gmscore_app system_update_service (service_manager (find)))
|
|
(allow gmscore_app statsd (binder (call transfer)))
|
|
(allow statsd gmscore_app (binder (transfer)))
|
|
(allow gmscore_app statsd (fd (use)))
|
|
(allow gmscore_app perfetto (fd (use)))
|
|
(allow gmscore_app perfetto_traces_data_file (file (read getattr)))
|
|
(allow gmscore_app keystore (keystore2_key (gen_unique_id)))
|
|
(allow gmscore_app selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app exec_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit gmscore_app fs_bpf (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit gmscore_app kernel (security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy validate_trans)))
|
|
(dontaudit gmscore_app net_dns_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app proc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app proc_modules (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app proc_net (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit gmscore_app sysfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app sysfs_android_usb (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app sysfs_loop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app sysfs_net (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app sysfs_net (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit gmscore_app wifi_hal_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app wifi_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit gmscore_app mirror_data_file (dir (search)))
|
|
(dontaudit gmscore_app mnt_vendor_file (dir (search)))
|
|
(allow gmscore_app self (process (ptrace)))
|
|
(allow gmscore_app privapp_data_file (file (execute)))
|
|
(allow gmscore_app system_linker_exec (file (execute_no_trans)))
|
|
(allow gmscore_app privapp_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gmscore_app proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app gpuservice (binder (call transfer)))
|
|
(allow gpuservice gmscore_app (binder (transfer)))
|
|
(allow gmscore_app gpuservice (fd (use)))
|
|
(allow gmscore_app gpu_service (service_manager (find)))
|
|
(allow gmscore_app app_api_service (service_manager (find)))
|
|
(allow gmscore_app system_api_service (service_manager (find)))
|
|
(allow gmscore_app audioserver_service (service_manager (find)))
|
|
(allow gmscore_app cameraserver_service (service_manager (find)))
|
|
(allow gmscore_app drmserver_service (service_manager (find)))
|
|
(allow gmscore_app mediadrmserver_service (service_manager (find)))
|
|
(allow gmscore_app mediaextractor_service (service_manager (find)))
|
|
(allow gmscore_app mediametrics_service (service_manager (find)))
|
|
(allow gmscore_app mediaserver_service (service_manager (find)))
|
|
(allow gmscore_app network_watchlist_service (service_manager (find)))
|
|
(allow gmscore_app nfc_service (service_manager (find)))
|
|
(allow gmscore_app oem_lock_service (service_manager (find)))
|
|
(allow gmscore_app persistent_data_block_service (service_manager (find)))
|
|
(allow gmscore_app radio_service (service_manager (find)))
|
|
(allow gmscore_app recovery_service (service_manager (find)))
|
|
(allow gmscore_app stats_service (service_manager (find)))
|
|
(allow gmscore_app shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gmscore_app cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gmscore_app cache_recovery_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gmscore_app cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gmscore_app cache_recovery_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gmscore_app cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app ota_package_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gmscore_app ota_package_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gmscore_app checkin_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow gmscore_app checkin_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gmscore_app shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gmscore_app anr_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gmscore_app priv_app (tcp_socket (read write)))
|
|
(allow gmscore_app virtual_ab_prop (file (read getattr map open)))
|
|
(allow gmscore_app dck_prop (file (read getattr map open)))
|
|
(allow gmscore_app remote_prov_prop (file (read getattr map open)))
|
|
(allow gmscore_app quick_start_prop (file (read getattr map open)))
|
|
;;* lmx 158 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow base_typeattr_775 quick_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 161 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow gmscore_app sysfs_net (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 165 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallowx gmscore_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx gmscore_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx gmscore_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx gmscore_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 165 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallowx gmscore_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx gmscore_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx gmscore_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx gmscore_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 165 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallowx gmscore_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx gmscore_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx gmscore_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx gmscore_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
;;* lmx 166 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
;;* lme
|
|
|
|
;;* lmx 179 system/sepolicy/private/gmscore_app.te
|
|
|
|
(neverallow gmscore_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow gmscore_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow gmscore_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
(allow init gpuservice_exec (file (read getattr map execute open)))
|
|
(allow init gpuservice (process (transition)))
|
|
(allow gpuservice gpuservice_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init gpuservice (process (noatsecure)))
|
|
(allow init gpuservice (process (siginh rlimitinh)))
|
|
(typetransition init gpuservice_exec process gpuservice)
|
|
(allow gpuservice adbd (binder (call transfer)))
|
|
(allow adbd gpuservice (binder (transfer)))
|
|
(allow gpuservice adbd (fd (use)))
|
|
(allow gpuservice shell (binder (call transfer)))
|
|
(allow shell gpuservice (binder (transfer)))
|
|
(allow gpuservice shell (fd (use)))
|
|
(allow gpuservice system_server (binder (call transfer)))
|
|
(allow system_server gpuservice (binder (transfer)))
|
|
(allow gpuservice system_server (fd (use)))
|
|
(allow gpuservice servicemanager (binder (call transfer)))
|
|
(allow servicemanager gpuservice (binder (call transfer)))
|
|
(allow servicemanager gpuservice (dir (search)))
|
|
(allow servicemanager gpuservice (file (read open)))
|
|
(allow servicemanager gpuservice (process (getattr)))
|
|
(allow gpuservice gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow gpuservice same_process_hal_file (file (read getattr map execute open)))
|
|
(allow gpuservice ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gpuservice hwservicemanager_prop (file (read getattr map open)))
|
|
(allow gpuservice hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager gpuservice (binder (call transfer)))
|
|
(allow hwservicemanager gpuservice (dir (search)))
|
|
(allow hwservicemanager gpuservice (file (read map open)))
|
|
(allow hwservicemanager gpuservice (process (getattr)))
|
|
(allow gpuservice graphics_device (dir (search)))
|
|
(allow gpuservice graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow gpuservice adbd (fd (use)))
|
|
(allow gpuservice adbd (unix_stream_socket (read write getattr)))
|
|
(allow gpuservice shell (fifo_file (read write getattr)))
|
|
(allow gpuservice traced (fd (use)))
|
|
(allow gpuservice traced_tmpfs (file (read write getattr map)))
|
|
(allow gpuservice traced_producer_socket (sock_file (write)))
|
|
(allow gpuservice traced (unix_stream_socket (connectto)))
|
|
(allow traced gpuservice (fd (use)))
|
|
(allow gpuservice devpts (chr_file (read write getattr)))
|
|
(allow gpuservice dumpstate (fd (use)))
|
|
(allow gpuservice dumpstate (fifo_file (write)))
|
|
(allow gpuservice stats_service (service_manager (find)))
|
|
(allow gpuservice statsmanager_service (service_manager (find)))
|
|
(allow gpuservice statsd (binder (call transfer)))
|
|
(allow statsd gpuservice (binder (transfer)))
|
|
(allow gpuservice statsd (fd (use)))
|
|
(allow gpuservice debugfs_tracing (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gpuservice self (perf_event (open cpu kernel write)))
|
|
;;* lmx 52 system/sepolicy/private/gpuservice.te
|
|
|
|
(neverallow gpuservice self (perf_event (tracepoint read)))
|
|
;;* lme
|
|
|
|
(allow gpuservice fs_bpf (file (read write)))
|
|
(allow gpuservice bpfloader (bpf (map_read map_write prog_run)))
|
|
(allow gpuservice gpu_service (service_manager (add find)))
|
|
;;* lmx 61 system/sepolicy/private/gpuservice.te
|
|
|
|
(neverallow base_typeattr_776 gpu_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow gpuservice property_socket (sock_file (write)))
|
|
(allow gpuservice init (unix_stream_socket (connectto)))
|
|
(allow gpuservice graphics_config_writable_prop (property_service (set)))
|
|
(allow gpuservice graphics_config_writable_prop (file (read getattr map open)))
|
|
;;* lmx 66 system/sepolicy/private/gpuservice.te
|
|
|
|
(neverallow base_typeattr_777 graphics_config_writable_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow gpuservice permission_service (service_manager (find)))
|
|
(allow init gsid_exec (file (read getattr map execute open)))
|
|
(allow init gsid (process (transition)))
|
|
(allow gsid gsid_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init gsid (process (noatsecure)))
|
|
(allow init gsid (process (siginh rlimitinh)))
|
|
(typetransition init gsid_exec process gsid)
|
|
(allow gsid servicemanager (binder (call transfer)))
|
|
(allow servicemanager gsid (binder (call transfer)))
|
|
(allow servicemanager gsid (dir (search)))
|
|
(allow servicemanager gsid (file (read open)))
|
|
(allow servicemanager gsid (process (getattr)))
|
|
(allow gsid gsi_service (service_manager (add find)))
|
|
;;* lmx 11 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_778 gsi_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow gsid vold_service (service_manager (find)))
|
|
(allow gsid vold (binder (call transfer)))
|
|
(allow vold gsid (binder (transfer)))
|
|
(allow gsid vold (fd (use)))
|
|
(allow gsid property_socket (sock_file (write)))
|
|
(allow gsid init (unix_stream_socket (connectto)))
|
|
(allow gsid gsid_prop (property_service (set)))
|
|
(allow gsid gsid_prop (file (read getattr map open)))
|
|
(allow gsid dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow gsid dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow gsid self (capability (sys_admin)))
|
|
(allow gsid self (cap_userns (sys_admin)))
|
|
(dontaudit gsid self (capability (dac_override)))
|
|
(dontaudit gsid self (cap_userns (dac_override)))
|
|
(allow gsid loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow gsid loop_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx gsid loop_device (ioctl blk_file (0x1261)))
|
|
(allowx gsid loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c04 0x4c05) (range 0x4c08 0x4c09))))
|
|
(allow gsid sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gsid sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid sysfs_dm (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gsid sysfs_fs_f2fs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid sysfs_fs_f2fs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid gsi_metadata_file_type (dir (search)))
|
|
(allow gsid metadata_file (dir (search)))
|
|
(allow gsid gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gsid sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gsid super_block_device_type (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allowx gsid super_block_device_type (ioctl blk_file (0x1278 0x127a)))
|
|
(allowx gsid userdata_block_device (ioctl blk_file (0x1278 0x127a)))
|
|
(allowx gsid sdcard_block_device (ioctl blk_file (0x1278 0x127a)))
|
|
(allow gsid mnt_media_rw_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gsid mnt_media_rw_stub_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow gsid vfat (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gsid vfat (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gsid sdcard_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid self (capability (sys_rawio)))
|
|
(allow gsid self (cap_userns (sys_rawio)))
|
|
;;* lmx 104 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_779 gsid_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow gsid userdata_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid metadata_file (dir (getattr search)))
|
|
(allow gsid gsi_metadata_file_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gsid ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow gsid gsi_metadata_file_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gsid ota_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gsid file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow gsid gsi_metadata_file (file (relabelfrom)))
|
|
(allow gsid gsi_public_metadata_file (file (relabelto)))
|
|
(allow gsid gsi_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gsid ota_image_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow gsid gsi_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow gsid ota_image_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allowx gsid gsi_data_file (ioctl file (0x6601 0x660b)))
|
|
(allowx gsid ota_image_data_file (ioctl file (0x6601 0x660b)))
|
|
(allow gsid system_server (binder (call)))
|
|
;;* lmx 176 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_780 gsi_metadata_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 183 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_780 base_typeattr_781 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_780 base_typeattr_781 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_780 base_typeattr_781 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_780 base_typeattr_781 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_780 base_typeattr_781 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_780 base_typeattr_781 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 190 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_780 gsi_public_metadata_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_780 gsi_public_metadata_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
(neverallow base_typeattr_780 gsi_public_metadata_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_780 gsi_public_metadata_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
(neverallow base_typeattr_780 gsi_public_metadata_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
(neverallow base_typeattr_780 gsi_public_metadata_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
;;* lme
|
|
|
|
;;* lmx 196 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_235 gsi_metadata_file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 202 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_782 gsi_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_782 gsi_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow base_typeattr_782 gsi_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_782 gsi_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_782 gsi_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_782 gsi_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_782 gsi_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 207 system/sepolicy/private/gsid.te
|
|
|
|
(neverallow base_typeattr_778 gsi_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_778 gsi_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_778 gsi_data_file (chr_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_778 gsi_data_file (blk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_778 gsi_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_778 gsi_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow init hal_allocator_default_exec (file (read getattr map execute open)))
|
|
(allow init hal_allocator_default (process (transition)))
|
|
(allow hal_allocator_default hal_allocator_default_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init hal_allocator_default (process (noatsecure)))
|
|
(allow init hal_allocator_default (process (siginh rlimitinh)))
|
|
(typetransition init hal_allocator_default_exec process hal_allocator_default)
|
|
(allow hal_allocator_default property_socket (sock_file (write)))
|
|
(allow hal_allocator_default init (unix_stream_socket (connectto)))
|
|
(allow hal_allocator_default hidl_memory_prop (property_service (set)))
|
|
(allow hal_allocator_default hidl_memory_prop (file (read getattr map open)))
|
|
(allow halclientdomain hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager halclientdomain (binder (call transfer)))
|
|
(allow hwservicemanager halclientdomain (dir (search)))
|
|
(allow hwservicemanager halclientdomain (file (read map open)))
|
|
(allow hwservicemanager halclientdomain (process (getattr)))
|
|
(allow halclientdomain hwservicemanager_prop (file (read getattr map open)))
|
|
(allow halclientdomain hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow halserverdomain hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager halserverdomain (binder (call transfer)))
|
|
(allow hwservicemanager halserverdomain (dir (search)))
|
|
(allow hwservicemanager halserverdomain (file (read map open)))
|
|
(allow hwservicemanager halserverdomain (process (getattr)))
|
|
(allow halserverdomain system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow halserverdomain hwservicemanager_prop (file (read getattr map open)))
|
|
(allow init heapprofd_exec (file (read getattr map execute open)))
|
|
(allow init heapprofd (process (transition)))
|
|
(allow heapprofd heapprofd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init heapprofd (process (noatsecure)))
|
|
(allow init heapprofd (process (siginh rlimitinh)))
|
|
(typetransition init heapprofd_exec process heapprofd)
|
|
(typetransition heapprofd tmpfs file heapprofd_tmpfs)
|
|
(allow heapprofd heapprofd_tmpfs (file (read write getattr map)))
|
|
(allow heapprofd property_socket (sock_file (write)))
|
|
(allow heapprofd init (unix_stream_socket (connectto)))
|
|
(allow heapprofd heapprofd_prop (property_service (set)))
|
|
(allow heapprofd heapprofd_prop (file (read getattr map open)))
|
|
(allow heapprofd self (capability (kill)))
|
|
(dontaudit heapprofd domain (dir (open search)))
|
|
(allow heapprofd traced (fd (use)))
|
|
(allow heapprofd traced_tmpfs (file (read write getattr map)))
|
|
(allow heapprofd traced_producer_socket (sock_file (write)))
|
|
(allow heapprofd traced (unix_stream_socket (connectto)))
|
|
(allow traced heapprofd (fd (use)))
|
|
(allow heapprofd nativetest_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd nativetest_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd nativetest_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd system_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd system_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd system_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd vendor_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd vendor_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd shell_test_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd shell_test_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd shell_test_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow heapprofd apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd apex_art_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow heapprofd apex_module_data_file (dir (getattr search)))
|
|
(allow heapprofd self (capability (dac_read_search)))
|
|
(allow heapprofd self (cap_userns (dac_read_search)))
|
|
(allow heapprofd packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 51 system/sepolicy/private/heapprofd.te
|
|
|
|
(neverallow heapprofd hal_configstore_server (file (read)))
|
|
(neverallow heapprofd apexd (file (read)))
|
|
(neverallow heapprofd app_zygote (file (read)))
|
|
(neverallow heapprofd bpfloader (file (read)))
|
|
(neverallow heapprofd init (file (read)))
|
|
(neverallow heapprofd kernel (file (read)))
|
|
(neverallow heapprofd keystore (file (read)))
|
|
(neverallow heapprofd llkd (file (read)))
|
|
(neverallow heapprofd logd (file (read)))
|
|
(neverallow heapprofd logpersist (file (read)))
|
|
(neverallow heapprofd recovery (file (read)))
|
|
(neverallow heapprofd recovery_persist (file (read)))
|
|
(neverallow heapprofd recovery_refresh (file (read)))
|
|
(neverallow heapprofd ueventd (file (read)))
|
|
(neverallow heapprofd vendor_init (file (read)))
|
|
(neverallow heapprofd vold (file (read)))
|
|
(neverallow heapprofd webview_zygote (file (read)))
|
|
(neverallow heapprofd zygote (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 51 system/sepolicy/private/heapprofd.te
|
|
|
|
(neverallow heapprofd hal_configstore_server (process (signal)))
|
|
(neverallow heapprofd apexd (process (signal)))
|
|
(neverallow heapprofd app_zygote (process (signal)))
|
|
(neverallow heapprofd bpfloader (process (signal)))
|
|
(neverallow heapprofd init (process (signal)))
|
|
(neverallow heapprofd kernel (process (signal)))
|
|
(neverallow heapprofd keystore (process (signal)))
|
|
(neverallow heapprofd llkd (process (signal)))
|
|
(neverallow heapprofd logd (process (signal)))
|
|
(neverallow heapprofd logpersist (process (signal)))
|
|
(neverallow heapprofd recovery (process (signal)))
|
|
(neverallow heapprofd recovery_persist (process (signal)))
|
|
(neverallow heapprofd recovery_refresh (process (signal)))
|
|
(neverallow heapprofd ueventd (process (signal)))
|
|
(neverallow heapprofd vendor_init (process (signal)))
|
|
(neverallow heapprofd vold (process (signal)))
|
|
(neverallow heapprofd webview_zygote (process (signal)))
|
|
(neverallow heapprofd zygote (process (signal)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/private/heapprofd.te
|
|
|
|
(neverallow heapprofd vendor_file_type (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/private/heapprofd.te
|
|
|
|
(neverallow heapprofd base_typeattr_783 (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow init hwservicemanager_exec (file (read getattr map execute open)))
|
|
(allow init hwservicemanager (process (transition)))
|
|
(allow hwservicemanager hwservicemanager_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init hwservicemanager (process (noatsecure)))
|
|
(allow init hwservicemanager (process (siginh rlimitinh)))
|
|
(typetransition init hwservicemanager_exec process hwservicemanager)
|
|
(allow hwservicemanager hidl_manager_hwservice (hwservice_manager (add find)))
|
|
(allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 5 system/sepolicy/private/hwservicemanager.te
|
|
|
|
(neverallow base_typeattr_784 hidl_manager_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow hwservicemanager hidl_token_hwservice (hwservice_manager (add find)))
|
|
(allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
|
|
;;* lmx 6 system/sepolicy/private/hwservicemanager.te
|
|
|
|
(neverallow base_typeattr_784 hidl_token_hwservice (hwservice_manager (add)))
|
|
;;* lme
|
|
|
|
(allow hwservicemanager property_socket (sock_file (write)))
|
|
(allow hwservicemanager init (unix_stream_socket (connectto)))
|
|
(allow hwservicemanager ctl_interface_start_prop (property_service (set)))
|
|
(allow hwservicemanager ctl_interface_start_prop (file (read getattr map open)))
|
|
(allow hwservicemanager property_socket (sock_file (write)))
|
|
(allow hwservicemanager init (unix_stream_socket (connectto)))
|
|
(allow hwservicemanager hwservicemanager_prop (property_service (set)))
|
|
(allow hwservicemanager hwservicemanager_prop (file (read getattr map open)))
|
|
(allow hwservicemanager system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hwservicemanager system_bootstrap_lib_file (file (read getattr map execute open)))
|
|
(allow hwservicemanager apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hwservicemanager apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hwservicemanager vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow hwservicemanager vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow hwservicemanager vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init idmap_exec (file (read getattr map execute open)))
|
|
(allow init idmap (process (transition)))
|
|
(allow idmap idmap_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init idmap (process (noatsecure)))
|
|
(allow init idmap (process (siginh rlimitinh)))
|
|
(typetransition init idmap_exec process idmap)
|
|
(allow shell incident_exec (file (read getattr map execute open)))
|
|
(allow shell incident (process (transition)))
|
|
(allow incident incident_exec (file (read getattr map execute open entrypoint)))
|
|
(allow incident shell (process (sigchld)))
|
|
(dontaudit shell incident (process (noatsecure)))
|
|
(allow shell incident (process (siginh rlimitinh)))
|
|
(typetransition shell incident_exec process incident)
|
|
(allow dumpstate incident_exec (file (read getattr map execute open)))
|
|
(allow dumpstate incident (process (transition)))
|
|
(allow incident incident_exec (file (read getattr map execute open entrypoint)))
|
|
(allow incident dumpstate (process (sigchld)))
|
|
(dontaudit dumpstate incident (process (noatsecure)))
|
|
(allow dumpstate incident (process (siginh rlimitinh)))
|
|
(typetransition dumpstate incident_exec process incident)
|
|
(allow incident shell (fd (use)))
|
|
(allow incident dumpstate (fd (use)))
|
|
(allow incident dumpstate (unix_stream_socket (read write)))
|
|
(allow incident shell_data_file (file (write)))
|
|
(allow incident devpts (chr_file (read write)))
|
|
(allow incident adbd (fd (use)))
|
|
(allow incident adbd (unix_stream_socket (read write)))
|
|
(allow incident adbd (process (sigchld)))
|
|
(allow incident servicemanager (binder (call transfer)))
|
|
(allow servicemanager incident (binder (call transfer)))
|
|
(allow servicemanager incident (dir (search)))
|
|
(allow servicemanager incident (file (read open)))
|
|
(allow servicemanager incident (process (getattr)))
|
|
(allow incident incident_service (service_manager (find)))
|
|
(allow incident incidentd (binder (call transfer)))
|
|
(allow incidentd incident (binder (transfer)))
|
|
(allow incident incidentd (fd (use)))
|
|
(allow incident incidentd (fifo_file (write)))
|
|
;;* lmx 37 system/sepolicy/private/incident.te
|
|
|
|
(neverallow base_typeattr_785 incident_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow incidentd incident_helper_exec (file (read getattr map execute open)))
|
|
(allow incidentd incident_helper (process (transition)))
|
|
(allow incident_helper incident_helper_exec (file (read getattr map execute open entrypoint)))
|
|
(allow incident_helper incidentd (process (sigchld)))
|
|
(dontaudit incidentd incident_helper (process (noatsecure)))
|
|
(allow incidentd incident_helper (process (siginh rlimitinh)))
|
|
(typetransition incidentd incident_helper_exec process incident_helper)
|
|
(allow incident_helper dumpstate (fd (use)))
|
|
(allow incident_helper incident (fd (use)))
|
|
(allow incident_helper incidentd (fd (use)))
|
|
(allow incident_helper shell (fd (use)))
|
|
(allow incident_helper dumpstate (fifo_file (read write getattr)))
|
|
(allow incident_helper incident (fifo_file (read write getattr)))
|
|
(allow incident_helper incidentd (fifo_file (read write getattr)))
|
|
(allow incident_helper shell (fifo_file (read write getattr)))
|
|
(allow incident_helper incidentd (unix_stream_socket (read write)))
|
|
;;* lmx 14 system/sepolicy/private/incident_helper.te
|
|
|
|
(neverallow base_typeattr_786 incident_helper_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow init incidentd_exec (file (read getattr map execute open)))
|
|
(allow init incidentd (process (transition)))
|
|
(allow incidentd incidentd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init incidentd (process (noatsecure)))
|
|
(allow init incidentd (process (siginh rlimitinh)))
|
|
(typetransition init incidentd_exec process incidentd)
|
|
(allow incidentd servicemanager (binder (call transfer)))
|
|
(allow servicemanager incidentd (binder (call transfer)))
|
|
(allow servicemanager incidentd (dir (search)))
|
|
(allow servicemanager incidentd (file (read open)))
|
|
(allow servicemanager incidentd (process (getattr)))
|
|
(allow incidentd sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow incidentd self (capability2 (block_suspend)))
|
|
(allow incidentd self (cap2_userns (block_suspend)))
|
|
(allow incidentd system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server incidentd (binder (transfer)))
|
|
(allow incidentd system_suspend_server (fd (use)))
|
|
(allow incidentd system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow incidentd hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager incidentd (binder (call transfer)))
|
|
(allow hwservicemanager incidentd (dir (search)))
|
|
(allow hwservicemanager incidentd (file (read map open)))
|
|
(allow hwservicemanager incidentd (process (getattr)))
|
|
(allow incidentd hwservicemanager_prop (file (read getattr map open)))
|
|
(allow incidentd hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow incidentd hal_system_suspend_service (service_manager (find)))
|
|
(allow incidentd servicemanager (binder (call transfer)))
|
|
(allow servicemanager incidentd (binder (call transfer)))
|
|
(allow servicemanager incidentd (dir (search)))
|
|
(allow servicemanager incidentd (file (read open)))
|
|
(allow servicemanager incidentd (process (getattr)))
|
|
(allow incidentd domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow incidentd domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd incident_helper (process (sigkill)))
|
|
(allow incidentd system_file (file (execute_no_trans)))
|
|
(allow incidentd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow incidentd proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd statsdw_socket (sock_file (write)))
|
|
(allow incidentd statsd (unix_dgram_socket (sendto)))
|
|
(allow incidentd proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd proc_meminfo (file (read open)))
|
|
(allow incidentd sysfs_devices_system_cpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd domain (process (getattr)))
|
|
(allow incidentd sysfs_batteryinfo (dir (search)))
|
|
(allow incidentd sysfs_batteryinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd stats_service (service_manager (find)))
|
|
(allow incidentd statsd (binder (call transfer)))
|
|
(allow statsd incidentd (binder (transfer)))
|
|
(allow incidentd statsd (fd (use)))
|
|
(allow incidentd perfetto_traces_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow incidentd perfetto_traces_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd nfc_service (service_manager (find)))
|
|
(allow incidentd incident_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow incidentd incident_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow incidentd servicemanager (binder (call transfer)))
|
|
(allow servicemanager incidentd (binder (call transfer)))
|
|
(allow servicemanager incidentd (dir (search)))
|
|
(allow servicemanager incidentd (file (read open)))
|
|
(allow servicemanager incidentd (process (getattr)))
|
|
(allow incidentd hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager incidentd (binder (call transfer)))
|
|
(allow hwservicemanager incidentd (dir (search)))
|
|
(allow hwservicemanager incidentd (file (read map open)))
|
|
(allow hwservicemanager incidentd (process (getattr)))
|
|
(allow incidentd hwservicemanager (hwservice_manager (list)))
|
|
(allow incidentd hwservicemanager_prop (file (read getattr map open)))
|
|
(allow incidentd hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow incidentd proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd proc_pid_max (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd proc_pipe_conf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd appdomain (process (signal)))
|
|
(allow incidentd ephemeral_app (process (signal)))
|
|
(allow incidentd system_server (process (signal)))
|
|
(allow incidentd hal_audio_server (process (signal)))
|
|
(allow incidentd hal_bluetooth_server (process (signal)))
|
|
(allow incidentd hal_camera_server (process (signal)))
|
|
(allow incidentd hal_codec2_server (process (signal)))
|
|
(allow incidentd hal_face_server (process (signal)))
|
|
(allow incidentd hal_graphics_allocator_server (process (signal)))
|
|
(allow incidentd hal_graphics_composer_server (process (signal)))
|
|
(allow incidentd hal_health_server (process (signal)))
|
|
(allow incidentd hal_omx_server (process (signal)))
|
|
(allow incidentd hal_sensors_server (process (signal)))
|
|
(allow incidentd hal_vr_server (process (signal)))
|
|
(allow incidentd audioserver (process (signal)))
|
|
(allow incidentd cameraserver (process (signal)))
|
|
(allow incidentd drmserver (process (signal)))
|
|
(allow incidentd inputflinger (process (signal)))
|
|
(allow incidentd mediadrmserver (process (signal)))
|
|
(allow incidentd mediaextractor (process (signal)))
|
|
(allow incidentd mediametrics (process (signal)))
|
|
(allow incidentd mediaserver (process (signal)))
|
|
(allow incidentd sdcardd (process (signal)))
|
|
(allow incidentd statsd (process (signal)))
|
|
(allow incidentd surfaceflinger (process (signal)))
|
|
(allow incidentd system_server (binder (call transfer)))
|
|
(allow system_server incidentd (binder (transfer)))
|
|
(allow incidentd system_server (fd (use)))
|
|
(allow incidentd appdomain (binder (call transfer)))
|
|
(allow appdomain incidentd (binder (transfer)))
|
|
(allow incidentd appdomain (fd (use)))
|
|
;;* lmx 122 system/sepolicy/private/incidentd.te
|
|
|
|
(neverallow incidentd base_typeattr_224 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow incidentd self (capability (kill)))
|
|
(allow incidentd self (cap_userns (kill)))
|
|
(allow incidentd tombstoned_intercept_socket (sock_file (write)))
|
|
(allow incidentd tombstoned (unix_stream_socket (connectto)))
|
|
(allow incidentd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow incidentd zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow incidentd device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow incidentd device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow incidentd odsign_prop (file (read getattr map open)))
|
|
(allow incidentd system_file (file (lock)))
|
|
(dontaudit incidentd dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit incidentd apex_module_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit incidentd apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit incidentd tmpfs (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
|
|
(allow incidentd apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd misc_logd_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow incidentd misc_logd_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd misc_logd_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow incidentd base_typeattr_787 (service_manager (find)))
|
|
(allow incidentd incident_service (service_manager (add find)))
|
|
;;* lmx 171 system/sepolicy/private/incidentd.te
|
|
|
|
(neverallow base_typeattr_788 incident_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow incidentd dumpstate (fd (use)))
|
|
(allow incidentd incident (fd (use)))
|
|
(allow incidentd dumpstate (fifo_file (write)))
|
|
(allow incidentd incident (fifo_file (write)))
|
|
(allow incidentd incident (binder (call transfer)))
|
|
(allow incident incidentd (binder (transfer)))
|
|
(allow incidentd incident (fd (use)))
|
|
(allow incidentd build_attestation_prop (file (read getattr map open)))
|
|
;;* lmx 212 system/sepolicy/private/incidentd.te
|
|
|
|
(neverallow base_typeattr_789 incident_data_file (file (write create getattr setattr lock append map unlink rename execute open execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 214 system/sepolicy/private/incidentd.te
|
|
|
|
(neverallow base_typeattr_790 incident_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 216 system/sepolicy/private/incidentd.te
|
|
|
|
(neverallow base_typeattr_789 incident_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
(typetransition init tmpfs file init_tmpfs)
|
|
(allow init init_tmpfs (file (read write getattr map)))
|
|
(allow init rootfs (file (read getattr map execute open)))
|
|
(allow init slideshow (process (transition)))
|
|
(allow slideshow rootfs (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init slideshow (process (noatsecure)))
|
|
(allow init slideshow (process (siginh rlimitinh)))
|
|
(allow init charger_exec (file (read getattr map execute open)))
|
|
(allow init charger (process (transition)))
|
|
(allow charger charger_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init charger (process (noatsecure)))
|
|
(allow init charger (process (siginh rlimitinh)))
|
|
(typetransition init charger_exec process charger)
|
|
(allow init e2fs_exec (file (read getattr map execute open)))
|
|
(allow init e2fs (process (transition)))
|
|
(allow e2fs e2fs_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init e2fs (process (noatsecure)))
|
|
(allow init e2fs (process (siginh rlimitinh)))
|
|
(typetransition init e2fs_exec process e2fs)
|
|
(allow init bpfloader_exec (file (read getattr map execute open)))
|
|
(allow init bpfloader (process (transition)))
|
|
(allow bpfloader bpfloader_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init bpfloader (process (noatsecure)))
|
|
(allow init bpfloader (process (siginh rlimitinh)))
|
|
(typetransition init bpfloader_exec process bpfloader)
|
|
(allow init shell_exec (file (read getattr map execute open)))
|
|
(allow init shell (process (transition)))
|
|
(allow shell shell_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init shell (process (noatsecure)))
|
|
(allow init shell (process (siginh rlimitinh)))
|
|
(allow init init_exec (file (read getattr map execute open)))
|
|
(allow init ueventd (process (transition)))
|
|
(allow ueventd init_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init ueventd (process (noatsecure)))
|
|
(allow init ueventd (process (siginh rlimitinh)))
|
|
(allow init init_exec (file (read getattr map execute open)))
|
|
(allow init vendor_init (process (transition)))
|
|
(allow vendor_init init_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init vendor_init (process (noatsecure)))
|
|
(allow init vendor_init (process (siginh rlimitinh)))
|
|
(allow init rootfs (file (read getattr map execute open)))
|
|
(allow init toolbox_exec (file (read getattr map execute open)))
|
|
(allow init modprobe (process (transition)))
|
|
(allow modprobe rootfs (file (read getattr map execute open entrypoint)))
|
|
(allow modprobe toolbox_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init modprobe (process (noatsecure)))
|
|
(allow init modprobe (process (siginh rlimitinh)))
|
|
(allow init sysfs_dm (file (read)))
|
|
(allow init sysfs_loop (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init sysfs_loop (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init sysfs_type (file (read getattr)))
|
|
(allow init dev_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow init dev_type (blk_file (getattr)))
|
|
(allow init proc_drop_caches (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init property_socket (sock_file (write)))
|
|
(allow init init (unix_stream_socket (connectto)))
|
|
(allow init powerctl_prop (property_service (set)))
|
|
(allow init powerctl_prop (file (read getattr map open)))
|
|
(allow init property_socket (sock_file (write)))
|
|
(allow init init (unix_stream_socket (connectto)))
|
|
(allow init userspace_reboot_exported_prop (property_service (set)))
|
|
(allow init userspace_reboot_exported_prop (file (read getattr map open)))
|
|
;;* lmx 62 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 userspace_reboot_exported_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init self (perf_event (open cpu)))
|
|
(allow init self (capability2 (perfmon)))
|
|
(allow init self (cap2_userns (perfmon)))
|
|
;;* lmx 72 system/sepolicy/private/init.te
|
|
|
|
(neverallow init self (perf_event (kernel tracepoint read write)))
|
|
;;* lme
|
|
|
|
(dontaudit init self (perf_event (kernel tracepoint read write)))
|
|
(allow init snapuserd_socket (sock_file (write)))
|
|
(allow init snapuserd (unix_stream_socket (connectto)))
|
|
(allow init ota_metadata_file (dir (lock)))
|
|
(allow init vd_device (blk_file (relabelto)))
|
|
(allow init property_socket (sock_file (write)))
|
|
(allow init init (unix_stream_socket (connectto)))
|
|
(allow init init_perf_lsm_hooks_prop (property_service (set)))
|
|
(allow init init_perf_lsm_hooks_prop (file (read getattr map open)))
|
|
;;* lmx 89 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 init_perf_lsm_hooks_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init property_socket (sock_file (write)))
|
|
(allow init init (unix_stream_socket (connectto)))
|
|
(allow init vts_status_prop (property_service (set)))
|
|
(allow init vts_status_prop (file (read getattr map open)))
|
|
;;* lmx 93 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 vts_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 96 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 bootloader_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 99 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 hal_instrumentation_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 102 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 property_service_version_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 105 system/sepolicy/private/init.te
|
|
|
|
(neverallow base_typeattr_223 keystore_listen_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init debugfs_bootreceiver_tracing (file (write lock append map open)))
|
|
(allow init prng_seeder (unix_stream_socket (create bind listen)))
|
|
(dontaudit init debugfs_tracing_debug (dir (write add_name)))
|
|
(allow init base_typeattr_791 (chr_file (setattr)))
|
|
(allow init inputflinger_exec (file (read getattr map execute open)))
|
|
(allow init inputflinger (process (transition)))
|
|
(allow inputflinger inputflinger_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init inputflinger (process (noatsecure)))
|
|
(allow init inputflinger (process (siginh rlimitinh)))
|
|
(typetransition init inputflinger_exec process inputflinger)
|
|
(allow init installd_exec (file (read getattr map execute open)))
|
|
(allow init installd (process (transition)))
|
|
(allow installd installd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init installd (process (noatsecure)))
|
|
(allow init installd (process (siginh rlimitinh)))
|
|
(typetransition init installd_exec process installd)
|
|
(allow installd migrate_legacy_obb_data_exec (file (read getattr map execute open)))
|
|
(allow installd migrate_legacy_obb_data (process (transition)))
|
|
(allow migrate_legacy_obb_data migrate_legacy_obb_data_exec (file (read getattr map execute open entrypoint)))
|
|
(allow migrate_legacy_obb_data installd (process (sigchld)))
|
|
(dontaudit installd migrate_legacy_obb_data (process (noatsecure)))
|
|
(allow installd migrate_legacy_obb_data (process (siginh rlimitinh)))
|
|
(typetransition installd migrate_legacy_obb_data_exec process migrate_legacy_obb_data)
|
|
(allow installd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow installd dex2oat_exec (file (read getattr map execute open)))
|
|
(allow installd dex2oat (process (transition)))
|
|
(allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dex2oat installd (process (sigchld)))
|
|
(dontaudit installd dex2oat (process (noatsecure)))
|
|
(allow installd dex2oat (process (siginh rlimitinh)))
|
|
(typetransition installd dex2oat_exec process dex2oat)
|
|
(allow installd dexoptanalyzer_exec (file (read getattr map execute open)))
|
|
(allow installd dexoptanalyzer (process (transition)))
|
|
(allow dexoptanalyzer dexoptanalyzer_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dexoptanalyzer installd (process (sigchld)))
|
|
(dontaudit installd dexoptanalyzer (process (noatsecure)))
|
|
(allow installd dexoptanalyzer (process (siginh rlimitinh)))
|
|
(typetransition installd dexoptanalyzer_exec process dexoptanalyzer)
|
|
(allow installd viewcompiler_exec (file (read getattr map execute open)))
|
|
(allow installd viewcompiler (process (transition)))
|
|
(allow viewcompiler viewcompiler_exec (file (read getattr map execute open entrypoint)))
|
|
(allow viewcompiler installd (process (sigchld)))
|
|
(dontaudit installd viewcompiler (process (noatsecure)))
|
|
(allow installd viewcompiler (process (siginh rlimitinh)))
|
|
(typetransition installd viewcompiler_exec process viewcompiler)
|
|
(allow installd profman_exec (file (read getattr map execute open)))
|
|
(allow installd profman (process (transition)))
|
|
(allow profman profman_exec (file (read getattr map execute open entrypoint)))
|
|
(allow profman installd (process (sigchld)))
|
|
(dontaudit installd profman (process (noatsecure)))
|
|
(allow installd profman (process (siginh rlimitinh)))
|
|
(typetransition installd profman_exec process profman)
|
|
(allow installd idmap_exec (file (read getattr map execute open)))
|
|
(allow installd idmap (process (transition)))
|
|
(allow idmap idmap_exec (file (read getattr map execute open entrypoint)))
|
|
(allow idmap installd (process (sigchld)))
|
|
(dontaudit installd idmap (process (noatsecure)))
|
|
(allow installd idmap (process (siginh rlimitinh)))
|
|
(typetransition installd idmap_exec process idmap)
|
|
(allow installd dumpstate (fd (use)))
|
|
(allow installd dumpstate (fifo_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow installd app_exec_data_file (file (unlink)))
|
|
(allow installd rollback_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd rollback_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow installd device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow installd device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow installd apk_verity_prop (file (read getattr map open)))
|
|
(allow installd odsign_prop (file (read getattr map open)))
|
|
(allow installd staging_data_file (file (unlink)))
|
|
(allow installd staging_data_file (dir (read write getattr open remove_name search rmdir)))
|
|
(allow installd dex2oat (process (signal)))
|
|
(allow installd dexoptanalyzer (process (signal)))
|
|
(allow installd profman (process (sigkill)))
|
|
(allow installd dex2oat (process (sigkill)))
|
|
(allow installd dexoptanalyzer (process (sigkill)))
|
|
(allow installd sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow installd untrusted_app_all (fd (use)))
|
|
(allow installd gmscore_app (fd (use)))
|
|
(allow installd priv_app (fd (use)))
|
|
(allowx installd app_data_file_type (ioctl file (0x6685)))
|
|
(typetransition isolated_app tmpfs file appdomain_tmpfs)
|
|
(allow isolated_app isolated_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su isolated_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 10 system/sepolicy/private/isolated_app.te
|
|
|
|
(neverallow base_typeattr_643 isolated_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow isolated_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 10 system/sepolicy/private/isolated_app.te
|
|
|
|
(neverallow base_typeattr_792 base_typeattr_643 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/private/isolated_app.te
|
|
|
|
(neverallow base_typeattr_793 isolated_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/private/isolated_app.te
|
|
|
|
(neverallow base_typeattr_794 isolated_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow isolated_app webviewupdate_service (service_manager (find)))
|
|
(allow isolated_app untrusted_app_all (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_app untrusted_app_all (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_app ephemeral_app (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_app ephemeral_app (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_app priv_app (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_app priv_app (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_app sdcard_type (file (read write getattr lock append map)))
|
|
(allow isolated_app fuse (file (read write getattr lock append map)))
|
|
(allow isolated_app media_rw_data_file (file (read write getattr lock append map)))
|
|
(allow isolated_app webview_zygote (fd (use)))
|
|
(allow isolated_app webview_zygote (process (sigchld)))
|
|
(allow isolated_app webview_zygote (unix_dgram_socket (write)))
|
|
(allow isolated_app webview_zygote_tmpfs (file (read)))
|
|
(allow isolated_app_all app_data_file (file (read write getattr lock append map)))
|
|
(allow isolated_app_all privapp_data_file (file (read write getattr lock append map)))
|
|
(allow isolated_app_all sdk_sandbox_data_file (file (read write getattr lock append map)))
|
|
(allow isolated_app_all activity_service (service_manager (find)))
|
|
(allow isolated_app_all display_service (service_manager (find)))
|
|
(allow isolated_app_all self (process (ptrace)))
|
|
(allow isolated_app_all app_zygote (fd (use)))
|
|
(allow isolated_app_all app_zygote (process (sigchld)))
|
|
(allow isolated_app_all app_zygote (unix_dgram_socket (write)))
|
|
(dontaudit isolated_app_all shell_data_file (dir (search)))
|
|
(allow isolated_app_all apk_tmp_file (file (read getattr)))
|
|
(allow isolated_app_all apk_private_tmp_file (file (read getattr)))
|
|
;;* lmx 44 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all app_data_file_type (file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 49 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 50 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 53 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow base_typeattr_795 hwbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow base_typeattr_795 base_typeattr_224 (hwservice_manager (add find list)))
|
|
;;* lme
|
|
|
|
;;* lmx 57 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 61 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow base_typeattr_795 base_typeattr_224 (service_manager (add list)))
|
|
;;* lme
|
|
|
|
;;* lmx 71 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow base_typeattr_795 base_typeattr_796 (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 74 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 77 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 78 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 82 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow isolated_app_all fuse (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow isolated_app_all mnt_user_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
(neverallow isolated_app_all storage_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 83 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all mnt_user_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all mnt_user_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all mnt_user_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all mnt_user_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all mnt_user_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all mnt_user_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all storage_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all storage_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all storage_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all storage_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all storage_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all storage_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 84 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all sdcard_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all sdcard_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all sdcard_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all sdcard_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all sdcard_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all fuse (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all fuse (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all fuse (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all fuse (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow isolated_app_all fuse (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 85 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all sdcard_type (file (ioctl create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all fuse (file (ioctl create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 88 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all usbaccessory_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow isolated_app_all usb_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 91 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all webview_zygote (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 104 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow base_typeattr_795 base_typeattr_797 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 125 system/sepolicy/private/isolated_app_all.te
|
|
|
|
(neverallow isolated_app_all untrusted_app_all (socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (tcp_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (udp_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (rawip_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (packet_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (key_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_route_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_tcpdiag_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_nflog_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_xfrm_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_selinux_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_audit_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_dnrt_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_kobject_uevent_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (appletalk_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (tun_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_iscsi_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_fib_lookup_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_connector_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_netfilter_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_generic_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_scsitransport_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_rdma_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netlink_crypto_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (sctp_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (icmp_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (ax25_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (ipx_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (netrom_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (atmpvc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (x25_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (rose_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (decnet_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (atmsvc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (rds_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (irda_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (pppox_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (llc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (can_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (tipc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (bluetooth_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (iucv_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (rxrpc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (isdn_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (phonet_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (ieee802154_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (caif_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (alg_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (nfc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (vsock_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (kcm_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (qipcrtr_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (smc_socket (create)))
|
|
(neverallow isolated_app_all untrusted_app_all (xdp_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (tcp_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (udp_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (rawip_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (packet_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (key_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_route_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_tcpdiag_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_nflog_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_xfrm_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_selinux_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_audit_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_dnrt_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_kobject_uevent_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (appletalk_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (tun_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_iscsi_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_fib_lookup_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_connector_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_netfilter_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_generic_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_scsitransport_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_rdma_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netlink_crypto_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (sctp_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (icmp_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (ax25_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (ipx_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (netrom_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (atmpvc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (x25_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (rose_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (decnet_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (atmsvc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (rds_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (irda_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (pppox_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (llc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (can_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (tipc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (bluetooth_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (iucv_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (rxrpc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (isdn_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (phonet_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (ieee802154_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (caif_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (alg_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (nfc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (vsock_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (kcm_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (qipcrtr_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (smc_socket (create)))
|
|
(neverallow isolated_app_all ephemeral_app (xdp_socket (create)))
|
|
(neverallow isolated_app_all priv_app (socket (create)))
|
|
(neverallow isolated_app_all priv_app (tcp_socket (create)))
|
|
(neverallow isolated_app_all priv_app (udp_socket (create)))
|
|
(neverallow isolated_app_all priv_app (rawip_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_socket (create)))
|
|
(neverallow isolated_app_all priv_app (packet_socket (create)))
|
|
(neverallow isolated_app_all priv_app (key_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_route_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_tcpdiag_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_nflog_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_xfrm_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_selinux_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_audit_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_dnrt_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_kobject_uevent_socket (create)))
|
|
(neverallow isolated_app_all priv_app (appletalk_socket (create)))
|
|
(neverallow isolated_app_all priv_app (tun_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_iscsi_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_fib_lookup_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_connector_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_netfilter_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_generic_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_scsitransport_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_rdma_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netlink_crypto_socket (create)))
|
|
(neverallow isolated_app_all priv_app (sctp_socket (create)))
|
|
(neverallow isolated_app_all priv_app (icmp_socket (create)))
|
|
(neverallow isolated_app_all priv_app (ax25_socket (create)))
|
|
(neverallow isolated_app_all priv_app (ipx_socket (create)))
|
|
(neverallow isolated_app_all priv_app (netrom_socket (create)))
|
|
(neverallow isolated_app_all priv_app (atmpvc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (x25_socket (create)))
|
|
(neverallow isolated_app_all priv_app (rose_socket (create)))
|
|
(neverallow isolated_app_all priv_app (decnet_socket (create)))
|
|
(neverallow isolated_app_all priv_app (atmsvc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (rds_socket (create)))
|
|
(neverallow isolated_app_all priv_app (irda_socket (create)))
|
|
(neverallow isolated_app_all priv_app (pppox_socket (create)))
|
|
(neverallow isolated_app_all priv_app (llc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (can_socket (create)))
|
|
(neverallow isolated_app_all priv_app (tipc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (bluetooth_socket (create)))
|
|
(neverallow isolated_app_all priv_app (iucv_socket (create)))
|
|
(neverallow isolated_app_all priv_app (rxrpc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (isdn_socket (create)))
|
|
(neverallow isolated_app_all priv_app (phonet_socket (create)))
|
|
(neverallow isolated_app_all priv_app (ieee802154_socket (create)))
|
|
(neverallow isolated_app_all priv_app (caif_socket (create)))
|
|
(neverallow isolated_app_all priv_app (alg_socket (create)))
|
|
(neverallow isolated_app_all priv_app (nfc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (vsock_socket (create)))
|
|
(neverallow isolated_app_all priv_app (kcm_socket (create)))
|
|
(neverallow isolated_app_all priv_app (qipcrtr_socket (create)))
|
|
(neverallow isolated_app_all priv_app (smc_socket (create)))
|
|
(neverallow isolated_app_all priv_app (xdp_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (tcp_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (udp_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (rawip_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (packet_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (key_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_route_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_tcpdiag_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_nflog_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_xfrm_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_selinux_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_audit_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_dnrt_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_kobject_uevent_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (appletalk_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (tun_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_iscsi_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_fib_lookup_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_connector_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_netfilter_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_generic_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_scsitransport_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_rdma_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netlink_crypto_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (sctp_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (icmp_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (ax25_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (ipx_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (netrom_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (atmpvc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (x25_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (rose_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (decnet_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (atmsvc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (rds_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (irda_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (pppox_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (llc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (can_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (tipc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (bluetooth_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (iucv_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (rxrpc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (isdn_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (phonet_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (ieee802154_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (caif_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (alg_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (nfc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (vsock_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (kcm_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (qipcrtr_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (smc_socket (create)))
|
|
(neverallow isolated_app_all sdk_sandbox_all (xdp_socket (create)))
|
|
(neverallow isolated_app_all self (socket (create)))
|
|
(neverallow isolated_app_all self (tcp_socket (create)))
|
|
(neverallow isolated_app_all self (udp_socket (create)))
|
|
(neverallow isolated_app_all self (rawip_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_socket (create)))
|
|
(neverallow isolated_app_all self (packet_socket (create)))
|
|
(neverallow isolated_app_all self (key_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_route_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_tcpdiag_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_nflog_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_xfrm_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_selinux_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_audit_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_dnrt_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_kobject_uevent_socket (create)))
|
|
(neverallow isolated_app_all self (appletalk_socket (create)))
|
|
(neverallow isolated_app_all self (tun_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_iscsi_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_fib_lookup_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_connector_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_netfilter_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_generic_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_scsitransport_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_rdma_socket (create)))
|
|
(neverallow isolated_app_all self (netlink_crypto_socket (create)))
|
|
(neverallow isolated_app_all self (sctp_socket (create)))
|
|
(neverallow isolated_app_all self (icmp_socket (create)))
|
|
(neverallow isolated_app_all self (ax25_socket (create)))
|
|
(neverallow isolated_app_all self (ipx_socket (create)))
|
|
(neverallow isolated_app_all self (netrom_socket (create)))
|
|
(neverallow isolated_app_all self (atmpvc_socket (create)))
|
|
(neverallow isolated_app_all self (x25_socket (create)))
|
|
(neverallow isolated_app_all self (rose_socket (create)))
|
|
(neverallow isolated_app_all self (decnet_socket (create)))
|
|
(neverallow isolated_app_all self (atmsvc_socket (create)))
|
|
(neverallow isolated_app_all self (rds_socket (create)))
|
|
(neverallow isolated_app_all self (irda_socket (create)))
|
|
(neverallow isolated_app_all self (pppox_socket (create)))
|
|
(neverallow isolated_app_all self (llc_socket (create)))
|
|
(neverallow isolated_app_all self (can_socket (create)))
|
|
(neverallow isolated_app_all self (tipc_socket (create)))
|
|
(neverallow isolated_app_all self (bluetooth_socket (create)))
|
|
(neverallow isolated_app_all self (iucv_socket (create)))
|
|
(neverallow isolated_app_all self (rxrpc_socket (create)))
|
|
(neverallow isolated_app_all self (isdn_socket (create)))
|
|
(neverallow isolated_app_all self (phonet_socket (create)))
|
|
(neverallow isolated_app_all self (ieee802154_socket (create)))
|
|
(neverallow isolated_app_all self (caif_socket (create)))
|
|
(neverallow isolated_app_all self (alg_socket (create)))
|
|
(neverallow isolated_app_all self (nfc_socket (create)))
|
|
(neverallow isolated_app_all self (vsock_socket (create)))
|
|
(neverallow isolated_app_all self (kcm_socket (create)))
|
|
(neverallow isolated_app_all self (qipcrtr_socket (create)))
|
|
(neverallow isolated_app_all self (smc_socket (create)))
|
|
(neverallow isolated_app_all self (xdp_socket (create)))
|
|
;;* lme
|
|
|
|
(typetransition isolated_compute_app tmpfs file appdomain_tmpfs)
|
|
(allow isolated_compute_app isolated_compute_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
|
|
|
|
(neverallow base_typeattr_798 isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow isolated_compute_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
|
|
|
|
(neverallow base_typeattr_799 base_typeattr_798 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
|
|
|
|
(neverallow base_typeattr_800 isolated_compute_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
|
|
|
|
(neverallow base_typeattr_801 isolated_compute_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow isolated_compute_app isolated_compute_allowed_service (service_manager (find)))
|
|
(allow isolated_compute_app isolated_compute_allowed_device (chr_file (ioctl read write map)))
|
|
(allow isolated_compute_app hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager isolated_compute_app (binder (call transfer)))
|
|
(allow hwservicemanager isolated_compute_app (dir (search)))
|
|
(allow hwservicemanager isolated_compute_app (file (read map open)))
|
|
(allow hwservicemanager isolated_compute_app (process (getattr)))
|
|
(allow isolated_compute_app dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow isolated_compute_app untrusted_app_all (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_compute_app untrusted_app_all (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_compute_app ephemeral_app (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_compute_app ephemeral_app (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_compute_app priv_app (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_compute_app priv_app (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow isolated_compute_app toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow init iw_exec (file (read getattr map execute open)))
|
|
(allow init iw (process (transition)))
|
|
(allow iw iw_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init iw (process (noatsecure)))
|
|
(allow init iw (process (siginh rlimitinh)))
|
|
(typetransition init iw_exec process iw)
|
|
(allow kernel init_exec (file (read getattr map execute open)))
|
|
(allow kernel init (process (transition)))
|
|
(allow init init_exec (file (read getattr map execute open entrypoint)))
|
|
(allow init kernel (process (sigchld)))
|
|
(dontaudit kernel init (process (noatsecure)))
|
|
(allow kernel init (process (siginh rlimitinh)))
|
|
(typetransition kernel init_exec process init)
|
|
(allow kernel snapuserd_exec (file (read getattr map execute open)))
|
|
(allow kernel snapuserd (process (transition)))
|
|
(allow snapuserd snapuserd_exec (file (read getattr map execute open entrypoint)))
|
|
(allow snapuserd kernel (process (sigchld)))
|
|
(dontaudit kernel snapuserd (process (noatsecure)))
|
|
(allow kernel snapuserd (process (siginh rlimitinh)))
|
|
(typetransition kernel snapuserd_exec process snapuserd)
|
|
(allow kernel otapreopt_chroot (fd (use)))
|
|
(allow kernel postinstall_file (file (read)))
|
|
(allow kernel tmpfs (blk_file (getattr relabelfrom)))
|
|
(allow kernel tmpfs (chr_file (getattr relabelfrom)))
|
|
(allow kernel tmpfs (lnk_file (getattr relabelfrom)))
|
|
(allow kernel tmpfs (dir (read relabelfrom open)))
|
|
(allow kernel block_device (blk_file (relabelto)))
|
|
(allow kernel block_device (lnk_file (relabelto)))
|
|
(allow kernel dm_device (chr_file (relabelto)))
|
|
(allow kernel dm_device (blk_file (relabelto)))
|
|
(allow kernel dm_user_device (dir (read relabelto open search)))
|
|
(allow kernel dm_user_device (chr_file (relabelto)))
|
|
(allow kernel kmsg_device (chr_file (relabelto)))
|
|
(allow kernel null_device (chr_file (relabelto)))
|
|
(allow kernel random_device (chr_file (relabelto)))
|
|
(allow kernel snapuserd_exec (file (relabelto)))
|
|
(allow kernel kmsg_device (chr_file (write)))
|
|
(allow kernel gsid (fd (use)))
|
|
(dontaudit kernel metadata_file (dir (search)))
|
|
(dontaudit kernel ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(dontaudit kernel sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit kernel sysfs (file (read write open)))
|
|
(dontaudit kernel sysfs (chr_file (read write open)))
|
|
(dontaudit kernel dm_device (chr_file (ioctl)))
|
|
(dontaudit kernel self (capability (setgid sys_admin mknod)))
|
|
(dontaudit kernel dm_user_device (dir (write add_name)))
|
|
(dontaudit kernel dm_user_device (chr_file (create setattr)))
|
|
(dontaudit kernel tmpfs (lnk_file (read)))
|
|
(dontaudit kernel tmpfs (blk_file (read open)))
|
|
(allow init keystore_exec (file (read getattr map execute open)))
|
|
(allow init keystore (process (transition)))
|
|
(allow keystore keystore_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init keystore (process (noatsecure)))
|
|
(allow init keystore (process (siginh rlimitinh)))
|
|
(typetransition init keystore_exec process keystore)
|
|
(dontaudit keystore hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
|
|
(allow keystore platform_app (binder (call)))
|
|
(allow keystore device_logging_prop (file (read getattr map open)))
|
|
(allow keystore remote_prov_prop (file (read getattr map open)))
|
|
(allow keystore device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
|
|
(allow keystore statsdw_socket (sock_file (write)))
|
|
(allow keystore statsd (unix_dgram_socket (sendto)))
|
|
(allow keystore keystore2_key_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore keystore_listen_prop (file (read getattr map open)))
|
|
(allow keystore vold (binder (transfer)))
|
|
(allow keystore property_socket (sock_file (write)))
|
|
(allow keystore init (unix_stream_socket (connectto)))
|
|
(allow keystore keystore_crash_prop (property_service (set)))
|
|
(allow keystore keystore_crash_prop (file (read getattr map open)))
|
|
;;* lmx 47 system/sepolicy/private/keystore.te
|
|
|
|
(neverallow base_typeattr_561 keystore_crash_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow keystore apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow keystore apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow keystore vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow keystore vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init linkerconfig_exec (file (read getattr map execute open)))
|
|
(allow init linkerconfig (process (transition)))
|
|
(allow linkerconfig linkerconfig_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init linkerconfig (process (noatsecure)))
|
|
(allow init linkerconfig (process (siginh rlimitinh)))
|
|
(typetransition init linkerconfig_exec process linkerconfig)
|
|
(allow linkerconfig linkerconfig_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow linkerconfig linkerconfig_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow linkerconfig kmsg_device (chr_file (write lock append map open)))
|
|
(allow linkerconfig devpts (chr_file (ioctl read write getattr)))
|
|
(allow linkerconfig apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow linkerconfig apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow linkerconfig vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow linkerconfig vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow linkerconfig vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow linkerconfig otapreopt_chroot (fd (use)))
|
|
(allow linkerconfig postinstall_apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow linkerconfig postinstall_apex_mnt_dir (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 30 system/sepolicy/private/linkerconfig.te
|
|
|
|
(neverallow base_typeattr_802 linkerconfig_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
(allow init llkd_exec (file (read getattr map execute open)))
|
|
(allow init llkd (process (transition)))
|
|
(allow llkd llkd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init llkd (process (noatsecure)))
|
|
(allow init llkd (process (siginh rlimitinh)))
|
|
(typetransition init llkd_exec process llkd)
|
|
(allow llkd llkd_prop (file (read getattr map open)))
|
|
(allow llkd self (capability (kill)))
|
|
(allow llkd self (cap_userns (kill)))
|
|
(allow llkd self (capability (ipc_lock)))
|
|
(allow llkd self (cap_userns (ipc_lock)))
|
|
(allow llkd domain (process (sigkill)))
|
|
(allow llkd domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow llkd domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow llkd domain (lnk_file (read)))
|
|
(allow llkd proc_hung_task (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow llkd proc_sysrq (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow llkd kmsg_device (chr_file (write lock append map open)))
|
|
;;* lmx 49 system/sepolicy/private/llkd.te
|
|
|
|
(neverallow base_typeattr_223 llkd (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 50 system/sepolicy/private/llkd.te
|
|
|
|
(neverallow domain llkd (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 53 system/sepolicy/private/llkd.te
|
|
|
|
(neverallow base_typeattr_224 llkd (process (noatsecure)))
|
|
;;* lme
|
|
|
|
(allow init lmkd_exec (file (read getattr map execute open)))
|
|
(allow init lmkd (process (transition)))
|
|
(allow lmkd lmkd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init lmkd (process (noatsecure)))
|
|
(allow init lmkd (process (siginh rlimitinh)))
|
|
(typetransition init lmkd_exec process lmkd)
|
|
(allow lmkd property_socket (sock_file (write)))
|
|
(allow lmkd init (unix_stream_socket (connectto)))
|
|
(allow lmkd system_lmk_prop (property_service (set)))
|
|
(allow lmkd system_lmk_prop (file (read getattr map open)))
|
|
(allow lmkd property_socket (sock_file (write)))
|
|
(allow lmkd init (unix_stream_socket (connectto)))
|
|
(allow lmkd lmkd_prop (property_service (set)))
|
|
(allow lmkd lmkd_prop (file (read getattr map open)))
|
|
(allow lmkd device_config_lmkd_native_prop (file (read getattr map open)))
|
|
(allow lmkd fs_bpf (file (read)))
|
|
(allow lmkd bpfloader (bpf (map_read)))
|
|
;;* lmx 18 system/sepolicy/private/lmkd.te
|
|
|
|
(neverallow base_typeattr_803 lmkd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow init logd_exec (file (read getattr map execute open)))
|
|
(allow init logd (process (transition)))
|
|
(allow logd logd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init logd (process (noatsecure)))
|
|
(allow init logd (process (siginh rlimitinh)))
|
|
(typetransition init logd_exec process logd)
|
|
(allow logd device_logging_prop (file (read getattr map open)))
|
|
;;* lmx 17 system/sepolicy/private/logd.te
|
|
|
|
(neverallow logd base_typeattr_804 (file (write create append)))
|
|
;;* lme
|
|
|
|
;;* lmx 32 system/sepolicy/private/logd.te
|
|
|
|
(neverallow base_typeattr_805 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/private/logd.te
|
|
|
|
(neverallow base_typeattr_806 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow logd servicemanager (binder (call transfer)))
|
|
(allow servicemanager logd (binder (call transfer)))
|
|
(allow servicemanager logd (dir (search)))
|
|
(allow servicemanager logd (file (read open)))
|
|
(allow servicemanager logd (process (getattr)))
|
|
(allow logd system_server (binder (call transfer)))
|
|
(allow system_server logd (binder (transfer)))
|
|
(allow logd system_server (fd (use)))
|
|
(allow logd logd_service (service_manager (add find)))
|
|
;;* lmx 50 system/sepolicy/private/logd.te
|
|
|
|
(neverallow base_typeattr_807 logd_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow logd logcat_service (service_manager (find)))
|
|
;;* lmx 28 system/sepolicy/private/logpersist.te
|
|
|
|
(neverallow logpersist file_type (file (write create append)))
|
|
;;* lme
|
|
|
|
;;* lmx 29 system/sepolicy/private/logpersist.te
|
|
|
|
(neverallow base_typeattr_808 misc_logd_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 30 system/sepolicy/private/logpersist.te
|
|
|
|
(neverallow base_typeattr_223 misc_logd_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 31 system/sepolicy/private/logpersist.te
|
|
|
|
(neverallow base_typeattr_223 misc_logd_file (dir (write relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
(allow init lpdumpd_exec (file (read getattr map execute open)))
|
|
(allow init lpdumpd (process (transition)))
|
|
(allow lpdumpd lpdumpd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init lpdumpd (process (noatsecure)))
|
|
(allow init lpdumpd (process (siginh rlimitinh)))
|
|
(typetransition init lpdumpd_exec process lpdumpd)
|
|
(allow lpdumpd servicemanager (binder (call transfer)))
|
|
(allow servicemanager lpdumpd (binder (call transfer)))
|
|
(allow servicemanager lpdumpd (dir (search)))
|
|
(allow servicemanager lpdumpd (file (read open)))
|
|
(allow servicemanager lpdumpd (process (getattr)))
|
|
(allow lpdumpd lpdump_service (service_manager (add find)))
|
|
;;* lmx 8 system/sepolicy/private/lpdumpd.te
|
|
|
|
(neverallow base_typeattr_809 lpdump_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow lpdumpd block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow lpdumpd super_block_device_type (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow lpdumpd sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd gsi_metadata_file_type (dir (search)))
|
|
(allow lpdumpd metadata_file (dir (search)))
|
|
(allow lpdumpd gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow lpdumpd sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd sysfs_dt_firmware_android (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow lpdumpd virtual_ab_prop (file (read getattr map open)))
|
|
(allow lpdumpd metadata_file (dir (search)))
|
|
(allow lpdumpd ota_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow lpdumpd ota_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 39 system/sepolicy/private/lpdumpd.te
|
|
|
|
(neverallow base_typeattr_810 lpdump_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 47 system/sepolicy/private/lpdumpd.te
|
|
|
|
(neverallow base_typeattr_811 lpdumpd (binder (call)))
|
|
;;* lme
|
|
|
|
(allow init mdnsd_exec (file (read getattr map execute open)))
|
|
(allow init mdnsd (process (transition)))
|
|
(allow mdnsd mdnsd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mdnsd (process (noatsecure)))
|
|
(allow init mdnsd (process (siginh rlimitinh)))
|
|
(typetransition init mdnsd_exec process mdnsd)
|
|
(allow mdnsd proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mdnsd proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mdnsd proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init mediadrmserver_exec (file (read getattr map execute open)))
|
|
(allow init mediadrmserver (process (transition)))
|
|
(allow mediadrmserver mediadrmserver_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediadrmserver (process (noatsecure)))
|
|
(allow init mediadrmserver (process (siginh rlimitinh)))
|
|
(typetransition init mediadrmserver_exec process mediadrmserver)
|
|
(auditallow mediadrmserver hal_graphics_allocator_server (binder (call)))
|
|
(allow init mediaextractor_exec (file (read getattr map execute open)))
|
|
(allow init mediaextractor (process (transition)))
|
|
(allow mediaextractor mediaextractor_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediaextractor (process (noatsecure)))
|
|
(allow init mediaextractor (process (siginh rlimitinh)))
|
|
(typetransition init mediaextractor_exec process mediaextractor)
|
|
(typetransition mediaextractor tmpfs file mediaextractor_tmpfs)
|
|
(allow mediaextractor mediaextractor_tmpfs (file (read write getattr map)))
|
|
(allow mediaextractor appdomain_tmpfs (file (read write getattr map)))
|
|
(allow mediaextractor mediaserver_tmpfs (file (read write getattr map)))
|
|
(allow mediaextractor system_server_tmpfs (file (read write getattr map)))
|
|
(allow mediaextractor device_config_media_native_prop (file (read getattr map open)))
|
|
(allow mediaextractor device_config_swcodec_native_prop (file (read getattr map open)))
|
|
(allow init mediametrics_exec (file (read getattr map execute open)))
|
|
(allow init mediametrics (process (transition)))
|
|
(allow mediametrics mediametrics_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediametrics (process (noatsecure)))
|
|
(allow init mediametrics (process (siginh rlimitinh)))
|
|
(typetransition init mediametrics_exec process mediametrics)
|
|
(allow mediametrics stats_service (service_manager (find)))
|
|
(allow mediametrics statsmanager_service (service_manager (find)))
|
|
(allow mediametrics statsd (binder (call transfer)))
|
|
(allow statsd mediametrics (binder (transfer)))
|
|
(allow mediametrics statsd (fd (use)))
|
|
(typetransition mediaprovider tmpfs file appdomain_tmpfs)
|
|
(allow mediaprovider mediaprovider_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 7 system/sepolicy/private/mediaprovider.te
|
|
|
|
(neverallow base_typeattr_812 mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow mediaprovider appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 7 system/sepolicy/private/mediaprovider.te
|
|
|
|
(neverallow base_typeattr_813 base_typeattr_812 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/mediaprovider.te
|
|
|
|
(neverallow base_typeattr_814 mediaprovider (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/mediaprovider.te
|
|
|
|
(neverallow base_typeattr_815 mediaprovider (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow mediaprovider cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mediaprovider cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow mediaprovider cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit mediaprovider cache_private_backup_file (dir (getattr)))
|
|
(dontaudit mediaprovider cache_recovery_file (dir (getattr)))
|
|
(allow mediaprovider mnt_media_rw_file (dir (search)))
|
|
(allow mediaprovider app_api_service (service_manager (find)))
|
|
(allow mediaprovider audioserver_service (service_manager (find)))
|
|
(allow mediaprovider cameraserver_service (service_manager (find)))
|
|
(allow mediaprovider drmserver_service (service_manager (find)))
|
|
(allow mediaprovider mediaextractor_service (service_manager (find)))
|
|
(allow mediaprovider mediaserver_service (service_manager (find)))
|
|
(allow mediaprovider ringtone_file (file (read write getattr)))
|
|
(allow mediaprovider mtp_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediaprovider functionfs (dir (search)))
|
|
(allow mediaprovider functionfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx mediaprovider functionfs (ioctl file (0x6782)))
|
|
(allowx mediaprovider functionfs (ioctl file (0x67e7)))
|
|
(allow mediaprovider ffs_config_prop (file (read getattr map open)))
|
|
(allow mediaprovider property_socket (sock_file (write)))
|
|
(allow mediaprovider init (unix_stream_socket (connectto)))
|
|
(allow mediaprovider ffs_control_prop (property_service (set)))
|
|
(allow mediaprovider ffs_control_prop (file (read getattr map open)))
|
|
(allow mediaprovider drm_service_config_prop (file (read getattr map open)))
|
|
(typetransition mediaprovider_app tmpfs file appdomain_tmpfs)
|
|
(allow mediaprovider_app mediaprovider_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
|
|
|
|
(neverallow base_typeattr_816 mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow mediaprovider_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
|
|
|
|
(neverallow base_typeattr_817 base_typeattr_816 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
|
|
|
|
(neverallow base_typeattr_818 mediaprovider_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
|
|
|
|
(neverallow base_typeattr_819 mediaprovider_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow mediaprovider_app mnt_pass_through_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaprovider_app mnt_pass_through_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaprovider_app mnt_pass_through_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaprovider_app fuse_device (chr_file (ioctl read write getattr)))
|
|
(allow mediaprovider_app fuseblk (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mediaprovider_app fuseblk (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow mediaprovider_app media_userdir_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediaprovider_app media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow mediaprovider_app media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mediaprovider_app drmserver_service (service_manager (find)))
|
|
(allow mediaprovider_app mediaserver_service (service_manager (find)))
|
|
(allow mediaprovider_app audioserver_service (service_manager (find)))
|
|
(allow mediaprovider_app mediametrics_service (service_manager (find)))
|
|
(allow mediaprovider_app app_api_service (service_manager (find)))
|
|
(allow mediaprovider_app gpuservice (binder (call transfer)))
|
|
(allow gpuservice mediaprovider_app (binder (transfer)))
|
|
(allow mediaprovider_app gpuservice (fd (use)))
|
|
(allow mediaprovider_app statsmanager_service (service_manager (find)))
|
|
(allow mediaprovider_app statsd (binder (call transfer)))
|
|
(allow statsd mediaprovider_app (binder (transfer)))
|
|
(allow mediaprovider_app statsd (fd (use)))
|
|
(allow mediaprovider_app proc_pipe_conf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allowx mediaprovider_app media_rw_data_file (ioctl file ((range 0x581f 0x5820))))
|
|
(allowx mediaprovider_app media_rw_data_file (ioctl dir ((range 0x581f 0x5820))))
|
|
(allowx mediaprovider_app media_rw_data_file (ioctl file ((range 0x6601 0x6602))))
|
|
(allowx mediaprovider_app media_rw_data_file (ioctl dir ((range 0x6601 0x6602))))
|
|
(allow mediaprovider_app mnt_media_rw_file (dir (search)))
|
|
(allow mediaprovider_app proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediaprovider_app storage_config_prop (file (read getattr map open)))
|
|
(allow mediaprovider_app drm_service_config_prop (file (read getattr map open)))
|
|
(allow mediaprovider_app gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediaprovider_app gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit mediaprovider_app sysfs_vendor_sched (dir (search)))
|
|
(dontaudit mediaprovider_app sysfs_vendor_sched (file (write lock append map open)))
|
|
(allow mediaprovider_app fs_bpf (file (read)))
|
|
(allow mediaprovider_app bpfloader (bpf (map_read map_write prog_run)))
|
|
(allow mediaprovider_app bootanim_oem_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init mediaserver_exec (file (read getattr map execute open)))
|
|
(allow init mediaserver (process (transition)))
|
|
(allow mediaserver mediaserver_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediaserver (process (noatsecure)))
|
|
(allow init mediaserver (process (siginh rlimitinh)))
|
|
(typetransition init mediaserver_exec process mediaserver)
|
|
(typetransition mediaserver tmpfs file mediaserver_tmpfs)
|
|
(allow mediaserver mediaserver_tmpfs (file (read write getattr map)))
|
|
(allow mediaserver appdomain_tmpfs (file (read write getattr map)))
|
|
(allow mediaserver property_socket (sock_file (write)))
|
|
(allow mediaserver init (unix_stream_socket (connectto)))
|
|
(allow mediaserver audio_prop (property_service (set)))
|
|
(allow mediaserver audio_prop (file (read getattr map open)))
|
|
(allow mediaserver drm_service_config_prop (file (read getattr map open)))
|
|
(allow mediaserver media_config_prop (file (read getattr map open)))
|
|
(allow mediaserver device_config_media_native_prop (file (read getattr map open)))
|
|
(allow mediaserver property_socket (sock_file (write)))
|
|
(allow mediaserver init (unix_stream_socket (connectto)))
|
|
(allow mediaserver ctl_mediatranscoding_prop (property_service (set)))
|
|
(allow mediaserver ctl_mediatranscoding_prop (file (read getattr map open)))
|
|
(allow mediaserver sdk_sandbox_data_file (file (read getattr)))
|
|
(allow mediaserver stats_service (service_manager (find)))
|
|
(allow mediaserver statsmanager_service (service_manager (find)))
|
|
(allow mediaserver statsd (binder (call transfer)))
|
|
(allow statsd mediaserver (binder (transfer)))
|
|
(allow mediaserver statsd (fd (use)))
|
|
(allow mediaserver virtual_camera (binder (call transfer)))
|
|
(allow virtual_camera mediaserver (binder (transfer)))
|
|
(allow mediaserver virtual_camera (fd (use)))
|
|
(allow init mediaswcodec_exec (file (read getattr map execute open)))
|
|
(allow init mediaswcodec (process (transition)))
|
|
(allow mediaswcodec mediaswcodec_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediaswcodec (process (noatsecure)))
|
|
(allow init mediaswcodec (process (siginh rlimitinh)))
|
|
(typetransition init mediaswcodec_exec process mediaswcodec)
|
|
(allow mediaswcodec device_config_media_native_prop (file (read getattr map open)))
|
|
(allow mediaswcodec device_config_swcodec_native_prop (file (read getattr map open)))
|
|
(allow init mediatranscoding_exec (file (read getattr map execute open)))
|
|
(allow init mediatranscoding (process (transition)))
|
|
(allow mediatranscoding mediatranscoding_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediatranscoding (process (noatsecure)))
|
|
(allow init mediatranscoding (process (siginh rlimitinh)))
|
|
(typetransition init mediatranscoding_exec process mediatranscoding)
|
|
(typetransition mediatranscoding tmpfs file mediatranscoding_tmpfs)
|
|
(allow mediatranscoding mediatranscoding_tmpfs (file (read write getattr map)))
|
|
(allow mediatranscoding appdomain_tmpfs (file (read write getattr map)))
|
|
(allow mediatranscoding servicemanager (binder (call transfer)))
|
|
(allow servicemanager mediatranscoding (binder (call transfer)))
|
|
(allow servicemanager mediatranscoding (dir (search)))
|
|
(allow servicemanager mediatranscoding (file (read open)))
|
|
(allow servicemanager mediatranscoding (process (getattr)))
|
|
(allow mediatranscoding binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain mediatranscoding (binder (transfer)))
|
|
(allow mediatranscoding binderservicedomain (fd (use)))
|
|
(allow mediatranscoding appdomain (binder (call transfer)))
|
|
(allow appdomain mediatranscoding (binder (transfer)))
|
|
(allow mediatranscoding appdomain (fd (use)))
|
|
(allow mediatranscoding mediatranscoding_service (service_manager (add find)))
|
|
;;* lmx 15 system/sepolicy/private/mediatranscoding.te
|
|
|
|
(neverallow base_typeattr_820 mediatranscoding_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow mediatranscoding mediaserver_service (service_manager (find)))
|
|
(allow mediatranscoding mediametrics_service (service_manager (find)))
|
|
(allow mediatranscoding mediaextractor_service (service_manager (find)))
|
|
(allow mediatranscoding package_native_service (service_manager (find)))
|
|
(allow mediatranscoding thermal_service (service_manager (find)))
|
|
(allow mediatranscoding system_server (fd (use)))
|
|
(allow mediatranscoding activity_service (service_manager (find)))
|
|
(allow mediatranscoding sdcardfs (file (read write getattr)))
|
|
(allow mediatranscoding media_rw_data_file (file (read write getattr)))
|
|
(allow mediatranscoding apk_data_file (file (read getattr)))
|
|
(allow mediatranscoding app_data_file (file (read write getattr)))
|
|
(allow mediatranscoding shell_data_file (file (read write getattr)))
|
|
(allow mediatranscoding statsdw_socket (sock_file (write)))
|
|
(allow mediatranscoding statsd (unix_dgram_socket (sendto)))
|
|
(allow mediatranscoding dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mediatranscoding gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mediatranscoding gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mediatranscoding media_config_prop (file (read getattr map open)))
|
|
;;* lmx 53 system/sepolicy/private/mediatranscoding.te
|
|
|
|
(neverallow mediatranscoding fs_type (file (execute_no_trans)))
|
|
(neverallow mediatranscoding file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 65 system/sepolicy/private/mediatranscoding.te
|
|
|
|
(neverallow mediatranscoding domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow mediatranscoding domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/private/mediatranscoding.te
|
|
|
|
(neverallow mediatranscoding domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
;;* lme
|
|
|
|
(allow init mediatuner_exec (file (read getattr map execute open)))
|
|
(allow init mediatuner (process (transition)))
|
|
(allow mediatuner mediatuner_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mediatuner (process (noatsecure)))
|
|
(allow init mediatuner (process (siginh rlimitinh)))
|
|
(typetransition init mediatuner_exec process mediatuner)
|
|
(allow mediatuner servicemanager (binder (call transfer)))
|
|
(allow servicemanager mediatuner (binder (call transfer)))
|
|
(allow servicemanager mediatuner (dir (search)))
|
|
(allow servicemanager mediatuner (file (read open)))
|
|
(allow servicemanager mediatuner (process (getattr)))
|
|
(allow mediatuner appdomain (binder (call transfer)))
|
|
(allow appdomain mediatuner (binder (transfer)))
|
|
(allow mediatuner appdomain (fd (use)))
|
|
(allow mediatuner mediatuner_service (service_manager (add find)))
|
|
;;* lmx 14 system/sepolicy/private/mediatuner.te
|
|
|
|
(neverallow base_typeattr_821 mediatuner_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow mediatuner system_server (fd (use)))
|
|
(allow mediatuner tv_tuner_resource_mgr_service (service_manager (find)))
|
|
(allow mediatuner package_native_service (service_manager (find)))
|
|
(allow mediatuner system_server (binder (call transfer)))
|
|
(allow system_server mediatuner (binder (transfer)))
|
|
(allow mediatuner system_server (fd (use)))
|
|
(allow mediatuner tuner_config_prop (file (read getattr map open)))
|
|
(allow mediatuner tuner_server_ctl_prop (file (read getattr map open)))
|
|
;;* lmx 32 system/sepolicy/private/mediatuner.te
|
|
|
|
(neverallow mediatuner fs_type (file (execute_no_trans)))
|
|
(neverallow mediatuner file_type (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 35 system/sepolicy/private/mediatuner.te
|
|
|
|
(neverallowx mediatuner domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx mediatuner domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx mediatuner domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 35 system/sepolicy/private/mediatuner.te
|
|
|
|
(neverallowx mediatuner domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediatuner domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx mediatuner domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 35 system/sepolicy/private/mediatuner.te
|
|
|
|
(neverallowx mediatuner domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediatuner domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx mediatuner domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
(allow migrate_legacy_obb_data media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow migrate_legacy_obb_data media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow migrate_legacy_obb_data shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow migrate_legacy_obb_data toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow migrate_legacy_obb_data self (capability (chown dac_override dac_read_search fowner fsetid)))
|
|
(allow migrate_legacy_obb_data mnt_user_file (dir (search)))
|
|
(allow migrate_legacy_obb_data mnt_user_file (lnk_file (read)))
|
|
(allow migrate_legacy_obb_data storage_file (dir (search)))
|
|
(allow migrate_legacy_obb_data storage_file (lnk_file (read)))
|
|
(allow migrate_legacy_obb_data sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow migrate_legacy_obb_data sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow migrate_legacy_obb_data installd (fd (use)))
|
|
(allow migrate_legacy_obb_data installd (file (read)))
|
|
(allow init misctrl_exec (file (read getattr map execute open)))
|
|
(allow init misctrl (process (transition)))
|
|
(allow misctrl misctrl_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init misctrl (process (noatsecure)))
|
|
(allow init misctrl (process (siginh rlimitinh)))
|
|
(typetransition init misctrl_exec process misctrl)
|
|
(allow misctrl misc_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow misctrl block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow misctrl gsi_metadata_file_type (dir (search)))
|
|
(allow misctrl metadata_file (dir (search)))
|
|
(allow misctrl gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow misctrl proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow misctrl proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow misctrl property_socket (sock_file (write)))
|
|
(allow misctrl init (unix_stream_socket (connectto)))
|
|
(allow misctrl misctrl_prop (property_service (set)))
|
|
(allow misctrl misctrl_prop (file (read getattr map open)))
|
|
(dontaudit misctrl sysfs_dt_firmware_android (dir (search)))
|
|
(dontaudit misctrl vendor_property_type (file (read)))
|
|
;;* lmx 12 system/sepolicy/private/mlstrustedsubject.te
|
|
|
|
(neverallow base_typeattr_822 app_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_822 privapp_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 18 system/sepolicy/private/mlstrustedsubject.te
|
|
|
|
(neverallow base_typeattr_822 app_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
(neverallow base_typeattr_822 privapp_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 28 system/sepolicy/private/mlstrustedsubject.te
|
|
|
|
(neverallow base_typeattr_823 app_data_file (dir (read getattr search)))
|
|
(neverallow base_typeattr_823 privapp_data_file (dir (read getattr search)))
|
|
;;* lme
|
|
|
|
(allow init mm_events_exec (file (read getattr map execute open)))
|
|
(allow init mm_events (process (transition)))
|
|
(allow mm_events mm_events_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mm_events (process (noatsecure)))
|
|
(allow init mm_events (process (siginh rlimitinh)))
|
|
(typetransition init mm_events_exec process mm_events)
|
|
(allow mm_events shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow mm_events toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow mm_events perfetto_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow mm_events perfetto_exec (file (read getattr map execute open)))
|
|
(allow mm_events perfetto (process (transition)))
|
|
(allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
|
|
(allow perfetto mm_events (process (sigchld)))
|
|
(dontaudit mm_events perfetto (process (noatsecure)))
|
|
(allow mm_events perfetto (process (siginh rlimitinh)))
|
|
(typetransition mm_events perfetto_exec process perfetto)
|
|
(allow init mtectrl_exec (file (read getattr map execute open)))
|
|
(allow init mtectrl (process (transition)))
|
|
(allow mtectrl mtectrl_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init mtectrl (process (noatsecure)))
|
|
(allow init mtectrl (process (siginh rlimitinh)))
|
|
(typetransition init mtectrl_exec process mtectrl)
|
|
(allow mtectrl property_socket (sock_file (write)))
|
|
(allow mtectrl init (unix_stream_socket (connectto)))
|
|
(allow mtectrl arm64_memtag_prop (property_service (set)))
|
|
(allow mtectrl arm64_memtag_prop (file (read getattr map open)))
|
|
(allow mtectrl misc_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow mtectrl block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow mtectrl gsi_metadata_file_type (dir (search)))
|
|
(allow mtectrl metadata_file (dir (search)))
|
|
(allow mtectrl gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mtectrl proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow mtectrl proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit mtectrl sysfs_dt_firmware_android (dir (search)))
|
|
(dontaudit mtectrl vendor_property_type (file (read)))
|
|
(allow base_typeattr_824 node_type (tcp_socket (node_bind)))
|
|
(allow base_typeattr_824 node_type (udp_socket (node_bind)))
|
|
(allow base_typeattr_824 node_type (rawip_socket (node_bind)))
|
|
(allow base_typeattr_824 node_type (icmp_socket (node_bind)))
|
|
(allow base_typeattr_824 port_type (udp_socket (name_bind)))
|
|
(allow base_typeattr_824 port_type (tcp_socket (name_bind)))
|
|
(allow base_typeattr_825 self (netlink_route_socket (bind nlmsg_readpriv nlmsg_getneigh)))
|
|
(allow init netd_exec (file (read getattr map execute open)))
|
|
(allow init netd (process (transition)))
|
|
(allow netd netd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init netd (process (noatsecure)))
|
|
(allow init netd (process (siginh rlimitinh)))
|
|
(typetransition init netd_exec process netd)
|
|
(allow netd dnsmasq_exec (file (read getattr map execute open)))
|
|
(allow netd dnsmasq (process (transition)))
|
|
(allow dnsmasq dnsmasq_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dnsmasq netd (process (sigchld)))
|
|
(dontaudit netd dnsmasq (process (noatsecure)))
|
|
(allow netd dnsmasq (process (siginh rlimitinh)))
|
|
(typetransition netd dnsmasq_exec process dnsmasq)
|
|
(allow netd fs_bpf (dir (search)))
|
|
(allow netd fs_bpf_vendor (dir (search)))
|
|
(allow netd fs_bpf_netd_readonly (dir (search)))
|
|
(allow netd fs_bpf_netd_shared (dir (search)))
|
|
(allow netd fs_bpf (file (read getattr)))
|
|
(allow netd fs_bpf_vendor (file (read getattr)))
|
|
(allow netd fs_bpf_netd_readonly (file (read getattr)))
|
|
(allow netd fs_bpf_netd_shared (file (read getattr)))
|
|
(allow netd fs_bpf (file (write)))
|
|
(allow netd fs_bpf_netd_shared (file (write)))
|
|
(allow netd bpfloader (bpf (map_read map_write prog_run)))
|
|
(allow netd self (key_socket (create)))
|
|
(allow netd property_socket (sock_file (write)))
|
|
(allow netd init (unix_stream_socket (connectto)))
|
|
(allow netd ctl_mdnsd_prop (property_service (set)))
|
|
(allow netd ctl_mdnsd_prop (file (read getattr map open)))
|
|
(allow netd property_socket (sock_file (write)))
|
|
(allow netd init (unix_stream_socket (connectto)))
|
|
(allow netd netd_stable_secret_prop (property_service (set)))
|
|
(allow netd netd_stable_secret_prop (file (read getattr map open)))
|
|
(allow netd adbd_config_prop (file (read getattr map open)))
|
|
(allow netd hwservicemanager_prop (file (read getattr map open)))
|
|
(allow netd device_config_netd_native_prop (file (read getattr map open)))
|
|
(allow netd statsdw_socket (sock_file (write)))
|
|
(allow netd statsd (unix_dgram_socket (sendto)))
|
|
(allow netd network_stack (binder (call transfer)))
|
|
(allow network_stack netd (binder (transfer)))
|
|
(allow netd network_stack (fd (use)))
|
|
(allow netd dumpstate (fd (use)))
|
|
(allow netd dumpstate (fifo_file (write getattr)))
|
|
;;* lmx 41 system/sepolicy/private/netd.te
|
|
|
|
(neverallow base_typeattr_826 netd_stable_secret_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/netd.te
|
|
|
|
(neverallow base_typeattr_827 netd_stable_secret_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow netutils_wrapper system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netutils_wrapper system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netutils_wrapper system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netutils_wrapper self (capability (net_raw)))
|
|
(allow netutils_wrapper self (cap_userns (net_raw)))
|
|
(allow netutils_wrapper system_file (file (execute execute_no_trans)))
|
|
(allow netutils_wrapper proc_net_type (file (read getattr open)))
|
|
(allow netutils_wrapper self (rawip_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netutils_wrapper self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow netutils_wrapper self (capability (net_admin)))
|
|
(allow netutils_wrapper self (cap_userns (net_admin)))
|
|
(allow netutils_wrapper self (netlink_route_socket (read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv nlmsg_getneigh)))
|
|
(allow netutils_wrapper self (netlink_xfrm_socket (read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(allow netutils_wrapper netd_service (service_manager (find)))
|
|
(allow netutils_wrapper dnsresolver_service (service_manager (find)))
|
|
(allow netutils_wrapper mdns_service (service_manager (find)))
|
|
(allow netutils_wrapper servicemanager (binder (call transfer)))
|
|
(allow servicemanager netutils_wrapper (binder (call transfer)))
|
|
(allow servicemanager netutils_wrapper (dir (search)))
|
|
(allow servicemanager netutils_wrapper (file (read open)))
|
|
(allow servicemanager netutils_wrapper (process (getattr)))
|
|
(allow netutils_wrapper netd (binder (call transfer)))
|
|
(allow netd netutils_wrapper (binder (transfer)))
|
|
(allow netutils_wrapper netd (fd (use)))
|
|
(allow netutils_wrapper fs_bpf (dir (search)))
|
|
(allow netutils_wrapper fs_bpf_vendor (dir (search)))
|
|
(allow netutils_wrapper fs_bpf_netd_shared (dir (search)))
|
|
(allow netutils_wrapper fs_bpf (file (read getattr)))
|
|
(allow netutils_wrapper fs_bpf_vendor (file (read getattr)))
|
|
(allow netutils_wrapper fs_bpf_netd_shared (file (read getattr)))
|
|
(allow netutils_wrapper fs_bpf (file (write)))
|
|
(allow netutils_wrapper bpfloader (bpf (prog_run)))
|
|
(allow netutils_wrapper net_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow netutils_wrapper net_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow netutils_wrapper net_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow base_typeattr_717 netutils_wrapper_exec (file (read getattr map execute open)))
|
|
(allow base_typeattr_717 netutils_wrapper (process (transition)))
|
|
(allow netutils_wrapper netutils_wrapper_exec (file (read getattr map execute open entrypoint)))
|
|
(allow netutils_wrapper base_typeattr_717 (process (sigchld)))
|
|
(dontaudit base_typeattr_717 netutils_wrapper (process (noatsecure)))
|
|
(allow base_typeattr_717 netutils_wrapper (process (siginh rlimitinh)))
|
|
(typetransition base_typeattr_717 netutils_wrapper_exec process netutils_wrapper)
|
|
(dontaudit netutils_wrapper self (capability (sys_resource)))
|
|
(dontaudit netutils_wrapper self (cap_userns (sys_resource)))
|
|
(dontaudit netutils_wrapper sysfs_type (file (read)))
|
|
;;* lmx 47 system/sepolicy/private/netutils_wrapper.te
|
|
|
|
(neverallow netutils_wrapper self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow netutils_wrapper self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
;;* lme
|
|
|
|
(typetransition network_stack tmpfs file appdomain_tmpfs)
|
|
(allow network_stack network_stack_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 6 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_828 network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow network_stack appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 6 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_829 base_typeattr_828 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_830 network_stack (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_831 network_stack (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow network_stack self (capability (net_bind_service net_broadcast net_admin net_raw)))
|
|
(allow network_stack self (cap_userns (net_bind_service net_broadcast net_admin net_raw)))
|
|
(allow network_stack self (capability2 (wake_alarm)))
|
|
(allow network_stack self (cap2_userns (wake_alarm)))
|
|
(allowx network_stack self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx network_stack self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx network_stack self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow network_stack self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow network_stack self (netlink_route_socket (nlmsg_write)))
|
|
(allow network_stack self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow network_stack self (netlink_nflog_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow network_stack self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow network_stack self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow network_stack app_api_service (service_manager (find)))
|
|
(allow network_stack dnsresolver_service (service_manager (find)))
|
|
(allow network_stack mdns_service (service_manager (find)))
|
|
(allow network_stack netd_service (service_manager (find)))
|
|
(allow network_stack network_watchlist_service (service_manager (find)))
|
|
(allow network_stack radio_service (service_manager (find)))
|
|
(allow network_stack system_config_service (service_manager (find)))
|
|
(allow network_stack radio_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow network_stack radio_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow network_stack netd (binder (call transfer)))
|
|
(allow netd network_stack (binder (transfer)))
|
|
(allow network_stack netd (fd (use)))
|
|
(allow network_stack self (key_socket (create)))
|
|
(dontaudit network_stack self (key_socket (getopt)))
|
|
(allow network_stack device_config_connectivity_prop (file (read getattr map open)))
|
|
(allow network_stack self (netlink_tcpdiag_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
|
|
(allow network_stack self (netlink_netfilter_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow network_stack network_stack_service (service_manager (find)))
|
|
(allow network_stack fs_bpf_tethering (dir (search)))
|
|
(allow network_stack fs_bpf_net_private (dir (search)))
|
|
(allow network_stack fs_bpf_net_shared (dir (search)))
|
|
(allow network_stack fs_bpf_netd_readonly (dir (search)))
|
|
(allow network_stack fs_bpf_netd_shared (dir (search)))
|
|
(allow network_stack fs_bpf_tethering (file (read write getattr)))
|
|
(allow network_stack fs_bpf_net_private (file (read write getattr)))
|
|
(allow network_stack fs_bpf_net_shared (file (read write getattr)))
|
|
(allow network_stack fs_bpf_netd_readonly (file (read write getattr)))
|
|
(allow network_stack fs_bpf_netd_shared (file (read write getattr)))
|
|
(allow network_stack bpfloader (bpf (map_read map_write prog_run)))
|
|
(allow network_stack device_config_tethering_u_or_later_native_prop (file (read getattr map open)))
|
|
(allow network_stack self (netlink_xfrm_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
|
|
(allow network_stack tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx network_stack tun_device (ioctl chr_file (0x54ca 0x54cd 0x54d2 0x54e2)))
|
|
;;* lmx 83 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_668 fs_bpf_net_private (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 84 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_668 fs_bpf_net_private (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 87 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_669 fs_bpf_net_shared (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 88 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_669 fs_bpf_net_shared (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 92 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_670 fs_bpf_netd_readonly (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 93 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_670 fs_bpf_netd_readonly (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 94 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow netd fs_bpf_netd_readonly (file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 98 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_671 fs_bpf_netd_shared (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 99 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_671 fs_bpf_netd_shared (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 100 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow netutils_wrapper fs_bpf_netd_shared (file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 103 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_668 fs_bpf_tethering (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 104 system/sepolicy/private/network_stack.te
|
|
|
|
(neverallow base_typeattr_668 fs_bpf_tethering (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(typetransition nfc tmpfs file appdomain_tmpfs)
|
|
(allow nfc nfc_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 3 system/sepolicy/private/nfc.te
|
|
|
|
(neverallow base_typeattr_832 nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow nfc appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 3 system/sepolicy/private/nfc.te
|
|
|
|
(neverallow base_typeattr_833 base_typeattr_832 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/nfc.te
|
|
|
|
(neverallow base_typeattr_834 nfc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/nfc.te
|
|
|
|
(neverallow base_typeattr_835 nfc (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow nfc nfc_service (service_manager (add find)))
|
|
;;* lmx 7 system/sepolicy/private/nfc.te
|
|
|
|
(neverallow base_typeattr_832 nfc_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow nfc nfc_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow nfc nfc_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow nfc nfc_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow nfc nfc_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow nfc nfc_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow nfc nfc_logs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow nfc nfc_logs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow nfc audioserver_service (service_manager (find)))
|
|
(allow nfc drmserver_service (service_manager (find)))
|
|
(allow nfc mediametrics_service (service_manager (find)))
|
|
(allow nfc mediaextractor_service (service_manager (find)))
|
|
(allow nfc mediaserver_service (service_manager (find)))
|
|
(allow nfc radio_service (service_manager (find)))
|
|
(allow nfc app_api_service (service_manager (find)))
|
|
(allow nfc system_api_service (service_manager (find)))
|
|
(allow nfc vr_manager_service (service_manager (find)))
|
|
(allow nfc secure_element_service (service_manager (find)))
|
|
(allow nfc property_socket (sock_file (write)))
|
|
(allow nfc init (unix_stream_socket (connectto)))
|
|
(allow nfc nfc_prop (property_service (set)))
|
|
(allow nfc nfc_prop (file (read getattr map open)))
|
|
(allow nfc shell_data_file (file (read)))
|
|
(allow odrefresh apex_module_data_file (dir (getattr search)))
|
|
(allow odrefresh apex_art_data_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow odrefresh apex_art_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow odrefresh odrefresh_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow odrefresh odrefresh_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow odrefresh odrefresh_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 14 system/sepolicy/private/odrefresh.te
|
|
|
|
(neverallow base_typeattr_836 odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow odrefresh apex_art_staging_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow odrefresh apex_art_staging_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow odrefresh dex2oat_exec (file (read getattr map execute open)))
|
|
(allow odrefresh dex2oat (process (transition)))
|
|
(allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dex2oat odrefresh (process (sigchld)))
|
|
(dontaudit odrefresh dex2oat (process (noatsecure)))
|
|
(allow odrefresh dex2oat (process (siginh rlimitinh)))
|
|
(typetransition odrefresh dex2oat_exec process dex2oat)
|
|
(allow odrefresh dex2oat (process (sigkill)))
|
|
(allow odrefresh dexoptanalyzer_exec (file (read getattr map execute open)))
|
|
(allow odrefresh dexoptanalyzer (process (transition)))
|
|
(allow dexoptanalyzer dexoptanalyzer_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dexoptanalyzer odrefresh (process (sigchld)))
|
|
(dontaudit odrefresh dexoptanalyzer (process (noatsecure)))
|
|
(allow odrefresh dexoptanalyzer (process (siginh rlimitinh)))
|
|
(typetransition odrefresh dexoptanalyzer_exec process dexoptanalyzer)
|
|
(allow odrefresh dexoptanalyzer (process (sigkill)))
|
|
(allow odrefresh odsign_devpts (chr_file (read write)))
|
|
(allow odrefresh odsign (fd (use)))
|
|
(allow odrefresh apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow odrefresh property_socket (sock_file (write)))
|
|
(allow odrefresh init (unix_stream_socket (connectto)))
|
|
(allow odrefresh bootanim_system_prop (property_service (set)))
|
|
(allow odrefresh bootanim_system_prop (file (read getattr map open)))
|
|
(allow odrefresh device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow odrefresh device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(dontaudit odrefresh adbd (fd (use)))
|
|
(dontaudit odrefresh shell (fd (use)))
|
|
(dontaudit odrefresh devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit odrefresh adbd (unix_stream_socket (read write getattr)))
|
|
;;* lmx 55 system/sepolicy/private/odrefresh.te
|
|
|
|
(neverallow base_typeattr_837 apex_art_staging_data_file (file (open)))
|
|
;;* lme
|
|
|
|
;;* lmx 59 system/sepolicy/private/odrefresh.te
|
|
|
|
(neverallow base_typeattr_838 odrefresh_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 60 system/sepolicy/private/odrefresh.te
|
|
|
|
(neverallow base_typeattr_838 odrefresh_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow init odsign_exec (file (read getattr map execute open)))
|
|
(allow init odsign (process (transition)))
|
|
(allow odsign odsign_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init odsign (process (noatsecure)))
|
|
(allow init odsign (process (siginh rlimitinh)))
|
|
(typetransition init odsign_exec process odsign)
|
|
(allow odsign odsign_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow odsign odsign_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow odsign odsign_metrics_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow odsign odsign_metrics_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(typetransition odsign devpts chr_file odsign_devpts)
|
|
(allow odsign odsign_devpts (chr_file (ioctl read write getattr open)))
|
|
(allowx odsign odsign_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
;;* lmx 21 system/sepolicy/private/odsign.te
|
|
|
|
(neverallowx base_typeattr_224 odsign_devpts (ioctl chr_file (0x5412)))
|
|
;;* lme
|
|
|
|
(allowx odsign apex_art_data_file (ioctl file (0x6601 (range 0x6685 0x6686))))
|
|
(allow odsign servicemanager (binder (call transfer)))
|
|
(allow servicemanager odsign (binder (call transfer)))
|
|
(allow servicemanager odsign (dir (search)))
|
|
(allow servicemanager odsign (file (read open)))
|
|
(allow servicemanager odsign (process (getattr)))
|
|
(allow keystore odsign (dir (search)))
|
|
(allow keystore odsign (file (read open)))
|
|
(allow keystore odsign (process (getattr)))
|
|
(allow odsign apc_service (service_manager (find)))
|
|
(allow odsign keystore_service (service_manager (find)))
|
|
(allow odsign legacykeystore_service (service_manager (find)))
|
|
(allow odsign keystore (binder (call transfer)))
|
|
(allow keystore odsign (binder (transfer)))
|
|
(allow odsign keystore (fd (use)))
|
|
(allow keystore odsign (binder (call transfer)))
|
|
(allow odsign keystore (binder (transfer)))
|
|
(allow keystore odsign (fd (use)))
|
|
(allow odsign odsign_key (keystore2_key (delete get_info rebind use)))
|
|
(allow odsign apex_module_data_file (dir (getattr search)))
|
|
(allow odsign apex_art_data_file (dir (ioctl read write getattr lock rename open watch watch_reads add_name remove_name search rmdir)))
|
|
(allow odsign apex_art_data_file (file (ioctl read write getattr lock append map unlink open watch watch_reads)))
|
|
(allow odsign odrefresh_exec (file (read getattr map execute open)))
|
|
(allow odsign odrefresh (process (transition)))
|
|
(allow odrefresh odrefresh_exec (file (read getattr map execute open entrypoint)))
|
|
(allow odrefresh odsign (process (sigchld)))
|
|
(dontaudit odsign odrefresh (process (noatsecure)))
|
|
(allow odsign odrefresh (process (siginh rlimitinh)))
|
|
(typetransition odsign odrefresh_exec process odrefresh)
|
|
(allow odsign fsverity_init_exec (file (read getattr map execute open)))
|
|
(allow odsign fsverity_init (process (transition)))
|
|
(allow fsverity_init fsverity_init_exec (file (read getattr map execute open entrypoint)))
|
|
(allow fsverity_init odsign (process (sigchld)))
|
|
(dontaudit odsign fsverity_init (process (noatsecure)))
|
|
(allow odsign fsverity_init (process (siginh rlimitinh)))
|
|
(typetransition odsign fsverity_init_exec process fsverity_init)
|
|
(allow odsign compos_verify_exec (file (read getattr map execute open)))
|
|
(allow odsign compos_verify (process (transition)))
|
|
(allow compos_verify compos_verify_exec (file (read getattr map execute open entrypoint)))
|
|
(allow compos_verify odsign (process (sigchld)))
|
|
(dontaudit odsign compos_verify (process (noatsecure)))
|
|
(allow odsign compos_verify (process (siginh rlimitinh)))
|
|
(typetransition odsign compos_verify_exec process compos_verify)
|
|
(allow odsign property_socket (sock_file (write)))
|
|
(allow odsign init (unix_stream_socket (connectto)))
|
|
(allow odsign odsign_prop (property_service (set)))
|
|
(allow odsign odsign_prop (file (read getattr map open)))
|
|
;;* lmx 62 system/sepolicy/private/odsign.te
|
|
|
|
(neverallow base_typeattr_839 odsign_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow odsign property_socket (sock_file (write)))
|
|
(allow odsign init (unix_stream_socket (connectto)))
|
|
(allow odsign ctl_odsign_prop (property_service (set)))
|
|
(allow odsign ctl_odsign_prop (file (read getattr map open)))
|
|
;;* lmx 68 system/sepolicy/private/odsign.te
|
|
|
|
(neverallow base_typeattr_840 odsign_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/odsign.te
|
|
|
|
(neverallow base_typeattr_840 odsign_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow init ot_daemon_exec (file (read getattr map execute open)))
|
|
(allow init ot_daemon (process (transition)))
|
|
(allow ot_daemon ot_daemon_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init ot_daemon (process (noatsecure)))
|
|
(allow init ot_daemon (process (siginh rlimitinh)))
|
|
(typetransition init ot_daemon_exec process ot_daemon)
|
|
(allow ot_daemon apex_module_data_file (dir (search)))
|
|
(allow ot_daemon apex_tethering_data_file (dir (ioctl read write create getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow ot_daemon apex_tethering_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow ot_daemon tun_device (chr_file (read write)))
|
|
(allow ot_daemon system_server (rawip_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow ot_daemon servicemanager (binder (call transfer)))
|
|
(allow servicemanager ot_daemon (binder (call transfer)))
|
|
(allow servicemanager ot_daemon (dir (search)))
|
|
(allow servicemanager ot_daemon (file (read open)))
|
|
(allow servicemanager ot_daemon (process (getattr)))
|
|
(allow ot_daemon ot_daemon_service (service_manager (add find)))
|
|
;;* lmx 33 system/sepolicy/private/ot_daemon.te
|
|
|
|
(neverallow base_typeattr_841 ot_daemon_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow ot_daemon system_server (binder (call transfer)))
|
|
(allow system_server ot_daemon (binder (transfer)))
|
|
(allow ot_daemon system_server (fd (use)))
|
|
(allow ot_daemon statsdw_socket (sock_file (write)))
|
|
(allow ot_daemon statsd (unix_dgram_socket (sendto)))
|
|
(allow ot_daemon dumpstate (fd (use)))
|
|
(allow ot_daemon dumpstate (fifo_file (write)))
|
|
(allow otapreopt_chroot postinstall_file (dir (mounton search)))
|
|
(allow otapreopt_chroot apex_mnt_dir (dir (mounton)))
|
|
(allow otapreopt_chroot device (dir (mounton)))
|
|
(allow otapreopt_chroot linkerconfig_file (dir (mounton)))
|
|
(allow otapreopt_chroot rootfs (dir (mounton)))
|
|
(allow otapreopt_chroot sysfs (dir (mounton)))
|
|
(allow otapreopt_chroot system_data_root_file (dir (mounton)))
|
|
(allow otapreopt_chroot system_file (dir (mounton)))
|
|
(allow otapreopt_chroot vendor_file (dir (mounton)))
|
|
(allow otapreopt_chroot self (capability (sys_chroot sys_admin)))
|
|
(allow otapreopt_chroot self (cap_userns (sys_chroot sys_admin)))
|
|
(allow otapreopt_chroot block_device (dir (search)))
|
|
(allow otapreopt_chroot labeledfs (filesystem (mount unmount)))
|
|
(allow otapreopt_chroot dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow otapreopt_chroot postinstall_file (filesystem (unmount)))
|
|
(dontaudit otapreopt_chroot kernel (process (setsched)))
|
|
(allow otapreopt_chroot file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow otapreopt_chroot postinstall_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow otapreopt_chroot apexd_prop (file (read getattr map open)))
|
|
(allow otapreopt_chroot postinstall (fd (use)))
|
|
(allow otapreopt_chroot postinstall (fifo_file (read write getattr)))
|
|
(allow otapreopt_chroot update_engine (fd (use)))
|
|
(allow otapreopt_chroot update_engine (fifo_file (write)))
|
|
(allow otapreopt_chroot postinstall_dexopt_exec (file (read getattr map execute open)))
|
|
(allow otapreopt_chroot postinstall_dexopt (process (transition)))
|
|
(allow postinstall_dexopt postinstall_dexopt_exec (file (read getattr map execute open entrypoint)))
|
|
(allow postinstall_dexopt otapreopt_chroot (process (sigchld)))
|
|
(dontaudit otapreopt_chroot postinstall_dexopt (process (noatsecure)))
|
|
(allow otapreopt_chroot postinstall_dexopt (process (siginh rlimitinh)))
|
|
(typetransition otapreopt_chroot postinstall_dexopt_exec process postinstall_dexopt)
|
|
(allow otapreopt_chroot linkerconfig_exec (file (read getattr map execute open)))
|
|
(allow otapreopt_chroot linkerconfig (process (transition)))
|
|
(allow linkerconfig linkerconfig_exec (file (read getattr map execute open entrypoint)))
|
|
(allow linkerconfig otapreopt_chroot (process (sigchld)))
|
|
(dontaudit otapreopt_chroot linkerconfig (process (noatsecure)))
|
|
(allow otapreopt_chroot linkerconfig (process (siginh rlimitinh)))
|
|
(typetransition otapreopt_chroot linkerconfig_exec process linkerconfig)
|
|
(allow otapreopt_chroot apexd_exec (file (read getattr map execute open)))
|
|
(allow otapreopt_chroot apexd (process (transition)))
|
|
(allow apexd apexd_exec (file (read getattr map execute open entrypoint)))
|
|
(allow apexd otapreopt_chroot (process (sigchld)))
|
|
(dontaudit otapreopt_chroot apexd (process (noatsecure)))
|
|
(allow otapreopt_chroot apexd (process (siginh rlimitinh)))
|
|
(typetransition otapreopt_chroot apexd_exec process apexd)
|
|
(allow otapreopt_chroot linkerconfig_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow otapreopt_chroot linkerconfig_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow otapreopt_chroot loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow otapreopt_chroot loop_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx otapreopt_chroot loop_device (ioctl blk_file (0x1261)))
|
|
(allowx otapreopt_chroot loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c04 0x4c05) (range 0x4c08 0x4c0a))))
|
|
(allow otapreopt_chroot sysfs_loop (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow otapreopt_chroot sysfs_loop (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow otapreopt_chroot tmpfs (filesystem (mount)))
|
|
(allow otapreopt_chroot tmpfs (dir (relabelfrom)))
|
|
(allow otapreopt_chroot postinstall_apex_mnt_dir (dir (relabelto)))
|
|
(allow otapreopt_chroot postinstall_apex_mnt_dir (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow otapreopt_chroot postinstall_apex_mnt_dir (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow otapreopt_chroot postinstall_apex_mnt_dir (dir (mounton)))
|
|
(allow otapreopt_chroot block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow otapreopt_chroot postinstall_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow otapreopt_chroot cold_boot_done_prop (file (read getattr map open)))
|
|
(allow otapreopt_chroot linkerconfig_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow init otapreopt_slot_exec (file (read getattr map execute open)))
|
|
(allow init otapreopt_slot (process (transition)))
|
|
(allow otapreopt_slot otapreopt_slot_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init otapreopt_slot (process (noatsecure)))
|
|
(allow init otapreopt_slot (process (siginh rlimitinh)))
|
|
(typetransition init otapreopt_slot_exec process otapreopt_slot)
|
|
(allow otapreopt_slot ota_data_file (dir (ioctl read write getattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow otapreopt_slot ota_data_file (file (getattr)))
|
|
(allow otapreopt_slot ota_data_file (lnk_file (getattr)))
|
|
(allow otapreopt_slot ota_data_file (lnk_file (read)))
|
|
(allow otapreopt_slot dalvikcache_data_file (dir (read write getattr open add_name remove_name search rmdir)))
|
|
(allow otapreopt_slot dalvikcache_data_file (file (getattr unlink)))
|
|
(allow otapreopt_slot dalvikcache_data_file (lnk_file (read getattr unlink)))
|
|
(allow otapreopt_slot shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow otapreopt_slot toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(typetransition perfetto tmpfs file perfetto_tmpfs)
|
|
(allow perfetto perfetto_tmpfs (file (read write getattr map)))
|
|
(allow init perfetto_exec (file (read getattr map execute open)))
|
|
(allow init perfetto (process (transition)))
|
|
(allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init perfetto (process (noatsecure)))
|
|
(allow init perfetto (process (siginh rlimitinh)))
|
|
(typetransition init perfetto_exec process perfetto)
|
|
(allow perfetto traced_consumer_socket (sock_file (write)))
|
|
(allow perfetto traced (unix_stream_socket (connectto)))
|
|
(allow perfetto traced (fd (use)))
|
|
(allow perfetto traced_tmpfs (file (read write getattr map)))
|
|
(allow perfetto traced_producer_socket (sock_file (write)))
|
|
(allow perfetto traced (unix_stream_socket (connectto)))
|
|
(allow traced perfetto (fd (use)))
|
|
(allow perfetto perfetto_traces_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow perfetto perfetto_traces_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow perfetto perfetto_traces_bugreport_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow perfetto perfetto_traces_bugreport_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow perfetto perfetto_traces_profiling_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow perfetto perfetto_traces_profiling_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow perfetto tracingproxy_service (service_manager (find)))
|
|
(allow perfetto servicemanager (binder (call transfer)))
|
|
(allow servicemanager perfetto (binder (call transfer)))
|
|
(allow servicemanager perfetto (dir (search)))
|
|
(allow servicemanager perfetto (file (read open)))
|
|
(allow servicemanager perfetto (process (getattr)))
|
|
(allow perfetto system_server (binder (call transfer)))
|
|
(allow system_server perfetto (binder (transfer)))
|
|
(allow perfetto system_server (fd (use)))
|
|
(allow perfetto perfetto_configs_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow perfetto perfetto_configs_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow perfetto shell (fd (use)))
|
|
(allow perfetto statsd (fd (use)))
|
|
(allow perfetto su (fd (use)))
|
|
(allow perfetto mm_events (fd (use)))
|
|
(allow perfetto shell (fifo_file (ioctl read write getattr)))
|
|
(allow perfetto statsd (fifo_file (ioctl read write getattr)))
|
|
(allow perfetto su (fifo_file (ioctl read write getattr)))
|
|
(allow perfetto system_server (fifo_file (ioctl read write getattr)))
|
|
(allow perfetto mm_events (fifo_file (ioctl read write getattr)))
|
|
(allow perfetto adbd (fd (use)))
|
|
(allow perfetto adbd (unix_stream_socket (read write)))
|
|
(allow perfetto adbd (process (sigchld)))
|
|
(allow perfetto statsdw_socket (sock_file (write)))
|
|
(allow perfetto statsd (unix_dgram_socket (sendto)))
|
|
(allow perfetto devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow perfetto incident_service (service_manager (find)))
|
|
(allow perfetto incidentd (binder (call transfer)))
|
|
(allow incidentd perfetto (binder (transfer)))
|
|
(allow perfetto incidentd (fd (use)))
|
|
(dontaudit perfetto adbd (unix_stream_socket (getattr)))
|
|
(dontauditx perfetto adbd (ioctl unix_stream_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(dontauditx perfetto su (ioctl unix_stream_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
(dontauditx perfetto shell (ioctl fifo_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
;;* lmx 94 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow base_typeattr_842 perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 103 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow base_typeattr_843 perfetto_traces_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 109 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow perfetto self (process (execmem)))
|
|
;;* lme
|
|
|
|
;;* lmx 112 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow perfetto dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 115 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow perfetto domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 133 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow perfetto base_typeattr_844 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 138 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow perfetto base_typeattr_845 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 146 system/sepolicy/private/perfetto.te
|
|
|
|
(neverallow perfetto base_typeattr_846 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow init performanced_exec (file (read getattr map execute open)))
|
|
(allow init performanced (process (transition)))
|
|
(allow performanced performanced_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init performanced (process (noatsecure)))
|
|
(allow init performanced (process (siginh rlimitinh)))
|
|
(typetransition init performanced_exec process performanced)
|
|
(typetransition permissioncontroller_app tmpfs file appdomain_tmpfs)
|
|
(allow permissioncontroller_app permissioncontroller_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
|
|
|
|
(neverallow base_typeattr_847 permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow permissioncontroller_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
|
|
|
|
(neverallow base_typeattr_848 base_typeattr_847 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
|
|
|
|
(neverallow base_typeattr_849 permissioncontroller_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
|
|
|
|
(neverallow base_typeattr_850 permissioncontroller_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow permissioncontroller_app app_api_service (service_manager (find)))
|
|
(allow permissioncontroller_app system_api_service (service_manager (find)))
|
|
(allow permissioncontroller_app gpuservice (binder (call transfer)))
|
|
(allow gpuservice permissioncontroller_app (binder (transfer)))
|
|
(allow permissioncontroller_app gpuservice (fd (use)))
|
|
(allow permissioncontroller_app radio_service (service_manager (find)))
|
|
(allow permissioncontroller_app incident_service (service_manager (find)))
|
|
(allow permissioncontroller_app incidentd (binder (call transfer)))
|
|
(allow incidentd permissioncontroller_app (binder (transfer)))
|
|
(allow permissioncontroller_app incidentd (fd (use)))
|
|
(allow permissioncontroller_app incidentd (fifo_file (read write)))
|
|
(allow permissioncontroller_app gpu_device (dir (search)))
|
|
(typetransition platform_app tmpfs file appdomain_tmpfs)
|
|
(allow platform_app platform_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 7 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow base_typeattr_851 platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow platform_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 7 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow base_typeattr_852 base_typeattr_851 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow base_typeattr_853 platform_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow base_typeattr_854 platform_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow platform_app shell_data_file (dir (search)))
|
|
(allow platform_app shell_data_file (file (read getattr open)))
|
|
(allow platform_app icon_file (file (read getattr open)))
|
|
(allow platform_app apk_tmp_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow platform_app apk_private_tmp_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow platform_app apk_tmp_file (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow platform_app apk_private_tmp_file (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow platform_app apk_private_data_file (dir (search)))
|
|
(allow platform_app asec_apk_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow platform_app asec_apk_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow platform_app media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow platform_app media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow platform_app cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow platform_app cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow platform_app mnt_media_rw_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow platform_app sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow platform_app sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow platform_app rootfs (dir (getattr)))
|
|
(allow platform_app radio_cdma_ecm_prop (file (read getattr map open)))
|
|
;;* lmx 46 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow base_typeattr_855 persist_wm_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow platform_app proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow platform_app proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow platform_app proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow platform_app proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow platform_app audioserver_service (service_manager (find)))
|
|
(allow platform_app cameraserver_service (service_manager (find)))
|
|
(allow platform_app drmserver_service (service_manager (find)))
|
|
(allow platform_app mediaserver_service (service_manager (find)))
|
|
(allow platform_app mediametrics_service (service_manager (find)))
|
|
(allow platform_app mediaextractor_service (service_manager (find)))
|
|
(allow platform_app mediadrmserver_service (service_manager (find)))
|
|
(allow platform_app persistent_data_block_service (service_manager (find)))
|
|
(allow platform_app radio_service (service_manager (find)))
|
|
(allow platform_app thermal_service (service_manager (find)))
|
|
(allow platform_app app_api_service (service_manager (find)))
|
|
(allow platform_app system_api_service (service_manager (find)))
|
|
(allow platform_app vr_manager_service (service_manager (find)))
|
|
(allow platform_app stats_service (service_manager (find)))
|
|
(allow platform_app statsd (binder (call transfer)))
|
|
(allow statsd platform_app (binder (transfer)))
|
|
(allow platform_app statsd (fd (use)))
|
|
(allow platform_app preloads_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow platform_app preloads_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow platform_app preloads_media_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow platform_app preloads_media_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow platform_app runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow platform_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
(allow platform_app property_socket (sock_file (write)))
|
|
(allow platform_app init (unix_stream_socket (connectto)))
|
|
(allow platform_app test_boot_reason_prop (property_service (set)))
|
|
(allow platform_app test_boot_reason_prop (file (read getattr map open)))
|
|
(allow platform_app keyguard_config_prop (file (read getattr map open)))
|
|
(allow platform_app qemu_hw_prop (file (read getattr map open)))
|
|
(allow platform_app last_boot_reason_prop (file (read getattr map open)))
|
|
(allow platform_app app_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(dontaudit platform_app debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow platform_app virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow platform_app virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager platform_app (process (sigchld)))
|
|
(dontaudit platform_app virtualizationmanager (process (noatsecure)))
|
|
(allow platform_app virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition platform_app virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm platform_app (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager platform_app (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm platform_app (fd (use)))
|
|
(allow virtualizationmanager platform_app (fd (use)))
|
|
(allow platform_app virtualizationmanager (fd (use)))
|
|
(allow crosvm platform_app (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager platform_app (fifo_file (ioctl read write getattr)))
|
|
(allow platform_app virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow platform_app hypervisor_prop (file (read getattr map open)))
|
|
(allow platform_app virtualizationservice_data_file (file (read getattr)))
|
|
;;* lmx 135 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow base_typeattr_223 persist_sysui_builder_extras_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 138 system/sepolicy/private/platform_app.te
|
|
|
|
(neverallow platform_app fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(allow postinstall otapreopt_chroot_exec (file (read getattr map execute open)))
|
|
(allow postinstall otapreopt_chroot (process (transition)))
|
|
(allow otapreopt_chroot otapreopt_chroot_exec (file (read getattr map execute open entrypoint)))
|
|
(allow otapreopt_chroot postinstall (process (sigchld)))
|
|
(dontaudit postinstall otapreopt_chroot (process (noatsecure)))
|
|
(allow postinstall otapreopt_chroot (process (siginh rlimitinh)))
|
|
(typetransition postinstall otapreopt_chroot_exec process otapreopt_chroot)
|
|
(allow postinstall rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt dex2oat_exec (file (read getattr map execute open)))
|
|
(allow postinstall_dexopt dex2oat (process (transition)))
|
|
(allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
|
|
(allow dex2oat postinstall_dexopt (process (sigchld)))
|
|
(dontaudit postinstall_dexopt dex2oat (process (noatsecure)))
|
|
(allow postinstall_dexopt dex2oat (process (siginh rlimitinh)))
|
|
(typetransition postinstall_dexopt dex2oat_exec process dex2oat)
|
|
(allow postinstall_dexopt postinstall_file (file (read getattr map execute open)))
|
|
(allow postinstall_dexopt dex2oat (process (transition)))
|
|
(allow dex2oat postinstall_file (file (read getattr map execute open entrypoint)))
|
|
(allow dex2oat postinstall_dexopt (process (sigchld)))
|
|
(dontaudit postinstall_dexopt dex2oat (process (noatsecure)))
|
|
(allow postinstall_dexopt dex2oat (process (siginh rlimitinh)))
|
|
(typetransition postinstall_dexopt postinstall_file process dex2oat)
|
|
(allow postinstall_dexopt derive_classpath_exec (file (read getattr map execute open)))
|
|
(allow postinstall_dexopt derive_classpath (process (transition)))
|
|
(allow derive_classpath derive_classpath_exec (file (read getattr map execute open entrypoint)))
|
|
(allow derive_classpath postinstall_dexopt (process (sigchld)))
|
|
(dontaudit postinstall_dexopt derive_classpath (process (noatsecure)))
|
|
(allow postinstall_dexopt derive_classpath (process (siginh rlimitinh)))
|
|
(typetransition postinstall_dexopt derive_classpath_exec process derive_classpath)
|
|
(typetransition postinstall_dexopt tmpfs file postinstall_dexopt_tmpfs)
|
|
(allow postinstall_dexopt postinstall_dexopt_tmpfs (file (read write getattr map)))
|
|
(allow postinstall_dexopt postinstall_dexopt_tmpfs (file (open)))
|
|
(allow postinstall_dexopt self (capability (chown dac_override dac_read_search fowner fsetid setgid setuid)))
|
|
(allow postinstall_dexopt self (cap_userns (chown dac_override dac_read_search fowner fsetid setgid setuid)))
|
|
(allow postinstall_dexopt postinstall_file (filesystem (getattr)))
|
|
(allow postinstall_dexopt postinstall_file (dir (read getattr search)))
|
|
(allow postinstall_dexopt postinstall_file (lnk_file (read getattr)))
|
|
(allow postinstall_dexopt proc_filesystems (file (read getattr open)))
|
|
(allow postinstall_dexopt rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt tmpfs (file (read)))
|
|
(allow postinstall_dexopt odsign_prop (file (read getattr map open)))
|
|
(allow postinstall_dexopt postinstall_apex_mnt_dir (dir (getattr search)))
|
|
(allow postinstall_dexopt apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt vendor_apex_metadata_file (dir (getattr search)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt user_profile_root_file (dir (getattr search)))
|
|
(allow postinstall_dexopt user_profile_data_file (dir (getattr search)))
|
|
(allow postinstall_dexopt user_profile_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit postinstall_dexopt user_profile_data_file (file (write)))
|
|
(allow postinstall_dexopt ota_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow postinstall_dexopt ota_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow postinstall_dexopt ota_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (dir (relabelto)))
|
|
(allow postinstall_dexopt dalvikcache_data_file (file (relabelto link)))
|
|
(allow postinstall_dexopt selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt selinuxfs (file (write lock append map open)))
|
|
(allow postinstall_dexopt kernel (security (check_context)))
|
|
(allow postinstall_dexopt selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow postinstall_dexopt selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow postinstall_dexopt selinuxfs (file (write lock append map open)))
|
|
(allow postinstall_dexopt kernel (security (compute_av)))
|
|
(allow postinstall_dexopt self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow postinstall_dexopt postinstall (process (sigchld)))
|
|
(allow postinstall_dexopt otapreopt_chroot (fd (use)))
|
|
(allow postinstall_dexopt device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow postinstall_dexopt device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow init preloads_copy_exec (file (read getattr map execute open)))
|
|
(allow init preloads_copy (process (transition)))
|
|
(allow preloads_copy preloads_copy_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init preloads_copy (process (noatsecure)))
|
|
(allow init preloads_copy (process (siginh rlimitinh)))
|
|
(typetransition init preloads_copy_exec process preloads_copy)
|
|
(allow preloads_copy shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow preloads_copy toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow preloads_copy preloads_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow preloads_copy preloads_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow preloads_copy preloads_media_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow preloads_copy preloads_media_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow preloads_copy system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit preloads_copy postinstall_mnt_dir (dir (search)))
|
|
(allow preopt2cachename cppreopts (fd (use)))
|
|
(allow preopt2cachename cppreopts (fifo_file (read write getattr)))
|
|
(allow preopt2cachename proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(typetransition priv_app tmpfs file appdomain_tmpfs)
|
|
(allow priv_app priv_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 6 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow base_typeattr_856 priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow priv_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 6 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow base_typeattr_857 base_typeattr_856 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow base_typeattr_858 priv_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow base_typeattr_859 priv_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(typetransition priv_app devpts chr_file priv_app_devpts)
|
|
(allow priv_app priv_app_devpts (chr_file (ioctl read write getattr open)))
|
|
(allowx priv_app priv_app_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
;;* lmx 15 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallowx base_typeattr_224 priv_app_devpts (ioctl chr_file (0x5412)))
|
|
;;* lme
|
|
|
|
(allow priv_app privapp_data_file (file (execute)))
|
|
(allow priv_app system_linker_exec (file (execute_no_trans)))
|
|
(allow priv_app privapp_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow priv_app app_api_service (service_manager (find)))
|
|
(allow priv_app system_api_service (service_manager (find)))
|
|
(allow priv_app audioserver_service (service_manager (find)))
|
|
(allow priv_app cameraserver_service (service_manager (find)))
|
|
(allow priv_app drmserver_service (service_manager (find)))
|
|
(allow priv_app mediadrmserver_service (service_manager (find)))
|
|
(allow priv_app mediaextractor_service (service_manager (find)))
|
|
(allow priv_app mediametrics_service (service_manager (find)))
|
|
(allow priv_app mediaserver_service (service_manager (find)))
|
|
(allow priv_app music_recognition_service (service_manager (find)))
|
|
(allow priv_app network_watchlist_service (service_manager (find)))
|
|
(allow priv_app nfc_service (service_manager (find)))
|
|
(allow priv_app oem_lock_service (service_manager (find)))
|
|
(allow priv_app persistent_data_block_service (service_manager (find)))
|
|
(allow priv_app radio_service (service_manager (find)))
|
|
(allow priv_app recovery_service (service_manager (find)))
|
|
(allow priv_app stats_service (service_manager (find)))
|
|
(allow priv_app cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow priv_app cache_recovery_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow priv_app cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow priv_app cache_recovery_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow priv_app cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow priv_app media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow priv_app shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app trace_data_file (file (read getattr)))
|
|
(allow priv_app wm_trace_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app wm_trace_data_file (file (getattr)))
|
|
(allow priv_app perfetto_traces_bugreport_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app perfetto_traces_bugreport_data_file (file (getattr)))
|
|
(allow priv_app perfetto_traces_data_file (dir (search)))
|
|
(allow priv_app perfetto (fd (use)))
|
|
(allow priv_app perfetto_traces_data_file (file (read getattr)))
|
|
(allow priv_app apk_tmp_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app apk_private_tmp_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app apk_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app apk_private_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app vold (fd (use)))
|
|
(allow priv_app fuse_device (chr_file (read write)))
|
|
(allow priv_app proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app sysfs_type (dir (search)))
|
|
(allow priv_app sysfs_zram (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app sysfs_zram (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app sysfs_zram (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app statsd (binder (call transfer)))
|
|
(allow statsd priv_app (binder (transfer)))
|
|
(allow priv_app statsd (fd (use)))
|
|
(allow priv_app ringtone_file (file (read write getattr)))
|
|
(allow priv_app preloads_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app preloads_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app preloads_media_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app preloads_media_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app incident_service (service_manager (find)))
|
|
(allow priv_app incidentd (binder (call transfer)))
|
|
(allow incidentd priv_app (binder (transfer)))
|
|
(allow priv_app incidentd (fd (use)))
|
|
(allow priv_app incidentd (fifo_file (read write)))
|
|
(allow priv_app dynamic_system_prop (file (read getattr map open)))
|
|
(dontaudit priv_app exec_type (file (getattr)))
|
|
(dontaudit priv_app device (dir (read)))
|
|
(dontaudit priv_app fs_bpf (dir (search)))
|
|
(dontaudit priv_app net_dns_prop (file (read)))
|
|
(dontaudit priv_app proc (file (read)))
|
|
(dontaudit priv_app proc_interrupts (file (read)))
|
|
(dontaudit priv_app proc_modules (file (read)))
|
|
(dontaudit priv_app proc_net (file (read)))
|
|
(dontaudit priv_app proc_stat (file (read)))
|
|
(dontaudit priv_app proc_version (file (read)))
|
|
(dontaudit priv_app sysfs (dir (read)))
|
|
(dontaudit priv_app sysfs (file (read)))
|
|
(dontaudit priv_app sysfs_android_usb (file (read)))
|
|
(dontaudit priv_app sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit priv_app wifi_config_prop (file (read)))
|
|
(dontaudit priv_app wifi_hal_prop (file (read)))
|
|
(dontaudit priv_app wifi_prop (file (read)))
|
|
(allow priv_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
(allowx priv_app apk_data_file (ioctl file ((range 0x671f 0x6720) 0x6722 0x6724)))
|
|
(allow priv_app incremental_control_file (file (ioctl read getattr)))
|
|
(allowx priv_app incremental_control_file (ioctl file (0x6721)))
|
|
(allow priv_app incremental_prop (file (read getattr map open)))
|
|
(allow priv_app device_config_aconfig_flags_prop (file (read getattr map open)))
|
|
(allow priv_app system_boot_reason_prop (file (read getattr map open)))
|
|
(allow priv_app apex_data_file (dir (search)))
|
|
(allow priv_app staging_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app staging_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app vendor_apex_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow priv_app vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow priv_app system_app_data_file (file (read getattr)))
|
|
(allow priv_app rs_exec (file (read getattr map execute open)))
|
|
(allow priv_app rs (process (transition)))
|
|
(allow rs rs_exec (file (read getattr map execute open entrypoint)))
|
|
(allow rs priv_app (process (sigchld)))
|
|
(dontaudit priv_app rs (process (noatsecure)))
|
|
(allow priv_app rs (process (siginh rlimitinh)))
|
|
(typetransition priv_app rs_exec process rs)
|
|
(allow priv_app app_exec_data_file (file (ioctl read getattr lock map unlink execute open watch watch_reads)))
|
|
(allow priv_app virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow priv_app virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager priv_app (process (sigchld)))
|
|
(dontaudit priv_app virtualizationmanager (process (noatsecure)))
|
|
(allow priv_app virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition priv_app virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm priv_app (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager priv_app (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm priv_app (fd (use)))
|
|
(allow virtualizationmanager priv_app (fd (use)))
|
|
(allow priv_app virtualizationmanager (fd (use)))
|
|
(allow crosvm priv_app (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager priv_app (fifo_file (ioctl read write getattr)))
|
|
(allow priv_app virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow priv_app hypervisor_prop (file (read getattr map open)))
|
|
(allow priv_app virtualizationservice_data_file (file (read getattr)))
|
|
;;* lmx 217 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 220 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 223 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app kmsg_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 227 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app debugfs_type (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 232 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app service_manager_type (service_manager (add)))
|
|
;;* lme
|
|
|
|
;;* lmx 236 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app property_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 237 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app init (unix_stream_socket (connectto)))
|
|
;;* lme
|
|
|
|
;;* lmx 238 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app property_type (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 248 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app mlstrustedsubject (process (fork)))
|
|
;;* lme
|
|
|
|
;;* lmx 256 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app file_type (file (link)))
|
|
;;* lme
|
|
|
|
;;* lmx 260 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app trace_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 261 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app trace_data_file (file (write create setattr relabelfrom append unlink link rename open)))
|
|
;;* lme
|
|
|
|
;;* lmx 264 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 265 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app cgroup_v2 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 271 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app base_typeattr_860 (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 274 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app base_typeattr_860 (lnk_file (read getattr open)))
|
|
;;* lme
|
|
|
|
;;* lmx 277 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app sysfs_net (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 281 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallowx priv_app domain (ioctl tcp_socket (0x6900 0x6902)))
|
|
(neverallowx priv_app domain (ioctl udp_socket (0x6900 0x6902)))
|
|
(neverallowx priv_app domain (ioctl rawip_socket (0x6900 0x6902)))
|
|
(neverallowx priv_app domain (ioctl icmp_socket (0x6900 0x6902)))
|
|
;;* lme
|
|
|
|
;;* lmx 281 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallowx priv_app domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx priv_app domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx priv_app domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(neverallowx priv_app domain (ioctl icmp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
;;* lme
|
|
|
|
;;* lmx 281 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallowx priv_app domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx priv_app domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx priv_app domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(neverallowx priv_app domain (ioctl icmp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
;;* lme
|
|
|
|
;;* lmx 282 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app base_typeattr_224 (netlink_route_socket (ioctl)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_selinux_socket (ioctl)))
|
|
;;* lme
|
|
|
|
;;* lmx 295 system/sepolicy/private/priv_app.te
|
|
|
|
(neverallow priv_app base_typeattr_224 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow priv_app base_typeattr_224 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow priv_app base_typeattr_224 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
(allow priv_app keystore (keystore2 (report_off_body)))
|
|
(allow priv_app pm_archiving_enabled_prop (file (read getattr map open)))
|
|
(allow init prng_seeder_exec (file (read getattr map execute open)))
|
|
(allow init prng_seeder (process (transition)))
|
|
(allow prng_seeder prng_seeder_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init prng_seeder (process (noatsecure)))
|
|
(allow init prng_seeder (process (siginh rlimitinh)))
|
|
(typetransition init prng_seeder_exec process prng_seeder)
|
|
(allow prng_seeder prng_seeder (unix_stream_socket (read write getattr accept)))
|
|
(allow prng_seeder hw_random_device (chr_file (read open)))
|
|
(allow prng_seeder kmsg_debug_device (chr_file (ioctl write getattr lock append map open)))
|
|
(allow profman system_file (file (read getattr lock map)))
|
|
(allow profman vendor_app_file (file (read getattr lock map)))
|
|
(allow profman apk_data_file (file (read getattr lock map)))
|
|
(allow profman artd (fd (use)))
|
|
(allow profman installd (fd (use)))
|
|
(allow profman artd_tmpfs (file (read getattr lock map)))
|
|
;;* lmx 2 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 apexd_payload_metadata_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 4 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_snapuserd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_core_experiments_team_internal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_lmkd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 8 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_mglru_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_profcollect_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 10 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_remote_key_provisioning_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_statsd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 12 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_statsd_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_storage_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 14 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_sys_traced_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_window_manager_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 16 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_configuration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 17 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_connectivity_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 18 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_swcodec_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 19 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_tethering_u_or_later_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 20 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 dmesgd_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 21 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 fastbootd_protocol_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 22 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 gsid_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 init_perf_lsm_hooks_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 24 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 init_service_status_private_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 25 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 init_storage_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 27 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 keystore_crash_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 28 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 keystore_listen_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 29 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 last_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 30 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 localization_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 31 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 logd_auditrate_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 32 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 lower_kptr_restrict_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 33 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 net_464xlat_fromvendor_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 34 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 net_connectivity_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 35 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 netd_stable_secret_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 36 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 next_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 37 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 odsign_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 38 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 39 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 perf_drop_caches_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 40 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 41 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 profcollectd_node_id_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 radio_cdma_ecm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 remote_prov_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 44 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 rollback_test_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 setupwizard_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 46 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 snapuserd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 47 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 system_adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 48 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 system_audio_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 49 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 timezone_metadata_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 50 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 traced_perf_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 51 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 uprobestats_start_with_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 52 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 tuner_server_ctl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 53 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 userspace_reboot_log_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 54 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 userspace_reboot_test_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 55 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 verity_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 56 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 zygote_wrap_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 57 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_mediatranscoding_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 58 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_odsign_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 59 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 virtualizationservice_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 60 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 61 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 enable_16k_pages_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 62 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 sensors_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 63 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 64 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 65 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 game_manager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 hidl_memory_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 67 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 70 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 device_config_virtualization_framework_native_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 71 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 log_file_logger_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 persist_sysui_builder_extras_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 73 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 persist_sysui_ranking_update_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/private/property.te
|
|
|
|
(neverallow domain base_typeattr_861 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 base_typeattr_862 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_250 base_typeattr_863 (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_572 base_typeattr_864 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 79 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_691 base_typeattr_865 (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 122 system/sepolicy/private/property.te
|
|
|
|
(neverallow domain property_type (file (ioctl lock)))
|
|
;;* lme
|
|
|
|
;;* lmx 148 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_224 base_typeattr_866 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 156 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_259 ctl_sigstop_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(dontaudit domain ctl_bootanim_prop (property_service (set)))
|
|
(dontaudit domain ctl_bugreport_prop (property_service (set)))
|
|
(dontaudit domain ctl_console_prop (property_service (set)))
|
|
(dontaudit domain ctl_dumpstate_prop (property_service (set)))
|
|
(dontaudit domain ctl_fuse_prop (property_service (set)))
|
|
(dontaudit domain ctl_mdnsd_prop (property_service (set)))
|
|
(dontaudit domain ctl_rildaemon_prop (property_service (set)))
|
|
(dontaudit domain ctl_default_prop (property_service (set)))
|
|
;;* lmx 175 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_867 init_storage_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 180 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 init_svc_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 187 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_855 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 196 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_868 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 202 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_869 misctrl_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_870 base_typeattr_871 (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_872 nfc_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_873 radio_control_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_874 radio_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_875 bluetooth_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_876 exported_bluetooth_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_877 exported_camera_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_878 wifi_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_879 wifi_hal_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_870 base_typeattr_880 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_872 nfc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_874 radio_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_875 bluetooth_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_878 wifi_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_267 suspend_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 suspend_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 204 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_855 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit system_suspend suspend_debug_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 384 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_881 base_typeattr_882 (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 404 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_267 ffs_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_267 ffs_control_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 412 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_308 userspace_reboot_log_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 421 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_308 system_adbd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 432 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_883 adbd_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 441 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_884 adbd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 449 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 apexd_payload_metadata_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 459 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_885 userspace_reboot_test_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 468 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_266 surfaceflinger_color_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 475 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 libc_debug_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 490 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_886 arm64_memtag_prop (property_service (set)))
|
|
(neverallow base_typeattr_886 gwp_asan_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 497 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_266 zram_control_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 504 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_266 dalvik_runtime_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 513 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_267 usb_config_prop (property_service (set)))
|
|
(neverallow base_typeattr_267 usb_control_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 522 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_308 provisioned_prop (property_service (set)))
|
|
(neverallow base_typeattr_308 retaildemo_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 531 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_267 provisioned_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_267 retaildemo_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 539 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 init_service_status_prop (property_service (set)))
|
|
(neverallow base_typeattr_223 init_service_status_private_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 548 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_887 telephony_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 556 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_259 graphics_config_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 564 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_888 surfaceflinger_display_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 571 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_870 packagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 577 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_267 keyguard_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 584 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 localization_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 592 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_889 oem_unlock_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 598 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_267 storagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 606 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_890 sendbug_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 614 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_890 camera_calibration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 622 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_891 hal_dumpstate_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 633 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 lower_kptr_restrict_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 638 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 zygote_wrap_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 643 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 verity_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 649 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_259 setupwizard_mode_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 654 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 setupwizard_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 663 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_260 build_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 669 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_885 sqlite_log_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 675 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_717 sqlite_log_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 680 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 default_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 684 system/sepolicy/private/property.te
|
|
|
|
(neverallow domain system_and_vendor_property_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow domain system_and_vendor_property_type (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 691 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_892 remote_prov_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 698 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_885 rollback_test_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 704 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_617 ctl_apex_load_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 712 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_893 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 718 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_617 apex_ready_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 726 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_894 apex_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 734 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_895 profcollectd_node_id_prop (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 739 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_223 log_file_logger_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 745 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_259 usb_uvc_enabled_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 752 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_896 usb_uvc_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 758 system/sepolicy/private/property.te
|
|
|
|
(neverallow base_typeattr_259 pm_archiving_enabled_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(typetransition radio tmpfs file appdomain_tmpfs)
|
|
(allow radio radio_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 3 system/sepolicy/private/radio.te
|
|
|
|
(neverallow base_typeattr_573 radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow radio appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 3 system/sepolicy/private/radio.te
|
|
|
|
(neverallow base_typeattr_897 base_typeattr_573 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/radio.te
|
|
|
|
(neverallow base_typeattr_898 radio (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/radio.te
|
|
|
|
(neverallow base_typeattr_899 radio (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow radio runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio radio_control_prop (property_service (set)))
|
|
(allow radio radio_control_prop (file (read getattr map open)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio radio_prop (property_service (set)))
|
|
(allow radio radio_prop (file (read getattr map open)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio net_radio_prop (property_service (set)))
|
|
(allow radio net_radio_prop (file (read getattr map open)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio telephony_status_prop (property_service (set)))
|
|
(allow radio telephony_status_prop (file (read getattr map open)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio radio_cdma_ecm_prop (property_service (set)))
|
|
(allow radio radio_cdma_ecm_prop (file (read getattr map open)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio ctl_rildaemon_prop (property_service (set)))
|
|
(allow radio ctl_rildaemon_prop (file (read getattr map open)))
|
|
(allow radio time_prop (file (read getattr map open)))
|
|
(allow radio platform_compat_service (service_manager (find)))
|
|
(allow radio uce_service (service_manager (find)))
|
|
(allow radio emergency_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow radio emergency_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow radio property_socket (sock_file (write)))
|
|
(allow radio init (unix_stream_socket (connectto)))
|
|
(allow radio binder_cache_telephony_server_prop (property_service (set)))
|
|
(allow radio binder_cache_telephony_server_prop (file (read getattr map open)))
|
|
;;* lmx 32 system/sepolicy/private/radio.te
|
|
|
|
(neverallow base_typeattr_900 binder_cache_telephony_server_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow radio statsd (binder (call transfer)))
|
|
(allow statsd radio (binder (transfer)))
|
|
(allow radio statsd (fd (use)))
|
|
(allow init recovery_persist_exec (file (read getattr map execute open)))
|
|
(allow init recovery_persist (process (transition)))
|
|
(allow recovery_persist recovery_persist_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init recovery_persist (process (noatsecure)))
|
|
(allow init recovery_persist (process (siginh rlimitinh)))
|
|
(typetransition init recovery_persist_exec process recovery_persist)
|
|
;;* lmx 11 system/sepolicy/private/recovery_persist.te
|
|
|
|
(neverallow recovery_persist base_typeattr_901 (file (write)))
|
|
;;* lme
|
|
|
|
(allow init recovery_refresh_exec (file (read getattr map execute open)))
|
|
(allow init recovery_refresh (process (transition)))
|
|
(allow recovery_refresh recovery_refresh_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init recovery_refresh (process (noatsecure)))
|
|
(allow init recovery_refresh (process (siginh rlimitinh)))
|
|
(typetransition init recovery_refresh_exec process recovery_refresh)
|
|
;;* lmx 10 system/sepolicy/private/recovery_refresh.te
|
|
|
|
(neverallow recovery_refresh file_type (file (write)))
|
|
;;* lme
|
|
|
|
(allow rkpd servicemanager (binder (call transfer)))
|
|
(allow servicemanager rkpd (binder (call transfer)))
|
|
(allow servicemanager rkpd (dir (search)))
|
|
(allow servicemanager rkpd (file (read open)))
|
|
(allow servicemanager rkpd (process (getattr)))
|
|
(allow init rkpd_exec (file (read getattr map execute open)))
|
|
(allow init rkpd (process (transition)))
|
|
(allow rkpd rkpd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init rkpd (process (noatsecure)))
|
|
(allow init rkpd (process (siginh rlimitinh)))
|
|
(typetransition init rkpd_exec process rkpd)
|
|
(allow rkpd rkpd_registrar_service (service_manager (add find)))
|
|
;;* lmx 12 system/sepolicy/private/rkpd.te
|
|
|
|
(neverallow base_typeattr_902 rkpd_registrar_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow rkpd rkpd_refresh_service (service_manager (add find)))
|
|
;;* lmx 13 system/sepolicy/private/rkpd.te
|
|
|
|
(neverallow base_typeattr_902 rkpd_refresh_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow rkpd device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
|
|
(typetransition rkpdapp tmpfs file appdomain_tmpfs)
|
|
(allow rkpdapp rkpdapp_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 7 system/sepolicy/private/rkpd_app.te
|
|
|
|
(neverallow base_typeattr_903 rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow rkpdapp appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 7 system/sepolicy/private/rkpd_app.te
|
|
|
|
(neverallow base_typeattr_904 base_typeattr_903 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/rkpd_app.te
|
|
|
|
(neverallow base_typeattr_905 rkpdapp (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 7 system/sepolicy/private/rkpd_app.te
|
|
|
|
(neverallow base_typeattr_906 rkpdapp (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow rkpdapp device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
|
|
(allow rkpdapp property_socket (sock_file (write)))
|
|
(allow rkpdapp init (unix_stream_socket (connectto)))
|
|
(allow rkpdapp remote_prov_prop (property_service (set)))
|
|
(allow rkpdapp remote_prov_prop (file (read getattr map open)))
|
|
(allow rkpdapp app_api_service (service_manager (find)))
|
|
(allow rkpdapp mediametrics_service (service_manager (find)))
|
|
(allow rkpdapp statsmanager_service (service_manager (find)))
|
|
(allow rkpdapp statsd (binder (call transfer)))
|
|
(allow statsd rkpdapp (binder (transfer)))
|
|
(allow rkpdapp statsd (fd (use)))
|
|
(allow rs app_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow rs privapp_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow rs app_exec_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(typetransition rs app_data_file file app_exec_data_file)
|
|
(typetransition rs privapp_data_file file app_exec_data_file)
|
|
(allow rs system_data_file (lnk_file (read)))
|
|
(allow rs app_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs privapp_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs app_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow rs privapp_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow rs app_data_file (dir (remove_name)))
|
|
(allow rs privapp_data_file (dir (remove_name)))
|
|
(allow rs vendor_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow rs vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow rs vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow rs vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs vendor_apex_metadata_file (dir (getattr search)))
|
|
(allow rs apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow rs apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow rs ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow rs same_process_hal_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow rs untrusted_app_all (fd (use)))
|
|
(allow rs ephemeral_app (fd (use)))
|
|
(allow rs priv_app (fd (use)))
|
|
(dontaudit rs hal_graphics_allocator (fd (use)))
|
|
(dontaudit rs surfaceflinger (fd (use)))
|
|
(dontaudit rs zygote (fd (use)))
|
|
;;* lmx 41 system/sepolicy/private/rs.te
|
|
|
|
(neverallow rs rs (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow rs rs (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
(neverallow rs rs (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow rs rs (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/private/rs.te
|
|
|
|
(neverallow base_typeattr_233 rs (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 43 system/sepolicy/private/rs.te
|
|
|
|
(neverallow rs base_typeattr_644 (process (transition dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 44 system/sepolicy/private/rs.te
|
|
|
|
(neverallow rs app_data_file_type (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow rs app_data_file_type (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
(neverallow rs app_data_file_type (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
|
|
(neverallow rs app_data_file_type (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
(neverallow rs app_data_file_type (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
(neverallow rs app_data_file_type (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
|
|
;;* lme
|
|
|
|
;;* lmx 46 system/sepolicy/private/rs.te
|
|
|
|
(neverallow rs base_typeattr_224 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
(neverallow rs base_typeattr_224 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow rs base_typeattr_224 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow rs base_typeattr_224 (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
;;* lme
|
|
|
|
(allow init rss_hwm_reset_exec (file (read getattr map execute open)))
|
|
(allow init rss_hwm_reset (process (transition)))
|
|
(allow rss_hwm_reset rss_hwm_reset_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init rss_hwm_reset (process (noatsecure)))
|
|
(allow init rss_hwm_reset (process (siginh rlimitinh)))
|
|
(typetransition init rss_hwm_reset_exec process rss_hwm_reset)
|
|
(allow rss_hwm_reset domain (dir (search)))
|
|
(allow rss_hwm_reset self (capability (dac_override)))
|
|
(allow rss_hwm_reset self (cap_userns (dac_override)))
|
|
(allow rss_hwm_reset domain (file (write lock append map open)))
|
|
(allow shell runas_exec (file (read getattr map execute open)))
|
|
(allow shell runas (process (transition)))
|
|
(allow runas runas_exec (file (read getattr map execute open entrypoint)))
|
|
(allow runas shell (process (sigchld)))
|
|
(dontaudit shell runas (process (noatsecure)))
|
|
(allow shell runas (process (siginh rlimitinh)))
|
|
(typetransition shell runas_exec process runas)
|
|
(typetransition runas_app tmpfs file appdomain_tmpfs)
|
|
(allow runas_app runas_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 3 system/sepolicy/private/runas_app.te
|
|
|
|
(neverallow base_typeattr_907 runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow runas_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 3 system/sepolicy/private/runas_app.te
|
|
|
|
(neverallow base_typeattr_908 base_typeattr_907 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/runas_app.te
|
|
|
|
(neverallow base_typeattr_909 runas_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/runas_app.te
|
|
|
|
(neverallow base_typeattr_910 runas_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow runas_app app_data_file (file (execute_no_trans)))
|
|
(allow runas_app untrusted_app_all (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow runas_app untrusted_app_all (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runas_app untrusted_app_all (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow runas_app untrusted_app_all (process (sigkill sigstop signal ptrace)))
|
|
(allow runas_app untrusted_app_all (unix_stream_socket (connectto)))
|
|
(allow runas_app simpleperf_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(dontaudit runas_app domain (dir (search)))
|
|
(allow runas_app self (perf_event (open kernel read write)))
|
|
;;* lmx 32 system/sepolicy/private/runas_app.te
|
|
|
|
(neverallow runas_app self (perf_event (cpu tracepoint)))
|
|
;;* lme
|
|
|
|
(dontaudit runas_app shell_test_data_file (dir (search)))
|
|
(typetransition sdcardd system_data_file dir media_rw_data_file)
|
|
(typetransition sdcardd system_data_file file media_rw_data_file)
|
|
(typetransition sdk_sandbox_34 tmpfs file appdomain_tmpfs)
|
|
(allow sdk_sandbox_34 sdk_sandbox_34_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
|
|
|
|
(neverallow base_typeattr_911 sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow sdk_sandbox_34 appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
|
|
|
|
(neverallow base_typeattr_912 base_typeattr_911 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
|
|
|
|
(neverallow base_typeattr_913 sdk_sandbox_34 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
|
|
|
|
(neverallow base_typeattr_914 sdk_sandbox_34 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow sdk_sandbox_all system_linker_exec (file (execute_no_trans)))
|
|
(allow sdk_sandbox_all shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow sdk_sandbox_all shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow sdk_sandbox_all system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
(allow sdk_sandbox_all sdk_sandbox_system_data_file (dir (getattr search)))
|
|
(allow sdk_sandbox_all sdk_sandbox_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow sdk_sandbox_all sdk_sandbox_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow sdk_sandbox_all app_data_file (file (read getattr)))
|
|
(allow sdk_sandbox_all privapp_data_file (file (read getattr)))
|
|
;;* lmx 39 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all app_data_file_type (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 42 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 49 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all debugfs_type (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 52 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all gpu_device (chr_file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 55 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all sysfs (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 59 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 62 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all sdcard_type (file (create open)))
|
|
(neverallow sdk_sandbox_all media_rw_data_file (file (create open)))
|
|
;;* lme
|
|
|
|
;;* lmx 63 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all sdcard_type (dir (search)))
|
|
(neverallow sdk_sandbox_all media_rw_data_file (dir (search)))
|
|
;;* lme
|
|
|
|
;;* lmx 67 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all proc_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 71 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all base_typeattr_915 (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 72 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all base_typeattr_915 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 75 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all media_rw_data_file (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 76 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all media_rw_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 78 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all tmpfs (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 80 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all hal_drm_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 90 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow base_typeattr_916 sdk_sandbox_system_data_file (dir (relabelfrom)))
|
|
;;* lme
|
|
|
|
;;* lmx 100 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow base_typeattr_917 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 110 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow base_typeattr_916 sdk_sandbox_system_data_file (dir (relabelfrom)))
|
|
;;* lme
|
|
|
|
;;* lmx 120 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow base_typeattr_917 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 123 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow sdk_sandbox_all sdk_sandbox_system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 126 system/sepolicy/private/sdk_sandbox_all.te
|
|
|
|
(neverallow base_typeattr_223 sdk_sandbox_system_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
(typetransition sdk_sandbox_audit tmpfs file appdomain_tmpfs)
|
|
(allow sdk_sandbox_audit sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
|
|
|
|
(neverallow base_typeattr_918 sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow sdk_sandbox_audit appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
|
|
|
|
(neverallow base_typeattr_919 base_typeattr_918 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
|
|
|
|
(neverallow base_typeattr_920 sdk_sandbox_audit (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
|
|
|
|
(neverallow base_typeattr_921 sdk_sandbox_audit (process (ptrace)))
|
|
;;* lme
|
|
|
|
(auditallow sdk_sandbox_audit ephemeral_app_api_service (service_manager (find)))
|
|
(auditallow sdk_sandbox_audit cameraserver_service (service_manager (find)))
|
|
(auditallow sdk_sandbox_audit mediadrmserver_service (service_manager (find)))
|
|
(auditallow sdk_sandbox_audit radio_service (service_manager (find)))
|
|
(auditallow sdk_sandbox_audit base_typeattr_922 (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(auditallow sdk_sandbox_audit base_typeattr_922 (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow sdk_sandbox_current ephemeral_app_api_service (service_manager (find)))
|
|
(allow sdk_sandbox_current audioserver_service (service_manager (find)))
|
|
(allow sdk_sandbox_current batteryproperties_service (service_manager (find)))
|
|
(allow sdk_sandbox_current cameraserver_service (service_manager (find)))
|
|
(allow sdk_sandbox_current gpu_service (service_manager (find)))
|
|
(allow sdk_sandbox_current mediaserver_service (service_manager (find)))
|
|
(allow sdk_sandbox_current mediametrics_service (service_manager (find)))
|
|
(allow sdk_sandbox_current mediaextractor_service (service_manager (find)))
|
|
(allow sdk_sandbox_current mediadrmserver_service (service_manager (find)))
|
|
(allow sdk_sandbox_current radio_service (service_manager (find)))
|
|
(allow sdk_sandbox_current surfaceflinger_service (service_manager (find)))
|
|
(allow sdk_sandbox_current activity_service (service_manager (find)))
|
|
(allow sdk_sandbox_current activity_task_service (service_manager (find)))
|
|
(allow sdk_sandbox_current appops_service (service_manager (find)))
|
|
(allow sdk_sandbox_current audio_service (service_manager (find)))
|
|
(allow sdk_sandbox_current batterystats_service (service_manager (find)))
|
|
(allow sdk_sandbox_current IProxyService_service (service_manager (find)))
|
|
(allow sdk_sandbox_current connectivity_service (service_manager (find)))
|
|
(allow sdk_sandbox_current connmetrics_service (service_manager (find)))
|
|
(allow sdk_sandbox_current deviceidle_service (service_manager (find)))
|
|
(allow sdk_sandbox_current display_service (service_manager (find)))
|
|
(allow sdk_sandbox_current font_service (service_manager (find)))
|
|
(allow sdk_sandbox_current dropbox_service (service_manager (find)))
|
|
(allow sdk_sandbox_current platform_compat_service (service_manager (find)))
|
|
(allow sdk_sandbox_current game_service (service_manager (find)))
|
|
(allow sdk_sandbox_current graphicsstats_service (service_manager (find)))
|
|
(allow sdk_sandbox_current hardware_properties_service (service_manager (find)))
|
|
(allow sdk_sandbox_current hint_service (service_manager (find)))
|
|
(allow sdk_sandbox_current imms_service (service_manager (find)))
|
|
(allow sdk_sandbox_current input_method_service (service_manager (find)))
|
|
(allow sdk_sandbox_current input_service (service_manager (find)))
|
|
(allow sdk_sandbox_current ipsec_service (service_manager (find)))
|
|
(allow sdk_sandbox_current launcherapps_service (service_manager (find)))
|
|
(allow sdk_sandbox_current legacy_permission_service (service_manager (find)))
|
|
(allow sdk_sandbox_current light_service (service_manager (find)))
|
|
(allow sdk_sandbox_current locale_service (service_manager (find)))
|
|
(allow sdk_sandbox_current media_communication_service (service_manager (find)))
|
|
(allow sdk_sandbox_current media_projection_service (service_manager (find)))
|
|
(allow sdk_sandbox_current media_router_service (service_manager (find)))
|
|
(allow sdk_sandbox_current media_session_service (service_manager (find)))
|
|
(allow sdk_sandbox_current memtrackproxy_service (service_manager (find)))
|
|
(allow sdk_sandbox_current midi_service (service_manager (find)))
|
|
(allow sdk_sandbox_current netpolicy_service (service_manager (find)))
|
|
(allow sdk_sandbox_current netstats_service (service_manager (find)))
|
|
(allow sdk_sandbox_current network_management_service (service_manager (find)))
|
|
(allow sdk_sandbox_current notification_service (service_manager (find)))
|
|
(allow sdk_sandbox_current package_service (service_manager (find)))
|
|
(allow sdk_sandbox_current permission_service (service_manager (find)))
|
|
(allow sdk_sandbox_current permissionmgr_service (service_manager (find)))
|
|
(allow sdk_sandbox_current permission_checker_service (service_manager (find)))
|
|
(allow sdk_sandbox_current power_service (service_manager (find)))
|
|
(allow sdk_sandbox_current procstats_service (service_manager (find)))
|
|
(allow sdk_sandbox_current registry_service (service_manager (find)))
|
|
(allow sdk_sandbox_current restrictions_service (service_manager (find)))
|
|
(allow sdk_sandbox_current rttmanager_service (service_manager (find)))
|
|
(allow sdk_sandbox_current search_service (service_manager (find)))
|
|
(allow sdk_sandbox_current selection_toolbar_service (service_manager (find)))
|
|
(allow sdk_sandbox_current sensorservice_service (service_manager (find)))
|
|
(allow sdk_sandbox_current sensor_privacy_service (service_manager (find)))
|
|
(allow sdk_sandbox_current servicediscovery_service (service_manager (find)))
|
|
(allow sdk_sandbox_current settings_service (service_manager (find)))
|
|
(allow sdk_sandbox_current statusbar_service (service_manager (find)))
|
|
(allow sdk_sandbox_current storagestats_service (service_manager (find)))
|
|
(allow sdk_sandbox_current speech_recognition_service (service_manager (find)))
|
|
(allow sdk_sandbox_current textclassification_service (service_manager (find)))
|
|
(allow sdk_sandbox_current textservices_service (service_manager (find)))
|
|
(allow sdk_sandbox_current texttospeech_service (service_manager (find)))
|
|
(allow sdk_sandbox_current telecom_service (service_manager (find)))
|
|
(allow sdk_sandbox_current thermal_service (service_manager (find)))
|
|
(allow sdk_sandbox_current translation_service (service_manager (find)))
|
|
(allow sdk_sandbox_current tv_iapp_service (service_manager (find)))
|
|
(allow sdk_sandbox_current tv_input_service (service_manager (find)))
|
|
(allow sdk_sandbox_current uimode_service (service_manager (find)))
|
|
(allow sdk_sandbox_current vcn_management_service (service_manager (find)))
|
|
(allow sdk_sandbox_current webviewupdate_service (service_manager (find)))
|
|
(allow sdk_sandbox_current tethering_service (service_manager (find)))
|
|
(typetransition sdk_sandbox_next tmpfs file appdomain_tmpfs)
|
|
(allow sdk_sandbox_next sdk_sandbox_next_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
|
|
|
|
(neverallow base_typeattr_923 sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow sdk_sandbox_next appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
|
|
|
|
(neverallow base_typeattr_924 base_typeattr_923 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
|
|
|
|
(neverallow base_typeattr_925 sdk_sandbox_next (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
|
|
|
|
(neverallow base_typeattr_926 sdk_sandbox_next (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow sdk_sandbox_next audioserver_service (service_manager (find)))
|
|
(allow sdk_sandbox_next batteryproperties_service (service_manager (find)))
|
|
(allow sdk_sandbox_next gpu_service (service_manager (find)))
|
|
(allow sdk_sandbox_next mediaserver_service (service_manager (find)))
|
|
(allow sdk_sandbox_next mediametrics_service (service_manager (find)))
|
|
(allow sdk_sandbox_next mediaextractor_service (service_manager (find)))
|
|
(allow sdk_sandbox_next surfaceflinger_service (service_manager (find)))
|
|
(allow sdk_sandbox_next activity_service (service_manager (find)))
|
|
(allow sdk_sandbox_next activity_task_service (service_manager (find)))
|
|
(allow sdk_sandbox_next appops_service (service_manager (find)))
|
|
(allow sdk_sandbox_next audio_service (service_manager (find)))
|
|
(allow sdk_sandbox_next batterystats_service (service_manager (find)))
|
|
(allow sdk_sandbox_next IProxyService_service (service_manager (find)))
|
|
(allow sdk_sandbox_next connectivity_service (service_manager (find)))
|
|
(allow sdk_sandbox_next connmetrics_service (service_manager (find)))
|
|
(allow sdk_sandbox_next deviceidle_service (service_manager (find)))
|
|
(allow sdk_sandbox_next display_service (service_manager (find)))
|
|
(allow sdk_sandbox_next font_service (service_manager (find)))
|
|
(allow sdk_sandbox_next dropbox_service (service_manager (find)))
|
|
(allow sdk_sandbox_next platform_compat_service (service_manager (find)))
|
|
(allow sdk_sandbox_next game_service (service_manager (find)))
|
|
(allow sdk_sandbox_next graphicsstats_service (service_manager (find)))
|
|
(allow sdk_sandbox_next hardware_properties_service (service_manager (find)))
|
|
(allow sdk_sandbox_next hint_service (service_manager (find)))
|
|
(allow sdk_sandbox_next imms_service (service_manager (find)))
|
|
(allow sdk_sandbox_next input_method_service (service_manager (find)))
|
|
(allow sdk_sandbox_next input_service (service_manager (find)))
|
|
(allow sdk_sandbox_next ipsec_service (service_manager (find)))
|
|
(allow sdk_sandbox_next launcherapps_service (service_manager (find)))
|
|
(allow sdk_sandbox_next legacy_permission_service (service_manager (find)))
|
|
(allow sdk_sandbox_next light_service (service_manager (find)))
|
|
(allow sdk_sandbox_next locale_service (service_manager (find)))
|
|
(allow sdk_sandbox_next media_communication_service (service_manager (find)))
|
|
(allow sdk_sandbox_next media_projection_service (service_manager (find)))
|
|
(allow sdk_sandbox_next media_router_service (service_manager (find)))
|
|
(allow sdk_sandbox_next media_session_service (service_manager (find)))
|
|
(allow sdk_sandbox_next memtrackproxy_service (service_manager (find)))
|
|
(allow sdk_sandbox_next midi_service (service_manager (find)))
|
|
(allow sdk_sandbox_next netpolicy_service (service_manager (find)))
|
|
(allow sdk_sandbox_next netstats_service (service_manager (find)))
|
|
(allow sdk_sandbox_next network_management_service (service_manager (find)))
|
|
(allow sdk_sandbox_next notification_service (service_manager (find)))
|
|
(allow sdk_sandbox_next package_service (service_manager (find)))
|
|
(allow sdk_sandbox_next permission_service (service_manager (find)))
|
|
(allow sdk_sandbox_next permissionmgr_service (service_manager (find)))
|
|
(allow sdk_sandbox_next permission_checker_service (service_manager (find)))
|
|
(allow sdk_sandbox_next power_service (service_manager (find)))
|
|
(allow sdk_sandbox_next procstats_service (service_manager (find)))
|
|
(allow sdk_sandbox_next registry_service (service_manager (find)))
|
|
(allow sdk_sandbox_next restrictions_service (service_manager (find)))
|
|
(allow sdk_sandbox_next rttmanager_service (service_manager (find)))
|
|
(allow sdk_sandbox_next search_service (service_manager (find)))
|
|
(allow sdk_sandbox_next selection_toolbar_service (service_manager (find)))
|
|
(allow sdk_sandbox_next sensorservice_service (service_manager (find)))
|
|
(allow sdk_sandbox_next sensor_privacy_service (service_manager (find)))
|
|
(allow sdk_sandbox_next servicediscovery_service (service_manager (find)))
|
|
(allow sdk_sandbox_next settings_service (service_manager (find)))
|
|
(allow sdk_sandbox_next statusbar_service (service_manager (find)))
|
|
(allow sdk_sandbox_next storagestats_service (service_manager (find)))
|
|
(allow sdk_sandbox_next speech_recognition_service (service_manager (find)))
|
|
(allow sdk_sandbox_next textclassification_service (service_manager (find)))
|
|
(allow sdk_sandbox_next textservices_service (service_manager (find)))
|
|
(allow sdk_sandbox_next texttospeech_service (service_manager (find)))
|
|
(allow sdk_sandbox_next telecom_service (service_manager (find)))
|
|
(allow sdk_sandbox_next thermal_service (service_manager (find)))
|
|
(allow sdk_sandbox_next translation_service (service_manager (find)))
|
|
(allow sdk_sandbox_next tv_iapp_service (service_manager (find)))
|
|
(allow sdk_sandbox_next tv_input_service (service_manager (find)))
|
|
(allow sdk_sandbox_next uimode_service (service_manager (find)))
|
|
(allow sdk_sandbox_next vcn_management_service (service_manager (find)))
|
|
(allow sdk_sandbox_next webviewupdate_service (service_manager (find)))
|
|
(allow sdk_sandbox_next tethering_service (service_manager (find)))
|
|
(typetransition secure_element tmpfs file appdomain_tmpfs)
|
|
(allow secure_element secure_element_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 3 system/sepolicy/private/secure_element.te
|
|
|
|
(neverallow base_typeattr_927 secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow secure_element appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 3 system/sepolicy/private/secure_element.te
|
|
|
|
(neverallow base_typeattr_928 base_typeattr_927 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/secure_element.te
|
|
|
|
(neverallow base_typeattr_929 secure_element (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/secure_element.te
|
|
|
|
(neverallow base_typeattr_930 secure_element (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow secure_element secure_element_service (service_manager (add find)))
|
|
;;* lmx 6 system/sepolicy/private/secure_element.te
|
|
|
|
(neverallow base_typeattr_927 secure_element_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow secure_element app_api_service (service_manager (find)))
|
|
(allow secure_element shell_data_file (file (read)))
|
|
(allow secure_element vendor_uuid_mapping_config_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init servicemanager_exec (file (read getattr map execute open)))
|
|
(allow init servicemanager (process (transition)))
|
|
(allow servicemanager servicemanager_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init servicemanager (process (noatsecure)))
|
|
(allow init servicemanager (process (siginh rlimitinh)))
|
|
(typetransition init servicemanager_exec process servicemanager)
|
|
(allow servicemanager runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager property_socket (sock_file (write)))
|
|
(allow servicemanager init (unix_stream_socket (connectto)))
|
|
(allow servicemanager ctl_interface_start_prop (property_service (set)))
|
|
(allow servicemanager ctl_interface_start_prop (file (read getattr map open)))
|
|
(allow servicemanager property_socket (sock_file (write)))
|
|
(allow servicemanager init (unix_stream_socket (connectto)))
|
|
(allow servicemanager servicemanager_prop (property_service (set)))
|
|
(allow servicemanager servicemanager_prop (file (read getattr map open)))
|
|
(allow servicemanager system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow servicemanager system_bootstrap_lib_file (file (read getattr map execute open)))
|
|
(allow servicemanager apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow servicemanager apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow servicemanager vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow servicemanager vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(typetransition shared_relro tmpfs file appdomain_tmpfs)
|
|
(allow shared_relro shared_relro_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 5 system/sepolicy/private/shared_relro.te
|
|
|
|
(neverallow base_typeattr_931 shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow shared_relro appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 5 system/sepolicy/private/shared_relro.te
|
|
|
|
(neverallow base_typeattr_932 base_typeattr_931 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/private/shared_relro.te
|
|
|
|
(neverallow base_typeattr_933 shared_relro (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 5 system/sepolicy/private/shared_relro.te
|
|
|
|
(neverallow base_typeattr_934 shared_relro (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow shared_relro shared_relro_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow shared_relro shared_relro_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shared_relro activity_service (service_manager (find)))
|
|
(allow shared_relro webviewupdate_service (service_manager (find)))
|
|
(allow shared_relro package_service (service_manager (find)))
|
|
(dontaudit shared_relro network_management_service (service_manager (find)))
|
|
(allow shell uhid_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow shell debugfs_tracing_debug (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell debugfs_tracing (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow shell debugfs_trace_marker (file (getattr)))
|
|
(allow shell atrace_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell config_gz (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell tombstone_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell tombstone_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(typetransition shell tmpfs file appdomain_tmpfs)
|
|
(allow shell shell_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 26 system/sepolicy/private/shell.te
|
|
|
|
(neverallow base_typeattr_935 shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow shell appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 26 system/sepolicy/private/shell.te
|
|
|
|
(neverallow base_typeattr_936 base_typeattr_935 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/private/shell.te
|
|
|
|
(neverallow base_typeattr_909 shell (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 26 system/sepolicy/private/shell.te
|
|
|
|
(neverallow base_typeattr_937 shell (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow shell storaged (binder (call transfer)))
|
|
(allow storaged shell (binder (transfer)))
|
|
(allow shell storaged (fd (use)))
|
|
(allow shell selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell selinuxfs (file (write lock append map open)))
|
|
(allow shell kernel (security (compute_av)))
|
|
(allow shell self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow shell selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell selinuxfs (file (write lock append map open)))
|
|
(allow shell kernel (security (check_context)))
|
|
(allow shell traced_consumer_socket (sock_file (write)))
|
|
(allow shell traced (unix_stream_socket (connectto)))
|
|
(allow shell traced (fd (use)))
|
|
(allow shell traced_tmpfs (file (read write getattr map)))
|
|
(allow shell traced_producer_socket (sock_file (write)))
|
|
(allow shell traced (unix_stream_socket (connectto)))
|
|
(allow traced shell (fd (use)))
|
|
(allow shell vendor_shell_exec (file (read getattr map execute open)))
|
|
(allow shell vendor_shell (process (transition)))
|
|
(allow vendor_shell vendor_shell_exec (file (read getattr map execute open entrypoint)))
|
|
(allow vendor_shell shell (process (sigchld)))
|
|
(dontaudit shell vendor_shell (process (noatsecure)))
|
|
(allow shell vendor_shell (process (siginh rlimitinh)))
|
|
(typetransition shell vendor_shell_exec process vendor_shell)
|
|
(allow shell perfetto_exec (file (read getattr map execute open)))
|
|
(allow shell perfetto (process (transition)))
|
|
(allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
|
|
(allow perfetto shell (process (sigchld)))
|
|
(dontaudit shell perfetto (process (noatsecure)))
|
|
(allow shell perfetto (process (siginh rlimitinh)))
|
|
(typetransition shell perfetto_exec process perfetto)
|
|
(allow shell perfetto (process (signal)))
|
|
(allow shell statsd (binder (call transfer)))
|
|
(allow statsd shell (binder (transfer)))
|
|
(allow shell statsd (fd (use)))
|
|
(allow shell perfetto_traces_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow shell perfetto_traces_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow shell perfetto_traces_bugreport_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow shell perfetto_traces_bugreport_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow shell perfetto_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow shell perfetto_configs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow shell gpuservice (binder (call transfer)))
|
|
(allow gpuservice shell (binder (transfer)))
|
|
(allow shell gpuservice (fd (use)))
|
|
(allow shell proc_net_tcp_udp (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell system_linker_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell rs_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell dex2oat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell dex2oat_exec (lnk_file (read)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell lpdumpd_prop (property_service (set)))
|
|
(allow shell lpdumpd_prop (file (read getattr map open)))
|
|
(allow shell lpdumpd (binder (call transfer)))
|
|
(allow lpdumpd shell (binder (transfer)))
|
|
(allow shell lpdumpd (fd (use)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell userspace_reboot_test_prop (property_service (set)))
|
|
(allow shell userspace_reboot_test_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell power_debug_prop (property_service (set)))
|
|
(allow shell power_debug_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell rollback_test_prop (property_service (set)))
|
|
(allow shell rollback_test_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell remote_prov_prop (property_service (set)))
|
|
(allow shell remote_prov_prop (file (read getattr map open)))
|
|
(allowx shell shell_data_file (ioctl dir ((range 0x6615 0x6616))))
|
|
(allow shell simpleperf_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell remount_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow shell self (perf_event (open kernel read write)))
|
|
;;* lmx 137 system/sepolicy/private/shell.te
|
|
|
|
(neverallow shell self (perf_event (cpu tracepoint)))
|
|
;;* lme
|
|
|
|
(allow shell vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell vendor_apex_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow shell apex_data_file (dir (search)))
|
|
(allow shell staging_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell shell_prop (property_service (set)))
|
|
(allow shell shell_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell ctl_bugreport_prop (property_service (set)))
|
|
(allow shell ctl_bugreport_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell ctl_dumpstate_prop (property_service (set)))
|
|
(allow shell ctl_dumpstate_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell dumpstate_prop (property_service (set)))
|
|
(allow shell dumpstate_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell exported_dumpstate_prop (property_service (set)))
|
|
(allow shell exported_dumpstate_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell debug_prop (property_service (set)))
|
|
(allow shell debug_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell perf_drop_caches_prop (property_service (set)))
|
|
(allow shell perf_drop_caches_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell powerctl_prop (property_service (set)))
|
|
(allow shell powerctl_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell log_tag_prop (property_service (set)))
|
|
(allow shell log_tag_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell wifi_log_prop (property_service (set)))
|
|
(allow shell wifi_log_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell traced_enabled_prop (property_service (set)))
|
|
(allow shell traced_enabled_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell logd_auditrate_prop (property_service (set)))
|
|
(allow shell logd_auditrate_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell heapprofd_enabled_prop (property_service (set)))
|
|
(allow shell heapprofd_enabled_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell traced_perf_enabled_prop (property_service (set)))
|
|
(allow shell traced_perf_enabled_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell ctl_gsid_prop (property_service (set)))
|
|
(allow shell ctl_gsid_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell ctl_snapuserd_prop (property_service (set)))
|
|
(allow shell ctl_snapuserd_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell dynamic_system_prop (property_service (set)))
|
|
(allow shell dynamic_system_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell mock_ota_prop (property_service (set)))
|
|
(allow shell mock_ota_prop (file (read getattr map open)))
|
|
(allow shell serialno_prop (file (read getattr map open)))
|
|
(allow shell vendor_security_patch_level_prop (file (read getattr map open)))
|
|
(allow shell device_logging_prop (file (read getattr map open)))
|
|
(allow shell bootloader_boot_reason_prop (file (read getattr map open)))
|
|
(allow shell last_boot_reason_prop (file (read getattr map open)))
|
|
(allow shell system_boot_reason_prop (file (read getattr map open)))
|
|
(allow shell hal_keymint (binder (call transfer)))
|
|
(allow hal_keymint shell (binder (transfer)))
|
|
(allow shell hal_keymint (fd (use)))
|
|
(allow shell init_perf_lsm_hooks_prop (file (read getattr map open)))
|
|
(allow shell build_bootimage_prop (file (read getattr map open)))
|
|
(allow shell odsign_prop (file (read getattr map open)))
|
|
(allow shell keystore2_key_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell shell_key (keystore2_key (delete get_info rebind update use)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell sqlite_log_prop (property_service (set)))
|
|
(allow shell sqlite_log_prop (file (read getattr map open)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell arm64_memtag_prop (property_service (set)))
|
|
(allow shell arm64_memtag_prop (file (read getattr map open)))
|
|
(allow shell verity_status_prop (file (read getattr map open)))
|
|
(allow shell virtual_ab_prop (file (read getattr map open)))
|
|
;;* lmx 238 system/sepolicy/private/shell.te
|
|
|
|
(neverallow base_typeattr_885 perf_drop_caches_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 239 system/sepolicy/private/shell.te
|
|
|
|
(neverallow base_typeattr_938 perf_drop_caches_prop (file (read)))
|
|
;;* lme
|
|
|
|
(allow shell gsi_metadata_file_type (dir (search)))
|
|
(allow shell metadata_file (dir (search)))
|
|
(allow shell gsi_public_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow shell virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow shell virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager shell (process (sigchld)))
|
|
(dontaudit shell virtualizationmanager (process (noatsecure)))
|
|
(allow shell virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition shell virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm shell (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager shell (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm shell (fd (use)))
|
|
(allow virtualizationmanager shell (fd (use)))
|
|
(allow shell virtualizationmanager (fd (use)))
|
|
(allow crosvm shell (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager shell (fifo_file (ioctl read write getattr)))
|
|
(allow shell virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow shell hypervisor_prop (file (read getattr map open)))
|
|
(allow shell virtualizationservice_data_file (file (read getattr)))
|
|
(allow shell property_socket (sock_file (write)))
|
|
(allow shell init (unix_stream_socket (connectto)))
|
|
(allow shell gwp_asan_prop (property_service (set)))
|
|
(allow shell gwp_asan_prop (file (read getattr map open)))
|
|
(allow shell build_attestation_prop (file (read getattr map open)))
|
|
(allow shell oatdump_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow base_typeattr_939 simpleperf_exec (file (read getattr map execute open)))
|
|
(allow base_typeattr_939 simpleperf (process (transition)))
|
|
(allow simpleperf simpleperf_exec (file (read getattr map execute open entrypoint)))
|
|
(allow simpleperf base_typeattr_939 (process (sigchld)))
|
|
(dontaudit base_typeattr_939 simpleperf (process (noatsecure)))
|
|
(allow base_typeattr_939 simpleperf (process (siginh rlimitinh)))
|
|
(typetransition base_typeattr_939 simpleperf_exec process simpleperf)
|
|
(typetransition simpleperf tmpfs file appdomain_tmpfs)
|
|
(allow simpleperf simpleperf_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 23 system/sepolicy/private/simpleperf.te
|
|
|
|
(neverallow base_typeattr_940 simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow simpleperf appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 23 system/sepolicy/private/simpleperf.te
|
|
|
|
(neverallow base_typeattr_941 base_typeattr_940 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/private/simpleperf.te
|
|
|
|
(neverallow base_typeattr_909 simpleperf (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 23 system/sepolicy/private/simpleperf.te
|
|
|
|
(neverallow base_typeattr_910 simpleperf (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow simpleperf untrusted_app_all (process (ptrace)))
|
|
(allow simpleperf ephemeral_app (process (ptrace)))
|
|
(allow simpleperf isolated_app (process (ptrace)))
|
|
(allow simpleperf platform_app (process (ptrace)))
|
|
(allow simpleperf priv_app (process (ptrace)))
|
|
(allow simpleperf self (perf_event (open kernel read write)))
|
|
(allow simpleperf untrusted_app_all (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow simpleperf ephemeral_app (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow simpleperf isolated_app (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow simpleperf platform_app (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow simpleperf priv_app (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow simpleperf untrusted_app_all (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf untrusted_app_all (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf ephemeral_app (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf ephemeral_app (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf isolated_app (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf isolated_app (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf platform_app (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf platform_app (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf priv_app (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf priv_app (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_all simpleperf (process (signal)))
|
|
(allow ephemeral_app simpleperf (process (signal)))
|
|
(allow isolated_app simpleperf (process (signal)))
|
|
(allow platform_app simpleperf (process (signal)))
|
|
(allow priv_app simpleperf (process (signal)))
|
|
(dontaudit simpleperf domain (dir (search)))
|
|
;;* lmx 51 system/sepolicy/private/simpleperf.te
|
|
|
|
(neverallow simpleperf self (perf_event (cpu tracepoint)))
|
|
;;* lme
|
|
|
|
(allow shell simpleperf_app_runner_exec (file (read getattr map execute open)))
|
|
(allow shell simpleperf_app_runner (process (transition)))
|
|
(allow simpleperf_app_runner simpleperf_app_runner_exec (file (read getattr map execute open entrypoint)))
|
|
(allow simpleperf_app_runner shell (process (sigchld)))
|
|
(dontaudit shell simpleperf_app_runner (process (noatsecure)))
|
|
(allow shell simpleperf_app_runner (process (siginh rlimitinh)))
|
|
(typetransition shell simpleperf_app_runner_exec process simpleperf_app_runner)
|
|
(allow simpleperf_app_runner adbd (fd (use)))
|
|
(allow simpleperf_app_runner shell (fd (use)))
|
|
(allow simpleperf_app_runner devpts (chr_file (ioctl read write)))
|
|
(allow simpleperf_app_runner system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf_app_runner system_data_file (lnk_file (getattr)))
|
|
(allow simpleperf_app_runner packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf_app_runner system_data_file (lnk_file (read)))
|
|
(allow simpleperf_app_runner self (capability (setgid setuid)))
|
|
(allow simpleperf_app_runner self (cap_userns (setgid setuid)))
|
|
(allow simpleperf_app_runner selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow simpleperf_app_runner selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf_app_runner selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf_app_runner selinuxfs (file (write lock append map open)))
|
|
(allow simpleperf_app_runner kernel (security (check_context)))
|
|
(allow simpleperf_app_runner self (process (setcurrent)))
|
|
(allow simpleperf_app_runner untrusted_app_all (process (dyntransition)))
|
|
(allow simpleperf_app_runner ephemeral_app (process (dyntransition)))
|
|
(allow simpleperf_app_runner isolated_app (process (dyntransition)))
|
|
(allow simpleperf_app_runner platform_app (process (dyntransition)))
|
|
(allow simpleperf_app_runner priv_app (process (dyntransition)))
|
|
(allow simpleperf_app_runner seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow simpleperf_app_runner shell (fifo_file (read write)))
|
|
(allow simpleperf_app_runner shell_data_file (dir (getattr search)))
|
|
(allow simpleperf_app_runner shell_data_file (file (write getattr)))
|
|
;;* lmx 44 system/sepolicy/private/simpleperf_app_runner.te
|
|
|
|
(neverallow simpleperf_app_runner self (capability (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow simpleperf_app_runner self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
;;* lme
|
|
|
|
;;* lmx 45 system/sepolicy/private/simpleperf_app_runner.te
|
|
|
|
(neverallow simpleperf_app_runner self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
(neverallow simpleperf_app_runner self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
;;* lme
|
|
|
|
(allow init snapshotctl_exec (file (read getattr map execute open)))
|
|
(allow init snapshotctl (process (transition)))
|
|
(allow snapshotctl snapshotctl_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init snapshotctl (process (noatsecure)))
|
|
(allow init snapshotctl (process (siginh rlimitinh)))
|
|
(typetransition init snapshotctl_exec process snapshotctl)
|
|
(allow snapshotctl property_socket (sock_file (write)))
|
|
(allow snapshotctl init (unix_stream_socket (connectto)))
|
|
(allow snapshotctl ctl_gsid_prop (property_service (set)))
|
|
(allow snapshotctl ctl_gsid_prop (file (read getattr map open)))
|
|
(allow snapshotctl servicemanager (binder (call transfer)))
|
|
(allow servicemanager snapshotctl (binder (call transfer)))
|
|
(allow servicemanager snapshotctl (dir (search)))
|
|
(allow servicemanager snapshotctl (file (read open)))
|
|
(allow servicemanager snapshotctl (process (getattr)))
|
|
(allow snapshotctl gsi_service (service_manager (find)))
|
|
(allow snapshotctl gsid (binder (call transfer)))
|
|
(allow gsid snapshotctl (binder (transfer)))
|
|
(allow snapshotctl gsid (fd (use)))
|
|
(allow snapshotctl metadata_file (dir (search)))
|
|
(allow snapshotctl ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow snapshotctl ota_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow snapshotctl sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow snapshotctl sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow snapshotctl sysfs_dt_firmware_android (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow snapshotctl proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow snapshotctl block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow snapshotctl super_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow snapshotctl dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow snapshotctl self (capability (sys_admin)))
|
|
(allow snapshotctl self (cap_userns (sys_admin)))
|
|
(allow snapshotctl hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager snapshotctl (binder (call transfer)))
|
|
(allow hwservicemanager snapshotctl (dir (search)))
|
|
(allow hwservicemanager snapshotctl (file (read map open)))
|
|
(allow hwservicemanager snapshotctl (process (getattr)))
|
|
(allow snapshotctl statsdw_socket (sock_file (write)))
|
|
(allow snapshotctl statsd (unix_dgram_socket (sendto)))
|
|
(allow init snapuserd_exec (file (read getattr map execute open)))
|
|
(allow init snapuserd (process (transition)))
|
|
(allow snapuserd snapuserd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init snapuserd (process (noatsecure)))
|
|
(allow init snapuserd (process (siginh rlimitinh)))
|
|
(typetransition init snapuserd_exec process snapuserd)
|
|
(allow snapuserd kmsg_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow snapuserd block_device (dir (search)))
|
|
(allow snapuserd sysfs (dir (read open)))
|
|
(allow snapuserd sysfs_dm (dir (read open search)))
|
|
(allow snapuserd sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow snapuserd block_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow snapuserd dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow snapuserd dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow snapuserd dm_user_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow snapuserd dm_user_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow snapuserd snapuserd_socket (unix_stream_socket (read write getattr listen accept)))
|
|
(allow snapuserd snapuserd_proxy_socket (sock_file (write)))
|
|
(allow snapuserd self (capability (setgid)))
|
|
(allow snapuserd self (cap_userns (setgid)))
|
|
(allow snapuserd kernel (fd (use)))
|
|
(allow snapuserd property_socket (sock_file (write)))
|
|
(allow snapuserd init (unix_stream_socket (connectto)))
|
|
(allow snapuserd snapuserd_prop (property_service (set)))
|
|
(allow snapuserd snapuserd_prop (file (read getattr map open)))
|
|
(allow snapuserd virtual_ab_prop (file (read getattr map open)))
|
|
(allow snapuserd tmpfs (dir (read watch)))
|
|
;;* lmx 56 system/sepolicy/private/snapuserd.te
|
|
|
|
(neverallow base_typeattr_942 snapuserd_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow snapuserd metadata_file (dir (search)))
|
|
(allow snapuserd ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow snapuserd ota_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow snapuserd snapuserd_log_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow snapuserd snapuserd_log_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow snapuserd proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow snapuserd self (capability (ipc_lock)))
|
|
(allow snapuserd snapuserd_iouring (anon_inode (read write create map)))
|
|
(allow snapuserd self (io_uring (sqpoll)))
|
|
;;* lmx 73 system/sepolicy/private/snapuserd.te
|
|
|
|
(neverallow base_typeattr_943 snapuserd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit snapuserd self (capability (ipc_lock)))
|
|
(dontaudit snapuserd self (cap_userns (ipc_lock)))
|
|
(allow shell stats_exec (file (read getattr map execute open)))
|
|
(allow shell stats (process (transition)))
|
|
(allow stats stats_exec (file (read getattr map execute open entrypoint)))
|
|
(allow stats shell (process (sigchld)))
|
|
(dontaudit shell stats (process (noatsecure)))
|
|
(allow shell stats (process (siginh rlimitinh)))
|
|
(typetransition shell stats_exec process stats)
|
|
(allow stats shell (fd (use)))
|
|
(allow stats adbd (fd (use)))
|
|
(allow stats adbd (unix_stream_socket (read write)))
|
|
(allow stats adbd (process (sigchld)))
|
|
(allow stats servicemanager (binder (call transfer)))
|
|
(allow servicemanager stats (binder (call transfer)))
|
|
(allow servicemanager stats (dir (search)))
|
|
(allow servicemanager stats (file (read open)))
|
|
(allow servicemanager stats (process (getattr)))
|
|
(allow stats stats_service (service_manager (find)))
|
|
(allow stats statsd (binder (call transfer)))
|
|
(allow statsd stats (binder (transfer)))
|
|
(allow stats statsd (fd (use)))
|
|
(allow stats statsd (fifo_file (write)))
|
|
(allow statsd stats_service (service_manager (add find)))
|
|
;;* lmx 27 system/sepolicy/private/stats.te
|
|
|
|
(neverallow base_typeattr_944 stats_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow statsd stats (fd (use)))
|
|
(allow statsd stats (fifo_file (write)))
|
|
(allow statsd stats (binder (call transfer)))
|
|
(allow stats statsd (binder (transfer)))
|
|
(allow statsd stats (fd (use)))
|
|
(allow init statsd_exec (file (read getattr map execute open)))
|
|
(allow init statsd (process (transition)))
|
|
(allow statsd statsd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init statsd (process (noatsecure)))
|
|
(allow init statsd (process (siginh rlimitinh)))
|
|
(typetransition init statsd_exec process statsd)
|
|
(allow statsd perfetto_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow statsd perfetto_exec (file (read getattr map execute open)))
|
|
(allow statsd perfetto (process (transition)))
|
|
(allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
|
|
(allow perfetto statsd (process (sigchld)))
|
|
(dontaudit statsd perfetto (process (noatsecure)))
|
|
(allow statsd perfetto (process (siginh rlimitinh)))
|
|
(typetransition statsd perfetto_exec process perfetto)
|
|
(allow statsd statscompanion_service (service_manager (find)))
|
|
(allow statsd incidentd (fifo_file (write)))
|
|
(allow statsd system_server (fifo_file (read write getattr)))
|
|
(allow statsd priv_app (fifo_file (read write getattr)))
|
|
(allow statsd surfaceflinger (binder (call transfer)))
|
|
(allow surfaceflinger statsd (binder (transfer)))
|
|
(allow statsd surfaceflinger (fd (use)))
|
|
(allow statsd device_config_statsd_native_prop (file (read getattr map open)))
|
|
(allow statsd device_config_statsd_native_boot_prop (file (read getattr map open)))
|
|
(allow statsd uprobestats_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow statsd uprobestats_configs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow statsd property_socket (sock_file (write)))
|
|
(allow statsd init (unix_stream_socket (connectto)))
|
|
(allow statsd uprobestats_start_with_config_prop (property_service (set)))
|
|
(allow statsd uprobestats_start_with_config_prop (file (read getattr map open)))
|
|
(allow init storaged_exec (file (read getattr map execute open)))
|
|
(allow init storaged (process (transition)))
|
|
(allow storaged storaged_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init storaged (process (noatsecure)))
|
|
(allow init storaged (process (siginh rlimitinh)))
|
|
(typetransition init storaged_exec process storaged)
|
|
(allow storaged domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow storaged domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow storaged domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow storaged proc_uid_io_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow storaged system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow storaged packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow storaged storaged_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow storaged storaged_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow storaged shell (fd (use)))
|
|
(allow storaged shell (fifo_file (write)))
|
|
(allow storaged priv_app (fd (use)))
|
|
(allow storaged gmscore_app (fd (use)))
|
|
(allow storaged app_data_file (file (write)))
|
|
(allow storaged privapp_data_file (file (write)))
|
|
(allow storaged permission_service (service_manager (find)))
|
|
(allow storaged storaged_service (service_manager (add find)))
|
|
;;* lmx 45 system/sepolicy/private/storaged.te
|
|
|
|
(neverallow base_typeattr_945 storaged_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow storaged servicemanager (binder (call transfer)))
|
|
(allow servicemanager storaged (binder (call transfer)))
|
|
(allow servicemanager storaged (dir (search)))
|
|
(allow servicemanager storaged (file (read open)))
|
|
(allow servicemanager storaged (process (getattr)))
|
|
(allow storaged system_server (binder (call transfer)))
|
|
(allow system_server storaged (binder (transfer)))
|
|
(allow storaged system_server (fd (use)))
|
|
(allow storaged dumpstate (fd (use)))
|
|
(allow storaged package_native_service (service_manager (find)))
|
|
(dontaudit storaged self (capability (dac_override dac_read_search)))
|
|
(dontaudit storaged self (cap_userns (dac_override dac_read_search)))
|
|
(allow storaged dumpstate (fifo_file (write)))
|
|
;;* lmx 68 system/sepolicy/private/storaged.te
|
|
|
|
(neverallow storaged domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/storaged.te
|
|
|
|
(neverallow storaged self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow storaged self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
(neverallow storaged self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
|
|
(neverallow storaged self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon)))
|
|
;;* lme
|
|
|
|
(allow init surfaceflinger_exec (file (read getattr map execute open)))
|
|
(allow init surfaceflinger (process (transition)))
|
|
(allow surfaceflinger surfaceflinger_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init surfaceflinger (process (noatsecure)))
|
|
(allow init surfaceflinger (process (siginh rlimitinh)))
|
|
(typetransition init surfaceflinger_exec process surfaceflinger)
|
|
(typetransition surfaceflinger tmpfs file surfaceflinger_tmpfs)
|
|
(allow surfaceflinger surfaceflinger_tmpfs (file (read write getattr map)))
|
|
(allow surfaceflinger runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger hidl_token_hwservice (hwservice_manager (find)))
|
|
(allow surfaceflinger servicemanager (binder (call transfer)))
|
|
(allow servicemanager surfaceflinger (binder (call transfer)))
|
|
(allow servicemanager surfaceflinger (dir (search)))
|
|
(allow servicemanager surfaceflinger (file (read open)))
|
|
(allow servicemanager surfaceflinger (process (getattr)))
|
|
(allow surfaceflinger binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger binderservicedomain (fd (use)))
|
|
(allow surfaceflinger appdomain (binder (call transfer)))
|
|
(allow appdomain surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger appdomain (fd (use)))
|
|
(allow surfaceflinger bootanim (binder (call transfer)))
|
|
(allow bootanim surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger bootanim (fd (use)))
|
|
(allow surfaceflinger system_server (binder (call transfer)))
|
|
(allow system_server surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger system_server (fd (use)))
|
|
(allow surfaceflinger adbd (binder (call transfer)))
|
|
(allow adbd surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger adbd (fd (use)))
|
|
(allow surfaceflinger binderservicedomain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger binderservicedomain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger binderservicedomain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger appdomain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger appdomain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger appdomain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow surfaceflinger gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger graphics_device (dir (search)))
|
|
(allow surfaceflinger graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow surfaceflinger video_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger video_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow surfaceflinger dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger system_prop (property_service (set)))
|
|
(allow surfaceflinger system_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger bootanim_system_prop (property_service (set)))
|
|
(allow surfaceflinger bootanim_system_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger exported_system_prop (property_service (set)))
|
|
(allow surfaceflinger exported_system_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger exported3_system_prop (property_service (set)))
|
|
(allow surfaceflinger exported3_system_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger ctl_bootanim_prop (property_service (set)))
|
|
(allow surfaceflinger ctl_bootanim_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger locale_prop (property_service (set)))
|
|
(allow surfaceflinger locale_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger surfaceflinger_display_prop (property_service (set)))
|
|
(allow surfaceflinger surfaceflinger_display_prop (file (read getattr map open)))
|
|
(allow surfaceflinger property_socket (sock_file (write)))
|
|
(allow surfaceflinger init (unix_stream_socket (connectto)))
|
|
(allow surfaceflinger timezone_prop (property_service (set)))
|
|
(allow surfaceflinger timezone_prop (file (read getattr map open)))
|
|
(allow surfaceflinger qemu_sf_lcd_density_prop (file (read getattr map open)))
|
|
(allow surfaceflinger device_config_surface_flinger_native_boot_prop (file (read getattr map open)))
|
|
(allow surfaceflinger appdomain (fd (use)))
|
|
(allow surfaceflinger app_data_file (file (read write)))
|
|
(allow surfaceflinger privapp_data_file (file (read write)))
|
|
(allow surfaceflinger traced (fd (use)))
|
|
(allow surfaceflinger traced_tmpfs (file (read write getattr map)))
|
|
(allow surfaceflinger traced_producer_socket (sock_file (write)))
|
|
(allow surfaceflinger traced (unix_stream_socket (connectto)))
|
|
(allow traced surfaceflinger (fd (use)))
|
|
(allow surfaceflinger adbd (unix_stream_socket (read write getattr)))
|
|
(allow surfaceflinger dumpstate (binder (call transfer)))
|
|
(allow dumpstate surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger dumpstate (fd (use)))
|
|
(allow surfaceflinger shell (binder (call transfer)))
|
|
(allow shell surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger shell (fd (use)))
|
|
(allow surfaceflinger dumpstate (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger dumpstate (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger dumpstate (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger surfaceflinger_service (service_manager (add find)))
|
|
(allow surfaceflinger mediaserver_service (service_manager (find)))
|
|
(allow surfaceflinger permission_service (service_manager (find)))
|
|
(allow surfaceflinger power_service (service_manager (find)))
|
|
(allow surfaceflinger vr_manager_service (service_manager (find)))
|
|
(allow surfaceflinger window_service (service_manager (find)))
|
|
(allow surfaceflinger inputflinger_service (service_manager (find)))
|
|
(allow surfaceflinger self (capability (sys_nice)))
|
|
(allow surfaceflinger self (cap_userns (sys_nice)))
|
|
(allow surfaceflinger proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger system_server (fd (use)))
|
|
(allow surfaceflinger system_server (unix_stream_socket (read write)))
|
|
(allow surfaceflinger ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow surfaceflinger dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow init pdx_display_client_endpoint_socket_type (unix_stream_socket (create bind)))
|
|
(allow surfaceflinger pdx_display_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
|
|
(allow surfaceflinger self (process (setsockcreate)))
|
|
(allow surfaceflinger pdx_display_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 121 system/sepolicy/private/surfaceflinger.te
|
|
|
|
(neverallow base_typeattr_946 pdx_display_client_endpoint_socket_type (unix_stream_socket (listen accept)))
|
|
;;* lme
|
|
|
|
(allow init pdx_display_manager_endpoint_socket_type (unix_stream_socket (create bind)))
|
|
(allow surfaceflinger pdx_display_manager_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
|
|
(allow surfaceflinger self (process (setsockcreate)))
|
|
(allow surfaceflinger pdx_display_manager_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 122 system/sepolicy/private/surfaceflinger.te
|
|
|
|
(neverallow base_typeattr_946 pdx_display_manager_endpoint_socket_type (unix_stream_socket (listen accept)))
|
|
;;* lme
|
|
|
|
(allow init pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (create bind)))
|
|
(allow surfaceflinger pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
|
|
(allow surfaceflinger self (process (setsockcreate)))
|
|
(allow surfaceflinger pdx_display_screenshot_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 123 system/sepolicy/private/surfaceflinger.te
|
|
|
|
(neverallow base_typeattr_946 pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (listen accept)))
|
|
;;* lme
|
|
|
|
(allow init pdx_display_vsync_endpoint_socket_type (unix_stream_socket (create bind)))
|
|
(allow surfaceflinger pdx_display_vsync_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
|
|
(allow surfaceflinger self (process (setsockcreate)))
|
|
(allow surfaceflinger pdx_display_vsync_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
;;* lmx 124 system/sepolicy/private/surfaceflinger.te
|
|
|
|
(neverallow base_typeattr_946 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (listen accept)))
|
|
;;* lme
|
|
|
|
(allow surfaceflinger pdx_bufferhub_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger pdx_bufferhub_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow surfaceflinger pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow surfaceflinger pdx_bufferhub_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow surfaceflinger pdx_bufferhub_client_server_type (fd (use)))
|
|
(allow pdx_bufferhub_client_server_type surfaceflinger (fd (use)))
|
|
(allow surfaceflinger pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow surfaceflinger pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow surfaceflinger pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
|
|
(allow surfaceflinger pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
|
|
(allow surfaceflinger pdx_performance_client_server_type (fd (use)))
|
|
(allow pdx_performance_client_server_type surfaceflinger (fd (use)))
|
|
(allow surfaceflinger stats_service (service_manager (find)))
|
|
(allow surfaceflinger statsmanager_service (service_manager (find)))
|
|
(allow surfaceflinger statsd (binder (call transfer)))
|
|
(allow statsd surfaceflinger (binder (transfer)))
|
|
(allow surfaceflinger statsd (fd (use)))
|
|
(allow surfaceflinger hal_evs (fd (use)))
|
|
(allow surfaceflinger hal_camera (fd (use)))
|
|
(dontaudit surfaceflinger vendor_default_prop (file (read)))
|
|
;;* lmx 156 system/sepolicy/private/surfaceflinger.te
|
|
|
|
(neverallow surfaceflinger sdcard_type (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(neverallow surfaceflinger fuse (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit surfaceflinger unlabeled (dir (search)))
|
|
(typetransition system_app tmpfs file appdomain_tmpfs)
|
|
(allow system_app system_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 9 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow base_typeattr_947 system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow system_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 9 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow base_typeattr_948 base_typeattr_947 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow base_typeattr_949 system_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 9 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow base_typeattr_950 system_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow system_app rootfs (dir (getattr)))
|
|
(allow system_app system_app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_app system_app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_app system_app_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_app misc_user_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_app misc_user_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_app apex_data_file (dir (search)))
|
|
(allow system_app staging_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_app wallpaper_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_app icon_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app adaptive_haptics_prop (property_service (set)))
|
|
(allow system_app adaptive_haptics_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app arm64_memtag_prop (property_service (set)))
|
|
(allow system_app arm64_memtag_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app bluetooth_a2dp_offload_prop (property_service (set)))
|
|
(allow system_app bluetooth_a2dp_offload_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app bluetooth_audio_hal_prop (property_service (set)))
|
|
(allow system_app bluetooth_audio_hal_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app bluetooth_prop (property_service (set)))
|
|
(allow system_app bluetooth_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app debug_prop (property_service (set)))
|
|
(allow system_app debug_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app system_prop (property_service (set)))
|
|
(allow system_app system_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app exported_bluetooth_prop (property_service (set)))
|
|
(allow system_app exported_bluetooth_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app exported_system_prop (property_service (set)))
|
|
(allow system_app exported_system_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app exported3_system_prop (property_service (set)))
|
|
(allow system_app exported3_system_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app gesture_prop (property_service (set)))
|
|
(allow system_app gesture_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app locale_prop (property_service (set)))
|
|
(allow system_app locale_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app logd_prop (property_service (set)))
|
|
(allow system_app logd_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app net_radio_prop (property_service (set)))
|
|
(allow system_app net_radio_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app timezone_prop (property_service (set)))
|
|
(allow system_app timezone_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app usb_control_prop (property_service (set)))
|
|
(allow system_app usb_control_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app usb_prop (property_service (set)))
|
|
(allow system_app usb_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app log_tag_prop (property_service (set)))
|
|
(allow system_app log_tag_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app drm_forcel3_prop (property_service (set)))
|
|
(allow system_app drm_forcel3_prop (file (read getattr map open)))
|
|
(auditallow system_app net_radio_prop (property_service (set)))
|
|
(auditallow system_app usb_control_prop (property_service (set)))
|
|
(auditallow system_app usb_prop (property_service (set)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app dynamic_system_prop (property_service (set)))
|
|
(allow system_app dynamic_system_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app ctl_default_prop (property_service (set)))
|
|
(allow system_app ctl_default_prop (file (read getattr map open)))
|
|
(allow system_app property_socket (sock_file (write)))
|
|
(allow system_app init (unix_stream_socket (connectto)))
|
|
(allow system_app ctl_bugreport_prop (property_service (set)))
|
|
(allow system_app ctl_bugreport_prop (file (read getattr map open)))
|
|
(allow system_app gsid_prop (file (read getattr map open)))
|
|
(allow system_app enable_16k_pages_prop (file (read getattr map open)))
|
|
(allow system_app anr_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
|
|
(allow system_app anr_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_app asec_apk_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_app statsd (binder (call transfer)))
|
|
(allow statsd system_app (binder (transfer)))
|
|
(allow system_app statsd (fd (use)))
|
|
(allow system_app incidentd (binder (call transfer)))
|
|
(allow incidentd system_app (binder (transfer)))
|
|
(allow system_app incidentd (fd (use)))
|
|
(allow system_app servicemanager (binder (call transfer)))
|
|
(allow servicemanager system_app (binder (call transfer)))
|
|
(allow servicemanager system_app (dir (search)))
|
|
(allow servicemanager system_app (file (read open)))
|
|
(allow servicemanager system_app (process (getattr)))
|
|
(allow system_app update_engine_stable_service (service_manager (find)))
|
|
(allow system_app update_engine (binder (call transfer)))
|
|
(allow update_engine system_app (binder (transfer)))
|
|
(allow system_app update_engine (fd (use)))
|
|
(allow system_app servicemanager (service_manager (list)))
|
|
(allow system_app base_typeattr_951 (service_manager (find)))
|
|
(dontaudit system_app dnsresolver_service (service_manager (find)))
|
|
(dontaudit system_app dumpstate_service (service_manager (find)))
|
|
(dontaudit system_app installd_service (service_manager (find)))
|
|
(dontaudit system_app mdns_service (service_manager (find)))
|
|
(dontaudit system_app netd_service (service_manager (find)))
|
|
(dontaudit system_app virtual_touchpad_service (service_manager (find)))
|
|
(dontaudit system_app vold_service (service_manager (find)))
|
|
(dontaudit system_app debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit system_app proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit system_app sysfs_zram (dir (search)))
|
|
(allow system_app keystore (keystore2_key (delete get_info grant rebind update use)))
|
|
(allow system_app wifi_key (keystore2_key (delete get_info rebind update use)))
|
|
(allow system_app proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_app cgroup (file (write lock append map open)))
|
|
(allow system_app cgroup_v2 (file (write lock append map open)))
|
|
(allow system_app cgroup_v2 (dir (write lock open add_name remove_name search)))
|
|
(allow system_app logd_socket (sock_file (write)))
|
|
(allow system_app logd (unix_stream_socket (connectto)))
|
|
(allow system_app runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_app device_logging_prop (file (read getattr map open)))
|
|
(allow system_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
(allow system_app game_manager_config_prop (file (read getattr map open)))
|
|
(allow system_app oem_unlock_prop (file (read getattr map open)))
|
|
(allow system_app usb_uvc_enabled_prop (file (read getattr map open)))
|
|
(allow system_app pm_archiving_enabled_prop (file (read getattr map open)))
|
|
;;* lmx 185 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow system_app fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 191 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow system_app shell_data_file (dir (read write create setattr relabelfrom link rename open add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 192 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow system_app shell_data_file (file (ioctl read lock open)))
|
|
;;* lme
|
|
|
|
;;* lmx 195 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow base_typeattr_952 adaptive_haptics_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 197 system/sepolicy/private/system_app.te
|
|
|
|
(neverallow base_typeattr_952 drm_forcel3_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(typetransition system_server tmpfs file system_server_tmpfs)
|
|
(allow system_server system_server_tmpfs (file (read write getattr map)))
|
|
(allow system_server system_server_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su system_server_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 17 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_305 system_server_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow system_server zygote_tmpfs (file (read map)))
|
|
(allow system_server appdomain_tmpfs (file (read write getattr map)))
|
|
(allow system_server proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server incremental_control_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allowx system_server incremental_control_file (ioctl file (0x671e 0x6721 0x6723 (range 0x6725 0x6727))))
|
|
(allowx system_server apk_data_file (ioctl file ((range 0x6601 0x6602))))
|
|
(allowx system_server apk_data_file (ioctl file ((range 0x671f 0x6720) 0x6722 0x6724)))
|
|
(allowx system_server apk_data_file (ioctl file (0xf50c (range 0xf511 0xf513) (range 0xf517 0xf518))))
|
|
(allowx system_server apk_tmp_file (ioctl file (0x6601)))
|
|
(allowx system_server apk_tmp_file (ioctl file (0xf512)))
|
|
(allow system_server sysfs_fs_incfs_metrics (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_fs_f2fs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit system_server apex_art_data_file (file (execute)))
|
|
(allowx system_server dalvikcache_data_file (ioctl file (0x6601)))
|
|
(allowx system_server dalvikcache_data_file (ioctl file (0xf512)))
|
|
(allow system_server resourcecache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server resourcecache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server self (process (ptrace)))
|
|
(allow system_server zygote (fd (use)))
|
|
(allow system_server zygote (process (sigchld)))
|
|
(allow system_server app_zygote (process (sigkill signull getpgid)))
|
|
(allow system_server crash_dump (process (sigkill signull getpgid)))
|
|
(allow system_server webview_zygote (process (sigkill signull getpgid)))
|
|
(allow system_server zygote (process (sigkill signull getpgid)))
|
|
(allow system_server crosvm (process (sigkill signull getpgid)))
|
|
(allow system_server virtualizationmanager (process (sigkill signull getpgid)))
|
|
(allow system_server zygote_exec (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server zygote (unix_stream_socket (getattr getopt)))
|
|
(allowx system_server self (ioctl udp_socket (0x6900 0x6902)))
|
|
(allowx system_server self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
|
|
(allowx system_server self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
|
|
(allow system_server appdomain (tcp_socket (ioctl)))
|
|
(allow system_server self (capability (kill net_bind_service net_broadcast net_admin net_raw ipc_lock sys_ptrace sys_boot sys_nice sys_time sys_tty_config)))
|
|
(allow system_server self (cap_userns (kill net_bind_service net_broadcast net_admin net_raw ipc_lock sys_ptrace sys_boot sys_nice sys_time sys_tty_config)))
|
|
(allow system_server self (capability2 (wake_alarm)))
|
|
(allow system_server self (cap2_userns (wake_alarm)))
|
|
(allow system_server self (netlink_netfilter_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server self (netlink_tcpdiag_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
|
|
(allow system_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server self (netlink_nflog_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server self (netlink_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server self (netlink_generic_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server config_gz (file (read open)))
|
|
(allow system_server self (socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server self (netlink_route_socket (nlmsg_write)))
|
|
(allow system_server self (netlink_xfrm_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
|
|
(allow system_server appdomain (process (sigkill signal getpgid)))
|
|
(allow system_server appdomain (process (signull)))
|
|
(allow system_server appdomain (process (getsched setsched)))
|
|
(allow system_server audioserver (process (getsched setsched)))
|
|
(allow system_server hal_audio (process (getsched setsched)))
|
|
(allow system_server hal_bluetooth (process (getsched setsched)))
|
|
(allow system_server hal_codec2_server (process (getsched setsched)))
|
|
(allow system_server hal_omx_server (process (getsched setsched)))
|
|
(allow system_server mediaswcodec (process (getsched setsched)))
|
|
(allow system_server cameraserver (process (getsched setsched)))
|
|
(allow system_server hal_camera (process (getsched setsched)))
|
|
(allow system_server mediaserver (process (getsched setsched)))
|
|
(allow system_server bootanim (process (getsched setsched)))
|
|
(allow system_server kernel (process (getsched setsched)))
|
|
(allow system_server domain (file (write lock append map open)))
|
|
(allow system_server domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_cputime_removeuid (file (write getattr lock append map open)))
|
|
(allow system_server proc_uid_procstat_set (file (write getattr lock append map open)))
|
|
(allow system_server proc_sysrq (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server stats_config_data_file (dir (read write open remove_name search)))
|
|
(allow system_server stats_config_data_file (file (unlink)))
|
|
(allow system_server odsign_data_file (dir (search)))
|
|
(allow system_server odsign_metrics_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search)))
|
|
(allow system_server odsign_metrics_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow system_server sysfs_ion (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_dma_heap (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_dmabuf_stats (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_dmabuf_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server dmabuf_heap_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server self (tun_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server lmkd_socket (sock_file (write)))
|
|
(allow system_server lmkd (unix_stream_socket (connectto)))
|
|
(allow system_server zygote_socket (sock_file (write)))
|
|
(allow system_server zygote (unix_stream_socket (connectto)))
|
|
(allow system_server uncrypt_socket (sock_file (write)))
|
|
(allow system_server uncrypt (unix_stream_socket (connectto)))
|
|
(allow system_server statsdw_socket (sock_file (write)))
|
|
(allow system_server statsd (unix_dgram_socket (sendto)))
|
|
(allow system_server surfaceflinger (unix_stream_socket (read write setopt)))
|
|
(allow system_server gpuservice (unix_stream_socket (read write setopt)))
|
|
(allow system_server webview_zygote (unix_stream_socket (read write setopt connectto)))
|
|
(allow system_server app_zygote (unix_stream_socket (read write setopt connectto)))
|
|
(allow system_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager system_server (binder (call transfer)))
|
|
(allow servicemanager system_server (dir (search)))
|
|
(allow servicemanager system_server (file (read open)))
|
|
(allow servicemanager system_server (process (getattr)))
|
|
(allow system_server appdomain (binder (call transfer)))
|
|
(allow appdomain system_server (binder (transfer)))
|
|
(allow system_server appdomain (fd (use)))
|
|
(allow system_server artd (binder (call transfer)))
|
|
(allow artd system_server (binder (transfer)))
|
|
(allow system_server artd (fd (use)))
|
|
(allow system_server binderservicedomain (binder (call transfer)))
|
|
(allow binderservicedomain system_server (binder (transfer)))
|
|
(allow system_server binderservicedomain (fd (use)))
|
|
(allow system_server composd (binder (call transfer)))
|
|
(allow composd system_server (binder (transfer)))
|
|
(allow system_server composd (fd (use)))
|
|
(allow system_server dexopt_chroot_setup (binder (call transfer)))
|
|
(allow dexopt_chroot_setup system_server (binder (transfer)))
|
|
(allow system_server dexopt_chroot_setup (fd (use)))
|
|
(allow system_server dumpstate (binder (call transfer)))
|
|
(allow dumpstate system_server (binder (transfer)))
|
|
(allow system_server dumpstate (fd (use)))
|
|
(allow system_server fingerprintd (binder (call transfer)))
|
|
(allow fingerprintd system_server (binder (transfer)))
|
|
(allow system_server fingerprintd (fd (use)))
|
|
(allow system_server gatekeeperd (binder (call transfer)))
|
|
(allow gatekeeperd system_server (binder (transfer)))
|
|
(allow system_server gatekeeperd (fd (use)))
|
|
(allow system_server gpuservice (binder (call transfer)))
|
|
(allow gpuservice system_server (binder (transfer)))
|
|
(allow system_server gpuservice (fd (use)))
|
|
(allow system_server idmap (binder (call transfer)))
|
|
(allow idmap system_server (binder (transfer)))
|
|
(allow system_server idmap (fd (use)))
|
|
(allow system_server installd (binder (call transfer)))
|
|
(allow installd system_server (binder (transfer)))
|
|
(allow system_server installd (fd (use)))
|
|
(allow system_server incidentd (binder (call transfer)))
|
|
(allow incidentd system_server (binder (transfer)))
|
|
(allow system_server incidentd (fd (use)))
|
|
(allow system_server netd (binder (call transfer)))
|
|
(allow netd system_server (binder (transfer)))
|
|
(allow system_server netd (fd (use)))
|
|
(allow system_server ot_daemon (binder (call transfer)))
|
|
(allow ot_daemon system_server (binder (transfer)))
|
|
(allow system_server ot_daemon (fd (use)))
|
|
(allow system_server statsd (binder (call transfer)))
|
|
(allow statsd system_server (binder (transfer)))
|
|
(allow system_server statsd (fd (use)))
|
|
(allow system_server storaged (binder (call transfer)))
|
|
(allow storaged system_server (binder (transfer)))
|
|
(allow system_server storaged (fd (use)))
|
|
(allow system_server update_engine (binder (call transfer)))
|
|
(allow update_engine system_server (binder (transfer)))
|
|
(allow system_server update_engine (fd (use)))
|
|
(allow system_server virtual_camera (binder (call transfer)))
|
|
(allow virtual_camera system_server (binder (transfer)))
|
|
(allow system_server virtual_camera (fd (use)))
|
|
(allow system_server vold (binder (call transfer)))
|
|
(allow vold system_server (binder (transfer)))
|
|
(allow system_server vold (fd (use)))
|
|
(allow system_server logd (binder (call transfer)))
|
|
(allow logd system_server (binder (transfer)))
|
|
(allow system_server logd (fd (use)))
|
|
(allow system_server wificond (binder (call transfer)))
|
|
(allow wificond system_server (binder (transfer)))
|
|
(allow system_server wificond (fd (use)))
|
|
(allow system_server uprobestats (binder (call transfer)))
|
|
(allow uprobestats system_server (binder (transfer)))
|
|
(allow system_server uprobestats (fd (use)))
|
|
(allow system_server hal_graphics_composer (fd (use)))
|
|
(allow system_server hal_renderscript_hwservice (hwservice_manager (find)))
|
|
(allow system_server same_process_hal_file (file (read getattr map execute open)))
|
|
(allow system_server tombstoned_intercept_socket (sock_file (write)))
|
|
(allow system_server tombstoned (unix_stream_socket (connectto)))
|
|
(allow system_server hwservicemanager (hwservice_manager (list)))
|
|
(allow system_server servicemanager (service_manager (list)))
|
|
(allow system_server hal_audio_server (process (signal)))
|
|
(allow system_server hal_bluetooth_server (process (signal)))
|
|
(allow system_server hal_camera_server (process (signal)))
|
|
(allow system_server hal_codec2_server (process (signal)))
|
|
(allow system_server hal_face_server (process (signal)))
|
|
(allow system_server hal_fingerprint_server (process (signal)))
|
|
(allow system_server hal_gnss_server (process (signal)))
|
|
(allow system_server hal_graphics_allocator_server (process (signal)))
|
|
(allow system_server hal_graphics_composer_server (process (signal)))
|
|
(allow system_server hal_health_server (process (signal)))
|
|
(allow system_server hal_input_processor_server (process (signal)))
|
|
(allow system_server hal_light_server (process (signal)))
|
|
(allow system_server hal_neuralnetworks_server (process (signal)))
|
|
(allow system_server hal_omx_server (process (signal)))
|
|
(allow system_server hal_power_server (process (signal)))
|
|
(allow system_server hal_power_stats_server (process (signal)))
|
|
(allow system_server hal_sensors_server (process (signal)))
|
|
(allow system_server hal_vibrator_server (process (signal)))
|
|
(allow system_server hal_vr_server (process (signal)))
|
|
(allow system_server system_suspend_server (process (signal)))
|
|
(allow system_server artd (process (signal)))
|
|
(allow system_server audioserver (process (signal)))
|
|
(allow system_server cameraserver (process (signal)))
|
|
(allow system_server drmserver (process (signal)))
|
|
(allow system_server gpuservice (process (signal)))
|
|
(allow system_server inputflinger (process (signal)))
|
|
(allow system_server keystore (process (signal)))
|
|
(allow system_server mediadrmserver (process (signal)))
|
|
(allow system_server mediaextractor (process (signal)))
|
|
(allow system_server mediametrics (process (signal)))
|
|
(allow system_server mediaserver (process (signal)))
|
|
(allow system_server mediaswcodec (process (signal)))
|
|
(allow system_server mediatranscoding (process (signal)))
|
|
(allow system_server netd (process (signal)))
|
|
(allow system_server sdcardd (process (signal)))
|
|
(allow system_server servicemanager (process (signal)))
|
|
(allow system_server statsd (process (signal)))
|
|
(allow system_server surfaceflinger (process (signal)))
|
|
(allow system_server vold (process (signal)))
|
|
(allow system_server mediatuner (process (signal)))
|
|
(allow system_server audioserver (tcp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server audioserver (udp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server mediaserver (tcp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server mediaserver (udp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server mediadrmserver (tcp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server mediadrmserver (udp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
|
|
(allow system_server traced (fd (use)))
|
|
(allow system_server traced_tmpfs (file (read write getattr map)))
|
|
(allow system_server traced_producer_socket (sock_file (write)))
|
|
(allow system_server traced (unix_stream_socket (connectto)))
|
|
(allow traced system_server (fd (use)))
|
|
(allow system_server file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server mac_perms_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server selinuxfs (file (write lock append map open)))
|
|
(allow system_server kernel (security (compute_av)))
|
|
(allow system_server self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow system_server sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_android_usb (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_android_usb (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_android_usb (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_android_usb (file (write lock append map open)))
|
|
(allow system_server sysfs_extcon (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_extcon (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_extcon (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_ipv4 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_ipv4 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_ipv4 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_ipv4 (file (write lock append map open)))
|
|
(allow system_server sysfs_rtc (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_rtc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_rtc (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_switch (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_switch (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_switch (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_nfc_power_writable (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server sysfs_power (dir (search)))
|
|
(allow system_server sysfs_power (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server sysfs_thermal (dir (search)))
|
|
(allow system_server sysfs_thermal (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_uhid (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_uhid (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server sysfs_vibrator (file (write append)))
|
|
(allow system_server sysfs_usb (file (write lock append map open)))
|
|
(allow system_server device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server mdns_socket (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server input_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server tty_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server usbaccessory_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server video_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server video_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server adbd_socket (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server rtc_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server audio_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server uhid_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server hidraw_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server hidraw_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server audio_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx system_server tun_device (ioctl chr_file (0x54ca 0x54cd 0x54d2 0x54e2)))
|
|
(allow system_server ota_package_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server ota_package_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server system_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server packages_list_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server game_mode_intervention_list_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server keychain_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server keychain_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server keychain_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_userdir_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server apk_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apk_data_file (file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow system_server apk_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow system_server apk_tmp_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apk_tmp_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server vendor_keylayout_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server vendor_keylayout_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_keylayout_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_keychars_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server vendor_keychars_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_keychars_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_idc_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server vendor_idc_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_idc_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server input_device_config_prop (file (read getattr map open)))
|
|
(allow system_server vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_framework_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server vendor_framework_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_framework_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server apk_private_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apk_private_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server apk_private_tmp_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apk_private_tmp_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server asec_apk_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server asec_apk_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server asec_public_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server anr_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server anr_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server tombstoned_java_trace_socket (sock_file (write)))
|
|
(allow system_server tombstoned (unix_stream_socket (connectto)))
|
|
(allow system_server tombstoned (fd (use)))
|
|
(allow system_server dumpstate (fifo_file (append)))
|
|
(allow system_server incidentd (fifo_file (append)))
|
|
(allow system_server incidentd (fifo_file (read)))
|
|
(allow system_server incident_data_file (file (read)))
|
|
(allow system_server prereboot_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server prereboot_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server perfetto_traces_data_file (file (read getattr)))
|
|
(allow system_server perfetto (fd (use)))
|
|
(allow system_server perfetto_exec (file (read getattr map execute open)))
|
|
(allow system_server perfetto (process (transition)))
|
|
(allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
|
|
(allow perfetto system_server (process (sigchld)))
|
|
(dontaudit system_server perfetto (process (noatsecure)))
|
|
(allow system_server perfetto (process (siginh rlimitinh)))
|
|
(typetransition system_server perfetto_exec process perfetto)
|
|
(allow system_server perfetto (fifo_file (read write)))
|
|
(allow system_server perfetto_traces_profiling_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server perfetto_traces_profiling_data_file (file (ioctl read write getattr lock append map unlink open watch watch_reads)))
|
|
(allow system_server perfetto_traces_data_file (dir (search)))
|
|
(allow system_server backup_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server backup_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server dropbox_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server dropbox_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server heapdump_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server heapdump_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server adb_keys_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server adb_keys_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server appcompat_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server appcompat_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server emergency_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server emergency_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server network_watchlist_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server network_watchlist_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server radio_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server radio_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server systemkeys_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server systemkeys_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server textclassifier_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server textclassifier_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server tombstone_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server tombstone_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server vpn_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server vpn_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server wifi_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server wifi_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server staging_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server staging_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server staging_data_file (file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow system_server staging_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
|
|
(allow system_server app_data_file_type (dir (read getattr search)))
|
|
(allow system_server unlabeled (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server unlabeled (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server system_app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server system_app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server app_data_file_type (file (read write getattr append map)))
|
|
(allow system_server media_rw_data_file (dir (read getattr open search)))
|
|
(allow system_server media_rw_data_file (file (read write getattr append)))
|
|
(allow system_server system_server (process (setfscreate)))
|
|
(allow system_server apk_tmp_file (file (relabelfrom relabelto)))
|
|
(allow system_server apk_tmp_file (dir (relabelfrom relabelto)))
|
|
(allow system_server apk_private_tmp_file (file (relabelfrom relabelto)))
|
|
(allow system_server apk_private_tmp_file (dir (relabelfrom relabelto)))
|
|
(allow system_server apk_data_file (file (relabelfrom relabelto)))
|
|
(allow system_server apk_data_file (dir (relabelfrom relabelto)))
|
|
(allow system_server apk_private_data_file (file (relabelfrom relabelto)))
|
|
(allow system_server apk_private_data_file (dir (relabelfrom relabelto)))
|
|
(allow system_server staging_data_file (file (relabelfrom relabelto)))
|
|
(allow system_server staging_data_file (dir (relabelfrom relabelto)))
|
|
(allow system_server system_data_file (file (relabelfrom)))
|
|
(allow system_server wallpaper_file (file (relabelto)))
|
|
(allow system_server wallpaper_file (file (ioctl read write getattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_data_file (file (link)))
|
|
(allow system_server wallpaper_file (file (link)))
|
|
(allow system_server system_data_file (dir (relabelfrom)))
|
|
(allow system_server shortcut_manager_icons (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server shortcut_manager_icons (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server ringtone_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server ringtone_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server icon_file (file (relabelto)))
|
|
(allow system_server icon_file (file (ioctl read write getattr lock append map unlink open watch watch_reads)))
|
|
(allow system_server system_data_file (dir (relabelfrom)))
|
|
(allow system_server server_configurable_flags_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server server_configurable_flags_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server system_prop (property_service (set)))
|
|
(allow system_server system_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server bootanim_system_prop (property_service (set)))
|
|
(allow system_server bootanim_system_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server bluetooth_prop (property_service (set)))
|
|
(allow system_server bluetooth_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server exported_system_prop (property_service (set)))
|
|
(allow system_server exported_system_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server exported3_system_prop (property_service (set)))
|
|
(allow system_server exported3_system_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server safemode_prop (property_service (set)))
|
|
(allow system_server safemode_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server theme_prop (property_service (set)))
|
|
(allow system_server theme_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server dhcp_prop (property_service (set)))
|
|
(allow system_server dhcp_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server net_connectivity_prop (property_service (set)))
|
|
(allow system_server net_connectivity_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server net_radio_prop (property_service (set)))
|
|
(allow system_server net_radio_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server net_dns_prop (property_service (set)))
|
|
(allow system_server net_dns_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server usb_control_prop (property_service (set)))
|
|
(allow system_server usb_control_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server usb_prop (property_service (set)))
|
|
(allow system_server usb_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server debug_prop (property_service (set)))
|
|
(allow system_server debug_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server powerctl_prop (property_service (set)))
|
|
(allow system_server powerctl_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server fingerprint_prop (property_service (set)))
|
|
(allow system_server fingerprint_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_logging_prop (property_service (set)))
|
|
(allow system_server device_logging_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server dumpstate_options_prop (property_service (set)))
|
|
(allow system_server dumpstate_options_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server overlay_prop (property_service (set)))
|
|
(allow system_server overlay_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server exported_overlay_prop (property_service (set)))
|
|
(allow system_server exported_overlay_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server pm_prop (property_service (set)))
|
|
(allow system_server pm_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server exported_pm_prop (property_service (set)))
|
|
(allow system_server exported_pm_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server socket_hook_prop (property_service (set)))
|
|
(allow system_server socket_hook_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server audio_prop (property_service (set)))
|
|
(allow system_server audio_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server boot_status_prop (property_service (set)))
|
|
(allow system_server boot_status_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server surfaceflinger_color_prop (property_service (set)))
|
|
(allow system_server surfaceflinger_color_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server provisioned_prop (property_service (set)))
|
|
(allow system_server provisioned_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server retaildemo_prop (property_service (set)))
|
|
(allow system_server retaildemo_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server dmesgd_start_prop (property_service (set)))
|
|
(allow system_server dmesgd_start_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server locale_prop (property_service (set)))
|
|
(allow system_server locale_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server timezone_metadata_prop (property_service (set)))
|
|
(allow system_server timezone_metadata_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server timezone_prop (property_service (set)))
|
|
(allow system_server timezone_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server crashrecovery_prop (property_service (set)))
|
|
(allow system_server crashrecovery_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server ctl_default_prop (property_service (set)))
|
|
(allow system_server ctl_default_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server ctl_bugreport_prop (property_service (set)))
|
|
(allow system_server ctl_bugreport_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server ctl_gsid_prop (property_service (set)))
|
|
(allow system_server ctl_gsid_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server cppreopt_prop (property_service (set)))
|
|
(allow system_server cppreopt_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_core_experiments_team_internal_prop (property_service (set)))
|
|
(allow system_server device_config_core_experiments_team_internal_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_edgetpu_native_prop (property_service (set)))
|
|
(allow system_server device_config_edgetpu_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_input_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_input_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_netd_native_prop (property_service (set)))
|
|
(allow system_server device_config_netd_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_nnapi_native_prop (property_service (set)))
|
|
(allow system_server device_config_nnapi_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_activity_manager_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_activity_manager_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_runtime_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_runtime_native_prop (property_service (set)))
|
|
(allow system_server device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_lmkd_native_prop (property_service (set)))
|
|
(allow system_server device_config_lmkd_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_media_native_prop (property_service (set)))
|
|
(allow system_server device_config_media_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_camera_native_prop (property_service (set)))
|
|
(allow system_server device_config_camera_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_mglru_native_prop (property_service (set)))
|
|
(allow system_server device_config_mglru_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_profcollect_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_profcollect_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_statsd_native_prop (property_service (set)))
|
|
(allow system_server device_config_statsd_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_statsd_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_statsd_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_storage_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_storage_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_swcodec_native_prop (property_service (set)))
|
|
(allow system_server device_config_swcodec_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_sys_traced_prop (property_service (set)))
|
|
(allow system_server device_config_sys_traced_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_window_manager_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_window_manager_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_configuration_prop (property_service (set)))
|
|
(allow system_server device_config_configuration_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_connectivity_prop (property_service (set)))
|
|
(allow system_server device_config_connectivity_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_surface_flinger_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_surface_flinger_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_aconfig_flags_prop (property_service (set)))
|
|
(allow system_server device_config_aconfig_flags_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_vendor_system_native_prop (property_service (set)))
|
|
(allow system_server device_config_vendor_system_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_vendor_system_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_vendor_system_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_virtualization_framework_native_prop (property_service (set)))
|
|
(allow system_server device_config_virtualization_framework_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_memory_safety_native_boot_prop (property_service (set)))
|
|
(allow system_server device_config_memory_safety_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_memory_safety_native_prop (property_service (set)))
|
|
(allow system_server device_config_memory_safety_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_remote_key_provisioning_native_prop (property_service (set)))
|
|
(allow system_server device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server device_config_tethering_u_or_later_native_prop (property_service (set)))
|
|
(allow system_server device_config_tethering_u_or_later_native_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server smart_idle_maint_enabled_prop (property_service (set)))
|
|
(allow system_server smart_idle_maint_enabled_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server arm64_memtag_prop (property_service (set)))
|
|
(allow system_server arm64_memtag_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server next_boot_prop (property_service (set)))
|
|
(allow system_server next_boot_prop (file (read getattr map open)))
|
|
(allow system_server device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow system_server bootloader_boot_reason_prop (file (read getattr map open)))
|
|
(allow system_server system_boot_reason_prop (file (read getattr map open)))
|
|
(allow system_server boottime_prop (file (read getattr map open)))
|
|
(allow system_server serialno_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server firstboot_prop (property_service (set)))
|
|
(allow system_server firstboot_prop (file (read getattr map open)))
|
|
(allow system_server audio_config_prop (file (read getattr map open)))
|
|
(allow system_server media_config_prop (file (read getattr map open)))
|
|
(allow system_server device_config_reset_performed_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server test_harness_prop (property_service (set)))
|
|
(allow system_server test_harness_prop (file (read getattr map open)))
|
|
(allow system_server gsid_prop (file (read getattr map open)))
|
|
(allow system_server mock_ota_prop (file (read getattr map open)))
|
|
(allow system_server apk_verity_prop (file (read getattr map open)))
|
|
(allow system_server wifi_prop (file (read getattr map open)))
|
|
(allow system_server incremental_prop (file (read getattr map open)))
|
|
(allow system_server zram_config_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server zram_control_prop (property_service (set)))
|
|
(allow system_server zram_control_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server dalvik_runtime_prop (property_service (set)))
|
|
(allow system_server dalvik_runtime_prop (file (read getattr map open)))
|
|
(allow system_server packagemanager_config_prop (file (read getattr map open)))
|
|
(allow system_server net_464xlat_fromvendor_prop (file (read getattr map open)))
|
|
(allow system_server hypervisor_prop (file (read getattr map open)))
|
|
(allow system_server persist_wm_debug_prop (file (read getattr map open)))
|
|
(allow system_server persist_sysui_builder_extras_prop (file (read getattr map open)))
|
|
(allow system_server persist_sysui_ranking_update_prop (file (read getattr map open)))
|
|
(allow system_server tuner_config_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server tuner_server_ctl_prop (property_service (set)))
|
|
(allow system_server tuner_server_ctl_prop (file (read getattr map open)))
|
|
(allow system_server traced_oome_heap_session_count_prop (file (read getattr map open)))
|
|
(allow system_server sensors_config_prop (file (read getattr map open)))
|
|
(allow system_server system_ndebug_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_unsolzygote_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server cache_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server cache_recovery_file (dir (ioctl read write create getattr setattr lock relabelfrom rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server cache_file (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow system_server cache_recovery_file (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
|
|
(allow system_server cache_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server cache_recovery_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server system_file (file (lock)))
|
|
(allow system_server gps_control (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server appdomain (tcp_socket (read write getattr getopt setopt shutdown)))
|
|
(allow system_server appdomain (udp_socket (read write getattr getopt setopt shutdown)))
|
|
(allow system_server appdomain (fifo_file (read write getattr)))
|
|
(allow system_server appdomain (unix_stream_socket (read write getattr)))
|
|
(allow system_server cache_backup_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server cache_backup_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server cache_private_backup_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server cache_private_backup_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server usb_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server usb_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server fscklogs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server fscklogs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server fscklogs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server fscklogs (dir (write add_name remove_name)))
|
|
(allow system_server fscklogs (file (rename)))
|
|
(allow system_server zygote (unix_dgram_socket (write)))
|
|
(allow system_server logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow system_server logdr_socket (sock_file (write)))
|
|
(allow system_server logd (unix_stream_socket (connectto)))
|
|
(allow system_server runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_lowmemorykiller (file (write getattr lock append map open)))
|
|
(allow system_server pstorefs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server pstorefs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server sysfs_zram (dir (search)))
|
|
(allow system_server sysfs_zram (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server kernel (security (read_policy)))
|
|
(allow system_server system_server_service (service_manager (add find)))
|
|
;;* lmx 952 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_305 system_server_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow system_server artd_service (service_manager (find)))
|
|
(allow system_server artd_pre_reboot_service (service_manager (find)))
|
|
(allow system_server audioserver_service (service_manager (find)))
|
|
(allow system_server authorization_service (service_manager (find)))
|
|
(allow system_server batteryproperties_service (service_manager (find)))
|
|
(allow system_server cameraserver_service (service_manager (find)))
|
|
(allow system_server compos_service (service_manager (find)))
|
|
(allow system_server dataloader_manager_service (service_manager (find)))
|
|
(allow system_server dexopt_chroot_setup_service (service_manager (find)))
|
|
(allow system_server dnsresolver_service (service_manager (find)))
|
|
(allow system_server drmserver_service (service_manager (find)))
|
|
(allow system_server dumpstate_service (service_manager (find)))
|
|
(allow system_server fingerprintd_service (service_manager (find)))
|
|
(allow system_server gatekeeper_service (service_manager (find)))
|
|
(allow system_server gpu_service (service_manager (find)))
|
|
(allow system_server gsi_service (service_manager (find)))
|
|
(allow system_server idmap_service (service_manager (find)))
|
|
(allow system_server incident_service (service_manager (find)))
|
|
(allow system_server incremental_service (service_manager (find)))
|
|
(allow system_server installd_service (service_manager (find)))
|
|
(allow system_server keystore_maintenance_service (service_manager (find)))
|
|
(allow system_server keystore_metrics_service (service_manager (find)))
|
|
(allow system_server keystore_service (service_manager (find)))
|
|
(allow system_server mdns_service (service_manager (find)))
|
|
(allow system_server mediaserver_service (service_manager (find)))
|
|
(allow system_server mediametrics_service (service_manager (find)))
|
|
(allow system_server mediaextractor_service (service_manager (find)))
|
|
(allow system_server mediadrmserver_service (service_manager (find)))
|
|
(allow system_server mediatuner_service (service_manager (find)))
|
|
(allow system_server netd_service (service_manager (find)))
|
|
(allow system_server nfc_service (service_manager (find)))
|
|
(allow system_server ot_daemon_service (service_manager (find)))
|
|
(allow system_server radio_service (service_manager (find)))
|
|
(allow system_server stats_service (service_manager (find)))
|
|
(allow system_server storaged_service (service_manager (find)))
|
|
(allow system_server surfaceflinger_service (service_manager (find)))
|
|
(allow system_server update_engine_service (service_manager (find)))
|
|
(allow system_server virtual_camera_service (service_manager (find)))
|
|
(allow system_server vold_service (service_manager (find)))
|
|
(allow system_server wifinl80211_service (service_manager (find)))
|
|
(allow system_server logd_service (service_manager (find)))
|
|
(allow system_server batteryproperties_service (service_manager (add find)))
|
|
;;* lmx 1001 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_305 batteryproperties_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow system_server keystore (keystore2 (add_auth change_password change_user clear_ns clear_uid get_last_auth_time lock pull_metrics reset unlock)))
|
|
(allow system_server keystore (keystore2_key (delete get_info grant rebind update use use_dev_id)))
|
|
(allow system_server wifi_key (keystore2_key (delete get_info rebind update use)))
|
|
(allow system_server resume_on_reboot_key (keystore2_key (delete get_info rebind update use)))
|
|
(allow system_server locksettings_key (keystore2_key (delete get_info rebind update use)))
|
|
(allow system_server block_device (dir (search)))
|
|
(allow system_server frp_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allowx system_server frp_block_device (ioctl blk_file (0x1277 0x127d)))
|
|
(allow system_server cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server cgroup (file (setattr)))
|
|
(allow system_server cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server cgroup_v2 (file (ioctl read getattr setattr lock map open watch watch_reads)))
|
|
(allow system_server oemfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server oemfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server oemfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server mnt_user_file (dir (getattr search)))
|
|
(allow system_server storage_file (dir (getattr search)))
|
|
(allow system_server mnt_user_file (lnk_file (read getattr)))
|
|
(allow system_server storage_file (lnk_file (read getattr)))
|
|
(allow system_server sdcard_type (dir (getattr search)))
|
|
(allow system_server fuse (dir (getattr search)))
|
|
(allow system_server mnt_expand_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server fingerprintd_data_file (dir (ioctl read write getattr lock relabelto open watch watch_reads remove_name search rmdir)))
|
|
(allow system_server fingerprintd_data_file (file (getattr unlink)))
|
|
(allow system_server vold (fd (use)))
|
|
(allow system_server fuse_device (chr_file (ioctl read write getattr)))
|
|
(allow system_server app_fuse_file (file (read write getattr)))
|
|
(allow system_server configfs (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server configfs (file (write create getattr unlink open)))
|
|
(allow system_server adbd (unix_stream_socket (connectto)))
|
|
(allow system_server adbd (fd (use)))
|
|
(allow system_server adbd (unix_stream_socket (ioctl read write getattr getopt shutdown)))
|
|
(allow system_server adbd_prop (file (read getattr map open)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server system_adbd_prop (property_service (set)))
|
|
(allow system_server system_adbd_prop (file (read getattr map open)))
|
|
(allow system_server toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allowx system_server system_data_file (ioctl file (0x6685)))
|
|
(allowx system_server apk_data_file (ioctl file (0x6685)))
|
|
(allowx system_server apk_tmp_file (ioctl file (0x6685)))
|
|
(allowx system_server apex_system_server_data_file (ioctl file (0x6685)))
|
|
(allowx system_server apk_data_file (ioctl file (0x6686)))
|
|
(allowx system_server apk_tmp_file (ioctl file (0x6686)))
|
|
(allowx system_server apk_tmp_file (ioctl file (0x6602)))
|
|
(allow system_server postinstall (binder (call transfer)))
|
|
(allow postinstall system_server (binder (transfer)))
|
|
(allow system_server postinstall (fd (use)))
|
|
(allow system_server postinstall (fifo_file (write)))
|
|
(allow system_server update_engine (fd (use)))
|
|
(allow system_server update_engine (fifo_file (write)))
|
|
(allow system_server preloads_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow system_server preloads_data_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search rmdir)))
|
|
(allow system_server preloads_media_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow system_server preloads_media_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search rmdir)))
|
|
(allow system_server cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server cgroup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_asound (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server proc_asound (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_asound (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_qtaguid_stat (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server proc_qtaguid_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_qtaguid_stat (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_loadavg (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_locks (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_pipe_conf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_cputime_showstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_io_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_time_in_state (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_concurrent_active_time (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_concurrent_policy_time (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_version (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_vmallocinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_uid_time_in_state (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server proc_uid_cpupower (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server debugfs_tracing_instances (dir (search)))
|
|
(allow system_server debugfs_wifi_tracing (dir (search)))
|
|
(allow system_server debugfs_wifi_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server debugfs_bootreceiver_tracing (dir (search)))
|
|
(allow system_server debugfs_bootreceiver_tracing (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server debugfs_tracing (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server fs_bpf (dir (search)))
|
|
(allow system_server fs_bpf_net_shared (dir (search)))
|
|
(allow system_server fs_bpf_netd_readonly (dir (search)))
|
|
(allow system_server fs_bpf_netd_shared (dir (search)))
|
|
(allow system_server fs_bpf (file (read write getattr)))
|
|
(allow system_server fs_bpf_net_shared (file (read write getattr)))
|
|
(allow system_server fs_bpf_netd_readonly (file (read write getattr)))
|
|
(allow system_server fs_bpf_netd_shared (file (read write getattr)))
|
|
(allow system_server bpfloader (bpf (map_read map_write prog_run)))
|
|
(allow system_server self (key_socket (create)))
|
|
(dontaudit system_server self (key_socket (getopt)))
|
|
(allow system_server clatd_exec (file (read getattr map execute open)))
|
|
(allow system_server clatd (process (transition)))
|
|
(allow clatd clatd_exec (file (read getattr map execute open entrypoint)))
|
|
(allow clatd system_server (process (sigchld)))
|
|
(dontaudit system_server clatd (process (noatsecure)))
|
|
(allow system_server clatd (process (siginh rlimitinh)))
|
|
(typetransition system_server clatd_exec process clatd)
|
|
(allow system_server clatd (process (sigkill signal)))
|
|
(allow system_server user_profile_root_file (dir (getattr search)))
|
|
(allow system_server user_profile_data_file (dir (getattr search)))
|
|
(allow system_server user_profile_data_file (file (read getattr open)))
|
|
(allow system_server profman_dump_data_file (file (write create getattr setattr lock append map open)))
|
|
(allow system_server profman_dump_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server system_jvmti_agent_prop (file (read getattr map open)))
|
|
(allow system_server functionfs (dir (search)))
|
|
(allow system_server functionfs (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server time_prop (file (read getattr map open)))
|
|
(allow system_server system_lmk_prop (file (read getattr map open)))
|
|
(allow system_server wifi_config_prop (file (read getattr map open)))
|
|
(allowx system_server binder_device (ioctl chr_file ((range 0x620e 0x620f))))
|
|
(allow system_server framework_watchdog_config_prop (file (read getattr map open)))
|
|
(allow system_server font_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server font_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allowx system_server font_data_file (ioctl file ((range 0x6685 0x6686))))
|
|
(allow system_server qemu_hw_prop (file (read getattr map open)))
|
|
;;* lmx 1282 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server sdcard_type (dir (read write open)))
|
|
(neverallow system_server fuse (dir (read write open)))
|
|
;;* lme
|
|
|
|
;;* lmx 1283 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server sdcard_type (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(neverallow system_server fuse (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1293 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_953 (file (create unlink link open)))
|
|
;;* lme
|
|
|
|
;;* lmx 1304 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_954 (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1308 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_955 (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 1309 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_224 (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 1312 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1315 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_956 system_ndebug_socket (sock_file (write open)))
|
|
;;* lme
|
|
|
|
;;* lmx 1325 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_957 system_unsolzygote_socket (sock_file (write open)))
|
|
;;* lme
|
|
|
|
;;* lmx 1355 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_958 device_config_activity_manager_native_boot_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_input_native_boot_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_netd_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_aconfig_flags_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_edgetpu_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_media_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_nnapi_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_runtime_native_boot_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_runtime_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_surface_flinger_native_boot_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_core_experiments_team_internal_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_lmkd_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_mglru_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_remote_key_provisioning_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_storage_native_boot_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_sys_traced_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_window_manager_native_boot_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_connectivity_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_swcodec_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 device_config_tethering_u_or_later_native_prop (property_service (set)))
|
|
(neverallow base_typeattr_958 next_boot_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 1362 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 tuner_server_ctl_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 1368 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server dex2oat_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1373 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server data_file_type (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1380 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_959 (blk_file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 1381 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_960 (blk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1389 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server self (process (execmem)))
|
|
;;* lme
|
|
|
|
;;* lmx 1392 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server ashmem_device (chr_file (execute)))
|
|
(neverallow system_server ashmem_libcutils_device (chr_file (execute)))
|
|
;;* lme
|
|
|
|
;;* lmx 1395 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server system_server_tmpfs (file (execute)))
|
|
;;* lme
|
|
|
|
(allow system_server system_server_startup (fd (use)))
|
|
(allow system_server system_server_startup_tmpfs (file (read write map)))
|
|
(allow system_server system_server_startup (unix_dgram_socket (write)))
|
|
(allow system_server apex_service (service_manager (find)))
|
|
(allow system_server apexd (binder (call)))
|
|
(allow system_server apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server system_suspend_control_internal_service (service_manager (find)))
|
|
(allow system_server system_suspend_control_service (service_manager (find)))
|
|
(allow system_server system_suspend (binder (call transfer)))
|
|
(allow system_suspend system_server (binder (transfer)))
|
|
(allow system_server system_suspend (fd (use)))
|
|
(allow system_suspend system_server (binder (call transfer)))
|
|
(allow system_server system_suspend (binder (transfer)))
|
|
(allow system_suspend system_server (fd (use)))
|
|
(allow system_server sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server self (capability2 (block_suspend)))
|
|
(allow system_server self (cap2_userns (block_suspend)))
|
|
(allow system_server system_suspend_server (binder (call transfer)))
|
|
(allow system_suspend_server system_server (binder (transfer)))
|
|
(allow system_server system_suspend_server (fd (use)))
|
|
(allow system_server system_suspend_hwservice (hwservice_manager (find)))
|
|
(allow system_server hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager system_server (binder (call transfer)))
|
|
(allow hwservicemanager system_server (dir (search)))
|
|
(allow hwservicemanager system_server (file (read map open)))
|
|
(allow hwservicemanager system_server (process (getattr)))
|
|
(allow system_server hwservicemanager_prop (file (read getattr map open)))
|
|
(allow system_server hidl_manager_hwservice (hwservice_manager (find)))
|
|
(allow system_server hal_system_suspend_service (service_manager (find)))
|
|
(allow system_server servicemanager (binder (call transfer)))
|
|
(allow servicemanager system_server (binder (call transfer)))
|
|
(allow servicemanager system_server (dir (search)))
|
|
(allow servicemanager system_server (file (read open)))
|
|
(allow servicemanager system_server (process (getattr)))
|
|
(allow system_server apex_data_file (dir (getattr search)))
|
|
(allow system_server apex_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server vendor_apex_file (dir (getattr search)))
|
|
(allow system_server vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server apex_module_data_file (dir (getattr search)))
|
|
(allow system_server apex_system_server_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apex_system_server_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server apex_tethering_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apex_tethering_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server apex_appsearch_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apex_permission_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apex_scheduling_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apex_wifi_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server apex_appsearch_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server apex_permission_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server apex_scheduling_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server apex_wifi_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server metadata_file (dir (search)))
|
|
(allow system_server password_slot_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server password_slot_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server userspace_reboot_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server userspace_reboot_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server staged_install_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server staged_install_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server watchdog_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server watchdog_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server aconfig_storage_flags_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server aconfig_storage_flags_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server repair_mode_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server repair_mode_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server gsi_persistent_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server gsi_persistent_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow system_server odrefresh_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow system_server odrefresh_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow system_server surfaceflinger_exec (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server userspace_reboot_log_prop (property_service (set)))
|
|
(allow system_server userspace_reboot_log_prop (file (read getattr map open)))
|
|
;;* lmx 1499 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_261 system_jvmti_agent_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow system_server proc_pressure_mem (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_server proc_pressure_cpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server proc_pressure_io (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 1508 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server dexoptanalyzer_exec (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 1511 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server base_typeattr_305 (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 1515 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server system_server (capability (sys_resource)))
|
|
(neverallow system_server system_server (cap_userns (sys_resource)))
|
|
;;* lme
|
|
|
|
;;* lmx 1518 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1523 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1524 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
(neverallow base_typeattr_308 password_slot_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1527 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 userspace_reboot_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1528 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 userspace_reboot_metadata_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1531 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_961 aconfig_storage_flags_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 1532 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_961 aconfig_storage_flags_metadata_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server binder_cache_system_server_prop (property_service (set)))
|
|
(allow system_server binder_cache_system_server_prop (file (read getattr map open)))
|
|
;;* lmx 1537 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 binder_cache_system_server_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
(allow system_server self (perf_event (open cpu kernel write)))
|
|
;;* lmx 1542 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow system_server self (perf_event (tracepoint read)))
|
|
;;* lme
|
|
|
|
(allow system_server shutdown_checkpoints_system_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow system_server shutdown_checkpoints_system_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lmx 1549 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 socket_hook_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 1551 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 boot_status_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 1559 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_261 wifi_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 1568 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_962 sysfs_uhid (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 1574 system/sepolicy/private/system_server.te
|
|
|
|
(neverallowx base_typeattr_305 binder_device (ioctl chr_file ((range 0x620e 0x620f))))
|
|
;;* lme
|
|
|
|
;;* lmx 1577 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 font_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
;;* lmx 1578 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 font_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
(allow system_server system_font_fallback_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server dalvik_dynamic_config_prop (property_service (set)))
|
|
(allow system_server dalvik_dynamic_config_prop (file (read getattr map open)))
|
|
(allow system_server binderfs_logs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server binderfs_logs_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_server property_socket (sock_file (write)))
|
|
(allow system_server init (unix_stream_socket (connectto)))
|
|
(allow system_server game_manager_config_prop (property_service (set)))
|
|
(allow system_server game_manager_config_prop (file (read getattr map open)))
|
|
(allow system_server threadnetwork_config_prop (file (read getattr map open)))
|
|
;;* lmx 1603 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_261 threadnetwork_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow system_server pm_archiving_enabled_prop (file (read getattr map open)))
|
|
;;* lmx 1610 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_308 crashrecovery_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 1611 system/sepolicy/private/system_server.te
|
|
|
|
(neverallow base_typeattr_743 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(typetransition system_server_startup tmpfs file system_server_startup_tmpfs)
|
|
(allow system_server_startup system_server_startup_tmpfs (file (read write getattr map)))
|
|
(allow system_server_startup self (process (execmem)))
|
|
(allow system_server_startup system_server_startup_tmpfs (file (read write map execute open)))
|
|
(allow system_server_startup apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_server_startup apex_art_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow system_server_startup self (process (setcurrent)))
|
|
(allow system_server_startup system_server (process (dyntransition)))
|
|
(allow system_server_startup zygote (process (sigchld)))
|
|
(allow system_server_startup device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow system_server_startup device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow init system_suspend_exec (file (read getattr map execute open)))
|
|
(allow init system_suspend (process (transition)))
|
|
(allow system_suspend system_suspend_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init system_suspend (process (noatsecure)))
|
|
(allow init system_suspend (process (siginh rlimitinh)))
|
|
(typetransition init system_suspend_exec process system_suspend)
|
|
(allow system_suspend servicemanager (binder (call transfer)))
|
|
(allow servicemanager system_suspend (binder (call transfer)))
|
|
(allow servicemanager system_suspend (dir (search)))
|
|
(allow servicemanager system_suspend (file (read open)))
|
|
(allow servicemanager system_suspend (process (getattr)))
|
|
(allow system_suspend system_suspend_control_service (service_manager (add find)))
|
|
;;* lmx 8 system/sepolicy/private/system_suspend.te
|
|
|
|
(neverallow base_typeattr_963 system_suspend_control_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow system_suspend hal_system_suspend_service (service_manager (add find)))
|
|
;;* lmx 10 system/sepolicy/private/system_suspend.te
|
|
|
|
(neverallow base_typeattr_963 hal_system_suspend_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow system_suspend sysfs_power (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_suspend sysfs_suspend_stats (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_suspend sysfs_suspend_stats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_suspend sysfs_suspend_stats (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_suspend sysfs_wakeup (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_suspend sysfs_wakeup (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_suspend sysfs_wakeup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_suspend sysfs_wakeup_reasons (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow system_suspend sysfs_wakeup_reasons (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_suspend sysfs_wakeup_reasons (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow system_suspend sysfs_type (dir (search)))
|
|
(allow system_suspend suspend_prop (file (read getattr map open)))
|
|
(allow system_suspend bluetooth (binder (call)))
|
|
(allow system_suspend dumpstate (fd (use)))
|
|
(allow system_suspend dumpstate (fifo_file (write)))
|
|
(allow init sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow init self (capability2 (block_suspend)))
|
|
(allow init self (cap2_userns (block_suspend)))
|
|
(allow system_suspend sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow system_suspend self (capability2 (block_suspend)))
|
|
(allow system_suspend self (cap2_userns (block_suspend)))
|
|
(allow init sysfs_sync_on_suspend (file (write lock append map open)))
|
|
;;* lmx 56 system/sepolicy/private/system_suspend.te
|
|
|
|
(neverallow base_typeattr_964 system_suspend_control_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow init tombstoned_exec (file (read getattr map execute open)))
|
|
(allow init tombstoned (process (transition)))
|
|
(allow tombstoned tombstoned_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init tombstoned (process (noatsecure)))
|
|
(allow init tombstoned (process (siginh rlimitinh)))
|
|
(typetransition init tombstoned_exec process tombstoned)
|
|
(allow tombstoned tombstone_config_prop (file (read getattr map open)))
|
|
;;* lmx 13 system/sepolicy/private/tombstoned.te
|
|
|
|
(neverallow base_typeattr_965 tombstone_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow init toolbox_exec (file (read getattr map execute open)))
|
|
(allow init toolbox (process (transition)))
|
|
(allow toolbox toolbox_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init toolbox (process (noatsecure)))
|
|
(allow init toolbox (process (siginh rlimitinh)))
|
|
(typetransition init toolbox_exec process toolbox)
|
|
(allow toolbox virtualizationservice_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search rmdir)))
|
|
(allow toolbox virtualizationservice_data_file (file (getattr unlink)))
|
|
(dontaudit toolbox virtualizationservice_data_file (dir (setattr)))
|
|
(allow init traced_exec (file (read getattr map execute open)))
|
|
(allow init traced (process (transition)))
|
|
(allow traced traced_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init traced (process (noatsecure)))
|
|
(allow init traced (process (siginh rlimitinh)))
|
|
(typetransition init traced_exec process traced)
|
|
(typetransition traced tmpfs file traced_tmpfs)
|
|
(allow traced traced_tmpfs (file (read write getattr map)))
|
|
(allow traced self (capability (sys_nice)))
|
|
(allow traced self (cap_userns (sys_nice)))
|
|
(allow traced perfetto (fd (use)))
|
|
(allow traced shell (fd (use)))
|
|
(allow traced shell (fifo_file (read write)))
|
|
(allow traced perfetto_traces_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow traced perfetto_traces_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow traced traceur_app (fd (use)))
|
|
(allow traced trace_data_file (file (read write)))
|
|
(allow traced tracingproxy_service (service_manager (find)))
|
|
(allow traced servicemanager (binder (call transfer)))
|
|
(allow servicemanager traced (binder (call transfer)))
|
|
(allow servicemanager traced (dir (search)))
|
|
(allow servicemanager traced (file (read open)))
|
|
(allow servicemanager traced (process (getattr)))
|
|
(allow traced system_server (binder (call transfer)))
|
|
(allow system_server traced (binder (transfer)))
|
|
(allow traced system_server (fd (use)))
|
|
(allow traced appdomain_tmpfs (file (read write getattr map)))
|
|
(allow traced surfaceflinger_tmpfs (file (read write getattr map)))
|
|
(allow traced heapprofd_tmpfs (file (read write getattr map)))
|
|
(allow traced traced_probes_tmpfs (file (read write getattr map)))
|
|
(allow traced property_socket (sock_file (write)))
|
|
(allow traced init (unix_stream_socket (connectto)))
|
|
(allow traced debug_prop (property_service (set)))
|
|
(allow traced debug_prop (file (read getattr map open)))
|
|
(allow traced property_socket (sock_file (write)))
|
|
(allow traced init (unix_stream_socket (connectto)))
|
|
(allow traced system_trace_prop (property_service (set)))
|
|
(allow traced system_trace_prop (file (read getattr map open)))
|
|
(allow traced property_socket (sock_file (write)))
|
|
(allow traced init (unix_stream_socket (connectto)))
|
|
(allow traced traced_lazy_prop (property_service (set)))
|
|
(allow traced traced_lazy_prop (file (read getattr map open)))
|
|
(allow traced property_socket (sock_file (write)))
|
|
(allow traced init (unix_stream_socket (connectto)))
|
|
(allow traced traced_oome_heap_session_count_prop (property_service (set)))
|
|
(allow traced traced_oome_heap_session_count_prop (file (read getattr map open)))
|
|
(allow traced statsdw_socket (sock_file (write)))
|
|
(allow traced statsd (unix_dgram_socket (sendto)))
|
|
;;* lmx 81 system/sepolicy/private/traced.te
|
|
|
|
(neverallow traced self (process (execmem)))
|
|
;;* lme
|
|
|
|
;;* lmx 84 system/sepolicy/private/traced.te
|
|
|
|
(neverallow traced dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 87 system/sepolicy/private/traced.te
|
|
|
|
(neverallow traced domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 103 system/sepolicy/private/traced.te
|
|
|
|
(neverallow traced base_typeattr_966 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 104 system/sepolicy/private/traced.te
|
|
|
|
(neverallow traced system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 110 system/sepolicy/private/traced.te
|
|
|
|
(neverallow traced base_typeattr_967 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 113 system/sepolicy/private/traced.te
|
|
|
|
(neverallow base_typeattr_223 traced (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 114 system/sepolicy/private/traced.te
|
|
|
|
(neverallow base_typeattr_224 traced (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 125 system/sepolicy/private/traced.te
|
|
|
|
(neverallow base_typeattr_968 tracingproxy_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow init traced_perf_exec (file (read getattr map execute open)))
|
|
(allow init traced_perf (process (transition)))
|
|
(allow traced_perf traced_perf_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init traced_perf (process (noatsecure)))
|
|
(allow init traced_perf (process (siginh rlimitinh)))
|
|
(typetransition init traced_perf_exec process traced_perf)
|
|
(allow traced_perf traced (fd (use)))
|
|
(allow traced_perf traced_tmpfs (file (read write getattr map)))
|
|
(allow traced_perf traced_producer_socket (sock_file (write)))
|
|
(allow traced_perf traced (unix_stream_socket (connectto)))
|
|
(allow traced traced_perf (fd (use)))
|
|
(allow traced_perf self (perf_event (open cpu kernel tracepoint read write)))
|
|
(allow traced_perf self (capability (dac_read_search kill)))
|
|
(allow traced_perf packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf nativetest_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf nativetest_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf nativetest_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf system_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf system_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf system_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf vendor_file_type (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf vendor_file_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf apex_art_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf apex_module_data_file (dir (getattr search)))
|
|
(allow traced_perf proc_kallsyms (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_perf debugfs_tracing (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_perf debugfs_tracing (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit traced_perf domain (dir (getattr open search)))
|
|
(dontaudit traced_perf domain (process (signal)))
|
|
;;* lmx 61 system/sepolicy/private/traced_perf.te
|
|
|
|
(neverallow traced_perf app_data_file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 65 system/sepolicy/private/traced_perf.te
|
|
|
|
(neverallow traced_perf hal_configstore_server (file (read)))
|
|
(neverallow traced_perf apexd (file (read)))
|
|
(neverallow traced_perf app_zygote (file (read)))
|
|
(neverallow traced_perf bpfloader (file (read)))
|
|
(neverallow traced_perf init (file (read)))
|
|
(neverallow traced_perf kernel (file (read)))
|
|
(neverallow traced_perf keystore (file (read)))
|
|
(neverallow traced_perf llkd (file (read)))
|
|
(neverallow traced_perf logd (file (read)))
|
|
(neverallow traced_perf ueventd (file (read)))
|
|
(neverallow traced_perf vendor_init (file (read)))
|
|
(neverallow traced_perf vold (file (read)))
|
|
(neverallow traced_perf webview_zygote (file (read)))
|
|
(neverallow traced_perf zygote (file (read)))
|
|
;;* lme
|
|
|
|
;;* lmx 65 system/sepolicy/private/traced_perf.te
|
|
|
|
(neverallow traced_perf hal_configstore_server (process (signal)))
|
|
(neverallow traced_perf apexd (process (signal)))
|
|
(neverallow traced_perf app_zygote (process (signal)))
|
|
(neverallow traced_perf bpfloader (process (signal)))
|
|
(neverallow traced_perf init (process (signal)))
|
|
(neverallow traced_perf kernel (process (signal)))
|
|
(neverallow traced_perf keystore (process (signal)))
|
|
(neverallow traced_perf llkd (process (signal)))
|
|
(neverallow traced_perf logd (process (signal)))
|
|
(neverallow traced_perf ueventd (process (signal)))
|
|
(neverallow traced_perf vendor_init (process (signal)))
|
|
(neverallow traced_perf vold (process (signal)))
|
|
(neverallow traced_perf webview_zygote (process (signal)))
|
|
(neverallow traced_perf zygote (process (signal)))
|
|
;;* lme
|
|
|
|
(allow init traced_probes_exec (file (read getattr map execute open)))
|
|
(allow init traced_probes (process (transition)))
|
|
(allow traced_probes traced_probes_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init traced_probes (process (noatsecure)))
|
|
(allow init traced_probes (process (siginh rlimitinh)))
|
|
(typetransition init traced_probes_exec process traced_probes)
|
|
(typetransition traced_probes tmpfs file traced_probes_tmpfs)
|
|
(allow traced_probes traced_probes_tmpfs (file (read write getattr map)))
|
|
(allow traced_probes traced (fd (use)))
|
|
(allow traced_probes traced_tmpfs (file (read write getattr map)))
|
|
(allow traced_probes traced_producer_socket (sock_file (write)))
|
|
(allow traced_probes traced (unix_stream_socket (connectto)))
|
|
(allow traced traced_probes (fd (use)))
|
|
(allow traced_probes debugfs_tracing (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_probes debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow traced_probes debugfs_trace_marker (file (getattr)))
|
|
(allow traced_probes debugfs_tracing_printk_formats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes debugfs_tracing_instances (dir (search)))
|
|
(allow traced_probes debugfs_mm_events_tracing (dir (search)))
|
|
(allow traced_probes debugfs_mm_events_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow traced_probes self (capability (sys_nice)))
|
|
(allow traced_probes self (cap_userns (sys_nice)))
|
|
(allow traced_probes domain (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_probes domain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_kallsyms (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes packages_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes game_mode_intervention_list_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes kmsg_device (chr_file (write)))
|
|
(allow traced_probes system_file (dir (read open)))
|
|
(allow traced_probes self (capability (dac_read_search)))
|
|
(allow traced_probes self (cap_userns (dac_read_search)))
|
|
(allow traced_probes apk_data_file (dir (read getattr open search)))
|
|
(allow traced_probes apex_module_data_file (dir (read getattr open search)))
|
|
(allow traced_probes apex_art_data_file (dir (read getattr open search)))
|
|
(allow traced_probes dalvikcache_data_file (dir (read getattr open search)))
|
|
(allow traced_probes system_app_data_file (dir (read getattr open search)))
|
|
(allow traced_probes backup_data_file (dir (read getattr open search)))
|
|
(allow traced_probes bootstat_data_file (dir (read getattr open search)))
|
|
(allow traced_probes update_engine_data_file (dir (read getattr open search)))
|
|
(allow traced_probes update_engine_log_data_file (dir (read getattr open search)))
|
|
(allow traced_probes user_profile_root_file (dir (read getattr open search)))
|
|
(allow traced_probes user_profile_data_file (dir (read getattr open search)))
|
|
(allow traced_probes atrace_exec (file (read getattr map execute open)))
|
|
(allow traced_probes atrace (process (transition)))
|
|
(allow atrace atrace_exec (file (read getattr map execute open entrypoint)))
|
|
(allow atrace traced_probes (process (sigchld)))
|
|
(dontaudit traced_probes atrace (process (noatsecure)))
|
|
(allow traced_probes atrace (process (siginh rlimitinh)))
|
|
(typetransition traced_probes atrace_exec process atrace)
|
|
(allow traced_probes atrace (process (sigkill)))
|
|
(allow traced_probes proc_buddyinfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_pressure_cpu (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_pressure_io (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_pressure_mem (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes sysfs_devfreq_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traced_probes sysfs_devfreq_cur (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes proc_diskstats (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow traced_probes statsdw_socket (sock_file (write)))
|
|
(allow traced_probes statsd (unix_dgram_socket (sendto)))
|
|
(allow traced_probes statsd (binder (call transfer)))
|
|
(allow statsd traced_probes (binder (transfer)))
|
|
(allow traced_probes statsd (fd (use)))
|
|
(allow traced_probes stats_service (service_manager (find)))
|
|
;;* lmx 121 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow traced_probes self (process (execmem)))
|
|
;;* lme
|
|
|
|
;;* lmx 124 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow traced_probes dev_type (blk_file (read write)))
|
|
;;* lme
|
|
|
|
;;* lmx 127 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow traced_probes domain (process (ptrace)))
|
|
;;* lme
|
|
|
|
;;* lmx 152 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow traced_probes base_typeattr_969 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 153 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow traced_probes system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 159 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow traced_probes base_typeattr_970 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 162 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow base_typeattr_223 traced_probes (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 163 system/sepolicy/private/traced_probes.te
|
|
|
|
(neverallow base_typeattr_224 traced_probes (process (dyntransition)))
|
|
;;* lme
|
|
|
|
(typetransition traceur_app tmpfs file appdomain_tmpfs)
|
|
(allow traceur_app traceur_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 3 system/sepolicy/private/traceur_app.te
|
|
|
|
(neverallow base_typeattr_971 traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow traceur_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 3 system/sepolicy/private/traceur_app.te
|
|
|
|
(neverallow base_typeattr_972 base_typeattr_971 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/traceur_app.te
|
|
|
|
(neverallow base_typeattr_973 traceur_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 3 system/sepolicy/private/traceur_app.te
|
|
|
|
(neverallow base_typeattr_974 traceur_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow traceur_app debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow traceur_app debugfs_tracing_debug (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow traceur_app trace_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow traceur_app trace_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow traceur_app wm_trace_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow traceur_app wm_trace_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow traceur_app atrace_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow traceur_app perfetto_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow traceur_app traced_consumer_socket (sock_file (write)))
|
|
(allow traceur_app traced (unix_stream_socket (connectto)))
|
|
(dontaudit traceur_app debugfs_tracing_debug (file (audit_access)))
|
|
(allow traceur_app property_socket (sock_file (write)))
|
|
(allow traceur_app init (unix_stream_socket (connectto)))
|
|
(allow traceur_app debug_prop (property_service (set)))
|
|
(allow traceur_app debug_prop (file (read getattr map open)))
|
|
(typetransition ueventd tmpfs file ueventd_tmpfs)
|
|
(allow ueventd ueventd_tmpfs (file (read write getattr map)))
|
|
(allow ueventd property_socket (sock_file (write)))
|
|
(allow ueventd init (unix_stream_socket (connectto)))
|
|
(allow ueventd cold_boot_done_prop (property_service (set)))
|
|
(allow ueventd cold_boot_done_prop (file (read getattr map open)))
|
|
(allow init uncrypt_exec (file (read getattr map execute open)))
|
|
(allow init uncrypt (process (transition)))
|
|
(allow uncrypt uncrypt_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init uncrypt (process (noatsecure)))
|
|
(allow init uncrypt (process (siginh rlimitinh)))
|
|
(typetransition init uncrypt_exec process uncrypt)
|
|
(allow uncrypt property_socket (sock_file (write)))
|
|
(allow uncrypt init (unix_stream_socket (connectto)))
|
|
(allow uncrypt powerctl_prop (property_service (set)))
|
|
(allow uncrypt powerctl_prop (file (read getattr map open)))
|
|
(typetransition untrusted_app tmpfs file appdomain_tmpfs)
|
|
(allow untrusted_app untrusted_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app.te
|
|
|
|
(neverallow base_typeattr_975 untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app.te
|
|
|
|
(neverallow base_typeattr_976 base_typeattr_975 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app.te
|
|
|
|
(neverallow base_typeattr_977 untrusted_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app.te
|
|
|
|
(neverallow base_typeattr_978 untrusted_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app sdk_sandbox_data_file (fd (use)))
|
|
(allow untrusted_app sdk_sandbox_data_file (file (write)))
|
|
;;* lmx 23 system/sepolicy/private/untrusted_app.te
|
|
|
|
(neverallow untrusted_app sdk_sandbox_data_file (file (create open)))
|
|
;;* lme
|
|
|
|
(typetransition untrusted_app_25 tmpfs file appdomain_tmpfs)
|
|
(allow untrusted_app_25 untrusted_app_25_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
|
|
|
|
(neverallow base_typeattr_979 untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_25 appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
|
|
|
|
(neverallow base_typeattr_980 base_typeattr_979 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
|
|
|
|
(neverallow base_typeattr_981 untrusted_app_25 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
|
|
|
|
(neverallow base_typeattr_982 untrusted_app_25 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_25 proc_misc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_25 proc_tty_drivers (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_25 apk_data_file (file (execmod)))
|
|
(allow untrusted_app_25 app_data_file (file (execmod)))
|
|
(allow untrusted_app_25 asec_public_file (file (execmod)))
|
|
(allow untrusted_app_25 app_data_file (file (execute_no_trans)))
|
|
(auditallow untrusted_app_25 app_data_file (file (execute execute_no_trans)))
|
|
(allow untrusted_app_25 dex2oat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow untrusted_app_25 ashmem_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(auditallow untrusted_app_25 ashmem_device (chr_file (open)))
|
|
(allow untrusted_app_25 mnt_sdcard_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_25 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(auditallow untrusted_app_25 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(allow untrusted_app_25 mdnsd_socket (sock_file (write)))
|
|
(allow untrusted_app_25 mdnsd (unix_stream_socket (connectto)))
|
|
(allow untrusted_app_25 apk_data_file (dir (watch watch_reads)))
|
|
(allow untrusted_app_25 apk_data_file (file (watch watch_reads)))
|
|
(typetransition untrusted_app_27 tmpfs file appdomain_tmpfs)
|
|
(allow untrusted_app_27 untrusted_app_27_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
|
|
|
|
(neverallow base_typeattr_983 untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_27 appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
|
|
|
|
(neverallow base_typeattr_984 base_typeattr_983 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
|
|
|
|
(neverallow base_typeattr_985 untrusted_app_27 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
|
|
|
|
(neverallow base_typeattr_986 untrusted_app_27 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_27 apk_data_file (file (execmod)))
|
|
(allow untrusted_app_27 app_data_file (file (execmod)))
|
|
(allow untrusted_app_27 asec_public_file (file (execmod)))
|
|
(allow untrusted_app_27 app_data_file (file (execute_no_trans)))
|
|
(auditallow untrusted_app_27 app_data_file (file (execute execute_no_trans)))
|
|
(allow untrusted_app_27 dex2oat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow untrusted_app_27 ashmem_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(auditallow untrusted_app_27 ashmem_device (chr_file (open)))
|
|
(allow untrusted_app_27 mnt_sdcard_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_27 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(auditallow untrusted_app_27 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(allow untrusted_app_27 mdnsd_socket (sock_file (write)))
|
|
(allow untrusted_app_27 mdnsd (unix_stream_socket (connectto)))
|
|
(allow untrusted_app_27 apk_data_file (dir (watch watch_reads)))
|
|
(allow untrusted_app_27 apk_data_file (file (watch watch_reads)))
|
|
(typetransition untrusted_app_29 tmpfs file appdomain_tmpfs)
|
|
(allow untrusted_app_29 untrusted_app_29_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
|
|
|
|
(neverallow base_typeattr_987 untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_29 appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
|
|
|
|
(neverallow base_typeattr_988 base_typeattr_987 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
|
|
|
|
(neverallow base_typeattr_989 untrusted_app_29 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
|
|
|
|
(neverallow base_typeattr_990 untrusted_app_29 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_29 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(auditallow untrusted_app_29 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(allow untrusted_app_29 mdnsd_socket (sock_file (write)))
|
|
(allow untrusted_app_29 mdnsd (unix_stream_socket (connectto)))
|
|
(allow untrusted_app_29 apk_data_file (dir (watch watch_reads)))
|
|
(allow untrusted_app_29 apk_data_file (file (watch watch_reads)))
|
|
(typetransition untrusted_app_30 tmpfs file appdomain_tmpfs)
|
|
(allow untrusted_app_30 untrusted_app_30_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
|
|
|
|
(neverallow base_typeattr_991 untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_30 appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
|
|
|
|
(neverallow base_typeattr_992 base_typeattr_991 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
|
|
|
|
(neverallow base_typeattr_993 untrusted_app_30 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
|
|
|
|
(neverallow base_typeattr_994 untrusted_app_30 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_30 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(auditallow untrusted_app_30 self (netlink_route_socket (nlmsg_getneigh)))
|
|
(allow untrusted_app_30 mdnsd_socket (sock_file (write)))
|
|
(allow untrusted_app_30 mdnsd (unix_stream_socket (connectto)))
|
|
(allow untrusted_app_30 apk_data_file (dir (watch watch_reads)))
|
|
(allow untrusted_app_30 apk_data_file (file (watch watch_reads)))
|
|
(typetransition untrusted_app_32 tmpfs file appdomain_tmpfs)
|
|
(allow untrusted_app_32 untrusted_app_32_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
|
|
|
|
(neverallow base_typeattr_995 untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_32 appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
|
|
|
|
(neverallow base_typeattr_996 base_typeattr_995 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
|
|
|
|
(neverallow base_typeattr_997 untrusted_app_32 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
|
|
|
|
(neverallow base_typeattr_998 untrusted_app_32 (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_32 sdk_sandbox_data_file (fd (use)))
|
|
(allow untrusted_app_32 sdk_sandbox_data_file (file (write)))
|
|
;;* lmx 23 system/sepolicy/private/untrusted_app_32.te
|
|
|
|
(neverallow untrusted_app_32 sdk_sandbox_data_file (file (create open)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_32 mdnsd_socket (sock_file (write)))
|
|
(allow untrusted_app_32 mdnsd (unix_stream_socket (connectto)))
|
|
(allow untrusted_app_32 apk_data_file (dir (watch watch_reads)))
|
|
(allow untrusted_app_32 apk_data_file (file (watch watch_reads)))
|
|
(allow untrusted_app_all privapp_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow untrusted_app_all app_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(auditallow untrusted_app_all app_data_file (file (execute)))
|
|
(allow untrusted_app_all system_linker_exec (file (execute_no_trans)))
|
|
(allow untrusted_app_all privapp_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_all app_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow untrusted_app_all app_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow untrusted_app_all app_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow untrusted_app_all app_exec_data_file (file (ioctl read getattr lock map unlink execute open watch watch_reads)))
|
|
(allow untrusted_app_all asec_apk_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_all asec_apk_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow untrusted_app_all asec_public_file (file (execute)))
|
|
(allow untrusted_app_all shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_all shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow untrusted_app_all trace_data_file (file (read getattr)))
|
|
;;* lmx 65 system/sepolicy/private/untrusted_app_all.te
|
|
|
|
(neverallow untrusted_app_all trace_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 66 system/sepolicy/private/untrusted_app_all.te
|
|
|
|
(neverallow untrusted_app_all trace_data_file (file (write create setattr relabelfrom append unlink link rename open)))
|
|
;;* lme
|
|
|
|
;;* lmx 69 system/sepolicy/private/untrusted_app_all.te
|
|
|
|
(neverallow untrusted_app_all debugfs_tracing (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_all apk_tmp_file (file (read getattr)))
|
|
(allow untrusted_app_all apk_private_tmp_file (file (read getattr)))
|
|
(allow untrusted_app_all system_app_data_file (file (read write getattr)))
|
|
(allow untrusted_app_all media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow untrusted_app_all media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow untrusted_app_all servicemanager (service_manager (list)))
|
|
(allow untrusted_app_all audioserver_service (service_manager (find)))
|
|
(allow untrusted_app_all cameraserver_service (service_manager (find)))
|
|
(allow untrusted_app_all drmserver_service (service_manager (find)))
|
|
(allow untrusted_app_all mediaserver_service (service_manager (find)))
|
|
(allow untrusted_app_all mediaextractor_service (service_manager (find)))
|
|
(allow untrusted_app_all mediametrics_service (service_manager (find)))
|
|
(allow untrusted_app_all mediadrmserver_service (service_manager (find)))
|
|
(allow untrusted_app_all nfc_service (service_manager (find)))
|
|
(allow untrusted_app_all radio_service (service_manager (find)))
|
|
(allow untrusted_app_all app_api_service (service_manager (find)))
|
|
(allow untrusted_app_all vr_manager_service (service_manager (find)))
|
|
(allow untrusted_app_all self (process (ptrace)))
|
|
(allow untrusted_app_all runas_app (unix_stream_socket (connectto)))
|
|
(allow untrusted_app_all runas_app (process (sigchld)))
|
|
(allow untrusted_app_all sysfs_hwrandom (dir (search)))
|
|
(allow untrusted_app_all sysfs_hwrandom (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_all preloads_media_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow untrusted_app_all preloads_media_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow untrusted_app_all preloads_data_file (dir (search)))
|
|
(allow untrusted_app_all vendor_app_file (dir (read getattr open search)))
|
|
(allow untrusted_app_all vendor_app_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow untrusted_app_all vendor_app_file (lnk_file (read getattr open)))
|
|
(allow untrusted_app_all system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
|
|
(allow untrusted_app_all rs_exec (file (read getattr map execute open)))
|
|
(allow untrusted_app_all rs (process (transition)))
|
|
(allow rs rs_exec (file (read getattr map execute open entrypoint)))
|
|
(allow rs untrusted_app_all (process (sigchld)))
|
|
(dontaudit untrusted_app_all rs (process (noatsecure)))
|
|
(allow untrusted_app_all rs (process (siginh rlimitinh)))
|
|
(typetransition untrusted_app_all rs_exec process rs)
|
|
(dontaudit untrusted_app_all debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit untrusted_app_all net_dns_prop (file (read)))
|
|
(dontaudit untrusted_app_all proc_stat (file (read)))
|
|
(dontaudit untrusted_app_all proc_uptime (file (read)))
|
|
(dontaudit untrusted_app_all proc_vmstat (file (read)))
|
|
(dontaudit untrusted_app_all proc_zoneinfo (file (read)))
|
|
(typetransition untrusted_app_all devpts chr_file untrusted_app_all_devpts)
|
|
(allow untrusted_app_all untrusted_app_all_devpts (chr_file (ioctl read write getattr open)))
|
|
(allowx untrusted_app_all untrusted_app_all_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
|
|
;;* lmx 157 system/sepolicy/private/untrusted_app_all.te
|
|
|
|
(neverallowx base_typeattr_224 untrusted_app_all_devpts (ioctl chr_file (0x5412)))
|
|
;;* lme
|
|
|
|
(allow untrusted_app_all virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow untrusted_app_all virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager untrusted_app_all (process (sigchld)))
|
|
(dontaudit untrusted_app_all virtualizationmanager (process (noatsecure)))
|
|
(allow untrusted_app_all virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition untrusted_app_all virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm untrusted_app_all (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager untrusted_app_all (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm untrusted_app_all (fd (use)))
|
|
(allow virtualizationmanager untrusted_app_all (fd (use)))
|
|
(allow untrusted_app_all virtualizationmanager (fd (use)))
|
|
(allow crosvm untrusted_app_all (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager untrusted_app_all (fifo_file (ioctl read write getattr)))
|
|
(allow untrusted_app_all virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow untrusted_app_all hypervisor_prop (file (read getattr map open)))
|
|
(allow untrusted_app_all virtualizationservice_data_file (file (read getattr)))
|
|
(allow init update_engine_exec (file (read getattr map execute open)))
|
|
(allow init update_engine (process (transition)))
|
|
(allow update_engine update_engine_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init update_engine (process (noatsecure)))
|
|
(allow init update_engine (process (siginh rlimitinh)))
|
|
(typetransition init update_engine_exec process update_engine)
|
|
(allow update_engine gsi_service (service_manager (find)))
|
|
(allow update_engine gsid (binder (call transfer)))
|
|
(allow gsid update_engine (binder (transfer)))
|
|
(allow update_engine gsid (fd (use)))
|
|
(allow update_engine property_socket (sock_file (write)))
|
|
(allow update_engine init (unix_stream_socket (connectto)))
|
|
(allow update_engine ctl_gsid_prop (property_service (set)))
|
|
(allow update_engine ctl_gsid_prop (file (read getattr map open)))
|
|
(allow update_engine property_socket (sock_file (write)))
|
|
(allow update_engine init (unix_stream_socket (connectto)))
|
|
(allow update_engine ctl_snapuserd_prop (property_service (set)))
|
|
(allow update_engine ctl_snapuserd_prop (file (read getattr map open)))
|
|
(allow update_engine property_socket (sock_file (write)))
|
|
(allow update_engine init (unix_stream_socket (connectto)))
|
|
(allow update_engine ota_prop (property_service (set)))
|
|
(allow update_engine ota_prop (file (read getattr map open)))
|
|
(allow update_engine ota_build_prop (file (read getattr map open)))
|
|
(allow update_engine gsid_prop (file (read getattr map open)))
|
|
(allow update_engine gki_apex_prepostinstall (binder (call transfer)))
|
|
(allow gki_apex_prepostinstall update_engine (binder (transfer)))
|
|
(allow update_engine gki_apex_prepostinstall (fd (use)))
|
|
(allow update_engine system_app (binder (call transfer)))
|
|
(allow system_app update_engine (binder (transfer)))
|
|
(allow update_engine system_app (fd (use)))
|
|
(allow update_engine snapuserd (unix_stream_socket (connectto)))
|
|
(allow update_engine snapuserd_socket (sock_file (write)))
|
|
(allow update_engine snapuserd_prop (file (read getattr map open)))
|
|
(allow update_engine apex_service (service_manager (find)))
|
|
(allow update_engine apexd (binder (call transfer)))
|
|
(allow apexd update_engine (binder (transfer)))
|
|
(allow update_engine apexd (fd (use)))
|
|
(allow update_engine servicemanager (binder (call transfer)))
|
|
(allow servicemanager update_engine (binder (call transfer)))
|
|
(allow servicemanager update_engine (dir (search)))
|
|
(allow servicemanager update_engine (file (read open)))
|
|
(allow servicemanager update_engine (process (getattr)))
|
|
(allow update_engine_common postinstall_exec (file (read getattr map execute open)))
|
|
(allow update_engine_common postinstall (process (transition)))
|
|
(allow postinstall postinstall_exec (file (read getattr map execute open entrypoint)))
|
|
(allow postinstall update_engine_common (process (sigchld)))
|
|
(dontaudit update_engine_common postinstall (process (noatsecure)))
|
|
(allow update_engine_common postinstall (process (siginh rlimitinh)))
|
|
(typetransition update_engine_common postinstall_exec process postinstall)
|
|
(allow update_engine_common postinstall_file (file (read getattr map execute open)))
|
|
(allow update_engine_common postinstall (process (transition)))
|
|
(allow postinstall postinstall_file (file (read getattr map execute open entrypoint)))
|
|
(allow postinstall update_engine_common (process (sigchld)))
|
|
(dontaudit update_engine_common postinstall (process (noatsecure)))
|
|
(allow update_engine_common postinstall (process (siginh rlimitinh)))
|
|
(typetransition update_engine_common postinstall_file process postinstall)
|
|
(allow update_engine_common labeledfs (filesystem (mount unmount relabelfrom)))
|
|
(allow init update_verifier_exec (file (read getattr map execute open)))
|
|
(allow init update_verifier (process (transition)))
|
|
(allow update_verifier update_verifier_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init update_verifier (process (noatsecure)))
|
|
(allow init update_verifier (process (siginh rlimitinh)))
|
|
(typetransition init update_verifier_exec process update_verifier)
|
|
(allow update_verifier property_socket (sock_file (write)))
|
|
(allow update_verifier init (unix_stream_socket (connectto)))
|
|
(allow update_verifier powerctl_prop (property_service (set)))
|
|
(allow update_verifier powerctl_prop (file (read getattr map open)))
|
|
(allow update_verifier property_socket (sock_file (write)))
|
|
(allow update_verifier init (unix_stream_socket (connectto)))
|
|
(allow update_verifier ota_prop (property_service (set)))
|
|
(allow update_verifier ota_prop (file (read getattr map open)))
|
|
(allow update_verifier snapuserd_socket (sock_file (write)))
|
|
(allow update_verifier snapuserd (unix_stream_socket (connectto)))
|
|
(allow update_verifier virtual_ab_prop (file (read getattr map open)))
|
|
(allow init uprobestats_exec (file (read getattr map execute open)))
|
|
(allow init uprobestats (process (transition)))
|
|
(allow uprobestats uprobestats_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init uprobestats (process (noatsecure)))
|
|
(allow init uprobestats (process (siginh rlimitinh)))
|
|
(typetransition init uprobestats_exec process uprobestats)
|
|
(allow uprobestats fs_bpf_uprobestats (file (read write)))
|
|
(allow uprobestats fs_bpf_uprobestats (dir (search)))
|
|
(allow uprobestats bpfloader (bpf (map_read map_write prog_run)))
|
|
(allow uprobestats self (capability2 (perfmon)))
|
|
(allow uprobestats self (perf_event (open cpu write)))
|
|
(allow uprobestats sysfs_uprobe (file (read open)))
|
|
(allow uprobestats sysfs_uprobe (dir (search)))
|
|
(allow uprobestats oatdump_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow uprobestats statsdw_socket (sock_file (write)))
|
|
(allow uprobestats statsd (unix_dgram_socket (sendto)))
|
|
(allow uprobestats servicemanager (binder (call transfer)))
|
|
(allow servicemanager uprobestats (binder (call transfer)))
|
|
(allow servicemanager uprobestats (dir (search)))
|
|
(allow servicemanager uprobestats (file (read open)))
|
|
(allow servicemanager uprobestats (process (getattr)))
|
|
(allow uprobestats activity_service (service_manager (find)))
|
|
(allow uprobestats system_server (binder (call transfer)))
|
|
(allow system_server uprobestats (binder (transfer)))
|
|
(allow uprobestats system_server (fd (use)))
|
|
(allow uprobestats package_native_service (service_manager (find)))
|
|
(allow uprobestats base_typeattr_233 (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow uprobestats base_typeattr_233 (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uprobestats base_typeattr_233 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow uprobestats uprobestats_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow uprobestats uprobestats_configs_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
|
|
(allow init usbd_exec (file (read getattr map execute open)))
|
|
(allow init usbd (process (transition)))
|
|
(allow usbd usbd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init usbd (process (noatsecure)))
|
|
(allow init usbd (process (siginh rlimitinh)))
|
|
(typetransition init usbd_exec process usbd)
|
|
(allow usbd system_prop (file (read getattr map open)))
|
|
(allow usbd property_socket (sock_file (write)))
|
|
(allow usbd init (unix_stream_socket (connectto)))
|
|
(allow usbd ctl_default_prop (property_service (set)))
|
|
(allow usbd ctl_default_prop (file (read getattr map open)))
|
|
(allow usbd property_socket (sock_file (write)))
|
|
(allow usbd init (unix_stream_socket (connectto)))
|
|
(allow usbd ctl_adbd_prop (property_service (set)))
|
|
(allow usbd ctl_adbd_prop (file (read getattr map open)))
|
|
(allow init vdc_exec (file (read getattr map execute open)))
|
|
(allow init vdc (process (transition)))
|
|
(allow vdc vdc_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init vdc (process (noatsecure)))
|
|
(allow init vdc (process (siginh rlimitinh)))
|
|
(typetransition init vdc_exec process vdc)
|
|
(allow vdc vehicle_binding_util (fd (use)))
|
|
(allow init vehicle_binding_util_exec (file (read getattr map execute open)))
|
|
(allow init vehicle_binding_util (process (transition)))
|
|
(allow vehicle_binding_util vehicle_binding_util_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init vehicle_binding_util (process (noatsecure)))
|
|
(allow init vehicle_binding_util (process (siginh rlimitinh)))
|
|
(typetransition init vehicle_binding_util_exec process vehicle_binding_util)
|
|
(allow vehicle_binding_util kmsg_device (chr_file (write getattr lock append map open)))
|
|
(allow vehicle_binding_util hwservicemanager (binder (call transfer)))
|
|
(allow hwservicemanager vehicle_binding_util (binder (call transfer)))
|
|
(allow hwservicemanager vehicle_binding_util (dir (search)))
|
|
(allow hwservicemanager vehicle_binding_util (file (read map open)))
|
|
(allow hwservicemanager vehicle_binding_util (process (getattr)))
|
|
(allow vehicle_binding_util servicemanager (binder (call transfer)))
|
|
(allow servicemanager vehicle_binding_util (binder (call transfer)))
|
|
(allow servicemanager vehicle_binding_util (dir (search)))
|
|
(allow servicemanager vehicle_binding_util (file (read open)))
|
|
(allow servicemanager vehicle_binding_util (process (getattr)))
|
|
(allow vehicle_binding_util vdc_exec (file (read getattr map execute open)))
|
|
(allow vehicle_binding_util vdc (process (transition)))
|
|
(allow vdc vdc_exec (file (read getattr map execute open entrypoint)))
|
|
(allow vdc vehicle_binding_util (process (sigchld)))
|
|
(dontaudit vehicle_binding_util vdc (process (noatsecure)))
|
|
(allow vehicle_binding_util vdc (process (siginh rlimitinh)))
|
|
(typetransition vehicle_binding_util vdc_exec process vdc)
|
|
(allow vehicle_binding_util devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(dontaudit vendor_init sysfs (dir (write)))
|
|
(allow vendor_init system_data_root_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow vendor_init property_socket (sock_file (write)))
|
|
(allow vendor_init init (unix_stream_socket (connectto)))
|
|
(allow vendor_init adbd_config_prop (property_service (set)))
|
|
(allow vendor_init adbd_config_prop (file (read getattr map open)))
|
|
(allow vendor_init device_config_virtualization_framework_native_prop (file (read getattr map open)))
|
|
(allow vendor_init apex_ready_prop (file (read getattr map open)))
|
|
(allow vendor_init base_typeattr_999 (chr_file (setattr)))
|
|
(typetransition viewcompiler tmpfs file viewcompiler_tmpfs)
|
|
(allow viewcompiler viewcompiler_tmpfs (file (read write getattr map)))
|
|
(allow viewcompiler installd (fd (use)))
|
|
(allow viewcompiler app_data_file (file (write getattr)))
|
|
(allow viewcompiler apk_data_file (file (read map)))
|
|
;;* lmx 25 system/sepolicy/private/viewcompiler.te
|
|
|
|
(neverallow viewcompiler privapp_data_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow init virtual_camera_exec (file (read getattr map execute open)))
|
|
(allow init virtual_camera (process (transition)))
|
|
(allow virtual_camera virtual_camera_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init virtual_camera (process (noatsecure)))
|
|
(allow init virtual_camera (process (siginh rlimitinh)))
|
|
(typetransition init virtual_camera_exec process virtual_camera)
|
|
(allow virtual_camera servicemanager (binder (call transfer)))
|
|
(allow servicemanager virtual_camera (binder (call transfer)))
|
|
(allow servicemanager virtual_camera (dir (search)))
|
|
(allow servicemanager virtual_camera (file (read open)))
|
|
(allow servicemanager virtual_camera (process (getattr)))
|
|
(allow virtual_camera cameraserver (binder (call transfer)))
|
|
(allow cameraserver virtual_camera (binder (transfer)))
|
|
(allow virtual_camera cameraserver (fd (use)))
|
|
(allow virtual_camera system_server (binder (call transfer)))
|
|
(allow system_server virtual_camera (binder (transfer)))
|
|
(allow virtual_camera system_server (fd (use)))
|
|
(allow virtual_camera mediaserver (binder (call transfer)))
|
|
(allow mediaserver virtual_camera (binder (transfer)))
|
|
(allow virtual_camera mediaserver (fd (use)))
|
|
(allow virtual_camera appdomain (binder (call transfer)))
|
|
(allow appdomain virtual_camera (binder (transfer)))
|
|
(allow virtual_camera appdomain (fd (use)))
|
|
(allow virtual_camera base_typeattr_369 (fd (use)))
|
|
(allow virtual_camera virtual_camera_service (service_manager (add find)))
|
|
;;* lmx 32 system/sepolicy/private/virtual_camera.te
|
|
|
|
(neverallow base_typeattr_1000 virtual_camera_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow virtual_camera gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow virtual_camera gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtual_camera hal_graphics_composer (fd (use)))
|
|
(allow virtual_camera dumpstate (fd (use)))
|
|
(allow virtual_camera dumpstate (fifo_file (write)))
|
|
(allow virtual_camera permission_service (service_manager (find)))
|
|
(allow init virtual_touchpad_exec (file (read getattr map execute open)))
|
|
(allow init virtual_touchpad (process (transition)))
|
|
(allow virtual_touchpad virtual_touchpad_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init virtual_touchpad (process (noatsecure)))
|
|
(allow init virtual_touchpad (process (siginh rlimitinh)))
|
|
(typetransition init virtual_touchpad_exec process virtual_touchpad)
|
|
(allow virtualizationmanager adbd (fd (use)))
|
|
(allow virtualizationmanager adbd (unix_stream_socket (read write getattr)))
|
|
(allow virtualizationmanager devpts (chr_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager servicemanager (binder (call transfer)))
|
|
(allow servicemanager virtualizationmanager (binder (call transfer)))
|
|
(allow servicemanager virtualizationmanager (dir (search)))
|
|
(allow servicemanager virtualizationmanager (file (read open)))
|
|
(allow servicemanager virtualizationmanager (process (getattr)))
|
|
(allow virtualizationmanager virtualization_service (service_manager (find)))
|
|
(allow virtualizationmanager virtualizationservice (binder (call transfer)))
|
|
(allow virtualizationservice virtualizationmanager (binder (transfer)))
|
|
(allow virtualizationmanager virtualizationservice (fd (use)))
|
|
(allow virtualizationmanager system_server (binder (call transfer)))
|
|
(allow system_server virtualizationmanager (binder (transfer)))
|
|
(allow virtualizationmanager system_server (fd (use)))
|
|
(allow virtualizationmanager package_native_service (service_manager (find)))
|
|
(allow virtualizationmanager permission_service (service_manager (find)))
|
|
(allow virtualizationmanager crosvm_exec (file (read getattr map execute open)))
|
|
(allow virtualizationmanager crosvm (process (transition)))
|
|
(allow crosvm crosvm_exec (file (read getattr map execute open entrypoint)))
|
|
(allow crosvm virtualizationmanager (process (sigchld)))
|
|
(dontaudit virtualizationmanager crosvm (process (noatsecure)))
|
|
(allow virtualizationmanager crosvm (process (siginh rlimitinh)))
|
|
(typetransition virtualizationmanager crosvm_exec process crosvm)
|
|
(allow virtualizationmanager crosvm (process (sigkill)))
|
|
(allow virtualizationmanager virtualizationservice_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow virtualizationmanager virtualizationservice_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow virtualizationmanager virtualizationservice_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow virtualizationmanager apk_data_file (file (read getattr)))
|
|
(allow virtualizationmanager app_data_file (file (read write getattr)))
|
|
(allow virtualizationmanager privapp_data_file (file (read write getattr)))
|
|
(allow virtualizationmanager apex_compos_data_file (file (read write getattr)))
|
|
(allow virtualizationmanager apex_virt_data_file (file (read write getattr)))
|
|
(allow virtualizationmanager shell_data_file (file (read write getattr)))
|
|
(allow virtualizationmanager apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager apex_data_file (dir (search)))
|
|
(allow virtualizationmanager staging_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager staging_data_file (dir (search)))
|
|
(allow virtualizationmanager derive_classpath_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow virtualizationmanager apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(dontaudit virtualizationmanager self (dir (write)))
|
|
(allow virtualizationmanager self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
(allow virtualizationmanager hypervisor_prop (file (read getattr map open)))
|
|
(allow virtualizationmanager hypervisor_restricted_prop (file (read getattr map open)))
|
|
(dontaudit virtualizationmanager hypervisor_pvmfw_prop (file (read)))
|
|
;;* lmx 72 system/sepolicy/private/virtualizationmanager.te
|
|
|
|
(neverallow base_typeattr_855 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop (file (read)))
|
|
;;* lmx 77 system/sepolicy/private/virtualizationmanager.te
|
|
|
|
(neverallow base_typeattr_855 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow virtualizationmanager tombstoned_crash_socket (sock_file (write)))
|
|
(allow virtualizationmanager tombstoned (unix_stream_socket (connectto)))
|
|
(allow virtualizationmanager tombstone_data_file (file (getattr append)))
|
|
(allow virtualizationmanager tombstoned (fd (use)))
|
|
(allow virtualizationmanager proc_dt_avf (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtualizationmanager proc_dt_avf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager proc_dt_avf (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager sysfs_dt_avf (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtualizationmanager sysfs_dt_avf (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager sysfs_dt_avf (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtualizationmanager vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 105 system/sepolicy/private/virtualizationmanager.te
|
|
|
|
(neverallow domain vendor_microdroid_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 106 system/sepolicy/private/virtualizationmanager.te
|
|
|
|
(neverallow domain vendor_microdroid_file (file (write create setattr relabelfrom append unlink link rename)))
|
|
;;* lme
|
|
|
|
(allow virtualizationmanager crosvm (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtualizationmanager crosvm (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationmanager crosvm (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit virtualizationmanager apex_module_data_file (dir (search)))
|
|
(allow init virtualizationservice_exec (file (read getattr map execute open)))
|
|
(allow init virtualizationservice (process (transition)))
|
|
(allow virtualizationservice virtualizationservice_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init virtualizationservice (process (noatsecure)))
|
|
(allow init virtualizationservice (process (siginh rlimitinh)))
|
|
(typetransition init virtualizationservice_exec process virtualizationservice)
|
|
(allow virtualizationservice servicemanager (binder (call transfer)))
|
|
(allow servicemanager virtualizationservice (binder (call transfer)))
|
|
(allow servicemanager virtualizationservice (dir (search)))
|
|
(allow servicemanager virtualizationservice (file (read open)))
|
|
(allow servicemanager virtualizationservice (process (getattr)))
|
|
(allow virtualizationservice virtualization_service (service_manager (add find)))
|
|
;;* lmx 16 system/sepolicy/private/virtualizationservice.te
|
|
|
|
(neverallow base_typeattr_1001 virtualization_service (service_manager (add)))
|
|
;;* lme
|
|
|
|
(allow virtualizationservice system_server (binder (call transfer)))
|
|
(allow system_server virtualizationservice (binder (transfer)))
|
|
(allow virtualizationservice system_server (fd (use)))
|
|
(allow virtualizationservice permission_service (service_manager (find)))
|
|
(allow virtualizationservice remote_provisioning_service (binder (call transfer)))
|
|
(allow remote_provisioning_service virtualizationservice (binder (transfer)))
|
|
(allow virtualizationservice remote_provisioning_service (fd (use)))
|
|
(allow virtualizationservice remote_provisioning_service (service_manager (find)))
|
|
(allow virtualizationservice self (capability (sys_resource)))
|
|
(allow virtualizationservice virtualizationmanager (process (setrlimit)))
|
|
(allow virtualizationservice self (capability (chown)))
|
|
(allow virtualizationservice virtualizationservice_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow virtualizationservice virtualizationservice_data_file (sock_file (unlink)))
|
|
(allow virtualizationservice virtualizationservice_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow virtualizationservice adbd (fd (use)))
|
|
(allow virtualizationservice adbd (unix_stream_socket (read write)))
|
|
(allow virtualizationservice virtualizationmanager_exec (file (read getattr map execute open)))
|
|
(allow virtualizationservice virtualizationmanager (process (transition)))
|
|
(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
|
|
(allow virtualizationmanager virtualizationservice (process (sigchld)))
|
|
(dontaudit virtualizationservice virtualizationmanager (process (noatsecure)))
|
|
(allow virtualizationservice virtualizationmanager (process (siginh rlimitinh)))
|
|
(typetransition virtualizationservice virtualizationmanager_exec process virtualizationmanager)
|
|
(allow crosvm virtualizationservice (unix_stream_socket (ioctl read write getattr)))
|
|
(allow virtualizationmanager virtualizationservice (unix_stream_socket (ioctl read write getattr)))
|
|
(allow crosvm virtualizationservice (fd (use)))
|
|
(allow virtualizationmanager virtualizationservice (fd (use)))
|
|
(allow virtualizationservice virtualizationmanager (fd (use)))
|
|
(allow crosvm virtualizationservice (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationmanager virtualizationservice (fifo_file (ioctl read write getattr)))
|
|
(allow virtualizationservice virtualizationmanager (vsock_socket (read write getattr getopt)))
|
|
(allow virtualizationservice hypervisor_prop (file (read getattr map open)))
|
|
(allow virtualizationservice virtualizationservice_data_file (file (read getattr)))
|
|
(allow virtualizationservice apex_module_data_file (dir (getattr search)))
|
|
(allow virtualizationservice apex_virt_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow virtualizationservice apex_virt_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow virtualizationservice self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
|
|
(allow virtualizationservice property_socket (sock_file (write)))
|
|
(allow virtualizationservice init (unix_stream_socket (connectto)))
|
|
(allow virtualizationservice virtualizationservice_prop (property_service (set)))
|
|
(allow virtualizationservice virtualizationservice_prop (file (read getattr map open)))
|
|
(allow virtualizationservice statsdw_socket (sock_file (write)))
|
|
(allow virtualizationservice statsd (unix_dgram_socket (sendto)))
|
|
(allow virtualizationservice tombstoned_crash_socket (sock_file (write)))
|
|
(allow virtualizationservice tombstoned (unix_stream_socket (connectto)))
|
|
(allow virtualizationservice tombstone_data_file (file (getattr append)))
|
|
(allow virtualizationservice tombstoned (fd (use)))
|
|
(allow virtualizationservice vfio_device (chr_file (getattr)))
|
|
(allow virtualizationservice vfio_device (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtualizationservice virtualizationmanager (fd (use)))
|
|
(allow virtualizationservice vendor_configs_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow virtualizationservice vendor_configs_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow virtualizationservice vendor_configs_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 102 system/sepolicy/private/virtualizationservice.te
|
|
|
|
(neverallow base_typeattr_1002 virtualizationservice_prop (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 109 system/sepolicy/private/virtualizationservice.te
|
|
|
|
(neverallow base_typeattr_1003 virtualizationservice_data_file (file (create open)))
|
|
;;* lme
|
|
|
|
;;* lmx 115 system/sepolicy/private/virtualizationservice.te
|
|
|
|
(neverallow virtualizationservice base_typeattr_1004 (process (setrlimit)))
|
|
;;* lme
|
|
|
|
(allow init vold_exec (file (read getattr map execute open)))
|
|
(allow init vold (process (transition)))
|
|
(allow vold vold_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init vold (process (noatsecure)))
|
|
(allow init vold (process (siginh rlimitinh)))
|
|
(typetransition init vold_exec process vold)
|
|
(allow vold sgdisk_exec (file (read getattr map execute open)))
|
|
(allow vold sgdisk (process (transition)))
|
|
(allow sgdisk sgdisk_exec (file (read getattr map execute open entrypoint)))
|
|
(allow sgdisk vold (process (sigchld)))
|
|
(dontaudit vold sgdisk (process (noatsecure)))
|
|
(allow vold sgdisk (process (siginh rlimitinh)))
|
|
(typetransition vold sgdisk_exec process sgdisk)
|
|
(allow vold sdcardd_exec (file (read getattr map execute open)))
|
|
(allow vold sdcardd (process (transition)))
|
|
(allow sdcardd sdcardd_exec (file (read getattr map execute open entrypoint)))
|
|
(allow sdcardd vold (process (sigchld)))
|
|
(dontaudit vold sdcardd (process (noatsecure)))
|
|
(allow vold sdcardd (process (siginh rlimitinh)))
|
|
(typetransition vold sdcardd_exec process sdcardd)
|
|
(allow vold fuseblkd_untrusted_exec (file (read getattr map execute open)))
|
|
(allow vold fuseblkd_untrusted (process (transition)))
|
|
(allow fuseblkd_untrusted fuseblkd_untrusted_exec (file (read getattr map execute open entrypoint)))
|
|
(allow fuseblkd_untrusted vold (process (sigchld)))
|
|
(dontaudit vold fuseblkd_untrusted (process (noatsecure)))
|
|
(allow vold fuseblkd_untrusted (process (siginh rlimitinh)))
|
|
(typetransition vold fuseblkd_untrusted_exec process fuseblkd_untrusted)
|
|
(allow vold e2fs_exec (file (read getattr map execute open)))
|
|
(allow vold e2fs (process (transition)))
|
|
(allow e2fs e2fs_exec (file (read getattr map execute open entrypoint)))
|
|
(allow e2fs vold (process (sigchld)))
|
|
(dontaudit vold e2fs (process (noatsecure)))
|
|
(allow vold e2fs (process (siginh rlimitinh)))
|
|
(typetransition vold e2fs_exec process e2fs)
|
|
(allow vold blkid_exec (file (read getattr map execute open)))
|
|
(allow vold blkid (process (transition)))
|
|
(allow blkid blkid_exec (file (read getattr map execute open entrypoint)))
|
|
(allow blkid vold (process (sigchld)))
|
|
(dontaudit vold blkid (process (noatsecure)))
|
|
(allow vold blkid (process (siginh rlimitinh)))
|
|
(allow vold blkid_exec (file (read getattr map execute open)))
|
|
(allow vold blkid_untrusted (process (transition)))
|
|
(allow blkid_untrusted blkid_exec (file (read getattr map execute open entrypoint)))
|
|
(allow blkid_untrusted vold (process (sigchld)))
|
|
(dontaudit vold blkid_untrusted (process (noatsecure)))
|
|
(allow vold blkid_untrusted (process (siginh rlimitinh)))
|
|
(allow vold fsck_exec (file (read getattr map execute open)))
|
|
(allow vold fsck (process (transition)))
|
|
(allow fsck fsck_exec (file (read getattr map execute open entrypoint)))
|
|
(allow fsck vold (process (sigchld)))
|
|
(dontaudit vold fsck (process (noatsecure)))
|
|
(allow vold fsck (process (siginh rlimitinh)))
|
|
(allow vold fsck_exec (file (read getattr map execute open)))
|
|
(allow vold fsck_untrusted (process (transition)))
|
|
(allow fsck_untrusted fsck_exec (file (read getattr map execute open entrypoint)))
|
|
(allow fsck_untrusted vold (process (sigchld)))
|
|
(dontaudit vold fsck_untrusted (process (noatsecure)))
|
|
(allow vold fsck_untrusted (process (siginh rlimitinh)))
|
|
(typetransition vold storage_file dir storage_stub_file)
|
|
(typetransition vold mnt_media_rw_file dir mnt_media_rw_stub_file)
|
|
(allow vold vold_config_prop (file (read getattr map open)))
|
|
(allow vold storage_config_prop (file (read getattr map open)))
|
|
(allow vold incremental_prop (file (read getattr map open)))
|
|
(allow vold gsid_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold vold_prop (property_service (set)))
|
|
(allow vold vold_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold vold_status_prop (property_service (set)))
|
|
(allow vold vold_status_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold powerctl_prop (property_service (set)))
|
|
(allow vold powerctl_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold ctl_fuse_prop (property_service (set)))
|
|
(allow vold ctl_fuse_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold restorecon_prop (property_service (set)))
|
|
(allow vold restorecon_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold ota_prop (property_service (set)))
|
|
(allow vold ota_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold boottime_prop (property_service (set)))
|
|
(allow vold boottime_prop (file (read getattr map open)))
|
|
(allow vold property_socket (sock_file (write)))
|
|
(allow vold init (unix_stream_socket (connectto)))
|
|
(allow vold boottime_public_prop (property_service (set)))
|
|
(allow vold boottime_public_prop (file (read getattr map open)))
|
|
(allow vold vold_key (keystore2_key (convert_storage_key_to_ephemeral delete get_info manage_blob rebind req_forced_op update use)))
|
|
(allow vold keystore (binder (call)))
|
|
(allow vold keystore_service (service_manager (find)))
|
|
(allow vold keystore_maintenance_service (service_manager (find)))
|
|
(allow vold keystore (keystore2 (early_boot_ended)))
|
|
(allow vold keystore (keystore2 (delete_all_keys)))
|
|
;;* lmx 73 system/sepolicy/private/vold.te
|
|
|
|
(neverallow base_typeattr_1005 vold_service (service_manager (find)))
|
|
;;* lme
|
|
|
|
(allow vold system_userdir_file (dir (write add_name remove_name)))
|
|
(allow vold vendor_userdir_file (dir (write add_name remove_name)))
|
|
(allow vold media_userdir_file (dir (write add_name remove_name)))
|
|
;;* lmx 101 system/sepolicy/private/vold.te
|
|
|
|
(neverallow base_typeattr_339 system_userdir_file (dir (write add_name remove_name)))
|
|
(neverallow base_typeattr_339 vendor_userdir_file (dir (write add_name remove_name)))
|
|
(neverallow base_typeattr_339 media_userdir_file (dir (write add_name remove_name)))
|
|
;;* lme
|
|
|
|
(allow vold vold_prepare_subdirs_exec (file (read getattr map execute open)))
|
|
(allow vold vold_prepare_subdirs (process (transition)))
|
|
(allow vold_prepare_subdirs vold_prepare_subdirs_exec (file (read getattr map execute open entrypoint)))
|
|
(allow vold_prepare_subdirs vold (process (sigchld)))
|
|
(dontaudit vold vold_prepare_subdirs (process (noatsecure)))
|
|
(allow vold vold_prepare_subdirs (process (siginh rlimitinh)))
|
|
(typetransition vold vold_prepare_subdirs_exec process vold_prepare_subdirs)
|
|
(allow vold_prepare_subdirs system_file (file (execute_no_trans)))
|
|
(allow vold_prepare_subdirs shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow vold_prepare_subdirs toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow vold_prepare_subdirs devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
|
|
(allow vold_prepare_subdirs vold (fd (use)))
|
|
(allow vold_prepare_subdirs vold (fifo_file (read write)))
|
|
(allow vold_prepare_subdirs file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow vold_prepare_subdirs self (capability (chown dac_override dac_read_search fowner)))
|
|
(allow vold_prepare_subdirs self (cap_userns (chown dac_override dac_read_search fowner)))
|
|
(allow vold_prepare_subdirs self (process (setfscreate)))
|
|
(allow vold_prepare_subdirs system_data_file (dir (read write relabelfrom open add_name remove_name rmdir)))
|
|
(allow vold_prepare_subdirs vendor_data_file (dir (read write relabelfrom open add_name remove_name rmdir)))
|
|
(allow vold_prepare_subdirs sdk_sandbox_system_data_file (dir (read write relabelfrom open add_name remove_name rmdir)))
|
|
(allow vold_prepare_subdirs apex_data_file_type (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs apex_module_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs apex_rollback_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs vold_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs backup_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs fingerprint_vendor_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs face_vendor_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs iris_vendor_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs storaged_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs sdk_sandbox_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs rollback_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs checkin_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow vold_prepare_subdirs apex_data_file_type (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs system_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs apex_module_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs apex_rollback_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs vold_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs backup_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs fingerprint_vendor_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs face_vendor_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs iris_vendor_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs storaged_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs sdk_sandbox_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs rollback_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs checkin_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs apex_art_staging_data_file (file (getattr unlink)))
|
|
(allow vold_prepare_subdirs apex_mnt_dir (dir (read open)))
|
|
(allow vold_prepare_subdirs mnt_expand_file (dir (search)))
|
|
(allow vold_prepare_subdirs user_profile_data_file (dir (getattr relabelfrom search)))
|
|
(allow vold_prepare_subdirs user_profile_root_file (dir (getattr relabelfrom relabelto search)))
|
|
(allow vold_prepare_subdirs apex_tethering_data_file (dir (relabelfrom)))
|
|
(allow vold_prepare_subdirs apex_appsearch_data_file (dir (relabelfrom)))
|
|
(allow vold_prepare_subdirs apex_permission_data_file (dir (relabelfrom)))
|
|
(allow vold_prepare_subdirs apex_scheduling_data_file (dir (relabelfrom)))
|
|
(allow vold_prepare_subdirs apex_wifi_data_file (dir (relabelfrom)))
|
|
(allow vold_prepare_subdirs unlabeled (dir (search)))
|
|
(dontaudit vold_prepare_subdirs proc (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(dontaudit vold_prepare_subdirs unlabeled (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(typetransition vzwomatrigger_app tmpfs file appdomain_tmpfs)
|
|
(allow vzwomatrigger_app vzwomatrigger_app_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
|
|
|
|
(neverallow base_typeattr_1006 vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow vzwomatrigger_app appdomain_tmpfs (file (read write getattr map execute)))
|
|
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
|
|
|
|
(neverallow base_typeattr_1007 base_typeattr_1006 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
|
|
|
|
(neverallow base_typeattr_1008 vzwomatrigger_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
|
|
|
|
(neverallow base_typeattr_1009 vzwomatrigger_app (process (ptrace)))
|
|
;;* lme
|
|
|
|
(allow init watchdogd_exec (file (read getattr map execute open)))
|
|
(allow init watchdogd (process (transition)))
|
|
(allow watchdogd watchdogd_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init watchdogd (process (noatsecure)))
|
|
(allow init watchdogd (process (siginh rlimitinh)))
|
|
(typetransition init watchdogd_exec process watchdogd)
|
|
(typetransition webview_zygote tmpfs file webview_zygote_tmpfs)
|
|
(allow webview_zygote webview_zygote_tmpfs (file (read write getattr map)))
|
|
(allow webview_zygote webview_zygote_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 13 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow base_typeattr_1010 webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow webview_zygote apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote apk_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow webview_zygote shared_relro_file (dir (search)))
|
|
(allow webview_zygote shared_relro_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote self (capability (setgid setuid)))
|
|
(allow webview_zygote self (cap_userns (setgid setuid)))
|
|
(allow webview_zygote self (capability (setpcap)))
|
|
(allow webview_zygote self (cap_userns (setpcap)))
|
|
(allow webview_zygote self (process (setcurrent)))
|
|
(allow webview_zygote isolated_app (process (dyntransition)))
|
|
(allow webview_zygote dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote dalvikcache_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow webview_zygote apex_art_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow webview_zygote apex_module_data_file (dir (search)))
|
|
(allow webview_zygote vendor_apex_metadata_file (dir (search)))
|
|
(allow webview_zygote self (process (execmem)))
|
|
(allow webview_zygote debugfs_trace_marker (file (getattr)))
|
|
(allow webview_zygote system_server (process (getpgid)))
|
|
(allow webview_zygote isolated_app (process (setpgid)))
|
|
(dontaudit webview_zygote mnt_expand_file (dir (getattr)))
|
|
(dontaudit webview_zygote dex2oat_exec (file (execute)))
|
|
(allow webview_zygote seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote selinuxfs (file (write lock append map open)))
|
|
(allow webview_zygote kernel (security (check_context)))
|
|
(allow webview_zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote selinuxfs (file (write lock append map open)))
|
|
(allow webview_zygote kernel (security (compute_av)))
|
|
(allow webview_zygote self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow webview_zygote system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote zygote_tmpfs (file (read getattr)))
|
|
(allow webview_zygote zygote (fd (use)))
|
|
(allow webview_zygote zygote (process (sigchld)))
|
|
(allow webview_zygote vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow webview_zygote vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote same_process_hal_file (file (read getattr map execute open)))
|
|
(allow webview_zygote system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote system_unsolzygote_socket (sock_file (write)))
|
|
(allow webview_zygote system_server (unix_dgram_socket (sendto)))
|
|
(allow webview_zygote device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow webview_zygote device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow zygote odsign_prop (file (read getattr map open)))
|
|
(allow webview_zygote resourcecache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow webview_zygote resourcecache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
;;* lmx 105 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote base_typeattr_643 (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 108 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote base_typeattr_644 (process (transition)))
|
|
;;* lme
|
|
|
|
;;* lmx 112 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote base_typeattr_224 (file (execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 116 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow base_typeattr_645 webview_zygote (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 119 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote property_socket (sock_file (write)))
|
|
;;* lme
|
|
|
|
;;* lmx 120 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote property_type (property_service (set)))
|
|
;;* lme
|
|
|
|
;;* lmx 123 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote app_data_file_type (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 129 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote base_typeattr_646 (service_manager (find)))
|
|
;;* lme
|
|
|
|
;;* lmx 132 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 135 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
|
|
;;* lme
|
|
|
|
;;* lmx 136 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
|
|
;;* lme
|
|
|
|
;;* lmx 153 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
|
|
(neverallow webview_zygote domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow webview_zygote domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow webview_zygote domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv nlmsg_getneigh)))
|
|
(neverallow webview_zygote domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow webview_zygote domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
|
|
(neverallow webview_zygote domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
|
|
(neverallow webview_zygote domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
|
|
(neverallow webview_zygote domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
|
|
(neverallow webview_zygote domain (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
|
|
(neverallow webview_zygote domain (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(neverallow webview_zygote domain (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
;;* lme
|
|
|
|
;;* lmx 162 system/sepolicy/private/webview_zygote.te
|
|
|
|
(neverallow webview_zygote bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow webview_zygote bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow webview_zygote bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow webview_zygote exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lme
|
|
|
|
(allow wificond property_socket (sock_file (write)))
|
|
(allow wificond init (unix_stream_socket (connectto)))
|
|
(allow wificond wifi_hal_prop (property_service (set)))
|
|
(allow wificond wifi_hal_prop (file (read getattr map open)))
|
|
(allow wificond property_socket (sock_file (write)))
|
|
(allow wificond init (unix_stream_socket (connectto)))
|
|
(allow wificond wifi_prop (property_service (set)))
|
|
(allow wificond wifi_prop (file (read getattr map open)))
|
|
(allow wificond property_socket (sock_file (write)))
|
|
(allow wificond init (unix_stream_socket (connectto)))
|
|
(allow wificond ctl_default_prop (property_service (set)))
|
|
(allow wificond ctl_default_prop (file (read getattr map open)))
|
|
(allow wificond hwservicemanager_prop (file (read getattr map open)))
|
|
(allow wificond legacykeystore_service (service_manager (find)))
|
|
(allow init wificond_exec (file (read getattr map execute open)))
|
|
(allow init wificond (process (transition)))
|
|
(allow wificond wificond_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init wificond (process (noatsecure)))
|
|
(allow init wificond (process (siginh rlimitinh)))
|
|
(typetransition init wificond_exec process wificond)
|
|
(allow init zygote_exec (file (read getattr map execute open)))
|
|
(allow init zygote (process (transition)))
|
|
(allow zygote zygote_exec (file (read getattr map execute open entrypoint)))
|
|
(dontaudit init zygote (process (noatsecure)))
|
|
(allow init zygote (process (siginh rlimitinh)))
|
|
(typetransition init zygote_exec process zygote)
|
|
(typetransition zygote tmpfs file zygote_tmpfs)
|
|
(allow zygote zygote_tmpfs (file (read write getattr map)))
|
|
(allow zygote runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote self (capability (chown dac_override dac_read_search fowner setgid setuid)))
|
|
(allow zygote self (cap_userns (chown dac_override dac_read_search fowner setgid setuid)))
|
|
(allow zygote self (capability (setpcap)))
|
|
(allow zygote self (cap_userns (setpcap)))
|
|
(allow zygote self (process (setcurrent)))
|
|
(allow zygote system_server_startup (process (dyntransition)))
|
|
(allow zygote appdomain (process (dyntransition)))
|
|
(allow zygote webview_zygote (process (dyntransition)))
|
|
(allow zygote app_zygote (process (dyntransition)))
|
|
(allow zygote appdomain (dir (getattr search)))
|
|
(allow zygote appdomain (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote zygote_userfaultfd (anon_inode (ioctl read create)))
|
|
(dontaudit su zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lmx 27 system/sepolicy/private/zygote.te
|
|
|
|
(neverallow base_typeattr_645 zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
|
|
;;* lme
|
|
|
|
(allow zygote system_server (process (getpgid setpgid)))
|
|
(allow zygote appdomain (process (getpgid setpgid)))
|
|
(allow zygote webview_zygote (process (getpgid setpgid)))
|
|
(allow zygote app_zygote (process (getpgid setpgid)))
|
|
(allow zygote system_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote mnt_expand_file (dir (getattr)))
|
|
(allow zygote dalvikcache_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote dalvikcache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote dalvikcache_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote resourcecache_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
|
|
(allow zygote resourcecache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote dalvikcache_data_file (file (execute)))
|
|
(allow zygote apex_module_data_file (dir (search)))
|
|
(allow zygote apex_art_data_file (dir (getattr search)))
|
|
(allow zygote apex_art_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
|
|
(allow zygote properties_device (dir (mounton search)))
|
|
(allow zygote system_data_file (dir (mounton search)))
|
|
(allow zygote system_userdir_file (dir (mounton search)))
|
|
(allow zygote user_profile_root_file (dir (mounton search)))
|
|
(allow zygote user_profile_data_file (dir (mounton search)))
|
|
(allow zygote media_rw_data_file (dir (mounton search)))
|
|
(allow zygote mirror_data_file (dir (search)))
|
|
(allow zygote mnt_expand_file (dir (read open search)))
|
|
(allow zygote app_data_file_type (dir (getattr)))
|
|
(allow zygote tmpfs (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote tmpfs (lnk_file (create)))
|
|
(allow zygote tmpfs (dir (relabelfrom)))
|
|
(allow zygote tmpfs (lnk_file (relabelfrom)))
|
|
(allow zygote system_userdir_file (dir (relabelto)))
|
|
(allow zygote system_data_file (dir (relabelto)))
|
|
(allow zygote system_data_file (lnk_file (relabelto)))
|
|
(allow zygote sdk_sandbox_system_data_file (dir (getattr relabelto search)))
|
|
(allow zygote proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote self (process (execmem)))
|
|
(allow zygote zygote_tmpfs (file (execute)))
|
|
(allow zygote ashmem_libcutils_device (chr_file (execute)))
|
|
(allow zygote idmap_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow zygote dex2oat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow zygote vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote cgroup (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote cgroup (file (ioctl read getattr setattr lock map open watch watch_reads)))
|
|
(allow zygote cgroup (lnk_file (ioctl read getattr setattr lock map open watch watch_reads)))
|
|
(allow zygote cgroup_v2 (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote cgroup_v2 (file (ioctl read getattr setattr lock map open watch watch_reads)))
|
|
(allow zygote cgroup_v2 (lnk_file (ioctl read getattr setattr lock map open watch watch_reads)))
|
|
(allow zygote self (capability (sys_admin)))
|
|
(allow zygote self (cap_userns (sys_admin)))
|
|
(allow zygote pmsg_device (chr_file (getattr)))
|
|
(allow zygote debugfs_trace_marker (file (getattr)))
|
|
(allow zygote seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote selinuxfs (file (write lock append map open)))
|
|
(allow zygote kernel (security (check_context)))
|
|
(allow zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote selinuxfs (file (write lock append map open)))
|
|
(allow zygote kernel (security (compute_av)))
|
|
(allow zygote self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
|
|
(allow zygote proc_cpuinfo (file (mounton)))
|
|
(allow zygote rootfs (dir (mounton)))
|
|
(allow zygote tmpfs (filesystem (mount unmount)))
|
|
(allow zygote fuse (filesystem (unmount)))
|
|
(allow zygote sdcardfs (filesystem (unmount)))
|
|
(allow zygote labeledfs (filesystem (unmount)))
|
|
(allow zygote mnt_user_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote mnt_user_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote mnt_user_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote mnt_pass_through_file (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote storage_file (dir (mounton search)))
|
|
(allow zygote sdcard_type (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote fuse (dir (ioctl read write create getattr setattr lock rename mounton open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow zygote sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow zygote zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
|
|
(allow zygote statsdw_socket (sock_file (write)))
|
|
(allow zygote statsd (unix_dgram_socket (sendto)))
|
|
(allow zygote rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote rootfs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote system_file (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote system_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote oemfs (dir (search)))
|
|
(allow zygote ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote same_process_hal_file (file (read getattr map execute open)))
|
|
(allow zygote build_attestation_prop (file (read getattr map open)))
|
|
(allow zygote storage_config_prop (file (read getattr map open)))
|
|
(allow zygote overlay_prop (file (read getattr map open)))
|
|
(allow zygote exported_overlay_prop (file (read getattr map open)))
|
|
(allow zygote device_config_runtime_native_prop (file (read getattr map open)))
|
|
(allow zygote device_config_runtime_native_boot_prop (file (read getattr map open)))
|
|
(allow zygote device_config_window_manager_native_boot_prop (file (read getattr map open)))
|
|
(dontaudit zygote self (capability (fsetid sys_resource)))
|
|
(dontaudit zygote self (cap_userns (fsetid sys_resource)))
|
|
(dontaudit zygote media_rw_data_file (dir (read setattr open)))
|
|
(allow zygote system_server (fd (use)))
|
|
(allow zygote system_unsolzygote_socket (sock_file (write)))
|
|
(allow zygote system_server (unix_dgram_socket (sendto)))
|
|
(allow zygote media_variant_prop (file (read getattr map open)))
|
|
(allow zygote odsign_prop (file (read getattr map open)))
|
|
(allow zygote packagemanager_config_prop (file (read getattr map open)))
|
|
(allow zygote qemu_sf_lcd_density_prop (file (read getattr map open)))
|
|
(allow zygote persist_wm_debug_prop (file (read getattr map open)))
|
|
(allow zygote persist_sysui_builder_extras_prop (file (read getattr map open)))
|
|
(allow zygote persist_sysui_ranking_update_prop (file (read getattr map open)))
|
|
(allow zygote apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote vendor_apex_file (dir (getattr search)))
|
|
(allow zygote vendor_apex_file (file (getattr)))
|
|
(allow zygote vendor_apex_metadata_file (dir (search)))
|
|
(allow zygote sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
|
|
(allow zygote sysfs_fs_f2fs (file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote sysfs_fs_f2fs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
|
|
(allow zygote system_font_fallback_file (file (ioctl read getattr lock map open watch watch_reads)))
|
|
;;* lmx 289 system/sepolicy/private/zygote.te
|
|
|
|
(neverallow zygote base_typeattr_1011 (process (dyntransition)))
|
|
;;* lme
|
|
|
|
;;* lmx 298 system/sepolicy/private/zygote.te
|
|
|
|
(neverallow zygote base_typeattr_1012 (file (execute execute_no_trans)))
|
|
;;* lme
|
|
|
|
;;* lmx 306 system/sepolicy/private/zygote.te
|
|
|
|
(neverallow zygote bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow zygote bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow zygote bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(neverallow zygote exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
;;* lme
|
|
|
|
;;* lmx 309 system/sepolicy/private/zygote.te
|
|
|
|
(neverallow zygote app_data_file_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
|
|
;;* lme
|
|
|
|
(typetransition zygote zygote anon_inode "[userfaultfd]" zygote_userfaultfd)
|
|
(typetransition webview_zygote webview_zygote anon_inode "[userfaultfd]" webview_zygote_userfaultfd)
|
|
(typetransition vzwomatrigger_app vzwomatrigger_app anon_inode "[userfaultfd]" vzwomatrigger_app_userfaultfd)
|
|
(typetransition untrusted_app_32 untrusted_app_32 anon_inode "[userfaultfd]" untrusted_app_32_userfaultfd)
|
|
(typetransition untrusted_app_30 untrusted_app_30 anon_inode "[userfaultfd]" untrusted_app_30_userfaultfd)
|
|
(typetransition untrusted_app_29 untrusted_app_29 anon_inode "[userfaultfd]" untrusted_app_29_userfaultfd)
|
|
(typetransition untrusted_app_27 untrusted_app_27 anon_inode "[userfaultfd]" untrusted_app_27_userfaultfd)
|
|
(typetransition untrusted_app_25 untrusted_app_25 anon_inode "[userfaultfd]" untrusted_app_25_userfaultfd)
|
|
(typetransition untrusted_app untrusted_app anon_inode "[userfaultfd]" untrusted_app_userfaultfd)
|
|
(typetransition traceur_app traceur_app anon_inode "[userfaultfd]" traceur_app_userfaultfd)
|
|
(typetransition system_server system_data_file sock_file "unsolzygotesocket" system_unsolzygote_socket)
|
|
(typetransition system_server system_data_file sock_file "ndebugsocket" system_ndebug_socket)
|
|
(typetransition system_server system_server anon_inode "[userfaultfd]" system_server_userfaultfd)
|
|
(typetransition system_app system_app anon_inode "[userfaultfd]" system_app_userfaultfd)
|
|
(typetransition snapuserd snapuserd anon_inode "[io_uring]" snapuserd_iouring)
|
|
(typetransition simpleperf simpleperf anon_inode "[userfaultfd]" simpleperf_userfaultfd)
|
|
(typetransition shell shell anon_inode "[userfaultfd]" shell_userfaultfd)
|
|
(typetransition shared_relro shared_relro anon_inode "[userfaultfd]" shared_relro_userfaultfd)
|
|
(typetransition secure_element secure_element anon_inode "[userfaultfd]" secure_element_userfaultfd)
|
|
(typetransition sdk_sandbox_next sdk_sandbox_next anon_inode "[userfaultfd]" sdk_sandbox_next_userfaultfd)
|
|
(typetransition sdk_sandbox_audit sdk_sandbox_audit anon_inode "[userfaultfd]" sdk_sandbox_audit_userfaultfd)
|
|
(typetransition sdk_sandbox_34 sdk_sandbox_34 anon_inode "[userfaultfd]" sdk_sandbox_34_userfaultfd)
|
|
(typetransition runas_app runas_app anon_inode "[userfaultfd]" runas_app_userfaultfd)
|
|
(typetransition rkpdapp rkpdapp anon_inode "[userfaultfd]" rkpdapp_userfaultfd)
|
|
(typetransition radio radio anon_inode "[userfaultfd]" radio_userfaultfd)
|
|
(typetransition priv_app priv_app anon_inode "[userfaultfd]" priv_app_userfaultfd)
|
|
(typetransition platform_app platform_app anon_inode "[userfaultfd]" platform_app_userfaultfd)
|
|
(typetransition permissioncontroller_app permissioncontroller_app anon_inode "[userfaultfd]" permissioncontroller_app_userfaultfd)
|
|
(typetransition odrefresh odrefresh anon_inode "[userfaultfd]" odrefresh_userfaultfd)
|
|
(typetransition nfc nfc anon_inode "[userfaultfd]" nfc_userfaultfd)
|
|
(typetransition network_stack network_stack anon_inode "[userfaultfd]" network_stack_userfaultfd)
|
|
(typetransition mediaprovider_app mediaprovider_app anon_inode "[userfaultfd]" mediaprovider_app_userfaultfd)
|
|
(typetransition mediaprovider mediaprovider anon_inode "[userfaultfd]" mediaprovider_userfaultfd)
|
|
(typetransition isolated_compute_app isolated_compute_app anon_inode "[userfaultfd]" isolated_compute_app_userfaultfd)
|
|
(typetransition isolated_app isolated_app anon_inode "[userfaultfd]" isolated_app_userfaultfd)
|
|
(typetransition gmscore_app gmscore_app anon_inode "[userfaultfd]" gmscore_app_userfaultfd)
|
|
(typetransition fastbootd fastbootd anon_inode "[io_uring]" fastbootd_iouring)
|
|
(typetransition ephemeral_app ephemeral_app anon_inode "[userfaultfd]" ephemeral_app_userfaultfd)
|
|
(typetransition dexoptanalyzer dexoptanalyzer anon_inode "[userfaultfd]" dexoptanalyzer_userfaultfd)
|
|
(typetransition dexopt_chroot_setup dexopt_chroot_setup anon_inode "[userfaultfd]" dexopt_chroot_setup_userfaultfd)
|
|
(typetransition dex2oat dex2oat anon_inode "[userfaultfd]" dex2oat_userfaultfd)
|
|
(typetransition device_as_webcam device_as_webcam anon_inode "[userfaultfd]" device_as_webcam_userfaultfd)
|
|
(typetransition bluetooth bluetooth anon_inode "[userfaultfd]" bluetooth_userfaultfd)
|
|
(typetransition artd artd anon_inode "[userfaultfd]" artd_userfaultfd)
|
|
(typetransition app_zygote app_zygote anon_inode "[userfaultfd]" app_zygote_userfaultfd)
|
|
(typeattribute base_typeattr_1012)
|
|
(typeattributeset base_typeattr_1012 (and (data_file_type ) (not (dalvikcache_data_file apex_art_data_file ))))
|
|
(typeattribute base_typeattr_1011)
|
|
(typeattributeset base_typeattr_1011 (not (appdomain app_zygote webview_zygote system_server_startup ) ))
|
|
(typeattribute base_typeattr_1010)
|
|
(typeattributeset base_typeattr_1010 (and (domain ) (not (webview_zygote ))))
|
|
(typeattribute base_typeattr_1009)
|
|
(typeattributeset base_typeattr_1009 (and (domain ) (not (crash_dump runas_app simpleperf vzwomatrigger_app ))))
|
|
(typeattribute base_typeattr_1008)
|
|
(typeattributeset base_typeattr_1008 (and (appdomain ) (not (runas_app shell simpleperf vzwomatrigger_app ))))
|
|
(typeattribute base_typeattr_1007)
|
|
(typeattributeset base_typeattr_1007 (and (vzwomatrigger_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_1006)
|
|
(typeattributeset base_typeattr_1006 (and (domain ) (not (vzwomatrigger_app ))))
|
|
(typeattribute base_typeattr_1005)
|
|
(typeattributeset base_typeattr_1005 (and (domain ) (not (apexd system_server update_verifier vdc vold gsid ))))
|
|
(typeattribute base_typeattr_1004)
|
|
(typeattributeset base_typeattr_1004 (and (domain ) (not (virtualizationmanager virtualizationservice ))))
|
|
(typeattribute base_typeattr_1003)
|
|
(typeattributeset base_typeattr_1003 (and (domain ) (not (init virtualizationmanager virtualizationservice ))))
|
|
(typeattribute base_typeattr_1002)
|
|
(typeattributeset base_typeattr_1002 (and (domain ) (not (init virtualizationservice ))))
|
|
(typeattribute base_typeattr_1001)
|
|
(typeattributeset base_typeattr_1001 (and (domain ) (not (virtualizationservice ))))
|
|
(typeattribute base_typeattr_1000)
|
|
(typeattributeset base_typeattr_1000 (and (domain ) (not (virtual_camera ))))
|
|
(typeattribute base_typeattr_999)
|
|
(typeattributeset base_typeattr_999 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device lowpan_device ))))
|
|
(typeattribute base_typeattr_998)
|
|
(typeattributeset base_typeattr_998 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_32 ))))
|
|
(typeattribute base_typeattr_997)
|
|
(typeattributeset base_typeattr_997 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_32 ))))
|
|
(typeattribute base_typeattr_996)
|
|
(typeattributeset base_typeattr_996 (and (untrusted_app_32 ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_995)
|
|
(typeattributeset base_typeattr_995 (and (domain ) (not (untrusted_app_32 ))))
|
|
(typeattribute base_typeattr_994)
|
|
(typeattributeset base_typeattr_994 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_30 ))))
|
|
(typeattribute base_typeattr_993)
|
|
(typeattributeset base_typeattr_993 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_30 ))))
|
|
(typeattribute base_typeattr_992)
|
|
(typeattributeset base_typeattr_992 (and (untrusted_app_30 ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_991)
|
|
(typeattributeset base_typeattr_991 (and (domain ) (not (untrusted_app_30 ))))
|
|
(typeattribute base_typeattr_990)
|
|
(typeattributeset base_typeattr_990 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_29 ))))
|
|
(typeattribute base_typeattr_989)
|
|
(typeattributeset base_typeattr_989 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_29 ))))
|
|
(typeattribute base_typeattr_988)
|
|
(typeattributeset base_typeattr_988 (and (untrusted_app_29 ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_987)
|
|
(typeattributeset base_typeattr_987 (and (domain ) (not (untrusted_app_29 ))))
|
|
(typeattribute base_typeattr_986)
|
|
(typeattributeset base_typeattr_986 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_27 ))))
|
|
(typeattribute base_typeattr_985)
|
|
(typeattributeset base_typeattr_985 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_27 ))))
|
|
(typeattribute base_typeattr_984)
|
|
(typeattributeset base_typeattr_984 (and (untrusted_app_27 ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_983)
|
|
(typeattributeset base_typeattr_983 (and (domain ) (not (untrusted_app_27 ))))
|
|
(typeattribute base_typeattr_982)
|
|
(typeattributeset base_typeattr_982 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_981)
|
|
(typeattributeset base_typeattr_981 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_980)
|
|
(typeattributeset base_typeattr_980 (and (untrusted_app_25 ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_979)
|
|
(typeattributeset base_typeattr_979 (and (domain ) (not (untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_978)
|
|
(typeattributeset base_typeattr_978 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app ))))
|
|
(typeattribute base_typeattr_977)
|
|
(typeattributeset base_typeattr_977 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app ))))
|
|
(typeattribute base_typeattr_976)
|
|
(typeattributeset base_typeattr_976 (and (untrusted_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_975)
|
|
(typeattributeset base_typeattr_975 (and (domain ) (not (untrusted_app ))))
|
|
(typeattribute base_typeattr_974)
|
|
(typeattributeset base_typeattr_974 (and (domain ) (not (crash_dump runas_app simpleperf traceur_app ))))
|
|
(typeattribute base_typeattr_973)
|
|
(typeattributeset base_typeattr_973 (and (appdomain ) (not (runas_app shell simpleperf traceur_app ))))
|
|
(typeattribute base_typeattr_972)
|
|
(typeattributeset base_typeattr_972 (and (traceur_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_971)
|
|
(typeattributeset base_typeattr_971 (and (domain ) (not (traceur_app ))))
|
|
(typeattribute base_typeattr_970)
|
|
(typeattributeset base_typeattr_970 (and (data_file_type ) (not (packages_list_file game_mode_intervention_list_file ))))
|
|
(typeattribute base_typeattr_969)
|
|
(typeattributeset base_typeattr_969 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file apk_data_file dalvikcache_data_file user_profile_root_file user_profile_data_file apex_module_data_file bootstat_data_file media_userdir_file update_engine_data_file update_engine_log_data_file system_app_data_file backup_data_file apex_art_data_file ))))
|
|
(typeattribute base_typeattr_968)
|
|
(typeattributeset base_typeattr_968 (and (domain ) (not (dumpstate perfetto shell system_server traced traceur_app ))))
|
|
(typeattribute base_typeattr_967)
|
|
(typeattributeset base_typeattr_967 (and (data_file_type ) (not (trace_data_file perfetto_traces_data_file ))))
|
|
(typeattribute base_typeattr_966)
|
|
(typeattributeset base_typeattr_966 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file ))))
|
|
(typeattribute base_typeattr_965)
|
|
(typeattributeset base_typeattr_965 (and (domain ) (not (dumpstate init tombstoned vendor_init ))))
|
|
(typeattribute base_typeattr_964)
|
|
(typeattributeset base_typeattr_964 (and (domain ) (not (atrace bluetooth dumpstate system_server traceur_app system_suspend ))))
|
|
(typeattribute base_typeattr_963)
|
|
(typeattributeset base_typeattr_963 (and (domain ) (not (system_suspend ))))
|
|
(typeattribute base_typeattr_962)
|
|
(typeattributeset base_typeattr_962 (and (domain ) (not (init system_server ueventd vendor_init ))))
|
|
(typeattribute base_typeattr_961)
|
|
(typeattributeset base_typeattr_961 (and (domain ) (not (init system_server aconfigd ))))
|
|
(typeattribute base_typeattr_960)
|
|
(typeattributeset base_typeattr_960 (and (dev_type ) (not (vd_device frp_block_device ))))
|
|
(typeattribute base_typeattr_959)
|
|
(typeattributeset base_typeattr_959 (and (dev_type ) (not (frp_block_device ))))
|
|
(typeattribute base_typeattr_958)
|
|
(typeattributeset base_typeattr_958 (and (domain ) (not (flags_health_check init system_server ))))
|
|
(typeattribute base_typeattr_957)
|
|
(typeattributeset base_typeattr_957 (and (domain ) (not (app_zygote init system_server webview_zygote zygote ))))
|
|
(typeattribute base_typeattr_956)
|
|
(typeattributeset base_typeattr_956 (and (domain ) (not (crash_dump init system_server ))))
|
|
(typeattribute base_typeattr_955)
|
|
(typeattributeset base_typeattr_955 (and (domain ) (not (crash_dump perfetto clatd ))))
|
|
(typeattribute base_typeattr_954)
|
|
(typeattributeset base_typeattr_954 (and (file_type ) (not (logcat_exec toolbox_exec ))))
|
|
(typeattribute base_typeattr_953)
|
|
(typeattributeset base_typeattr_953 (and (app_data_file_type ) (not (radio_data_file system_app_data_file ))))
|
|
(typeattribute base_typeattr_952)
|
|
(typeattributeset base_typeattr_952 (and (domain ) (not (init system_app ))))
|
|
(typeattribute base_typeattr_951)
|
|
(typeattributeset base_typeattr_951 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service installd_service lpdump_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtual_touchpad_service vold_service tracingproxy_service ))))
|
|
(typeattribute base_typeattr_950)
|
|
(typeattributeset base_typeattr_950 (and (domain ) (not (crash_dump runas_app simpleperf system_app ))))
|
|
(typeattribute base_typeattr_949)
|
|
(typeattributeset base_typeattr_949 (and (appdomain ) (not (runas_app shell simpleperf system_app ))))
|
|
(typeattribute base_typeattr_948)
|
|
(typeattributeset base_typeattr_948 (and (system_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_947)
|
|
(typeattributeset base_typeattr_947 (and (domain ) (not (system_app ))))
|
|
(typeattribute base_typeattr_946)
|
|
(typeattributeset base_typeattr_946 (and (domain ) (not (surfaceflinger ))))
|
|
(typeattribute base_typeattr_945)
|
|
(typeattributeset base_typeattr_945 (and (domain ) (not (storaged ))))
|
|
(typeattribute base_typeattr_944)
|
|
(typeattributeset base_typeattr_944 (and (domain ) (not (statsd ))))
|
|
(typeattribute base_typeattr_943)
|
|
(typeattributeset base_typeattr_943 (and (domain ) (not (snapuserd ))))
|
|
(typeattribute base_typeattr_942)
|
|
(typeattributeset base_typeattr_942 (and (domain ) (not (init snapuserd ))))
|
|
(typeattribute base_typeattr_941)
|
|
(typeattributeset base_typeattr_941 (and (simpleperf ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_940)
|
|
(typeattributeset base_typeattr_940 (and (domain ) (not (simpleperf ))))
|
|
(typeattribute base_typeattr_939)
|
|
(typeattributeset base_typeattr_939 (and (untrusted_app_all ephemeral_app isolated_app platform_app priv_app ) (not (runas_app ))))
|
|
(typeattribute base_typeattr_938)
|
|
(typeattributeset base_typeattr_938 (and (domain ) (not (dumpstate init shell ))))
|
|
(typeattribute base_typeattr_937)
|
|
(typeattributeset base_typeattr_937 (and (domain ) (not (crash_dump runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_936)
|
|
(typeattributeset base_typeattr_936 (and (shell ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_935)
|
|
(typeattributeset base_typeattr_935 (and (domain ) (not (shell ))))
|
|
(typeattribute base_typeattr_934)
|
|
(typeattributeset base_typeattr_934 (and (domain ) (not (crash_dump runas_app shared_relro simpleperf ))))
|
|
(typeattribute base_typeattr_933)
|
|
(typeattributeset base_typeattr_933 (and (appdomain ) (not (runas_app shared_relro shell simpleperf ))))
|
|
(typeattribute base_typeattr_932)
|
|
(typeattributeset base_typeattr_932 (and (shared_relro ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_931)
|
|
(typeattributeset base_typeattr_931 (and (domain ) (not (shared_relro ))))
|
|
(typeattribute base_typeattr_930)
|
|
(typeattributeset base_typeattr_930 (and (domain ) (not (crash_dump runas_app secure_element simpleperf ))))
|
|
(typeattribute base_typeattr_929)
|
|
(typeattributeset base_typeattr_929 (and (appdomain ) (not (runas_app secure_element shell simpleperf ))))
|
|
(typeattribute base_typeattr_928)
|
|
(typeattributeset base_typeattr_928 (and (secure_element ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_927)
|
|
(typeattributeset base_typeattr_927 (and (domain ) (not (secure_element ))))
|
|
(typeattribute base_typeattr_926)
|
|
(typeattributeset base_typeattr_926 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_next ))))
|
|
(typeattribute base_typeattr_925)
|
|
(typeattributeset base_typeattr_925 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_next ))))
|
|
(typeattribute base_typeattr_924)
|
|
(typeattributeset base_typeattr_924 (and (sdk_sandbox_next ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_923)
|
|
(typeattributeset base_typeattr_923 (and (domain ) (not (sdk_sandbox_next ))))
|
|
(typeattribute base_typeattr_922)
|
|
(typeattributeset base_typeattr_922 (and (property_type ) (not (system_property_type ))))
|
|
(typeattribute base_typeattr_921)
|
|
(typeattributeset base_typeattr_921 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_audit ))))
|
|
(typeattribute base_typeattr_920)
|
|
(typeattributeset base_typeattr_920 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_audit ))))
|
|
(typeattribute base_typeattr_919)
|
|
(typeattributeset base_typeattr_919 (and (sdk_sandbox_audit ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_918)
|
|
(typeattributeset base_typeattr_918 (and (domain ) (not (sdk_sandbox_audit ))))
|
|
(typeattribute base_typeattr_917)
|
|
(typeattributeset base_typeattr_917 (and (domain ) (not (init installd system_server vold_prepare_subdirs zygote sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_916)
|
|
(typeattributeset base_typeattr_916 (and (domain ) (not (init installd system_server vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_915)
|
|
(typeattributeset base_typeattr_915 (and (app_data_file_type ) (not (shell_data_file radio_data_file sdk_sandbox_data_file ))))
|
|
(typeattribute base_typeattr_914)
|
|
(typeattributeset base_typeattr_914 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_34 ))))
|
|
(typeattribute base_typeattr_913)
|
|
(typeattributeset base_typeattr_913 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_34 ))))
|
|
(typeattribute base_typeattr_912)
|
|
(typeattributeset base_typeattr_912 (and (sdk_sandbox_34 ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_911)
|
|
(typeattributeset base_typeattr_911 (and (domain ) (not (sdk_sandbox_34 ))))
|
|
(typeattribute base_typeattr_910)
|
|
(typeattributeset base_typeattr_910 (and (domain ) (not (crash_dump runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_909)
|
|
(typeattributeset base_typeattr_909 (and (appdomain ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_908)
|
|
(typeattributeset base_typeattr_908 (and (runas_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_907)
|
|
(typeattributeset base_typeattr_907 (and (domain ) (not (runas_app ))))
|
|
(typeattribute base_typeattr_906)
|
|
(typeattributeset base_typeattr_906 (and (domain ) (not (crash_dump rkpdapp runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_905)
|
|
(typeattributeset base_typeattr_905 (and (appdomain ) (not (rkpdapp runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_904)
|
|
(typeattributeset base_typeattr_904 (and (rkpdapp ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_903)
|
|
(typeattributeset base_typeattr_903 (and (domain ) (not (rkpdapp ))))
|
|
(typeattribute base_typeattr_902)
|
|
(typeattributeset base_typeattr_902 (and (domain ) (not (rkpd ))))
|
|
(typeattribute base_typeattr_901)
|
|
(typeattributeset base_typeattr_901 (and (file_type ) (not (recovery_data_file ))))
|
|
(typeattribute base_typeattr_900)
|
|
(typeattributeset base_typeattr_900 (and (domain ) (not (init radio ))))
|
|
(typeattribute base_typeattr_899)
|
|
(typeattributeset base_typeattr_899 (and (domain ) (not (crash_dump radio runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_898)
|
|
(typeattributeset base_typeattr_898 (and (appdomain ) (not (radio runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_897)
|
|
(typeattributeset base_typeattr_897 (and (radio ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_896)
|
|
(typeattributeset base_typeattr_896 (and (appdomain ) (not (system_app device_as_webcam ))))
|
|
(typeattribute base_typeattr_895)
|
|
(typeattributeset base_typeattr_895 (and (domain ) (not (dumpstate init profcollectd ))))
|
|
(typeattribute base_typeattr_894)
|
|
(typeattributeset base_typeattr_894 (and (domain ) (not (coredomain apexd dumpstate vendor_init ))))
|
|
(typeattribute base_typeattr_893)
|
|
(typeattributeset base_typeattr_893 (and (domain ) (not (coredomain apexd dumpstate init ))))
|
|
(typeattribute base_typeattr_892)
|
|
(typeattributeset base_typeattr_892 (and (domain ) (not (init rkpdapp shell ))))
|
|
(typeattribute base_typeattr_891)
|
|
(typeattributeset base_typeattr_891 (and (domain ) (not (hal_dumpstate_server dumpstate init ))))
|
|
(typeattribute base_typeattr_890)
|
|
(typeattributeset base_typeattr_890 (and (domain ) (not (appdomain dumpstate init vendor_init ))))
|
|
(typeattribute base_typeattr_889)
|
|
(typeattributeset base_typeattr_889 (and (domain ) (not (dumpstate init system_app vendor_init ))))
|
|
(typeattribute base_typeattr_888)
|
|
(typeattributeset base_typeattr_888 (and (domain ) (not (init surfaceflinger ))))
|
|
(typeattribute base_typeattr_887)
|
|
(typeattributeset base_typeattr_887 (and (domain ) (not (appdomain hal_telephony_server init radio ))))
|
|
(typeattribute base_typeattr_886)
|
|
(typeattributeset base_typeattr_886 (and (domain ) (not (init shell system_app system_server mtectrl ))))
|
|
(typeattribute base_typeattr_885)
|
|
(typeattributeset base_typeattr_885 (and (domain ) (not (init shell ))))
|
|
(typeattribute base_typeattr_884)
|
|
(typeattributeset base_typeattr_884 (and (domain ) (not (adbd init ))))
|
|
(typeattribute base_typeattr_883)
|
|
(typeattributeset base_typeattr_883 (and (domain ) (not (adbd init system_server vendor_init ))))
|
|
(typeattribute base_typeattr_882)
|
|
(typeattributeset base_typeattr_882 (and (property_type ) (not (extended_core_property_type system_property_type ))))
|
|
(typeattribute base_typeattr_881)
|
|
(typeattributeset base_typeattr_881 (and (coredomain ) (not (system_writes_vendor_properties_violators init ))))
|
|
(typeattribute base_typeattr_880)
|
|
(typeattributeset base_typeattr_880 (and (core_property_type extended_core_property_type dalvik_config_prop_type exported3_system_prop systemsound_config_prop ) (not (debug_prop logd_prop nfc_prop powerctl_prop radio_prop ))))
|
|
(typeattribute base_typeattr_879)
|
|
(typeattributeset base_typeattr_879 (and (domain ) (not (hal_wifi_server dumpstate init vendor_init wificond ))))
|
|
(typeattribute base_typeattr_878)
|
|
(typeattributeset base_typeattr_878 (and (domain ) (not (coredomain hal_wifi_server wificond ))))
|
|
(typeattribute base_typeattr_877)
|
|
(typeattributeset base_typeattr_877 (and (domain ) (not (coredomain hal_camera_server cameraserver vendor_init ))))
|
|
(typeattribute base_typeattr_876)
|
|
(typeattributeset base_typeattr_876 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth vendor_init ))))
|
|
(typeattribute base_typeattr_875)
|
|
(typeattributeset base_typeattr_875 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth ))))
|
|
(typeattribute base_typeattr_874)
|
|
(typeattributeset base_typeattr_874 (and (domain ) (not (appdomain coredomain hal_telephony_server ))))
|
|
(typeattribute base_typeattr_873)
|
|
(typeattributeset base_typeattr_873 (and (domain ) (not (appdomain coredomain hal_telephony_server vendor_init ))))
|
|
(typeattribute base_typeattr_872)
|
|
(typeattributeset base_typeattr_872 (and (domain ) (not (appdomain coredomain hal_nfc_server ))))
|
|
(typeattribute base_typeattr_871)
|
|
(typeattributeset base_typeattr_871 (and (core_property_type extended_core_property_type exported3_system_prop exported_dumpstate_prop exported_config_prop exported_default_prop exported_system_prop usb_control_prop ) (not (nfc_prop powerctl_prop radio_prop ))))
|
|
(typeattribute base_typeattr_870)
|
|
(typeattributeset base_typeattr_870 (and (domain ) (not (appdomain coredomain vendor_init ))))
|
|
(typeattribute base_typeattr_869)
|
|
(typeattributeset base_typeattr_869 (and (domain ) (not (init misctrl ))))
|
|
(typeattribute base_typeattr_868)
|
|
(typeattributeset base_typeattr_868 (and (domain ) (not (dumpstate init misctrl ))))
|
|
(typeattribute base_typeattr_867)
|
|
(typeattributeset base_typeattr_867 (and (domain ) (not (extra_free_kbytes init ))))
|
|
(typeattribute base_typeattr_866)
|
|
(typeattributeset base_typeattr_866 (and (core_property_type ) (not (fingerprint_prop restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))))
|
|
(typeattribute base_typeattr_865)
|
|
(typeattributeset base_typeattr_865 (and (vendor_property_type ) (not (vendor_public_property_type ))))
|
|
(typeattribute base_typeattr_864)
|
|
(typeattributeset base_typeattr_864 (and (vendor_property_type vendor_internal_property_type ) (not (vendor_restricted_property_type vendor_public_property_type ))))
|
|
(typeattribute base_typeattr_863)
|
|
(typeattributeset base_typeattr_863 (and (system_property_type ) (not (system_public_property_type ))))
|
|
(typeattribute base_typeattr_862)
|
|
(typeattributeset base_typeattr_862 (and (system_property_type system_internal_property_type ) (not (system_restricted_property_type system_public_property_type ))))
|
|
(typeattribute base_typeattr_861)
|
|
(typeattributeset base_typeattr_861 (and (property_type ) (not (system_property_type vendor_property_type ))))
|
|
(typeattribute base_typeattr_860)
|
|
(typeattributeset base_typeattr_860 (and (app_data_file_type ) (not (privapp_data_file ))))
|
|
(typeattribute base_typeattr_859)
|
|
(typeattributeset base_typeattr_859 (and (domain ) (not (crash_dump priv_app runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_858)
|
|
(typeattributeset base_typeattr_858 (and (appdomain ) (not (priv_app runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_857)
|
|
(typeattributeset base_typeattr_857 (and (priv_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_856)
|
|
(typeattributeset base_typeattr_856 (and (domain ) (not (priv_app ))))
|
|
(typeattribute base_typeattr_855)
|
|
(typeattributeset base_typeattr_855 (and (domain ) (not (dumpstate init ))))
|
|
(typeattribute base_typeattr_854)
|
|
(typeattributeset base_typeattr_854 (and (domain ) (not (crash_dump platform_app runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_853)
|
|
(typeattributeset base_typeattr_853 (and (appdomain ) (not (platform_app runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_852)
|
|
(typeattributeset base_typeattr_852 (and (platform_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_851)
|
|
(typeattributeset base_typeattr_851 (and (domain ) (not (platform_app ))))
|
|
(typeattribute base_typeattr_850)
|
|
(typeattributeset base_typeattr_850 (and (domain ) (not (crash_dump runas_app simpleperf permissioncontroller_app ))))
|
|
(typeattribute base_typeattr_849)
|
|
(typeattributeset base_typeattr_849 (and (appdomain ) (not (runas_app shell simpleperf permissioncontroller_app ))))
|
|
(typeattribute base_typeattr_848)
|
|
(typeattributeset base_typeattr_848 (and (permissioncontroller_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_847)
|
|
(typeattributeset base_typeattr_847 (and (domain ) (not (permissioncontroller_app ))))
|
|
(typeattribute base_typeattr_846)
|
|
(typeattributeset base_typeattr_846 (and (data_file_type ) (not (perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
|
|
(typeattribute base_typeattr_845)
|
|
(typeattributeset base_typeattr_845 (and (system_data_file ) (not (perfetto_traces_data_file perfetto_traces_profiling_data_file ))))
|
|
(typeattribute base_typeattr_844)
|
|
(typeattributeset base_typeattr_844 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
|
|
(typeattribute base_typeattr_843)
|
|
(typeattributeset base_typeattr_843 (and (domain ) (not (adbd incidentd init perfetto shell traced ))))
|
|
(typeattribute base_typeattr_842)
|
|
(typeattributeset base_typeattr_842 (and (domain ) (not (adbd dumpstate incidentd init perfetto priv_app shell system_server traced ))))
|
|
(typeattribute base_typeattr_841)
|
|
(typeattributeset base_typeattr_841 (and (domain ) (not (ot_daemon ))))
|
|
(typeattribute base_typeattr_840)
|
|
(typeattributeset base_typeattr_840 (and (domain ) (not (init fsverity_init odsign ))))
|
|
(typeattribute base_typeattr_839)
|
|
(typeattributeset base_typeattr_839 (and (domain ) (not (init odsign ))))
|
|
(typeattribute base_typeattr_838)
|
|
(typeattributeset base_typeattr_838 (and (domain ) (not (init system_server odrefresh ))))
|
|
(typeattribute base_typeattr_837)
|
|
(typeattributeset base_typeattr_837 (and (domain ) (not (init compos_fd_server odrefresh ))))
|
|
(typeattribute base_typeattr_836)
|
|
(typeattributeset base_typeattr_836 (and (domain ) (not (odrefresh ))))
|
|
(typeattribute base_typeattr_835)
|
|
(typeattributeset base_typeattr_835 (and (domain ) (not (crash_dump nfc runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_834)
|
|
(typeattributeset base_typeattr_834 (and (appdomain ) (not (nfc runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_833)
|
|
(typeattributeset base_typeattr_833 (and (nfc ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_832)
|
|
(typeattributeset base_typeattr_832 (and (domain ) (not (nfc ))))
|
|
(typeattribute base_typeattr_831)
|
|
(typeattributeset base_typeattr_831 (and (domain ) (not (crash_dump network_stack runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_830)
|
|
(typeattributeset base_typeattr_830 (and (appdomain ) (not (network_stack runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_829)
|
|
(typeattributeset base_typeattr_829 (and (network_stack ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_828)
|
|
(typeattributeset base_typeattr_828 (and (domain ) (not (network_stack ))))
|
|
(typeattribute base_typeattr_827)
|
|
(typeattributeset base_typeattr_827 (and (domain ) (not (init netd ))))
|
|
(typeattribute base_typeattr_826)
|
|
(typeattributeset base_typeattr_826 (and (domain ) (not (dumpstate init netd ))))
|
|
(typeattribute base_typeattr_825)
|
|
(typeattributeset base_typeattr_825 (and (netdomain ) (not (untrusted_app_all ephemeral_app mediaprovider priv_app sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_824)
|
|
(typeattributeset base_typeattr_824 (and (netdomain ) (not (ephemeral_app sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_823)
|
|
(typeattributeset base_typeattr_823 (and (mlstrustedsubject ) (not (adbd artd installd runas system_server zygote ))))
|
|
(typeattribute base_typeattr_822)
|
|
(typeattributeset base_typeattr_822 (and (mlstrustedsubject ) (not (artd installd ))))
|
|
(typeattribute base_typeattr_821)
|
|
(typeattributeset base_typeattr_821 (and (domain ) (not (mediatuner ))))
|
|
(typeattribute base_typeattr_820)
|
|
(typeattributeset base_typeattr_820 (and (domain ) (not (mediatranscoding ))))
|
|
(typeattribute base_typeattr_819)
|
|
(typeattributeset base_typeattr_819 (and (domain ) (not (crash_dump runas_app simpleperf mediaprovider_app ))))
|
|
(typeattribute base_typeattr_818)
|
|
(typeattributeset base_typeattr_818 (and (appdomain ) (not (runas_app shell simpleperf mediaprovider_app ))))
|
|
(typeattribute base_typeattr_817)
|
|
(typeattributeset base_typeattr_817 (and (mediaprovider_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_816)
|
|
(typeattributeset base_typeattr_816 (and (domain ) (not (mediaprovider_app ))))
|
|
(typeattribute base_typeattr_815)
|
|
(typeattributeset base_typeattr_815 (and (domain ) (not (crash_dump mediaprovider runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_814)
|
|
(typeattributeset base_typeattr_814 (and (appdomain ) (not (mediaprovider runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_813)
|
|
(typeattributeset base_typeattr_813 (and (mediaprovider ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_812)
|
|
(typeattributeset base_typeattr_812 (and (domain ) (not (mediaprovider ))))
|
|
(typeattribute base_typeattr_811)
|
|
(typeattributeset base_typeattr_811 (and (domain ) (not (dumpstate servicemanager shell lpdumpd ))))
|
|
(typeattribute base_typeattr_810)
|
|
(typeattributeset base_typeattr_810 (and (domain ) (not (dumpstate shell lpdumpd ))))
|
|
(typeattribute base_typeattr_809)
|
|
(typeattributeset base_typeattr_809 (and (domain ) (not (lpdumpd ))))
|
|
(typeattribute base_typeattr_808)
|
|
(typeattributeset base_typeattr_808 (and (domain ) (not (dumpstate incidentd init ))))
|
|
(typeattribute base_typeattr_807)
|
|
(typeattributeset base_typeattr_807 (and (domain ) (not (logd ))))
|
|
(typeattribute base_typeattr_806)
|
|
(typeattributeset base_typeattr_806 (and (appdomain ) (not (bluetooth platform_app priv_app radio shell system_app ))))
|
|
(typeattribute base_typeattr_805)
|
|
(typeattributeset base_typeattr_805 (and (domain ) (not (appdomain bootstat dumpstate init logd servicemanager surfaceflinger system_server zygote ))))
|
|
(typeattribute base_typeattr_804)
|
|
(typeattributeset base_typeattr_804 (and (file_type ) (not (runtime_event_log_tags_file shell_data_file ))))
|
|
(typeattribute base_typeattr_803)
|
|
(typeattributeset base_typeattr_803 (and (domain ) (not (init lmkd vendor_init ))))
|
|
(typeattribute base_typeattr_802)
|
|
(typeattributeset base_typeattr_802 (and (domain ) (not (init otapreopt_chroot linkerconfig ))))
|
|
(typeattribute base_typeattr_801)
|
|
(typeattributeset base_typeattr_801 (and (domain ) (not (crash_dump isolated_compute_app runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_800)
|
|
(typeattributeset base_typeattr_800 (and (appdomain ) (not (isolated_compute_app runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_799)
|
|
(typeattributeset base_typeattr_799 (and (isolated_compute_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_798)
|
|
(typeattributeset base_typeattr_798 (and (domain ) (not (isolated_compute_app ))))
|
|
(typeattribute base_typeattr_797)
|
|
(typeattributeset base_typeattr_797 (and (sysfs_type ) (not (sysfs_transparent_hugepage sysfs_usb sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_devices_system_cpu ))))
|
|
(typeattribute base_typeattr_796)
|
|
(typeattributeset base_typeattr_796 (and (service_manager_type ) (not (activity_service display_service webviewupdate_service ))))
|
|
(typeattribute base_typeattr_795)
|
|
(typeattributeset base_typeattr_795 (and (isolated_app_all ) (not (isolated_compute_app ))))
|
|
(typeattribute base_typeattr_794)
|
|
(typeattributeset base_typeattr_794 (and (domain ) (not (crash_dump isolated_app runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_793)
|
|
(typeattributeset base_typeattr_793 (and (appdomain ) (not (isolated_app runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_792)
|
|
(typeattributeset base_typeattr_792 (and (isolated_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_791)
|
|
(typeattributeset base_typeattr_791 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device ))))
|
|
(typeattribute base_typeattr_790)
|
|
(typeattributeset base_typeattr_790 (and (domain ) (not (incidentd init system_server vold ))))
|
|
(typeattribute base_typeattr_789)
|
|
(typeattributeset base_typeattr_789 (and (domain ) (not (incidentd init vold ))))
|
|
(typeattribute base_typeattr_788)
|
|
(typeattributeset base_typeattr_788 (and (domain ) (not (incidentd ))))
|
|
(typeattribute base_typeattr_787)
|
|
(typeattributeset base_typeattr_787 (and (system_server_service app_api_service system_api_service ) (not (tracingproxy_service ))))
|
|
(typeattribute base_typeattr_786)
|
|
(typeattributeset base_typeattr_786 (and (domain ) (not (incident_helper incidentd shell ))))
|
|
(typeattribute base_typeattr_785)
|
|
(typeattributeset base_typeattr_785 (and (domain ) (not (dumpstate incident shell su ))))
|
|
(typeattribute base_typeattr_784)
|
|
(typeattributeset base_typeattr_784 (and (domain ) (not (hwservicemanager ))))
|
|
(typeattribute base_typeattr_783)
|
|
(typeattributeset base_typeattr_783 (and (vendor_file_type ) (not (vndk_sp_file ))))
|
|
(typeattribute base_typeattr_782)
|
|
(typeattributeset base_typeattr_782 (and (domain ) (not (init gsid ))))
|
|
(typeattribute base_typeattr_781)
|
|
(typeattributeset base_typeattr_781 (and (gsi_metadata_file_type ) (not (gsi_public_metadata_file ))))
|
|
(typeattribute base_typeattr_780)
|
|
(typeattributeset base_typeattr_780 (and (domain ) (not (fastbootd init gsid ))))
|
|
(typeattribute base_typeattr_779)
|
|
(typeattributeset base_typeattr_779 (and (domain ) (not (update_engine_common fastbootd init recovery gsid ))))
|
|
(typeattribute base_typeattr_778)
|
|
(typeattributeset base_typeattr_778 (and (domain ) (not (gsid ))))
|
|
(typeattribute base_typeattr_777)
|
|
(typeattributeset base_typeattr_777 (and (domain ) (not (gpuservice init vendor_init ))))
|
|
(typeattribute base_typeattr_776)
|
|
(typeattributeset base_typeattr_776 (and (domain ) (not (gpuservice ))))
|
|
(typeattribute base_typeattr_775)
|
|
(typeattributeset base_typeattr_775 (and (domain ) (not (dumpstate gmscore_app init vendor_init ))))
|
|
(typeattribute base_typeattr_774)
|
|
(typeattributeset base_typeattr_774 (and (domain ) (not (crash_dump gmscore_app runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_773)
|
|
(typeattributeset base_typeattr_773 (and (appdomain ) (not (gmscore_app runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_772)
|
|
(typeattributeset base_typeattr_772 (and (gmscore_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_771)
|
|
(typeattributeset base_typeattr_771 (and (domain ) (not (gmscore_app ))))
|
|
(typeattribute base_typeattr_770)
|
|
(typeattributeset base_typeattr_770 (and (fs_type file_type ) (not (fuseblkd_untrusted_exec ))))
|
|
(typeattribute base_typeattr_769)
|
|
(typeattributeset base_typeattr_769 (and (fs_type file_type ) (not (fuseblkd_exec ))))
|
|
(typeattribute base_typeattr_768)
|
|
(typeattributeset base_typeattr_768 (and (domain ) (not (fuseblkd_untrusted ))))
|
|
(typeattribute base_typeattr_767)
|
|
(typeattributeset base_typeattr_767 (and (domain ) (not (fastbootd ))))
|
|
(typeattribute base_typeattr_766)
|
|
(typeattributeset base_typeattr_766 (and (domain ) (not (evsmanagerd ))))
|
|
(typeattribute base_typeattr_765)
|
|
(typeattributeset base_typeattr_765 (and (domain ) (not (crash_dump ephemeral_app runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_764)
|
|
(typeattributeset base_typeattr_764 (and (appdomain ) (not (ephemeral_app runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_763)
|
|
(typeattributeset base_typeattr_763 (and (ephemeral_app ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_762)
|
|
(typeattributeset base_typeattr_762 (and (domain ) (not (ephemeral_app ))))
|
|
(typeattribute base_typeattr_761)
|
|
(typeattributeset base_typeattr_761 (and (domain ) (not (init aconfigd ))))
|
|
(typeattribute base_typeattr_760)
|
|
(typeattributeset base_typeattr_760 (and (domain ) (not (gmscore_app init vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_759)
|
|
(typeattributeset base_typeattr_759 (and (domain ) (not (appdomain artd installd system_server traced_probes ))))
|
|
(typeattribute base_typeattr_758)
|
|
(typeattributeset base_typeattr_758 (and (domain ) (not (appdomain adbd artd dumpstate init installd simpleperf_app_runner system_server ))))
|
|
(typeattribute base_typeattr_757)
|
|
(typeattributeset base_typeattr_757 (and (domain ) (not (adbd artd dumpstate init installd shell vold ))))
|
|
(typeattribute base_typeattr_756)
|
|
(typeattributeset base_typeattr_756 (and (domain ) (not (appdomain adbd artd dumpstate installd ))))
|
|
(typeattribute base_typeattr_755)
|
|
(typeattributeset base_typeattr_755 (and (domain ) (not (init kernel vendor_modprobe uprobestats ))))
|
|
(typeattribute base_typeattr_754)
|
|
(typeattributeset base_typeattr_754 (and (domain ) (not (ueventd vendor_init ))))
|
|
(typeattribute base_typeattr_753)
|
|
(typeattributeset base_typeattr_753 (and (debugfs_type ) (not (tracefs_type ))))
|
|
(typeattribute base_typeattr_752)
|
|
(typeattributeset base_typeattr_752 (and (domain ) (not (vendor_modprobe ))))
|
|
(typeattribute base_typeattr_751)
|
|
(typeattributeset base_typeattr_751 (and (domain ) (not (init traced_perf traced_probes vendor_init ))))
|
|
(typeattribute base_typeattr_750)
|
|
(typeattributeset base_typeattr_750 (and (domain ) (not (init otapreopt_chroot ))))
|
|
(typeattribute base_typeattr_749)
|
|
(typeattributeset base_typeattr_749 (and (vendor_file_type ) (not (vendor_task_profiles_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_apex_file vendor_apex_metadata_file vendor_service_contexts_file vendor_aconfig_storage_file ))))
|
|
(typeattribute base_typeattr_748)
|
|
(typeattributeset base_typeattr_748 (and (coredomain ) (not (system_executes_vendor_violators crash_dump heapprofd init kernel shell traced_perf ueventd vold crosvm ))))
|
|
(typeattribute base_typeattr_747)
|
|
(typeattributeset base_typeattr_747 (and (coredomain ) (not (heapprofd init logd mdnsd netd prng_seeder tombstoned traced traced_perf ))))
|
|
(typeattribute base_typeattr_746)
|
|
(typeattributeset base_typeattr_746 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators ))))
|
|
(typeattribute base_typeattr_745)
|
|
(typeattributeset base_typeattr_745 (and (coredomain ) (not (appdomain bootanim crash_dump heapprofd init kernel traced_perf ueventd ))))
|
|
(typeattribute base_typeattr_744)
|
|
(typeattributeset base_typeattr_744 (and (domain ) (not (init vendor_init art_boot ))))
|
|
(typeattribute base_typeattr_743)
|
|
(typeattributeset base_typeattr_743 (and (domain ) (not (dumpstate init system_server ))))
|
|
(typeattribute base_typeattr_742)
|
|
(typeattributeset base_typeattr_742 (and (domain ) (not (fsck init installd zygote ))))
|
|
(typeattribute base_typeattr_741)
|
|
(typeattributeset base_typeattr_741 (and (domain ) (not (hal_bootctl_server fastbootd init kernel recovery tee ueventd uncrypt gsid ))))
|
|
(typeattribute base_typeattr_740)
|
|
(typeattributeset base_typeattr_740 (and (debugfs_type ) (not (debugfs_tracing_debug ))))
|
|
(typeattribute base_typeattr_739)
|
|
(typeattributeset base_typeattr_739 (and (fs_type ) (not (fusefs_type sdcard_type ))))
|
|
(typeattribute base_typeattr_738)
|
|
(typeattributeset base_typeattr_738 (and (domain ) (not (apexd init kernel otapreopt_chroot recovery update_engine vold zygote ))))
|
|
(typeattribute base_typeattr_737)
|
|
(typeattributeset base_typeattr_737 (not (apexd artd dnsmasq dumpstate heapprofd init installd lmkd netd recovery rss_hwm_reset sdcardd tee traced_perf traced_probes ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
|
|
(typeattribute base_typeattr_736)
|
|
(typeattributeset base_typeattr_736 (not (apexd artd dnsmasq dumpstate init installd lmkd netd recovery rss_hwm_reset sdcardd tee ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
|
|
(typeattribute base_typeattr_735)
|
|
(typeattributeset base_typeattr_735 (and (domain ) (not (apexd init vold_prepare_subdirs compos_fd_server composd odrefresh odsign ))))
|
|
(typeattribute base_typeattr_734)
|
|
(typeattributeset base_typeattr_734 (and (domain ) (not (artd init installd zygote cppreopts dex2oat otapreopt_slot postinstall_dexopt ))))
|
|
(typeattribute base_typeattr_733)
|
|
(typeattributeset base_typeattr_733 (and (file_type ) (not (exec_type system_file_type vendor_file_type system_lib_file system_linker_exec postinstall_file ))))
|
|
(typeattribute base_typeattr_732)
|
|
(typeattributeset base_typeattr_732 (and (domain ) (not (appdomain app_zygote shell webview_zygote zygote system_server_startup ))))
|
|
(typeattribute base_typeattr_731)
|
|
(typeattributeset base_typeattr_731 (and (fs_type ) (not (rootfs ))))
|
|
(typeattribute base_typeattr_730)
|
|
(typeattributeset base_typeattr_730 (and (domain ) (not (appdomain bootanim recovery ))))
|
|
(typeattribute base_typeattr_729)
|
|
(typeattributeset base_typeattr_729 (and (domain ) (not (init installd system_server ))))
|
|
(typeattribute base_typeattr_728)
|
|
(typeattributeset base_typeattr_728 (and (domain ) (not (adbd apexd init installd kernel priv_app shell system_app system_server crosvm virtualizationmanager ))))
|
|
(typeattribute base_typeattr_727)
|
|
(typeattributeset base_typeattr_727 (and (domain ) (not (apexd init installd priv_app system_server virtualizationmanager ))))
|
|
(typeattribute base_typeattr_726)
|
|
(typeattributeset base_typeattr_726 (and (domain ) (not (artd installd ))))
|
|
(typeattribute base_typeattr_725)
|
|
(typeattributeset base_typeattr_725 (and (domain ) (not (appdomain app_zygote artd installd rs ))))
|
|
(typeattribute base_typeattr_724)
|
|
(typeattributeset base_typeattr_724 (and (domain ) (not (appdomain artd installd rs ))))
|
|
(typeattribute base_typeattr_723)
|
|
(typeattributeset base_typeattr_723 (and (domain ) (not (appdomain adbd app_zygote artd installd profman rs runas system_server zygote dexoptanalyzer viewcompiler ))))
|
|
(typeattribute base_typeattr_722)
|
|
(typeattributeset base_typeattr_722 (and (domain ) (not (gmscore_app priv_app ))))
|
|
(typeattribute base_typeattr_721)
|
|
(typeattributeset base_typeattr_721 (and (domain ) (not (dumpstate system_server vold storaged ))))
|
|
(typeattribute base_typeattr_720)
|
|
(typeattributeset base_typeattr_720 (and (domain ) (not (hal_bootctl_server fastbootd init recovery ueventd uncrypt update_engine vendor_init vendor_misc_writer vold misctrl mtectrl ))))
|
|
(typeattribute base_typeattr_719)
|
|
(typeattributeset base_typeattr_719 (and (domain ) (not (hal_audio_server hal_camera_server hal_cas_server hal_codec2_server hal_configstore_server hal_drm_server hal_omx_server app_zygote artd audioserver cameraserver init kernel mediadrmserver mediaextractor mediametrics mediaserver mediatranscoding system_server ueventd vendor_init webview_zygote mediatuner ))))
|
|
(typeattribute base_typeattr_718)
|
|
(typeattributeset base_typeattr_718 (and (domain ) (not (untrusted_app_all isolated_app_all ephemeral_app ))))
|
|
(typeattribute base_typeattr_717)
|
|
(typeattributeset base_typeattr_717 (and (domain ) (not (appdomain coredomain ))))
|
|
(typeattribute base_typeattr_716)
|
|
(typeattributeset base_typeattr_716 (and (domain ) (not (appdomain rs ))))
|
|
(typeattribute base_typeattr_715)
|
|
(typeattributeset base_typeattr_715 (and (domain ) (not (hal_configstore_server apexd app_zygote bpfloader crash_dump init kernel keystore llkd logd ueventd vendor_init vold webview_zygote zygote crosvm ))))
|
|
(typeattribute base_typeattr_714)
|
|
(typeattributeset base_typeattr_714 (and (domain ) (not (hal_configstore_server apexd app_zygote bpfloader crash_dump init kernel keystore llkd logd logpersist recovery recovery_persist recovery_refresh ueventd vendor_init vold webview_zygote zygote crosvm ))))
|
|
(typeattribute base_typeattr_713)
|
|
(typeattributeset base_typeattr_713 (and (domain ) (not (dexoptanalyzer ))))
|
|
(typeattribute base_typeattr_712)
|
|
(typeattributeset base_typeattr_712 (and (domain ) (not (dexopt_chroot_setup ))))
|
|
(typeattribute base_typeattr_711)
|
|
(typeattributeset base_typeattr_711 (and (domain ) (not (dex2oat ))))
|
|
(typeattribute base_typeattr_710)
|
|
(typeattributeset base_typeattr_710 (and (domain ) (not (crash_dump runas_app simpleperf device_as_webcam ))))
|
|
(typeattribute base_typeattr_709)
|
|
(typeattributeset base_typeattr_709 (and (appdomain ) (not (runas_app shell simpleperf device_as_webcam ))))
|
|
(typeattribute base_typeattr_708)
|
|
(typeattributeset base_typeattr_708 (and (device_as_webcam ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_707)
|
|
(typeattributeset base_typeattr_707 (and (domain ) (not (device_as_webcam ))))
|
|
(typeattribute base_typeattr_706)
|
|
(typeattributeset base_typeattr_706 (and (domain ) (not (init derive_sdk ))))
|
|
(typeattribute base_typeattr_705)
|
|
(typeattributeset base_typeattr_705 (and (domain ) (not (crosvm virtualizationmanager ))))
|
|
(typeattribute base_typeattr_704)
|
|
(typeattributeset base_typeattr_704 (and (app_data_file_type ) (not (shell_data_file app_data_file privapp_data_file ))))
|
|
(typeattribute base_typeattr_703)
|
|
(typeattributeset base_typeattr_703 (and (vendor_file_type ) (not (vendor_task_profiles_file vendor_configs_file vndk_sp_file vendor_microdroid_file vendor_vm_file vendor_vm_data_file ))))
|
|
(typeattribute base_typeattr_702)
|
|
(typeattributeset base_typeattr_702 (and (appdomain coredomain ) (not (ueventd crosvm ))))
|
|
(typeattribute base_typeattr_701)
|
|
(typeattributeset base_typeattr_701 (and (appdomain coredomain ) (not (shell ueventd crosvm ))))
|
|
(typeattribute base_typeattr_700)
|
|
(typeattributeset base_typeattr_700 (and (domain ) (not (crosvm ))))
|
|
(typeattribute base_typeattr_699)
|
|
(typeattributeset base_typeattr_699 (and (domain ) (not (ueventd crosvm ))))
|
|
(typeattribute base_typeattr_698)
|
|
(typeattributeset base_typeattr_698 (and (domain ) (not (shell ueventd crosvm ))))
|
|
(typeattribute base_typeattr_697)
|
|
(typeattributeset base_typeattr_697 (and (domain ) (not (apexd bpfloader crash_dump init kernel keystore llkd logd ueventd vendor_init vold ))))
|
|
(typeattribute base_typeattr_696)
|
|
(typeattributeset base_typeattr_696 (and (dmabuf_heap_device_type ) (not (dmabuf_system_heap_device dmabuf_system_secure_heap_device ))))
|
|
(typeattribute base_typeattr_695)
|
|
(typeattributeset base_typeattr_695 (and (coredomain ) (not (init ueventd ))))
|
|
(typeattribute base_typeattr_694)
|
|
(typeattributeset base_typeattr_694 (and (coredomain ) (not (adbd init mediaprovider system_server ))))
|
|
(typeattribute base_typeattr_693)
|
|
(typeattributeset base_typeattr_693 (and (coredomain ) (not (init system_server ))))
|
|
(typeattribute base_typeattr_692)
|
|
(typeattributeset base_typeattr_692 (and (coredomain ) (not (bootstat charger dumpstate init logd logpersist recovery_persist recovery_refresh shell system_server ))))
|
|
(typeattribute base_typeattr_691)
|
|
(typeattributeset base_typeattr_691 (and (coredomain ) (not (init ))))
|
|
(typeattribute base_typeattr_690)
|
|
(typeattributeset base_typeattr_690 (and (coredomain ) (not (atrace dumpstate gpuservice init shell system_server traced_perf traced_probes traceur_app ))))
|
|
(typeattribute base_typeattr_689)
|
|
(typeattributeset base_typeattr_689 (and (coredomain ) (not (apexd fsck init ueventd ))))
|
|
(typeattribute base_typeattr_688)
|
|
(typeattributeset base_typeattr_688 (and (coredomain ) (not (init vold ))))
|
|
(typeattribute base_typeattr_687)
|
|
(typeattributeset base_typeattr_687 (and (coredomain ) (not (appdomain app_zygote artd heapprofd idmap init installd rs system_server traced_perf webview_zygote zygote dex2oat dexoptanalyzer postinstall_dexopt ))))
|
|
(typeattribute base_typeattr_686)
|
|
(typeattributeset base_typeattr_686 (and (coredomain ) (not (appdomain artd heapprofd idmap init installd mediaserver profman rs system_server traced_perf dex2oat dexoptanalyzer postinstall_dexopt ))))
|
|
(typeattribute base_typeattr_685)
|
|
(typeattributeset base_typeattr_685 (and (coredomain ) (not (appdomain artd heapprofd idmap init installd rs system_server traced_perf dex2oat dexoptanalyzer postinstall_dexopt ))))
|
|
(typeattribute base_typeattr_684)
|
|
(typeattributeset base_typeattr_684 (and (coredomain ) (not (apexd init ueventd vold ))))
|
|
(typeattribute base_typeattr_683)
|
|
(typeattributeset base_typeattr_683 (and (domain ) (not (odsign ))))
|
|
(typeattribute base_typeattr_682)
|
|
(typeattributeset base_typeattr_682 (and (domain ) (not (composd ))))
|
|
(typeattribute base_typeattr_681)
|
|
(typeattributeset base_typeattr_681 (and (domain ) (not (charger charger_vendor dumpstate init vendor_init ))))
|
|
(typeattribute base_typeattr_680)
|
|
(typeattributeset base_typeattr_680 (and (domain ) (not (charger charger_vendor init vendor_init ))))
|
|
(typeattribute base_typeattr_679)
|
|
(typeattributeset base_typeattr_679 (and (domain ) (not (charger dumpstate init ))))
|
|
(typeattribute base_typeattr_678)
|
|
(typeattributeset base_typeattr_678 (and (coredomain ) (not (bpfloader netd netutils_wrapper ))))
|
|
(typeattribute base_typeattr_677)
|
|
(typeattributeset base_typeattr_677 (and (domain ) (not (bpfloader init ))))
|
|
(typeattribute base_typeattr_676)
|
|
(typeattributeset base_typeattr_676 (and (domain ) (not (bpfloader gpuservice lmkd netd network_stack system_server mediaprovider_app uprobestats ))))
|
|
(typeattribute base_typeattr_675)
|
|
(typeattributeset base_typeattr_675 (and (domain ) (not (hal_health_server bpfloader gpuservice netd netutils_wrapper network_stack system_server mediaprovider_app uprobestats ))))
|
|
(typeattribute base_typeattr_674)
|
|
(typeattributeset base_typeattr_674 (and (bpffs_type ) (not (fs_bpf_vendor ))))
|
|
(typeattribute base_typeattr_673)
|
|
(typeattributeset base_typeattr_673 (and (domain ) (not (bpfloader gpuservice netd netutils_wrapper network_stack system_server uprobestats ))))
|
|
(typeattribute base_typeattr_672)
|
|
(typeattributeset base_typeattr_672 (and (domain ) (not (bpfloader uprobestats ))))
|
|
(typeattribute base_typeattr_671)
|
|
(typeattributeset base_typeattr_671 (and (domain ) (not (bpfloader netd netutils_wrapper network_stack system_server ))))
|
|
(typeattribute base_typeattr_670)
|
|
(typeattributeset base_typeattr_670 (and (domain ) (not (bpfloader netd network_stack system_server ))))
|
|
(typeattribute base_typeattr_669)
|
|
(typeattributeset base_typeattr_669 (and (domain ) (not (bpfloader network_stack system_server ))))
|
|
(typeattribute base_typeattr_668)
|
|
(typeattributeset base_typeattr_668 (and (domain ) (not (bpfloader network_stack ))))
|
|
(typeattribute base_typeattr_667)
|
|
(typeattributeset base_typeattr_667 (and (domain ) (not (bpfloader gpuservice lmkd netd netutils_wrapper system_server mediaprovider_app ))))
|
|
(typeattribute base_typeattr_666)
|
|
(typeattributeset base_typeattr_666 (and (domain ) (not (bpfloader ))))
|
|
(typeattribute base_typeattr_665)
|
|
(typeattributeset base_typeattr_665 (and (bpffs_type ) (not (fs_bpf ))))
|
|
(typeattribute base_typeattr_664)
|
|
(typeattributeset base_typeattr_664 (and (domain ) (not (bpfdomain ))))
|
|
(typeattribute base_typeattr_663)
|
|
(typeattributeset base_typeattr_663 (and (bpfdomain ) (not (bpfloader netd netutils_wrapper network_stack system_server ))))
|
|
(typeattribute base_typeattr_662)
|
|
(typeattributeset base_typeattr_662 (and (domain ) (not (init vendor_init boringssl_self_test vendor_boringssl_self_test ))))
|
|
(typeattribute base_typeattr_661)
|
|
(typeattributeset base_typeattr_661 (and (domain ) (not (bootstat init system_server ))))
|
|
(typeattribute base_typeattr_660)
|
|
(typeattributeset base_typeattr_660 (and (domain ) (not (bootanim bootstat dumpstate init platform_app recovery shell system_server ))))
|
|
(typeattribute base_typeattr_659)
|
|
(typeattributeset base_typeattr_659 (and (domain ) (not (bluetooth init ))))
|
|
(typeattribute base_typeattr_658)
|
|
(typeattributeset base_typeattr_658 (and (domain ) (not (bluetooth crash_dump runas_app simpleperf ))))
|
|
(typeattribute base_typeattr_657)
|
|
(typeattributeset base_typeattr_657 (and (appdomain ) (not (bluetooth runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_656)
|
|
(typeattributeset base_typeattr_656 (and (bluetooth ) (not (runas_app shell simpleperf ))))
|
|
(typeattribute base_typeattr_655)
|
|
(typeattributeset base_typeattr_655 (and (domain ) (not (bluetooth ))))
|
|
(typeattribute base_typeattr_654)
|
|
(typeattributeset base_typeattr_654 (and (fs_type file_type ) (not (shell_exec blkid_exec ))))
|
|
(typeattribute base_typeattr_653)
|
|
(typeattributeset base_typeattr_653 (and (domain ) (not (automotive_display_service ))))
|
|
(typeattribute base_typeattr_652)
|
|
(typeattributeset base_typeattr_652 (and (domain ) (not (audioserver ))))
|
|
(typeattribute base_typeattr_651)
|
|
(typeattributeset base_typeattr_651 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service incident_service installd_service lpdump_service mdns_service netd_service vold_service stats_service tracingproxy_service ))))
|
|
(typeattribute base_typeattr_650)
|
|
(typeattributeset base_typeattr_650 (not (art_exec_exec ) ))
|
|
(typeattribute base_typeattr_649)
|
|
(typeattributeset base_typeattr_649 (and (domain ) (not (artd ))))
|
|
(typeattribute base_typeattr_648)
|
|
(typeattributeset base_typeattr_648 (and (domain ) (not (app_zygote prng_seeder ))))
|
|
(typeattribute base_typeattr_647)
|
|
(typeattributeset base_typeattr_647 (and (domain ) (not (app_zygote logd system_server ))))
|
|
(typeattribute base_typeattr_646)
|
|
(typeattributeset base_typeattr_646 (and (service_manager_type ) (not (activity_service webviewupdate_service ))))
|
|
(typeattribute base_typeattr_645)
|
|
(typeattributeset base_typeattr_645 (and (domain ) (not (zygote ))))
|
|
(typeattribute base_typeattr_644)
|
|
(typeattributeset base_typeattr_644 (and (domain ) (not (crash_dump ))))
|
|
(typeattribute base_typeattr_643)
|
|
(typeattributeset base_typeattr_643 (and (domain ) (not (isolated_app ))))
|
|
(typeattribute base_typeattr_642)
|
|
(typeattributeset base_typeattr_642 (and (domain ) (not (app_zygote ))))
|
|
(typeattribute base_typeattr_641)
|
|
(typeattributeset base_typeattr_641 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_640)
|
|
(typeattributeset base_typeattr_640 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider mediaprovider_app ))))
|
|
(typeattribute base_typeattr_639)
|
|
(typeattributeset base_typeattr_639 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_638)
|
|
(typeattributeset base_typeattr_638 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider_app ))))
|
|
(typeattribute base_typeattr_637)
|
|
(typeattributeset base_typeattr_637 (and (fs_type file_type ) (not (sdcard_type fuse user_profile_data_file media_rw_data_file app_data_file privapp_data_file app_exec_data_file ))))
|
|
(typeattribute base_typeattr_636)
|
|
(typeattributeset base_typeattr_636 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_635)
|
|
(typeattributeset base_typeattr_635 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_634)
|
|
(typeattributeset base_typeattr_634 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (runas_app untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_633)
|
|
(typeattributeset base_typeattr_633 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider ))))
|
|
(typeattribute base_typeattr_632)
|
|
(typeattributeset base_typeattr_632 (and (debugfs_type ) (not (debugfs_kcov ))))
|
|
(typeattribute base_typeattr_631)
|
|
(typeattributeset base_typeattr_631 (and (appdomain ) (not (untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_630)
|
|
(typeattributeset base_typeattr_630 (and (appdomain ) (not (device_as_webcam ))))
|
|
(typeattribute base_typeattr_629)
|
|
(typeattributeset base_typeattr_629 (and (data_file_type ) (not (system_data_file apk_data_file dalvikcache_data_file apex_art_data_file ))))
|
|
(typeattribute base_typeattr_628)
|
|
(typeattributeset base_typeattr_628 (and (appdomain ) (not (mlstrustedsubject isolated_app_all sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_627)
|
|
(typeattributeset base_typeattr_627 (and (appdomain ) (not (isolated_app_all sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_626)
|
|
(typeattributeset base_typeattr_626 (and (appdomain ) (not (isolated_app_all ephemeral_app sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_625)
|
|
(typeattributeset base_typeattr_625 (and (appdomain ) (not (ephemeral_app sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_624)
|
|
(typeattributeset base_typeattr_624 (and (appdomain ) (not (mediaprovider_app ))))
|
|
(typeattribute base_typeattr_623)
|
|
(typeattributeset base_typeattr_623 (and (domain ) (not (appdomain crash_dump rs virtualizationmanager ))))
|
|
(typeattribute base_typeattr_622)
|
|
(typeattributeset base_typeattr_622 (and (appdomain ) (not (sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_621)
|
|
(typeattributeset base_typeattr_621 (and (appdomain ) (not (untrusted_app_all isolated_app_all ephemeral_app platform_app priv_app shell system_app sdk_sandbox_all ))))
|
|
(typeattribute base_typeattr_620)
|
|
(typeattributeset base_typeattr_620 (and (domain ) (not (apexd init otapreopt_chroot ))))
|
|
(typeattribute base_typeattr_619)
|
|
(typeattributeset base_typeattr_619 (and (domain ) (not (apexd init vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_618)
|
|
(typeattributeset base_typeattr_618 (and (domain ) (not (apexd init kernel ))))
|
|
(typeattribute base_typeattr_617)
|
|
(typeattributeset base_typeattr_617 (and (domain ) (not (apexd init ))))
|
|
(typeattribute base_typeattr_616)
|
|
(typeattributeset base_typeattr_616 (and (domain ) (not (crash_dump shell ))))
|
|
(typeattribute base_typeattr_615)
|
|
(typeattributeset base_typeattr_615 (and (hal_lazy_test_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_614)
|
|
(typeattributeset base_typeattr_614 (and (hal_lazy_test_server ) (not (hal_lazy_test ))))
|
|
(typeattribute base_typeattr_613)
|
|
(typeattributeset base_typeattr_613 (and (hal_lazy_test_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_612)
|
|
(typeattributeset base_typeattr_612 (and (domain ) (not (wificond ))))
|
|
(typeattribute base_typeattr_611)
|
|
(typeattributeset base_typeattr_611 (and (domain ) (not (hal_bootctl_server hal_health_storage_server hal_keymaster_server system_suspend_server hwservicemanager keystore servicemanager system_server ))))
|
|
(typeattribute base_typeattr_610)
|
|
(typeattributeset base_typeattr_610 (and (domain ) (not (init kernel vold vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_609)
|
|
(typeattributeset base_typeattr_609 (and (domain ) (not (kernel vold vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_608)
|
|
(typeattributeset base_typeattr_608 (and (domain ) (not (init vold vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_607)
|
|
(typeattributeset base_typeattr_607 (and (domain ) (not (vold vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_606)
|
|
(typeattributeset base_typeattr_606 (and (sysfs_type ) (not (sysfs_batteryinfo ))))
|
|
(typeattribute base_typeattr_605)
|
|
(typeattributeset base_typeattr_605 (and (domain ) (not (virtual_touchpad ))))
|
|
(typeattribute base_typeattr_604)
|
|
(typeattributeset base_typeattr_604 (and (coredomain ) (not (init modprobe ))))
|
|
(typeattribute base_typeattr_603)
|
|
(typeattributeset base_typeattr_603 (and (domain ) (not (init logd prng_seeder su vendor_init ))))
|
|
(typeattribute base_typeattr_602)
|
|
(typeattributeset base_typeattr_602 (and (sysfs_type ) (not (sysfs_usermodehelper ))))
|
|
(typeattribute base_typeattr_601)
|
|
(typeattributeset base_typeattr_601 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
|
|
(typeattribute base_typeattr_600)
|
|
(typeattributeset base_typeattr_600 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type debugfs_type sdcard_type keychord_device rootfs proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
|
|
(typeattribute base_typeattr_599)
|
|
(typeattributeset base_typeattr_599 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
|
|
(typeattribute base_typeattr_598)
|
|
(typeattributeset base_typeattr_598 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file apex_mnt_dir ))))
|
|
(typeattribute base_typeattr_597)
|
|
(typeattributeset base_typeattr_597 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file ))))
|
|
(typeattribute base_typeattr_596)
|
|
(typeattributeset base_typeattr_596 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file runtime_event_log_tags_file apex_info_file ))))
|
|
(typeattribute base_typeattr_595)
|
|
(typeattributeset base_typeattr_595 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
|
|
(typeattribute base_typeattr_594)
|
|
(typeattributeset base_typeattr_594 (and (domain ) (not (update_engine ))))
|
|
(typeattribute base_typeattr_593)
|
|
(typeattributeset base_typeattr_593 (and (vendor_file_type ) (not (vendor_app_file vendor_overlay_file ))))
|
|
(typeattribute base_typeattr_592)
|
|
(typeattributeset base_typeattr_592 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service lpdump_service mdns_service netd_service virtual_touchpad_service vold_service ))))
|
|
(typeattribute base_typeattr_591)
|
|
(typeattributeset base_typeattr_591 (and (fs_type file_type ) (not (toolbox_exec ))))
|
|
(typeattribute base_typeattr_590)
|
|
(typeattributeset base_typeattr_590 (and (domain ) (not (system_suspend_server ))))
|
|
(typeattribute base_typeattr_589)
|
|
(typeattributeset base_typeattr_589 (and (domain ) (not (system_suspend_internal_server atrace dumpstate system_server traceur_app ))))
|
|
(typeattribute base_typeattr_588)
|
|
(typeattributeset base_typeattr_588 (and (domain ) (not (system_suspend_internal_server ))))
|
|
(typeattribute base_typeattr_587)
|
|
(typeattributeset base_typeattr_587 (and (domain ) (not (init shell system_server vendor_init ))))
|
|
(typeattribute base_typeattr_586)
|
|
(typeattributeset base_typeattr_586 (and (domain ) (not (init statsd system_server vold ))))
|
|
(typeattribute base_typeattr_585)
|
|
(typeattributeset base_typeattr_585 (and (domain ) (not (init statsd vold ))))
|
|
(typeattribute base_typeattr_584)
|
|
(typeattributeset base_typeattr_584 (and (domain ) (not (stats_service_server ))))
|
|
(typeattribute base_typeattr_583)
|
|
(typeattributeset base_typeattr_583 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtual_touchpad_service vold_service hal_keymint_service hal_secureclock_service hal_sharedsecret_service ))))
|
|
(typeattribute base_typeattr_582)
|
|
(typeattributeset base_typeattr_582 (and (fs_type file_type ) (not (sgdisk_exec ))))
|
|
(typeattribute base_typeattr_581)
|
|
(typeattributeset base_typeattr_581 (and (domain ) (not (servicemanager ))))
|
|
(typeattribute base_typeattr_580)
|
|
(typeattributeset base_typeattr_580 (and (domain ) (not (hwservicemanager init vendor_init vndservicemanager ))))
|
|
(typeattribute base_typeattr_579)
|
|
(typeattributeset base_typeattr_579 (not (service_manager_type vndservice_manager_type ) ))
|
|
(typeattribute base_typeattr_578)
|
|
(typeattributeset base_typeattr_578 (and (domain ) (not (sensor_service_server ))))
|
|
(typeattribute base_typeattr_577)
|
|
(typeattributeset base_typeattr_577 (and (domain ) (not (scheduler_service_server ))))
|
|
(typeattribute base_typeattr_576)
|
|
(typeattributeset base_typeattr_576 (and (appdomain ) (not (system_app ))))
|
|
(typeattribute base_typeattr_575)
|
|
(typeattributeset base_typeattr_575 (and (domain ) (not (remote_provisioning_service_server ))))
|
|
(typeattribute base_typeattr_574)
|
|
(typeattributeset base_typeattr_574 (and (data_file_type ) (not (cache_file cache_recovery_file ))))
|
|
(typeattribute base_typeattr_573)
|
|
(typeattributeset base_typeattr_573 (and (domain ) (not (radio ))))
|
|
(typeattribute base_typeattr_572)
|
|
(typeattributeset base_typeattr_572 (and (coredomain ) (not (dumpstate init ))))
|
|
(typeattribute base_typeattr_571)
|
|
(typeattributeset base_typeattr_571 (and (domain ) (not (recovery update_engine ))))
|
|
(typeattribute base_typeattr_570)
|
|
(typeattributeset base_typeattr_570 (and (domain ) (not (performanced ))))
|
|
(typeattribute base_typeattr_569)
|
|
(typeattributeset base_typeattr_569 (and (domain ) (not (dumpstate netd netutils_wrapper network_stack system_server ))))
|
|
(typeattribute base_typeattr_568)
|
|
(typeattributeset base_typeattr_568 (and (domain ) (not (netd ))))
|
|
(typeattribute base_typeattr_567)
|
|
(typeattributeset base_typeattr_567 (and (domain ) (not (mediaserver ))))
|
|
(typeattribute base_typeattr_566)
|
|
(typeattributeset base_typeattr_566 (and (domain ) (not (mediametrics ))))
|
|
(typeattribute base_typeattr_565)
|
|
(typeattributeset base_typeattr_565 (and (domain ) (not (mediaextractor ))))
|
|
(typeattribute base_typeattr_564)
|
|
(typeattributeset base_typeattr_564 (and (domain ) (not (mediadrmserver ))))
|
|
(typeattribute base_typeattr_563)
|
|
(typeattributeset base_typeattr_563 (and (domain ) (not (init logd ))))
|
|
(typeattribute base_typeattr_562)
|
|
(typeattributeset base_typeattr_562 (and (app_data_file_type system_data_file packages_list_file ) (not (shell_data_file ))))
|
|
(typeattribute base_typeattr_561)
|
|
(typeattributeset base_typeattr_561 (and (domain ) (not (init keystore ))))
|
|
(typeattribute base_typeattr_560)
|
|
(typeattributeset base_typeattr_560 (and (domain ) (not (keystore ))))
|
|
(typeattribute base_typeattr_559)
|
|
(typeattributeset base_typeattr_559 (and (domain ) (not (servicemanager system_server ))))
|
|
(typeattribute base_typeattr_558)
|
|
(typeattributeset base_typeattr_558 (and (domain ) (not (dumpstate servicemanager system_server ))))
|
|
(typeattribute base_typeattr_557)
|
|
(typeattributeset base_typeattr_557 (and (domain ) (not (dumpstate installd system_server ))))
|
|
(typeattribute base_typeattr_556)
|
|
(typeattributeset base_typeattr_556 (and (domain ) (not (installd ))))
|
|
(typeattribute base_typeattr_555)
|
|
(typeattributeset base_typeattr_555 (and (domain ) (not (init toolbox vendor_init vold ))))
|
|
(typeattribute base_typeattr_554)
|
|
(typeattributeset base_typeattr_554 (and (fs_type file_type ) (not (init_exec ))))
|
|
(typeattribute base_typeattr_553)
|
|
(typeattributeset base_typeattr_553 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs ))))
|
|
(typeattribute base_typeattr_552)
|
|
(typeattributeset base_typeattr_552 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type proc_type sysfs_type debugfs_type sdcard_type keychord_device rootfs ))))
|
|
(typeattribute base_typeattr_551)
|
|
(typeattributeset base_typeattr_551 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type app_data_file privapp_data_file ))))
|
|
(typeattribute base_typeattr_550)
|
|
(typeattributeset base_typeattr_550 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file apex_mnt_dir credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file ))))
|
|
(typeattribute base_typeattr_549)
|
|
(typeattributeset base_typeattr_549 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file ))))
|
|
(typeattribute base_typeattr_548)
|
|
(typeattributeset base_typeattr_548 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type runtime_event_log_tags_file shell_data_file nativetest_data_file apex_info_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file ))))
|
|
(typeattribute base_typeattr_547)
|
|
(typeattributeset base_typeattr_547 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type system_userdir_file vendor_userdir_file shell_data_file nativetest_data_file credstore_data_file keystore_data_file media_userdir_file vold_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file ))))
|
|
(typeattribute base_typeattr_546)
|
|
(typeattributeset base_typeattr_546 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type nativetest_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file ))))
|
|
(typeattribute base_typeattr_545)
|
|
(typeattributeset base_typeattr_545 (and (fs_type ) (not (debugfs_type ))))
|
|
(typeattribute base_typeattr_544)
|
|
(typeattributeset base_typeattr_544 (and (domain ) (not (idmap ))))
|
|
(typeattribute base_typeattr_543)
|
|
(typeattributeset base_typeattr_543 (not (hwservice_manager_type ) ))
|
|
(typeattribute base_typeattr_542)
|
|
(typeattributeset base_typeattr_542 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_541)
|
|
(typeattributeset base_typeattr_541 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server ))))
|
|
(typeattribute base_typeattr_540)
|
|
(typeattributeset base_typeattr_540 (and (domain ) (not (hal_wifi_supplicant_server ))))
|
|
(typeattribute base_typeattr_539)
|
|
(typeattributeset base_typeattr_539 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_538)
|
|
(typeattributeset base_typeattr_538 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server ))))
|
|
(typeattribute base_typeattr_537)
|
|
(typeattributeset base_typeattr_537 (and (domain ) (not (hal_wifi_hostapd_server ))))
|
|
(typeattribute base_typeattr_536)
|
|
(typeattributeset base_typeattr_536 (and (domain ) (not (hal_wifi_client hal_wifi_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_535)
|
|
(typeattributeset base_typeattr_535 (and (domain ) (not (hal_wifi_client hal_wifi_server ))))
|
|
(typeattribute base_typeattr_534)
|
|
(typeattributeset base_typeattr_534 (and (domain ) (not (hal_wifi_server ))))
|
|
(typeattribute base_typeattr_533)
|
|
(typeattributeset base_typeattr_533 (and (domain ) (not (hal_weaver_client hal_weaver_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_532)
|
|
(typeattributeset base_typeattr_532 (and (domain ) (not (hal_weaver_client hal_weaver_server ))))
|
|
(typeattribute base_typeattr_531)
|
|
(typeattributeset base_typeattr_531 (and (domain ) (not (hal_weaver_server ))))
|
|
(typeattribute base_typeattr_530)
|
|
(typeattributeset base_typeattr_530 (and (domain ) (not (hal_vr_client hal_vr_server ))))
|
|
(typeattribute base_typeattr_529)
|
|
(typeattributeset base_typeattr_529 (and (domain ) (not (hal_vr_server ))))
|
|
(typeattribute base_typeattr_528)
|
|
(typeattributeset base_typeattr_528 (and (domain ) (not (hal_vibrator_client hal_vibrator_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_527)
|
|
(typeattributeset base_typeattr_527 (and (domain ) (not (hal_vibrator_client hal_vibrator_server ))))
|
|
(typeattribute base_typeattr_526)
|
|
(typeattributeset base_typeattr_526 (and (domain ) (not (hal_vibrator_server ))))
|
|
(typeattribute base_typeattr_525)
|
|
(typeattributeset base_typeattr_525 (and (domain ) (not (hal_vehicle_client hal_vehicle_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_524)
|
|
(typeattributeset base_typeattr_524 (and (domain ) (not (hal_vehicle_client hal_vehicle_server ))))
|
|
(typeattribute base_typeattr_523)
|
|
(typeattributeset base_typeattr_523 (and (domain ) (not (hal_vehicle_server ))))
|
|
(typeattribute base_typeattr_522)
|
|
(typeattributeset base_typeattr_522 (and (domain ) (not (hal_uwb_client hal_uwb_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_521)
|
|
(typeattributeset base_typeattr_521 (and (domain ) (not (hal_uwb_server ))))
|
|
(typeattribute base_typeattr_520)
|
|
(typeattributeset base_typeattr_520 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server ))))
|
|
(typeattribute base_typeattr_519)
|
|
(typeattributeset base_typeattr_519 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_518)
|
|
(typeattributeset base_typeattr_518 (and (domain ) (not (hal_usb_gadget_server ))))
|
|
(typeattribute base_typeattr_517)
|
|
(typeattributeset base_typeattr_517 (and (domain ) (not (hal_usb_client hal_usb_server ))))
|
|
(typeattribute base_typeattr_516)
|
|
(typeattributeset base_typeattr_516 (and (domain ) (not (hal_usb_client hal_usb_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_515)
|
|
(typeattributeset base_typeattr_515 (and (domain ) (not (hal_usb_server ))))
|
|
(typeattribute base_typeattr_514)
|
|
(typeattributeset base_typeattr_514 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_513)
|
|
(typeattributeset base_typeattr_513 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server ))))
|
|
(typeattribute base_typeattr_512)
|
|
(typeattributeset base_typeattr_512 (and (domain ) (not (hal_tv_tuner_server ))))
|
|
(typeattribute base_typeattr_511)
|
|
(typeattributeset base_typeattr_511 (and (domain ) (not (hal_tv_input_client hal_tv_input_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_510)
|
|
(typeattributeset base_typeattr_510 (and (domain ) (not (hal_tv_input_client hal_tv_input_server ))))
|
|
(typeattribute base_typeattr_509)
|
|
(typeattributeset base_typeattr_509 (and (domain ) (not (hal_tv_input_server ))))
|
|
(typeattribute base_typeattr_508)
|
|
(typeattributeset base_typeattr_508 (and (domain ) (not (hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_507)
|
|
(typeattributeset base_typeattr_507 (and (domain ) (not (hal_tv_hdmi_earc_server ))))
|
|
(typeattribute base_typeattr_506)
|
|
(typeattributeset base_typeattr_506 (and (domain ) (not (hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_505)
|
|
(typeattributeset base_typeattr_505 (and (domain ) (not (hal_tv_hdmi_connection_server ))))
|
|
(typeattribute base_typeattr_504)
|
|
(typeattributeset base_typeattr_504 (and (domain ) (not (hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_503)
|
|
(typeattributeset base_typeattr_503 (and (domain ) (not (hal_tv_hdmi_cec_server ))))
|
|
(typeattribute base_typeattr_502)
|
|
(typeattributeset base_typeattr_502 (and (domain ) (not (hal_tv_cec_client hal_tv_cec_server ))))
|
|
(typeattribute base_typeattr_501)
|
|
(typeattributeset base_typeattr_501 (and (domain ) (not (hal_tv_cec_server ))))
|
|
(typeattribute base_typeattr_500)
|
|
(typeattributeset base_typeattr_500 (and (domain ) (not (hal_threadnetwork_client hal_threadnetwork_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_499)
|
|
(typeattributeset base_typeattr_499 (and (domain ) (not (hal_threadnetwork_server ))))
|
|
(typeattribute base_typeattr_498)
|
|
(typeattributeset base_typeattr_498 (and (domain ) (not (hal_thermal_client hal_thermal_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_497)
|
|
(typeattributeset base_typeattr_497 (and (domain ) (not (hal_thermal_client hal_thermal_server ))))
|
|
(typeattribute base_typeattr_496)
|
|
(typeattributeset base_typeattr_496 (and (domain ) (not (hal_thermal_server ))))
|
|
(typeattribute base_typeattr_495)
|
|
(typeattributeset base_typeattr_495 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_494)
|
|
(typeattributeset base_typeattr_494 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server ))))
|
|
(typeattribute base_typeattr_493)
|
|
(typeattributeset base_typeattr_493 (and (domain ) (not (hal_tetheroffload_server ))))
|
|
(typeattribute base_typeattr_492)
|
|
(typeattributeset base_typeattr_492 (and (domain ) (not (hal_telephony_client hal_telephony_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_491)
|
|
(typeattributeset base_typeattr_491 (and (domain ) (not (hal_telephony_client hal_telephony_server ))))
|
|
(typeattribute base_typeattr_490)
|
|
(typeattributeset base_typeattr_490 (and (domain ) (not (hal_telephony_server ))))
|
|
(typeattribute base_typeattr_489)
|
|
(typeattributeset base_typeattr_489 (and (domain ) (not (hal_sensors_client hal_sensors_server ))))
|
|
(typeattribute base_typeattr_488)
|
|
(typeattributeset base_typeattr_488 (and (domain ) (not (hal_sensors_server ))))
|
|
(typeattribute base_typeattr_487)
|
|
(typeattributeset base_typeattr_487 (and (domain ) (not (hal_secure_element_client hal_secure_element_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_486)
|
|
(typeattributeset base_typeattr_486 (and (domain ) (not (hal_secure_element_client hal_secure_element_server ))))
|
|
(typeattribute base_typeattr_485)
|
|
(typeattributeset base_typeattr_485 (and (domain ) (not (hal_secure_element_server ))))
|
|
(typeattribute base_typeattr_484)
|
|
(typeattributeset base_typeattr_484 (and (domain ) (not (hal_secretkeeper_client hal_secretkeeper_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_483)
|
|
(typeattributeset base_typeattr_483 (and (domain ) (not (hal_secretkeeper_server ))))
|
|
(typeattribute base_typeattr_482)
|
|
(typeattributeset base_typeattr_482 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_481)
|
|
(typeattributeset base_typeattr_481 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_server ))))
|
|
(typeattribute base_typeattr_480)
|
|
(typeattributeset base_typeattr_480 (and (domain ) (not (hal_remoteaccess_client hal_remoteaccess_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_479)
|
|
(typeattributeset base_typeattr_479 (and (domain ) (not (hal_remoteaccess_server ))))
|
|
(typeattribute base_typeattr_478)
|
|
(typeattributeset base_typeattr_478 (and (domain ) (not (hal_rebootescrow_client hal_rebootescrow_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_477)
|
|
(typeattributeset base_typeattr_477 (and (domain ) (not (hal_rebootescrow_server ))))
|
|
(typeattribute base_typeattr_476)
|
|
(typeattributeset base_typeattr_476 (and (domain ) (not (hal_power_stats_client hal_power_stats_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_475)
|
|
(typeattributeset base_typeattr_475 (and (domain ) (not (hal_power_stats_client hal_power_stats_server ))))
|
|
(typeattribute base_typeattr_474)
|
|
(typeattributeset base_typeattr_474 (and (domain ) (not (hal_power_stats_server ))))
|
|
(typeattribute base_typeattr_473)
|
|
(typeattributeset base_typeattr_473 (and (domain ) (not (hal_power_client hal_power_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_472)
|
|
(typeattributeset base_typeattr_472 (and (domain ) (not (hal_power_client hal_power_server ))))
|
|
(typeattribute base_typeattr_471)
|
|
(typeattributeset base_typeattr_471 (and (domain ) (not (hal_power_server ))))
|
|
(typeattribute base_typeattr_470)
|
|
(typeattributeset base_typeattr_470 (and (domain ) (not (hal_omx_client hal_omx_server ))))
|
|
(typeattribute base_typeattr_469)
|
|
(typeattributeset base_typeattr_469 (and (domain ) (not (hal_omx_server ))))
|
|
(typeattribute base_typeattr_468)
|
|
(typeattributeset base_typeattr_468 (and (domain ) (not (hal_oemlock_client hal_oemlock_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_467)
|
|
(typeattributeset base_typeattr_467 (and (domain ) (not (hal_oemlock_client hal_oemlock_server ))))
|
|
(typeattribute base_typeattr_466)
|
|
(typeattributeset base_typeattr_466 (and (domain ) (not (hal_oemlock_server ))))
|
|
(typeattribute base_typeattr_465)
|
|
(typeattributeset base_typeattr_465 (and (domain ) (not (hal_nlinterceptor_client hal_nlinterceptor_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_464)
|
|
(typeattributeset base_typeattr_464 (and (domain ) (not (hal_nlinterceptor_server ))))
|
|
(typeattribute base_typeattr_463)
|
|
(typeattributeset base_typeattr_463 (and (domain ) (not (hal_nfc_client hal_nfc_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_462)
|
|
(typeattributeset base_typeattr_462 (and (domain ) (not (hal_nfc_client hal_nfc_server ))))
|
|
(typeattribute base_typeattr_461)
|
|
(typeattributeset base_typeattr_461 (and (domain ) (not (hal_nfc_server ))))
|
|
(typeattribute base_typeattr_460)
|
|
(typeattributeset base_typeattr_460 (and (fs_type file_type ) (not (shell_exec toolbox_exec ))))
|
|
(typeattribute base_typeattr_459)
|
|
(typeattributeset base_typeattr_459 (and (halserverdomain ) (not (hal_dumpstate_server hal_telephony_server ))))
|
|
(typeattribute base_typeattr_458)
|
|
(typeattributeset base_typeattr_458 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
|
|
(typeattribute base_typeattr_457)
|
|
(typeattributeset base_typeattr_457 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
|
|
(typeattribute base_typeattr_456)
|
|
(typeattributeset base_typeattr_456 (and (halserverdomain ) (not (hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
|
|
(typeattribute base_typeattr_455)
|
|
(typeattributeset base_typeattr_455 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_454)
|
|
(typeattributeset base_typeattr_454 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server ))))
|
|
(typeattribute base_typeattr_453)
|
|
(typeattributeset base_typeattr_453 (and (domain ) (not (hal_neuralnetworks_server ))))
|
|
(typeattribute base_typeattr_452)
|
|
(typeattributeset base_typeattr_452 (and (domain ) (not (hal_memtrack_client hal_memtrack_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_451)
|
|
(typeattributeset base_typeattr_451 (and (domain ) (not (hal_memtrack_client hal_memtrack_server ))))
|
|
(typeattribute base_typeattr_450)
|
|
(typeattributeset base_typeattr_450 (and (domain ) (not (hal_memtrack_server ))))
|
|
(typeattribute base_typeattr_449)
|
|
(typeattributeset base_typeattr_449 (and (domain ) (not (hal_macsec_client hal_macsec_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_448)
|
|
(typeattributeset base_typeattr_448 (and (domain ) (not (hal_macsec_server ))))
|
|
(typeattribute base_typeattr_447)
|
|
(typeattributeset base_typeattr_447 (and (domain ) (not (hal_lowpan_server init ueventd ))))
|
|
(typeattribute base_typeattr_446)
|
|
(typeattributeset base_typeattr_446 (and (domain ) (not (hal_lowpan_client hal_lowpan_server ))))
|
|
(typeattribute base_typeattr_445)
|
|
(typeattributeset base_typeattr_445 (and (domain ) (not (hal_lowpan_server ))))
|
|
(typeattribute base_typeattr_444)
|
|
(typeattributeset base_typeattr_444 (and (domain ) (not (hal_light_client hal_light_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_443)
|
|
(typeattributeset base_typeattr_443 (and (domain ) (not (hal_light_client hal_light_server ))))
|
|
(typeattribute base_typeattr_442)
|
|
(typeattributeset base_typeattr_442 (and (domain ) (not (hal_light_server ))))
|
|
(typeattribute base_typeattr_441)
|
|
(typeattributeset base_typeattr_441 (and (domain ) (not (hal_keymint_client hal_keymint_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_440)
|
|
(typeattributeset base_typeattr_440 (and (domain ) (not (hal_keymint_server ))))
|
|
(typeattribute base_typeattr_439)
|
|
(typeattributeset base_typeattr_439 (and (domain ) (not (hal_keymaster_client hal_keymaster_server ))))
|
|
(typeattribute base_typeattr_438)
|
|
(typeattributeset base_typeattr_438 (and (domain ) (not (hal_keymaster_server ))))
|
|
(typeattribute base_typeattr_437)
|
|
(typeattributeset base_typeattr_437 (and (domain ) (not (hal_ivn_client hal_ivn_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_436)
|
|
(typeattributeset base_typeattr_436 (and (domain ) (not (hal_ivn_server ))))
|
|
(typeattribute base_typeattr_435)
|
|
(typeattributeset base_typeattr_435 (and (domain ) (not (hal_ir_client hal_ir_server ))))
|
|
(typeattribute base_typeattr_434)
|
|
(typeattributeset base_typeattr_434 (and (domain ) (not (hal_ir_client hal_ir_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_433)
|
|
(typeattributeset base_typeattr_433 (and (domain ) (not (hal_ir_server ))))
|
|
(typeattribute base_typeattr_432)
|
|
(typeattributeset base_typeattr_432 (and (domain ) (not (hal_input_processor_client hal_input_processor_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_431)
|
|
(typeattributeset base_typeattr_431 (and (domain ) (not (hal_input_processor_server ))))
|
|
(typeattribute base_typeattr_430)
|
|
(typeattributeset base_typeattr_430 (and (domain ) (not (hal_input_classifier_client hal_input_classifier_server ))))
|
|
(typeattribute base_typeattr_429)
|
|
(typeattributeset base_typeattr_429 (and (domain ) (not (hal_input_classifier_server ))))
|
|
(typeattribute base_typeattr_428)
|
|
(typeattributeset base_typeattr_428 (and (domain ) (not (hal_identity_client hal_identity_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_427)
|
|
(typeattributeset base_typeattr_427 (and (domain ) (not (hal_identity_server ))))
|
|
(typeattribute base_typeattr_426)
|
|
(typeattributeset base_typeattr_426 (and (domain ) (not (hal_health_storage_client hal_health_storage_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_425)
|
|
(typeattributeset base_typeattr_425 (and (domain ) (not (hal_health_storage_client hal_health_storage_server ))))
|
|
(typeattribute base_typeattr_424)
|
|
(typeattributeset base_typeattr_424 (and (domain ) (not (hal_health_storage_server ))))
|
|
(typeattribute base_typeattr_423)
|
|
(typeattributeset base_typeattr_423 (and (domain ) (not (hal_health_client hal_health_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_422)
|
|
(typeattributeset base_typeattr_422 (and (domain ) (not (hal_health_client hal_health_server ))))
|
|
(typeattribute base_typeattr_421)
|
|
(typeattributeset base_typeattr_421 (and (domain ) (not (hal_health_server ))))
|
|
(typeattribute base_typeattr_420)
|
|
(typeattributeset base_typeattr_420 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_419)
|
|
(typeattributeset base_typeattr_419 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server ))))
|
|
(typeattribute base_typeattr_418)
|
|
(typeattributeset base_typeattr_418 (and (domain ) (not (hal_graphics_composer_server ))))
|
|
(typeattribute base_typeattr_417)
|
|
(typeattributeset base_typeattr_417 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_416)
|
|
(typeattributeset base_typeattr_416 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server ))))
|
|
(typeattribute base_typeattr_415)
|
|
(typeattributeset base_typeattr_415 (and (domain ) (not (hal_graphics_allocator_server ))))
|
|
(typeattribute base_typeattr_414)
|
|
(typeattributeset base_typeattr_414 (and (domain ) (not (hal_gnss_client hal_gnss_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_413)
|
|
(typeattributeset base_typeattr_413 (and (domain ) (not (hal_gnss_client hal_gnss_server ))))
|
|
(typeattribute base_typeattr_412)
|
|
(typeattributeset base_typeattr_412 (and (domain ) (not (hal_gnss_server ))))
|
|
(typeattribute base_typeattr_411)
|
|
(typeattributeset base_typeattr_411 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_410)
|
|
(typeattributeset base_typeattr_410 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server ))))
|
|
(typeattribute base_typeattr_409)
|
|
(typeattributeset base_typeattr_409 (and (domain ) (not (hal_gatekeeper_server ))))
|
|
(typeattribute base_typeattr_408)
|
|
(typeattributeset base_typeattr_408 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_407)
|
|
(typeattributeset base_typeattr_407 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server ))))
|
|
(typeattribute base_typeattr_406)
|
|
(typeattributeset base_typeattr_406 (and (domain ) (not (hal_fingerprint_server ))))
|
|
(typeattribute base_typeattr_405)
|
|
(typeattributeset base_typeattr_405 (and (domain ) (not (hal_fastboot_client hal_fastboot_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_404)
|
|
(typeattributeset base_typeattr_404 (and (domain ) (not (hal_fastboot_server ))))
|
|
(typeattribute base_typeattr_403)
|
|
(typeattributeset base_typeattr_403 (and (domain ) (not (hal_face_client hal_face_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_402)
|
|
(typeattributeset base_typeattr_402 (and (domain ) (not (hal_face_client hal_face_server ))))
|
|
(typeattribute base_typeattr_401)
|
|
(typeattributeset base_typeattr_401 (and (domain ) (not (hal_face_server ))))
|
|
(typeattribute base_typeattr_400)
|
|
(typeattributeset base_typeattr_400 (and (domain ) (not (hal_evs_client hal_evs_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_399)
|
|
(typeattributeset base_typeattr_399 (and (domain ) (not (hal_evs_server ))))
|
|
(typeattribute base_typeattr_398)
|
|
(typeattributeset base_typeattr_398 (and (domain ) (not (hal_evs_server evsmanagerd ))))
|
|
(typeattribute base_typeattr_397)
|
|
(typeattributeset base_typeattr_397 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_396)
|
|
(typeattributeset base_typeattr_396 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server ))))
|
|
(typeattribute base_typeattr_395)
|
|
(typeattributeset base_typeattr_395 (and (domain ) (not (hal_dumpstate_server ))))
|
|
(typeattribute base_typeattr_394)
|
|
(typeattributeset base_typeattr_394 (and (domain ) (not (hal_drm_client hal_drm_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_393)
|
|
(typeattributeset base_typeattr_393 (and (domain ) (not (hal_drm_client hal_drm_server ))))
|
|
(typeattribute base_typeattr_392)
|
|
(typeattributeset base_typeattr_392 (and (domain ) (not (hal_drm_server ))))
|
|
(typeattribute base_typeattr_391)
|
|
(typeattributeset base_typeattr_391 (and (domain ) (not (hal_contexthub_client hal_contexthub_server ))))
|
|
(typeattribute base_typeattr_390)
|
|
(typeattributeset base_typeattr_390 (and (domain ) (not (hal_contexthub_server ))))
|
|
(typeattribute base_typeattr_389)
|
|
(typeattributeset base_typeattr_389 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_388)
|
|
(typeattributeset base_typeattr_388 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server ))))
|
|
(typeattribute base_typeattr_387)
|
|
(typeattributeset base_typeattr_387 (and (domain ) (not (hal_confirmationui_server ))))
|
|
(typeattribute base_typeattr_386)
|
|
(typeattributeset base_typeattr_386 (and (data_file_type ) (not (anr_data_file tombstone_data_file ))))
|
|
(typeattribute base_typeattr_385)
|
|
(typeattributeset base_typeattr_385 (and (domain ) (not (hal_configstore_server logd prng_seeder tombstoned ))))
|
|
(typeattribute base_typeattr_384)
|
|
(typeattributeset base_typeattr_384 (and (domain ) (not (hal_configstore_client hal_configstore_server ))))
|
|
(typeattribute base_typeattr_383)
|
|
(typeattributeset base_typeattr_383 (and (domain ) (not (hal_configstore_server ))))
|
|
(typeattribute base_typeattr_382)
|
|
(typeattributeset base_typeattr_382 (and (appdomain ) (not (isolated_app_all ))))
|
|
(typeattribute base_typeattr_381)
|
|
(typeattributeset base_typeattr_381 (and (domain ) (not (hal_codec2_client hal_codec2_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_380)
|
|
(typeattributeset base_typeattr_380 (and (domain ) (not (hal_codec2_client hal_codec2_server ))))
|
|
(typeattribute base_typeattr_379)
|
|
(typeattributeset base_typeattr_379 (and (domain ) (not (hal_codec2_server ))))
|
|
(typeattribute base_typeattr_378)
|
|
(typeattributeset base_typeattr_378 (and (domain ) (not (hal_cas_client hal_cas_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_377)
|
|
(typeattributeset base_typeattr_377 (and (domain ) (not (hal_cas_client hal_cas_server ))))
|
|
(typeattribute base_typeattr_376)
|
|
(typeattributeset base_typeattr_376 (and (domain ) (not (hal_cas_server ))))
|
|
(typeattribute base_typeattr_375)
|
|
(typeattributeset base_typeattr_375 (and (domain ) (not (hal_can_controller_client hal_can_controller_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_374)
|
|
(typeattributeset base_typeattr_374 (and (domain ) (not (hal_can_bus_client hal_can_bus_server ))))
|
|
(typeattribute base_typeattr_373)
|
|
(typeattributeset base_typeattr_373 (and (domain ) (not (hal_can_bus_server ))))
|
|
(typeattribute base_typeattr_372)
|
|
(typeattributeset base_typeattr_372 (and (domain ) (not (hal_can_controller_client hal_can_controller_server ))))
|
|
(typeattribute base_typeattr_371)
|
|
(typeattributeset base_typeattr_371 (and (domain ) (not (hal_can_controller_server ))))
|
|
(typeattribute base_typeattr_370)
|
|
(typeattributeset base_typeattr_370 (and (halserverdomain ) (not (hal_camera_server ))))
|
|
(typeattribute base_typeattr_369)
|
|
(typeattributeset base_typeattr_369 (and (appdomain ) (not (isolated_app ))))
|
|
(typeattribute base_typeattr_368)
|
|
(typeattributeset base_typeattr_368 (and (domain ) (not (hal_camera_client hal_camera_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_367)
|
|
(typeattributeset base_typeattr_367 (and (domain ) (not (hal_camera_client hal_camera_server ))))
|
|
(typeattribute base_typeattr_366)
|
|
(typeattributeset base_typeattr_366 (and (domain ) (not (hal_camera_server ))))
|
|
(typeattribute base_typeattr_365)
|
|
(typeattributeset base_typeattr_365 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_364)
|
|
(typeattributeset base_typeattr_364 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server ))))
|
|
(typeattribute base_typeattr_363)
|
|
(typeattributeset base_typeattr_363 (and (domain ) (not (hal_broadcastradio_server ))))
|
|
(typeattribute base_typeattr_362)
|
|
(typeattributeset base_typeattr_362 (and (domain ) (not (hal_bootctl_client hal_bootctl_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_361)
|
|
(typeattributeset base_typeattr_361 (and (domain ) (not (hal_bootctl_client hal_bootctl_server ))))
|
|
(typeattribute base_typeattr_360)
|
|
(typeattributeset base_typeattr_360 (and (domain ) (not (hal_bootctl_server ))))
|
|
(typeattribute base_typeattr_359)
|
|
(typeattributeset base_typeattr_359 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_358)
|
|
(typeattributeset base_typeattr_358 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server ))))
|
|
(typeattribute base_typeattr_357)
|
|
(typeattributeset base_typeattr_357 (and (domain ) (not (hal_bluetooth_server ))))
|
|
(typeattribute base_typeattr_356)
|
|
(typeattributeset base_typeattr_356 (and (domain ) (not (hal_authsecret_client hal_authsecret_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_355)
|
|
(typeattributeset base_typeattr_355 (and (domain ) (not (hal_authsecret_client hal_authsecret_server ))))
|
|
(typeattribute base_typeattr_354)
|
|
(typeattributeset base_typeattr_354 (and (domain ) (not (hal_authsecret_server ))))
|
|
(typeattribute base_typeattr_353)
|
|
(typeattributeset base_typeattr_353 (and (domain ) (not (hal_authgraph_client hal_authgraph_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_352)
|
|
(typeattributeset base_typeattr_352 (and (domain ) (not (hal_authgraph_server ))))
|
|
(typeattribute base_typeattr_351)
|
|
(typeattributeset base_typeattr_351 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_350)
|
|
(typeattributeset base_typeattr_350 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server ))))
|
|
(typeattribute base_typeattr_349)
|
|
(typeattributeset base_typeattr_349 (and (domain ) (not (hal_audiocontrol_server ))))
|
|
(typeattribute base_typeattr_348)
|
|
(typeattributeset base_typeattr_348 (and (halserverdomain ) (not (hal_audio_server hal_omx_server ))))
|
|
(typeattribute base_typeattr_347)
|
|
(typeattributeset base_typeattr_347 (and (domain ) (not (hal_audio_client hal_audio_server atrace shell system_app traceur_app ))))
|
|
(typeattribute base_typeattr_346)
|
|
(typeattributeset base_typeattr_346 (and (domain ) (not (hal_audio_client hal_audio_server ))))
|
|
(typeattribute base_typeattr_345)
|
|
(typeattributeset base_typeattr_345 (and (domain ) (not (hal_audio_server ))))
|
|
(typeattribute base_typeattr_344)
|
|
(typeattributeset base_typeattr_344 (and (domain ) (not (hal_atrace_client hal_atrace_server ))))
|
|
(typeattribute base_typeattr_343)
|
|
(typeattributeset base_typeattr_343 (and (domain ) (not (hal_atrace_server ))))
|
|
(typeattribute base_typeattr_342)
|
|
(typeattributeset base_typeattr_342 (and (domain ) (not (hal_allocator_client hal_allocator_server ))))
|
|
(typeattribute base_typeattr_341)
|
|
(typeattributeset base_typeattr_341 (and (domain ) (not (hal_allocator_server ))))
|
|
(typeattribute base_typeattr_340)
|
|
(typeattributeset base_typeattr_340 (and (domain ) (not (gatekeeperd ))))
|
|
(typeattribute base_typeattr_339)
|
|
(typeattributeset base_typeattr_339 (and (domain ) (not (vold ))))
|
|
(typeattribute base_typeattr_338)
|
|
(typeattributeset base_typeattr_338 (and (fs_type file_type ) (not (fsck_exec ))))
|
|
(typeattribute base_typeattr_337)
|
|
(typeattributeset base_typeattr_337 (and (domain ) (not (init vold ))))
|
|
(typeattribute base_typeattr_336)
|
|
(typeattributeset base_typeattr_336 (and (domain ) (not (flags_health_check init ))))
|
|
(typeattribute base_typeattr_335)
|
|
(typeattributeset base_typeattr_335 (and (domain ) (not (fingerprintd ))))
|
|
(typeattribute base_typeattr_334)
|
|
(typeattributeset base_typeattr_334 (and (domain ) (not (dumpstate shell system_server traceur_app ))))
|
|
(typeattribute base_typeattr_333)
|
|
(typeattributeset base_typeattr_333 (and (domain ) (not (dumpstate ))))
|
|
(typeattribute base_typeattr_332)
|
|
(typeattributeset base_typeattr_332 (and (service_manager_type ) (not (hal_service_type apex_service default_android_service dumpstate_service gatekeeper_service virtual_touchpad_service vold_service ))))
|
|
(typeattribute base_typeattr_331)
|
|
(typeattributeset base_typeattr_331 (and (domain ) (not (drmserver ))))
|
|
(typeattribute base_typeattr_330)
|
|
(typeattributeset base_typeattr_330 (and (domain ) (not (init traced_probes vendor_init ))))
|
|
(typeattribute base_typeattr_329)
|
|
(typeattributeset base_typeattr_329 (and (domain ) (not (ephemeral_app untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_328)
|
|
(typeattributeset base_typeattr_328 (and (domain ) (not (hal_codec2_server hal_omx_server ))))
|
|
(typeattribute base_typeattr_327)
|
|
(typeattributeset base_typeattr_327 (and (coredomain ) (not (apexd charger incidentd init recovery shell ueventd ))))
|
|
(typeattribute base_typeattr_326)
|
|
(typeattributeset base_typeattr_326 (and (coredomain ) (not (appdomain ))))
|
|
(typeattribute base_typeattr_325)
|
|
(typeattributeset base_typeattr_325 (and (coredomain ) (not (system_writes_mnt_vendor_violators init ueventd vold ))))
|
|
(typeattribute base_typeattr_324)
|
|
(typeattributeset base_typeattr_324 (not (coredomain ) ))
|
|
(typeattribute base_typeattr_323)
|
|
(typeattributeset base_typeattr_323 (not (system_file_type system_dlkm_file_type vendor_file_type rootfs ) ))
|
|
(typeattribute base_typeattr_322)
|
|
(typeattributeset base_typeattr_322 (and (domain ) (not (artd installd profman ))))
|
|
(typeattribute base_typeattr_321)
|
|
(typeattributeset base_typeattr_321 (and (domain ) (not (init vendor_init vold ))))
|
|
(typeattribute base_typeattr_320)
|
|
(typeattributeset base_typeattr_320 (not (hwservicemanager ) ))
|
|
(typeattribute base_typeattr_319)
|
|
(typeattributeset base_typeattr_319 (not (servicemanager vndservicemanager ) ))
|
|
(typeattribute base_typeattr_318)
|
|
(typeattributeset base_typeattr_318 (and (domain ) (not (installd shell ))))
|
|
(typeattribute base_typeattr_317)
|
|
(typeattributeset base_typeattr_317 (and (domain ) (not (appdomain artd installd ))))
|
|
(typeattribute base_typeattr_316)
|
|
(typeattributeset base_typeattr_316 (and (appdomain ) (not (shell simpleperf ))))
|
|
(typeattribute base_typeattr_315)
|
|
(typeattributeset base_typeattr_315 (and (domain ) (not (app_zygote runas simpleperf_app_runner webview_zygote zygote ))))
|
|
(typeattribute base_typeattr_314)
|
|
(typeattributeset base_typeattr_314 (and (domain ) (not (adbd init runas zygote ))))
|
|
(typeattribute base_typeattr_313)
|
|
(typeattributeset base_typeattr_313 (and (domain ) (not (init installd system_app system_server toolbox vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_312)
|
|
(typeattributeset base_typeattr_312 (not (domain ) ))
|
|
(typeattribute base_typeattr_311)
|
|
(typeattributeset base_typeattr_311 (and (domain ) (not (init zygote ))))
|
|
(typeattribute base_typeattr_310)
|
|
(typeattributeset base_typeattr_310 (and (domain ) (not (untrusted_app_27 untrusted_app_25 ))))
|
|
(typeattribute base_typeattr_309)
|
|
(typeattributeset base_typeattr_309 (and (file_type ) (not (apk_data_file app_data_file asec_public_file ))))
|
|
(typeattribute base_typeattr_308)
|
|
(typeattributeset base_typeattr_308 (and (domain ) (not (init system_server ))))
|
|
(typeattribute base_typeattr_307)
|
|
(typeattributeset base_typeattr_307 (and (domain ) (not (dumpstate incidentd system_server ))))
|
|
(typeattribute base_typeattr_306)
|
|
(typeattributeset base_typeattr_306 (and (domain ) (not (app_zygote system_server webview_zygote ))))
|
|
(typeattribute base_typeattr_305)
|
|
(typeattributeset base_typeattr_305 (and (domain ) (not (system_server ))))
|
|
(typeattribute base_typeattr_304)
|
|
(typeattributeset base_typeattr_304 (and (domain ) (not (system_server zygote ))))
|
|
(typeattribute base_typeattr_303)
|
|
(typeattributeset base_typeattr_303 (and (system_file_type ) (not (crash_dump_exec system_event_log_tags_file system_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file system_zoneinfo_file task_profiles_file task_profiles_api_file file_contexts_file property_contexts_file netutils_wrapper_exec shell_exec toolbox_exec ))))
|
|
(typeattribute base_typeattr_302)
|
|
(typeattributeset base_typeattr_302 (and (vendor_file_type ) (not (same_process_hal_file ))))
|
|
(typeattribute base_typeattr_301)
|
|
(typeattributeset base_typeattr_301 (and (coredomain ) (not (system_executes_vendor_violators shell ))))
|
|
(typeattribute base_typeattr_300)
|
|
(typeattributeset base_typeattr_300 (and (vendor_file_type ) (not (vendor_app_file same_process_hal_file vndk_sp_file vendor_public_lib_file vendor_public_framework_file ))))
|
|
(typeattribute base_typeattr_299)
|
|
(typeattributeset base_typeattr_299 (and (coredomain ) (not (system_executes_vendor_violators init shell ueventd ))))
|
|
(typeattribute base_typeattr_298)
|
|
(typeattributeset base_typeattr_298 (and (file_type ) (not (vendor_file_type init_exec ))))
|
|
(typeattribute base_typeattr_297)
|
|
(typeattributeset base_typeattr_297 (and (file_type ) (not (system_file_type postinstall_file ))))
|
|
(typeattribute base_typeattr_296)
|
|
(typeattributeset base_typeattr_296 (and (system_file_type ) (not (crash_dump_exec system_lib_file system_linker_exec netutils_wrapper_exec shell_exec toolbox_exec ))))
|
|
(typeattribute base_typeattr_295)
|
|
(typeattributeset base_typeattr_295 (and (domain ) (not (appdomain coredomain vendor_executes_system_violators vendor_init ))))
|
|
(typeattribute base_typeattr_294)
|
|
(typeattributeset base_typeattr_294 (and (coredomain ) (not (init shell ueventd ))))
|
|
(typeattribute base_typeattr_293)
|
|
(typeattributeset base_typeattr_293 (and (coredomain ) (not (data_between_core_and_vendor_violators init ))))
|
|
(typeattribute base_typeattr_292)
|
|
(typeattributeset base_typeattr_292 (and (coredomain ) (not (data_between_core_and_vendor_violators init vold vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_291)
|
|
(typeattributeset base_typeattr_291 (and (domain ) (not (appdomain coredomain data_between_core_and_vendor_violators ))))
|
|
(typeattribute base_typeattr_290)
|
|
(typeattributeset base_typeattr_290 (and (core_data_file_type ) (not (system_data_root_file system_data_file vendor_data_file vendor_userdir_file unencrypted_data_file ))))
|
|
(typeattribute base_typeattr_289)
|
|
(typeattributeset base_typeattr_289 (and (core_data_file_type ) (not (system_data_root_file system_data_file vendor_data_file vendor_userdir_file ))))
|
|
(typeattribute base_typeattr_288)
|
|
(typeattributeset base_typeattr_288 (and (core_data_file_type ) (not (unencrypted_data_file ))))
|
|
(typeattribute base_typeattr_287)
|
|
(typeattributeset base_typeattr_287 (and (vendor_init ) (not (data_between_core_and_vendor_violators ))))
|
|
(typeattribute base_typeattr_286)
|
|
(typeattributeset base_typeattr_286 (and (domain ) (not (appdomain coredomain data_between_core_and_vendor_violators vendor_init ))))
|
|
(typeattribute base_typeattr_285)
|
|
(typeattributeset base_typeattr_285 (and (data_file_type ) (not (core_data_file_type app_data_file_type vendor_data_file ))))
|
|
(typeattribute base_typeattr_284)
|
|
(typeattributeset base_typeattr_284 (and (data_file_type ) (not (core_data_file_type app_data_file_type ))))
|
|
(typeattribute base_typeattr_283)
|
|
(typeattributeset base_typeattr_283 (and (coredomain ) (not (appdomain data_between_core_and_vendor_violators init vold_prepare_subdirs ))))
|
|
(typeattribute base_typeattr_282)
|
|
(typeattributeset base_typeattr_282 (and (dev_type file_type ) (not (core_data_file_type app_data_file_type coredomain_socket unlabeled ))))
|
|
(typeattribute base_typeattr_281)
|
|
(typeattributeset base_typeattr_281 (and (coredomain ) (not (socket_between_core_and_vendor_violators init ueventd ))))
|
|
(typeattribute base_typeattr_280)
|
|
(typeattributeset base_typeattr_280 (and (core_data_file_type coredomain_socket unlabeled ) (not (pdx_endpoint_socket_type pdx_channel_socket_type app_data_file privapp_data_file ))))
|
|
(typeattribute base_typeattr_279)
|
|
(typeattributeset base_typeattr_279 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators data_between_core_and_vendor_violators vendor_init ))))
|
|
(typeattribute base_typeattr_278)
|
|
(typeattributeset base_typeattr_278 (and (domain ) (not (coredomain socket_between_core_and_vendor_violators ))))
|
|
(typeattribute base_typeattr_277)
|
|
(typeattributeset base_typeattr_277 (and (coredomain ) (not (adbd init ))))
|
|
(typeattribute base_typeattr_276)
|
|
(typeattributeset base_typeattr_276 (and (coredomain ) (not (shell ))))
|
|
(typeattribute base_typeattr_275)
|
|
(typeattributeset base_typeattr_275 (and (coredomain ) (not (shell ueventd ))))
|
|
(typeattribute base_typeattr_274)
|
|
(typeattributeset base_typeattr_274 (and (service_manager_type ) (not (app_api_service ephemeral_app_api_service hal_service_type apc_service audioserver_service cameraserver_service drmserver_service credstore_service keystore_maintenance_service keystore_service legacykeystore_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service nfc_service radio_service virtual_touchpad_service vr_manager_service ))))
|
|
(typeattribute base_typeattr_273)
|
|
(typeattributeset base_typeattr_273 (and (appdomain ) (not (coredomain ))))
|
|
(typeattribute base_typeattr_272)
|
|
(typeattributeset base_typeattr_272 (and (domain ) (not (hwservicemanager servicemanager vndservicemanager ))))
|
|
(typeattribute base_typeattr_271)
|
|
(typeattributeset base_typeattr_271 (and (domain ) (not (fastbootd recovery update_engine ))))
|
|
(typeattribute base_typeattr_270)
|
|
(typeattributeset base_typeattr_270 (and (domain ) (not (hal_fastboot_server e2fs fastbootd fsck init recovery vold ))))
|
|
(typeattribute base_typeattr_269)
|
|
(typeattributeset base_typeattr_269 (and (domain ) (not (init recovery system_server ueventd ))))
|
|
(typeattribute base_typeattr_268)
|
|
(typeattributeset base_typeattr_268 (and (domain ) (not (hal_camera_server hal_cas_server hal_drm_server hal_keymint_server adbd dumpstate fastbootd init mediadrmserver mediaserver recovery shell system_server vendor_init ))))
|
|
(typeattribute base_typeattr_267)
|
|
(typeattributeset base_typeattr_267 (and (domain ) (not (coredomain vendor_init ))))
|
|
(typeattribute base_typeattr_266)
|
|
(typeattributeset base_typeattr_266 (and (domain ) (not (init system_server vendor_init ))))
|
|
(typeattribute base_typeattr_265)
|
|
(typeattributeset base_typeattr_265 (and (fs_type ) (not (contextmount_type ))))
|
|
(typeattribute base_typeattr_264)
|
|
(typeattributeset base_typeattr_264 (and (domain ) (not (adbd crash_dump heapprofd init shell ))))
|
|
(typeattribute base_typeattr_263)
|
|
(typeattributeset base_typeattr_263 (and (domain ) (not (adbd init shell ))))
|
|
(typeattribute base_typeattr_262)
|
|
(typeattributeset base_typeattr_262 (and (domain ) (not (init kernel recovery ))))
|
|
(typeattribute base_typeattr_261)
|
|
(typeattributeset base_typeattr_261 (and (domain ) (not (dumpstate init system_server vendor_init ))))
|
|
(typeattribute base_typeattr_260)
|
|
(typeattributeset base_typeattr_260 (and (domain ) (not (dumpstate init vendor_init ))))
|
|
(typeattribute base_typeattr_259)
|
|
(typeattributeset base_typeattr_259 (and (domain ) (not (init vendor_init ))))
|
|
(typeattribute base_typeattr_258)
|
|
(typeattributeset base_typeattr_258 (and (domain ) (not (init ueventd ))))
|
|
(typeattribute base_typeattr_257)
|
|
(typeattributeset base_typeattr_257 (and (file_type ) (not (exec_type postinstall_file ))))
|
|
(typeattribute base_typeattr_256)
|
|
(typeattributeset base_typeattr_256 (and (domain ) (not (shell ueventd ))))
|
|
(typeattribute base_typeattr_255)
|
|
(typeattributeset base_typeattr_255 (and (domain ) (not (prng_seeder shell ueventd ))))
|
|
(typeattribute base_typeattr_254)
|
|
(typeattributeset base_typeattr_254 (and (domain ) (not (kernel ))))
|
|
(typeattribute base_typeattr_253)
|
|
(typeattributeset base_typeattr_253 (and (domain ) (not (init kernel ueventd vold ))))
|
|
(typeattribute base_typeattr_252)
|
|
(typeattributeset base_typeattr_252 (and (domain ) (not (init recovery ))))
|
|
(typeattribute base_typeattr_251)
|
|
(typeattributeset base_typeattr_251 (and (domain ) (not (domain ))))
|
|
(typeattribute base_typeattr_250)
|
|
(typeattributeset base_typeattr_250 (and (domain ) (not (coredomain ))))
|
|
(typeattribute base_typeattr_249)
|
|
(typeattributeset base_typeattr_249 (and (domain ) (not (isolated_app servicemanager vndservicemanager ))))
|
|
(typeattribute base_typeattr_248)
|
|
(typeattributeset base_typeattr_248 (and (domain ) (not (hwservicemanager vndservicemanager ))))
|
|
(typeattribute base_typeattr_247)
|
|
(typeattributeset base_typeattr_247 (and (domain ) (not (display_service_server ))))
|
|
(typeattribute base_typeattr_246)
|
|
(typeattributeset base_typeattr_246 (and (domain ) (not (credstore ))))
|
|
(typeattribute base_typeattr_245)
|
|
(typeattributeset base_typeattr_245 (and (domain ) (not (cameraserver ))))
|
|
(typeattribute base_typeattr_244)
|
|
(typeattributeset base_typeattr_244 (and (domain ) (not (camera_service_server ))))
|
|
(typeattribute base_typeattr_243)
|
|
(typeattributeset base_typeattr_243 (and (domain ) (not (bufferhubd ))))
|
|
(typeattribute base_typeattr_242)
|
|
(typeattributeset base_typeattr_242 (and (domain ) (not (bootstat init ))))
|
|
(typeattribute base_typeattr_241)
|
|
(typeattributeset base_typeattr_241 (and (appdomain ) (not (bluetooth system_app ))))
|
|
(typeattribute base_typeattr_240)
|
|
(typeattributeset base_typeattr_240 (and (appdomain ) (not (bluetooth nfc ))))
|
|
(typeattribute base_typeattr_239)
|
|
(typeattributeset base_typeattr_239 (and (appdomain ) (not (untrusted_app_all isolated_app_all platform_app priv_app ))))
|
|
(typeattribute base_typeattr_238)
|
|
(typeattributeset base_typeattr_238 (and (domain ) (not (credstore init ))))
|
|
(typeattribute base_typeattr_237)
|
|
(typeattributeset base_typeattr_237 (and (appdomain ) (not (platform_app ))))
|
|
(typeattribute base_typeattr_236)
|
|
(typeattributeset base_typeattr_236 (and (domain ) (not (appdomain perfetto ))))
|
|
(typeattribute base_typeattr_235)
|
|
(typeattributeset base_typeattr_235 (and (appdomain ) (not (shell ))))
|
|
(typeattribute base_typeattr_234)
|
|
(typeattributeset base_typeattr_234 (and (domain ) (not (appdomain crash_dump ))))
|
|
(typeattribute base_typeattr_233)
|
|
(typeattributeset base_typeattr_233 (and (domain ) (not (appdomain ))))
|
|
(typeattribute base_typeattr_232)
|
|
(typeattributeset base_typeattr_232 (and (appdomain ) (not (radio ))))
|
|
(typeattribute base_typeattr_231)
|
|
(typeattributeset base_typeattr_231 (and (appdomain ) (not (network_stack ))))
|
|
(typeattribute base_typeattr_230)
|
|
(typeattributeset base_typeattr_230 (and (appdomain ) (not (bluetooth ))))
|
|
(typeattribute base_typeattr_229)
|
|
(typeattributeset base_typeattr_229 (and (appdomain ) (not (nfc ))))
|
|
(typeattribute base_typeattr_228)
|
|
(typeattributeset base_typeattr_228 (and (appdomain ) (not (bluetooth network_stack ))))
|
|
(typeattribute base_typeattr_227)
|
|
(typeattributeset base_typeattr_227 (and (domain ) (not (apexd init servicemanager system_server update_engine ))))
|
|
(typeattribute base_typeattr_226)
|
|
(typeattributeset base_typeattr_226 (and (domain ) (not (apexd init system_server update_engine ))))
|
|
(typeattribute base_typeattr_225)
|
|
(typeattributeset base_typeattr_225 (and (domain ) (not (apexd ))))
|
|
(typeattribute base_typeattr_224)
|
|
(typeattributeset base_typeattr_224 (all))
|
|
(typeattribute base_typeattr_223)
|
|
(typeattributeset base_typeattr_223 (and (domain ) (not (init ))))
|
|
(typeattribute base_typeattr_222)
|
|
(typeattributeset base_typeattr_222 (and (hal_wifi_supplicant_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_221)
|
|
(typeattributeset base_typeattr_221 (and (hal_wifi_supplicant_server ) (not (hal_wifi_supplicant ))))
|
|
(typeattribute base_typeattr_220)
|
|
(typeattributeset base_typeattr_220 (and (hal_wifi_supplicant_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_219)
|
|
(typeattributeset base_typeattr_219 (and (hal_wifi_hostapd_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_218)
|
|
(typeattributeset base_typeattr_218 (and (hal_wifi_hostapd_server ) (not (hal_wifi_hostapd ))))
|
|
(typeattribute base_typeattr_217)
|
|
(typeattributeset base_typeattr_217 (and (hal_wifi_hostapd_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_216)
|
|
(typeattributeset base_typeattr_216 (and (hal_wifi_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_215)
|
|
(typeattributeset base_typeattr_215 (and (hal_wifi_server ) (not (hal_wifi ))))
|
|
(typeattribute base_typeattr_214)
|
|
(typeattributeset base_typeattr_214 (and (hal_wifi_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_213)
|
|
(typeattributeset base_typeattr_213 (and (hal_weaver_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_212)
|
|
(typeattributeset base_typeattr_212 (and (hal_weaver_server ) (not (hal_weaver ))))
|
|
(typeattribute base_typeattr_211)
|
|
(typeattributeset base_typeattr_211 (and (hal_weaver_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_210)
|
|
(typeattributeset base_typeattr_210 (and (hal_vr_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_209)
|
|
(typeattributeset base_typeattr_209 (and (hal_vr_server ) (not (hal_vr ))))
|
|
(typeattribute base_typeattr_208)
|
|
(typeattributeset base_typeattr_208 (and (hal_vr_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_207)
|
|
(typeattributeset base_typeattr_207 (and (hal_vibrator_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_206)
|
|
(typeattributeset base_typeattr_206 (and (hal_vibrator_server ) (not (hal_vibrator ))))
|
|
(typeattribute base_typeattr_205)
|
|
(typeattributeset base_typeattr_205 (and (hal_vibrator_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_204)
|
|
(typeattributeset base_typeattr_204 (and (hal_vehicle_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_203)
|
|
(typeattributeset base_typeattr_203 (and (hal_vehicle_server ) (not (hal_vehicle ))))
|
|
(typeattribute base_typeattr_202)
|
|
(typeattributeset base_typeattr_202 (and (hal_vehicle_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_201)
|
|
(typeattributeset base_typeattr_201 (and (hal_uwb_vendor_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_200)
|
|
(typeattributeset base_typeattr_200 (and (hal_uwb_vendor_server ) (not (hal_uwb_vendor ))))
|
|
(typeattribute base_typeattr_199)
|
|
(typeattributeset base_typeattr_199 (and (hal_uwb_vendor_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_198)
|
|
(typeattributeset base_typeattr_198 (and (hal_uwb_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_197)
|
|
(typeattributeset base_typeattr_197 (and (hal_uwb_server ) (not (hal_uwb ))))
|
|
(typeattribute base_typeattr_196)
|
|
(typeattributeset base_typeattr_196 (and (hal_uwb_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_195)
|
|
(typeattributeset base_typeattr_195 (and (hal_usb_gadget_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_194)
|
|
(typeattributeset base_typeattr_194 (and (hal_usb_gadget_server ) (not (hal_usb_gadget ))))
|
|
(typeattribute base_typeattr_193)
|
|
(typeattributeset base_typeattr_193 (and (hal_usb_gadget_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_192)
|
|
(typeattributeset base_typeattr_192 (and (hal_usb_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_191)
|
|
(typeattributeset base_typeattr_191 (and (hal_usb_server ) (not (hal_usb ))))
|
|
(typeattribute base_typeattr_190)
|
|
(typeattributeset base_typeattr_190 (and (hal_usb_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_189)
|
|
(typeattributeset base_typeattr_189 (and (hal_tv_tuner_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_188)
|
|
(typeattributeset base_typeattr_188 (and (hal_tv_tuner_server ) (not (hal_tv_tuner ))))
|
|
(typeattribute base_typeattr_187)
|
|
(typeattributeset base_typeattr_187 (and (hal_tv_tuner_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_186)
|
|
(typeattributeset base_typeattr_186 (and (hal_tv_input_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_185)
|
|
(typeattributeset base_typeattr_185 (and (hal_tv_input_server ) (not (hal_tv_input ))))
|
|
(typeattribute base_typeattr_184)
|
|
(typeattributeset base_typeattr_184 (and (hal_tv_input_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_183)
|
|
(typeattributeset base_typeattr_183 (and (hal_tv_hdmi_earc_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_182)
|
|
(typeattributeset base_typeattr_182 (and (hal_tv_hdmi_earc_server ) (not (hal_tv_hdmi_earc ))))
|
|
(typeattribute base_typeattr_181)
|
|
(typeattributeset base_typeattr_181 (and (hal_tv_hdmi_earc_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_180)
|
|
(typeattributeset base_typeattr_180 (and (hal_tv_hdmi_connection_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_179)
|
|
(typeattributeset base_typeattr_179 (and (hal_tv_hdmi_connection_server ) (not (hal_tv_hdmi_connection ))))
|
|
(typeattribute base_typeattr_178)
|
|
(typeattributeset base_typeattr_178 (and (hal_tv_hdmi_connection_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_177)
|
|
(typeattributeset base_typeattr_177 (and (hal_tv_hdmi_cec_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_176)
|
|
(typeattributeset base_typeattr_176 (and (hal_tv_hdmi_cec_server ) (not (hal_tv_hdmi_cec ))))
|
|
(typeattribute base_typeattr_175)
|
|
(typeattributeset base_typeattr_175 (and (hal_tv_hdmi_cec_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_174)
|
|
(typeattributeset base_typeattr_174 (and (hal_tv_cec_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_173)
|
|
(typeattributeset base_typeattr_173 (and (hal_tv_cec_server ) (not (hal_tv_cec ))))
|
|
(typeattribute base_typeattr_172)
|
|
(typeattributeset base_typeattr_172 (and (hal_tv_cec_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_171)
|
|
(typeattributeset base_typeattr_171 (and (hal_threadnetwork_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_170)
|
|
(typeattributeset base_typeattr_170 (and (hal_threadnetwork_server ) (not (hal_threadnetwork ))))
|
|
(typeattribute base_typeattr_169)
|
|
(typeattributeset base_typeattr_169 (and (hal_threadnetwork_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_168)
|
|
(typeattributeset base_typeattr_168 (and (hal_thermal_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_167)
|
|
(typeattributeset base_typeattr_167 (and (hal_thermal_server ) (not (hal_thermal ))))
|
|
(typeattribute base_typeattr_166)
|
|
(typeattributeset base_typeattr_166 (and (hal_thermal_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_165)
|
|
(typeattributeset base_typeattr_165 (and (hal_tetheroffload_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_164)
|
|
(typeattributeset base_typeattr_164 (and (hal_tetheroffload_server ) (not (hal_tetheroffload ))))
|
|
(typeattribute base_typeattr_163)
|
|
(typeattributeset base_typeattr_163 (and (hal_tetheroffload_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_162)
|
|
(typeattributeset base_typeattr_162 (and (hal_telephony_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_161)
|
|
(typeattributeset base_typeattr_161 (and (hal_telephony_server ) (not (hal_telephony ))))
|
|
(typeattribute base_typeattr_160)
|
|
(typeattributeset base_typeattr_160 (and (hal_telephony_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_159)
|
|
(typeattributeset base_typeattr_159 (and (hal_sensors_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_158)
|
|
(typeattributeset base_typeattr_158 (and (hal_sensors_server ) (not (hal_sensors ))))
|
|
(typeattribute base_typeattr_157)
|
|
(typeattributeset base_typeattr_157 (and (hal_sensors_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_156)
|
|
(typeattributeset base_typeattr_156 (and (hal_secure_element_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_155)
|
|
(typeattributeset base_typeattr_155 (and (hal_secure_element_server ) (not (hal_secure_element ))))
|
|
(typeattribute base_typeattr_154)
|
|
(typeattributeset base_typeattr_154 (and (hal_secure_element_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_153)
|
|
(typeattributeset base_typeattr_153 (and (hal_remotelyprovisionedcomponent_avf_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_152)
|
|
(typeattributeset base_typeattr_152 (and (hal_remotelyprovisionedcomponent_avf_server ) (not (hal_remotelyprovisionedcomponent_avf ))))
|
|
(typeattribute base_typeattr_151)
|
|
(typeattributeset base_typeattr_151 (and (hal_remotelyprovisionedcomponent_avf_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_150)
|
|
(typeattributeset base_typeattr_150 (and (hal_secretkeeper_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_149)
|
|
(typeattributeset base_typeattr_149 (and (hal_secretkeeper_server ) (not (hal_secretkeeper ))))
|
|
(typeattribute base_typeattr_148)
|
|
(typeattributeset base_typeattr_148 (and (hal_secretkeeper_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_147)
|
|
(typeattributeset base_typeattr_147 (and (hal_remoteaccess_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_146)
|
|
(typeattributeset base_typeattr_146 (and (hal_remoteaccess_server ) (not (hal_remoteaccess ))))
|
|
(typeattribute base_typeattr_145)
|
|
(typeattributeset base_typeattr_145 (and (hal_remoteaccess_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_144)
|
|
(typeattributeset base_typeattr_144 (and (hal_rebootescrow_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_143)
|
|
(typeattributeset base_typeattr_143 (and (hal_rebootescrow_server ) (not (hal_rebootescrow ))))
|
|
(typeattribute base_typeattr_142)
|
|
(typeattributeset base_typeattr_142 (and (hal_rebootescrow_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_141)
|
|
(typeattributeset base_typeattr_141 (and (hal_power_stats_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_140)
|
|
(typeattributeset base_typeattr_140 (and (hal_power_stats_server ) (not (hal_power_stats ))))
|
|
(typeattribute base_typeattr_139)
|
|
(typeattributeset base_typeattr_139 (and (hal_power_stats_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_138)
|
|
(typeattributeset base_typeattr_138 (and (hal_power_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_137)
|
|
(typeattributeset base_typeattr_137 (and (hal_power_server ) (not (hal_power ))))
|
|
(typeattribute base_typeattr_136)
|
|
(typeattributeset base_typeattr_136 (and (hal_power_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_135)
|
|
(typeattributeset base_typeattr_135 (and (hal_omx_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_134)
|
|
(typeattributeset base_typeattr_134 (and (hal_omx_server ) (not (hal_omx ))))
|
|
(typeattribute base_typeattr_133)
|
|
(typeattributeset base_typeattr_133 (and (hal_omx_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_132)
|
|
(typeattributeset base_typeattr_132 (and (hal_oemlock_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_131)
|
|
(typeattributeset base_typeattr_131 (and (hal_oemlock_server ) (not (hal_oemlock ))))
|
|
(typeattribute base_typeattr_130)
|
|
(typeattributeset base_typeattr_130 (and (hal_oemlock_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_129)
|
|
(typeattributeset base_typeattr_129 (and (hal_nlinterceptor_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_128)
|
|
(typeattributeset base_typeattr_128 (and (hal_nlinterceptor_server ) (not (hal_nlinterceptor ))))
|
|
(typeattribute base_typeattr_127)
|
|
(typeattributeset base_typeattr_127 (and (hal_nlinterceptor_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_126)
|
|
(typeattributeset base_typeattr_126 (and (hal_nfc_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_125)
|
|
(typeattributeset base_typeattr_125 (and (hal_nfc_server ) (not (hal_nfc ))))
|
|
(typeattribute base_typeattr_124)
|
|
(typeattributeset base_typeattr_124 (and (hal_nfc_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_123)
|
|
(typeattributeset base_typeattr_123 (and (hal_neuralnetworks_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_122)
|
|
(typeattributeset base_typeattr_122 (and (hal_neuralnetworks_server ) (not (hal_neuralnetworks ))))
|
|
(typeattribute base_typeattr_121)
|
|
(typeattributeset base_typeattr_121 (and (hal_neuralnetworks_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_120)
|
|
(typeattributeset base_typeattr_120 (and (hal_memtrack_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_119)
|
|
(typeattributeset base_typeattr_119 (and (hal_memtrack_server ) (not (hal_memtrack ))))
|
|
(typeattribute base_typeattr_118)
|
|
(typeattributeset base_typeattr_118 (and (hal_memtrack_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_117)
|
|
(typeattributeset base_typeattr_117 (and (hal_macsec_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_116)
|
|
(typeattributeset base_typeattr_116 (and (hal_macsec_server ) (not (hal_macsec ))))
|
|
(typeattribute base_typeattr_115)
|
|
(typeattributeset base_typeattr_115 (and (hal_macsec_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_114)
|
|
(typeattributeset base_typeattr_114 (and (hal_lowpan_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_113)
|
|
(typeattributeset base_typeattr_113 (and (hal_lowpan_server ) (not (hal_lowpan ))))
|
|
(typeattribute base_typeattr_112)
|
|
(typeattributeset base_typeattr_112 (and (hal_lowpan_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_111)
|
|
(typeattributeset base_typeattr_111 (and (hal_light_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_110)
|
|
(typeattributeset base_typeattr_110 (and (hal_light_server ) (not (hal_light ))))
|
|
(typeattribute base_typeattr_109)
|
|
(typeattributeset base_typeattr_109 (and (hal_light_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_108)
|
|
(typeattributeset base_typeattr_108 (and (hal_keymint_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_107)
|
|
(typeattributeset base_typeattr_107 (and (hal_keymint_server ) (not (hal_keymint ))))
|
|
(typeattribute base_typeattr_106)
|
|
(typeattributeset base_typeattr_106 (and (hal_keymint_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_105)
|
|
(typeattributeset base_typeattr_105 (and (hal_keymaster_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_104)
|
|
(typeattributeset base_typeattr_104 (and (hal_keymaster_server ) (not (hal_keymaster ))))
|
|
(typeattribute base_typeattr_103)
|
|
(typeattributeset base_typeattr_103 (and (hal_keymaster_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_102)
|
|
(typeattributeset base_typeattr_102 (and (hal_ivn_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_101)
|
|
(typeattributeset base_typeattr_101 (and (hal_ivn_server ) (not (hal_ivn ))))
|
|
(typeattribute base_typeattr_100)
|
|
(typeattributeset base_typeattr_100 (and (hal_ivn_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_99)
|
|
(typeattributeset base_typeattr_99 (and (hal_ir_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_98)
|
|
(typeattributeset base_typeattr_98 (and (hal_ir_server ) (not (hal_ir ))))
|
|
(typeattribute base_typeattr_97)
|
|
(typeattributeset base_typeattr_97 (and (hal_ir_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_96)
|
|
(typeattributeset base_typeattr_96 (and (hal_input_processor_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_95)
|
|
(typeattributeset base_typeattr_95 (and (hal_input_processor_server ) (not (hal_input_processor ))))
|
|
(typeattribute base_typeattr_94)
|
|
(typeattributeset base_typeattr_94 (and (hal_input_processor_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_93)
|
|
(typeattributeset base_typeattr_93 (and (hal_input_classifier_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_92)
|
|
(typeattributeset base_typeattr_92 (and (hal_input_classifier_server ) (not (hal_input_classifier ))))
|
|
(typeattribute base_typeattr_91)
|
|
(typeattributeset base_typeattr_91 (and (hal_input_classifier_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_90)
|
|
(typeattributeset base_typeattr_90 (and (hal_identity_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_89)
|
|
(typeattributeset base_typeattr_89 (and (hal_identity_server ) (not (hal_identity ))))
|
|
(typeattribute base_typeattr_88)
|
|
(typeattributeset base_typeattr_88 (and (hal_identity_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_87)
|
|
(typeattributeset base_typeattr_87 (and (hal_health_storage_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_86)
|
|
(typeattributeset base_typeattr_86 (and (hal_health_storage_server ) (not (hal_health_storage ))))
|
|
(typeattribute base_typeattr_85)
|
|
(typeattributeset base_typeattr_85 (and (hal_health_storage_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_84)
|
|
(typeattributeset base_typeattr_84 (and (hal_health_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_83)
|
|
(typeattributeset base_typeattr_83 (and (hal_health_server ) (not (hal_health ))))
|
|
(typeattribute base_typeattr_82)
|
|
(typeattributeset base_typeattr_82 (and (hal_health_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_81)
|
|
(typeattributeset base_typeattr_81 (and (hal_graphics_composer_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_80)
|
|
(typeattributeset base_typeattr_80 (and (hal_graphics_composer_server ) (not (hal_graphics_composer ))))
|
|
(typeattribute base_typeattr_79)
|
|
(typeattributeset base_typeattr_79 (and (hal_graphics_composer_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_78)
|
|
(typeattributeset base_typeattr_78 (and (hal_graphics_allocator_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_77)
|
|
(typeattributeset base_typeattr_77 (and (hal_graphics_allocator_server ) (not (hal_graphics_allocator ))))
|
|
(typeattribute base_typeattr_76)
|
|
(typeattributeset base_typeattr_76 (and (hal_graphics_allocator_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_75)
|
|
(typeattributeset base_typeattr_75 (and (hal_gnss_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_74)
|
|
(typeattributeset base_typeattr_74 (and (hal_gnss_server ) (not (hal_gnss ))))
|
|
(typeattribute base_typeattr_73)
|
|
(typeattributeset base_typeattr_73 (and (hal_gnss_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_72)
|
|
(typeattributeset base_typeattr_72 (and (hal_gatekeeper_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_71)
|
|
(typeattributeset base_typeattr_71 (and (hal_gatekeeper_server ) (not (hal_gatekeeper ))))
|
|
(typeattribute base_typeattr_70)
|
|
(typeattributeset base_typeattr_70 (and (hal_gatekeeper_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_69)
|
|
(typeattributeset base_typeattr_69 (and (hal_fingerprint_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_68)
|
|
(typeattributeset base_typeattr_68 (and (hal_fingerprint_server ) (not (hal_fingerprint ))))
|
|
(typeattribute base_typeattr_67)
|
|
(typeattributeset base_typeattr_67 (and (hal_fingerprint_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_66)
|
|
(typeattributeset base_typeattr_66 (and (hal_fastboot_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_65)
|
|
(typeattributeset base_typeattr_65 (and (hal_fastboot_server ) (not (hal_fastboot ))))
|
|
(typeattribute base_typeattr_64)
|
|
(typeattributeset base_typeattr_64 (and (hal_fastboot_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_63)
|
|
(typeattributeset base_typeattr_63 (and (hal_face_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_62)
|
|
(typeattributeset base_typeattr_62 (and (hal_face_server ) (not (hal_face ))))
|
|
(typeattribute base_typeattr_61)
|
|
(typeattributeset base_typeattr_61 (and (hal_face_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_60)
|
|
(typeattributeset base_typeattr_60 (and (hal_evs_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_59)
|
|
(typeattributeset base_typeattr_59 (and (hal_evs_server ) (not (hal_evs ))))
|
|
(typeattribute base_typeattr_58)
|
|
(typeattributeset base_typeattr_58 (and (hal_evs_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_57)
|
|
(typeattributeset base_typeattr_57 (and (hal_dumpstate_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_56)
|
|
(typeattributeset base_typeattr_56 (and (hal_dumpstate_server ) (not (hal_dumpstate ))))
|
|
(typeattribute base_typeattr_55)
|
|
(typeattributeset base_typeattr_55 (and (hal_dumpstate_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_54)
|
|
(typeattributeset base_typeattr_54 (and (hal_drm_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_53)
|
|
(typeattributeset base_typeattr_53 (and (hal_drm_server ) (not (hal_drm ))))
|
|
(typeattribute base_typeattr_52)
|
|
(typeattributeset base_typeattr_52 (and (hal_drm_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_51)
|
|
(typeattributeset base_typeattr_51 (and (hal_contexthub_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_50)
|
|
(typeattributeset base_typeattr_50 (and (hal_contexthub_server ) (not (hal_contexthub ))))
|
|
(typeattribute base_typeattr_49)
|
|
(typeattributeset base_typeattr_49 (and (hal_contexthub_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_48)
|
|
(typeattributeset base_typeattr_48 (and (hal_confirmationui_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_47)
|
|
(typeattributeset base_typeattr_47 (and (hal_confirmationui_server ) (not (hal_confirmationui ))))
|
|
(typeattribute base_typeattr_46)
|
|
(typeattributeset base_typeattr_46 (and (hal_confirmationui_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_45)
|
|
(typeattributeset base_typeattr_45 (and (hal_configstore_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_44)
|
|
(typeattributeset base_typeattr_44 (and (hal_configstore_server ) (not (hal_configstore ))))
|
|
(typeattribute base_typeattr_43)
|
|
(typeattributeset base_typeattr_43 (and (hal_configstore_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_42)
|
|
(typeattributeset base_typeattr_42 (and (hal_codec2_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_41)
|
|
(typeattributeset base_typeattr_41 (and (hal_codec2_server ) (not (hal_codec2 ))))
|
|
(typeattribute base_typeattr_40)
|
|
(typeattributeset base_typeattr_40 (and (hal_codec2_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_39)
|
|
(typeattributeset base_typeattr_39 (and (hal_cas_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_38)
|
|
(typeattributeset base_typeattr_38 (and (hal_cas_server ) (not (hal_cas ))))
|
|
(typeattribute base_typeattr_37)
|
|
(typeattributeset base_typeattr_37 (and (hal_cas_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_36)
|
|
(typeattributeset base_typeattr_36 (and (hal_can_controller_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_35)
|
|
(typeattributeset base_typeattr_35 (and (hal_can_controller_server ) (not (hal_can_controller ))))
|
|
(typeattribute base_typeattr_34)
|
|
(typeattributeset base_typeattr_34 (and (hal_can_controller_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_33)
|
|
(typeattributeset base_typeattr_33 (and (hal_can_bus_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_32)
|
|
(typeattributeset base_typeattr_32 (and (hal_can_bus_server ) (not (hal_can_bus ))))
|
|
(typeattribute base_typeattr_31)
|
|
(typeattributeset base_typeattr_31 (and (hal_can_bus_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_30)
|
|
(typeattributeset base_typeattr_30 (and (hal_camera_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_29)
|
|
(typeattributeset base_typeattr_29 (and (hal_camera_server ) (not (hal_camera ))))
|
|
(typeattribute base_typeattr_28)
|
|
(typeattributeset base_typeattr_28 (and (hal_camera_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_27)
|
|
(typeattributeset base_typeattr_27 (and (hal_broadcastradio_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_26)
|
|
(typeattributeset base_typeattr_26 (and (hal_broadcastradio_server ) (not (hal_broadcastradio ))))
|
|
(typeattribute base_typeattr_25)
|
|
(typeattributeset base_typeattr_25 (and (hal_broadcastradio_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_24)
|
|
(typeattributeset base_typeattr_24 (and (hal_bootctl_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_23)
|
|
(typeattributeset base_typeattr_23 (and (hal_bootctl_server ) (not (hal_bootctl ))))
|
|
(typeattribute base_typeattr_22)
|
|
(typeattributeset base_typeattr_22 (and (hal_bootctl_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_21)
|
|
(typeattributeset base_typeattr_21 (and (hal_bluetooth_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_20)
|
|
(typeattributeset base_typeattr_20 (and (hal_bluetooth_server ) (not (hal_bluetooth ))))
|
|
(typeattribute base_typeattr_19)
|
|
(typeattributeset base_typeattr_19 (and (hal_bluetooth_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_18)
|
|
(typeattributeset base_typeattr_18 (and (hal_authsecret_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_17)
|
|
(typeattributeset base_typeattr_17 (and (hal_authsecret_server ) (not (hal_authsecret ))))
|
|
(typeattribute base_typeattr_16)
|
|
(typeattributeset base_typeattr_16 (and (hal_authsecret_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_15)
|
|
(typeattributeset base_typeattr_15 (and (hal_authgraph_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_14)
|
|
(typeattributeset base_typeattr_14 (and (hal_authgraph_server ) (not (hal_authgraph ))))
|
|
(typeattribute base_typeattr_13)
|
|
(typeattributeset base_typeattr_13 (and (hal_authgraph_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_12)
|
|
(typeattributeset base_typeattr_12 (and (hal_audiocontrol_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_11)
|
|
(typeattributeset base_typeattr_11 (and (hal_audiocontrol_server ) (not (hal_audiocontrol ))))
|
|
(typeattribute base_typeattr_10)
|
|
(typeattributeset base_typeattr_10 (and (hal_audiocontrol_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_9)
|
|
(typeattributeset base_typeattr_9 (and (hal_audio_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_8)
|
|
(typeattributeset base_typeattr_8 (and (hal_audio_server ) (not (hal_audio ))))
|
|
(typeattribute base_typeattr_7)
|
|
(typeattributeset base_typeattr_7 (and (hal_audio_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_6)
|
|
(typeattributeset base_typeattr_6 (and (hal_atrace_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_5)
|
|
(typeattributeset base_typeattr_5 (and (hal_atrace_server ) (not (hal_atrace ))))
|
|
(typeattribute base_typeattr_4)
|
|
(typeattributeset base_typeattr_4 (and (hal_atrace_server ) (not (halserverdomain ))))
|
|
(typeattribute base_typeattr_3)
|
|
(typeattributeset base_typeattr_3 (and (hal_allocator_client ) (not (halclientdomain ))))
|
|
(typeattribute base_typeattr_2)
|
|
(typeattributeset base_typeattr_2 (and (hal_allocator_server ) (not (hal_allocator ))))
|
|
(typeattribute base_typeattr_1)
|
|
(typeattributeset base_typeattr_1 (and (hal_allocator_server ) (not (halserverdomain ))))
|
|
; THIS IS A WORKAROUND for the current limitations of the module policy language
|
|
; This should be used sparingly until we figure out a saner way to achieve the
|
|
; stuff below, for example, by improving typeattribute statement of module
|
|
; language.
|
|
;
|
|
; NOTE: This file has no effect on recovery policy.
|
|
|
|
; Apps, except isolated apps, are clients of Allocator HAL
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute { appdomain -isolated_app_all } hal_allocator_client;
|
|
; typeattribute hal_allocator_client halclientdomain;
|
|
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app_all))))))
|
|
(typeattributeset halclientdomain (hal_allocator_client))
|
|
|
|
; Apps, except isolated apps, are clients of OMX-related services
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
; Apps, except isolated apps, are clients of Codec2-related services
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
; Apps, except isolated apps and SDK sandboxes, are clients of Drm-related services
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app_all) (sdk_sandbox_all)))))))
|
|
|
|
; Apps, except isolated apps, are clients of Configstore HAL
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute { appdomain -isolated_app_all } hal_configstore_client;
|
|
(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app_all))))))
|
|
|
|
; Apps, except isolated apps, are clients of Graphics Allocator HAL
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
|
|
(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
; Apps, except isolated apps, are clients of Cas HAL
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute { appdomain -isolated_app_all } hal_cas_client;
|
|
(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app_all))))))
|
|
|
|
; Domains hosting Camera HAL implementations are clients of Allocator HAL
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute hal_camera hal_allocator_client;
|
|
(typeattributeset hal_allocator_client (hal_camera))
|
|
|
|
; Apps, except isolated apps, are clients of Neuralnetworks HAL
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute { appdomain -isolated_app_all } hal_neuralnetworks_client;
|
|
(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
|
|
|
|
; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
|
|
; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
|
|
; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
|
|
(typeattribute untrusted_app_visible_hwservice)
|
|
(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
|
|
(typeattribute untrusted_app_visible_halserver)
|
|
(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
|
|
|
|
; Properties having both system_property_type and vendor_property_type are illegal
|
|
; Unfortunately, we can't currently express this in module policy language:
|
|
; typeattribute { system_property_type && vendor_property_type } system_and_vendor_property_type;
|
|
(typeattribute system_and_vendor_property_type)
|
|
(typeattributeset system_and_vendor_property_type ((and (system_property_type) (vendor_property_type))))
|