7ad383f181
Without this, we only have visibility into writes. Looking at traces, we realised for many of the files we care about (.dex, .apk) most filesystem events are actually reads. See aosp/661782 for matching filesystem permission change. Bug: 73625480 Change-Id: I6ec71d82fad8f4679c7b7d38e3cb90aff0b9e298
250 lines
19 KiB
Text
250 lines
19 KiB
Text
# Label inodes with the fs label.
|
|
genfscon rootfs / u:object_r:rootfs:s0
|
|
# proc labeling can be further refined (longest matching prefix).
|
|
genfscon proc / u:object_r:proc:s0
|
|
genfscon proc /asound u:object_r:proc_asound:s0
|
|
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
|
|
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
|
genfscon proc /config.gz u:object_r:config_gz:s0
|
|
genfscon proc /diskstats u:object_r:proc_diskstats:s0
|
|
genfscon proc /filesystems u:object_r:proc_filesystems:s0
|
|
genfscon proc /interrupts u:object_r:proc_interrupts:s0
|
|
genfscon proc /iomem u:object_r:proc_iomem:s0
|
|
genfscon proc /kmsg u:object_r:proc_kmsg:s0
|
|
genfscon proc /loadavg u:object_r:proc_loadavg:s0
|
|
genfscon proc /meminfo u:object_r:proc_meminfo:s0
|
|
genfscon proc /misc u:object_r:proc_misc:s0
|
|
genfscon proc /modules u:object_r:proc_modules:s0
|
|
genfscon proc /mounts u:object_r:proc_mounts:s0
|
|
genfscon proc /net u:object_r:proc_net:s0
|
|
genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
|
|
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
|
|
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
|
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
|
|
genfscon proc /softirqs u:object_r:proc_timer:s0
|
|
genfscon proc /stat u:object_r:proc_stat:s0
|
|
genfscon proc /swaps u:object_r:proc_swaps:s0
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
|
|
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
|
|
genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
|
|
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
|
|
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
|
|
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
|
|
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
|
|
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
|
|
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
|
|
genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
|
|
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
|
|
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
|
|
genfscon proc /sys/net u:object_r:proc_net:s0
|
|
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
|
|
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
|
|
genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0
|
|
genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0
|
|
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
|
|
genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
|
|
genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
|
|
genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
|
|
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
|
|
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
|
|
genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
|
|
genfscon proc /timer_list u:object_r:proc_timer:s0
|
|
genfscon proc /timer_stats u:object_r:proc_timer:s0
|
|
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
|
|
genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
|
|
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
|
|
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
|
|
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
|
|
genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
|
|
genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
|
|
genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0
|
|
genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0
|
|
genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0
|
|
genfscon proc /uptime u:object_r:proc_uptime:s0
|
|
genfscon proc /version u:object_r:proc_version:s0
|
|
genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
|
|
genfscon proc /vmstat u:object_r:proc_vmstat:s0
|
|
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
|
|
|
|
# selinuxfs booleans can be individually labeled.
|
|
genfscon selinuxfs / u:object_r:selinuxfs:s0
|
|
genfscon cgroup / u:object_r:cgroup:s0
|
|
genfscon cgroup2 / u:object_r:cgroup_bpf:s0
|
|
# sysfs labels can be set by userspace.
|
|
genfscon sysfs / u:object_r:sysfs:s0
|
|
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
|
|
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
|
|
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
|
|
genfscon sysfs /class/net u:object_r:sysfs_net:s0
|
|
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
|
|
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
|
|
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
|
|
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
|
|
genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
|
|
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
|
|
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
|
|
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
|
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
|
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
|
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
|
|
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
|
|
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
|
|
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
|
|
genfscon sysfs /power/state u:object_r:sysfs_power:s0
|
|
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
|
|
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
|
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
|
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
|
|
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
|
|
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
|
|
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
|
|
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
|
|
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
|
|
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
|
|
|
|
genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
|
|
genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs / u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/tracing_on u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /trace u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
|
|
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
|
|
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
|
genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
|
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
|
|
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
|
|
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
|
|
|
|
genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/workqueue/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/regulator/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/pagecache/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/irq/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/ipi/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon tracefs /events/sync/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/workqueue/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/regulator/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/pagecache/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/irq/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/ipi/ u:object_r:debugfs_tracing_debug:s0
|
|
genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
|
genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
|
genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
|
|
|
genfscon inotifyfs / u:object_r:inotify:s0
|
|
genfscon vfat / u:object_r:vfat:s0
|
|
genfscon debugfs / u:object_r:debugfs:s0
|
|
genfscon fuse / u:object_r:fuse:s0
|
|
genfscon configfs / u:object_r:configfs:s0
|
|
genfscon sdcardfs / u:object_r:sdcardfs:s0
|
|
genfscon esdfs / u:object_r:sdcardfs:s0
|
|
genfscon pstore / u:object_r:pstorefs:s0
|
|
genfscon functionfs / u:object_r:functionfs:s0
|
|
genfscon usbfs / u:object_r:usbfs:s0
|
|
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
|
|
genfscon bpf / u:object_r:fs_bpf:s0
|