| /aosp12/system/sepolicy/prebuilts/api/30.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
27 # Do not allow untrusted apps to register services.
32 # Do not allow untrusted apps to use VendorBinder
36 # Do not allow untrusted apps to connect to the property service
78 # and an untrusted app is allowed fork permission to itself.
81 # Do not allow untrusted apps to hard link to any files.
82 # In particular, if an untrusted app links to other app data
85 # bugs, so we want to ensure untrusted apps never have this
124 # Do not allow untrusted apps access to /cache
209 # Do not allow untrusted apps access to preloads data files
[all …]
|
| H A D | untrusted_app_all.te | 4 ### This file defines the rules shared by all untrusted app domains except
20 ### Note that rules that should apply to all untrusted apps must be in app.te or also
57 # Allow traceur to pass file descriptors through a content provider to untrusted apps
61 # untrusted apps should not be able to open trace data files, they should depend
103 # Allow untrusted apps to interact with gpuservice
128 # Allow untrusted apps read / execute access to /vendor/app for there can
144 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| /aosp12/system/sepolicy/prebuilts/api/31.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
30 # Do not allow untrusted apps to register services.
35 # Do not allow untrusted apps to use VendorBinder
39 # Do not allow untrusted apps to connect to the property service
84 # and an untrusted app is allowed fork permission to itself.
87 # Do not allow untrusted apps to hard link to any files.
88 # In particular, if an untrusted app links to other app data
91 # bugs, so we want to ensure untrusted apps never have this
130 # Do not allow untrusted apps access to /cache
194 # Do not allow untrusted apps access to preloads data files
[all …]
|
| H A D | untrusted_app_all.te | 4 ### This file defines the rules shared by all untrusted app domains except
21 ### Note that rules that should apply to all untrusted apps must be in app.te or also
58 # Allow traceur to pass file descriptors through a content provider to untrusted apps
62 # untrusted apps should not be able to open trace data files, they should depend
67 # neverallow untrusted apps accessing debugfs_tracing
124 # Allow untrusted apps read / execute access to /vendor/app for there can
140 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| /aosp12/system/sepolicy/prebuilts/api/32.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
30 # Do not allow untrusted apps to register services.
35 # Do not allow untrusted apps to use VendorBinder
39 # Do not allow untrusted apps to connect to the property service
84 # and an untrusted app is allowed fork permission to itself.
87 # Do not allow untrusted apps to hard link to any files.
88 # In particular, if an untrusted app links to other app data
91 # bugs, so we want to ensure untrusted apps never have this
130 # Do not allow untrusted apps access to /cache
194 # Do not allow untrusted apps access to preloads data files
[all …]
|
| H A D | untrusted_app_all.te | 4 ### This file defines the rules shared by all untrusted app domains except
21 ### Note that rules that should apply to all untrusted apps must be in app.te or also
58 # Allow traceur to pass file descriptors through a content provider to untrusted apps
62 # untrusted apps should not be able to open trace data files, they should depend
67 # neverallow untrusted apps accessing debugfs_tracing
124 # Allow untrusted apps read / execute access to /vendor/app for there can
140 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| /aosp12/system/sepolicy/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
30 # Do not allow untrusted apps to register services.
35 # Do not allow untrusted apps to use VendorBinder
39 # Do not allow untrusted apps to connect to the property service
84 # and an untrusted app is allowed fork permission to itself.
87 # Do not allow untrusted apps to hard link to any files.
88 # In particular, if an untrusted app links to other app data
91 # bugs, so we want to ensure untrusted apps never have this
130 # Do not allow untrusted apps access to /cache
194 # Do not allow untrusted apps access to preloads data files
[all …]
|
| H A D | untrusted_app_all.te | 4 ### This file defines the rules shared by all untrusted app domains except
21 ### Note that rules that should apply to all untrusted apps must be in app.te or also
58 # Allow traceur to pass file descriptors through a content provider to untrusted apps
62 # untrusted apps should not be able to open trace data files, they should depend
67 # neverallow untrusted apps accessing debugfs_tracing
124 # Allow untrusted apps read / execute access to /vendor/app for there can
140 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| /aosp12/system/sepolicy/prebuilts/api/28.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
25 # Do not allow untrusted apps to register services.
30 # Do not allow untrusted apps to use VendorBinder
51 # and an untrusted app is allowed fork permission to itself.
54 # Do not allow untrusted apps to hard link to any files.
55 # In particular, if an untrusted app links to other app data
58 # bugs, so we want to ensure untrusted apps never have this
85 # Do not allow untrusted apps access to /cache
108 # No untrusted component should be touching /dev/fuse
111 # Do not allow untrusted apps to directly open tun_device
[all …]
|
| H A D | untrusted_app_all.te | 4 ### This file defines the rules shared by all untrusted app domains except
21 ### Note that rules that should apply to all untrusted apps must be in app.te or also
44 # Allow traceur to pass file descriptors through a content provider to untrusted apps
48 # untrusted apps should not be able to open trace data files, they should depend
110 # Allow untrusted apps read / execute access to /vendor/app for there can
124 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| H A D | untrusted_app_27.te | 4 ### This file defines the rules for untrusted apps running with
7 ### This file defines the rules for untrusted apps.
|
| /aosp12/system/sepolicy/prebuilts/api/27.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
24 # Do not allow untrusted apps to register services.
29 # Do not allow untrusted apps to use VendorBinder
46 # and an untrusted app is allowed fork permission to itself.
49 # Do not allow untrusted apps to hard link to any files.
50 # In particular, if an untrusted app links to other app data
53 # bugs, so we want to ensure untrusted apps never have this
74 # Do not allow untrusted apps access to /cache
99 # No untrusted component should be touching /dev/fuse
102 # Do not allow untrusted apps to directly open tun_device
[all …]
|
| H A D | untrusted_app.te | 4 ### This file defines the rules for untrusted apps.
27 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| /aosp12/system/sepolicy/prebuilts/api/26.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
19 # Do not allow untrusted apps to register services.
24 # Do not allow untrusted apps to use VendorBinder
41 # and an untrusted app is allowed fork permission to itself.
44 # Do not allow untrusted apps to hard link to any files.
45 # In particular, if an untrusted app links to other app data
48 # bugs, so we want to ensure untrusted apps never have this
69 # Do not allow untrusted apps access to /cache
94 # No untrusted component should be touching /dev/fuse
97 # Do not allow untrusted apps to directly open tun_device
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/29.0/private/ |
| H A D | app_neverallows.te | 2 ### neverallow rules for untrusted app domains
25 # Do not allow untrusted apps to register services.
30 # Do not allow untrusted apps to use VendorBinder
34 # Do not allow untrusted apps to connect to the property service
77 # and an untrusted app is allowed fork permission to itself.
80 # Do not allow untrusted apps to hard link to any files.
81 # In particular, if an untrusted app links to other app data
84 # bugs, so we want to ensure untrusted apps never have this
115 # Do not allow untrusted apps access to /cache
140 # No untrusted component should be touching /dev/fuse
[all …]
|
| H A D | untrusted_app_all.te | 4 ### This file defines the rules shared by all untrusted app domains except
20 ### Note that rules that should apply to all untrusted apps must be in app.te or also
57 # Allow traceur to pass file descriptors through a content provider to untrusted apps
61 # untrusted apps should not be able to open trace data files, they should depend
104 # Allow untrusted apps to interact with gpuservice
137 # Allow untrusted apps read / execute access to /vendor/app for there can
155 # allow untrusted apps to use UDP sockets provided by the system server but not
|
| H A D | untrusted_app_27.te | 4 ### This file defines the rules for untrusted apps running with
7 ### This file defines the rules for untrusted apps.
|
| /aosp12/system/sepolicy/prebuilts/api/30.0/public/ |
| H A D | untrusted_app.te | 19 # This file defines the rules for untrusted apps running with
22 # This file defines the rules for untrusted apps running with
25 # This file defines the rules for untrusted apps running with
28 # This file defines the rules for untrusted apps running with
|
| H A D | hwservice.te | 2 # access from untrusted apps is prohibited.
64 # These are directly accessible from untrusted apps.
78 # untrusted app access in mind.
|
| /aosp12/system/sepolicy/prebuilts/api/31.0/public/ |
| H A D | untrusted_app.te | 19 # This file defines the rules for untrusted apps running with
22 # This file defines the rules for untrusted apps running with
25 # This file defines the rules for untrusted apps running with
28 # This file defines the rules for untrusted apps running with
|
| H A D | hwservice.te | 2 # access from untrusted apps is prohibited.
63 # These are directly accessible from untrusted apps.
77 # untrusted app access in mind.
|
| /aosp12/system/sepolicy/prebuilts/api/32.0/public/ |
| H A D | untrusted_app.te | 19 # This file defines the rules for untrusted apps running with
22 # This file defines the rules for untrusted apps running with
25 # This file defines the rules for untrusted apps running with
28 # This file defines the rules for untrusted apps running with
|
| H A D | hwservice.te | 2 # access from untrusted apps is prohibited.
63 # These are directly accessible from untrusted apps.
77 # untrusted app access in mind.
|
| /aosp12/system/sepolicy/public/ |
| H A D | untrusted_app.te | 19 # This file defines the rules for untrusted apps running with
22 # This file defines the rules for untrusted apps running with
25 # This file defines the rules for untrusted apps running with
28 # This file defines the rules for untrusted apps running with
|
| H A D | hwservice.te | 2 # access from untrusted apps is prohibited.
63 # These are directly accessible from untrusted apps.
77 # untrusted app access in mind.
|