| /aosp12/system/sepolicy/prebuilts/api/30.0/public/ |
| H A D | iorap_inode2filename.te | 19 allow iorap_inode2filename apex_data_file:file { getattr };
21 allow iorap_inode2filename apex_mnt_dir:file { getattr };
23 allow iorap_inode2filename apk_data_file:file { getattr };
25 allow iorap_inode2filename app_data_file:file { getattr };
33 allow iorap_inode2filename metadata_file:file { getattr };
46 allow iorap_inode2filename ringtone_file:file { getattr };
49 allow iorap_inode2filename sepolicy_file:file { getattr };
62 allow iorap_inode2filename toolbox_exec:file getattr;
66 allow iorap_inode2filename unlabeled:file { getattr };
68 allow iorap_inode2filename vendor_file:file { getattr };
[all …]
|
| H A D | mediaserver.te | 14 allow mediaserver proc:lnk_file getattr;
31 allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read wri…
40 allow mediaserver apk_data_file:file { read getattr };
41 allow mediaserver asec_apk_file:file { read getattr };
42 allow mediaserver ringtone_file:file { read getattr };
45 allow mediaserver radio_data_file:file { read getattr };
48 allow mediaserver appdomain:fifo_file { getattr read write };
58 allow mediaserver app_fuse_file:file { read getattr };
96 allow mediaserver vendor_app_file:file { read map getattr };
121 allow mediaserver preloads_media_file:file { getattr read ioctl };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/31.0/public/ |
| H A D | iorap_inode2filename.te | 19 allow iorap_inode2filename apex_data_file:file { getattr };
21 allow iorap_inode2filename apex_mnt_dir:file { getattr };
23 allow iorap_inode2filename apk_data_file:file { getattr };
27 allow iorap_inode2filename backup_data_file:file { getattr };
31 allow iorap_inode2filename metadata_file:file { getattr };
40 allow iorap_inode2filename ringtone_file:file { getattr };
43 allow iorap_inode2filename sepolicy_file:file { getattr };
54 allow iorap_inode2filename toolbox_exec:file getattr;
59 allow iorap_inode2filename unlabeled:file { getattr };
61 allow iorap_inode2filename vendor_file:file { getattr };
[all …]
|
| H A D | app.te | 30 allow appdomain dalvikcache_data_file:dir { search getattr };
139 allow appdomain icon_file:file { getattr read map };
165 allow appdomain dumpstate:fifo_file { write getattr };
166 allow appdomain shell_data_file:file { write getattr };
170 allow appdomain incidentd:fifo_file { write getattr };
245 allow appdomain cache_backup_file:dir getattr;
353 allow appdomain runas_exec:file getattr;
367 allow appdomain cache_file:dir getattr;
545 neverallow appdomain fs_type:filesystem ~getattr;
562 } input_device:chr_file ~getattr;
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/32.0/public/ |
| H A D | iorap_inode2filename.te | 19 allow iorap_inode2filename apex_data_file:file { getattr };
21 allow iorap_inode2filename apex_mnt_dir:file { getattr };
23 allow iorap_inode2filename apk_data_file:file { getattr };
27 allow iorap_inode2filename backup_data_file:file { getattr };
31 allow iorap_inode2filename metadata_file:file { getattr };
40 allow iorap_inode2filename ringtone_file:file { getattr };
43 allow iorap_inode2filename sepolicy_file:file { getattr };
54 allow iorap_inode2filename toolbox_exec:file getattr;
59 allow iorap_inode2filename unlabeled:file { getattr };
61 allow iorap_inode2filename vendor_file:file { getattr };
[all …]
|
| H A D | app.te | 30 allow appdomain dalvikcache_data_file:dir { search getattr };
139 allow appdomain icon_file:file { getattr read map };
165 allow appdomain dumpstate:fifo_file { write getattr };
166 allow appdomain shell_data_file:file { write getattr };
170 allow appdomain incidentd:fifo_file { write getattr };
245 allow appdomain cache_backup_file:dir getattr;
353 allow appdomain runas_exec:file getattr;
367 allow appdomain cache_file:dir getattr;
545 neverallow appdomain fs_type:filesystem ~getattr;
562 } input_device:chr_file ~getattr;
[all …]
|
| /aosp12/system/sepolicy/public/ |
| H A D | iorap_inode2filename.te | 19 allow iorap_inode2filename apex_data_file:file { getattr };
21 allow iorap_inode2filename apex_mnt_dir:file { getattr };
23 allow iorap_inode2filename apk_data_file:file { getattr };
27 allow iorap_inode2filename backup_data_file:file { getattr };
31 allow iorap_inode2filename metadata_file:file { getattr };
40 allow iorap_inode2filename ringtone_file:file { getattr };
43 allow iorap_inode2filename sepolicy_file:file { getattr };
54 allow iorap_inode2filename toolbox_exec:file getattr;
59 allow iorap_inode2filename unlabeled:file { getattr };
61 allow iorap_inode2filename vendor_file:file { getattr };
[all …]
|
| H A D | app.te | 30 allow appdomain dalvikcache_data_file:dir { search getattr };
139 allow appdomain icon_file:file { getattr read map };
165 allow appdomain dumpstate:fifo_file { write getattr };
166 allow appdomain shell_data_file:file { write getattr };
170 allow appdomain incidentd:fifo_file { write getattr };
245 allow appdomain cache_backup_file:dir getattr;
353 allow appdomain runas_exec:file getattr;
367 allow appdomain cache_file:dir getattr;
545 neverallow appdomain fs_type:filesystem ~getattr;
562 } input_device:chr_file ~getattr;
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/28.0/ |
| H A D | vendor_sepolicy.cil | 681 (allow hal_ir_default tmpfs_28_0 (dir (getattr search)))
860 (allow hal_vr_default tmpfs_28_0 (dir (getattr search)))
922 (allow rild rild_tmpfs (file (read write getattr map)))
923 (allow rild tmpfs_28_0 (dir (getattr search)))
932 (allow tee_28_0 tmpfs_28_0 (dir (getattr search)))
1001 (allow createns tmpfs_28_0 (dir (getattr search)))
1021 (allow dhcpclient tmpfs_28_0 (dir (getattr search)))
1041 (allow dhcpserver tmpfs_28_0 (dir (getattr search)))
1056 (allow execns tmpfs_28_0 (dir (getattr search)))
1231 (allow ipv6proxy tmpfs_28_0 (dir (getattr search)))
[all …]
|
| H A D | plat_pub_versioned.cil | 3275 (allow appdomain cache_file_28_0 (dir (getattr)))
3923 (allow domain selinuxfs_28_0 (file (getattr)))
3932 (allow domain fs_type (filesystem (getattr)))
3933 (allow domain fs_type (dir (getattr)))
4774 (allow e2fs_28_0 dev_type (blk_file (getattr)))
4843 (allow fsck_28_0 dev_type (blk_file (getattr)))
5588 (allow hal_usb sysfs_28_0 (file (getattr)))
7354 (allow shell_28_0 device_28_0 (dir (getattr)))
7355 (allow shell_28_0 domain (process (getattr)))
7366 (allow shell_28_0 dev_type (chr_file (getattr)))
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/26.0/ |
| H A D | nonplat_sepolicy.cil | 2055 (allow domain selinuxfs_26_0 (file (getattr)))
2063 (allow domain fs_type (filesystem (getattr)))
2064 (allow domain fs_type (dir (getattr)))
2629 (allow dumpstate_26_0 domain (process (getattr)))
2778 (allow fsck_26_0 dev_type (blk_file (getattr)))
3294 (allow hal_usb sysfs_26_0 (file (getattr)))
3485 (allow init_26_0 tmpfs_26_0 (blk_file (getattr)))
4817 (allow shell_26_0 device_26_0 (dir (getattr)))
4818 (allow shell_26_0 domain (process (getattr)))
4828 (allow shell_26_0 dev_type (chr_file (getattr)))
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/27.0/ |
| H A D | nonplat_sepolicy.cil | 2274 (allow domain selinuxfs_27_0 (file (getattr)))
2282 (allow domain fs_type (filesystem (getattr)))
2283 (allow domain fs_type (dir (getattr)))
2847 (allow dumpstate_27_0 domain (process (getattr)))
3036 (allow fsck_27_0 dev_type (blk_file (getattr)))
3632 (allow hal_usb sysfs_27_0 (file (getattr)))
3823 (allow init_27_0 tmpfs_27_0 (blk_file (getattr)))
5170 (allow shell_27_0 device_27_0 (dir (getattr)))
5171 (allow shell_27_0 domain (process (getattr)))
5181 (allow shell_27_0 dev_type (chr_file (getattr)))
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/31.0/private/ |
| H A D | iorap_inode2filename.te | 5 allow iorap_inode2filename apex_data_file:file { getattr };
6 allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
7 allow iorap_inode2filename dalvikcache_data_file:file { getattr };
8 allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
9 allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
10 allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
11 allow iorap_inode2filename storaged_data_file:file { getattr };
|
| H A D | traced_probes.te | 16 allow traced_probes debugfs_trace_marker:file getattr;
55 allow traced_probes apk_data_file:dir { getattr open read search };
56 allow traced_probes { apex_art_data_file apex_module_data_file }:dir { getattr open read search };
57 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
59 # search and getattr are granted via domain and coredomain, respectively.
62 allow traced_probes system_app_data_file:dir { getattr open read search };
63 allow traced_probes backup_data_file:dir { getattr open read search };
64 allow traced_probes bootstat_data_file:dir { getattr open read search };
65 allow traced_probes update_engine_data_file:dir { getattr open read search };
66 allow traced_probes update_engine_log_data_file:dir { getattr open read search };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/32.0/private/ |
| H A D | iorap_inode2filename.te | 5 allow iorap_inode2filename apex_data_file:file { getattr };
6 allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
7 allow iorap_inode2filename dalvikcache_data_file:file { getattr };
8 allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
9 allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
10 allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
11 allow iorap_inode2filename storaged_data_file:file { getattr };
|
| H A D | traced_probes.te | 16 allow traced_probes debugfs_trace_marker:file getattr;
55 allow traced_probes apk_data_file:dir { getattr open read search };
56 allow traced_probes { apex_art_data_file apex_module_data_file }:dir { getattr open read search };
57 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
59 # search and getattr are granted via domain and coredomain, respectively.
62 allow traced_probes system_app_data_file:dir { getattr open read search };
63 allow traced_probes backup_data_file:dir { getattr open read search };
64 allow traced_probes bootstat_data_file:dir { getattr open read search };
65 allow traced_probes update_engine_data_file:dir { getattr open read search };
66 allow traced_probes update_engine_log_data_file:dir { getattr open read search };
[all …]
|
| /aosp12/system/sepolicy/private/ |
| H A D | iorap_inode2filename.te | 5 allow iorap_inode2filename apex_data_file:file { getattr };
6 allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
7 allow iorap_inode2filename dalvikcache_data_file:file { getattr };
8 allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
9 allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
10 allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
11 allow iorap_inode2filename storaged_data_file:file { getattr };
|
| H A D | traced_probes.te | 16 allow traced_probes debugfs_trace_marker:file getattr;
55 allow traced_probes apk_data_file:dir { getattr open read search };
56 allow traced_probes { apex_art_data_file apex_module_data_file }:dir { getattr open read search };
57 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
59 # search and getattr are granted via domain and coredomain, respectively.
62 allow traced_probes system_app_data_file:dir { getattr open read search };
63 allow traced_probes backup_data_file:dir { getattr open read search };
64 allow traced_probes bootstat_data_file:dir { getattr open read search };
65 allow traced_probes update_engine_data_file:dir { getattr open read search };
66 allow traced_probes update_engine_log_data_file:dir { getattr open read search };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/28.0/private/ |
| H A D | traced_probes.te | 10 allow traced_probes traced_tmpfs:file { read write getattr map };
16 allow traced_probes debugfs_trace_marker:file getattr;
40 allow traced_probes apk_data_file:dir { getattr open read search };
41 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
43 allow traced_probes system_data_file:dir { getattr open read search };
45 allow traced_probes system_app_data_file:dir { getattr open read search };
46 allow traced_probes backup_data_file:dir { getattr open read search };
47 allow traced_probes bootstat_data_file:dir { getattr open read search };
48 allow traced_probes update_engine_data_file:dir { getattr open read search };
50 allow traced_probes user_profile_data_file:dir { getattr open read search };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/30.0/private/ |
| H A D | iorap_inode2filename.te | 4 allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
5 allow iorap_inode2filename dalvikcache_data_file:file { getattr };
6 allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
7 allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
8 allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
9 allow iorap_inode2filename storaged_data_file:file { getattr };
|
| H A D | traced_probes.te | 16 allow traced_probes debugfs_trace_marker:file getattr;
44 allow traced_probes apk_data_file:dir { getattr open read search };
45 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
47 # search and getattr are granted via domain and coredomain, respectively.
50 allow traced_probes system_app_data_file:dir { getattr open read search };
51 allow traced_probes backup_data_file:dir { getattr open read search };
52 allow traced_probes bootstat_data_file:dir { getattr open read search };
53 allow traced_probes update_engine_data_file:dir { getattr open read search };
54 allow traced_probes update_engine_log_data_file:dir { getattr open read search };
55 allow traced_probes user_profile_data_file:dir { getattr open read search };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/26.0/private/ |
| H A D | domain_deprecated.te | 47 } rootfs:dir { open getattr read ioctl lock }; # search granted in domain
70 } rootfs:lnk_file { getattr open ioctl lock }; # read granted in domain
87 } system_file:dir { open read ioctl lock }; # search getattr in domain
91 allow domain_deprecated system_data_file:file { getattr read };
100 } system_data_file:file { getattr read };
110 allow domain_deprecated apk_data_file:dir { getattr search };
120 } apk_data_file:dir { getattr search };
139 allow domain_deprecated cache_file:file { getattr read };
152 } cache_file:dir getattr;
157 } cache_file:file { getattr read };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/29.0/private/ |
| H A D | traced_probes.te | 10 allow traced_probes traced_tmpfs:file { read write getattr map };
16 allow traced_probes debugfs_trace_marker:file getattr;
44 allow traced_probes apk_data_file:dir { getattr open read search };
45 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
47 # search and getattr are granted via domain and coredomain, respectively.
50 allow traced_probes system_app_data_file:dir { getattr open read search };
51 allow traced_probes backup_data_file:dir { getattr open read search };
52 allow traced_probes bootstat_data_file:dir { getattr open read search };
53 allow traced_probes update_engine_data_file:dir { getattr open read search };
55 allow traced_probes user_profile_data_file:dir { getattr open read search };
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/26.0/public/ |
| H A D | shell.te | 30 allow shell profman_dump_data_file:file { getattr unlink };
103 allow shell domain:dir { search open read getattr };
108 allow shell { proc labeledfs }:filesystem getattr;
111 allow shell device:dir getattr;
114 allow shell domain:process getattr;
141 allow shell dev_type:chr_file getattr;
144 allow shell proc:lnk_file getattr;
150 allow shell dev_type:blk_file getattr;
175 # only getattr required for host side test.
181 }:chr_file ~getattr;
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/27.0/public/ |
| H A D | shell.te | 30 allow shell profman_dump_data_file:file { getattr unlink };
104 allow shell domain:dir { search open read getattr };
109 allow shell { proc labeledfs }:filesystem getattr;
112 allow shell device:dir getattr;
115 allow shell domain:process getattr;
142 allow shell dev_type:chr_file getattr;
145 allow shell proc:lnk_file getattr;
151 allow shell dev_type:blk_file getattr;
176 # only getattr required for host side test.
182 }:chr_file ~getattr;
[all …]
|