172 lines
7.7 KiB
Text
172 lines
7.7 KiB
Text
###########################################
|
|
# Root
|
|
/ u:object_r:rootfs:s0
|
|
|
|
# Data files
|
|
/build\.prop u:object_r:rootfs:s0
|
|
/init\..* u:object_r:rootfs:s0
|
|
|
|
# Executables
|
|
/init u:object_r:init_exec:s0
|
|
|
|
# For kernel modules
|
|
/lib(/.*)? u:object_r:rootfs:s0
|
|
|
|
# Empty directories
|
|
/lost\+found u:object_r:rootfs:s0
|
|
/debug_ramdisk u:object_r:tmpfs:s0
|
|
/mnt u:object_r:tmpfs:s0
|
|
/proc u:object_r:rootfs:s0
|
|
/second_stage_resources u:object_r:tmpfs:s0
|
|
/sys u:object_r:sysfs:s0
|
|
/apex u:object_r:apex_mnt_dir:s0
|
|
|
|
/apex/(\.(bootstrap|default)-)?apex-info-list.xml u:object_r:apex_info_file:s0
|
|
|
|
# Symlinks
|
|
/bin u:object_r:rootfs:s0
|
|
/d u:object_r:rootfs:s0
|
|
/etc u:object_r:rootfs:s0
|
|
|
|
##########################
|
|
# Devices
|
|
#
|
|
/dev(/.*)? u:object_r:device:s0
|
|
/dev/ashmem u:object_r:ashmem_device:s0
|
|
/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0
|
|
/dev/binder u:object_r:binder_device:s0
|
|
/dev/block(/.*)? u:object_r:block_device:s0
|
|
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
|
|
/dev/block/loop[0-9]* u:object_r:loop_device:s0
|
|
/dev/block/vd[a-z][0-9]* u:object_r:vd_device:s0
|
|
/dev/block/ram[0-9]* u:object_r:ram_device:s0
|
|
/dev/block/zram[0-9]* u:object_r:ram_device:s0
|
|
/dev/console u:object_r:console_device:s0
|
|
/dev/dma_heap(/.*)? u:object_r:dmabuf_heap_device:s0
|
|
/dev/dma_heap/system u:object_r:dmabuf_system_heap_device:s0
|
|
/dev/dma_heap/system-uncached u:object_r:dmabuf_system_heap_device:s0
|
|
/dev/dma_heap/system-secure(.*) u:object_r:dmabuf_system_secure_heap_device:s0
|
|
/dev/dm-user(/.*)? u:object_r:dm_user_device:s0
|
|
/dev/device-mapper u:object_r:dm_device:s0
|
|
/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0
|
|
/dev/cgroup_info(/.*)? u:object_r:cgroup_rc_file:s0
|
|
/dev/fuse u:object_r:fuse_device:s0
|
|
/dev/hvc0 u:object_r:serial_device:s0
|
|
/dev/hvc1 u:object_r:serial_device:s0
|
|
/dev/hvc2 u:object_r:log_device:s0
|
|
/dev/hw_random u:object_r:hw_random_device:s0
|
|
/dev/hwbinder u:object_r:hwbinder_device:s0
|
|
/dev/loop-control u:object_r:loop_control_device:s0
|
|
/dev/ppp u:object_r:ppp_device:s0
|
|
/dev/ptmx u:object_r:ptmx_device:s0
|
|
/dev/kmsg u:object_r:kmsg_device:s0
|
|
/dev/kmsg_debug u:object_r:kmsg_debug_device:s0
|
|
/dev/kvm u:object_r:kvm_device:s0
|
|
/dev/null u:object_r:null_device:s0
|
|
/dev/open-dice0 u:object_r:open_dice_device:s0
|
|
/dev/random u:object_r:random_device:s0
|
|
/dev/rtc[0-9] u:object_r:rtc_device:s0
|
|
/dev/socket(/.*)? u:object_r:socket_device:s0
|
|
/dev/socket/adbd u:object_r:adbd_socket:s0
|
|
/dev/socket/property_service u:object_r:property_socket:s0
|
|
/dev/socket/statsdw u:object_r:statsdw_socket:s0
|
|
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
|
|
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
|
|
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
|
|
/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
|
|
/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
|
|
/dev/sys/block/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
|
|
/dev/sys/fs/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
|
|
/dev/tty u:object_r:owntty_device:s0
|
|
/dev/tty[0-9]* u:object_r:tty_device:s0
|
|
/dev/ttyS[0-9]* u:object_r:serial_device:s0
|
|
/dev/tun u:object_r:tun_device:s0
|
|
/dev/uhid u:object_r:uhid_device:s0
|
|
/dev/uinput u:object_r:uhid_device:s0
|
|
/dev/uio[0-9]* u:object_r:uio_device:s0
|
|
/dev/urandom u:object_r:random_device:s0
|
|
/dev/vhost-vsock u:object_r:kvm_device:s0
|
|
/dev/vndbinder u:object_r:vndbinder_device:s0
|
|
/dev/vsock u:object_r:vsock_device:s0
|
|
/dev/zero u:object_r:zero_device:s0
|
|
/dev/__properties__ u:object_r:properties_device:s0
|
|
/dev/__properties__/property_info u:object_r:property_info:s0
|
|
#############################
|
|
# Linker configuration
|
|
#
|
|
/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
|
|
#############################
|
|
# System files
|
|
#
|
|
/system(/.*)? u:object_r:system_file:s0
|
|
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
|
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
|
|
/system/bin/apexd u:object_r:apexd_exec:s0
|
|
/system/bin/tombstone_transmit.microdroid u:object_r:tombstone_transmit_exec:s0
|
|
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
|
|
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
|
|
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
|
|
/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
|
|
/system/bin/init u:object_r:init_exec:s0
|
|
/system/bin/logcat -- u:object_r:logcat_exec:s0
|
|
/system/bin/logd u:object_r:logd_exec:s0
|
|
/system/bin/sh -- u:object_r:shell_exec:s0
|
|
/system/bin/tombstoned.microdroid u:object_r:tombstoned_exec:s0
|
|
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
|
|
/system/bin/toybox -- u:object_r:toolbox_exec:s0
|
|
/system/bin/zipfuse u:object_r:zipfuse_exec:s0
|
|
/system/bin/microdroid_launcher u:object_r:microdroid_app_exec:s0
|
|
/system/bin/microdroid_manager u:object_r:microdroid_manager_exec:s0
|
|
/system/bin/apkdmverity u:object_r:apkdmverity_exec:s0
|
|
/system/bin/authfs u:object_r:authfs_exec:s0
|
|
/system/bin/authfs_service u:object_r:authfs_service_exec:s0
|
|
/system/bin/encryptedstore u:object_r:encryptedstore_exec:s0
|
|
/system/bin/mke2fs u:object_r:e2fs_exec:s0
|
|
/system/bin/kexec_load u:object_r:kexec_exec:s0
|
|
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
|
|
/system/etc/task_profiles/cgroups_[0-9]+\.json u:object_r:cgroup_desc_api_file:s0
|
|
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
|
|
/system/etc/group u:object_r:system_group_file:s0
|
|
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
|
|
/system/etc/passwd u:object_r:system_passwd_file:s0
|
|
/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
|
|
/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
|
|
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
|
|
/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
|
|
/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0
|
|
/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0
|
|
/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
|
|
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
|
|
/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0
|
|
/system/etc/task_profiles/task_profiles_[0-9]+\.json u:object_r:task_profiles_api_file:s0
|
|
|
|
#############################
|
|
# Vendor files
|
|
#
|
|
/vendor(/.*)? u:object_r:vendor_file:s0
|
|
/vendor/etc(/.*)? u:object_r:vendor_configs_file:s0
|
|
/vendor/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0
|
|
|
|
#############################
|
|
# Data files
|
|
#
|
|
# NOTE: When modifying existing label rules, changes may also need to
|
|
# propagate to the "Expanded data files" section.
|
|
#
|
|
/data u:object_r:system_data_root_file:s0
|
|
/data/(.*)? u:object_r:system_data_file:s0
|
|
/data/local/tests(/.*)? u:object_r:shell_test_data_file:s0
|
|
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
|
|
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
|
|
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
|
|
/data/misc/authfs(/.*)? u:object_r:authfs_data_file:s0
|
|
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
|
|
/data/vendor(/.*)? u:object_r:vendor_data_file:s0
|
|
|
|
# microdroid doesn't use anr, but tombstoned tries to read this.
|
|
# So marking /data/anr as tombstone_data_file
|
|
/data/anr(/.*)? u:object_r:tombstone_data_file:s0
|
|
|
|
#############################
|
|
# Directory for extra apks
|
|
/mnt/extra-apk u:object_r:extra_apk_file:s0
|