b469c30069
We're adding support for OEMs to ship exFAT, which behaves identical to vfat. Some rules have been manually enumerating labels related to these "public" volumes, so unify them all behind "sdcard_type". Test: atest Bug: 67822822 Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
242 lines
18 KiB
Text
242 lines
18 KiB
Text
# Label inodes with the fs label.
|
|
genfscon rootfs / u:object_r:rootfs:s0
|
|
# proc labeling can be further refined (longest matching prefix).
|
|
genfscon proc / u:object_r:proc:s0
|
|
genfscon proc /asound u:object_r:proc_asound:s0
|
|
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
|
|
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
|
genfscon proc /config.gz u:object_r:config_gz:s0
|
|
genfscon proc /diskstats u:object_r:proc_diskstats:s0
|
|
genfscon proc /filesystems u:object_r:proc_filesystems:s0
|
|
genfscon proc /interrupts u:object_r:proc_interrupts:s0
|
|
genfscon proc /iomem u:object_r:proc_iomem:s0
|
|
genfscon proc /kmsg u:object_r:proc_kmsg:s0
|
|
genfscon proc /loadavg u:object_r:proc_loadavg:s0
|
|
genfscon proc /meminfo u:object_r:proc_meminfo:s0
|
|
genfscon proc /misc u:object_r:proc_misc:s0
|
|
genfscon proc /modules u:object_r:proc_modules:s0
|
|
genfscon proc /mounts u:object_r:proc_mounts:s0
|
|
genfscon proc /net u:object_r:proc_net:s0
|
|
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
|
|
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
|
|
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
|
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
|
|
genfscon proc /softirqs u:object_r:proc_timer:s0
|
|
genfscon proc /stat u:object_r:proc_stat:s0
|
|
genfscon proc /swaps u:object_r:proc_swaps:s0
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
|
|
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
|
|
genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
|
|
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
|
|
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
|
|
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
|
|
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
|
|
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
|
|
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
|
|
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/net u:object_r:proc_net:s0
|
|
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
|
|
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
|
|
genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0
|
|
genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0
|
|
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
|
|
genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
|
|
genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
|
|
genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
|
|
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
|
|
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
|
|
genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
|
|
genfscon proc /timer_list u:object_r:proc_timer:s0
|
|
genfscon proc /timer_stats u:object_r:proc_timer:s0
|
|
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
|
|
genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
|
|
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
|
|
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
|
|
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
|
|
genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
|
|
genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
|
|
genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0
|
|
genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0
|
|
genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0
|
|
genfscon proc /uptime u:object_r:proc_uptime:s0
|
|
genfscon proc /version u:object_r:proc_version:s0
|
|
genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
|
|
genfscon proc /vmstat u:object_r:proc_vmstat:s0
|
|
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
|
|
|
|
# selinuxfs booleans can be individually labeled.
|
|
genfscon selinuxfs / u:object_r:selinuxfs:s0
|
|
genfscon cgroup / u:object_r:cgroup:s0
|
|
genfscon cgroup2 / u:object_r:cgroup_bpf:s0
|
|
# sysfs labels can be set by userspace.
|
|
genfscon sysfs / u:object_r:sysfs:s0
|
|
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
|
|
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
|
|
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
|
|
genfscon sysfs /class/net u:object_r:sysfs_net:s0
|
|
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
|
|
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
|
|
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
|
|
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
|
|
genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
|
|
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
|
|
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
|
|
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
|
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
|
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
|
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
|
|
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
|
|
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
|
|
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
|
|
genfscon sysfs /power/state u:object_r:sysfs_power:s0
|
|
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
|
|
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
|
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
|
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
|
|
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
|
|
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
|
|
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
|
|
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
|
|
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
|
|
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
|
|
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
|
|
|
|
genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
|
|
genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs / u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/tracing_on u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /trace u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
|
|
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
|
|
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
|
genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
|
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
|
|
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
|
|
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
|
|
|
|
genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/workqueue/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/regulator/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/pagecache/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/irq/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/ipi/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon tracefs /events/sync/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/workqueue/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/regulator/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/pagecache/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/irq/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/ipi/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon inotifyfs / u:object_r:inotify:s0
|
|
genfscon vfat / u:object_r:vfat:s0
|
|
genfscon exfat / u:object_r:exfat:s0
|
|
genfscon debugfs / u:object_r:debugfs:s0
|
|
genfscon fuse / u:object_r:fuse:s0
|
|
genfscon configfs / u:object_r:configfs:s0
|
|
genfscon sdcardfs / u:object_r:sdcardfs:s0
|
|
genfscon esdfs / u:object_r:sdcardfs:s0
|
|
genfscon pstore / u:object_r:pstorefs:s0
|
|
genfscon functionfs / u:object_r:functionfs:s0
|
|
genfscon usbfs / u:object_r:usbfs:s0
|
|
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
|
|
genfscon bpf / u:object_r:fs_bpf:s0
|