Blame - microdroid/sepolicy/system/public/su.te - android_packages_modules_Virtualization

blob: a440c21b7d66aa148384aaf457790ed05c4c6873 [file] [log] [blame]

Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	1	# All types must be defined regardless of build variant to ensure
				2	# policy compilation succeeds with userdebug/user combination at boot
				3	type su, domain;
				4
				5	# File types must be defined for file_contexts.
				6	type su_exec, system_file_type, exec_type, file_type;
				7
				8	userdebug_or_eng(`
				9	# Domain used for su processes, as well as for adbd and adb shell
				10	# after performing an adb root command. The domain definition is
				11	# wrapped to ensure that it does not exist at all on -user builds.
				12	typeattribute su mlstrustedsubject;
				13
				14	# Add su to various domains
				15	net_domain(su)
				16
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	17	dontaudit su self:capability_class_set *;
				18	dontaudit su self:capability2 *;
				19	dontaudit su kernel:security *;
				20	dontaudit su { kernel file_type }:system *;
				21	dontaudit su self:memprotect *;
				22	dontaudit su domain:{ process process2 } *;
				23	dontaudit su domain:fd *;
				24	dontaudit su domain:dir *;
				25	dontaudit su domain:lnk_file *;
				26	dontaudit su domain:{ fifo_file file } *;
				27	dontaudit su domain:socket_class_set *;
				28	dontaudit su domain:ipc_class_set *;
				29	dontaudit su domain:key *;
				30	dontaudit su fs_type:filesystem *;
				31	dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
				32	dontaudit su node_type:node *;
				33	dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
				34	dontaudit su netif_type:netif *;
				35	dontaudit su port_type:socket_class_set *;
				36	dontaudit su port_type:{ tcp_socket dccp_socket } *;
				37	dontaudit su domain:peer *;
				38	dontaudit su domain:binder *;
				39	dontaudit su property_type:property_service *;
				40	dontaudit su property_type:file *;
				41	dontaudit su service_manager_type:service_manager *;
				42	dontaudit su hwservice_manager_type:hwservice_manager *;
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	43	dontaudit su servicemanager:service_manager list;
				44	dontaudit su hwservicemanager:hwservice_manager list;
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	45	dontaudit su keystore:keystore_key *;
				46	dontaudit su keystore:keystore2 *;
				47	dontaudit su domain:drmservice *;
				48	dontaudit su unlabeled:filesystem *;
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	49	dontaudit su domain:bpf *;
				50	dontaudit su unlabeled:vsock_socket *;
				51	dontaudit su self:perf_event *;
Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame]	52	')