Trim more *_contexts files
Except for genfs_contexts which will be done as a separate work.
Bug: 191131624
Test: atest MicrodroidHostTestCases
Change-Id: Id602c29074de1470e7905a620009c0ae89695a17
diff --git a/microdroid/sepolicy/system/private/hwservice_contexts b/microdroid/sepolicy/system/private/hwservice_contexts
index 5b6e79d..f4583e2 100644
--- a/microdroid/sepolicy/system/private/hwservice_contexts
+++ b/microdroid/sepolicy/system/private/hwservice_contexts
@@ -1,85 +1,6 @@
-android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0
-android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
-android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0
-android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
-android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
-android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
-android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0
-android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0
-android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
-android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
-android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
-android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0
-android.hardware.automotive.can::ICanController u:object_r:hal_can_controller_hwservice:s0
-android.hardware.automotive.can::ICanBus u:object_r:hal_can_bus_hwservice:s0
-android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0
-android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0
-android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0
-android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
-android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0
-android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0
-android.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:object_r:hal_audio_hwservice:s0
-android.hardware.boot::IBootControl u:object_r:hal_bootctl_hwservice:s0
-android.hardware.broadcastradio::IBroadcastRadio u:object_r:hal_broadcastradio_hwservice:s0
-android.hardware.broadcastradio::IBroadcastRadioFactory u:object_r:hal_broadcastradio_hwservice:s0
-android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0
-android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
-android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
-android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
-android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
-android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
-android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
-android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
-android.hardware.gatekeeper::IGatekeeper u:object_r:hal_gatekeeper_hwservice:s0
-android.hardware.gnss::IGnss u:object_r:hal_gnss_hwservice:s0
-android.hardware.graphics.allocator::IAllocator u:object_r:hal_graphics_allocator_hwservice:s0
-android.hardware.graphics.composer::IComposer u:object_r:hal_graphics_composer_hwservice:s0
-android.hardware.graphics.mapper::IMapper u:object_r:hal_graphics_mapper_hwservice:s0
-android.hardware.health::IHealth u:object_r:hal_health_hwservice:s0
-android.hardware.health.storage::IStorage u:object_r:hal_health_storage_hwservice:s0
-android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0
-android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
-android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
-android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0
-android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
-android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
-android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
-android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
-android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0
-android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
-android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0
-android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0
-android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0
-android.hardware.power::IPower u:object_r:hal_power_hwservice:s0
-android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0
-android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0
-android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0
-android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0
-android.hardware.radio::ISap u:object_r:hal_telephony_hwservice:s0
-android.hardware.renderscript::IDevice u:object_r:hal_renderscript_hwservice:s0
-android.hardware.secure_element::ISecureElement u:object_r:hal_secure_element_hwservice:s0
-android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
-android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
-android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0
-android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0
-android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
-android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
-android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
-android.hardware.tv.tuner::ITuner u:object_r:hal_tv_tuner_hwservice:s0
-android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
-android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0
-android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0
-android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0
-android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
-android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0
-android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0
-android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0
android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0
android.hidl.manager::IServiceManager u:object_r:hidl_manager_hwservice:s0
android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0
android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0
-android.system.net.netd::INetd u:object_r:system_net_netd_hwservice:s0
-android.system.suspend::ISystemSuspend u:object_r:system_suspend_hwservice:s0
-android.system.wifi.keystore::IKeystore u:object_r:system_wifi_keystore_hwservice:s0
* u:object_r:default_android_hwservice:s0
diff --git a/microdroid/sepolicy/system/private/keystore2_key_contexts b/microdroid/sepolicy/system/private/keystore2_key_contexts
index 4e7c260..02cdd5e 100644
--- a/microdroid/sepolicy/system/private/keystore2_key_contexts
+++ b/microdroid/sepolicy/system/private/keystore2_key_contexts
@@ -4,27 +4,6 @@
# <namespace> <label>
#
# <namespace> must be an integer in the interval [0 ... 2^31)
-# su_key is a keystore_key namespace for the su domain intended for native tests.
-0 u:object_r:su_key:s0
-
-# shell_key is a keystore_key namespace for the shell domain intended for native tests.
-1 u:object_r:shell_key:s0
-
-# vold_key is a keystore2_key namespace for vold. It allows using raw Keymint blobs.
-100 u:object_r:vold_key:s0
-
-# odsign_key is a keystore2_key namespace for the on-device signing daemon.
-101 u:object_r:odsign_key:s0
-
-# wifi_key is a keystore2_key namespace for the WI-FI subsystem. It replaces the WIFI_UID
-# namespace in keystore.
-102 u:object_r:wifi_key:s0
-
-# locksettings_key is a keystore2_key namespace for the LockSettingsService.
-103 u:object_r:locksettings_key:s0
-
-# resume_on_reboot_key is a keystore2_key namespace intended for resume on reboot.
-120 u:object_r:resume_on_reboot_key:s0
# vm_payload_key is a keystore2_key namespace intended for microdroid VM payloads.
# TODO(b/191843770): sort out a longer term policy
diff --git a/microdroid/sepolicy/system/private/port_contexts b/microdroid/sepolicy/system/private/port_contexts
index b473c0c..2f40b38 100644
--- a/microdroid/sepolicy/system/private/port_contexts
+++ b/microdroid/sepolicy/system/private/port_contexts
@@ -1,3 +1 @@
-# portcon statements go here, e.g.
-# portcon tcp 80 u:object_r:http_port:s0
-
+# This file can't be empty, but is unused on microdroid
diff --git a/microdroid/sepolicy/system/private/property_contexts b/microdroid/sepolicy/system/private/property_contexts
index 1483f6f..c2a3a62 100644
--- a/microdroid/sepolicy/system/private/property_contexts
+++ b/microdroid/sepolicy/system/private/property_contexts
@@ -25,9 +25,6 @@
ctl.console u:object_r:ctl_console_prop:s0
ctl. u:object_r:ctl_default_prop:s0
-dev.mnt.blk.root u:object_r:system_prop:s0 exact string
-dev.mnt.blk.vendor u:object_r:system_prop:s0 exact string
-
sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0 exact bool
service.adb.root u:object_r:shell_prop:s0 exact bool
diff --git a/microdroid/sepolicy/system/private/seapp_contexts b/microdroid/sepolicy/system/private/seapp_contexts
index b8e42ea..2f40b38 100644
--- a/microdroid/sepolicy/system/private/seapp_contexts
+++ b/microdroid/sepolicy/system/private/seapp_contexts
@@ -1,178 +1 @@
-# The entries in this file define how security contexts for apps are determined.
-# Each entry lists input selectors, used to match the app, and outputs which are
-# used to determine the security contexts for matching apps.
-#
-# Input selectors:
-# isSystemServer (boolean)
-# isEphemeralApp (boolean)
-# isOwner (boolean)
-# user (string)
-# seinfo (string)
-# name (string)
-# path (string)
-# isPrivApp (boolean)
-# minTargetSdkVersion (unsigned integer)
-# fromRunAs (boolean)
-#
-# All specified input selectors in an entry must match (i.e. logical AND).
-# An unspecified string or boolean selector with no default will match any
-# value.
-# A user, name, or path string selector that ends in * will perform a prefix
-# match.
-# String matching is case-insensitive.
-# See external/selinux/libselinux/src/android/android_platform.c,
-# seapp_context_lookup().
-#
-# isSystemServer=true only matches the system server.
-# An unspecified isSystemServer defaults to false.
-# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
-# isOwner=true will only match for the owner/primary user.
-# user=_app will match any regular app process.
-# user=_isolated will match any isolated service process.
-# Other values of user are matched against the name associated with the process
-# UID.
-# seinfo= matches aginst the seinfo tag for the app, determined from
-# mac_permissions.xml files.
-# The ':' character is reserved and may not be used in seinfo.
-# name= matches against the package name of the app.
-# path= matches against the directory path when labeling app directories.
-# isPrivApp=true will only match for applications preinstalled in
-# /system/priv-app.
-# minTargetSdkVersion will match applications with a targetSdkVersion
-# greater than or equal to the specified value. If unspecified,
-# it has a default value of 0.
-# fromRunAs=true means the process being labeled is started by run-as. Default
-# is false.
-#
-# Precedence: entries are compared using the following rules, in the order shown
-# (see external/selinux/libselinux/src/android/android_platform.c,
-# seapp_context_cmp()).
-# (1) isSystemServer=true before isSystemServer=false.
-# (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
-# boolean.
-# (3) Specified isOwner= before unspecified isOwner= boolean.
-# (4) Specified user= string before unspecified user= string;
-# more specific user= string before less specific user= string.
-# (5) Specified seinfo= string before unspecified seinfo= string.
-# (6) Specified name= string before unspecified name= string;
-# more specific name= string before less specific name= string.
-# (7) Specified path= string before unspecified path= string.
-# more specific name= string before less specific name= string.
-# (8) Specified isPrivApp= before unspecified isPrivApp= boolean.
-# (9) Higher value of minTargetSdkVersion= before lower value of
-# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
-# defaults to 0 if unspecified.
-# (10) fromRunAs=true before fromRunAs=false.
-# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
-# longer prefix is more specific than a shorter prefix.)
-# Apps are checked against entries in precedence order until the first match,
-# regardless of their order in this file.
-#
-# Duplicate entries, i.e. with identical input selectors, are not allowed.
-#
-# Outputs:
-# domain (string)
-# type (string)
-# levelFrom (string; one of none, all, app, or user)
-# level (string)
-#
-# domain= determines the label to be used for the app process; entries
-# without domain= are ignored for this purpose.
-# type= specifies the label to be used for the app data directory; entries
-# without type= are ignored for this purpose. The label specified must
-# have the app_data_file_type attribute.
-# levelFrom and level are used to determine the level (sensitivity + categories)
-# for MLS/MCS.
-# levelFrom=none omits the level.
-# levelFrom=app determines the level from the process UID.
-# levelFrom=user determines the level from the user ID.
-# levelFrom=all determines the level from both UID and user ID.
-#
-# levelFrom=user is only supported for _app or _isolated UIDs.
-# levelFrom=app or levelFrom=all is only supported for _app UIDs.
-# level may be used to specify a fixed level for any UID.
-#
-# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app
-# and levelFromUid=false is equivalent to levelFrom=none.
-#
-#
-# Neverallow Assertions
-# Additional compile time assertion checks for the rules in this file can be
-# added as well. The assertion
-# rules are lines beginning with the keyword neverallow. Full support for PCRE
-# regular expressions exists on all input and output selectors. Neverallow
-# rules are never output to the built seapp_contexts file. Like all keywords,
-# neverallows are case-insensitive. A neverallow is asserted when all key value
-# inputs are matched on a key value rule line.
-#
-
-# only the system server can be in system_server domain
-neverallow isSystemServer=false domain=system_server
-neverallow isSystemServer="" domain=system_server
-
-# system domains should never be assigned outside of system uid
-neverallow user=((?!system).)* domain=system_app
-neverallow user=((?!system).)* type=system_app_data_file
-
-# any non priv-app with a non-known uid with a specified name should have a specified
-# seinfo
-neverallow user=_app isPrivApp=false name=.* seinfo=""
-neverallow user=_app isPrivApp=false name=.* seinfo=default
-
-# neverallow shared relro to any other domain
-# and neverallow any other uid into shared_relro
-neverallow user=shared_relro domain=((?!shared_relro).)*
-neverallow user=((?!shared_relro).)* domain=shared_relro
-
-# neverallow non-isolated uids into isolated_app domain
-# and vice versa
-neverallow user=_isolated domain=((?!isolated_app).)*
-neverallow user=((?!_isolated).)* domain=isolated_app
-
-# uid shell should always be in shell domain, however non-shell
-# uid's can be in shell domain
-neverallow user=shell domain=((?!shell).)*
-
-# only the package named com.android.shell can run in the shell domain
-neverallow domain=shell name=((?!com\.android\.shell).)*
-neverallow user=shell name=((?!com\.android\.shell).)*
-
-# Ephemeral Apps must run in the ephemeral_app domain
-neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
-
-isSystemServer=true domain=system_server_startup
-
-user=_app isPrivApp=true name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
-user=_app isPrivApp=true name=com.android.remoteprovisioner domain=remote_prov_app type=app_data_file levelFrom=all
-user=system seinfo=platform domain=system_app type=system_app_data_file
-user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
-user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
-user=nfc seinfo=platform domain=nfc type=nfc_data_file
-user=secure_element seinfo=platform domain=secure_element levelFrom=all
-user=radio seinfo=platform domain=radio type=radio_data_file
-user=shared_relro domain=shared_relro levelFrom=all
-user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
-user=webview_zygote seinfo=webview_zygote domain=webview_zygote
-user=_isolated domain=isolated_app levelFrom=user
-user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
-user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
-user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
-user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
-user=_app minTargetSdkVersion=31 isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
-user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
-user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
-user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
-user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
-user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
-user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
-user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all
-user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
-user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
-user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
-user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
-user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
-user=_app fromRunAs=true domain=runas_app levelFrom=user
+# This file can't be empty, but is unused on microdroid
diff --git a/microdroid/sepolicy/system/private/service_contexts b/microdroid/sepolicy/system/private/service_contexts
index b410b18..965b688 100644
--- a/microdroid/sepolicy/system/private/service_contexts
+++ b/microdroid/sepolicy/system/private/service_contexts
@@ -1,37 +1,10 @@
-android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
-android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
-android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
-android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
-android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
-android.hardware.health.storage.IStorage/default u:object_r:hal_health_storage_service:s0
-android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
-android.hardware.light.ILights/default u:object_r:hal_light_service:s0
-android.hardware.memtrack.IMemtrack/default u:object_r:hal_memtrack_service:s0
-android.hardware.oemlock.IOemLock/default u:object_r:hal_oemlock_service:s0
-android.hardware.power.IPower/default u:object_r:hal_power_service:s0
-android.hardware.power.stats.IPowerStats/default u:object_r:hal_power_stats_service:s0
-android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0
android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0
-android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0
-android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
-android.hardware.vibrator.IVibratorManager/default u:object_r:hal_vibrator_service:s0
-android.hardware.weaver.IWeaver/default u:object_r:hal_weaver_service:s0
-android.frameworks.stats.IStats/default u:object_r:fwk_stats_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
-accessibility u:object_r:accessibility_service:s0
-account u:object_r:account_service:s0
-activity u:object_r:activity_service:s0
-activity_task u:object_r:activity_task_service:s0
adb u:object_r:adb_service:s0
-aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
-aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
-alarm u:object_r:alarm_service:s0
-android.os.UpdateEngineService u:object_r:update_engine_service:s0
-android.os.UpdateEngineStableService u:object_r:update_engine_stable_service:s0
android.security.apc u:object_r:apc_service:s0
android.security.authorization u:object_r:authorization_service:s0
android.security.compat u:object_r:keystore_compat_hal_service:s0
@@ -40,270 +13,5 @@
android.security.maintenance u:object_r:keystore_maintenance_service:s0
android.security.remoteprovisioning u:object_r:remoteprovisioning_service:s0
android.security.vpnprofilestore u:object_r:vpnprofilestore_service:s0
-android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
-app_binding u:object_r:app_binding_service:s0
-app_hibernation u:object_r:app_hibernation_service:s0
-app_integrity u:object_r:app_integrity_service:s0
-app_prediction u:object_r:app_prediction_service:s0
-app_search u:object_r:app_search_service:s0
apexservice u:object_r:apex_service:s0
-blob_store u:object_r:blob_store_service:s0
-gsiservice u:object_r:gsi_service:s0
-appops u:object_r:appops_service:s0
-appwidget u:object_r:appwidget_service:s0
-artd u:object_r:artd_service:s0
-assetatlas u:object_r:assetatlas_service:s0
-attention u:object_r:attention_service:s0
-audio u:object_r:audio_service:s0
-auth u:object_r:auth_service:s0
-autofill u:object_r:autofill_service:s0
-backup u:object_r:backup_service:s0
-batteryproperties u:object_r:batteryproperties_service:s0
-batterystats u:object_r:batterystats_service:s0
-battery u:object_r:battery_service:s0
-binder_calls_stats u:object_r:binder_calls_stats_service:s0
-biometric u:object_r:biometric_service:s0
-bluetooth_manager u:object_r:bluetooth_manager_service:s0
-bluetooth u:object_r:bluetooth_service:s0
-broadcastradio u:object_r:broadcastradio_service:s0
-bugreport u:object_r:bugreport_service:s0
-cacheinfo u:object_r:cacheinfo_service:s0
-carrier_config u:object_r:radio_service:s0
-clipboard u:object_r:clipboard_service:s0
-com.android.net.IProxyService u:object_r:IProxyService_service:s0
-android.system.virtualizationservice u:object_r:virtualization_service:s0
-companiondevice u:object_r:companion_device_service:s0
-platform_compat u:object_r:platform_compat_service:s0
-platform_compat_native u:object_r:platform_compat_service:s0
-connectivity u:object_r:connectivity_service:s0
-connmetrics u:object_r:connmetrics_service:s0
-consumer_ir u:object_r:consumer_ir_service:s0
-content u:object_r:content_service:s0
-content_capture u:object_r:content_capture_service:s0
-content_suggestions u:object_r:content_suggestions_service:s0
-contexthub u:object_r:contexthub_service:s0
-country_detector u:object_r:country_detector_service:s0
-coverage u:object_r:coverage_service:s0
-cpuinfo u:object_r:cpuinfo_service:s0
-crossprofileapps u:object_r:crossprofileapps_service:s0
-dataloader_manager u:object_r:dataloader_manager_service:s0
-dbinfo u:object_r:dbinfo_service:s0
-device_config u:object_r:device_config_service:s0
-device_policy u:object_r:device_policy_service:s0
-device_identifiers u:object_r:device_identifiers_service:s0
-deviceidle u:object_r:deviceidle_service:s0
-device_state u:object_r:device_state_service:s0
-devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
-diskstats u:object_r:diskstats_service:s0
-display u:object_r:display_service:s0
-dnsresolver u:object_r:dnsresolver_service:s0
-domain_verification u:object_r:domain_verification_service:s0
-color_display u:object_r:color_display_service:s0
-netd_listener u:object_r:netd_listener_service:s0
-network_watchlist u:object_r:network_watchlist_service:s0
-DockObserver u:object_r:DockObserver_service:s0
-dreams u:object_r:dreams_service:s0
-drm.drmManager u:object_r:drmserver_service:s0
-dropbox u:object_r:dropbox_service:s0
-dumpstate u:object_r:dumpstate_service:s0
-dynamic_system u:object_r:dynamic_system_service:s0
-econtroller u:object_r:radio_service:s0
-emergency_affordance u:object_r:emergency_affordance_service:s0
-euicc_card_controller u:object_r:radio_service:s0
-external_vibrator_service u:object_r:external_vibrator_service:s0
-lowpan u:object_r:lowpan_service:s0
-ethernet u:object_r:ethernet_service:s0
-face u:object_r:face_service:s0
-file_integrity u:object_r:file_integrity_service:s0
-fingerprint u:object_r:fingerprint_service:s0
-font u:object_r:font_service:s0
-android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
-game u:object_r:game_service:s0
-gfxinfo u:object_r:gfxinfo_service:s0
-graphicsstats u:object_r:graphicsstats_service:s0
-gpu u:object_r:gpu_service:s0
-hardware u:object_r:hardware_service:s0
-hardware_properties u:object_r:hardware_properties_service:s0
-hdmi_control u:object_r:hdmi_control_service:s0
-ions u:object_r:radio_service:s0
-idmap u:object_r:idmap_service:s0
-incident u:object_r:incident_service:s0
-incidentcompanion u:object_r:incidentcompanion_service:s0
-inputflinger u:object_r:inputflinger_service:s0
-input_method u:object_r:input_method_service:s0
-input u:object_r:input_service:s0
-installd u:object_r:installd_service:s0
-iorapd u:object_r:iorapd_service:s0
-iphonesubinfo_msim u:object_r:radio_service:s0
-iphonesubinfo2 u:object_r:radio_service:s0
-iphonesubinfo u:object_r:radio_service:s0
-ims u:object_r:radio_service:s0
-imms u:object_r:imms_service:s0
-incremental u:object_r:incremental_service:s0
-ipsec u:object_r:ipsec_service:s0
-ircsmessage u:object_r:radio_service:s0
-iris u:object_r:iris_service:s0
-isms_msim u:object_r:radio_service:s0
-isms2 u:object_r:radio_service:s0
-isms u:object_r:radio_service:s0
-isub u:object_r:radio_service:s0
-jobscheduler u:object_r:jobscheduler_service:s0
-launcherapps u:object_r:launcherapps_service:s0
-legacy_permission u:object_r:legacy_permission_service:s0
-lights u:object_r:light_service:s0
-location u:object_r:location_service:s0
-location_time_zone_manager u:object_r:location_time_zone_manager_service:s0
-lock_settings u:object_r:lock_settings_service:s0
-looper_stats u:object_r:looper_stats_service:s0
-lpdump_service u:object_r:lpdump_service:s0
-media.aaudio u:object_r:audioserver_service:s0
-media.audio_flinger u:object_r:audioserver_service:s0
-media.audio_policy u:object_r:audioserver_service:s0
-media.camera u:object_r:cameraserver_service:s0
-media.camera.proxy u:object_r:cameraproxy_service:s0
-media.log u:object_r:audioserver_service:s0
-media.player u:object_r:mediaserver_service:s0
-media.metrics u:object_r:mediametrics_service:s0
-media.extractor u:object_r:mediaextractor_service:s0
-media.transcoding u:object_r:mediatranscoding_service:s0
-media.resource_manager u:object_r:mediaserver_service:s0
-media.resource_observer u:object_r:mediaserver_service:s0
-media.sound_trigger_hw u:object_r:audioserver_service:s0
-media.drm u:object_r:mediadrmserver_service:s0
-media.tuner u:object_r:mediatuner_service:s0
-media_communication u:object_r:media_communication_service:s0
-media_metrics u:object_r:media_metrics_service:s0
-media_projection u:object_r:media_projection_service:s0
-media_resource_monitor u:object_r:media_session_service:s0
-media_router u:object_r:media_router_service:s0
-media_session u:object_r:media_session_service:s0
-meminfo u:object_r:meminfo_service:s0
-memtrack.proxy u:object_r:memtrackproxy_service:s0
-midi u:object_r:midi_service:s0
-mount u:object_r:mount_service:s0
-music_recognition u:object_r:music_recognition_service:s0
-netd u:object_r:netd_service:s0
-netpolicy u:object_r:netpolicy_service:s0
-netstats u:object_r:netstats_service:s0
-network_stack u:object_r:network_stack_service:s0
-network_management u:object_r:network_management_service:s0
-network_score u:object_r:network_score_service:s0
-network_time_update_service u:object_r:network_time_update_service:s0
-nfc u:object_r:nfc_service:s0
-notification u:object_r:notification_service:s0
-oem_lock u:object_r:oem_lock_service:s0
-otadexopt u:object_r:otadexopt_service:s0
-overlay u:object_r:overlay_service:s0
-pac_proxy u:object_r:pac_proxy_service:s0
-package u:object_r:package_service:s0
-package_native u:object_r:package_native_service:s0
-people u:object_r:people_service:s0
-performance_hint u:object_r:hint_service:s0
-permission u:object_r:permission_service:s0
-permissionmgr u:object_r:permissionmgr_service:s0
-permission_checker u:object_r:permission_checker_service:s0
-persistent_data_block u:object_r:persistent_data_block_service:s0
-phone_msim u:object_r:radio_service:s0
-phone1 u:object_r:radio_service:s0
-phone2 u:object_r:radio_service:s0
-phone u:object_r:radio_service:s0
-pinner u:object_r:pinner_service:s0
-power_stats u:object_r:power_stats_service:s0
-power u:object_r:power_service:s0
-print u:object_r:print_service:s0
-processinfo u:object_r:processinfo_service:s0
-procstats u:object_r:procstats_service:s0
-profcollectd u:object_r:profcollectd_service:s0
-radio.phonesubinfo u:object_r:radio_service:s0
-radio.phone u:object_r:radio_service:s0
-radio.sms u:object_r:radio_service:s0
-rcs u:object_r:radio_service:s0
-reboot_readiness u:object_r:reboot_readiness_service:s0
-recovery u:object_r:recovery_service:s0
-resolver u:object_r:resolver_service:s0
-restrictions u:object_r:restrictions_service:s0
-role u:object_r:role_service:s0
-rollback u:object_r:rollback_service:s0
-rttmanager u:object_r:rttmanager_service:s0
-runtime u:object_r:runtime_service:s0
-samplingprofiler u:object_r:samplingprofiler_service:s0
-scheduling_policy u:object_r:scheduling_policy_service:s0
-search u:object_r:search_service:s0
-search_ui u:object_r:search_ui_service:s0
-secure_element u:object_r:secure_element_service:s0
-sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0
-sensorservice u:object_r:sensorservice_service:s0
-sensor_privacy u:object_r:sensor_privacy_service:s0
-serial u:object_r:serial_service:s0
-servicediscovery u:object_r:servicediscovery_service:s0
-manager u:object_r:service_manager_service:s0
-settings u:object_r:settings_service:s0
-shortcut u:object_r:shortcut_service:s0
-simphonebook_msim u:object_r:radio_service:s0
-simphonebook2 u:object_r:radio_service:s0
-simphonebook u:object_r:radio_service:s0
-sip u:object_r:radio_service:s0
-slice u:object_r:slice_service:s0
-smartspace u:object_r:smartspace_service:s0
-speech_recognition u:object_r:speech_recognition_service:s0
-stats u:object_r:stats_service:s0
-statscompanion u:object_r:statscompanion_service:s0
-statsmanager u:object_r:statsmanager_service:s0
-soundtrigger u:object_r:voiceinteraction_service:s0
-soundtrigger_middleware u:object_r:soundtrigger_middleware_service:s0
-statusbar u:object_r:statusbar_service:s0
-storaged u:object_r:storaged_service:s0
-storaged_pri u:object_r:storaged_service:s0
-storagestats u:object_r:storagestats_service:s0
-SurfaceFlinger u:object_r:surfaceflinger_service:s0
-suspend_control u:object_r:system_suspend_control_service:s0
-suspend_control_internal u:object_r:system_suspend_control_internal_service:s0
-system_config u:object_r:system_config_service:s0
-system_server_dumper u:object_r:system_server_dumper_service:s0
-system_update u:object_r:system_update_service:s0
-task u:object_r:task_service:s0
-telecom u:object_r:telecom_service:s0
-telephony.registry u:object_r:registry_service:s0
-telephony_ims u:object_r:radio_service:s0
-testharness u:object_r:testharness_service:s0
-tethering u:object_r:tethering_service:s0
-textclassification u:object_r:textclassification_service:s0
-textservices u:object_r:textservices_service:s0
-texttospeech u:object_r:texttospeech_service:s0
-time_detector u:object_r:timedetector_service:s0
-time_zone_detector u:object_r:timezonedetector_service:s0
-timezone u:object_r:timezone_service:s0
-thermalservice u:object_r:thermal_service:s0
-tracing.proxy u:object_r:tracingproxy_service:s0
-transformer u:object_r:transformer_service:s0
-trust u:object_r:trust_service:s0
-tv_input u:object_r:tv_input_service:s0
-tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0
-uce u:object_r:uce_service:s0
-uimode u:object_r:uimode_service:s0
-updatelock u:object_r:updatelock_service:s0
-uri_grants u:object_r:uri_grants_service:s0
-usagestats u:object_r:usagestats_service:s0
-usb u:object_r:usb_service:s0
-user u:object_r:user_service:s0
-uwb u:object_r:uwb_service:s0
-vcn_management u:object_r:vcn_management_service:s0
-vibrator u:object_r:vibrator_service:s0
-vibrator_manager u:object_r:vibrator_manager_service:s0
-virtual_touchpad u:object_r:virtual_touchpad_service:s0
-voiceinteraction u:object_r:voiceinteraction_service:s0
-vold u:object_r:vold_service:s0
-vpn_management u:object_r:vpn_management_service:s0
-vr_hwc u:object_r:vr_hwc_service:s0
-vrflinger_vsync u:object_r:vrflinger_vsync_service:s0
-vrmanager u:object_r:vr_manager_service:s0
-wallpaper u:object_r:wallpaper_service:s0
-webviewupdate u:object_r:webviewupdate_service:s0
-wifip2p u:object_r:wifip2p_service:s0
-wifiscanner u:object_r:wifiscanner_service:s0
-wifi u:object_r:wifi_service:s0
-wifinl80211 u:object_r:wifinl80211_service:s0
-wifiaware u:object_r:wifiaware_service:s0
-wifirtt u:object_r:rttmanager_service:s0
-window u:object_r:window_service:s0
* u:object_r:default_android_service:s0