c4a3b51062
Otherwise the following denials occur on mako:
<5>[ 2.494246] type=1400 audit(1382544550.200:4): avc: denied { associate } for pid=1 comm="init" name="time_in_state" dev="sysfs" ino=17444 scontext=u:object_r:sy
sfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[ 2.494735] type=1400 audit(1382544550.200:5): avc: denied { associate } for pid=1 comm="init" name="total_trans" dev="sysfs" ino=17443 scontext=u:object_r:sysf
s_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[ 2.495162] type=1400 audit(1382544550.200:6): avc: denied { associate } for pid=1 comm="init" name="stats" dev="sysfs" ino=17442 scontext=u:object_r:sysfs_devi
ces_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[ 2.495620] type=1400 audit(1382544550.200:7): avc: denied { associate } for pid=1 comm="init" name="scaling_governor" dev="sysfs" ino=17435 scontext=u:object_r
:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[ 2.496047] type=1400 audit(1382544550.200:8): avc: denied { associate } for pid=1 comm="init" name="cpuinfo_transition_latency" dev="sysfs" ino=17429 scontext=
u:object_r:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[ 2.496505] type=1400 audit(1382544550.200:9): avc: denied { associate } for pid=1 comm="init" name="scaling_available_frequencies" dev="sysfs" ino=17439 sconte
xt=u:object_r:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[ 2.496963] type=1400 audit(1382544550.200:10): avc: denied { associate } for pid=1 comm="init" name="scaling_driver" dev="sysfs" ino=17436 scontext=u:object_r:
sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
Change-Id: I584a1cf61cb871a38be4d3b308cef03e64cfda8e
117 lines
4.3 KiB
Text
117 lines
4.3 KiB
Text
# Filesystem types
|
|
type labeledfs, fs_type;
|
|
type pipefs, fs_type;
|
|
type sockfs, fs_type;
|
|
type rootfs, fs_type;
|
|
type proc, fs_type;
|
|
type qtaguid_proc, fs_type, mlstrustedobject;
|
|
type proc_bluetooth_writable, fs_type;
|
|
type selinuxfs, fs_type;
|
|
type cgroup, fs_type, mlstrustedobject;
|
|
type sysfs, fs_type, mlstrustedobject;
|
|
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
|
|
type sysfs_wake_lock, fs_type, sysfs_type;
|
|
# /sys/devices/system/cpu
|
|
type sysfs_devices_system_cpu, fs_type, sysfs_type;
|
|
type inotify, fs_type, mlstrustedobject;
|
|
type devpts, fs_type, mlstrustedobject;
|
|
type tmpfs, fs_type;
|
|
type shm, fs_type;
|
|
type mqueue, fs_type;
|
|
type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
|
|
type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
|
|
type debugfs, fs_type, mlstrustedobject;
|
|
|
|
# File types
|
|
type unlabeled, file_type;
|
|
# Default type for anything under /system.
|
|
type system_file, file_type;
|
|
# Default type for anything under /data.
|
|
type system_data_file, file_type, data_file_type;
|
|
# /data/drm - DRM plugin data
|
|
type drm_data_file, file_type, data_file_type;
|
|
# /data/anr - ANR traces
|
|
type anr_data_file, file_type, data_file_type, mlstrustedobject;
|
|
# /data/tombstones - core dumps
|
|
type tombstone_data_file, file_type, data_file_type;
|
|
# /data/app - user-installed apps
|
|
type apk_data_file, file_type, data_file_type;
|
|
type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
|
|
# /data/app-private - forward-locked apps
|
|
type apk_private_data_file, file_type, data_file_type;
|
|
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
|
|
# /data/dalvik-cache
|
|
type dalvikcache_data_file, file_type, data_file_type;
|
|
# /data/local - writable by shell
|
|
type shell_data_file, file_type, data_file_type;
|
|
# /data/gps
|
|
type gps_data_file, file_type, data_file_type;
|
|
# /data/misc subdirectories
|
|
type bluetooth_data_file, file_type, data_file_type;
|
|
type keystore_data_file, file_type, data_file_type;
|
|
type vpn_data_file, file_type, data_file_type;
|
|
type systemkeys_data_file, file_type, data_file_type;
|
|
type wifi_data_file, file_type, data_file_type;
|
|
type radio_data_file, file_type, data_file_type;
|
|
type nfc_data_file, file_type, data_file_type;
|
|
type camera_calibration_file, file_type, data_file_type;
|
|
type adb_keys_file, file_type, data_file_type;
|
|
# /data/data subdirectories - app sandboxes
|
|
type app_data_file, file_type, data_file_type;
|
|
type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
|
|
# Default type for anything under /cache
|
|
type cache_file, file_type, mlstrustedobject;
|
|
# Type for /cache/.*\.{data|restore} and default
|
|
# type for anything under /cache/backup
|
|
type cache_backup_file, file_type, mlstrustedobject;
|
|
# Default type for anything under /efs
|
|
type efs_file, file_type;
|
|
# Type for wallpaper file.
|
|
type wallpaper_file, file_type, mlstrustedobject;
|
|
# /mnt/asec
|
|
type asec_apk_file, file_type, data_file_type;
|
|
# /data/app-asec
|
|
type asec_image_file, file_type, data_file_type;
|
|
# /data/backup and /data/secure/backup
|
|
type backup_data_file, file_type, data_file_type, mlstrustedobject;
|
|
# For /data/security
|
|
type security_file, file_type;
|
|
# All devices have bluetooth efs files. But they
|
|
# vary per device, so this type is used in per
|
|
# device policy
|
|
type bluetooth_efs_file, file_type;
|
|
# Downloaded files
|
|
type download_file, file_type;
|
|
|
|
# Socket types
|
|
type adbd_socket, file_type;
|
|
type bluetooth_socket, file_type;
|
|
type dnsproxyd_socket, file_type, mlstrustedobject;
|
|
type gps_socket, file_type;
|
|
type installd_socket, file_type;
|
|
type keystore_socket, file_type;
|
|
type mdns_socket, file_type;
|
|
type netd_socket, file_type;
|
|
type property_socket, file_type;
|
|
type qemud_socket, file_type;
|
|
type racoon_socket, file_type;
|
|
type rild_socket, file_type;
|
|
type rild_debug_socket, file_type;
|
|
type system_wpa_socket, file_type;
|
|
type system_ndebug_socket, file_type;
|
|
type vold_socket, file_type;
|
|
type wpa_socket, file_type;
|
|
type zygote_socket, file_type;
|
|
|
|
# UART (for GPS) control proc file
|
|
type gps_control, file_type;
|
|
|
|
# Allow files to be created in their appropriate filesystems.
|
|
allow fs_type self:filesystem associate;
|
|
allow sysfs_type sysfs:filesystem associate;
|
|
allow file_type labeledfs:filesystem associate;
|
|
allow file_type tmpfs:filesystem associate;
|
|
allow file_type rootfs:filesystem associate;
|
|
allow dev_type tmpfs:filesystem associate;
|