Merge pie-platform-release to aosp-master - DO NOT MERGE
Change-Id: I7a398025c18a7ce22c775a67328dc5504f98c04f
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..415166b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.pyc
+*.*~
diff --git a/Android.bp b/Android.bp
index 1785342..545cc80 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1,4 +1,70 @@
-subdirs = [
- "tests",
- "build",
-]
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+se_filegroup {
+ name: "26.0.board.compat.map",
+ srcs: [
+ "compat/26.0/26.0.cil",
+ ],
+}
+
+se_filegroup {
+ name: "27.0.board.compat.map",
+ srcs: [
+ "compat/27.0/27.0.cil",
+ ],
+}
+
+se_filegroup {
+ name: "28.0.board.compat.map",
+ srcs: [
+ "compat/28.0/28.0.cil",
+ ],
+}
+
+se_cil_compat_map {
+ name: "26.0.cil",
+ bottom_half: [":26.0.board.compat.map"],
+ top_half: "27.0.cil",
+}
+
+se_cil_compat_map {
+ name: "27.0.cil",
+ bottom_half: [":27.0.board.compat.map"],
+ top_half: "28.0.cil",
+}
+
+se_cil_compat_map {
+ name: "28.0.cil",
+ bottom_half: [":28.0.board.compat.map"],
+ // top_half: "29.0.cil",
+}
+
+se_cil_compat_map {
+ name: "26.0.ignore.cil",
+ bottom_half: ["private/compat/26.0/26.0.ignore.cil"],
+ top_half: "27.0.ignore.cil",
+}
+
+se_cil_compat_map {
+ name: "27.0.ignore.cil",
+ bottom_half: ["private/compat/27.0/27.0.ignore.cil"],
+ top_half: "28.0.ignore.cil",
+}
+
+se_cil_compat_map {
+ name: "28.0.ignore.cil",
+ bottom_half: ["private/compat/28.0/28.0.ignore.cil"],
+ // top_half: "29.0.ignore.cil",
+}
diff --git a/Android.mk b/Android.mk
index f0c6a64..6b422a9 100644
--- a/Android.mk
+++ b/Android.mk
@@ -178,46 +178,32 @@
SHAREDLIB_EXT=so
endif
+#################################
+
include $(CLEAR_VARS)
+
LOCAL_MODULE := selinux_policy
LOCAL_MODULE_TAGS := optional
-# Include SELinux policy. We do this here because different modules
-# need to be included based on the value of PRODUCT_SEPOLICY_SPLIT. This
-# type of conditional inclusion cannot be done in top-level files such
-# as build/target/product/embedded.mk.
-# This conditional inclusion closely mimics the conditional logic
-# inside init/init.cpp for loading SELinux policy from files.
-ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
+LOCAL_REQUIRED_MODULES += \
+ selinux_policy_nonsystem \
+ selinux_policy_system \
-# Use split SELinux policy
+include $(BUILD_PHONY_PACKAGE)
+
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := selinux_policy_system
+# These build targets are not used on non-Treble devices. However, we build these to avoid
+# divergence between Treble and non-Treble devices.
LOCAL_REQUIRED_MODULES += \
$(platform_mapping_file) \
$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
- plat_pub_versioned.cil \
- vendor_sepolicy.cil \
plat_sepolicy.cil \
plat_and_mapping_sepolicy.cil.sha256 \
secilc \
- plat_sepolicy_vers.txt \
-
-# Include precompiled policy, unless told otherwise
-ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
-LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat_and_mapping.sha256
-endif
-else
-# The following files are only allowed for non-Treble devices.
-LOCAL_REQUIRED_MODULES += \
- sepolicy \
- vendor_service_contexts
-endif
LOCAL_REQUIRED_MODULES += \
build_sepolicy \
- vendor_file_contexts \
- vendor_mac_permissions.xml \
- vendor_property_contexts \
- vendor_seapp_contexts \
- vendor_hwservice_contexts \
plat_file_contexts \
plat_mac_permissions.xml \
plat_property_contexts \
@@ -225,7 +211,16 @@
plat_service_contexts \
plat_hwservice_contexts \
searchpolicy \
- vndservice_contexts \
+
+# This conditional inclusion closely mimics the conditional logic
+# inside init/init.cpp for loading SELinux policy from files.
+ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
+# The following files are only allowed for non-Treble devices.
+LOCAL_REQUIRED_MODULES += \
+ sepolicy \
+ vendor_service_contexts \
+
+endif # ($(PRODUCT_SEPOLICY_SPLIT),true)
ifneq ($(TARGET_BUILD_VARIANT), user)
LOCAL_REQUIRED_MODULES += \
@@ -237,12 +232,53 @@
ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
LOCAL_REQUIRED_MODULES += \
sepolicy_tests \
- treble_sepolicy_tests_26.0 \
- treble_sepolicy_tests_27.0 \
+ $(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
endif
endif
+ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
+LOCAL_REQUIRED_MODULES += \
+ sepolicy_freeze_test \
+
+endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
+
+include $(BUILD_PHONY_PACKAGE)
+
+#################################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := selinux_policy_nonsystem
+# Include precompiled policy, unless told otherwise.
+ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
+LOCAL_REQUIRED_MODULES += \
+ precompiled_sepolicy \
+ precompiled_sepolicy.plat_and_mapping.sha256 \
+ vendor_file_contexts \
+ vendor_mac_permissions.xml \
+ vendor_property_contexts \
+ vendor_seapp_contexts \
+ vendor_hwservice_contexts \
+
+endif # ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
+
+
+# These build targets are not used on non-Treble devices. However, we build these to avoid
+# divergence between Treble and non-Treble devices.
+LOCAL_REQUIRED_MODULES += \
+ plat_pub_versioned.cil \
+ vendor_sepolicy.cil \
+ plat_sepolicy_vers.txt \
+
+LOCAL_REQUIRED_MODULES += \
+ vendor_file_contexts \
+ vendor_mac_permissions.xml \
+ vendor_property_contexts \
+ vendor_seapp_contexts \
+ vendor_hwservice_contexts \
+ vndservice_contexts \
+
ifdef BOARD_ODM_SEPOLICY_DIRS
LOCAL_REQUIRED_MODULES += \
odm_sepolicy.cil \
@@ -252,13 +288,6 @@
odm_hwservice_contexts \
odm_mac_permissions.xml
endif
-
-ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
-LOCAL_REQUIRED_MODULES += \
- sepolicy_freeze_test \
-
-endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
-
include $(BUILD_PHONY_PACKAGE)
#################################
@@ -284,7 +313,7 @@
$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
$(LOCAL_BUILT_MODULE): $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
rm -f $@
@@ -396,7 +425,7 @@
$(plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CIL_FILES := \
$(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
@@ -450,7 +479,8 @@
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
else # ifeq ($(BOARD_SEPOLICY_VERS), $(PLATFORM_SEPOLICY_VERSION))
-prebuilt_mapping_files := $(wildcard $(addsuffix /mapping/$(BOARD_SEPOLICY_VERS).cil, $(PLAT_PRIVATE_POLICY)))
+prebuilt_mapping_files := $(wildcard \
+ $(addsuffix /compat/$(BOARD_SEPOLICY_VERS)/$(BOARD_SEPOLICY_VERS).cil, $(PLAT_PRIVATE_POLICY)))
$(current_mapping.cil) : $(prebuilt_mapping_files)
@mkdir -p $(dir $@)
cat $^ > $@
@@ -467,26 +497,6 @@
#################################
include $(CLEAR_VARS)
-LOCAL_MODULE := 27.0.cil
-LOCAL_SRC_FILES := private/compat/27.0/27.0.cil
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
-
-include $(BUILD_PREBUILT)
-#################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := 26.0.cil
-LOCAL_SRC_FILES := private/compat/26.0/26.0.cil
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
-
-include $(BUILD_PREBUILT)
-#################################
-include $(CLEAR_VARS)
-
LOCAL_MODULE := plat_and_mapping_sepolicy.cil.sha256
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -548,7 +558,7 @@
$(vendor_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
$(LOCAL_BUILT_MODULE): PRIVATE_POL_CONF := $(vendor_policy.conf)
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
@@ -571,6 +581,7 @@
#################################
include $(CLEAR_VARS)
+ifdef BOARD_ODM_SEPOLICY_DIRS
# odm_policy.cil - the odm sepolicy. This needs attributization and to be combined
# with the platform-provided policy. It makes use of the reqd_policy_mask files from private
# policy and the platform public policy files in order to use checkpolicy.
@@ -595,7 +606,7 @@
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
$(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
$(LOCAL_BUILT_MODULE): PRIVATE_POL_CONF := $(odm_policy.conf)
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
@@ -616,6 +627,7 @@
built_odm_cil := $(LOCAL_BUILT_MODULE)
odm_policy.conf :=
odm_policy_raw :=
+endif
#################################
include $(CLEAR_VARS)
@@ -741,7 +753,8 @@
$(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
$(BOARD_ODM_SEPOLICY_DIRS))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
+
ifeq ($(SELINUX_IGNORE_NEVERALLOWS),true)
$(hide) sed -z 's/\n\s*neverallow[^;]*;/\n/g' $@ > $@.neverallow
$(hide) mv $@.neverallow $@
@@ -783,10 +796,11 @@
$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
$(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts
+$(LOCAL_BUILT_MODULE): PRIVATE_EXCLUDE_BUILD_TEST := true
$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
##################################
# TODO - remove this. Keep around until we get the filesystem creation stuff taken care of.
@@ -818,14 +832,17 @@
local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
ifneq ($(filter address,$(SANITIZE_TARGET)),)
- local_fc_files := $(local_fc_files) $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
+ local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
+endif
+ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
endif
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
file_contexts.local.tmp := $(intermediates)/file_contexts.local.tmp
$(file_contexts.local.tmp): $(local_fcfiles_with_nl)
@mkdir -p $(dir $@)
- $(hide) m4 -s $^ > $@
+ $(hide) m4 --fatal-warnings -s $^ > $@
device_fc_files := $(call build_vendor_policy, file_contexts)
@@ -839,7 +856,7 @@
$(file_contexts.device.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(file_contexts.device.tmp): $(device_fcfiles_with_nl)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
file_contexts.device.sorted.tmp := $(intermediates)/file_contexts.device.sorted.tmp
$(file_contexts.device.sorted.tmp): PRIVATE_SEPOLICY := $(built_sepolicy)
@@ -852,7 +869,7 @@
file_contexts.concat.tmp := $(intermediates)/file_contexts.concat.tmp
$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
@mkdir -p $(dir $@)
- $(hide) m4 -s $^ > $@
+ $(hide) m4 --fatal-warnings -s $^ > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(file_contexts.concat.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/sefcontext_compile $(HOST_OUT_EXECUTABLES)/checkfc
@@ -906,6 +923,9 @@
ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
endif
+ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
+endif
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
@@ -914,7 +934,7 @@
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
$(local_fcfiles_with_nl) $(built_sepolicy)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_FC_FILES) > $@.tmp
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
@@ -945,7 +965,7 @@
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
$(vendor_fcfiles_with_nl) $(built_sepolicy)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
@@ -972,7 +992,7 @@
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
$(odm_fcfiles_with_nl) $(built_sepolicy)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
$(hide) $(PRIVATE_FC_SORT) $@.tmp $@
@@ -1133,7 +1153,7 @@
$(plat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_property_contexts.tmp): $(plat_pcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
@mkdir -p $(dir $@)
@@ -1165,7 +1185,7 @@
$(vendor_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vendor_property_contexts.tmp): $(vendor_pcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
@@ -1194,7 +1214,7 @@
$(odm_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(odm_property_contexts.tmp): $(odm_pcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
@@ -1270,7 +1290,7 @@
$(plat_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_service_contexts.tmp): $(plat_svcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(plat_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1302,7 +1322,7 @@
$(vendor_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vendor_service_contexts.tmp): $(vendor_svcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vendor_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1337,7 +1357,7 @@
$(plat_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_hwservice_contexts.tmp): $(plat_hwsvcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(plat_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1369,7 +1389,7 @@
$(vendor_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vendor_hwservice_contexts.tmp): $(vendor_hwsvcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vendor_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1397,7 +1417,7 @@
$(odm_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(odm_hwservice_contexts.tmp): $(odm_hwsvcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(odm_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1429,7 +1449,7 @@
$(vndservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vndservice_contexts.tmp): $(vnd_svcfiles)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1454,7 +1474,7 @@
$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY))
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
@@ -1488,7 +1508,7 @@
$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vendor_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
@@ -1516,7 +1536,7 @@
$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(odm_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+ $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
@@ -1553,8 +1573,6 @@
$(hide) touch $@
##################################
-ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
-
intermediates := $(call intermediates-dir-for,ETC,built_plat_sepolicy,,,,)
# plat_sepolicy - the current platform policy only, built into a policy binary.
@@ -1574,7 +1592,7 @@
$(base_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(BASE_PLAT_PUBLIC_POLICY) $(BASE_PLAT_PRIVATE_POLICY))
$(transform-policy-to-conf)
- $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
built_plat_sepolicy := $(intermediates)/built_plat_sepolicy
$(built_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
@@ -1590,6 +1608,27 @@
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@ -o $@ -f /dev/null
+base_plat_pub_policy.conf := $(intermediates)/base_plat_pub_policy.conf
+$(base_plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(base_plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_plat_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
+$(base_plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(base_plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(base_plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(base_plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
+$(base_plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(base_plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+$(BASE_PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+ $(transform-policy-to-conf)
+
+base_plat_pub_policy.cil := $(intermediates)/base_plat_pub_policy.cil
+$(base_plat_pub_policy.cil): PRIVATE_POL_CONF := $(base_plat_pub_policy.conf)
+$(base_plat_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(base_plat_pub_policy.cil): $(HOST_OUT_EXECUTABLES)/checkpolicy $(base_plat_pub_policy.conf) $(reqd_policy_mask.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@.tmp $(PRIVATE_POL_CONF)
+ $(hide) grep -Fxv -f $(PRIVATE_REQD_MASK) $@.tmp > $@
+
all_fc_files := $(built_plat_fc) $(built_vendor_fc)
ifdef BOARD_ODM_SEPOLICY_DIRS
all_fc_files += $(built_odm_fc)
@@ -1604,13 +1643,15 @@
version_under_treble_tests := 27.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+version_under_treble_tests := 28.0
+include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+
BASE_PLAT_PUBLIC_POLICY :=
BASE_PLAT_PRIVATE_POLICY :=
base_plat_policy.conf :=
+base_plat_pub_policy.conf :=
plat_sepolicy :=
-endif # ($(PRODUCT_SEPOLICY_SPLIT),true)
-
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_freeze_test
@@ -1635,8 +1676,8 @@
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_PLAT_PRIVATE_PREBUILT := $(base_plat_private_prebuilt)
$(LOCAL_BUILT_MODULE): $(all_frozen_files)
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
- @diff -rq $(PRIVATE_BASE_PLAT_PUBLIC_PREBUILT) $(PRIVATE_BASE_PLAT_PUBLIC)
- @diff -rq $(PRIVATE_BASE_PLAT_PRIVATE_PREBUILT) $(PRIVATE_BASE_PLAT_PRIVATE)
+ @diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PUBLIC_PREBUILT) $(PRIVATE_BASE_PLAT_PUBLIC)
+ @diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PRIVATE_PREBUILT) $(PRIVATE_BASE_PLAT_PRIVATE)
endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
$(hide) touch $@
diff --git a/OWNERS b/OWNERS
index 9d3f1b1..4b9cbf3 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,9 +1,10 @@
alanstokes@google.com
bowgotsai@google.com
-dcashman@google.com
jbires@google.com
jeffv@google.com
jgalenson@google.com
+nnk@google.com
+smoreland@google.com
sspatil@google.com
tomcherry@google.com
trong@google.com
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index 468243a..4ff0f5e 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -1,2 +1,3 @@
[Hook Scripts]
whitespace = tools/whitespace.sh ${PREUPLOAD_FILES}
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
new file mode 100644
index 0000000..bcd33b3
--- /dev/null
+++ b/build/soong/Android.bp
@@ -0,0 +1,29 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+bootstrap_go_package {
+ name: "soong-selinux",
+ pkgPath: "android/soong/selinux",
+ deps: [
+ "blueprint",
+ "soong",
+ "soong-android",
+ "soong-genrule",
+ ],
+ srcs: [
+ "cil_compat_map.go",
+ "filegroup.go"
+ ],
+ pluginFor: ["soong_build"],
+}
diff --git a/build/soong/cil_compat_map.go b/build/soong/cil_compat_map.go
new file mode 100644
index 0000000..2402d75
--- /dev/null
+++ b/build/soong/cil_compat_map.go
@@ -0,0 +1,185 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+// This file contains "se_cil_compat_map" module type used to build and install
+// sepolicy backwards compatibility mapping files.
+
+import (
+ "android/soong/android"
+ "fmt"
+ "io"
+
+ "github.com/google/blueprint/proptools"
+ "github.com/google/blueprint"
+)
+
+var (
+ pctx = android.NewPackageContext("android/soong/selinux")
+
+ combine_maps = pctx.HostBinToolVariable("combine_maps", "combine_maps")
+ combineMapsCmd = "${combine_maps} -t ${topHalf} -b ${bottomHalf} -o $out"
+ combineMapsRule = pctx.StaticRule(
+ "combineMapsRule",
+ blueprint.RuleParams{
+ Command: combineMapsCmd,
+ CommandDeps: []string{"${combine_maps}"},
+ },
+ "topHalf",
+ "bottomHalf",
+ )
+
+ String = proptools.String
+ TopHalfDepTag = dependencyTag{name: "top"}
+)
+
+func init() {
+ android.RegisterModuleType("se_cil_compat_map", cilCompatMapFactory)
+ pctx.Import("android/soong/common")
+}
+
+func cilCompatMapFactory() android.Module {
+ c := &cilCompatMap{}
+ c.AddProperties(&c.properties)
+ android.InitAndroidModule(c)
+ return c
+}
+
+type cilCompatMapProperties struct {
+ // se_cil_compat_map module representing a compatibility mapping file for
+ // platform versions (x->y). Bottom half represents a mapping (y->z).
+ // Together the halves are used to generate a (x->z) mapping.
+ Top_half *string
+ // list of source (.cil) files used to build an the bottom half of sepolicy
+ // compatibility mapping file. bottom_half may reference the outputs of
+ // other modules that produce source files like genrule or filegroup using
+ // the syntax ":module". srcs has to be non-empty.
+ Bottom_half []string
+}
+
+type cilCompatMap struct {
+ android.ModuleBase
+ properties cilCompatMapProperties
+ // (.intermediate) module output path as installation source.
+ installSource android.Path
+}
+
+type CilCompatMapGenerator interface {
+ GeneratedMapFile() android.Path
+}
+
+type dependencyTag struct {
+ blueprint.BaseDependencyTag
+ name string
+}
+
+func expandTopHalf(ctx android.ModuleContext) android.OptionalPath {
+ var topHalf android.OptionalPath
+ ctx.VisitDirectDeps(func(dep android.Module) {
+ depTag := ctx.OtherModuleDependencyTag(dep)
+ switch depTag {
+ case TopHalfDepTag:
+ topHalf = android.OptionalPathForPath(dep.(CilCompatMapGenerator).GeneratedMapFile())
+ }
+ })
+ return topHalf
+}
+
+func expandSeSources(ctx android.ModuleContext, srcFiles []string) android.Paths {
+ expandedSrcFiles := make(android.Paths, 0, len(srcFiles))
+ for _, s := range srcFiles {
+ if m := android.SrcIsModule(s); m != "" {
+ module := ctx.GetDirectDepWithTag(m, android.SourceDepTag)
+ if module == nil {
+ // Error will have been handled by ExtractSourcesDeps
+ continue
+ }
+ if fg, ok := module.(*fileGroup); ok {
+ // Core compatibility mapping files are under system/sepolicy/private.
+ expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
+ // Partner extensions to the compatibility mapping in must be located in
+ // BOARD_PLAT_PRIVATE_SEPOLICY_DIR
+ expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
+ } else {
+ ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup", m)
+ }
+ } else {
+ p := android.PathForModuleSrc(ctx, s)
+ expandedSrcFiles = append(expandedSrcFiles, p)
+ }
+ }
+ return expandedSrcFiles
+}
+
+func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ srcFiles := expandSeSources(ctx, c.properties.Bottom_half)
+
+ for _, src := range srcFiles {
+ if src.Ext() != ".cil" {
+ ctx.PropertyErrorf("bottom_half", "%s has to be a .cil file.", src.String())
+ }
+ }
+
+ bottomHalf := android.PathForModuleGen(ctx, "bottom_half")
+ ctx.Build(pctx, android.BuildParams{
+ Rule: android.Cat,
+ Output: bottomHalf,
+ Inputs: srcFiles,
+ })
+
+ topHalf := expandTopHalf(ctx)
+ if (topHalf.Valid()) {
+ out := android.PathForModuleGen(ctx, c.Name())
+ ctx.ModuleBuild(pctx, android.ModuleBuildParams{
+ Rule: combineMapsRule,
+ Output: out,
+ Implicits: []android.Path{
+ topHalf.Path(),
+ bottomHalf,
+ },
+ Args: map[string]string{
+ "topHalf": topHalf.String(),
+ "bottomHalf": bottomHalf.String(),
+ },
+ })
+ c.installSource = out
+ } else {
+ c.installSource = bottomHalf
+ }
+}
+
+func (c *cilCompatMap) DepsMutator(ctx android.BottomUpMutatorContext) {
+ android.ExtractSourcesDeps(ctx, c.properties.Bottom_half)
+ if (c.properties.Top_half != nil) {
+ ctx.AddDependency(c, TopHalfDepTag, String(c.properties.Top_half))
+ }
+}
+
+func (c *cilCompatMap) AndroidMk() android.AndroidMkData {
+ ret := android.AndroidMkData{
+ OutputFile: android.OptionalPathForPath(c.installSource),
+ Class: "ETC",
+ }
+ ret.Extra = append(ret.Extra, func(w io.Writer, outputFile android.Path) {
+ fmt.Fprintln(w, "LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping")
+ })
+ return ret
+}
+
+var _ CilCompatMapGenerator = (*cilCompatMap)(nil)
+
+func (c *cilCompatMap) GeneratedMapFile() android.Path {
+ return c.installSource
+}
diff --git a/build/soong/filegroup.go b/build/soong/filegroup.go
new file mode 100644
index 0000000..7f75e48
--- /dev/null
+++ b/build/soong/filegroup.go
@@ -0,0 +1,130 @@
+// Copyright 2018 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "android/soong/android"
+ "path/filepath"
+)
+
+func init() {
+ android.RegisterModuleType("se_filegroup", FileGroupFactory)
+}
+
+func FileGroupFactory() android.Module {
+ module := &fileGroup{}
+ module.AddProperties(&module.properties)
+ android.InitAndroidModule(module)
+ return module
+}
+
+type fileGroupProperties struct {
+ // list of source file suffixes used to collect selinux policy files.
+ // Source files will be looked up in the following local directories:
+ // system/sepolicy/{public, private, vendor, reqd_mask}
+ // and directories specified by following config variables:
+ // BOARD_SEPOLICY_DIRS, BOARD_ODM_SEPOLICY_DIRS
+ // BOARD_PLAT_PUBLIC_SEPOLICY_DIR, BOARD_PLAT_PRIVATE_SEPOLICY_DIR
+ Srcs []string
+}
+
+type fileGroup struct {
+ android.ModuleBase
+ properties fileGroupProperties
+
+ systemPublicSrcs android.Paths
+ systemPrivateSrcs android.Paths
+ systemVendorSrcs android.Paths
+ systemReqdMaskSrcs android.Paths
+
+ systemExtPublicSrcs android.Paths
+ systemExtPrivateSrcs android.Paths
+
+ vendorSrcs android.Paths
+ odmSrcs android.Paths
+}
+
+// Source files from system/sepolicy/public
+func (fg *fileGroup) SystemPublicSrcs() android.Paths {
+ return fg.systemPublicSrcs
+}
+
+// Source files from system/sepolicy/private
+func (fg *fileGroup) SystemPrivateSrcs() android.Paths {
+ return fg.systemPrivateSrcs
+}
+
+// Source files from system/sepolicy/vendor
+func (fg *fileGroup) SystemVendorSrcs() android.Paths {
+ return fg.systemVendorSrcs
+}
+
+// Source files from system/sepolicy/reqd_mask
+func (fg *fileGroup) SystemReqdMaskSrcs() android.Paths {
+ return fg.systemReqdMaskSrcs
+}
+
+// Source files from BOARD_PLAT_PUBLIC_SEPOLICY_DIR
+func (fg *fileGroup) SystemExtPublicSrcs() android.Paths {
+ return fg.systemExtPublicSrcs
+}
+
+// Source files from BOARD_PLAT_PRIVATE_SEPOLICY_DIR
+func (fg *fileGroup) SystemExtPrivateSrcs() android.Paths {
+ return fg.systemExtPrivateSrcs
+}
+
+// Source files from BOARD_SEPOLICY_DIRS
+func (fg *fileGroup) VendorSrcs() android.Paths {
+ return fg.vendorSrcs
+}
+
+// Source files from BOARD_ODM_SEPOLICY_DIRS
+func (fg *fileGroup) OdmSrcs() android.Paths {
+ return fg.odmSrcs
+}
+
+func (fg *fileGroup) findSrcsInDirs(ctx android.ModuleContext, dirs []string) android.Paths {
+ result := android.Paths{}
+ for _, f := range fg.properties.Srcs {
+ for _, d := range dirs {
+ path := filepath.Join(d, f)
+ files, _ := ctx.GlobWithDeps(path, nil)
+ for _, f := range files {
+ result = append(result, android.PathForSource(ctx, f))
+ }
+ }
+ }
+ return result
+}
+
+func (fg *fileGroup) findSrcsInDir(ctx android.ModuleContext, dir string) android.Paths {
+ return fg.findSrcsInDirs(ctx, []string{dir})
+}
+
+func (fg *fileGroup) DepsMutator(ctx android.BottomUpMutatorContext) {}
+
+func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ fg.systemPublicSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "public"))
+ fg.systemPrivateSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "private"))
+ fg.systemVendorSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "vendor"))
+ fg.systemReqdMaskSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask"))
+
+ fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().PlatPublicSepolicyDirs())
+ fg.systemExtPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().PlatPrivateSepolicyDirs())
+
+ fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
+ fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
+}
diff --git a/definitions.mk b/definitions.mk
index 4b9e098..2ea2b03 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -2,7 +2,7 @@
# processed by checkpolicy
define transform-policy-to-conf
@mkdir -p $(dir $@)
-$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
+$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
@@ -10,6 +10,7 @@
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
+ -D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
$(PRIVATE_TGT_RECOVERY) \
-s $^ > $@
endef
diff --git a/prebuilts/api/28.0/plat_pub_versioned.cil b/prebuilts/api/28.0/plat_pub_versioned.cil
new file mode 100644
index 0000000..d98a249
--- /dev/null
+++ b/prebuilts/api/28.0/plat_pub_versioned.cil
@@ -0,0 +1,8871 @@
+(roletype r domain)
+(typeattribute dev_type)
+(typeattributeset dev_type (device_28_0 alarm_device_28_0 ashmem_device_28_0 audio_device_28_0 audio_timer_device_28_0 audio_seq_device_28_0 binder_device_28_0 hwbinder_device_28_0 vndbinder_device_28_0 block_device_28_0 camera_device_28_0 dm_device_28_0 keychord_device_28_0 loop_control_device_28_0 loop_device_28_0 pmsg_device_28_0 radio_device_28_0 ram_device_28_0 rtc_device_28_0 vold_device_28_0 console_device_28_0 cpuctl_device_28_0 fscklogs_28_0 full_device_28_0 gpu_device_28_0 graphics_device_28_0 hw_random_device_28_0 input_device_28_0 kmem_device_28_0 port_device_28_0 lowpan_device_28_0 mtd_device_28_0 mtp_device_28_0 nfc_device_28_0 ptmx_device_28_0 kmsg_device_28_0 kmsg_debug_device_28_0 null_device_28_0 random_device_28_0 secure_element_device_28_0 sensors_device_28_0 serial_device_28_0 socket_device_28_0 owntty_device_28_0 tty_device_28_0 video_device_28_0 vcs_device_28_0 zero_device_28_0 fuse_device_28_0 iio_device_28_0 ion_device_28_0 qtaguid_device_28_0 watchdog_device_28_0 uhid_device_28_0 uio_device_28_0 tun_device_28_0 usbaccessory_device_28_0 usb_device_28_0 properties_device_28_0 properties_serial_28_0 property_info_28_0 i2c_device_28_0 hci_attach_dev_28_0 rpmsg_device_28_0 root_block_device_28_0 frp_block_device_28_0 system_block_device_28_0 recovery_block_device_28_0 boot_block_device_28_0 userdata_block_device_28_0 cache_block_device_28_0 swap_block_device_28_0 metadata_block_device_28_0 misc_block_device_28_0 ppp_device_28_0 tee_device_28_0))
+(typeattribute domain)
+(typeattributeset domain (adbd_28_0 audioserver_28_0 blkid_28_0 blkid_untrusted_28_0 bluetooth_28_0 bootanim_28_0 bootstat_28_0 bufferhubd_28_0 cameraserver_28_0 charger_28_0 clatd_28_0 cppreopts_28_0 crash_dump_28_0 dex2oat_28_0 dhcp_28_0 dnsmasq_28_0 drmserver_28_0 dumpstate_28_0 e2fs_28_0 ephemeral_app_28_0 fingerprintd_28_0 fsck_28_0 fsck_untrusted_28_0 gatekeeperd_28_0 healthd_28_0 hwservicemanager_28_0 idmap_28_0 incident_28_0 incident_helper_28_0 incidentd_28_0 init_28_0 inputflinger_28_0 install_recovery_28_0 installd_28_0 isolated_app_28_0 kernel_28_0 keystore_28_0 lmkd_28_0 logd_28_0 logpersist_28_0 mdnsd_28_0 mediacodec_28_0 mediadrmserver_28_0 mediaextractor_28_0 mediametrics_28_0 mediaprovider_28_0 mediaserver_28_0 modprobe_28_0 mtp_28_0 netd_28_0 netutils_wrapper_28_0 nfc_28_0 otapreopt_chroot_28_0 otapreopt_slot_28_0 performanced_28_0 perfprofd_28_0 platform_app_28_0 postinstall_28_0 postinstall_dexopt_28_0 ppp_28_0 preopt2cachename_28_0 priv_app_28_0 profman_28_0 racoon_28_0 radio_28_0 recovery_28_0 recovery_persist_28_0 recovery_refresh_28_0 runas_28_0 sdcardd_28_0 secure_element_28_0 servicemanager_28_0 sgdisk_28_0 shared_relro_28_0 shell_28_0 slideshow_28_0 su_28_0 surfaceflinger_28_0 system_app_28_0 system_server_28_0 tee_28_0 thermalserviced_28_0 tombstoned_28_0 toolbox_28_0 traced_probes_28_0 traceur_app_28_0 tzdatacheck_28_0 ueventd_28_0 uncrypt_28_0 untrusted_app_28_0 untrusted_app_27_28_0 untrusted_app_25_28_0 untrusted_v2_app_28_0 update_engine_28_0 update_verifier_28_0 usbd_28_0 vdc_28_0 vendor_init_28_0 vendor_shell_28_0 virtual_touchpad_28_0 vndservicemanager_28_0 vold_28_0 vold_prepare_subdirs_28_0 vr_hwc_28_0 watchdogd_28_0 webview_zygote_28_0 wificond_28_0 wpantund_28_0 zygote_28_0))
+(typeattribute fs_type)
+(typeattributeset fs_type (device_28_0 labeledfs_28_0 pipefs_28_0 sockfs_28_0 rootfs_28_0 proc_28_0 proc_security_28_0 proc_drop_caches_28_0 proc_overcommit_memory_28_0 proc_min_free_order_shift_28_0 usermodehelper_28_0 sysfs_usermodehelper_28_0 qtaguid_proc_28_0 proc_qtaguid_stat_28_0 proc_bluetooth_writable_28_0 proc_abi_28_0 proc_asound_28_0 proc_buddyinfo_28_0 proc_cmdline_28_0 proc_cpuinfo_28_0 proc_dirty_28_0 proc_diskstats_28_0 proc_extra_free_kbytes_28_0 proc_filesystems_28_0 proc_hostname_28_0 proc_hung_task_28_0 proc_interrupts_28_0 proc_iomem_28_0 proc_kmsg_28_0 proc_loadavg_28_0 proc_max_map_count_28_0 proc_meminfo_28_0 proc_misc_28_0 proc_modules_28_0 proc_mounts_28_0 proc_net_28_0 proc_page_cluster_28_0 proc_pagetypeinfo_28_0 proc_panic_28_0 proc_perf_28_0 proc_pid_max_28_0 proc_pipe_conf_28_0 proc_random_28_0 proc_sched_28_0 proc_stat_28_0 proc_swaps_28_0 proc_sysrq_28_0 proc_timer_28_0 proc_tty_drivers_28_0 proc_uid_cputime_showstat_28_0 proc_uid_cputime_removeuid_28_0 proc_uid_io_stats_28_0 proc_uid_procstat_set_28_0 proc_uid_time_in_state_28_0 proc_uid_concurrent_active_time_28_0 proc_uid_concurrent_policy_time_28_0 proc_uid_cpupower_28_0 proc_uptime_28_0 proc_version_28_0 proc_vmallocinfo_28_0 proc_vmstat_28_0 proc_zoneinfo_28_0 selinuxfs_28_0 cgroup_28_0 cgroup_bpf_28_0 sysfs_28_0 sysfs_android_usb_28_0 sysfs_uio_28_0 sysfs_batteryinfo_28_0 sysfs_bluetooth_writable_28_0 sysfs_dm_28_0 sysfs_dt_firmware_android_28_0 sysfs_ipv4_28_0 sysfs_kernel_notes_28_0 sysfs_leds_28_0 sysfs_hwrandom_28_0 sysfs_nfc_power_writable_28_0 sysfs_wake_lock_28_0 sysfs_mac_address_28_0 sysfs_net_28_0 sysfs_power_28_0 sysfs_rtc_28_0 sysfs_switch_28_0 sysfs_usb_28_0 sysfs_wakeup_reasons_28_0 sysfs_fs_ext4_features_28_0 fs_bpf_28_0 configfs_28_0 sysfs_devices_system_cpu_28_0 sysfs_lowmemorykiller_28_0 sysfs_wlan_fwpath_28_0 sysfs_vibrator_28_0 sysfs_thermal_28_0 sysfs_zram_28_0 sysfs_zram_uevent_28_0 inotify_28_0 devpts_28_0 tmpfs_28_0 shm_28_0 mqueue_28_0 fuse_28_0 sdcardfs_28_0 vfat_28_0 exfat_28_0 debugfs_28_0 debugfs_mmc_28_0 debugfs_trace_marker_28_0 debugfs_tracing_28_0 debugfs_tracing_debug_28_0 debugfs_tracing_instances_28_0 debugfs_wakeup_sources_28_0 debugfs_wifi_tracing_28_0 pstorefs_28_0 functionfs_28_0 oemfs_28_0 usbfs_28_0 binfmt_miscfs_28_0 app_fusefs_28_0))
+(typeattribute contextmount_type)
+(typeattributeset contextmount_type (oemfs_28_0 app_fusefs_28_0))
+(typeattribute file_type)
+(typeattributeset file_type (adbd_exec_28_0 bootanim_exec_28_0 bootstat_exec_28_0 bufferhubd_exec_28_0 cameraserver_exec_28_0 clatd_exec_28_0 cppreopts_exec_28_0 crash_dump_exec_28_0 dex2oat_exec_28_0 dhcp_exec_28_0 dnsmasq_exec_28_0 drmserver_exec_28_0 drmserver_socket_28_0 dumpstate_exec_28_0 e2fs_exec_28_0 unlabeled_28_0 system_file_28_0 vendor_hal_file_28_0 vendor_file_28_0 vendor_app_file_28_0 vendor_configs_file_28_0 same_process_hal_file_28_0 vndk_sp_file_28_0 vendor_framework_file_28_0 vendor_overlay_file_28_0 metadata_file_28_0 vold_metadata_file_28_0 runtime_event_log_tags_file_28_0 logcat_exec_28_0 coredump_file_28_0 system_data_file_28_0 vendor_data_file_28_0 unencrypted_data_file_28_0 install_data_file_28_0 drm_data_file_28_0 adb_data_file_28_0 anr_data_file_28_0 tombstone_data_file_28_0 tombstone_wifi_data_file_28_0 apk_data_file_28_0 apk_tmp_file_28_0 apk_private_data_file_28_0 apk_private_tmp_file_28_0 dalvikcache_data_file_28_0 ota_data_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 profman_dump_data_file_28_0 resourcecache_data_file_28_0 shell_data_file_28_0 property_data_file_28_0 bootchart_data_file_28_0 heapdump_data_file_28_0 nativetest_data_file_28_0 ringtone_file_28_0 preloads_data_file_28_0 preloads_media_file_28_0 dhcp_data_file_28_0 mnt_media_rw_file_28_0 mnt_user_file_28_0 mnt_expand_file_28_0 storage_file_28_0 mnt_media_rw_stub_file_28_0 storage_stub_file_28_0 mnt_vendor_file_28_0 postinstall_mnt_dir_28_0 postinstall_file_28_0 adb_keys_file_28_0 audio_data_file_28_0 audioserver_data_file_28_0 bluetooth_data_file_28_0 bluetooth_logs_data_file_28_0 bootstat_data_file_28_0 boottrace_data_file_28_0 camera_data_file_28_0 gatekeeper_data_file_28_0 incident_data_file_28_0 keychain_data_file_28_0 keystore_data_file_28_0 media_data_file_28_0 media_rw_data_file_28_0 misc_user_data_file_28_0 net_data_file_28_0 network_watchlist_data_file_28_0 nfc_data_file_28_0 radio_data_file_28_0 recovery_data_file_28_0 shared_relro_file_28_0 systemkeys_data_file_28_0 textclassifier_data_file_28_0 trace_data_file_28_0 vpn_data_file_28_0 wifi_data_file_28_0 zoneinfo_data_file_28_0 vold_data_file_28_0 perfprofd_data_file_28_0 tee_data_file_28_0 update_engine_data_file_28_0 update_engine_log_data_file_28_0 method_trace_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_private_backup_file_28_0 cache_recovery_file_28_0 efs_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 icon_file_28_0 asec_apk_file_28_0 asec_public_file_28_0 asec_image_file_28_0 backup_data_file_28_0 bluetooth_efs_file_28_0 fingerprintd_data_file_28_0 fingerprint_vendor_data_file_28_0 app_fuse_file_28_0 adbd_socket_28_0 bluetooth_socket_28_0 dnsproxyd_socket_28_0 dumpstate_socket_28_0 fwmarkd_socket_28_0 lmkd_socket_28_0 logd_socket_28_0 logdr_socket_28_0 logdw_socket_28_0 mdns_socket_28_0 mdnsd_socket_28_0 misc_logd_file_28_0 mtpd_socket_28_0 netd_socket_28_0 property_socket_28_0 racoon_socket_28_0 rild_socket_28_0 rild_debug_socket_28_0 system_wpa_socket_28_0 system_ndebug_socket_28_0 tombstoned_crash_socket_28_0 tombstoned_java_trace_socket_28_0 tombstoned_intercept_socket_28_0 traced_producer_socket_28_0 traced_consumer_socket_28_0 uncrypt_socket_28_0 wpa_socket_28_0 zygote_socket_28_0 gps_control_28_0 pdx_display_dir_28_0 pdx_performance_dir_28_0 pdx_bufferhub_dir_28_0 pdx_display_client_endpoint_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0 file_contexts_file_28_0 mac_perms_file_28_0 property_contexts_file_28_0 seapp_contexts_file_28_0 sepolicy_file_28_0 service_contexts_file_28_0 nonplat_service_contexts_file_28_0 hwservice_contexts_file_28_0 vndservice_contexts_file_28_0 audiohal_data_file_28_0 fingerprintd_exec_28_0 fsck_exec_28_0 gatekeeperd_exec_28_0 healthd_exec_28_0 hwservicemanager_exec_28_0 idmap_exec_28_0 init_exec_28_0 inputflinger_exec_28_0 install_recovery_exec_28_0 installd_exec_28_0 keystore_exec_28_0 lmkd_exec_28_0 logd_exec_28_0 mediacodec_exec_28_0 mediadrmserver_exec_28_0 mediaextractor_exec_28_0 mediametrics_exec_28_0 mediaserver_exec_28_0 mtp_exec_28_0 netd_exec_28_0 netutils_wrapper_exec_28_0 otapreopt_chroot_exec_28_0 otapreopt_slot_exec_28_0 performanced_exec_28_0 perfprofd_exec_28_0 ppp_exec_28_0 preopt2cachename_exec_28_0 profman_exec_28_0 racoon_exec_28_0 recovery_persist_exec_28_0 recovery_refresh_exec_28_0 runas_exec_28_0 sdcardd_exec_28_0 servicemanager_exec_28_0 sgdisk_exec_28_0 shell_exec_28_0 su_exec_28_0 thermalserviced_exec_28_0 tombstoned_exec_28_0 toolbox_exec_28_0 tzdatacheck_exec_28_0 uncrypt_exec_28_0 update_engine_exec_28_0 update_verifier_exec_28_0 usbd_exec_28_0 vdc_exec_28_0 vendor_shell_exec_28_0 vendor_toolbox_exec_28_0 virtual_touchpad_exec_28_0 vold_exec_28_0 vold_prepare_subdirs_exec_28_0 vr_hwc_exec_28_0 webview_zygote_exec_28_0 wificond_exec_28_0 wpantund_exec_28_0 zygote_exec_28_0))
+(typeattribute exec_type)
+(typeattributeset exec_type (adbd_exec_28_0 bootanim_exec_28_0 bootstat_exec_28_0 bufferhubd_exec_28_0 cameraserver_exec_28_0 clatd_exec_28_0 cppreopts_exec_28_0 crash_dump_exec_28_0 dex2oat_exec_28_0 dhcp_exec_28_0 dnsmasq_exec_28_0 drmserver_exec_28_0 dumpstate_exec_28_0 e2fs_exec_28_0 logcat_exec_28_0 fingerprintd_exec_28_0 fsck_exec_28_0 gatekeeperd_exec_28_0 healthd_exec_28_0 hwservicemanager_exec_28_0 idmap_exec_28_0 init_exec_28_0 inputflinger_exec_28_0 install_recovery_exec_28_0 installd_exec_28_0 keystore_exec_28_0 lmkd_exec_28_0 logd_exec_28_0 mediacodec_exec_28_0 mediadrmserver_exec_28_0 mediaextractor_exec_28_0 mediametrics_exec_28_0 mediaserver_exec_28_0 mtp_exec_28_0 netd_exec_28_0 netutils_wrapper_exec_28_0 otapreopt_chroot_exec_28_0 otapreopt_slot_exec_28_0 performanced_exec_28_0 perfprofd_exec_28_0 ppp_exec_28_0 preopt2cachename_exec_28_0 profman_exec_28_0 racoon_exec_28_0 recovery_persist_exec_28_0 recovery_refresh_exec_28_0 runas_exec_28_0 sdcardd_exec_28_0 servicemanager_exec_28_0 sgdisk_exec_28_0 shell_exec_28_0 su_exec_28_0 thermalserviced_exec_28_0 tombstoned_exec_28_0 toolbox_exec_28_0 tzdatacheck_exec_28_0 uncrypt_exec_28_0 update_engine_exec_28_0 update_verifier_exec_28_0 usbd_exec_28_0 vdc_exec_28_0 vendor_shell_exec_28_0 vendor_toolbox_exec_28_0 virtual_touchpad_exec_28_0 vold_exec_28_0 vold_prepare_subdirs_exec_28_0 vr_hwc_exec_28_0 webview_zygote_exec_28_0 wificond_exec_28_0 wpantund_exec_28_0 zygote_exec_28_0))
+(typeattribute data_file_type)
+(expandtypeattribute (data_file_type) false)
+(typeattributeset data_file_type (system_data_file_28_0 vendor_data_file_28_0 unencrypted_data_file_28_0 install_data_file_28_0 drm_data_file_28_0 adb_data_file_28_0 anr_data_file_28_0 tombstone_data_file_28_0 tombstone_wifi_data_file_28_0 apk_data_file_28_0 apk_tmp_file_28_0 apk_private_data_file_28_0 apk_private_tmp_file_28_0 dalvikcache_data_file_28_0 ota_data_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 profman_dump_data_file_28_0 resourcecache_data_file_28_0 shell_data_file_28_0 property_data_file_28_0 bootchart_data_file_28_0 heapdump_data_file_28_0 nativetest_data_file_28_0 ringtone_file_28_0 preloads_data_file_28_0 preloads_media_file_28_0 dhcp_data_file_28_0 adb_keys_file_28_0 audio_data_file_28_0 audioserver_data_file_28_0 bluetooth_data_file_28_0 bluetooth_logs_data_file_28_0 bootstat_data_file_28_0 boottrace_data_file_28_0 camera_data_file_28_0 gatekeeper_data_file_28_0 incident_data_file_28_0 keychain_data_file_28_0 keystore_data_file_28_0 media_data_file_28_0 media_rw_data_file_28_0 misc_user_data_file_28_0 net_data_file_28_0 network_watchlist_data_file_28_0 nfc_data_file_28_0 radio_data_file_28_0 recovery_data_file_28_0 shared_relro_file_28_0 systemkeys_data_file_28_0 textclassifier_data_file_28_0 trace_data_file_28_0 vpn_data_file_28_0 wifi_data_file_28_0 zoneinfo_data_file_28_0 vold_data_file_28_0 perfprofd_data_file_28_0 tee_data_file_28_0 update_engine_data_file_28_0 update_engine_log_data_file_28_0 method_trace_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_private_backup_file_28_0 cache_recovery_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 icon_file_28_0 asec_apk_file_28_0 asec_public_file_28_0 asec_image_file_28_0 backup_data_file_28_0 fingerprintd_data_file_28_0 fingerprint_vendor_data_file_28_0 app_fuse_file_28_0 bluetooth_socket_28_0 misc_logd_file_28_0 system_wpa_socket_28_0 system_ndebug_socket_28_0 wpa_socket_28_0 audiohal_data_file_28_0))
+(typeattribute core_data_file_type)
+(expandtypeattribute (core_data_file_type) false)
+(typeattributeset core_data_file_type (system_data_file_28_0 unencrypted_data_file_28_0 install_data_file_28_0 drm_data_file_28_0 adb_data_file_28_0 anr_data_file_28_0 tombstone_data_file_28_0 apk_data_file_28_0 apk_tmp_file_28_0 apk_private_data_file_28_0 apk_private_tmp_file_28_0 dalvikcache_data_file_28_0 ota_data_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 profman_dump_data_file_28_0 resourcecache_data_file_28_0 shell_data_file_28_0 property_data_file_28_0 bootchart_data_file_28_0 heapdump_data_file_28_0 nativetest_data_file_28_0 ringtone_file_28_0 preloads_data_file_28_0 preloads_media_file_28_0 dhcp_data_file_28_0 adb_keys_file_28_0 audio_data_file_28_0 audioserver_data_file_28_0 bluetooth_data_file_28_0 bluetooth_logs_data_file_28_0 bootstat_data_file_28_0 boottrace_data_file_28_0 camera_data_file_28_0 gatekeeper_data_file_28_0 incident_data_file_28_0 keychain_data_file_28_0 keystore_data_file_28_0 media_data_file_28_0 media_rw_data_file_28_0 misc_user_data_file_28_0 net_data_file_28_0 network_watchlist_data_file_28_0 nfc_data_file_28_0 radio_data_file_28_0 recovery_data_file_28_0 shared_relro_file_28_0 systemkeys_data_file_28_0 textclassifier_data_file_28_0 trace_data_file_28_0 vpn_data_file_28_0 wifi_data_file_28_0 zoneinfo_data_file_28_0 vold_data_file_28_0 perfprofd_data_file_28_0 update_engine_data_file_28_0 update_engine_log_data_file_28_0 method_trace_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_private_backup_file_28_0 cache_recovery_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 icon_file_28_0 asec_apk_file_28_0 asec_public_file_28_0 asec_image_file_28_0 backup_data_file_28_0 fingerprintd_data_file_28_0 app_fuse_file_28_0 bluetooth_socket_28_0 misc_logd_file_28_0 system_wpa_socket_28_0 system_ndebug_socket_28_0 wpa_socket_28_0 audiohal_data_file_28_0))
+(typeattribute vendor_file_type)
+(typeattributeset vendor_file_type (vendor_hal_file_28_0 vendor_file_28_0 vendor_app_file_28_0 vendor_configs_file_28_0 same_process_hal_file_28_0 vndk_sp_file_28_0 vendor_framework_file_28_0 vendor_overlay_file_28_0 mediacodec_exec_28_0 vendor_shell_exec_28_0 vendor_toolbox_exec_28_0))
+(typeattribute proc_type)
+(expandtypeattribute (proc_type) false)
+(typeattributeset proc_type (proc_28_0 proc_security_28_0 proc_drop_caches_28_0 proc_overcommit_memory_28_0 proc_min_free_order_shift_28_0 usermodehelper_28_0 qtaguid_proc_28_0 proc_qtaguid_stat_28_0 proc_bluetooth_writable_28_0 proc_abi_28_0 proc_asound_28_0 proc_buddyinfo_28_0 proc_cmdline_28_0 proc_cpuinfo_28_0 proc_dirty_28_0 proc_diskstats_28_0 proc_extra_free_kbytes_28_0 proc_filesystems_28_0 proc_hostname_28_0 proc_hung_task_28_0 proc_interrupts_28_0 proc_iomem_28_0 proc_kmsg_28_0 proc_loadavg_28_0 proc_max_map_count_28_0 proc_meminfo_28_0 proc_misc_28_0 proc_modules_28_0 proc_mounts_28_0 proc_net_28_0 proc_page_cluster_28_0 proc_pagetypeinfo_28_0 proc_panic_28_0 proc_perf_28_0 proc_pid_max_28_0 proc_pipe_conf_28_0 proc_random_28_0 proc_sched_28_0 proc_stat_28_0 proc_swaps_28_0 proc_sysrq_28_0 proc_timer_28_0 proc_tty_drivers_28_0 proc_uid_cputime_showstat_28_0 proc_uid_cputime_removeuid_28_0 proc_uid_io_stats_28_0 proc_uid_procstat_set_28_0 proc_uid_time_in_state_28_0 proc_uid_concurrent_active_time_28_0 proc_uid_concurrent_policy_time_28_0 proc_uid_cpupower_28_0 proc_uptime_28_0 proc_version_28_0 proc_vmallocinfo_28_0 proc_vmstat_28_0 proc_zoneinfo_28_0))
+(typeattribute sysfs_type)
+(typeattributeset sysfs_type (sysfs_usermodehelper_28_0 sysfs_28_0 sysfs_android_usb_28_0 sysfs_uio_28_0 sysfs_batteryinfo_28_0 sysfs_bluetooth_writable_28_0 sysfs_dm_28_0 sysfs_dt_firmware_android_28_0 sysfs_ipv4_28_0 sysfs_kernel_notes_28_0 sysfs_leds_28_0 sysfs_hwrandom_28_0 sysfs_nfc_power_writable_28_0 sysfs_wake_lock_28_0 sysfs_mac_address_28_0 sysfs_net_28_0 sysfs_power_28_0 sysfs_rtc_28_0 sysfs_switch_28_0 sysfs_usb_28_0 sysfs_wakeup_reasons_28_0 sysfs_fs_ext4_features_28_0 sysfs_devices_system_cpu_28_0 sysfs_lowmemorykiller_28_0 sysfs_wlan_fwpath_28_0 sysfs_vibrator_28_0 sysfs_thermal_28_0 sysfs_zram_28_0 sysfs_zram_uevent_28_0))
+(typeattribute debugfs_type)
+(typeattributeset debugfs_type (debugfs_28_0 debugfs_mmc_28_0 debugfs_trace_marker_28_0 debugfs_tracing_28_0 debugfs_tracing_debug_28_0 debugfs_tracing_instances_28_0 debugfs_wakeup_sources_28_0 debugfs_wifi_tracing_28_0))
+(typeattribute sdcard_type)
+(typeattributeset sdcard_type (fuse_28_0 sdcardfs_28_0 vfat_28_0 exfat_28_0))
+(typeattribute node_type)
+(typeattributeset node_type (node_28_0))
+(typeattribute netif_type)
+(typeattributeset netif_type (netif_28_0))
+(typeattribute port_type)
+(typeattributeset port_type (port_28_0))
+(typeattribute property_type)
+(typeattributeset property_type (audio_prop_28_0 boottime_prop_28_0 bluetooth_a2dp_offload_prop_28_0 bluetooth_prop_28_0 bootloader_boot_reason_prop_28_0 config_prop_28_0 cppreopt_prop_28_0 ctl_bootanim_prop_28_0 ctl_bugreport_prop_28_0 ctl_console_prop_28_0 ctl_default_prop_28_0 ctl_dumpstate_prop_28_0 ctl_fuse_prop_28_0 ctl_interface_restart_prop_28_0 ctl_interface_start_prop_28_0 ctl_interface_stop_prop_28_0 ctl_mdnsd_prop_28_0 ctl_restart_prop_28_0 ctl_rildaemon_prop_28_0 ctl_sigstop_prop_28_0 ctl_start_prop_28_0 ctl_stop_prop_28_0 dalvik_prop_28_0 debuggerd_prop_28_0 debug_prop_28_0 default_prop_28_0 device_logging_prop_28_0 dhcp_prop_28_0 dumpstate_options_prop_28_0 dumpstate_prop_28_0 exported_secure_prop_28_0 ffs_prop_28_0 fingerprint_prop_28_0 firstboot_prop_28_0 hwservicemanager_prop_28_0 last_boot_reason_prop_28_0 logd_prop_28_0 logpersistd_logging_prop_28_0 log_prop_28_0 log_tag_prop_28_0 lowpan_prop_28_0 mmc_prop_28_0 net_dns_prop_28_0 net_radio_prop_28_0 netd_stable_secret_prop_28_0 nfc_prop_28_0 overlay_prop_28_0 pan_result_prop_28_0 persist_debug_prop_28_0 persistent_properties_ready_prop_28_0 pm_prop_28_0 powerctl_prop_28_0 radio_prop_28_0 restorecon_prop_28_0 safemode_prop_28_0 serialno_prop_28_0 shell_prop_28_0 system_boot_reason_prop_28_0 system_prop_28_0 system_radio_prop_28_0 test_boot_reason_prop_28_0 traced_enabled_prop_28_0 vold_prop_28_0 wifi_log_prop_28_0 wifi_prop_28_0 vendor_security_patch_level_prop_28_0 exported_audio_prop_28_0 exported_bluetooth_prop_28_0 exported_config_prop_28_0 exported_dalvik_prop_28_0 exported_default_prop_28_0 exported_dumpstate_prop_28_0 exported_ffs_prop_28_0 exported_fingerprint_prop_28_0 exported_overlay_prop_28_0 exported_pm_prop_28_0 exported_radio_prop_28_0 exported_system_prop_28_0 exported_system_radio_prop_28_0 exported_vold_prop_28_0 exported_wifi_prop_28_0 exported2_config_prop_28_0 exported2_default_prop_28_0 exported2_radio_prop_28_0 exported2_system_prop_28_0 exported2_vold_prop_28_0 exported3_default_prop_28_0 exported3_radio_prop_28_0 exported3_system_prop_28_0 vendor_default_prop_28_0))
+(typeattribute core_property_type)
+(typeattributeset core_property_type (audio_prop_28_0 config_prop_28_0 cppreopt_prop_28_0 dalvik_prop_28_0 debuggerd_prop_28_0 debug_prop_28_0 default_prop_28_0 dhcp_prop_28_0 dumpstate_prop_28_0 ffs_prop_28_0 fingerprint_prop_28_0 logd_prop_28_0 net_radio_prop_28_0 nfc_prop_28_0 pan_result_prop_28_0 persist_debug_prop_28_0 powerctl_prop_28_0 radio_prop_28_0 restorecon_prop_28_0 shell_prop_28_0 system_prop_28_0 system_radio_prop_28_0 vold_prop_28_0))
+(typeattribute log_property_type)
+(typeattributeset log_property_type (log_prop_28_0 log_tag_prop_28_0 wifi_log_prop_28_0))
+(typeattribute extended_core_property_type)
+(typeattribute system_server_service)
+(typeattributeset system_server_service (accessibility_service_28_0 account_service_28_0 activity_service_28_0 alarm_service_28_0 appops_service_28_0 appwidget_service_28_0 assetatlas_service_28_0 audio_service_28_0 autofill_service_28_0 backup_service_28_0 batterystats_service_28_0 battery_service_28_0 binder_calls_stats_service_28_0 bluetooth_manager_service_28_0 broadcastradio_service_28_0 cameraproxy_service_28_0 clipboard_service_28_0 contexthub_service_28_0 crossprofileapps_service_28_0 IProxyService_service_28_0 commontime_management_service_28_0 companion_device_service_28_0 connectivity_service_28_0 connmetrics_service_28_0 consumer_ir_service_28_0 content_service_28_0 country_detector_service_28_0 coverage_service_28_0 cpuinfo_service_28_0 dbinfo_service_28_0 device_policy_service_28_0 deviceidle_service_28_0 device_identifiers_service_28_0 devicestoragemonitor_service_28_0 diskstats_service_28_0 display_service_28_0 font_service_28_0 netd_listener_service_28_0 network_watchlist_service_28_0 DockObserver_service_28_0 dreams_service_28_0 dropbox_service_28_0 lowpan_service_28_0 ethernet_service_28_0 fingerprint_service_28_0 gfxinfo_service_28_0 graphicsstats_service_28_0 hardware_service_28_0 hardware_properties_service_28_0 hdmi_control_service_28_0 input_method_service_28_0 input_service_28_0 imms_service_28_0 ipsec_service_28_0 jobscheduler_service_28_0 launcherapps_service_28_0 location_service_28_0 lock_settings_service_28_0 media_projection_service_28_0 media_router_service_28_0 media_session_service_28_0 meminfo_service_28_0 midi_service_28_0 mount_service_28_0 netpolicy_service_28_0 netstats_service_28_0 network_management_service_28_0 network_score_service_28_0 network_time_update_service_28_0 notification_service_28_0 oem_lock_service_28_0 otadexopt_service_28_0 overlay_service_28_0 package_service_28_0 package_native_service_28_0 permission_service_28_0 persistent_data_block_service_28_0 pinner_service_28_0 power_service_28_0 print_service_28_0 processinfo_service_28_0 procstats_service_28_0 recovery_service_28_0 registry_service_28_0 restrictions_service_28_0 rttmanager_service_28_0 samplingprofiler_service_28_0 scheduling_policy_service_28_0 search_service_28_0 sec_key_att_app_id_provider_service_28_0 sensorservice_service_28_0 serial_service_28_0 servicediscovery_service_28_0 settings_service_28_0 shortcut_service_28_0 slice_service_28_0 statusbar_service_28_0 storagestats_service_28_0 system_update_service_28_0 task_service_28_0 textclassification_service_28_0 textservices_service_28_0 telecom_service_28_0 timezone_service_28_0 trust_service_28_0 tv_input_service_28_0 uimode_service_28_0 updatelock_service_28_0 usagestats_service_28_0 usb_service_28_0 user_service_28_0 vibrator_service_28_0 voiceinteraction_service_28_0 vr_manager_service_28_0 wallpaper_service_28_0 webviewupdate_service_28_0 wifip2p_service_28_0 wifiscanner_service_28_0 wifi_service_28_0 wifiaware_service_28_0 window_service_28_0))
+(typeattribute app_api_service)
+(typeattributeset app_api_service (batteryproperties_service_28_0 gatekeeper_service_28_0 surfaceflinger_service_28_0 accessibility_service_28_0 account_service_28_0 activity_service_28_0 alarm_service_28_0 appops_service_28_0 appwidget_service_28_0 assetatlas_service_28_0 audio_service_28_0 autofill_service_28_0 backup_service_28_0 batterystats_service_28_0 bluetooth_manager_service_28_0 clipboard_service_28_0 contexthub_service_28_0 crossprofileapps_service_28_0 IProxyService_service_28_0 companion_device_service_28_0 connectivity_service_28_0 connmetrics_service_28_0 consumer_ir_service_28_0 content_service_28_0 country_detector_service_28_0 device_policy_service_28_0 deviceidle_service_28_0 device_identifiers_service_28_0 display_service_28_0 font_service_28_0 dreams_service_28_0 dropbox_service_28_0 ethernet_service_28_0 fingerprint_service_28_0 graphicsstats_service_28_0 hardware_properties_service_28_0 input_method_service_28_0 input_service_28_0 imms_service_28_0 ipsec_service_28_0 jobscheduler_service_28_0 launcherapps_service_28_0 location_service_28_0 media_projection_service_28_0 media_router_service_28_0 media_session_service_28_0 midi_service_28_0 mount_service_28_0 netpolicy_service_28_0 netstats_service_28_0 network_management_service_28_0 notification_service_28_0 package_service_28_0 permission_service_28_0 power_service_28_0 print_service_28_0 procstats_service_28_0 registry_service_28_0 restrictions_service_28_0 rttmanager_service_28_0 search_service_28_0 sec_key_att_app_id_provider_service_28_0 sensorservice_service_28_0 servicediscovery_service_28_0 settings_service_28_0 shortcut_service_28_0 slice_service_28_0 statusbar_service_28_0 storagestats_service_28_0 textclassification_service_28_0 textservices_service_28_0 telecom_service_28_0 trust_service_28_0 tv_input_service_28_0 uimode_service_28_0 usagestats_service_28_0 usb_service_28_0 user_service_28_0 vibrator_service_28_0 voiceinteraction_service_28_0 wallpaper_service_28_0 webviewupdate_service_28_0 wifip2p_service_28_0 wifi_service_28_0 wifiaware_service_28_0))
+(typeattribute ephemeral_app_api_service)
+(typeattributeset ephemeral_app_api_service (batteryproperties_service_28_0 surfaceflinger_service_28_0 accessibility_service_28_0 account_service_28_0 activity_service_28_0 alarm_service_28_0 appops_service_28_0 appwidget_service_28_0 assetatlas_service_28_0 audio_service_28_0 autofill_service_28_0 backup_service_28_0 batterystats_service_28_0 bluetooth_manager_service_28_0 clipboard_service_28_0 IProxyService_service_28_0 companion_device_service_28_0 connectivity_service_28_0 connmetrics_service_28_0 consumer_ir_service_28_0 content_service_28_0 country_detector_service_28_0 deviceidle_service_28_0 device_identifiers_service_28_0 display_service_28_0 font_service_28_0 dreams_service_28_0 dropbox_service_28_0 graphicsstats_service_28_0 hardware_properties_service_28_0 input_method_service_28_0 input_service_28_0 imms_service_28_0 ipsec_service_28_0 jobscheduler_service_28_0 launcherapps_service_28_0 location_service_28_0 media_projection_service_28_0 media_router_service_28_0 media_session_service_28_0 midi_service_28_0 mount_service_28_0 netpolicy_service_28_0 netstats_service_28_0 network_management_service_28_0 notification_service_28_0 package_service_28_0 permission_service_28_0 power_service_28_0 print_service_28_0 procstats_service_28_0 registry_service_28_0 restrictions_service_28_0 rttmanager_service_28_0 search_service_28_0 sensorservice_service_28_0 servicediscovery_service_28_0 settings_service_28_0 statusbar_service_28_0 storagestats_service_28_0 textclassification_service_28_0 textservices_service_28_0 telecom_service_28_0 tv_input_service_28_0 uimode_service_28_0 usagestats_service_28_0 user_service_28_0 vibrator_service_28_0 voiceinteraction_service_28_0 webviewupdate_service_28_0))
+(typeattribute system_api_service)
+(typeattributeset system_api_service (cpuinfo_service_28_0 dbinfo_service_28_0 diskstats_service_28_0 lowpan_service_28_0 gfxinfo_service_28_0 hdmi_control_service_28_0 lock_settings_service_28_0 meminfo_service_28_0 network_score_service_28_0 oem_lock_service_28_0 overlay_service_28_0 persistent_data_block_service_28_0 serial_service_28_0 updatelock_service_28_0 wifiscanner_service_28_0 window_service_28_0 wpantund_service_28_0))
+(typeattribute service_manager_type)
+(typeattributeset service_manager_type (audioserver_service_28_0 batteryproperties_service_28_0 bluetooth_service_28_0 cameraserver_service_28_0 default_android_service_28_0 drmserver_service_28_0 dumpstate_service_28_0 fingerprintd_service_28_0 hal_fingerprint_service_28_0 gatekeeper_service_28_0 gpu_service_28_0 inputflinger_service_28_0 incident_service_28_0 installd_service_28_0 keystore_service_28_0 mediaserver_service_28_0 mediametrics_service_28_0 mediaextractor_service_28_0 mediaextractor_update_service_28_0 mediacodec_service_28_0 mediadrmserver_service_28_0 netd_service_28_0 nfc_service_28_0 perfprofd_service_28_0 radio_service_28_0 secure_element_service_28_0 storaged_service_28_0 surfaceflinger_service_28_0 system_app_service_28_0 thermal_service_28_0 update_engine_service_28_0 virtual_touchpad_service_28_0 vold_service_28_0 vr_hwc_service_28_0 accessibility_service_28_0 account_service_28_0 activity_service_28_0 alarm_service_28_0 appops_service_28_0 appwidget_service_28_0 assetatlas_service_28_0 audio_service_28_0 autofill_service_28_0 backup_service_28_0 batterystats_service_28_0 battery_service_28_0 binder_calls_stats_service_28_0 bluetooth_manager_service_28_0 broadcastradio_service_28_0 cameraproxy_service_28_0 clipboard_service_28_0 contexthub_service_28_0 crossprofileapps_service_28_0 IProxyService_service_28_0 commontime_management_service_28_0 companion_device_service_28_0 connectivity_service_28_0 connmetrics_service_28_0 consumer_ir_service_28_0 content_service_28_0 country_detector_service_28_0 coverage_service_28_0 cpuinfo_service_28_0 dbinfo_service_28_0 device_policy_service_28_0 deviceidle_service_28_0 device_identifiers_service_28_0 devicestoragemonitor_service_28_0 diskstats_service_28_0 display_service_28_0 font_service_28_0 netd_listener_service_28_0 network_watchlist_service_28_0 DockObserver_service_28_0 dreams_service_28_0 dropbox_service_28_0 lowpan_service_28_0 ethernet_service_28_0 fingerprint_service_28_0 gfxinfo_service_28_0 graphicsstats_service_28_0 hardware_service_28_0 hardware_properties_service_28_0 hdmi_control_service_28_0 input_method_service_28_0 input_service_28_0 imms_service_28_0 ipsec_service_28_0 jobscheduler_service_28_0 launcherapps_service_28_0 location_service_28_0 lock_settings_service_28_0 media_projection_service_28_0 media_router_service_28_0 media_session_service_28_0 meminfo_service_28_0 midi_service_28_0 mount_service_28_0 netpolicy_service_28_0 netstats_service_28_0 network_management_service_28_0 network_score_service_28_0 network_time_update_service_28_0 notification_service_28_0 oem_lock_service_28_0 otadexopt_service_28_0 overlay_service_28_0 package_service_28_0 package_native_service_28_0 permission_service_28_0 persistent_data_block_service_28_0 pinner_service_28_0 power_service_28_0 print_service_28_0 processinfo_service_28_0 procstats_service_28_0 recovery_service_28_0 registry_service_28_0 restrictions_service_28_0 rttmanager_service_28_0 samplingprofiler_service_28_0 scheduling_policy_service_28_0 search_service_28_0 sec_key_att_app_id_provider_service_28_0 sensorservice_service_28_0 serial_service_28_0 servicediscovery_service_28_0 settings_service_28_0 shortcut_service_28_0 slice_service_28_0 statusbar_service_28_0 storagestats_service_28_0 system_update_service_28_0 task_service_28_0 textclassification_service_28_0 textservices_service_28_0 telecom_service_28_0 timezone_service_28_0 trust_service_28_0 tv_input_service_28_0 uimode_service_28_0 updatelock_service_28_0 usagestats_service_28_0 usb_service_28_0 user_service_28_0 vibrator_service_28_0 voiceinteraction_service_28_0 vr_manager_service_28_0 wallpaper_service_28_0 webviewupdate_service_28_0 wifip2p_service_28_0 wifiscanner_service_28_0 wifi_service_28_0 wificond_service_28_0 wifiaware_service_28_0 window_service_28_0 wpantund_service_28_0))
+(typeattribute hwservice_manager_type)
+(typeattributeset hwservice_manager_type (default_android_hwservice_28_0 fwk_display_hwservice_28_0 fwk_scheduler_hwservice_28_0 fwk_sensor_hwservice_28_0 hal_audiocontrol_hwservice_28_0 hal_audio_hwservice_28_0 hal_authsecret_hwservice_28_0 hal_bluetooth_hwservice_28_0 hal_bootctl_hwservice_28_0 hal_broadcastradio_hwservice_28_0 hal_camera_hwservice_28_0 hal_codec2_hwservice_28_0 hal_configstore_ISurfaceFlingerConfigs_28_0 hal_confirmationui_hwservice_28_0 hal_contexthub_hwservice_28_0 hal_drm_hwservice_28_0 hal_cas_hwservice_28_0 hal_dumpstate_hwservice_28_0 hal_evs_hwservice_28_0 hal_fingerprint_hwservice_28_0 hal_gatekeeper_hwservice_28_0 hal_gnss_hwservice_28_0 hal_graphics_allocator_hwservice_28_0 hal_graphics_composer_hwservice_28_0 hal_graphics_mapper_hwservice_28_0 hal_health_hwservice_28_0 hal_ir_hwservice_28_0 hal_keymaster_hwservice_28_0 hal_light_hwservice_28_0 hal_lowpan_hwservice_28_0 hal_memtrack_hwservice_28_0 hal_neuralnetworks_hwservice_28_0 hal_nfc_hwservice_28_0 hal_oemlock_hwservice_28_0 hal_omx_hwservice_28_0 hal_power_hwservice_28_0 hal_renderscript_hwservice_28_0 hal_secure_element_hwservice_28_0 hal_sensors_hwservice_28_0 hal_telephony_hwservice_28_0 hal_tetheroffload_hwservice_28_0 hal_thermal_hwservice_28_0 hal_tv_cec_hwservice_28_0 hal_tv_input_hwservice_28_0 hal_usb_hwservice_28_0 hal_usb_gadget_hwservice_28_0 hal_vehicle_hwservice_28_0 hal_vibrator_hwservice_28_0 hal_vr_hwservice_28_0 hal_weaver_hwservice_28_0 hal_wifi_hwservice_28_0 hal_wifi_hostapd_hwservice_28_0 hal_wifi_offload_hwservice_28_0 hal_wifi_supplicant_hwservice_28_0 hidl_allocator_hwservice_28_0 hidl_base_hwservice_28_0 hidl_manager_hwservice_28_0 hidl_memory_hwservice_28_0 hidl_token_hwservice_28_0 system_net_netd_hwservice_28_0 system_wifi_keystore_hwservice_28_0 thermalcallback_hwservice_28_0))
+(typeattribute same_process_hwservice)
+(typeattributeset same_process_hwservice (hal_graphics_mapper_hwservice_28_0 hal_renderscript_hwservice_28_0))
+(typeattribute coredomain_hwservice)
+(typeattributeset coredomain_hwservice (fwk_display_hwservice_28_0 fwk_scheduler_hwservice_28_0 fwk_sensor_hwservice_28_0 hidl_allocator_hwservice_28_0 hidl_manager_hwservice_28_0 hidl_memory_hwservice_28_0 hidl_token_hwservice_28_0 system_net_netd_hwservice_28_0 system_wifi_keystore_hwservice_28_0))
+(typeattribute vndservice_manager_type)
+(typeattributeset vndservice_manager_type (default_android_vndservice_28_0))
+(typeattribute mlstrustedsubject)
+(typeattributeset mlstrustedsubject (bufferhubd_28_0 cppreopts_28_0 drmserver_28_0 dumpstate_28_0 pdx_display_client_endpoint_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0 hwservicemanager_28_0 init_28_0 installd_28_0 kernel_28_0 keystore_28_0 lmkd_28_0 logd_28_0 mediacodec_28_0 mediadrmserver_28_0 mediaextractor_28_0 mediaserver_28_0 netd_28_0 otapreopt_slot_28_0 performanced_28_0 perfprofd_28_0 racoon_28_0 radio_28_0 runas_28_0 servicemanager_28_0 shell_28_0 su_28_0 tombstoned_28_0 traced_probes_28_0 uncrypt_28_0 vendor_init_28_0 vold_28_0))
+(typeattribute mlstrustedobject)
+(typeattributeset mlstrustedobject (alarm_device_28_0 ashmem_device_28_0 binder_device_28_0 hwbinder_device_28_0 pmsg_device_28_0 gpu_device_28_0 mtp_device_28_0 ptmx_device_28_0 null_device_28_0 random_device_28_0 owntty_device_28_0 zero_device_28_0 fuse_device_28_0 ion_device_28_0 tun_device_28_0 usbaccessory_device_28_0 usb_device_28_0 qtaguid_proc_28_0 proc_qtaguid_stat_28_0 selinuxfs_28_0 cgroup_28_0 sysfs_28_0 sysfs_bluetooth_writable_28_0 sysfs_kernel_notes_28_0 sysfs_nfc_power_writable_28_0 inotify_28_0 devpts_28_0 fuse_28_0 sdcardfs_28_0 vfat_28_0 exfat_28_0 debugfs_trace_marker_28_0 debugfs_tracing_28_0 debugfs_tracing_debug_28_0 functionfs_28_0 anr_data_file_28_0 tombstone_data_file_28_0 apk_tmp_file_28_0 apk_private_tmp_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 shell_data_file_28_0 heapdump_data_file_28_0 ringtone_file_28_0 media_rw_data_file_28_0 radio_data_file_28_0 trace_data_file_28_0 perfprofd_data_file_28_0 method_trace_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_recovery_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 asec_apk_file_28_0 backup_data_file_28_0 app_fuse_file_28_0 dnsproxyd_socket_28_0 fwmarkd_socket_28_0 logd_socket_28_0 logdr_socket_28_0 logdw_socket_28_0 mdnsd_socket_28_0 property_socket_28_0 system_ndebug_socket_28_0 tombstoned_crash_socket_28_0 tombstoned_java_trace_socket_28_0 traced_producer_socket_28_0 pdx_display_client_endpoint_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0))
+(typeattribute appdomain)
+(typeattribute untrusted_app_all)
+(typeattribute netdomain)
+(typeattributeset netdomain (clatd_28_0 dhcp_28_0 dnsmasq_28_0 drmserver_28_0 dumpstate_28_0 mediadrmserver_28_0 mediaserver_28_0 mtp_28_0 netd_28_0 ppp_28_0 racoon_28_0 radio_28_0 shell_28_0 su_28_0 update_engine_28_0 wpantund_28_0))
+(typeattribute bluetoothdomain)
+(typeattributeset bluetoothdomain (radio_28_0))
+(typeattribute binderservicedomain)
+(typeattributeset binderservicedomain (cameraserver_28_0 drmserver_28_0 gatekeeperd_28_0 inputflinger_28_0 keystore_28_0 mediadrmserver_28_0 mediaextractor_28_0 mediametrics_28_0 mediaserver_28_0 radio_28_0 thermalserviced_28_0 virtual_touchpad_28_0 vr_hwc_28_0))
+(typeattribute update_engine_common)
+(typeattributeset update_engine_common (update_engine_28_0))
+(typeattribute coredomain)
+(typeattributeset coredomain (e2fs_28_0 perfprofd_28_0 traced_probes_28_0 vold_prepare_subdirs_28_0))
+(typeattribute coredomain_socket)
+(expandtypeattribute (coredomain_socket) false)
+(typeattributeset coredomain_socket (adbd_socket_28_0 bluetooth_socket_28_0 dnsproxyd_socket_28_0 dumpstate_socket_28_0 fwmarkd_socket_28_0 lmkd_socket_28_0 logd_socket_28_0 logdr_socket_28_0 logdw_socket_28_0 mdns_socket_28_0 mdnsd_socket_28_0 misc_logd_file_28_0 mtpd_socket_28_0 netd_socket_28_0 property_socket_28_0 racoon_socket_28_0 system_wpa_socket_28_0 system_ndebug_socket_28_0 tombstoned_crash_socket_28_0 tombstoned_intercept_socket_28_0 traced_producer_socket_28_0 traced_consumer_socket_28_0 uncrypt_socket_28_0 zygote_socket_28_0 pdx_display_client_endpoint_socket_28_0 pdx_display_client_channel_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_manager_channel_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_screenshot_channel_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_display_vsync_channel_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_performance_client_channel_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0 pdx_bufferhub_client_channel_socket_28_0))
+(typeattribute binder_in_vendor_violators)
+(expandtypeattribute (binder_in_vendor_violators) false)
+(typeattribute socket_between_core_and_vendor_violators)
+(expandtypeattribute (socket_between_core_and_vendor_violators) false)
+(typeattribute vendor_executes_system_violators)
+(expandtypeattribute (vendor_executes_system_violators) false)
+(typeattribute data_between_core_and_vendor_violators)
+(expandtypeattribute (data_between_core_and_vendor_violators) false)
+(typeattribute system_executes_vendor_violators)
+(expandtypeattribute (system_executes_vendor_violators) false)
+(typeattribute system_writes_vendor_properties_violators)
+(expandtypeattribute (system_writes_vendor_properties_violators) false)
+(typeattribute untrusted_app_visible_hwservice)
+(expandtypeattribute (untrusted_app_visible_hwservice) false)
+(typeattribute untrusted_app_visible_halserver)
+(expandtypeattribute (untrusted_app_visible_halserver) false)
+(typeattribute pdx_endpoint_dir_type)
+(typeattributeset pdx_endpoint_dir_type (pdx_display_dir_28_0 pdx_performance_dir_28_0 pdx_bufferhub_dir_28_0))
+(typeattribute pdx_endpoint_socket_type)
+(expandtypeattribute (pdx_endpoint_socket_type) false)
+(typeattributeset pdx_endpoint_socket_type (pdx_display_client_endpoint_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0))
+(typeattribute pdx_channel_socket_type)
+(expandtypeattribute (pdx_channel_socket_type) false)
+(typeattributeset pdx_channel_socket_type (pdx_display_client_channel_socket_28_0 pdx_display_manager_channel_socket_28_0 pdx_display_screenshot_channel_socket_28_0 pdx_display_vsync_channel_socket_28_0 pdx_performance_client_channel_socket_28_0 pdx_bufferhub_client_channel_socket_28_0))
+(typeattribute pdx_display_client_endpoint_dir_type)
+(typeattributeset pdx_display_client_endpoint_dir_type (pdx_display_dir_28_0))
+(typeattribute pdx_display_client_endpoint_socket_type)
+(typeattributeset pdx_display_client_endpoint_socket_type (pdx_display_client_endpoint_socket_28_0))
+(typeattribute pdx_display_client_channel_socket_type)
+(typeattributeset pdx_display_client_channel_socket_type (pdx_display_client_channel_socket_28_0))
+(typeattribute pdx_display_client_server_type)
+(typeattribute pdx_display_manager_endpoint_dir_type)
+(typeattributeset pdx_display_manager_endpoint_dir_type (pdx_display_dir_28_0))
+(typeattribute pdx_display_manager_endpoint_socket_type)
+(typeattributeset pdx_display_manager_endpoint_socket_type (pdx_display_manager_endpoint_socket_28_0))
+(typeattribute pdx_display_manager_channel_socket_type)
+(typeattributeset pdx_display_manager_channel_socket_type (pdx_display_manager_channel_socket_28_0))
+(typeattribute pdx_display_manager_server_type)
+(typeattribute pdx_display_screenshot_endpoint_dir_type)
+(typeattributeset pdx_display_screenshot_endpoint_dir_type (pdx_display_dir_28_0))
+(typeattribute pdx_display_screenshot_endpoint_socket_type)
+(typeattributeset pdx_display_screenshot_endpoint_socket_type (pdx_display_screenshot_endpoint_socket_28_0))
+(typeattribute pdx_display_screenshot_channel_socket_type)
+(typeattributeset pdx_display_screenshot_channel_socket_type (pdx_display_screenshot_channel_socket_28_0))
+(typeattribute pdx_display_screenshot_server_type)
+(typeattribute pdx_display_vsync_endpoint_dir_type)
+(typeattributeset pdx_display_vsync_endpoint_dir_type (pdx_display_dir_28_0))
+(typeattribute pdx_display_vsync_endpoint_socket_type)
+(typeattributeset pdx_display_vsync_endpoint_socket_type (pdx_display_vsync_endpoint_socket_28_0))
+(typeattribute pdx_display_vsync_channel_socket_type)
+(typeattributeset pdx_display_vsync_channel_socket_type (pdx_display_vsync_channel_socket_28_0))
+(typeattribute pdx_display_vsync_server_type)
+(typeattribute pdx_performance_client_endpoint_dir_type)
+(typeattributeset pdx_performance_client_endpoint_dir_type (pdx_performance_dir_28_0))
+(typeattribute pdx_performance_client_endpoint_socket_type)
+(typeattributeset pdx_performance_client_endpoint_socket_type (pdx_performance_client_endpoint_socket_28_0))
+(typeattribute pdx_performance_client_channel_socket_type)
+(typeattributeset pdx_performance_client_channel_socket_type (pdx_performance_client_channel_socket_28_0))
+(typeattribute pdx_performance_client_server_type)
+(typeattributeset pdx_performance_client_server_type (performanced_28_0))
+(typeattribute pdx_bufferhub_client_endpoint_dir_type)
+(typeattributeset pdx_bufferhub_client_endpoint_dir_type (pdx_bufferhub_dir_28_0))
+(typeattribute pdx_bufferhub_client_endpoint_socket_type)
+(typeattributeset pdx_bufferhub_client_endpoint_socket_type (pdx_bufferhub_client_endpoint_socket_28_0))
+(typeattribute pdx_bufferhub_client_channel_socket_type)
+(typeattributeset pdx_bufferhub_client_channel_socket_type (pdx_bufferhub_client_channel_socket_28_0))
+(typeattribute pdx_bufferhub_client_server_type)
+(typeattributeset pdx_bufferhub_client_server_type (bufferhubd_28_0))
+(typeattribute halserverdomain)
+(typeattribute halclientdomain)
+(expandtypeattribute (halclientdomain) true)
+(typeattributeset halclientdomain (bootanim_28_0 bufferhubd_28_0 cameraserver_28_0 dumpstate_28_0 gatekeeperd_28_0 healthd_28_0 mediacodec_28_0 mediadrmserver_28_0 mediaextractor_28_0 mediaserver_28_0 radio_28_0 su_28_0 thermalserviced_28_0 update_engine_28_0 update_verifier_28_0 vold_28_0 vr_hwc_28_0 wpantund_28_0))
+(typeattribute hal_automotive_socket_exemption)
+(typeattribute hal_audio)
+(typeattribute hal_audio_client)
+(expandtypeattribute (hal_audio_client) true)
+(typeattributeset hal_audio_client (su_28_0))
+(typeattribute hal_audio_server)
+(expandtypeattribute (hal_audio_server) false)
+(typeattribute hal_bootctl)
+(typeattribute hal_bootctl_client)
+(expandtypeattribute (hal_bootctl_client) true)
+(typeattributeset hal_bootctl_client (su_28_0 update_engine_28_0 update_verifier_28_0))
+(typeattribute hal_bootctl_server)
+(expandtypeattribute (hal_bootctl_server) false)
+(typeattribute hal_camera)
+(typeattribute hal_camera_client)
+(expandtypeattribute (hal_camera_client) true)
+(typeattributeset hal_camera_client (cameraserver_28_0 su_28_0))
+(typeattribute hal_camera_server)
+(expandtypeattribute (hal_camera_server) false)
+(typeattribute hal_drm)
+(typeattribute hal_drm_client)
+(expandtypeattribute (hal_drm_client) true)
+(typeattributeset hal_drm_client (mediadrmserver_28_0 su_28_0))
+(typeattribute hal_drm_server)
+(expandtypeattribute (hal_drm_server) false)
+(typeattribute hal_cas)
+(typeattribute hal_cas_client)
+(expandtypeattribute (hal_cas_client) true)
+(typeattributeset hal_cas_client (mediacodec_28_0 mediaextractor_28_0 su_28_0))
+(typeattribute hal_cas_server)
+(expandtypeattribute (hal_cas_server) false)
+(typeattribute hal_allocator)
+(expandtypeattribute (hal_allocator) true)
+(typeattribute hal_allocator_client)
+(expandtypeattribute (hal_allocator_client) true)
+(typeattributeset hal_allocator_client (mediacodec_28_0 mediaserver_28_0 su_28_0))
+(typeattribute hal_allocator_server)
+(expandtypeattribute (hal_allocator_server) false)
+(typeattribute hal_audiocontrol)
+(expandtypeattribute (hal_audiocontrol) true)
+(typeattribute hal_audiocontrol_client)
+(expandtypeattribute (hal_audiocontrol_client) true)
+(typeattribute hal_audiocontrol_server)
+(expandtypeattribute (hal_audiocontrol_server) false)
+(typeattribute hal_authsecret)
+(expandtypeattribute (hal_authsecret) true)
+(typeattribute hal_authsecret_client)
+(expandtypeattribute (hal_authsecret_client) true)
+(typeattributeset hal_authsecret_client (su_28_0))
+(typeattribute hal_authsecret_server)
+(expandtypeattribute (hal_authsecret_server) false)
+(typeattribute hal_bluetooth)
+(expandtypeattribute (hal_bluetooth) true)
+(typeattribute hal_bluetooth_client)
+(expandtypeattribute (hal_bluetooth_client) true)
+(typeattributeset hal_bluetooth_client (su_28_0))
+(typeattribute hal_bluetooth_server)
+(expandtypeattribute (hal_bluetooth_server) false)
+(typeattribute hal_broadcastradio)
+(expandtypeattribute (hal_broadcastradio) true)
+(typeattribute hal_broadcastradio_client)
+(expandtypeattribute (hal_broadcastradio_client) true)
+(typeattribute hal_broadcastradio_server)
+(expandtypeattribute (hal_broadcastradio_server) false)
+(typeattribute hal_configstore)
+(expandtypeattribute (hal_configstore) true)
+(typeattribute hal_configstore_client)
+(expandtypeattribute (hal_configstore_client) true)
+(typeattributeset hal_configstore_client (bootanim_28_0 su_28_0))
+(typeattribute hal_configstore_server)
+(expandtypeattribute (hal_configstore_server) false)
+(typeattribute hal_confirmationui)
+(expandtypeattribute (hal_confirmationui) true)
+(typeattribute hal_confirmationui_client)
+(expandtypeattribute (hal_confirmationui_client) true)
+(typeattributeset hal_confirmationui_client (su_28_0))
+(typeattribute hal_confirmationui_server)
+(expandtypeattribute (hal_confirmationui_server) false)
+(typeattribute hal_contexthub)
+(expandtypeattribute (hal_contexthub) true)
+(typeattribute hal_contexthub_client)
+(expandtypeattribute (hal_contexthub_client) true)
+(typeattributeset hal_contexthub_client (su_28_0))
+(typeattribute hal_contexthub_server)
+(expandtypeattribute (hal_contexthub_server) false)
+(typeattribute hal_dumpstate)
+(expandtypeattribute (hal_dumpstate) true)
+(typeattribute hal_dumpstate_client)
+(expandtypeattribute (hal_dumpstate_client) true)
+(typeattributeset hal_dumpstate_client (dumpstate_28_0 su_28_0))
+(typeattribute hal_dumpstate_server)
+(expandtypeattribute (hal_dumpstate_server) false)
+(typeattribute hal_evs)
+(expandtypeattribute (hal_evs) true)
+(typeattribute hal_evs_client)
+(expandtypeattribute (hal_evs_client) true)
+(typeattribute hal_evs_server)
+(expandtypeattribute (hal_evs_server) false)
+(typeattribute hal_fingerprint)
+(expandtypeattribute (hal_fingerprint) true)
+(typeattribute hal_fingerprint_client)
+(expandtypeattribute (hal_fingerprint_client) true)
+(typeattributeset hal_fingerprint_client (su_28_0))
+(typeattribute hal_fingerprint_server)
+(expandtypeattribute (hal_fingerprint_server) false)
+(typeattribute hal_gatekeeper)
+(expandtypeattribute (hal_gatekeeper) true)
+(typeattribute hal_gatekeeper_client)
+(expandtypeattribute (hal_gatekeeper_client) true)
+(typeattributeset hal_gatekeeper_client (gatekeeperd_28_0 su_28_0))
+(typeattribute hal_gatekeeper_server)
+(expandtypeattribute (hal_gatekeeper_server) false)
+(typeattribute hal_gnss)
+(expandtypeattribute (hal_gnss) true)
+(typeattribute hal_gnss_client)
+(expandtypeattribute (hal_gnss_client) true)
+(typeattributeset hal_gnss_client (su_28_0))
+(typeattribute hal_gnss_server)
+(expandtypeattribute (hal_gnss_server) false)
+(typeattribute hal_graphics_allocator)
+(expandtypeattribute (hal_graphics_allocator) true)
+(typeattribute hal_graphics_allocator_client)
+(expandtypeattribute (hal_graphics_allocator_client) true)
+(typeattributeset hal_graphics_allocator_client (bootanim_28_0 bufferhubd_28_0 cameraserver_28_0 dumpstate_28_0 mediacodec_28_0 su_28_0 vr_hwc_28_0))
+(typeattribute hal_graphics_allocator_server)
+(expandtypeattribute (hal_graphics_allocator_server) false)
+(typeattribute hal_graphics_composer)
+(expandtypeattribute (hal_graphics_composer) true)
+(typeattribute hal_graphics_composer_client)
+(expandtypeattribute (hal_graphics_composer_client) true)
+(typeattributeset hal_graphics_composer_client (bootanim_28_0 su_28_0))
+(typeattribute hal_graphics_composer_server)
+(expandtypeattribute (hal_graphics_composer_server) false)
+(typeattribute hal_health)
+(expandtypeattribute (hal_health) true)
+(typeattribute hal_health_client)
+(expandtypeattribute (hal_health_client) true)
+(typeattributeset hal_health_client (healthd_28_0 su_28_0))
+(typeattribute hal_health_server)
+(expandtypeattribute (hal_health_server) false)
+(typeattribute hal_ir)
+(expandtypeattribute (hal_ir) true)
+(typeattribute hal_ir_client)
+(expandtypeattribute (hal_ir_client) true)
+(typeattributeset hal_ir_client (su_28_0))
+(typeattribute hal_ir_server)
+(expandtypeattribute (hal_ir_server) false)
+(typeattribute hal_keymaster)
+(expandtypeattribute (hal_keymaster) true)
+(typeattribute hal_keymaster_client)
+(expandtypeattribute (hal_keymaster_client) true)
+(typeattributeset hal_keymaster_client (su_28_0 vold_28_0))
+(typeattribute hal_keymaster_server)
+(expandtypeattribute (hal_keymaster_server) false)
+(typeattribute hal_light)
+(expandtypeattribute (hal_light) true)
+(typeattribute hal_light_client)
+(expandtypeattribute (hal_light_client) true)
+(typeattributeset hal_light_client (su_28_0))
+(typeattribute hal_light_server)
+(expandtypeattribute (hal_light_server) false)
+(typeattribute hal_lowpan)
+(expandtypeattribute (hal_lowpan) true)
+(typeattribute hal_lowpan_client)
+(expandtypeattribute (hal_lowpan_client) true)
+(typeattributeset hal_lowpan_client (wpantund_28_0))
+(typeattribute hal_lowpan_server)
+(expandtypeattribute (hal_lowpan_server) false)
+(typeattribute hal_memtrack)
+(expandtypeattribute (hal_memtrack) true)
+(typeattribute hal_memtrack_client)
+(expandtypeattribute (hal_memtrack_client) true)
+(typeattributeset hal_memtrack_client (su_28_0))
+(typeattribute hal_memtrack_server)
+(expandtypeattribute (hal_memtrack_server) false)
+(typeattribute hal_neuralnetworks)
+(expandtypeattribute (hal_neuralnetworks) true)
+(typeattribute hal_neuralnetworks_client)
+(expandtypeattribute (hal_neuralnetworks_client) true)
+(typeattributeset hal_neuralnetworks_client (su_28_0))
+(typeattribute hal_neuralnetworks_server)
+(expandtypeattribute (hal_neuralnetworks_server) false)
+(typeattribute hal_nfc)
+(expandtypeattribute (hal_nfc) true)
+(typeattribute hal_nfc_client)
+(expandtypeattribute (hal_nfc_client) true)
+(typeattributeset hal_nfc_client (su_28_0))
+(typeattribute hal_nfc_server)
+(expandtypeattribute (hal_nfc_server) false)
+(typeattribute hal_oemlock)
+(expandtypeattribute (hal_oemlock) true)
+(typeattribute hal_oemlock_client)
+(expandtypeattribute (hal_oemlock_client) true)
+(typeattributeset hal_oemlock_client (su_28_0))
+(typeattribute hal_oemlock_server)
+(expandtypeattribute (hal_oemlock_server) false)
+(typeattribute hal_power)
+(expandtypeattribute (hal_power) true)
+(typeattribute hal_power_client)
+(expandtypeattribute (hal_power_client) true)
+(typeattributeset hal_power_client (su_28_0))
+(typeattribute hal_power_server)
+(expandtypeattribute (hal_power_server) false)
+(typeattribute hal_secure_element)
+(expandtypeattribute (hal_secure_element) true)
+(typeattribute hal_secure_element_client)
+(expandtypeattribute (hal_secure_element_client) true)
+(typeattributeset hal_secure_element_client (su_28_0))
+(typeattribute hal_secure_element_server)
+(expandtypeattribute (hal_secure_element_server) false)
+(typeattribute hal_sensors)
+(expandtypeattribute (hal_sensors) true)
+(typeattribute hal_sensors_client)
+(expandtypeattribute (hal_sensors_client) true)
+(typeattributeset hal_sensors_client (su_28_0))
+(typeattribute hal_sensors_server)
+(expandtypeattribute (hal_sensors_server) false)
+(typeattribute hal_telephony)
+(expandtypeattribute (hal_telephony) true)
+(typeattribute hal_telephony_client)
+(expandtypeattribute (hal_telephony_client) true)
+(typeattributeset hal_telephony_client (radio_28_0 su_28_0))
+(typeattribute hal_telephony_server)
+(expandtypeattribute (hal_telephony_server) false)
+(typeattribute hal_tetheroffload)
+(expandtypeattribute (hal_tetheroffload) true)
+(typeattribute hal_tetheroffload_client)
+(expandtypeattribute (hal_tetheroffload_client) true)
+(typeattributeset hal_tetheroffload_client (su_28_0))
+(typeattribute hal_tetheroffload_server)
+(expandtypeattribute (hal_tetheroffload_server) false)
+(typeattribute hal_thermal)
+(expandtypeattribute (hal_thermal) true)
+(typeattribute hal_thermal_client)
+(expandtypeattribute (hal_thermal_client) true)
+(typeattributeset hal_thermal_client (su_28_0 thermalserviced_28_0))
+(typeattribute hal_thermal_server)
+(expandtypeattribute (hal_thermal_server) false)
+(typeattribute hal_tv_cec)
+(expandtypeattribute (hal_tv_cec) true)
+(typeattribute hal_tv_cec_client)
+(expandtypeattribute (hal_tv_cec_client) true)
+(typeattributeset hal_tv_cec_client (su_28_0))
+(typeattribute hal_tv_cec_server)
+(expandtypeattribute (hal_tv_cec_server) false)
+(typeattribute hal_tv_input)
+(expandtypeattribute (hal_tv_input) true)
+(typeattribute hal_tv_input_client)
+(expandtypeattribute (hal_tv_input_client) true)
+(typeattributeset hal_tv_input_client (su_28_0))
+(typeattribute hal_tv_input_server)
+(expandtypeattribute (hal_tv_input_server) false)
+(typeattribute hal_usb)
+(expandtypeattribute (hal_usb) true)
+(typeattribute hal_usb_client)
+(expandtypeattribute (hal_usb_client) true)
+(typeattributeset hal_usb_client (su_28_0))
+(typeattribute hal_usb_server)
+(expandtypeattribute (hal_usb_server) false)
+(typeattribute hal_usb_gadget)
+(expandtypeattribute (hal_usb_gadget) true)
+(typeattribute hal_usb_gadget_client)
+(expandtypeattribute (hal_usb_gadget_client) true)
+(typeattribute hal_usb_gadget_server)
+(expandtypeattribute (hal_usb_gadget_server) false)
+(typeattribute hal_vehicle)
+(expandtypeattribute (hal_vehicle) true)
+(typeattribute hal_vehicle_client)
+(expandtypeattribute (hal_vehicle_client) true)
+(typeattribute hal_vehicle_server)
+(expandtypeattribute (hal_vehicle_server) false)
+(typeattribute hal_vibrator)
+(expandtypeattribute (hal_vibrator) true)
+(typeattribute hal_vibrator_client)
+(expandtypeattribute (hal_vibrator_client) true)
+(typeattributeset hal_vibrator_client (dumpstate_28_0 su_28_0))
+(typeattribute hal_vibrator_server)
+(expandtypeattribute (hal_vibrator_server) false)
+(typeattribute hal_vr)
+(expandtypeattribute (hal_vr) true)
+(typeattribute hal_vr_client)
+(expandtypeattribute (hal_vr_client) true)
+(typeattributeset hal_vr_client (su_28_0))
+(typeattribute hal_vr_server)
+(expandtypeattribute (hal_vr_server) false)
+(typeattribute hal_weaver)
+(expandtypeattribute (hal_weaver) true)
+(typeattribute hal_weaver_client)
+(expandtypeattribute (hal_weaver_client) true)
+(typeattributeset hal_weaver_client (su_28_0))
+(typeattribute hal_weaver_server)
+(expandtypeattribute (hal_weaver_server) false)
+(typeattribute hal_wifi)
+(expandtypeattribute (hal_wifi) true)
+(typeattribute hal_wifi_client)
+(expandtypeattribute (hal_wifi_client) true)
+(typeattributeset hal_wifi_client (su_28_0))
+(typeattribute hal_wifi_server)
+(expandtypeattribute (hal_wifi_server) false)
+(typeattribute hal_wifi_hostapd)
+(expandtypeattribute (hal_wifi_hostapd) true)
+(typeattribute hal_wifi_hostapd_client)
+(expandtypeattribute (hal_wifi_hostapd_client) true)
+(typeattributeset hal_wifi_hostapd_client (su_28_0))
+(typeattribute hal_wifi_hostapd_server)
+(expandtypeattribute (hal_wifi_hostapd_server) false)
+(typeattribute hal_wifi_offload)
+(expandtypeattribute (hal_wifi_offload) true)
+(typeattribute hal_wifi_offload_client)
+(expandtypeattribute (hal_wifi_offload_client) true)
+(typeattributeset hal_wifi_offload_client (su_28_0))
+(typeattribute hal_wifi_offload_server)
+(expandtypeattribute (hal_wifi_offload_server) false)
+(typeattribute hal_wifi_supplicant)
+(expandtypeattribute (hal_wifi_supplicant) true)
+(typeattribute hal_wifi_supplicant_client)
+(expandtypeattribute (hal_wifi_supplicant_client) true)
+(typeattributeset hal_wifi_supplicant_client (su_28_0))
+(typeattribute hal_wifi_supplicant_server)
+(expandtypeattribute (hal_wifi_supplicant_server) false)
+(typeattribute display_service_server)
+(typeattribute wifi_keystore_service_server)
+(type adbd)
+(typeattribute adbd_28_0)
+(roletype object_r adbd_28_0)
+(type adbd_exec)
+(typeattribute adbd_exec_28_0)
+(roletype object_r adbd_exec_28_0)
+(type audioserver)
+(typeattribute audioserver_28_0)
+(roletype object_r audioserver_28_0)
+(type blkid)
+(typeattribute blkid_28_0)
+(roletype object_r blkid_28_0)
+(type blkid_untrusted)
+(typeattribute blkid_untrusted_28_0)
+(roletype object_r blkid_untrusted_28_0)
+(type bluetooth)
+(typeattribute bluetooth_28_0)
+(roletype object_r bluetooth_28_0)
+(type bootanim)
+(typeattribute bootanim_28_0)
+(roletype object_r bootanim_28_0)
+(type bootanim_exec)
+(typeattribute bootanim_exec_28_0)
+(roletype object_r bootanim_exec_28_0)
+(type bootstat)
+(typeattribute bootstat_28_0)
+(roletype object_r bootstat_28_0)
+(type bootstat_exec)
+(typeattribute bootstat_exec_28_0)
+(roletype object_r bootstat_exec_28_0)
+(type bufferhubd)
+(typeattribute bufferhubd_28_0)
+(roletype object_r bufferhubd_28_0)
+(type bufferhubd_exec)
+(typeattribute bufferhubd_exec_28_0)
+(roletype object_r bufferhubd_exec_28_0)
+(type cameraserver)
+(typeattribute cameraserver_28_0)
+(roletype object_r cameraserver_28_0)
+(type cameraserver_exec)
+(typeattribute cameraserver_exec_28_0)
+(roletype object_r cameraserver_exec_28_0)
+(type charger)
+(typeattribute charger_28_0)
+(roletype object_r charger_28_0)
+(type clatd)
+(typeattribute clatd_28_0)
+(roletype object_r clatd_28_0)
+(type clatd_exec)
+(typeattribute clatd_exec_28_0)
+(roletype object_r clatd_exec_28_0)
+(type cppreopts)
+(typeattribute cppreopts_28_0)
+(roletype object_r cppreopts_28_0)
+(type cppreopts_exec)
+(typeattribute cppreopts_exec_28_0)
+(roletype object_r cppreopts_exec_28_0)
+(type crash_dump)
+(typeattribute crash_dump_28_0)
+(roletype object_r crash_dump_28_0)
+(type crash_dump_exec)
+(typeattribute crash_dump_exec_28_0)
+(roletype object_r crash_dump_exec_28_0)
+(type device)
+(typeattribute device_28_0)
+(roletype object_r device_28_0)
+(type alarm_device)
+(typeattribute alarm_device_28_0)
+(roletype object_r alarm_device_28_0)
+(type ashmem_device)
+(typeattribute ashmem_device_28_0)
+(roletype object_r ashmem_device_28_0)
+(type audio_device)
+(typeattribute audio_device_28_0)
+(roletype object_r audio_device_28_0)
+(type audio_timer_device)
+(typeattribute audio_timer_device_28_0)
+(roletype object_r audio_timer_device_28_0)
+(type audio_seq_device)
+(typeattribute audio_seq_device_28_0)
+(roletype object_r audio_seq_device_28_0)
+(type binder_device)
+(typeattribute binder_device_28_0)
+(roletype object_r binder_device_28_0)
+(type hwbinder_device)
+(typeattribute hwbinder_device_28_0)
+(roletype object_r hwbinder_device_28_0)
+(type vndbinder_device)
+(typeattribute vndbinder_device_28_0)
+(roletype object_r vndbinder_device_28_0)
+(type block_device)
+(typeattribute block_device_28_0)
+(roletype object_r block_device_28_0)
+(type camera_device)
+(typeattribute camera_device_28_0)
+(roletype object_r camera_device_28_0)
+(type dm_device)
+(typeattribute dm_device_28_0)
+(roletype object_r dm_device_28_0)
+(type keychord_device)
+(typeattribute keychord_device_28_0)
+(roletype object_r keychord_device_28_0)
+(type loop_control_device)
+(typeattribute loop_control_device_28_0)
+(roletype object_r loop_control_device_28_0)
+(type loop_device)
+(typeattribute loop_device_28_0)
+(roletype object_r loop_device_28_0)
+(type pmsg_device)
+(typeattribute pmsg_device_28_0)
+(roletype object_r pmsg_device_28_0)
+(type radio_device)
+(typeattribute radio_device_28_0)
+(roletype object_r radio_device_28_0)
+(type ram_device)
+(typeattribute ram_device_28_0)
+(roletype object_r ram_device_28_0)
+(type rtc_device)
+(typeattribute rtc_device_28_0)
+(roletype object_r rtc_device_28_0)
+(type vold_device)
+(typeattribute vold_device_28_0)
+(roletype object_r vold_device_28_0)
+(type console_device)
+(typeattribute console_device_28_0)
+(roletype object_r console_device_28_0)
+(type cpuctl_device)
+(typeattribute cpuctl_device_28_0)
+(roletype object_r cpuctl_device_28_0)
+(type fscklogs)
+(typeattribute fscklogs_28_0)
+(roletype object_r fscklogs_28_0)
+(type full_device)
+(typeattribute full_device_28_0)
+(roletype object_r full_device_28_0)
+(type gpu_device)
+(typeattribute gpu_device_28_0)
+(roletype object_r gpu_device_28_0)
+(type graphics_device)
+(typeattribute graphics_device_28_0)
+(roletype object_r graphics_device_28_0)
+(type hw_random_device)
+(typeattribute hw_random_device_28_0)
+(roletype object_r hw_random_device_28_0)
+(type input_device)
+(typeattribute input_device_28_0)
+(roletype object_r input_device_28_0)
+(type kmem_device)
+(typeattribute kmem_device_28_0)
+(roletype object_r kmem_device_28_0)
+(type port_device)
+(typeattribute port_device_28_0)
+(roletype object_r port_device_28_0)
+(type lowpan_device)
+(typeattribute lowpan_device_28_0)
+(roletype object_r lowpan_device_28_0)
+(type mtd_device)
+(typeattribute mtd_device_28_0)
+(roletype object_r mtd_device_28_0)
+(type mtp_device)
+(typeattribute mtp_device_28_0)
+(roletype object_r mtp_device_28_0)
+(type nfc_device)
+(typeattribute nfc_device_28_0)
+(roletype object_r nfc_device_28_0)
+(type ptmx_device)
+(typeattribute ptmx_device_28_0)
+(roletype object_r ptmx_device_28_0)
+(type kmsg_device)
+(typeattribute kmsg_device_28_0)
+(roletype object_r kmsg_device_28_0)
+(type kmsg_debug_device)
+(typeattribute kmsg_debug_device_28_0)
+(roletype object_r kmsg_debug_device_28_0)
+(type null_device)
+(typeattribute null_device_28_0)
+(roletype object_r null_device_28_0)
+(type random_device)
+(typeattribute random_device_28_0)
+(roletype object_r random_device_28_0)
+(type secure_element_device)
+(typeattribute secure_element_device_28_0)
+(roletype object_r secure_element_device_28_0)
+(type sensors_device)
+(typeattribute sensors_device_28_0)
+(roletype object_r sensors_device_28_0)
+(type serial_device)
+(typeattribute serial_device_28_0)
+(roletype object_r serial_device_28_0)
+(type socket_device)
+(typeattribute socket_device_28_0)
+(roletype object_r socket_device_28_0)
+(type owntty_device)
+(typeattribute owntty_device_28_0)
+(roletype object_r owntty_device_28_0)
+(type tty_device)
+(typeattribute tty_device_28_0)
+(roletype object_r tty_device_28_0)
+(type video_device)
+(typeattribute video_device_28_0)
+(roletype object_r video_device_28_0)
+(type vcs_device)
+(typeattribute vcs_device_28_0)
+(roletype object_r vcs_device_28_0)
+(type zero_device)
+(typeattribute zero_device_28_0)
+(roletype object_r zero_device_28_0)
+(type fuse_device)
+(typeattribute fuse_device_28_0)
+(roletype object_r fuse_device_28_0)
+(type iio_device)
+(typeattribute iio_device_28_0)
+(roletype object_r iio_device_28_0)
+(type ion_device)
+(typeattribute ion_device_28_0)
+(roletype object_r ion_device_28_0)
+(type qtaguid_device)
+(typeattribute qtaguid_device_28_0)
+(roletype object_r qtaguid_device_28_0)
+(type watchdog_device)
+(typeattribute watchdog_device_28_0)
+(roletype object_r watchdog_device_28_0)
+(type uhid_device)
+(typeattribute uhid_device_28_0)
+(roletype object_r uhid_device_28_0)
+(type uio_device)
+(typeattribute uio_device_28_0)
+(roletype object_r uio_device_28_0)
+(type tun_device)
+(typeattribute tun_device_28_0)
+(roletype object_r tun_device_28_0)
+(type usbaccessory_device)
+(typeattribute usbaccessory_device_28_0)
+(roletype object_r usbaccessory_device_28_0)
+(type usb_device)
+(typeattribute usb_device_28_0)
+(roletype object_r usb_device_28_0)
+(type properties_device)
+(typeattribute properties_device_28_0)
+(roletype object_r properties_device_28_0)
+(type properties_serial)
+(typeattribute properties_serial_28_0)
+(roletype object_r properties_serial_28_0)
+(type property_info)
+(typeattribute property_info_28_0)
+(roletype object_r property_info_28_0)
+(type i2c_device)
+(typeattribute i2c_device_28_0)
+(roletype object_r i2c_device_28_0)
+(type hci_attach_dev)
+(typeattribute hci_attach_dev_28_0)
+(roletype object_r hci_attach_dev_28_0)
+(type rpmsg_device)
+(typeattribute rpmsg_device_28_0)
+(roletype object_r rpmsg_device_28_0)
+(type root_block_device)
+(typeattribute root_block_device_28_0)
+(roletype object_r root_block_device_28_0)
+(type frp_block_device)
+(typeattribute frp_block_device_28_0)
+(roletype object_r frp_block_device_28_0)
+(type system_block_device)
+(typeattribute system_block_device_28_0)
+(roletype object_r system_block_device_28_0)
+(type recovery_block_device)
+(typeattribute recovery_block_device_28_0)
+(roletype object_r recovery_block_device_28_0)
+(type boot_block_device)
+(typeattribute boot_block_device_28_0)
+(roletype object_r boot_block_device_28_0)
+(type userdata_block_device)
+(typeattribute userdata_block_device_28_0)
+(roletype object_r userdata_block_device_28_0)
+(type cache_block_device)
+(typeattribute cache_block_device_28_0)
+(roletype object_r cache_block_device_28_0)
+(type swap_block_device)
+(typeattribute swap_block_device_28_0)
+(roletype object_r swap_block_device_28_0)
+(type metadata_block_device)
+(typeattribute metadata_block_device_28_0)
+(roletype object_r metadata_block_device_28_0)
+(type misc_block_device)
+(typeattribute misc_block_device_28_0)
+(roletype object_r misc_block_device_28_0)
+(type dex2oat)
+(typeattribute dex2oat_28_0)
+(roletype object_r dex2oat_28_0)
+(type dex2oat_exec)
+(typeattribute dex2oat_exec_28_0)
+(roletype object_r dex2oat_exec_28_0)
+(type dhcp)
+(typeattribute dhcp_28_0)
+(roletype object_r dhcp_28_0)
+(type dhcp_exec)
+(typeattribute dhcp_exec_28_0)
+(roletype object_r dhcp_exec_28_0)
+(type dnsmasq)
+(typeattribute dnsmasq_28_0)
+(roletype object_r dnsmasq_28_0)
+(type dnsmasq_exec)
+(typeattribute dnsmasq_exec_28_0)
+(roletype object_r dnsmasq_exec_28_0)
+(type drmserver)
+(typeattribute drmserver_28_0)
+(roletype object_r drmserver_28_0)
+(type drmserver_exec)
+(typeattribute drmserver_exec_28_0)
+(roletype object_r drmserver_exec_28_0)
+(type drmserver_socket)
+(typeattribute drmserver_socket_28_0)
+(roletype object_r drmserver_socket_28_0)
+(type dumpstate)
+(typeattribute dumpstate_28_0)
+(roletype object_r dumpstate_28_0)
+(type dumpstate_exec)
+(typeattribute dumpstate_exec_28_0)
+(roletype object_r dumpstate_exec_28_0)
+(type e2fs)
+(typeattribute e2fs_28_0)
+(roletype object_r e2fs_28_0)
+(type e2fs_exec)
+(typeattribute e2fs_exec_28_0)
+(roletype object_r e2fs_exec_28_0)
+(type ephemeral_app)
+(typeattribute ephemeral_app_28_0)
+(roletype object_r ephemeral_app_28_0)
+(type labeledfs)
+(typeattribute labeledfs_28_0)
+(roletype object_r labeledfs_28_0)
+(type pipefs)
+(typeattribute pipefs_28_0)
+(roletype object_r pipefs_28_0)
+(type sockfs)
+(typeattribute sockfs_28_0)
+(roletype object_r sockfs_28_0)
+(type rootfs)
+(typeattribute rootfs_28_0)
+(roletype object_r rootfs_28_0)
+(type proc)
+(typeattribute proc_28_0)
+(roletype object_r proc_28_0)
+(type proc_security)
+(typeattribute proc_security_28_0)
+(roletype object_r proc_security_28_0)
+(type proc_drop_caches)
+(typeattribute proc_drop_caches_28_0)
+(roletype object_r proc_drop_caches_28_0)
+(type proc_overcommit_memory)
+(typeattribute proc_overcommit_memory_28_0)
+(roletype object_r proc_overcommit_memory_28_0)
+(type proc_min_free_order_shift)
+(typeattribute proc_min_free_order_shift_28_0)
+(roletype object_r proc_min_free_order_shift_28_0)
+(type usermodehelper)
+(typeattribute usermodehelper_28_0)
+(roletype object_r usermodehelper_28_0)
+(type sysfs_usermodehelper)
+(typeattribute sysfs_usermodehelper_28_0)
+(roletype object_r sysfs_usermodehelper_28_0)
+(type qtaguid_proc)
+(typeattribute qtaguid_proc_28_0)
+(roletype object_r qtaguid_proc_28_0)
+(type proc_qtaguid_stat)
+(typeattribute proc_qtaguid_stat_28_0)
+(roletype object_r proc_qtaguid_stat_28_0)
+(type proc_bluetooth_writable)
+(typeattribute proc_bluetooth_writable_28_0)
+(roletype object_r proc_bluetooth_writable_28_0)
+(type proc_abi)
+(typeattribute proc_abi_28_0)
+(roletype object_r proc_abi_28_0)
+(type proc_asound)
+(typeattribute proc_asound_28_0)
+(roletype object_r proc_asound_28_0)
+(type proc_buddyinfo)
+(typeattribute proc_buddyinfo_28_0)
+(roletype object_r proc_buddyinfo_28_0)
+(type proc_cmdline)
+(typeattribute proc_cmdline_28_0)
+(roletype object_r proc_cmdline_28_0)
+(type proc_cpuinfo)
+(typeattribute proc_cpuinfo_28_0)
+(roletype object_r proc_cpuinfo_28_0)
+(type proc_dirty)
+(typeattribute proc_dirty_28_0)
+(roletype object_r proc_dirty_28_0)
+(type proc_diskstats)
+(typeattribute proc_diskstats_28_0)
+(roletype object_r proc_diskstats_28_0)
+(type proc_extra_free_kbytes)
+(typeattribute proc_extra_free_kbytes_28_0)
+(roletype object_r proc_extra_free_kbytes_28_0)
+(type proc_filesystems)
+(typeattribute proc_filesystems_28_0)
+(roletype object_r proc_filesystems_28_0)
+(type proc_hostname)
+(typeattribute proc_hostname_28_0)
+(roletype object_r proc_hostname_28_0)
+(type proc_hung_task)
+(typeattribute proc_hung_task_28_0)
+(roletype object_r proc_hung_task_28_0)
+(type proc_interrupts)
+(typeattribute proc_interrupts_28_0)
+(roletype object_r proc_interrupts_28_0)
+(type proc_iomem)
+(typeattribute proc_iomem_28_0)
+(roletype object_r proc_iomem_28_0)
+(type proc_kmsg)
+(typeattribute proc_kmsg_28_0)
+(roletype object_r proc_kmsg_28_0)
+(type proc_loadavg)
+(typeattribute proc_loadavg_28_0)
+(roletype object_r proc_loadavg_28_0)
+(type proc_max_map_count)
+(typeattribute proc_max_map_count_28_0)
+(roletype object_r proc_max_map_count_28_0)
+(type proc_meminfo)
+(typeattribute proc_meminfo_28_0)
+(roletype object_r proc_meminfo_28_0)
+(type proc_misc)
+(typeattribute proc_misc_28_0)
+(roletype object_r proc_misc_28_0)
+(type proc_modules)
+(typeattribute proc_modules_28_0)
+(roletype object_r proc_modules_28_0)
+(type proc_mounts)
+(typeattribute proc_mounts_28_0)
+(roletype object_r proc_mounts_28_0)
+(type proc_net)
+(typeattribute proc_net_28_0)
+(roletype object_r proc_net_28_0)
+(type proc_page_cluster)
+(typeattribute proc_page_cluster_28_0)
+(roletype object_r proc_page_cluster_28_0)
+(type proc_pagetypeinfo)
+(typeattribute proc_pagetypeinfo_28_0)
+(roletype object_r proc_pagetypeinfo_28_0)
+(type proc_panic)
+(typeattribute proc_panic_28_0)
+(roletype object_r proc_panic_28_0)
+(type proc_perf)
+(typeattribute proc_perf_28_0)
+(roletype object_r proc_perf_28_0)
+(type proc_pid_max)
+(typeattribute proc_pid_max_28_0)
+(roletype object_r proc_pid_max_28_0)
+(type proc_pipe_conf)
+(typeattribute proc_pipe_conf_28_0)
+(roletype object_r proc_pipe_conf_28_0)
+(type proc_random)
+(typeattribute proc_random_28_0)
+(roletype object_r proc_random_28_0)
+(type proc_sched)
+(typeattribute proc_sched_28_0)
+(roletype object_r proc_sched_28_0)
+(type proc_stat)
+(typeattribute proc_stat_28_0)
+(roletype object_r proc_stat_28_0)
+(type proc_swaps)
+(typeattribute proc_swaps_28_0)
+(roletype object_r proc_swaps_28_0)
+(type proc_sysrq)
+(typeattribute proc_sysrq_28_0)
+(roletype object_r proc_sysrq_28_0)
+(type proc_timer)
+(typeattribute proc_timer_28_0)
+(roletype object_r proc_timer_28_0)
+(type proc_tty_drivers)
+(typeattribute proc_tty_drivers_28_0)
+(roletype object_r proc_tty_drivers_28_0)
+(type proc_uid_cputime_showstat)
+(typeattribute proc_uid_cputime_showstat_28_0)
+(roletype object_r proc_uid_cputime_showstat_28_0)
+(type proc_uid_cputime_removeuid)
+(typeattribute proc_uid_cputime_removeuid_28_0)
+(roletype object_r proc_uid_cputime_removeuid_28_0)
+(type proc_uid_io_stats)
+(typeattribute proc_uid_io_stats_28_0)
+(roletype object_r proc_uid_io_stats_28_0)
+(type proc_uid_procstat_set)
+(typeattribute proc_uid_procstat_set_28_0)
+(roletype object_r proc_uid_procstat_set_28_0)
+(type proc_uid_time_in_state)
+(typeattribute proc_uid_time_in_state_28_0)
+(roletype object_r proc_uid_time_in_state_28_0)
+(type proc_uid_concurrent_active_time)
+(typeattribute proc_uid_concurrent_active_time_28_0)
+(roletype object_r proc_uid_concurrent_active_time_28_0)
+(type proc_uid_concurrent_policy_time)
+(typeattribute proc_uid_concurrent_policy_time_28_0)
+(roletype object_r proc_uid_concurrent_policy_time_28_0)
+(type proc_uid_cpupower)
+(typeattribute proc_uid_cpupower_28_0)
+(roletype object_r proc_uid_cpupower_28_0)
+(type proc_uptime)
+(typeattribute proc_uptime_28_0)
+(roletype object_r proc_uptime_28_0)
+(type proc_version)
+(typeattribute proc_version_28_0)
+(roletype object_r proc_version_28_0)
+(type proc_vmallocinfo)
+(typeattribute proc_vmallocinfo_28_0)
+(roletype object_r proc_vmallocinfo_28_0)
+(type proc_vmstat)
+(typeattribute proc_vmstat_28_0)
+(roletype object_r proc_vmstat_28_0)
+(type proc_zoneinfo)
+(typeattribute proc_zoneinfo_28_0)
+(roletype object_r proc_zoneinfo_28_0)
+(type selinuxfs)
+(typeattribute selinuxfs_28_0)
+(roletype object_r selinuxfs_28_0)
+(type cgroup)
+(typeattribute cgroup_28_0)
+(roletype object_r cgroup_28_0)
+(type cgroup_bpf)
+(typeattribute cgroup_bpf_28_0)
+(roletype object_r cgroup_bpf_28_0)
+(type sysfs)
+(typeattribute sysfs_28_0)
+(roletype object_r sysfs_28_0)
+(type sysfs_android_usb)
+(typeattribute sysfs_android_usb_28_0)
+(roletype object_r sysfs_android_usb_28_0)
+(type sysfs_uio)
+(typeattribute sysfs_uio_28_0)
+(roletype object_r sysfs_uio_28_0)
+(type sysfs_batteryinfo)
+(typeattribute sysfs_batteryinfo_28_0)
+(roletype object_r sysfs_batteryinfo_28_0)
+(type sysfs_bluetooth_writable)
+(typeattribute sysfs_bluetooth_writable_28_0)
+(roletype object_r sysfs_bluetooth_writable_28_0)
+(type sysfs_dm)
+(typeattribute sysfs_dm_28_0)
+(roletype object_r sysfs_dm_28_0)
+(type sysfs_dt_firmware_android)
+(typeattribute sysfs_dt_firmware_android_28_0)
+(roletype object_r sysfs_dt_firmware_android_28_0)
+(type sysfs_ipv4)
+(typeattribute sysfs_ipv4_28_0)
+(roletype object_r sysfs_ipv4_28_0)
+(type sysfs_kernel_notes)
+(typeattribute sysfs_kernel_notes_28_0)
+(roletype object_r sysfs_kernel_notes_28_0)
+(type sysfs_leds)
+(typeattribute sysfs_leds_28_0)
+(roletype object_r sysfs_leds_28_0)
+(type sysfs_hwrandom)
+(typeattribute sysfs_hwrandom_28_0)
+(roletype object_r sysfs_hwrandom_28_0)
+(type sysfs_nfc_power_writable)
+(typeattribute sysfs_nfc_power_writable_28_0)
+(roletype object_r sysfs_nfc_power_writable_28_0)
+(type sysfs_wake_lock)
+(typeattribute sysfs_wake_lock_28_0)
+(roletype object_r sysfs_wake_lock_28_0)
+(type sysfs_mac_address)
+(typeattribute sysfs_mac_address_28_0)
+(roletype object_r sysfs_mac_address_28_0)
+(type sysfs_net)
+(typeattribute sysfs_net_28_0)
+(roletype object_r sysfs_net_28_0)
+(type sysfs_power)
+(typeattribute sysfs_power_28_0)
+(roletype object_r sysfs_power_28_0)
+(type sysfs_rtc)
+(typeattribute sysfs_rtc_28_0)
+(roletype object_r sysfs_rtc_28_0)
+(type sysfs_switch)
+(typeattribute sysfs_switch_28_0)
+(roletype object_r sysfs_switch_28_0)
+(type sysfs_usb)
+(typeattribute sysfs_usb_28_0)
+(roletype object_r sysfs_usb_28_0)
+(type sysfs_wakeup_reasons)
+(typeattribute sysfs_wakeup_reasons_28_0)
+(roletype object_r sysfs_wakeup_reasons_28_0)
+(type sysfs_fs_ext4_features)
+(typeattribute sysfs_fs_ext4_features_28_0)
+(roletype object_r sysfs_fs_ext4_features_28_0)
+(type fs_bpf)
+(typeattribute fs_bpf_28_0)
+(roletype object_r fs_bpf_28_0)
+(type configfs)
+(typeattribute configfs_28_0)
+(roletype object_r configfs_28_0)
+(type sysfs_devices_system_cpu)
+(typeattribute sysfs_devices_system_cpu_28_0)
+(roletype object_r sysfs_devices_system_cpu_28_0)
+(type sysfs_lowmemorykiller)
+(typeattribute sysfs_lowmemorykiller_28_0)
+(roletype object_r sysfs_lowmemorykiller_28_0)
+(type sysfs_wlan_fwpath)
+(typeattribute sysfs_wlan_fwpath_28_0)
+(roletype object_r sysfs_wlan_fwpath_28_0)
+(type sysfs_vibrator)
+(typeattribute sysfs_vibrator_28_0)
+(roletype object_r sysfs_vibrator_28_0)
+(type sysfs_thermal)
+(typeattribute sysfs_thermal_28_0)
+(roletype object_r sysfs_thermal_28_0)
+(type sysfs_zram)
+(typeattribute sysfs_zram_28_0)
+(roletype object_r sysfs_zram_28_0)
+(type sysfs_zram_uevent)
+(typeattribute sysfs_zram_uevent_28_0)
+(roletype object_r sysfs_zram_uevent_28_0)
+(type inotify)
+(typeattribute inotify_28_0)
+(roletype object_r inotify_28_0)
+(type devpts)
+(typeattribute devpts_28_0)
+(roletype object_r devpts_28_0)
+(type tmpfs)
+(typeattribute tmpfs_28_0)
+(roletype object_r tmpfs_28_0)
+(type shm)
+(typeattribute shm_28_0)
+(roletype object_r shm_28_0)
+(type mqueue)
+(typeattribute mqueue_28_0)
+(roletype object_r mqueue_28_0)
+(type fuse)
+(typeattribute fuse_28_0)
+(roletype object_r fuse_28_0)
+(type sdcardfs)
+(typeattribute sdcardfs_28_0)
+(roletype object_r sdcardfs_28_0)
+(type vfat)
+(typeattribute vfat_28_0)
+(roletype object_r vfat_28_0)
+(type exfat)
+(typeattribute exfat_28_0)
+(roletype object_r exfat_28_0)
+(type debugfs)
+(typeattribute debugfs_28_0)
+(roletype object_r debugfs_28_0)
+(type debugfs_mmc)
+(typeattribute debugfs_mmc_28_0)
+(roletype object_r debugfs_mmc_28_0)
+(type debugfs_trace_marker)
+(typeattribute debugfs_trace_marker_28_0)
+(roletype object_r debugfs_trace_marker_28_0)
+(type debugfs_tracing)
+(typeattribute debugfs_tracing_28_0)
+(roletype object_r debugfs_tracing_28_0)
+(type debugfs_tracing_debug)
+(typeattribute debugfs_tracing_debug_28_0)
+(roletype object_r debugfs_tracing_debug_28_0)
+(type debugfs_tracing_instances)
+(typeattribute debugfs_tracing_instances_28_0)
+(roletype object_r debugfs_tracing_instances_28_0)
+(type debugfs_wakeup_sources)
+(typeattribute debugfs_wakeup_sources_28_0)
+(roletype object_r debugfs_wakeup_sources_28_0)
+(type debugfs_wifi_tracing)
+(typeattribute debugfs_wifi_tracing_28_0)
+(roletype object_r debugfs_wifi_tracing_28_0)
+(type pstorefs)
+(typeattribute pstorefs_28_0)
+(roletype object_r pstorefs_28_0)
+(type functionfs)
+(typeattribute functionfs_28_0)
+(roletype object_r functionfs_28_0)
+(type oemfs)
+(typeattribute oemfs_28_0)
+(roletype object_r oemfs_28_0)
+(type usbfs)
+(typeattribute usbfs_28_0)
+(roletype object_r usbfs_28_0)
+(type binfmt_miscfs)
+(typeattribute binfmt_miscfs_28_0)
+(roletype object_r binfmt_miscfs_28_0)
+(type app_fusefs)
+(typeattribute app_fusefs_28_0)
+(roletype object_r app_fusefs_28_0)
+(type unlabeled)
+(typeattribute unlabeled_28_0)
+(roletype object_r unlabeled_28_0)
+(type system_file)
+(typeattribute system_file_28_0)
+(roletype object_r system_file_28_0)
+(type vendor_hal_file)
+(typeattribute vendor_hal_file_28_0)
+(roletype object_r vendor_hal_file_28_0)
+(type vendor_file)
+(typeattribute vendor_file_28_0)
+(roletype object_r vendor_file_28_0)
+(type vendor_app_file)
+(typeattribute vendor_app_file_28_0)
+(roletype object_r vendor_app_file_28_0)
+(type vendor_configs_file)
+(typeattribute vendor_configs_file_28_0)
+(roletype object_r vendor_configs_file_28_0)
+(type same_process_hal_file)
+(typeattribute same_process_hal_file_28_0)
+(roletype object_r same_process_hal_file_28_0)
+(type vndk_sp_file)
+(typeattribute vndk_sp_file_28_0)
+(roletype object_r vndk_sp_file_28_0)
+(type vendor_framework_file)
+(typeattribute vendor_framework_file_28_0)
+(roletype object_r vendor_framework_file_28_0)
+(type vendor_overlay_file)
+(typeattribute vendor_overlay_file_28_0)
+(roletype object_r vendor_overlay_file_28_0)
+(type metadata_file)
+(typeattribute metadata_file_28_0)
+(roletype object_r metadata_file_28_0)
+(type vold_metadata_file)
+(typeattribute vold_metadata_file_28_0)
+(roletype object_r vold_metadata_file_28_0)
+(type runtime_event_log_tags_file)
+(typeattribute runtime_event_log_tags_file_28_0)
+(roletype object_r runtime_event_log_tags_file_28_0)
+(type logcat_exec)
+(typeattribute logcat_exec_28_0)
+(roletype object_r logcat_exec_28_0)
+(type coredump_file)
+(typeattribute coredump_file_28_0)
+(roletype object_r coredump_file_28_0)
+(type system_data_file)
+(typeattribute system_data_file_28_0)
+(roletype object_r system_data_file_28_0)
+(type vendor_data_file)
+(typeattribute vendor_data_file_28_0)
+(roletype object_r vendor_data_file_28_0)
+(type unencrypted_data_file)
+(typeattribute unencrypted_data_file_28_0)
+(roletype object_r unencrypted_data_file_28_0)
+(type install_data_file)
+(typeattribute install_data_file_28_0)
+(roletype object_r install_data_file_28_0)
+(type drm_data_file)
+(typeattribute drm_data_file_28_0)
+(roletype object_r drm_data_file_28_0)
+(type adb_data_file)
+(typeattribute adb_data_file_28_0)
+(roletype object_r adb_data_file_28_0)
+(type anr_data_file)
+(typeattribute anr_data_file_28_0)
+(roletype object_r anr_data_file_28_0)
+(type tombstone_data_file)
+(typeattribute tombstone_data_file_28_0)
+(roletype object_r tombstone_data_file_28_0)
+(type tombstone_wifi_data_file)
+(typeattribute tombstone_wifi_data_file_28_0)
+(roletype object_r tombstone_wifi_data_file_28_0)
+(type apk_data_file)
+(typeattribute apk_data_file_28_0)
+(roletype object_r apk_data_file_28_0)
+(type apk_tmp_file)
+(typeattribute apk_tmp_file_28_0)
+(roletype object_r apk_tmp_file_28_0)
+(type apk_private_data_file)
+(typeattribute apk_private_data_file_28_0)
+(roletype object_r apk_private_data_file_28_0)
+(type apk_private_tmp_file)
+(typeattribute apk_private_tmp_file_28_0)
+(roletype object_r apk_private_tmp_file_28_0)
+(type dalvikcache_data_file)
+(typeattribute dalvikcache_data_file_28_0)
+(roletype object_r dalvikcache_data_file_28_0)
+(type ota_data_file)
+(typeattribute ota_data_file_28_0)
+(roletype object_r ota_data_file_28_0)
+(type ota_package_file)
+(typeattribute ota_package_file_28_0)
+(roletype object_r ota_package_file_28_0)
+(type user_profile_data_file)
+(typeattribute user_profile_data_file_28_0)
+(roletype object_r user_profile_data_file_28_0)
+(type profman_dump_data_file)
+(typeattribute profman_dump_data_file_28_0)
+(roletype object_r profman_dump_data_file_28_0)
+(type resourcecache_data_file)
+(typeattribute resourcecache_data_file_28_0)
+(roletype object_r resourcecache_data_file_28_0)
+(type shell_data_file)
+(typeattribute shell_data_file_28_0)
+(roletype object_r shell_data_file_28_0)
+(type property_data_file)
+(typeattribute property_data_file_28_0)
+(roletype object_r property_data_file_28_0)
+(type bootchart_data_file)
+(typeattribute bootchart_data_file_28_0)
+(roletype object_r bootchart_data_file_28_0)
+(type heapdump_data_file)
+(typeattribute heapdump_data_file_28_0)
+(roletype object_r heapdump_data_file_28_0)
+(type nativetest_data_file)
+(typeattribute nativetest_data_file_28_0)
+(roletype object_r nativetest_data_file_28_0)
+(type ringtone_file)
+(typeattribute ringtone_file_28_0)
+(roletype object_r ringtone_file_28_0)
+(type preloads_data_file)
+(typeattribute preloads_data_file_28_0)
+(roletype object_r preloads_data_file_28_0)
+(type preloads_media_file)
+(typeattribute preloads_media_file_28_0)
+(roletype object_r preloads_media_file_28_0)
+(type dhcp_data_file)
+(typeattribute dhcp_data_file_28_0)
+(roletype object_r dhcp_data_file_28_0)
+(type mnt_media_rw_file)
+(typeattribute mnt_media_rw_file_28_0)
+(roletype object_r mnt_media_rw_file_28_0)
+(type mnt_user_file)
+(typeattribute mnt_user_file_28_0)
+(roletype object_r mnt_user_file_28_0)
+(type mnt_expand_file)
+(typeattribute mnt_expand_file_28_0)
+(roletype object_r mnt_expand_file_28_0)
+(type storage_file)
+(typeattribute storage_file_28_0)
+(roletype object_r storage_file_28_0)
+(type mnt_media_rw_stub_file)
+(typeattribute mnt_media_rw_stub_file_28_0)
+(roletype object_r mnt_media_rw_stub_file_28_0)
+(type storage_stub_file)
+(typeattribute storage_stub_file_28_0)
+(roletype object_r storage_stub_file_28_0)
+(type mnt_vendor_file)
+(typeattribute mnt_vendor_file_28_0)
+(roletype object_r mnt_vendor_file_28_0)
+(type postinstall_mnt_dir)
+(typeattribute postinstall_mnt_dir_28_0)
+(roletype object_r postinstall_mnt_dir_28_0)
+(type postinstall_file)
+(typeattribute postinstall_file_28_0)
+(roletype object_r postinstall_file_28_0)
+(type adb_keys_file)
+(typeattribute adb_keys_file_28_0)
+(roletype object_r adb_keys_file_28_0)
+(type audio_data_file)
+(typeattribute audio_data_file_28_0)
+(roletype object_r audio_data_file_28_0)
+(type audioserver_data_file)
+(typeattribute audioserver_data_file_28_0)
+(roletype object_r audioserver_data_file_28_0)
+(type bluetooth_data_file)
+(typeattribute bluetooth_data_file_28_0)
+(roletype object_r bluetooth_data_file_28_0)
+(type bluetooth_logs_data_file)
+(typeattribute bluetooth_logs_data_file_28_0)
+(roletype object_r bluetooth_logs_data_file_28_0)
+(type bootstat_data_file)
+(typeattribute bootstat_data_file_28_0)
+(roletype object_r bootstat_data_file_28_0)
+(type boottrace_data_file)
+(typeattribute boottrace_data_file_28_0)
+(roletype object_r boottrace_data_file_28_0)
+(type camera_data_file)
+(typeattribute camera_data_file_28_0)
+(roletype object_r camera_data_file_28_0)
+(type gatekeeper_data_file)
+(typeattribute gatekeeper_data_file_28_0)
+(roletype object_r gatekeeper_data_file_28_0)
+(type incident_data_file)
+(typeattribute incident_data_file_28_0)
+(roletype object_r incident_data_file_28_0)
+(type keychain_data_file)
+(typeattribute keychain_data_file_28_0)
+(roletype object_r keychain_data_file_28_0)
+(type keystore_data_file)
+(typeattribute keystore_data_file_28_0)
+(roletype object_r keystore_data_file_28_0)
+(type media_data_file)
+(typeattribute media_data_file_28_0)
+(roletype object_r media_data_file_28_0)
+(type media_rw_data_file)
+(typeattribute media_rw_data_file_28_0)
+(roletype object_r media_rw_data_file_28_0)
+(type misc_user_data_file)
+(typeattribute misc_user_data_file_28_0)
+(roletype object_r misc_user_data_file_28_0)
+(type net_data_file)
+(typeattribute net_data_file_28_0)
+(roletype object_r net_data_file_28_0)
+(type network_watchlist_data_file)
+(typeattribute network_watchlist_data_file_28_0)
+(roletype object_r network_watchlist_data_file_28_0)
+(type nfc_data_file)
+(typeattribute nfc_data_file_28_0)
+(roletype object_r nfc_data_file_28_0)
+(type radio_data_file)
+(typeattribute radio_data_file_28_0)
+(roletype object_r radio_data_file_28_0)
+(type recovery_data_file)
+(typeattribute recovery_data_file_28_0)
+(roletype object_r recovery_data_file_28_0)
+(type shared_relro_file)
+(typeattribute shared_relro_file_28_0)
+(roletype object_r shared_relro_file_28_0)
+(type systemkeys_data_file)
+(typeattribute systemkeys_data_file_28_0)
+(roletype object_r systemkeys_data_file_28_0)
+(type textclassifier_data_file)
+(typeattribute textclassifier_data_file_28_0)
+(roletype object_r textclassifier_data_file_28_0)
+(type trace_data_file)
+(typeattribute trace_data_file_28_0)
+(roletype object_r trace_data_file_28_0)
+(type vpn_data_file)
+(typeattribute vpn_data_file_28_0)
+(roletype object_r vpn_data_file_28_0)
+(type wifi_data_file)
+(typeattribute wifi_data_file_28_0)
+(roletype object_r wifi_data_file_28_0)
+(type zoneinfo_data_file)
+(typeattribute zoneinfo_data_file_28_0)
+(roletype object_r zoneinfo_data_file_28_0)
+(type vold_data_file)
+(typeattribute vold_data_file_28_0)
+(roletype object_r vold_data_file_28_0)
+(type perfprofd_data_file)
+(typeattribute perfprofd_data_file_28_0)
+(roletype object_r perfprofd_data_file_28_0)
+(type tee_data_file)
+(typeattribute tee_data_file_28_0)
+(roletype object_r tee_data_file_28_0)
+(type update_engine_data_file)
+(typeattribute update_engine_data_file_28_0)
+(roletype object_r update_engine_data_file_28_0)
+(type update_engine_log_data_file)
+(typeattribute update_engine_log_data_file_28_0)
+(roletype object_r update_engine_log_data_file_28_0)
+(type method_trace_data_file)
+(typeattribute method_trace_data_file_28_0)
+(roletype object_r method_trace_data_file_28_0)
+(type app_data_file)
+(typeattribute app_data_file_28_0)
+(roletype object_r app_data_file_28_0)
+(type system_app_data_file)
+(typeattribute system_app_data_file_28_0)
+(roletype object_r system_app_data_file_28_0)
+(type cache_file)
+(typeattribute cache_file_28_0)
+(roletype object_r cache_file_28_0)
+(type cache_backup_file)
+(typeattribute cache_backup_file_28_0)
+(roletype object_r cache_backup_file_28_0)
+(type cache_private_backup_file)
+(typeattribute cache_private_backup_file_28_0)
+(roletype object_r cache_private_backup_file_28_0)
+(type cache_recovery_file)
+(typeattribute cache_recovery_file_28_0)
+(roletype object_r cache_recovery_file_28_0)
+(type efs_file)
+(typeattribute efs_file_28_0)
+(roletype object_r efs_file_28_0)
+(type wallpaper_file)
+(typeattribute wallpaper_file_28_0)
+(roletype object_r wallpaper_file_28_0)
+(type shortcut_manager_icons)
+(typeattribute shortcut_manager_icons_28_0)
+(roletype object_r shortcut_manager_icons_28_0)
+(type icon_file)
+(typeattribute icon_file_28_0)
+(roletype object_r icon_file_28_0)
+(type asec_apk_file)
+(typeattribute asec_apk_file_28_0)
+(roletype object_r asec_apk_file_28_0)
+(type asec_public_file)
+(typeattribute asec_public_file_28_0)
+(roletype object_r asec_public_file_28_0)
+(type asec_image_file)
+(typeattribute asec_image_file_28_0)
+(roletype object_r asec_image_file_28_0)
+(type backup_data_file)
+(typeattribute backup_data_file_28_0)
+(roletype object_r backup_data_file_28_0)
+(type bluetooth_efs_file)
+(typeattribute bluetooth_efs_file_28_0)
+(roletype object_r bluetooth_efs_file_28_0)
+(type fingerprintd_data_file)
+(typeattribute fingerprintd_data_file_28_0)
+(roletype object_r fingerprintd_data_file_28_0)
+(type fingerprint_vendor_data_file)
+(typeattribute fingerprint_vendor_data_file_28_0)
+(roletype object_r fingerprint_vendor_data_file_28_0)
+(type app_fuse_file)
+(typeattribute app_fuse_file_28_0)
+(roletype object_r app_fuse_file_28_0)
+(type adbd_socket)
+(typeattribute adbd_socket_28_0)
+(roletype object_r adbd_socket_28_0)
+(type bluetooth_socket)
+(typeattribute bluetooth_socket_28_0)
+(roletype object_r bluetooth_socket_28_0)
+(type dnsproxyd_socket)
+(typeattribute dnsproxyd_socket_28_0)
+(roletype object_r dnsproxyd_socket_28_0)
+(type dumpstate_socket)
+(typeattribute dumpstate_socket_28_0)
+(roletype object_r dumpstate_socket_28_0)
+(type fwmarkd_socket)
+(typeattribute fwmarkd_socket_28_0)
+(roletype object_r fwmarkd_socket_28_0)
+(type lmkd_socket)
+(typeattribute lmkd_socket_28_0)
+(roletype object_r lmkd_socket_28_0)
+(type logd_socket)
+(typeattribute logd_socket_28_0)
+(roletype object_r logd_socket_28_0)
+(type logdr_socket)
+(typeattribute logdr_socket_28_0)
+(roletype object_r logdr_socket_28_0)
+(type logdw_socket)
+(typeattribute logdw_socket_28_0)
+(roletype object_r logdw_socket_28_0)
+(type mdns_socket)
+(typeattribute mdns_socket_28_0)
+(roletype object_r mdns_socket_28_0)
+(type mdnsd_socket)
+(typeattribute mdnsd_socket_28_0)
+(roletype object_r mdnsd_socket_28_0)
+(type misc_logd_file)
+(typeattribute misc_logd_file_28_0)
+(roletype object_r misc_logd_file_28_0)
+(type mtpd_socket)
+(typeattribute mtpd_socket_28_0)
+(roletype object_r mtpd_socket_28_0)
+(type netd_socket)
+(typeattribute netd_socket_28_0)
+(roletype object_r netd_socket_28_0)
+(type property_socket)
+(typeattribute property_socket_28_0)
+(roletype object_r property_socket_28_0)
+(type racoon_socket)
+(typeattribute racoon_socket_28_0)
+(roletype object_r racoon_socket_28_0)
+(type rild_socket)
+(typeattribute rild_socket_28_0)
+(roletype object_r rild_socket_28_0)
+(type rild_debug_socket)
+(typeattribute rild_debug_socket_28_0)
+(roletype object_r rild_debug_socket_28_0)
+(type system_wpa_socket)
+(typeattribute system_wpa_socket_28_0)
+(roletype object_r system_wpa_socket_28_0)
+(type system_ndebug_socket)
+(typeattribute system_ndebug_socket_28_0)
+(roletype object_r system_ndebug_socket_28_0)
+(type tombstoned_crash_socket)
+(typeattribute tombstoned_crash_socket_28_0)
+(roletype object_r tombstoned_crash_socket_28_0)
+(type tombstoned_java_trace_socket)
+(typeattribute tombstoned_java_trace_socket_28_0)
+(roletype object_r tombstoned_java_trace_socket_28_0)
+(type tombstoned_intercept_socket)
+(typeattribute tombstoned_intercept_socket_28_0)
+(roletype object_r tombstoned_intercept_socket_28_0)
+(type traced_producer_socket)
+(typeattribute traced_producer_socket_28_0)
+(roletype object_r traced_producer_socket_28_0)
+(type traced_consumer_socket)
+(typeattribute traced_consumer_socket_28_0)
+(roletype object_r traced_consumer_socket_28_0)
+(type uncrypt_socket)
+(typeattribute uncrypt_socket_28_0)
+(roletype object_r uncrypt_socket_28_0)
+(type wpa_socket)
+(typeattribute wpa_socket_28_0)
+(roletype object_r wpa_socket_28_0)
+(type zygote_socket)
+(typeattribute zygote_socket_28_0)
+(roletype object_r zygote_socket_28_0)
+(type gps_control)
+(typeattribute gps_control_28_0)
+(roletype object_r gps_control_28_0)
+(type pdx_display_dir)
+(typeattribute pdx_display_dir_28_0)
+(roletype object_r pdx_display_dir_28_0)
+(type pdx_performance_dir)
+(typeattribute pdx_performance_dir_28_0)
+(roletype object_r pdx_performance_dir_28_0)
+(type pdx_bufferhub_dir)
+(typeattribute pdx_bufferhub_dir_28_0)
+(roletype object_r pdx_bufferhub_dir_28_0)
+(type pdx_display_client_endpoint_socket)
+(typeattribute pdx_display_client_endpoint_socket_28_0)
+(roletype object_r pdx_display_client_endpoint_socket_28_0)
+(type pdx_display_client_channel_socket)
+(typeattribute pdx_display_client_channel_socket_28_0)
+(roletype object_r pdx_display_client_channel_socket_28_0)
+(type pdx_display_manager_endpoint_socket)
+(typeattribute pdx_display_manager_endpoint_socket_28_0)
+(roletype object_r pdx_display_manager_endpoint_socket_28_0)
+(type pdx_display_manager_channel_socket)
+(typeattribute pdx_display_manager_channel_socket_28_0)
+(roletype object_r pdx_display_manager_channel_socket_28_0)
+(type pdx_display_screenshot_endpoint_socket)
+(typeattribute pdx_display_screenshot_endpoint_socket_28_0)
+(roletype object_r pdx_display_screenshot_endpoint_socket_28_0)
+(type pdx_display_screenshot_channel_socket)
+(typeattribute pdx_display_screenshot_channel_socket_28_0)
+(roletype object_r pdx_display_screenshot_channel_socket_28_0)
+(type pdx_display_vsync_endpoint_socket)
+(typeattribute pdx_display_vsync_endpoint_socket_28_0)
+(roletype object_r pdx_display_vsync_endpoint_socket_28_0)
+(type pdx_display_vsync_channel_socket)
+(typeattribute pdx_display_vsync_channel_socket_28_0)
+(roletype object_r pdx_display_vsync_channel_socket_28_0)
+(type pdx_performance_client_endpoint_socket)
+(typeattribute pdx_performance_client_endpoint_socket_28_0)
+(roletype object_r pdx_performance_client_endpoint_socket_28_0)
+(type pdx_performance_client_channel_socket)
+(typeattribute pdx_performance_client_channel_socket_28_0)
+(roletype object_r pdx_performance_client_channel_socket_28_0)
+(type pdx_bufferhub_client_endpoint_socket)
+(typeattribute pdx_bufferhub_client_endpoint_socket_28_0)
+(roletype object_r pdx_bufferhub_client_endpoint_socket_28_0)
+(type pdx_bufferhub_client_channel_socket)
+(typeattribute pdx_bufferhub_client_channel_socket_28_0)
+(roletype object_r pdx_bufferhub_client_channel_socket_28_0)
+(type file_contexts_file)
+(typeattribute file_contexts_file_28_0)
+(roletype object_r file_contexts_file_28_0)
+(type mac_perms_file)
+(typeattribute mac_perms_file_28_0)
+(roletype object_r mac_perms_file_28_0)
+(type property_contexts_file)
+(typeattribute property_contexts_file_28_0)
+(roletype object_r property_contexts_file_28_0)
+(type seapp_contexts_file)
+(typeattribute seapp_contexts_file_28_0)
+(roletype object_r seapp_contexts_file_28_0)
+(type sepolicy_file)
+(typeattribute sepolicy_file_28_0)
+(roletype object_r sepolicy_file_28_0)
+(type service_contexts_file)
+(typeattribute service_contexts_file_28_0)
+(roletype object_r service_contexts_file_28_0)
+(type nonplat_service_contexts_file)
+(typeattribute nonplat_service_contexts_file_28_0)
+(roletype object_r nonplat_service_contexts_file_28_0)
+(type hwservice_contexts_file)
+(typeattribute hwservice_contexts_file_28_0)
+(roletype object_r hwservice_contexts_file_28_0)
+(type vndservice_contexts_file)
+(typeattribute vndservice_contexts_file_28_0)
+(roletype object_r vndservice_contexts_file_28_0)
+(type audiohal_data_file)
+(typeattribute audiohal_data_file_28_0)
+(roletype object_r audiohal_data_file_28_0)
+(type fingerprintd)
+(typeattribute fingerprintd_28_0)
+(roletype object_r fingerprintd_28_0)
+(type fingerprintd_exec)
+(typeattribute fingerprintd_exec_28_0)
+(roletype object_r fingerprintd_exec_28_0)
+(type fsck)
+(typeattribute fsck_28_0)
+(roletype object_r fsck_28_0)
+(type fsck_exec)
+(typeattribute fsck_exec_28_0)
+(roletype object_r fsck_exec_28_0)
+(type fsck_untrusted)
+(typeattribute fsck_untrusted_28_0)
+(roletype object_r fsck_untrusted_28_0)
+(type gatekeeperd)
+(typeattribute gatekeeperd_28_0)
+(roletype object_r gatekeeperd_28_0)
+(type gatekeeperd_exec)
+(typeattribute gatekeeperd_exec_28_0)
+(roletype object_r gatekeeperd_exec_28_0)
+(type healthd)
+(typeattribute healthd_28_0)
+(roletype object_r healthd_28_0)
+(type healthd_exec)
+(typeattribute healthd_exec_28_0)
+(roletype object_r healthd_exec_28_0)
+(type default_android_hwservice)
+(typeattribute default_android_hwservice_28_0)
+(roletype object_r default_android_hwservice_28_0)
+(type fwk_display_hwservice)
+(typeattribute fwk_display_hwservice_28_0)
+(roletype object_r fwk_display_hwservice_28_0)
+(type fwk_scheduler_hwservice)
+(typeattribute fwk_scheduler_hwservice_28_0)
+(roletype object_r fwk_scheduler_hwservice_28_0)
+(type fwk_sensor_hwservice)
+(typeattribute fwk_sensor_hwservice_28_0)
+(roletype object_r fwk_sensor_hwservice_28_0)
+(type hal_audiocontrol_hwservice)
+(typeattribute hal_audiocontrol_hwservice_28_0)
+(roletype object_r hal_audiocontrol_hwservice_28_0)
+(type hal_audio_hwservice)
+(typeattribute hal_audio_hwservice_28_0)
+(roletype object_r hal_audio_hwservice_28_0)
+(type hal_authsecret_hwservice)
+(typeattribute hal_authsecret_hwservice_28_0)
+(roletype object_r hal_authsecret_hwservice_28_0)
+(type hal_bluetooth_hwservice)
+(typeattribute hal_bluetooth_hwservice_28_0)
+(roletype object_r hal_bluetooth_hwservice_28_0)
+(type hal_bootctl_hwservice)
+(typeattribute hal_bootctl_hwservice_28_0)
+(roletype object_r hal_bootctl_hwservice_28_0)
+(type hal_broadcastradio_hwservice)
+(typeattribute hal_broadcastradio_hwservice_28_0)
+(roletype object_r hal_broadcastradio_hwservice_28_0)
+(type hal_camera_hwservice)
+(typeattribute hal_camera_hwservice_28_0)
+(roletype object_r hal_camera_hwservice_28_0)
+(type hal_codec2_hwservice)
+(typeattribute hal_codec2_hwservice_28_0)
+(roletype object_r hal_codec2_hwservice_28_0)
+(type hal_configstore_ISurfaceFlingerConfigs)
+(typeattribute hal_configstore_ISurfaceFlingerConfigs_28_0)
+(roletype object_r hal_configstore_ISurfaceFlingerConfigs_28_0)
+(type hal_confirmationui_hwservice)
+(typeattribute hal_confirmationui_hwservice_28_0)
+(roletype object_r hal_confirmationui_hwservice_28_0)
+(type hal_contexthub_hwservice)
+(typeattribute hal_contexthub_hwservice_28_0)
+(roletype object_r hal_contexthub_hwservice_28_0)
+(type hal_drm_hwservice)
+(typeattribute hal_drm_hwservice_28_0)
+(roletype object_r hal_drm_hwservice_28_0)
+(type hal_cas_hwservice)
+(typeattribute hal_cas_hwservice_28_0)
+(roletype object_r hal_cas_hwservice_28_0)
+(type hal_dumpstate_hwservice)
+(typeattribute hal_dumpstate_hwservice_28_0)
+(roletype object_r hal_dumpstate_hwservice_28_0)
+(type hal_evs_hwservice)
+(typeattribute hal_evs_hwservice_28_0)
+(roletype object_r hal_evs_hwservice_28_0)
+(type hal_fingerprint_hwservice)
+(typeattribute hal_fingerprint_hwservice_28_0)
+(roletype object_r hal_fingerprint_hwservice_28_0)
+(type hal_gatekeeper_hwservice)
+(typeattribute hal_gatekeeper_hwservice_28_0)
+(roletype object_r hal_gatekeeper_hwservice_28_0)
+(type hal_gnss_hwservice)
+(typeattribute hal_gnss_hwservice_28_0)
+(roletype object_r hal_gnss_hwservice_28_0)
+(type hal_graphics_allocator_hwservice)
+(typeattribute hal_graphics_allocator_hwservice_28_0)
+(roletype object_r hal_graphics_allocator_hwservice_28_0)
+(type hal_graphics_composer_hwservice)
+(typeattribute hal_graphics_composer_hwservice_28_0)
+(roletype object_r hal_graphics_composer_hwservice_28_0)
+(type hal_graphics_mapper_hwservice)
+(typeattribute hal_graphics_mapper_hwservice_28_0)
+(roletype object_r hal_graphics_mapper_hwservice_28_0)
+(type hal_health_hwservice)
+(typeattribute hal_health_hwservice_28_0)
+(roletype object_r hal_health_hwservice_28_0)
+(type hal_ir_hwservice)
+(typeattribute hal_ir_hwservice_28_0)
+(roletype object_r hal_ir_hwservice_28_0)
+(type hal_keymaster_hwservice)
+(typeattribute hal_keymaster_hwservice_28_0)
+(roletype object_r hal_keymaster_hwservice_28_0)
+(type hal_light_hwservice)
+(typeattribute hal_light_hwservice_28_0)
+(roletype object_r hal_light_hwservice_28_0)
+(type hal_lowpan_hwservice)
+(typeattribute hal_lowpan_hwservice_28_0)
+(roletype object_r hal_lowpan_hwservice_28_0)
+(type hal_memtrack_hwservice)
+(typeattribute hal_memtrack_hwservice_28_0)
+(roletype object_r hal_memtrack_hwservice_28_0)
+(type hal_neuralnetworks_hwservice)
+(typeattribute hal_neuralnetworks_hwservice_28_0)
+(roletype object_r hal_neuralnetworks_hwservice_28_0)
+(type hal_nfc_hwservice)
+(typeattribute hal_nfc_hwservice_28_0)
+(roletype object_r hal_nfc_hwservice_28_0)
+(type hal_oemlock_hwservice)
+(typeattribute hal_oemlock_hwservice_28_0)
+(roletype object_r hal_oemlock_hwservice_28_0)
+(type hal_omx_hwservice)
+(typeattribute hal_omx_hwservice_28_0)
+(roletype object_r hal_omx_hwservice_28_0)
+(type hal_power_hwservice)
+(typeattribute hal_power_hwservice_28_0)
+(roletype object_r hal_power_hwservice_28_0)
+(type hal_renderscript_hwservice)
+(typeattribute hal_renderscript_hwservice_28_0)
+(roletype object_r hal_renderscript_hwservice_28_0)
+(type hal_secure_element_hwservice)
+(typeattribute hal_secure_element_hwservice_28_0)
+(roletype object_r hal_secure_element_hwservice_28_0)
+(type hal_sensors_hwservice)
+(typeattribute hal_sensors_hwservice_28_0)
+(roletype object_r hal_sensors_hwservice_28_0)
+(type hal_telephony_hwservice)
+(typeattribute hal_telephony_hwservice_28_0)
+(roletype object_r hal_telephony_hwservice_28_0)
+(type hal_tetheroffload_hwservice)
+(typeattribute hal_tetheroffload_hwservice_28_0)
+(roletype object_r hal_tetheroffload_hwservice_28_0)
+(type hal_thermal_hwservice)
+(typeattribute hal_thermal_hwservice_28_0)
+(roletype object_r hal_thermal_hwservice_28_0)
+(type hal_tv_cec_hwservice)
+(typeattribute hal_tv_cec_hwservice_28_0)
+(roletype object_r hal_tv_cec_hwservice_28_0)
+(type hal_tv_input_hwservice)
+(typeattribute hal_tv_input_hwservice_28_0)
+(roletype object_r hal_tv_input_hwservice_28_0)
+(type hal_usb_hwservice)
+(typeattribute hal_usb_hwservice_28_0)
+(roletype object_r hal_usb_hwservice_28_0)
+(type hal_usb_gadget_hwservice)
+(typeattribute hal_usb_gadget_hwservice_28_0)
+(roletype object_r hal_usb_gadget_hwservice_28_0)
+(type hal_vehicle_hwservice)
+(typeattribute hal_vehicle_hwservice_28_0)
+(roletype object_r hal_vehicle_hwservice_28_0)
+(type hal_vibrator_hwservice)
+(typeattribute hal_vibrator_hwservice_28_0)
+(roletype object_r hal_vibrator_hwservice_28_0)
+(type hal_vr_hwservice)
+(typeattribute hal_vr_hwservice_28_0)
+(roletype object_r hal_vr_hwservice_28_0)
+(type hal_weaver_hwservice)
+(typeattribute hal_weaver_hwservice_28_0)
+(roletype object_r hal_weaver_hwservice_28_0)
+(type hal_wifi_hwservice)
+(typeattribute hal_wifi_hwservice_28_0)
+(roletype object_r hal_wifi_hwservice_28_0)
+(type hal_wifi_hostapd_hwservice)
+(typeattribute hal_wifi_hostapd_hwservice_28_0)
+(roletype object_r hal_wifi_hostapd_hwservice_28_0)
+(type hal_wifi_offload_hwservice)
+(typeattribute hal_wifi_offload_hwservice_28_0)
+(roletype object_r hal_wifi_offload_hwservice_28_0)
+(type hal_wifi_supplicant_hwservice)
+(typeattribute hal_wifi_supplicant_hwservice_28_0)
+(roletype object_r hal_wifi_supplicant_hwservice_28_0)
+(type hidl_allocator_hwservice)
+(typeattribute hidl_allocator_hwservice_28_0)
+(roletype object_r hidl_allocator_hwservice_28_0)
+(type hidl_base_hwservice)
+(typeattribute hidl_base_hwservice_28_0)
+(roletype object_r hidl_base_hwservice_28_0)
+(type hidl_manager_hwservice)
+(typeattribute hidl_manager_hwservice_28_0)
+(roletype object_r hidl_manager_hwservice_28_0)
+(type hidl_memory_hwservice)
+(typeattribute hidl_memory_hwservice_28_0)
+(roletype object_r hidl_memory_hwservice_28_0)
+(type hidl_token_hwservice)
+(typeattribute hidl_token_hwservice_28_0)
+(roletype object_r hidl_token_hwservice_28_0)
+(type system_net_netd_hwservice)
+(typeattribute system_net_netd_hwservice_28_0)
+(roletype object_r system_net_netd_hwservice_28_0)
+(type system_wifi_keystore_hwservice)
+(typeattribute system_wifi_keystore_hwservice_28_0)
+(roletype object_r system_wifi_keystore_hwservice_28_0)
+(type thermalcallback_hwservice)
+(typeattribute thermalcallback_hwservice_28_0)
+(roletype object_r thermalcallback_hwservice_28_0)
+(type hwservicemanager)
+(typeattribute hwservicemanager_28_0)
+(roletype object_r hwservicemanager_28_0)
+(type hwservicemanager_exec)
+(typeattribute hwservicemanager_exec_28_0)
+(roletype object_r hwservicemanager_exec_28_0)
+(type idmap)
+(typeattribute idmap_28_0)
+(roletype object_r idmap_28_0)
+(type idmap_exec)
+(typeattribute idmap_exec_28_0)
+(roletype object_r idmap_exec_28_0)
+(type incident)
+(typeattribute incident_28_0)
+(roletype object_r incident_28_0)
+(type incident_helper)
+(typeattribute incident_helper_28_0)
+(roletype object_r incident_helper_28_0)
+(type incidentd)
+(typeattribute incidentd_28_0)
+(roletype object_r incidentd_28_0)
+(type init)
+(typeattribute init_28_0)
+(roletype object_r init_28_0)
+(type init_exec)
+(typeattribute init_exec_28_0)
+(roletype object_r init_exec_28_0)
+(type inputflinger)
+(typeattribute inputflinger_28_0)
+(roletype object_r inputflinger_28_0)
+(type inputflinger_exec)
+(typeattribute inputflinger_exec_28_0)
+(roletype object_r inputflinger_exec_28_0)
+(type install_recovery)
+(typeattribute install_recovery_28_0)
+(roletype object_r install_recovery_28_0)
+(type install_recovery_exec)
+(typeattribute install_recovery_exec_28_0)
+(roletype object_r install_recovery_exec_28_0)
+(type installd)
+(typeattribute installd_28_0)
+(roletype object_r installd_28_0)
+(type installd_exec)
+(typeattribute installd_exec_28_0)
+(roletype object_r installd_exec_28_0)
+(type isolated_app)
+(typeattribute isolated_app_28_0)
+(roletype object_r isolated_app_28_0)
+(type kernel)
+(typeattribute kernel_28_0)
+(roletype object_r kernel_28_0)
+(type keystore)
+(typeattribute keystore_28_0)
+(roletype object_r keystore_28_0)
+(type keystore_exec)
+(typeattribute keystore_exec_28_0)
+(roletype object_r keystore_exec_28_0)
+(type lmkd)
+(typeattribute lmkd_28_0)
+(roletype object_r lmkd_28_0)
+(type lmkd_exec)
+(typeattribute lmkd_exec_28_0)
+(roletype object_r lmkd_exec_28_0)
+(type logd)
+(typeattribute logd_28_0)
+(roletype object_r logd_28_0)
+(type logd_exec)
+(typeattribute logd_exec_28_0)
+(roletype object_r logd_exec_28_0)
+(type logpersist)
+(typeattribute logpersist_28_0)
+(roletype object_r logpersist_28_0)
+(type mdnsd)
+(typeattribute mdnsd_28_0)
+(roletype object_r mdnsd_28_0)
+(type mediacodec)
+(typeattribute mediacodec_28_0)
+(roletype object_r mediacodec_28_0)
+(type mediacodec_exec)
+(typeattribute mediacodec_exec_28_0)
+(roletype object_r mediacodec_exec_28_0)
+(type mediadrmserver)
+(typeattribute mediadrmserver_28_0)
+(roletype object_r mediadrmserver_28_0)
+(type mediadrmserver_exec)
+(typeattribute mediadrmserver_exec_28_0)
+(roletype object_r mediadrmserver_exec_28_0)
+(type mediaextractor)
+(typeattribute mediaextractor_28_0)
+(roletype object_r mediaextractor_28_0)
+(type mediaextractor_exec)
+(typeattribute mediaextractor_exec_28_0)
+(roletype object_r mediaextractor_exec_28_0)
+(type mediametrics)
+(typeattribute mediametrics_28_0)
+(roletype object_r mediametrics_28_0)
+(type mediametrics_exec)
+(typeattribute mediametrics_exec_28_0)
+(roletype object_r mediametrics_exec_28_0)
+(type mediaprovider)
+(typeattribute mediaprovider_28_0)
+(roletype object_r mediaprovider_28_0)
+(type mediaserver)
+(typeattribute mediaserver_28_0)
+(roletype object_r mediaserver_28_0)
+(type mediaserver_exec)
+(typeattribute mediaserver_exec_28_0)
+(roletype object_r mediaserver_exec_28_0)
+(type modprobe)
+(typeattribute modprobe_28_0)
+(roletype object_r modprobe_28_0)
+(type mtp)
+(typeattribute mtp_28_0)
+(roletype object_r mtp_28_0)
+(type mtp_exec)
+(typeattribute mtp_exec_28_0)
+(roletype object_r mtp_exec_28_0)
+(type node)
+(typeattribute node_28_0)
+(roletype object_r node_28_0)
+(type netif)
+(typeattribute netif_28_0)
+(roletype object_r netif_28_0)
+(type port)
+(typeattribute port_28_0)
+(roletype object_r port_28_0)
+(type netd)
+(typeattribute netd_28_0)
+(roletype object_r netd_28_0)
+(type netd_exec)
+(typeattribute netd_exec_28_0)
+(roletype object_r netd_exec_28_0)
+(type netutils_wrapper)
+(typeattribute netutils_wrapper_28_0)
+(roletype object_r netutils_wrapper_28_0)
+(type netutils_wrapper_exec)
+(typeattribute netutils_wrapper_exec_28_0)
+(roletype object_r netutils_wrapper_exec_28_0)
+(type nfc)
+(typeattribute nfc_28_0)
+(roletype object_r nfc_28_0)
+(type otapreopt_chroot)
+(typeattribute otapreopt_chroot_28_0)
+(roletype object_r otapreopt_chroot_28_0)
+(type otapreopt_chroot_exec)
+(typeattribute otapreopt_chroot_exec_28_0)
+(roletype object_r otapreopt_chroot_exec_28_0)
+(type otapreopt_slot)
+(typeattribute otapreopt_slot_28_0)
+(roletype object_r otapreopt_slot_28_0)
+(type otapreopt_slot_exec)
+(typeattribute otapreopt_slot_exec_28_0)
+(roletype object_r otapreopt_slot_exec_28_0)
+(type performanced)
+(typeattribute performanced_28_0)
+(roletype object_r performanced_28_0)
+(type performanced_exec)
+(typeattribute performanced_exec_28_0)
+(roletype object_r performanced_exec_28_0)
+(type perfprofd)
+(typeattribute perfprofd_28_0)
+(roletype object_r perfprofd_28_0)
+(type perfprofd_exec)
+(typeattribute perfprofd_exec_28_0)
+(roletype object_r perfprofd_exec_28_0)
+(type platform_app)
+(typeattribute platform_app_28_0)
+(roletype object_r platform_app_28_0)
+(type postinstall)
+(typeattribute postinstall_28_0)
+(roletype object_r postinstall_28_0)
+(type postinstall_dexopt)
+(typeattribute postinstall_dexopt_28_0)
+(roletype object_r postinstall_dexopt_28_0)
+(type ppp)
+(typeattribute ppp_28_0)
+(roletype object_r ppp_28_0)
+(type ppp_device)
+(typeattribute ppp_device_28_0)
+(roletype object_r ppp_device_28_0)
+(type ppp_exec)
+(typeattribute ppp_exec_28_0)
+(roletype object_r ppp_exec_28_0)
+(type preopt2cachename)
+(typeattribute preopt2cachename_28_0)
+(roletype object_r preopt2cachename_28_0)
+(type preopt2cachename_exec)
+(typeattribute preopt2cachename_exec_28_0)
+(roletype object_r preopt2cachename_exec_28_0)
+(type priv_app)
+(typeattribute priv_app_28_0)
+(roletype object_r priv_app_28_0)
+(type profman)
+(typeattribute profman_28_0)
+(roletype object_r profman_28_0)
+(type profman_exec)
+(typeattribute profman_exec_28_0)
+(roletype object_r profman_exec_28_0)
+(type audio_prop)
+(typeattribute audio_prop_28_0)
+(roletype object_r audio_prop_28_0)
+(type boottime_prop)
+(typeattribute boottime_prop_28_0)
+(roletype object_r boottime_prop_28_0)
+(type bluetooth_a2dp_offload_prop)
+(typeattribute bluetooth_a2dp_offload_prop_28_0)
+(roletype object_r bluetooth_a2dp_offload_prop_28_0)
+(type bluetooth_prop)
+(typeattribute bluetooth_prop_28_0)
+(roletype object_r bluetooth_prop_28_0)
+(type bootloader_boot_reason_prop)
+(typeattribute bootloader_boot_reason_prop_28_0)
+(roletype object_r bootloader_boot_reason_prop_28_0)
+(type config_prop)
+(typeattribute config_prop_28_0)
+(roletype object_r config_prop_28_0)
+(type cppreopt_prop)
+(typeattribute cppreopt_prop_28_0)
+(roletype object_r cppreopt_prop_28_0)
+(type ctl_bootanim_prop)
+(typeattribute ctl_bootanim_prop_28_0)
+(roletype object_r ctl_bootanim_prop_28_0)
+(type ctl_bugreport_prop)
+(typeattribute ctl_bugreport_prop_28_0)
+(roletype object_r ctl_bugreport_prop_28_0)
+(type ctl_console_prop)
+(typeattribute ctl_console_prop_28_0)
+(roletype object_r ctl_console_prop_28_0)
+(type ctl_default_prop)
+(typeattribute ctl_default_prop_28_0)
+(roletype object_r ctl_default_prop_28_0)
+(type ctl_dumpstate_prop)
+(typeattribute ctl_dumpstate_prop_28_0)
+(roletype object_r ctl_dumpstate_prop_28_0)
+(type ctl_fuse_prop)
+(typeattribute ctl_fuse_prop_28_0)
+(roletype object_r ctl_fuse_prop_28_0)
+(type ctl_interface_restart_prop)
+(typeattribute ctl_interface_restart_prop_28_0)
+(roletype object_r ctl_interface_restart_prop_28_0)
+(type ctl_interface_start_prop)
+(typeattribute ctl_interface_start_prop_28_0)
+(roletype object_r ctl_interface_start_prop_28_0)
+(type ctl_interface_stop_prop)
+(typeattribute ctl_interface_stop_prop_28_0)
+(roletype object_r ctl_interface_stop_prop_28_0)
+(type ctl_mdnsd_prop)
+(typeattribute ctl_mdnsd_prop_28_0)
+(roletype object_r ctl_mdnsd_prop_28_0)
+(type ctl_restart_prop)
+(typeattribute ctl_restart_prop_28_0)
+(roletype object_r ctl_restart_prop_28_0)
+(type ctl_rildaemon_prop)
+(typeattribute ctl_rildaemon_prop_28_0)
+(roletype object_r ctl_rildaemon_prop_28_0)
+(type ctl_sigstop_prop)
+(typeattribute ctl_sigstop_prop_28_0)
+(roletype object_r ctl_sigstop_prop_28_0)
+(type ctl_start_prop)
+(typeattribute ctl_start_prop_28_0)
+(roletype object_r ctl_start_prop_28_0)
+(type ctl_stop_prop)
+(typeattribute ctl_stop_prop_28_0)
+(roletype object_r ctl_stop_prop_28_0)
+(type dalvik_prop)
+(typeattribute dalvik_prop_28_0)
+(roletype object_r dalvik_prop_28_0)
+(type debuggerd_prop)
+(typeattribute debuggerd_prop_28_0)
+(roletype object_r debuggerd_prop_28_0)
+(type debug_prop)
+(typeattribute debug_prop_28_0)
+(roletype object_r debug_prop_28_0)
+(type default_prop)
+(typeattribute default_prop_28_0)
+(roletype object_r default_prop_28_0)
+(type device_logging_prop)
+(typeattribute device_logging_prop_28_0)
+(roletype object_r device_logging_prop_28_0)
+(type dhcp_prop)
+(typeattribute dhcp_prop_28_0)
+(roletype object_r dhcp_prop_28_0)
+(type dumpstate_options_prop)
+(typeattribute dumpstate_options_prop_28_0)
+(roletype object_r dumpstate_options_prop_28_0)
+(type dumpstate_prop)
+(typeattribute dumpstate_prop_28_0)
+(roletype object_r dumpstate_prop_28_0)
+(type exported_secure_prop)
+(typeattribute exported_secure_prop_28_0)
+(roletype object_r exported_secure_prop_28_0)
+(type ffs_prop)
+(typeattribute ffs_prop_28_0)
+(roletype object_r ffs_prop_28_0)
+(type fingerprint_prop)
+(typeattribute fingerprint_prop_28_0)
+(roletype object_r fingerprint_prop_28_0)
+(type firstboot_prop)
+(typeattribute firstboot_prop_28_0)
+(roletype object_r firstboot_prop_28_0)
+(type hwservicemanager_prop)
+(typeattribute hwservicemanager_prop_28_0)
+(roletype object_r hwservicemanager_prop_28_0)
+(type last_boot_reason_prop)
+(typeattribute last_boot_reason_prop_28_0)
+(roletype object_r last_boot_reason_prop_28_0)
+(type logd_prop)
+(typeattribute logd_prop_28_0)
+(roletype object_r logd_prop_28_0)
+(type logpersistd_logging_prop)
+(typeattribute logpersistd_logging_prop_28_0)
+(roletype object_r logpersistd_logging_prop_28_0)
+(type log_prop)
+(typeattribute log_prop_28_0)
+(roletype object_r log_prop_28_0)
+(type log_tag_prop)
+(typeattribute log_tag_prop_28_0)
+(roletype object_r log_tag_prop_28_0)
+(type lowpan_prop)
+(typeattribute lowpan_prop_28_0)
+(roletype object_r lowpan_prop_28_0)
+(type mmc_prop)
+(typeattribute mmc_prop_28_0)
+(roletype object_r mmc_prop_28_0)
+(type net_dns_prop)
+(typeattribute net_dns_prop_28_0)
+(roletype object_r net_dns_prop_28_0)
+(type net_radio_prop)
+(typeattribute net_radio_prop_28_0)
+(roletype object_r net_radio_prop_28_0)
+(type netd_stable_secret_prop)
+(typeattribute netd_stable_secret_prop_28_0)
+(roletype object_r netd_stable_secret_prop_28_0)
+(type nfc_prop)
+(typeattribute nfc_prop_28_0)
+(roletype object_r nfc_prop_28_0)
+(type overlay_prop)
+(typeattribute overlay_prop_28_0)
+(roletype object_r overlay_prop_28_0)
+(type pan_result_prop)
+(typeattribute pan_result_prop_28_0)
+(roletype object_r pan_result_prop_28_0)
+(type persist_debug_prop)
+(typeattribute persist_debug_prop_28_0)
+(roletype object_r persist_debug_prop_28_0)
+(type persistent_properties_ready_prop)
+(typeattribute persistent_properties_ready_prop_28_0)
+(roletype object_r persistent_properties_ready_prop_28_0)
+(type pm_prop)
+(typeattribute pm_prop_28_0)
+(roletype object_r pm_prop_28_0)
+(type powerctl_prop)
+(typeattribute powerctl_prop_28_0)
+(roletype object_r powerctl_prop_28_0)
+(type radio_prop)
+(typeattribute radio_prop_28_0)
+(roletype object_r radio_prop_28_0)
+(type restorecon_prop)
+(typeattribute restorecon_prop_28_0)
+(roletype object_r restorecon_prop_28_0)
+(type safemode_prop)
+(typeattribute safemode_prop_28_0)
+(roletype object_r safemode_prop_28_0)
+(type serialno_prop)
+(typeattribute serialno_prop_28_0)
+(roletype object_r serialno_prop_28_0)
+(type shell_prop)
+(typeattribute shell_prop_28_0)
+(roletype object_r shell_prop_28_0)
+(type system_boot_reason_prop)
+(typeattribute system_boot_reason_prop_28_0)
+(roletype object_r system_boot_reason_prop_28_0)
+(type system_prop)
+(typeattribute system_prop_28_0)
+(roletype object_r system_prop_28_0)
+(type system_radio_prop)
+(typeattribute system_radio_prop_28_0)
+(roletype object_r system_radio_prop_28_0)
+(type test_boot_reason_prop)
+(typeattribute test_boot_reason_prop_28_0)
+(roletype object_r test_boot_reason_prop_28_0)
+(type traced_enabled_prop)
+(typeattribute traced_enabled_prop_28_0)
+(roletype object_r traced_enabled_prop_28_0)
+(type vold_prop)
+(typeattribute vold_prop_28_0)
+(roletype object_r vold_prop_28_0)
+(type wifi_log_prop)
+(typeattribute wifi_log_prop_28_0)
+(roletype object_r wifi_log_prop_28_0)
+(type wifi_prop)
+(typeattribute wifi_prop_28_0)
+(roletype object_r wifi_prop_28_0)
+(type vendor_security_patch_level_prop)
+(typeattribute vendor_security_patch_level_prop_28_0)
+(roletype object_r vendor_security_patch_level_prop_28_0)
+(type exported_audio_prop)
+(typeattribute exported_audio_prop_28_0)
+(roletype object_r exported_audio_prop_28_0)
+(type exported_bluetooth_prop)
+(typeattribute exported_bluetooth_prop_28_0)
+(roletype object_r exported_bluetooth_prop_28_0)
+(type exported_config_prop)
+(typeattribute exported_config_prop_28_0)
+(roletype object_r exported_config_prop_28_0)
+(type exported_dalvik_prop)
+(typeattribute exported_dalvik_prop_28_0)
+(roletype object_r exported_dalvik_prop_28_0)
+(type exported_default_prop)
+(typeattribute exported_default_prop_28_0)
+(roletype object_r exported_default_prop_28_0)
+(type exported_dumpstate_prop)
+(typeattribute exported_dumpstate_prop_28_0)
+(roletype object_r exported_dumpstate_prop_28_0)
+(type exported_ffs_prop)
+(typeattribute exported_ffs_prop_28_0)
+(roletype object_r exported_ffs_prop_28_0)
+(type exported_fingerprint_prop)
+(typeattribute exported_fingerprint_prop_28_0)
+(roletype object_r exported_fingerprint_prop_28_0)
+(type exported_overlay_prop)
+(typeattribute exported_overlay_prop_28_0)
+(roletype object_r exported_overlay_prop_28_0)
+(type exported_pm_prop)
+(typeattribute exported_pm_prop_28_0)
+(roletype object_r exported_pm_prop_28_0)
+(type exported_radio_prop)
+(typeattribute exported_radio_prop_28_0)
+(roletype object_r exported_radio_prop_28_0)
+(type exported_system_prop)
+(typeattribute exported_system_prop_28_0)
+(roletype object_r exported_system_prop_28_0)
+(type exported_system_radio_prop)
+(typeattribute exported_system_radio_prop_28_0)
+(roletype object_r exported_system_radio_prop_28_0)
+(type exported_vold_prop)
+(typeattribute exported_vold_prop_28_0)
+(roletype object_r exported_vold_prop_28_0)
+(type exported_wifi_prop)
+(typeattribute exported_wifi_prop_28_0)
+(roletype object_r exported_wifi_prop_28_0)
+(type exported2_config_prop)
+(typeattribute exported2_config_prop_28_0)
+(roletype object_r exported2_config_prop_28_0)
+(type exported2_default_prop)
+(typeattribute exported2_default_prop_28_0)
+(roletype object_r exported2_default_prop_28_0)
+(type exported2_radio_prop)
+(typeattribute exported2_radio_prop_28_0)
+(roletype object_r exported2_radio_prop_28_0)
+(type exported2_system_prop)
+(typeattribute exported2_system_prop_28_0)
+(roletype object_r exported2_system_prop_28_0)
+(type exported2_vold_prop)
+(typeattribute exported2_vold_prop_28_0)
+(roletype object_r exported2_vold_prop_28_0)
+(type exported3_default_prop)
+(typeattribute exported3_default_prop_28_0)
+(roletype object_r exported3_default_prop_28_0)
+(type exported3_radio_prop)
+(typeattribute exported3_radio_prop_28_0)
+(roletype object_r exported3_radio_prop_28_0)
+(type exported3_system_prop)
+(typeattribute exported3_system_prop_28_0)
+(roletype object_r exported3_system_prop_28_0)
+(type vendor_default_prop)
+(typeattribute vendor_default_prop_28_0)
+(roletype object_r vendor_default_prop_28_0)
+(type racoon)
+(typeattribute racoon_28_0)
+(roletype object_r racoon_28_0)
+(type racoon_exec)
+(typeattribute racoon_exec_28_0)
+(roletype object_r racoon_exec_28_0)
+(type radio)
+(typeattribute radio_28_0)
+(roletype object_r radio_28_0)
+(type recovery)
+(typeattribute recovery_28_0)
+(roletype object_r recovery_28_0)
+(type recovery_persist)
+(typeattribute recovery_persist_28_0)
+(roletype object_r recovery_persist_28_0)
+(type recovery_persist_exec)
+(typeattribute recovery_persist_exec_28_0)
+(roletype object_r recovery_persist_exec_28_0)
+(type recovery_refresh)
+(typeattribute recovery_refresh_28_0)
+(roletype object_r recovery_refresh_28_0)
+(type recovery_refresh_exec)
+(typeattribute recovery_refresh_exec_28_0)
+(roletype object_r recovery_refresh_exec_28_0)
+(type runas)
+(typeattribute runas_28_0)
+(roletype object_r runas_28_0)
+(type runas_exec)
+(typeattribute runas_exec_28_0)
+(roletype object_r runas_exec_28_0)
+(type sdcardd)
+(typeattribute sdcardd_28_0)
+(roletype object_r sdcardd_28_0)
+(type sdcardd_exec)
+(typeattribute sdcardd_exec_28_0)
+(roletype object_r sdcardd_exec_28_0)
+(type secure_element)
+(typeattribute secure_element_28_0)
+(roletype object_r secure_element_28_0)
+(type audioserver_service)
+(typeattribute audioserver_service_28_0)
+(roletype object_r audioserver_service_28_0)
+(type batteryproperties_service)
+(typeattribute batteryproperties_service_28_0)
+(roletype object_r batteryproperties_service_28_0)
+(type bluetooth_service)
+(typeattribute bluetooth_service_28_0)
+(roletype object_r bluetooth_service_28_0)
+(type cameraserver_service)
+(typeattribute cameraserver_service_28_0)
+(roletype object_r cameraserver_service_28_0)
+(type default_android_service)
+(typeattribute default_android_service_28_0)
+(roletype object_r default_android_service_28_0)
+(type drmserver_service)
+(typeattribute drmserver_service_28_0)
+(roletype object_r drmserver_service_28_0)
+(type dumpstate_service)
+(typeattribute dumpstate_service_28_0)
+(roletype object_r dumpstate_service_28_0)
+(type fingerprintd_service)
+(typeattribute fingerprintd_service_28_0)
+(roletype object_r fingerprintd_service_28_0)
+(type hal_fingerprint_service)
+(typeattribute hal_fingerprint_service_28_0)
+(roletype object_r hal_fingerprint_service_28_0)
+(type gatekeeper_service)
+(typeattribute gatekeeper_service_28_0)
+(roletype object_r gatekeeper_service_28_0)
+(type gpu_service)
+(typeattribute gpu_service_28_0)
+(roletype object_r gpu_service_28_0)
+(type inputflinger_service)
+(typeattribute inputflinger_service_28_0)
+(roletype object_r inputflinger_service_28_0)
+(type incident_service)
+(typeattribute incident_service_28_0)
+(roletype object_r incident_service_28_0)
+(type installd_service)
+(typeattribute installd_service_28_0)
+(roletype object_r installd_service_28_0)
+(type keystore_service)
+(typeattribute keystore_service_28_0)
+(roletype object_r keystore_service_28_0)
+(type mediaserver_service)
+(typeattribute mediaserver_service_28_0)
+(roletype object_r mediaserver_service_28_0)
+(type mediametrics_service)
+(typeattribute mediametrics_service_28_0)
+(roletype object_r mediametrics_service_28_0)
+(type mediaextractor_service)
+(typeattribute mediaextractor_service_28_0)
+(roletype object_r mediaextractor_service_28_0)
+(type mediaextractor_update_service)
+(typeattribute mediaextractor_update_service_28_0)
+(roletype object_r mediaextractor_update_service_28_0)
+(type mediacodec_service)
+(typeattribute mediacodec_service_28_0)
+(roletype object_r mediacodec_service_28_0)
+(type mediadrmserver_service)
+(typeattribute mediadrmserver_service_28_0)
+(roletype object_r mediadrmserver_service_28_0)
+(type netd_service)
+(typeattribute netd_service_28_0)
+(roletype object_r netd_service_28_0)
+(type nfc_service)
+(typeattribute nfc_service_28_0)
+(roletype object_r nfc_service_28_0)
+(type perfprofd_service)
+(typeattribute perfprofd_service_28_0)
+(roletype object_r perfprofd_service_28_0)
+(type radio_service)
+(typeattribute radio_service_28_0)
+(roletype object_r radio_service_28_0)
+(type secure_element_service)
+(typeattribute secure_element_service_28_0)
+(roletype object_r secure_element_service_28_0)
+(type storaged_service)
+(typeattribute storaged_service_28_0)
+(roletype object_r storaged_service_28_0)
+(type surfaceflinger_service)
+(typeattribute surfaceflinger_service_28_0)
+(roletype object_r surfaceflinger_service_28_0)
+(type system_app_service)
+(typeattribute system_app_service_28_0)
+(roletype object_r system_app_service_28_0)
+(type thermal_service)
+(typeattribute thermal_service_28_0)
+(roletype object_r thermal_service_28_0)
+(type update_engine_service)
+(typeattribute update_engine_service_28_0)
+(roletype object_r update_engine_service_28_0)
+(type virtual_touchpad_service)
+(typeattribute virtual_touchpad_service_28_0)
+(roletype object_r virtual_touchpad_service_28_0)
+(type vold_service)
+(typeattribute vold_service_28_0)
+(roletype object_r vold_service_28_0)
+(type vr_hwc_service)
+(typeattribute vr_hwc_service_28_0)
+(roletype object_r vr_hwc_service_28_0)
+(type accessibility_service)
+(typeattribute accessibility_service_28_0)
+(roletype object_r accessibility_service_28_0)
+(type account_service)
+(typeattribute account_service_28_0)
+(roletype object_r account_service_28_0)
+(type activity_service)
+(typeattribute activity_service_28_0)
+(roletype object_r activity_service_28_0)
+(type alarm_service)
+(typeattribute alarm_service_28_0)
+(roletype object_r alarm_service_28_0)
+(type appops_service)
+(typeattribute appops_service_28_0)
+(roletype object_r appops_service_28_0)
+(type appwidget_service)
+(typeattribute appwidget_service_28_0)
+(roletype object_r appwidget_service_28_0)
+(type assetatlas_service)
+(typeattribute assetatlas_service_28_0)
+(roletype object_r assetatlas_service_28_0)
+(type audio_service)
+(typeattribute audio_service_28_0)
+(roletype object_r audio_service_28_0)
+(type autofill_service)
+(typeattribute autofill_service_28_0)
+(roletype object_r autofill_service_28_0)
+(type backup_service)
+(typeattribute backup_service_28_0)
+(roletype object_r backup_service_28_0)
+(type batterystats_service)
+(typeattribute batterystats_service_28_0)
+(roletype object_r batterystats_service_28_0)
+(type battery_service)
+(typeattribute battery_service_28_0)
+(roletype object_r battery_service_28_0)
+(type binder_calls_stats_service)
+(typeattribute binder_calls_stats_service_28_0)
+(roletype object_r binder_calls_stats_service_28_0)
+(type bluetooth_manager_service)
+(typeattribute bluetooth_manager_service_28_0)
+(roletype object_r bluetooth_manager_service_28_0)
+(type broadcastradio_service)
+(typeattribute broadcastradio_service_28_0)
+(roletype object_r broadcastradio_service_28_0)
+(type cameraproxy_service)
+(typeattribute cameraproxy_service_28_0)
+(roletype object_r cameraproxy_service_28_0)
+(type clipboard_service)
+(typeattribute clipboard_service_28_0)
+(roletype object_r clipboard_service_28_0)
+(type contexthub_service)
+(typeattribute contexthub_service_28_0)
+(roletype object_r contexthub_service_28_0)
+(type crossprofileapps_service)
+(typeattribute crossprofileapps_service_28_0)
+(roletype object_r crossprofileapps_service_28_0)
+(type IProxyService_service)
+(typeattribute IProxyService_service_28_0)
+(roletype object_r IProxyService_service_28_0)
+(type commontime_management_service)
+(typeattribute commontime_management_service_28_0)
+(roletype object_r commontime_management_service_28_0)
+(type companion_device_service)
+(typeattribute companion_device_service_28_0)
+(roletype object_r companion_device_service_28_0)
+(type connectivity_service)
+(typeattribute connectivity_service_28_0)
+(roletype object_r connectivity_service_28_0)
+(type connmetrics_service)
+(typeattribute connmetrics_service_28_0)
+(roletype object_r connmetrics_service_28_0)
+(type consumer_ir_service)
+(typeattribute consumer_ir_service_28_0)
+(roletype object_r consumer_ir_service_28_0)
+(type content_service)
+(typeattribute content_service_28_0)
+(roletype object_r content_service_28_0)
+(type country_detector_service)
+(typeattribute country_detector_service_28_0)
+(roletype object_r country_detector_service_28_0)
+(type coverage_service)
+(typeattribute coverage_service_28_0)
+(roletype object_r coverage_service_28_0)
+(type cpuinfo_service)
+(typeattribute cpuinfo_service_28_0)
+(roletype object_r cpuinfo_service_28_0)
+(type dbinfo_service)
+(typeattribute dbinfo_service_28_0)
+(roletype object_r dbinfo_service_28_0)
+(type device_policy_service)
+(typeattribute device_policy_service_28_0)
+(roletype object_r device_policy_service_28_0)
+(type deviceidle_service)
+(typeattribute deviceidle_service_28_0)
+(roletype object_r deviceidle_service_28_0)
+(type device_identifiers_service)
+(typeattribute device_identifiers_service_28_0)
+(roletype object_r device_identifiers_service_28_0)
+(type devicestoragemonitor_service)
+(typeattribute devicestoragemonitor_service_28_0)
+(roletype object_r devicestoragemonitor_service_28_0)
+(type diskstats_service)
+(typeattribute diskstats_service_28_0)
+(roletype object_r diskstats_service_28_0)
+(type display_service)
+(typeattribute display_service_28_0)
+(roletype object_r display_service_28_0)
+(type font_service)
+(typeattribute font_service_28_0)
+(roletype object_r font_service_28_0)
+(type netd_listener_service)
+(typeattribute netd_listener_service_28_0)
+(roletype object_r netd_listener_service_28_0)
+(type network_watchlist_service)
+(typeattribute network_watchlist_service_28_0)
+(roletype object_r network_watchlist_service_28_0)
+(type DockObserver_service)
+(typeattribute DockObserver_service_28_0)
+(roletype object_r DockObserver_service_28_0)
+(type dreams_service)
+(typeattribute dreams_service_28_0)
+(roletype object_r dreams_service_28_0)
+(type dropbox_service)
+(typeattribute dropbox_service_28_0)
+(roletype object_r dropbox_service_28_0)
+(type lowpan_service)
+(typeattribute lowpan_service_28_0)
+(roletype object_r lowpan_service_28_0)
+(type ethernet_service)
+(typeattribute ethernet_service_28_0)
+(roletype object_r ethernet_service_28_0)
+(type fingerprint_service)
+(typeattribute fingerprint_service_28_0)
+(roletype object_r fingerprint_service_28_0)
+(type gfxinfo_service)
+(typeattribute gfxinfo_service_28_0)
+(roletype object_r gfxinfo_service_28_0)
+(type graphicsstats_service)
+(typeattribute graphicsstats_service_28_0)
+(roletype object_r graphicsstats_service_28_0)
+(type hardware_service)
+(typeattribute hardware_service_28_0)
+(roletype object_r hardware_service_28_0)
+(type hardware_properties_service)
+(typeattribute hardware_properties_service_28_0)
+(roletype object_r hardware_properties_service_28_0)
+(type hdmi_control_service)
+(typeattribute hdmi_control_service_28_0)
+(roletype object_r hdmi_control_service_28_0)
+(type input_method_service)
+(typeattribute input_method_service_28_0)
+(roletype object_r input_method_service_28_0)
+(type input_service)
+(typeattribute input_service_28_0)
+(roletype object_r input_service_28_0)
+(type imms_service)
+(typeattribute imms_service_28_0)
+(roletype object_r imms_service_28_0)
+(type ipsec_service)
+(typeattribute ipsec_service_28_0)
+(roletype object_r ipsec_service_28_0)
+(type jobscheduler_service)
+(typeattribute jobscheduler_service_28_0)
+(roletype object_r jobscheduler_service_28_0)
+(type launcherapps_service)
+(typeattribute launcherapps_service_28_0)
+(roletype object_r launcherapps_service_28_0)
+(type location_service)
+(typeattribute location_service_28_0)
+(roletype object_r location_service_28_0)
+(type lock_settings_service)
+(typeattribute lock_settings_service_28_0)
+(roletype object_r lock_settings_service_28_0)
+(type media_projection_service)
+(typeattribute media_projection_service_28_0)
+(roletype object_r media_projection_service_28_0)
+(type media_router_service)
+(typeattribute media_router_service_28_0)
+(roletype object_r media_router_service_28_0)
+(type media_session_service)
+(typeattribute media_session_service_28_0)
+(roletype object_r media_session_service_28_0)
+(type meminfo_service)
+(typeattribute meminfo_service_28_0)
+(roletype object_r meminfo_service_28_0)
+(type midi_service)
+(typeattribute midi_service_28_0)
+(roletype object_r midi_service_28_0)
+(type mount_service)
+(typeattribute mount_service_28_0)
+(roletype object_r mount_service_28_0)
+(type netpolicy_service)
+(typeattribute netpolicy_service_28_0)
+(roletype object_r netpolicy_service_28_0)
+(type netstats_service)
+(typeattribute netstats_service_28_0)
+(roletype object_r netstats_service_28_0)
+(type network_management_service)
+(typeattribute network_management_service_28_0)
+(roletype object_r network_management_service_28_0)
+(type network_score_service)
+(typeattribute network_score_service_28_0)
+(roletype object_r network_score_service_28_0)
+(type network_time_update_service)
+(typeattribute network_time_update_service_28_0)
+(roletype object_r network_time_update_service_28_0)
+(type notification_service)
+(typeattribute notification_service_28_0)
+(roletype object_r notification_service_28_0)
+(type oem_lock_service)
+(typeattribute oem_lock_service_28_0)
+(roletype object_r oem_lock_service_28_0)
+(type otadexopt_service)
+(typeattribute otadexopt_service_28_0)
+(roletype object_r otadexopt_service_28_0)
+(type overlay_service)
+(typeattribute overlay_service_28_0)
+(roletype object_r overlay_service_28_0)
+(type package_service)
+(typeattribute package_service_28_0)
+(roletype object_r package_service_28_0)
+(type package_native_service)
+(typeattribute package_native_service_28_0)
+(roletype object_r package_native_service_28_0)
+(type permission_service)
+(typeattribute permission_service_28_0)
+(roletype object_r permission_service_28_0)
+(type persistent_data_block_service)
+(typeattribute persistent_data_block_service_28_0)
+(roletype object_r persistent_data_block_service_28_0)
+(type pinner_service)
+(typeattribute pinner_service_28_0)
+(roletype object_r pinner_service_28_0)
+(type power_service)
+(typeattribute power_service_28_0)
+(roletype object_r power_service_28_0)
+(type print_service)
+(typeattribute print_service_28_0)
+(roletype object_r print_service_28_0)
+(type processinfo_service)
+(typeattribute processinfo_service_28_0)
+(roletype object_r processinfo_service_28_0)
+(type procstats_service)
+(typeattribute procstats_service_28_0)
+(roletype object_r procstats_service_28_0)
+(type recovery_service)
+(typeattribute recovery_service_28_0)
+(roletype object_r recovery_service_28_0)
+(type registry_service)
+(typeattribute registry_service_28_0)
+(roletype object_r registry_service_28_0)
+(type restrictions_service)
+(typeattribute restrictions_service_28_0)
+(roletype object_r restrictions_service_28_0)
+(type rttmanager_service)
+(typeattribute rttmanager_service_28_0)
+(roletype object_r rttmanager_service_28_0)
+(type samplingprofiler_service)
+(typeattribute samplingprofiler_service_28_0)
+(roletype object_r samplingprofiler_service_28_0)
+(type scheduling_policy_service)
+(typeattribute scheduling_policy_service_28_0)
+(roletype object_r scheduling_policy_service_28_0)
+(type search_service)
+(typeattribute search_service_28_0)
+(roletype object_r search_service_28_0)
+(type sec_key_att_app_id_provider_service)
+(typeattribute sec_key_att_app_id_provider_service_28_0)
+(roletype object_r sec_key_att_app_id_provider_service_28_0)
+(type sensorservice_service)
+(typeattribute sensorservice_service_28_0)
+(roletype object_r sensorservice_service_28_0)
+(type serial_service)
+(typeattribute serial_service_28_0)
+(roletype object_r serial_service_28_0)
+(type servicediscovery_service)
+(typeattribute servicediscovery_service_28_0)
+(roletype object_r servicediscovery_service_28_0)
+(type settings_service)
+(typeattribute settings_service_28_0)
+(roletype object_r settings_service_28_0)
+(type shortcut_service)
+(typeattribute shortcut_service_28_0)
+(roletype object_r shortcut_service_28_0)
+(type slice_service)
+(typeattribute slice_service_28_0)
+(roletype object_r slice_service_28_0)
+(type statusbar_service)
+(typeattribute statusbar_service_28_0)
+(roletype object_r statusbar_service_28_0)
+(type storagestats_service)
+(typeattribute storagestats_service_28_0)
+(roletype object_r storagestats_service_28_0)
+(type system_update_service)
+(typeattribute system_update_service_28_0)
+(roletype object_r system_update_service_28_0)
+(type task_service)
+(typeattribute task_service_28_0)
+(roletype object_r task_service_28_0)
+(type textclassification_service)
+(typeattribute textclassification_service_28_0)
+(roletype object_r textclassification_service_28_0)
+(type textservices_service)
+(typeattribute textservices_service_28_0)
+(roletype object_r textservices_service_28_0)
+(type telecom_service)
+(typeattribute telecom_service_28_0)
+(roletype object_r telecom_service_28_0)
+(type timezone_service)
+(typeattribute timezone_service_28_0)
+(roletype object_r timezone_service_28_0)
+(type trust_service)
+(typeattribute trust_service_28_0)
+(roletype object_r trust_service_28_0)
+(type tv_input_service)
+(typeattribute tv_input_service_28_0)
+(roletype object_r tv_input_service_28_0)
+(type uimode_service)
+(typeattribute uimode_service_28_0)
+(roletype object_r uimode_service_28_0)
+(type updatelock_service)
+(typeattribute updatelock_service_28_0)
+(roletype object_r updatelock_service_28_0)
+(type usagestats_service)
+(typeattribute usagestats_service_28_0)
+(roletype object_r usagestats_service_28_0)
+(type usb_service)
+(typeattribute usb_service_28_0)
+(roletype object_r usb_service_28_0)
+(type user_service)
+(typeattribute user_service_28_0)
+(roletype object_r user_service_28_0)
+(type vibrator_service)
+(typeattribute vibrator_service_28_0)
+(roletype object_r vibrator_service_28_0)
+(type voiceinteraction_service)
+(typeattribute voiceinteraction_service_28_0)
+(roletype object_r voiceinteraction_service_28_0)
+(type vr_manager_service)
+(typeattribute vr_manager_service_28_0)
+(roletype object_r vr_manager_service_28_0)
+(type wallpaper_service)
+(typeattribute wallpaper_service_28_0)
+(roletype object_r wallpaper_service_28_0)
+(type webviewupdate_service)
+(typeattribute webviewupdate_service_28_0)
+(roletype object_r webviewupdate_service_28_0)
+(type wifip2p_service)
+(typeattribute wifip2p_service_28_0)
+(roletype object_r wifip2p_service_28_0)
+(type wifiscanner_service)
+(typeattribute wifiscanner_service_28_0)
+(roletype object_r wifiscanner_service_28_0)
+(type wifi_service)
+(typeattribute wifi_service_28_0)
+(roletype object_r wifi_service_28_0)
+(type wificond_service)
+(typeattribute wificond_service_28_0)
+(roletype object_r wificond_service_28_0)
+(type wifiaware_service)
+(typeattribute wifiaware_service_28_0)
+(roletype object_r wifiaware_service_28_0)
+(type window_service)
+(typeattribute window_service_28_0)
+(roletype object_r window_service_28_0)
+(type wpantund_service)
+(typeattribute wpantund_service_28_0)
+(roletype object_r wpantund_service_28_0)
+(type servicemanager)
+(typeattribute servicemanager_28_0)
+(roletype object_r servicemanager_28_0)
+(type servicemanager_exec)
+(typeattribute servicemanager_exec_28_0)
+(roletype object_r servicemanager_exec_28_0)
+(type sgdisk)
+(typeattribute sgdisk_28_0)
+(roletype object_r sgdisk_28_0)
+(type sgdisk_exec)
+(typeattribute sgdisk_exec_28_0)
+(roletype object_r sgdisk_exec_28_0)
+(type shared_relro)
+(typeattribute shared_relro_28_0)
+(roletype object_r shared_relro_28_0)
+(type shell)
+(typeattribute shell_28_0)
+(roletype object_r shell_28_0)
+(type shell_exec)
+(typeattribute shell_exec_28_0)
+(roletype object_r shell_exec_28_0)
+(type slideshow)
+(typeattribute slideshow_28_0)
+(roletype object_r slideshow_28_0)
+(type su)
+(typeattribute su_28_0)
+(roletype object_r su_28_0)
+(type su_exec)
+(typeattribute su_exec_28_0)
+(roletype object_r su_exec_28_0)
+(type surfaceflinger)
+(typeattribute surfaceflinger_28_0)
+(roletype object_r surfaceflinger_28_0)
+(type system_app)
+(typeattribute system_app_28_0)
+(roletype object_r system_app_28_0)
+(type system_server)
+(typeattribute system_server_28_0)
+(roletype object_r system_server_28_0)
+(type tee)
+(typeattribute tee_28_0)
+(roletype object_r tee_28_0)
+(type tee_device)
+(typeattribute tee_device_28_0)
+(roletype object_r tee_device_28_0)
+(type thermalserviced)
+(typeattribute thermalserviced_28_0)
+(roletype object_r thermalserviced_28_0)
+(type thermalserviced_exec)
+(typeattribute thermalserviced_exec_28_0)
+(roletype object_r thermalserviced_exec_28_0)
+(type tombstoned)
+(typeattribute tombstoned_28_0)
+(roletype object_r tombstoned_28_0)
+(type tombstoned_exec)
+(typeattribute tombstoned_exec_28_0)
+(roletype object_r tombstoned_exec_28_0)
+(type toolbox)
+(typeattribute toolbox_28_0)
+(roletype object_r toolbox_28_0)
+(type toolbox_exec)
+(typeattribute toolbox_exec_28_0)
+(roletype object_r toolbox_exec_28_0)
+(type traced_probes)
+(typeattribute traced_probes_28_0)
+(roletype object_r traced_probes_28_0)
+(type traceur_app)
+(typeattribute traceur_app_28_0)
+(roletype object_r traceur_app_28_0)
+(type tzdatacheck)
+(typeattribute tzdatacheck_28_0)
+(roletype object_r tzdatacheck_28_0)
+(type tzdatacheck_exec)
+(typeattribute tzdatacheck_exec_28_0)
+(roletype object_r tzdatacheck_exec_28_0)
+(type ueventd)
+(typeattribute ueventd_28_0)
+(roletype object_r ueventd_28_0)
+(type uncrypt)
+(typeattribute uncrypt_28_0)
+(roletype object_r uncrypt_28_0)
+(type uncrypt_exec)
+(typeattribute uncrypt_exec_28_0)
+(roletype object_r uncrypt_exec_28_0)
+(type untrusted_app)
+(typeattribute untrusted_app_28_0)
+(roletype object_r untrusted_app_28_0)
+(type untrusted_app_27)
+(typeattribute untrusted_app_27_28_0)
+(roletype object_r untrusted_app_27_28_0)
+(type untrusted_app_25)
+(typeattribute untrusted_app_25_28_0)
+(roletype object_r untrusted_app_25_28_0)
+(type untrusted_v2_app)
+(typeattribute untrusted_v2_app_28_0)
+(roletype object_r untrusted_v2_app_28_0)
+(type update_engine)
+(typeattribute update_engine_28_0)
+(roletype object_r update_engine_28_0)
+(type update_engine_exec)
+(typeattribute update_engine_exec_28_0)
+(roletype object_r update_engine_exec_28_0)
+(type update_verifier)
+(typeattribute update_verifier_28_0)
+(roletype object_r update_verifier_28_0)
+(type update_verifier_exec)
+(typeattribute update_verifier_exec_28_0)
+(roletype object_r update_verifier_exec_28_0)
+(type usbd)
+(typeattribute usbd_28_0)
+(roletype object_r usbd_28_0)
+(type usbd_exec)
+(typeattribute usbd_exec_28_0)
+(roletype object_r usbd_exec_28_0)
+(type vdc)
+(typeattribute vdc_28_0)
+(roletype object_r vdc_28_0)
+(type vdc_exec)
+(typeattribute vdc_exec_28_0)
+(roletype object_r vdc_exec_28_0)
+(type vendor_init)
+(typeattribute vendor_init_28_0)
+(roletype object_r vendor_init_28_0)
+(type vendor_shell)
+(typeattribute vendor_shell_28_0)
+(roletype object_r vendor_shell_28_0)
+(type vendor_shell_exec)
+(typeattribute vendor_shell_exec_28_0)
+(roletype object_r vendor_shell_exec_28_0)
+(type vendor_toolbox_exec)
+(typeattribute vendor_toolbox_exec_28_0)
+(roletype object_r vendor_toolbox_exec_28_0)
+(type virtual_touchpad)
+(typeattribute virtual_touchpad_28_0)
+(roletype object_r virtual_touchpad_28_0)
+(type virtual_touchpad_exec)
+(typeattribute virtual_touchpad_exec_28_0)
+(roletype object_r virtual_touchpad_exec_28_0)
+(type default_android_vndservice)
+(typeattribute default_android_vndservice_28_0)
+(roletype object_r default_android_vndservice_28_0)
+(type vndservicemanager)
+(typeattribute vndservicemanager_28_0)
+(roletype object_r vndservicemanager_28_0)
+(type vold)
+(typeattribute vold_28_0)
+(roletype object_r vold_28_0)
+(type vold_exec)
+(typeattribute vold_exec_28_0)
+(roletype object_r vold_exec_28_0)
+(type vold_prepare_subdirs)
+(typeattribute vold_prepare_subdirs_28_0)
+(roletype object_r vold_prepare_subdirs_28_0)
+(type vold_prepare_subdirs_exec)
+(typeattribute vold_prepare_subdirs_exec_28_0)
+(roletype object_r vold_prepare_subdirs_exec_28_0)
+(type vr_hwc)
+(typeattribute vr_hwc_28_0)
+(roletype object_r vr_hwc_28_0)
+(type vr_hwc_exec)
+(typeattribute vr_hwc_exec_28_0)
+(roletype object_r vr_hwc_exec_28_0)
+(type watchdogd)
+(typeattribute watchdogd_28_0)
+(roletype object_r watchdogd_28_0)
+(type webview_zygote)
+(typeattribute webview_zygote_28_0)
+(roletype object_r webview_zygote_28_0)
+(type webview_zygote_exec)
+(typeattribute webview_zygote_exec_28_0)
+(roletype object_r webview_zygote_exec_28_0)
+(type wificond)
+(typeattribute wificond_28_0)
+(roletype object_r wificond_28_0)
+(type wificond_exec)
+(typeattribute wificond_exec_28_0)
+(roletype object_r wificond_exec_28_0)
+(type wpantund)
+(typeattribute wpantund_28_0)
+(roletype object_r wpantund_28_0)
+(type wpantund_exec)
+(typeattribute wpantund_exec_28_0)
+(roletype object_r wpantund_exec_28_0)
+(type zygote)
+(typeattribute zygote_28_0)
+(roletype object_r zygote_28_0)
+(type zygote_exec)
+(typeattribute zygote_exec_28_0)
+(roletype object_r zygote_exec_28_0)
+(neverallow base_typeattr_1_28_0 domain (process (fork)))
+(neverallow base_typeattr_2_28_0 domain (process (fork)))
+(neverallow base_typeattr_3_28_0 domain (process (fork)))
+(neverallow base_typeattr_4_28_0 domain (process (fork)))
+(neverallow base_typeattr_5_28_0 domain (process (fork)))
+(neverallow base_typeattr_6_28_0 domain (process (fork)))
+(neverallow base_typeattr_7_28_0 domain (process (fork)))
+(neverallow base_typeattr_8_28_0 domain (process (fork)))
+(neverallow base_typeattr_9_28_0 domain (process (fork)))
+(neverallow base_typeattr_10_28_0 domain (process (fork)))
+(neverallow base_typeattr_11_28_0 domain (process (fork)))
+(neverallow base_typeattr_12_28_0 domain (process (fork)))
+(neverallow base_typeattr_13_28_0 domain (process (fork)))
+(neverallow base_typeattr_14_28_0 domain (process (fork)))
+(neverallow base_typeattr_15_28_0 domain (process (fork)))
+(neverallow base_typeattr_16_28_0 domain (process (fork)))
+(neverallow base_typeattr_17_28_0 domain (process (fork)))
+(neverallow base_typeattr_18_28_0 domain (process (fork)))
+(neverallow base_typeattr_19_28_0 domain (process (fork)))
+(neverallow base_typeattr_20_28_0 domain (process (fork)))
+(neverallow base_typeattr_21_28_0 domain (process (fork)))
+(neverallow base_typeattr_22_28_0 domain (process (fork)))
+(neverallow base_typeattr_23_28_0 domain (process (fork)))
+(neverallow base_typeattr_24_28_0 domain (process (fork)))
+(neverallow base_typeattr_25_28_0 domain (process (fork)))
+(neverallow base_typeattr_26_28_0 domain (process (fork)))
+(neverallow base_typeattr_27_28_0 domain (process (fork)))
+(neverallow base_typeattr_28_28_0 domain (process (fork)))
+(neverallow base_typeattr_29_28_0 domain (process (fork)))
+(neverallow base_typeattr_30_28_0 domain (process (fork)))
+(neverallow base_typeattr_31_28_0 domain (process (fork)))
+(neverallow base_typeattr_32_28_0 domain (process (fork)))
+(neverallow base_typeattr_33_28_0 domain (process (fork)))
+(neverallow base_typeattr_34_28_0 domain (process (fork)))
+(neverallow base_typeattr_35_28_0 domain (process (fork)))
+(neverallow base_typeattr_36_28_0 domain (process (fork)))
+(neverallow base_typeattr_37_28_0 domain (process (fork)))
+(neverallow base_typeattr_38_28_0 domain (process (fork)))
+(neverallow base_typeattr_39_28_0 domain (process (fork)))
+(neverallow base_typeattr_40_28_0 domain (process (fork)))
+(neverallow base_typeattr_41_28_0 domain (process (fork)))
+(neverallow base_typeattr_42_28_0 domain (process (fork)))
+(allow appdomain self (process (execmem)))
+(allow appdomain ashmem_device_28_0 (chr_file (execute)))
+(allow appdomain zygote_28_0 (fd (use)))
+(allow appdomain zygote_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow appdomain zygote_28_0 (process (sigchld)))
+(allow appdomain cgroup_28_0 (dir (write search)))
+(allow appdomain cgroup_28_0 (file (ioctl read write getattr lock append map open)))
+(allow appdomain dalvikcache_data_file_28_0 (dir (getattr search)))
+(allow appdomain dalvikcache_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_43_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow base_typeattr_43_28_0 tmpfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain tmpfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain zygote_28_0 (fifo_file (write)))
+(allow appdomain method_trace_data_file_28_0 (dir (write lock add_name remove_name search open)))
+(allow appdomain method_trace_data_file_28_0 (file (write create lock append map open)))
+(allow appdomain shell_28_0 (process (sigchld)))
+(allow appdomain adbd_28_0 (process (sigchld)))
+(allow appdomain devpts_28_0 (chr_file (ioctl read write getattr)))
+(allow appdomain system_server_28_0 (fd (use)))
+(allow appdomain system_server_28_0 (fifo_file (ioctl read write getattr lock append map open)))
+(allow appdomain system_server_28_0 (unix_stream_socket (read write getattr getopt setopt shutdown)))
+(allow appdomain system_server_28_0 (tcp_socket (read write getattr getopt shutdown)))
+(allow appdomain appdomain (fifo_file (ioctl read write getattr lock append map open)))
+(allow appdomain surfaceflinger_28_0 (unix_stream_socket (read write getattr getopt setopt shutdown)))
+(allow base_typeattr_43_28_0 app_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow base_typeattr_43_28_0 app_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow base_typeattr_43_28_0 app_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow base_typeattr_43_28_0 app_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow base_typeattr_43_28_0 app_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow appdomain mnt_expand_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain keychain_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain keychain_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain keychain_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain misc_user_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain misc_user_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_43_28_0 textclassifier_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_43_28_0 textclassifier_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_43_28_0 textclassifier_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain oemfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain oemfs_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow base_typeattr_44_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow base_typeattr_44_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow base_typeattr_45_28_0 system_file_28_0 (file (getattr map execute execute_no_trans)))
+(allow appdomain system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain system_file_28_0 (lnk_file (read getattr open)))
+(allow base_typeattr_43_28_0 vendor_file_28_0 (dir (read open)))
+(allow base_typeattr_44_28_0 vendor_app_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_44_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_44_28_0 vendor_app_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow base_typeattr_44_28_0 vendor_app_file_28_0 (file (execute)))
+(allow appdomain vendor_overlay_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain vendor_overlay_file_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain vendor_overlay_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain vendor_framework_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain vendor_framework_file_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain vendor_framework_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain dex2oat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow appdomain wallpaper_file_28_0 (file (read write getattr)))
+(allow appdomain ringtone_file_28_0 (file (read write getattr)))
+(allow appdomain shortcut_manager_icons_28_0 (file (read getattr)))
+(allow appdomain icon_file_28_0 (file (read getattr)))
+(allow appdomain anr_data_file_28_0 (dir (search)))
+(allow appdomain anr_data_file_28_0 (file (append open)))
+(allow appdomain tombstoned_java_trace_socket_28_0 (sock_file (write)))
+(allow appdomain tombstoned_28_0 (unix_stream_socket (connectto)))
+(allow appdomain tombstoned_28_0 (fd (use)))
+(allow appdomain dumpstate_28_0 (fifo_file (append)))
+(allow appdomain incidentd_28_0 (fifo_file (append)))
+(allow appdomain dumpstate_28_0 (fd (use)))
+(allow appdomain dumpstate_28_0 (unix_stream_socket (read write getattr getopt shutdown)))
+(allow appdomain dumpstate_28_0 (fifo_file (write getattr)))
+(allow appdomain shell_data_file_28_0 (file (write getattr)))
+(allow appdomain incidentd_28_0 (fd (use)))
+(allow appdomain incidentd_28_0 (fifo_file (write getattr)))
+(allow appdomain user_profile_data_file_28_0 (dir (write add_name search)))
+(allow appdomain user_profile_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow appdomain heapdump_data_file_28_0 (file (append)))
+(allow platform_app_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow priv_app_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow shell_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow system_app_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow untrusted_app_27_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow untrusted_app_25_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_46_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_46_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow platform_app_28_0 proc_qtaguid_stat_28_0 (dir (ioctl read getattr lock search open)))
+(allow priv_app_28_0 proc_qtaguid_stat_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 proc_qtaguid_stat_28_0 (dir (ioctl read getattr lock search open)))
+(allow system_app_28_0 proc_qtaguid_stat_28_0 (dir (ioctl read getattr lock search open)))
+(allow untrusted_app_27_28_0 proc_qtaguid_stat_28_0 (dir (ioctl read getattr lock search open)))
+(allow untrusted_app_25_28_0 proc_qtaguid_stat_28_0 (dir (ioctl read getattr lock search open)))
+(allow platform_app_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow platform_app_28_0 proc_qtaguid_stat_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow priv_app_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow priv_app_28_0 proc_qtaguid_stat_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_qtaguid_stat_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow system_app_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow system_app_28_0 proc_qtaguid_stat_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow untrusted_app_27_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow untrusted_app_27_28_0 proc_qtaguid_stat_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow untrusted_app_25_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow untrusted_app_25_28_0 proc_qtaguid_stat_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow platform_app_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow priv_app_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow shell_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow system_app_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow untrusted_app_27_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow untrusted_app_25_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow base_typeattr_43_28_0 gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow appdomain servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 appdomain (dir (search)))
+(allow servicemanager_28_0 appdomain (file (read open)))
+(allow servicemanager_28_0 appdomain (process (getattr)))
+(allow appdomain binderservicedomain (binder (call transfer)))
+(allow binderservicedomain appdomain (binder (transfer)))
+(allow appdomain binderservicedomain (fd (use)))
+(allow appdomain appdomain (binder (call transfer)))
+(allow appdomain appdomain (binder (transfer)))
+(allow appdomain appdomain (fd (use)))
+(allow appdomain ephemeral_app_28_0 (binder (call transfer)))
+(allow ephemeral_app_28_0 appdomain (binder (transfer)))
+(allow appdomain ephemeral_app_28_0 (fd (use)))
+(allow base_typeattr_43_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 base_typeattr_43_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 base_typeattr_43_28_0 (dir (search)))
+(allow hwservicemanager_28_0 base_typeattr_43_28_0 (file (read open)))
+(allow hwservicemanager_28_0 base_typeattr_43_28_0 (process (getattr)))
+(allow base_typeattr_43_28_0 hal_codec2_hwservice_28_0 (hwservice_manager (find)))
+(allow base_typeattr_43_28_0 hal_omx_hwservice_28_0 (hwservice_manager (find)))
+(allow base_typeattr_43_28_0 hidl_token_hwservice_28_0 (hwservice_manager (find)))
+(allow appdomain hal_graphics_composer (fd (use)))
+(allow appdomain appdomain (unix_stream_socket (read write getattr getopt shutdown)))
+(allow appdomain backup_data_file_28_0 (file (read write getattr)))
+(allow appdomain cache_backup_file_28_0 (file (read write getattr)))
+(allow appdomain cache_backup_file_28_0 (dir (getattr)))
+(allow appdomain system_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain system_data_file_28_0 (file (read getattr)))
+(allow base_typeattr_43_28_0 media_rw_data_file_28_0 (file (read getattr)))
+(allow base_typeattr_43_28_0 radio_data_file_28_0 (file (read write getattr)))
+(allow base_typeattr_46_28_0 storage_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 storage_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow base_typeattr_46_28_0 mnt_user_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 mnt_user_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow base_typeattr_46_28_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow base_typeattr_46_28_0 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow base_typeattr_46_28_0 media_rw_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow base_typeattr_46_28_0 media_rw_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow base_typeattr_46_28_0 usb_device_28_0 (chr_file (ioctl read write getattr)))
+(allow base_typeattr_46_28_0 usbaccessory_device_28_0 (chr_file (read write getattr)))
+(allow appdomain dalvikcache_data_file_28_0 (file (execute)))
+(allow appdomain dalvikcache_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain shared_relro_file_28_0 (dir (search)))
+(allow appdomain shared_relro_file_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain apk_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain apk_data_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow appdomain resourcecache_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain resourcecache_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow appdomain logcat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow appdomain logdr_socket_28_0 (sock_file (write)))
+(allow appdomain logd_28_0 (unix_stream_socket (connectto)))
+(allow base_typeattr_47_28_0 logd_socket_28_0 (sock_file (write)))
+(allow base_typeattr_47_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow appdomain zygote_28_0 (unix_dgram_socket (write)))
+(allow base_typeattr_46_28_0 keystore_28_0 (keystore_key (get_state get insert delete exist list sign verify)))
+(allow keystore_28_0 base_typeattr_46_28_0 (dir (search)))
+(allow keystore_28_0 base_typeattr_46_28_0 (file (read open)))
+(allow keystore_28_0 base_typeattr_46_28_0 (process (getattr)))
+(allow base_typeattr_46_28_0 keystore_service_28_0 (service_manager (find)))
+(allow base_typeattr_46_28_0 keystore_28_0 (binder (call transfer)))
+(allow keystore_28_0 base_typeattr_46_28_0 (binder (transfer)))
+(allow base_typeattr_46_28_0 keystore_28_0 (fd (use)))
+(allow keystore_28_0 base_typeattr_46_28_0 (binder (call transfer)))
+(allow base_typeattr_46_28_0 keystore_28_0 (binder (transfer)))
+(allow keystore_28_0 base_typeattr_46_28_0 (fd (use)))
+(allow appdomain console_device_28_0 (chr_file (read write)))
+(allowx base_typeattr_48_28_0 self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx base_typeattr_48_28_0 self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx base_typeattr_48_28_0 self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx base_typeattr_48_28_0 self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx base_typeattr_48_28_0 self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx base_typeattr_48_28_0 self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx base_typeattr_48_28_0 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx base_typeattr_48_28_0 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx base_typeattr_48_28_0 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allow base_typeattr_43_28_0 ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(auditallow base_typeattr_49_28_0 ion_device_28_0 (chr_file (write append)))
+(allow base_typeattr_43_28_0 hwservicemanager_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_43_28_0 mediacodec_28_0 (binder (call transfer)))
+(allow mediacodec_28_0 base_typeattr_43_28_0 (binder (transfer)))
+(allow base_typeattr_43_28_0 mediacodec_28_0 (fd (use)))
+(allow base_typeattr_43_28_0 hal_audio (fd (use)))
+(allow base_typeattr_43_28_0 hal_camera (fd (use)))
+(allow base_typeattr_43_28_0 hal_renderscript_hwservice_28_0 (hwservice_manager (find)))
+(allow appdomain proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain app_fuse_file_28_0 (file (read write getattr append)))
+(allow base_typeattr_46_28_0 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_46_28_0 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_46_28_0 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_46_28_0 pdx_display_client_server_type (fd (use)))
+(allow pdx_display_client_server_type base_typeattr_46_28_0 (fd (use)))
+(allow base_typeattr_46_28_0 pdx_display_manager_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 pdx_display_manager_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_46_28_0 pdx_display_manager_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_46_28_0 pdx_display_manager_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_46_28_0 pdx_display_manager_server_type (fd (use)))
+(allow pdx_display_manager_server_type base_typeattr_46_28_0 (fd (use)))
+(allow base_typeattr_46_28_0 pdx_display_vsync_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 pdx_display_vsync_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_46_28_0 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_46_28_0 pdx_display_vsync_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_46_28_0 pdx_display_vsync_server_type (fd (use)))
+(allow pdx_display_vsync_server_type base_typeattr_46_28_0 (fd (use)))
+(allow base_typeattr_46_28_0 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_46_28_0 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_46_28_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_46_28_0 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_46_28_0 pdx_performance_client_server_type (fd (use)))
+(allow pdx_performance_client_server_type base_typeattr_46_28_0 (fd (use)))
+(allow base_typeattr_46_28_0 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_46_28_0 pdx_bufferhub_client_server_type (fd (use)))
+(allow pdx_bufferhub_client_server_type base_typeattr_46_28_0 (fd (use)))
+(allow appdomain runas_exec_28_0 (file (getattr)))
+(allow base_typeattr_46_28_0 tun_device_28_0 (chr_file (ioctl read write getattr append)))
+(allow appdomain adbd_28_0 (unix_stream_socket (connectto)))
+(allow appdomain adbd_28_0 (fd (use)))
+(allow appdomain adbd_28_0 (unix_stream_socket (ioctl read write getattr getopt shutdown)))
+(allow appdomain cache_file_28_0 (dir (getattr)))
+(neverallow base_typeattr_48_28_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow base_typeattr_48_28_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(neverallow base_typeattr_48_28_0 self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow base_typeattr_48_28_0 self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(neverallow appdomain dev_type (blk_file (read write)))
+(neverallow appdomain audio_device_28_0 (chr_file (read write)))
+(neverallow appdomain camera_device_28_0 (chr_file (read write)))
+(neverallow appdomain dm_device_28_0 (chr_file (read write)))
+(neverallow appdomain radio_device_28_0 (chr_file (read write)))
+(neverallow appdomain video_device_28_0 (chr_file (read write)))
+(neverallow appdomain rpmsg_device_28_0 (chr_file (read write)))
+(neverallow isolated_app_28_0 graphics_device_28_0 (chr_file (read write)))
+(neverallow shell_28_0 graphics_device_28_0 (chr_file (read write)))
+(neverallow untrusted_app_28_0 graphics_device_28_0 (chr_file (read write)))
+(neverallow base_typeattr_50_28_0 nfc_device_28_0 (chr_file (read write)))
+(neverallow base_typeattr_48_28_0 hci_attach_dev_28_0 (chr_file (read write)))
+(neverallow appdomain tee_device_28_0 (chr_file (read write)))
+(neverallow appdomain domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow appdomain domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow appdomain domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow appdomain domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow appdomain domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow appdomain domain (netlink_kobject_uevent_socket (write append)))
+(neverallow appdomain socket_device_28_0 (sock_file (write)))
+(neverallow appdomain adbd_socket_28_0 (sock_file (write)))
+(neverallow base_typeattr_51_28_0 rild_socket_28_0 (sock_file (write)))
+(neverallow appdomain zygote_socket_28_0 (sock_file (write)))
+(neverallow appdomain base_typeattr_52_28_0 (process (ptrace)))
+(neverallow appdomain base_typeattr_52_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_53_28_0 base_typeattr_52_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow appdomain base_typeattr_52_28_0 (process (sigkill sigstop signal)))
+(neverallow base_typeattr_54_28_0 base_typeattr_55_28_0 (process (transition)))
+(neverallow base_typeattr_54_28_0 base_typeattr_52_28_0 (process (dyntransition)))
+(neverallow appdomain rootfs_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain exec_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain system_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain drm_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_tmp_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_56_28_0 apk_private_tmp_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (dir (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (lnk_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (chr_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (blk_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (sock_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_53_28_0 shell_data_file_28_0 (fifo_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_48_28_0 bluetooth_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain keystore_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain systemkeys_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain wifi_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow appdomain dhcp_data_file_28_0 (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_tmp_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_57_28_0 apk_private_tmp_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow untrusted_app_all apk_tmp_file_28_0 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow untrusted_app_all apk_private_tmp_file_28_0 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow appdomain efs_file_28_0 (file (write)))
+(neverallow appdomain efs_file_28_0 (dir (write)))
+(neverallow appdomain efs_file_28_0 (lnk_file (write)))
+(neverallow appdomain efs_file_28_0 (chr_file (write)))
+(neverallow appdomain efs_file_28_0 (blk_file (write)))
+(neverallow appdomain efs_file_28_0 (sock_file (write)))
+(neverallow appdomain efs_file_28_0 (fifo_file (write)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (file (read)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (dir (read)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (lnk_file (read)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (chr_file (read)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (blk_file (read)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (sock_file (read)))
+(neverallow base_typeattr_53_28_0 efs_file_28_0 (fifo_file (read)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (file (write)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (dir (write)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (lnk_file (write)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (chr_file (write)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (blk_file (write)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (sock_file (write)))
+(neverallow base_typeattr_58_28_0 sysfs_28_0 (fifo_file (write)))
+(neverallow appdomain proc_28_0 (file (write)))
+(neverallow appdomain proc_28_0 (dir (write)))
+(neverallow appdomain proc_28_0 (lnk_file (write)))
+(neverallow appdomain proc_28_0 (chr_file (write)))
+(neverallow appdomain proc_28_0 (blk_file (write)))
+(neverallow appdomain proc_28_0 (sock_file (write)))
+(neverallow appdomain proc_28_0 (fifo_file (write)))
+(neverallow appdomain kernel_28_0 (system (syslog_read syslog_mod syslog_console)))
+(neverallow base_typeattr_53_28_0 base_typeattr_59_28_0 (security (compute_av check_context)))
+(neverallow base_typeattr_53_28_0 base_typeattr_59_28_0 (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow appdomain fs_type (filesystem (mount remount unmount relabelfrom relabelto associate quotamod quotaget)))
+(neverallow appdomain dev_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain rootfs_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain tmpfs_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain system_file_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain apk_data_file_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain cache_file_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain cache_recovery_file_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow bluetooth_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow isolated_app_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow nfc_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow radio_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow shared_relro_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow system_app_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_53_28_0 input_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_61_28_0 bluetooth_a2dp_offload_prop_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(neverallow base_typeattr_61_28_0 bluetooth_prop_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(neverallow base_typeattr_61_28_0 exported_bluetooth_prop_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(neverallow appdomain proc_uid_time_in_state_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow appdomain proc_uid_concurrent_active_time_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow appdomain proc_uid_concurrent_policy_time_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow appdomain proc_uid_cpupower_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow bootanim_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 bootanim_28_0 (dir (search)))
+(allow servicemanager_28_0 bootanim_28_0 (file (read open)))
+(allow servicemanager_28_0 bootanim_28_0 (process (getattr)))
+(allow bootanim_28_0 surfaceflinger_28_0 (binder (call transfer)))
+(allow surfaceflinger_28_0 bootanim_28_0 (binder (transfer)))
+(allow bootanim_28_0 surfaceflinger_28_0 (fd (use)))
+(allow bootanim_28_0 audioserver_28_0 (binder (call transfer)))
+(allow audioserver_28_0 bootanim_28_0 (binder (transfer)))
+(allow bootanim_28_0 audioserver_28_0 (fd (use)))
+(allow bootanim_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 bootanim_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 bootanim_28_0 (dir (search)))
+(allow hwservicemanager_28_0 bootanim_28_0 (file (read open)))
+(allow hwservicemanager_28_0 bootanim_28_0 (process (getattr)))
+(allow bootanim_28_0 gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow bootanim_28_0 oemfs_28_0 (dir (search)))
+(allow bootanim_28_0 oemfs_28_0 (file (ioctl read getattr lock map open)))
+(allow bootanim_28_0 audio_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow bootanim_28_0 audio_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow bootanim_28_0 audioserver_service_28_0 (service_manager (find)))
+(allow bootanim_28_0 surfaceflinger_service_28_0 (service_manager (find)))
+(allow bootanim_28_0 ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow bootanim_28_0 hal_graphics_allocator (fd (use)))
+(allow bootanim_28_0 hal_graphics_composer (fd (use)))
+(allow bootanim_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow bootanim_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow bootanim_28_0 bootloader_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 runtime_event_log_tags_file_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 bootstat_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow bootstat_28_0 bootstat_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow bootstat_28_0 boottime_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 property_socket_28_0 (sock_file (write)))
+(allow bootstat_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow bootstat_28_0 bootloader_boot_reason_prop_28_0 (property_service (set)))
+(allow bootstat_28_0 bootloader_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 property_socket_28_0 (sock_file (write)))
+(allow bootstat_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow bootstat_28_0 system_boot_reason_prop_28_0 (property_service (set)))
+(allow bootstat_28_0 system_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 property_socket_28_0 (sock_file (write)))
+(allow bootstat_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow bootstat_28_0 last_boot_reason_prop_28_0 (property_service (set)))
+(allow bootstat_28_0 last_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 pstorefs_28_0 (dir (search)))
+(allow bootstat_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow bootstat_28_0 kernel_28_0 (system (syslog_read)))
+(allow bootstat_28_0 logcat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow bootstat_28_0 logdr_socket_28_0 (sock_file (write)))
+(allow bootstat_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_62_28_0 bootloader_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_62_28_0 last_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow bootanim_28_0 last_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow recovery_28_0 last_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_63_28_0 bootloader_boot_reason_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_63_28_0 last_boot_reason_prop_28_0 (property_service (set)))
+(neverallow system_server_28_0 bootloader_boot_reason_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_64_28_0 system_boot_reason_prop_28_0 (property_service (set)))
+(allow init_28_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (create bind)))
+(allow bufferhubd_28_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
+(allow bufferhubd_28_0 self (process (setsockcreate)))
+(allow bufferhubd_28_0 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown)))
+(neverallow base_typeattr_65_28_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(allow bufferhubd_28_0 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow bufferhubd_28_0 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open)))
+(allow bufferhubd_28_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow bufferhubd_28_0 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow bufferhubd_28_0 pdx_performance_client_server_type (fd (use)))
+(allow pdx_performance_client_server_type bufferhubd_28_0 (fd (use)))
+(allow bufferhubd_28_0 gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow bufferhubd_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow bufferhubd_28_0 mediacodec_28_0 (fd (use)))
+(allow cameraserver_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 cameraserver_28_0 (dir (search)))
+(allow servicemanager_28_0 cameraserver_28_0 (file (read open)))
+(allow servicemanager_28_0 cameraserver_28_0 (process (getattr)))
+(allow cameraserver_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain cameraserver_28_0 (binder (transfer)))
+(allow cameraserver_28_0 binderservicedomain (fd (use)))
+(allow cameraserver_28_0 appdomain (binder (call transfer)))
+(allow appdomain cameraserver_28_0 (binder (transfer)))
+(allow cameraserver_28_0 appdomain (fd (use)))
+(allow cameraserver_28_0 ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow cameraserver_28_0 hal_graphics_composer (fd (use)))
+(allow cameraserver_28_0 cameraserver_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_66_28_0 cameraserver_service_28_0 (service_manager (add)))
+(allow cameraserver_28_0 activity_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 appops_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 audioserver_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 batterystats_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 cameraproxy_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 mediaserver_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 processinfo_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 scheduling_policy_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 surfaceflinger_service_28_0 (service_manager (find)))
+(allow cameraserver_28_0 hidl_token_hwservice_28_0 (hwservice_manager (find)))
+(neverallow cameraserver_28_0 fs_type (file (execute_no_trans)))
+(neverallow cameraserver_28_0 file_type (file (execute_no_trans)))
+(neverallow cameraserver_28_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow cameraserver_28_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow cameraserver_28_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow cameraserver_28_0 adbd_28_0 (fd (use)))
+(allow cameraserver_28_0 adbd_28_0 (unix_stream_socket (read write)))
+(allow cameraserver_28_0 shell_28_0 (fd (use)))
+(allow cameraserver_28_0 shell_28_0 (unix_stream_socket (read write)))
+(allow cameraserver_28_0 shell_28_0 (fifo_file (read write)))
+(allow cameraserver_28_0 su_28_0 (fd (use)))
+(allow cameraserver_28_0 su_28_0 (fifo_file (read write)))
+(allow cameraserver_28_0 su_28_0 (unix_stream_socket (read write)))
+(allow charger_28_0 kmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow charger_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow charger_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow charger_28_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 self (capability (sys_tty_config)))
+(allow charger_28_0 self (cap_userns (sys_tty_config)))
+(allow charger_28_0 self (capability (sys_boot)))
+(allow charger_28_0 self (cap_userns (sys_boot)))
+(allow charger_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow charger_28_0 self (capability2 (block_suspend)))
+(allow charger_28_0 self (cap2_userns (block_suspend)))
+(allow charger_28_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow charger_28_0 sysfs_power_28_0 (file (ioctl read write getattr lock append map open)))
+(allow charger_28_0 sysfs_batteryinfo_28_0 (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 sysfs_batteryinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 sysfs_batteryinfo_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow charger_28_0 pstorefs_28_0 (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 graphics_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 graphics_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow charger_28_0 input_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow charger_28_0 input_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow charger_28_0 tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow charger_28_0 proc_sysrq_28_0 (file (ioctl read write getattr lock append map open)))
+(allow charger_28_0 property_socket_28_0 (sock_file (write)))
+(allow charger_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow charger_28_0 system_prop_28_0 (property_service (set)))
+(allow charger_28_0 system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 property_socket_28_0 (sock_file (write)))
+(allow charger_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow charger_28_0 exported_system_prop_28_0 (property_service (set)))
+(allow charger_28_0 exported_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 property_socket_28_0 (sock_file (write)))
+(allow charger_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow charger_28_0 exported2_system_prop_28_0 (property_service (set)))
+(allow charger_28_0 exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow charger_28_0 property_socket_28_0 (sock_file (write)))
+(allow charger_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow charger_28_0 exported3_system_prop_28_0 (property_service (set)))
+(allow charger_28_0 exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow clatd_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow clatd_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow clatd_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow clatd_28_0 netd_28_0 (fd (use)))
+(allow clatd_28_0 netd_28_0 (fifo_file (read write)))
+(allow clatd_28_0 netd_28_0 (netlink_kobject_uevent_socket (read write)))
+(allow clatd_28_0 netd_28_0 (netlink_nflog_socket (read write)))
+(allow clatd_28_0 netd_28_0 (netlink_route_socket (read write)))
+(allow clatd_28_0 netd_28_0 (udp_socket (read write)))
+(allow clatd_28_0 netd_28_0 (unix_stream_socket (read write)))
+(allow clatd_28_0 netd_28_0 (unix_dgram_socket (read write)))
+(allow clatd_28_0 self (capability (setgid setuid net_admin net_raw)))
+(allow clatd_28_0 self (cap_userns (setgid setuid net_admin net_raw)))
+(allow clatd_28_0 self (capability (ipc_lock)))
+(allow clatd_28_0 self (cap_userns (ipc_lock)))
+(allow clatd_28_0 self (netlink_route_socket (nlmsg_write)))
+(allow clatd_28_0 self (rawip_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow clatd_28_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow clatd_28_0 self (tun_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow clatd_28_0 tun_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow cppreopts_28_0 dalvikcache_data_file_28_0 (dir (write add_name remove_name search)))
+(allow cppreopts_28_0 dalvikcache_data_file_28_0 (file (read write create getattr unlink rename open)))
+(allow cppreopts_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow cppreopts_28_0 system_file_28_0 (dir (read open)))
+(allow cppreopts_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow crash_dump_28_0 base_typeattr_67_28_0 (process (sigchld sigkill sigstop signal ptrace)))
+(dontaudit crash_dump_28_0 self (capability (sys_ptrace)))
+(dontaudit crash_dump_28_0 self (cap_userns (sys_ptrace)))
+(allow crash_dump_28_0 logd_28_0 (process (sigchld sigkill sigstop signal ptrace)))
+(allow crash_dump_28_0 kmsg_debug_device_28_0 (chr_file (append open)))
+(allow crash_dump_28_0 domain (fd (use)))
+(allow crash_dump_28_0 domain (fifo_file (read write)))
+(allow crash_dump_28_0 domain (fifo_file (append)))
+(allow crash_dump_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow crash_dump_28_0 domain (file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 domain (lnk_file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 exec_type (file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 dalvikcache_data_file_28_0 (dir (getattr search)))
+(allow crash_dump_28_0 dalvikcache_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 apk_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow crash_dump_28_0 apk_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 apk_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 vendor_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow crash_dump_28_0 same_process_hal_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow crash_dump_28_0 vendor_file_28_0 (file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 vendor_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 same_process_hal_file_28_0 (file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 same_process_hal_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow crash_dump_28_0 tombstoned_crash_socket_28_0 (sock_file (write)))
+(allow crash_dump_28_0 tombstoned_28_0 (unix_stream_socket (connectto)))
+(allow crash_dump_28_0 system_ndebug_socket_28_0 (sock_file (write)))
+(allow crash_dump_28_0 system_server_28_0 (unix_stream_socket (connectto)))
+(allow crash_dump_28_0 anr_data_file_28_0 (file (getattr append)))
+(allow crash_dump_28_0 tombstone_data_file_28_0 (file (getattr append)))
+(allow crash_dump_28_0 logcat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow crash_dump_28_0 logdr_socket_28_0 (sock_file (write)))
+(allow crash_dump_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(dontaudit crash_dump_28_0 core_data_file_type (dir (search)))
+(dontaudit crash_dump_28_0 vendor_file_type (dir (search)))
+(dontaudit crash_dump_28_0 system_data_file_28_0 (file (read)))
+(neverallow domain crash_dump_exec_28_0 (file (execute_no_trans)))
+(allow dex2oat_28_0 apk_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dex2oat_28_0 apk_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 apk_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 vendor_app_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dex2oat_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 vendor_app_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 vendor_framework_file_28_0 (dir (getattr search)))
+(allow dex2oat_28_0 vendor_framework_file_28_0 (file (read getattr open)))
+(allow dex2oat_28_0 tmpfs_28_0 (file (read getattr)))
+(allow dex2oat_28_0 dalvikcache_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dex2oat_28_0 dalvikcache_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 dalvikcache_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 dalvikcache_data_file_28_0 (file (write)))
+(allow dex2oat_28_0 dalvikcache_data_file_28_0 (lnk_file (read)))
+(allow dex2oat_28_0 installd_28_0 (fd (use)))
+(allow dex2oat_28_0 system_file_28_0 (file (lock)))
+(allow dex2oat_28_0 asec_apk_file_28_0 (file (read)))
+(allow dex2oat_28_0 unlabeled_28_0 (file (read)))
+(allow dex2oat_28_0 oemfs_28_0 (file (read)))
+(allow dex2oat_28_0 apk_tmp_file_28_0 (dir (search)))
+(allow dex2oat_28_0 apk_tmp_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 user_profile_data_file_28_0 (file (read getattr lock)))
+(allow dex2oat_28_0 app_data_file_28_0 (file (read write getattr lock)))
+(allow dex2oat_28_0 postinstall_dexopt_28_0 (fd (use)))
+(allow dex2oat_28_0 postinstall_file_28_0 (dir (getattr search)))
+(allow dex2oat_28_0 postinstall_file_28_0 (filesystem (getattr)))
+(allow dex2oat_28_0 postinstall_file_28_0 (lnk_file (read getattr)))
+(allow dex2oat_28_0 ota_data_file_28_0 (dir (ioctl read write getattr lock add_name search open)))
+(allow dex2oat_28_0 ota_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dex2oat_28_0 ota_data_file_28_0 (lnk_file (read create)))
+(allow dex2oat_28_0 ota_data_file_28_0 (file (write create setattr lock append map open)))
+(neverallow dex2oat_28_0 app_data_file_28_0 (file (open)))
+(neverallow dex2oat_28_0 app_data_file_28_0 (lnk_file (open)))
+(neverallow dex2oat_28_0 app_data_file_28_0 (sock_file (open)))
+(neverallow dex2oat_28_0 app_data_file_28_0 (fifo_file (open)))
+(allow dhcp_28_0 cgroup_28_0 (dir (write create add_name)))
+(allow dhcp_28_0 self (capability (setgid setuid net_bind_service net_admin net_raw)))
+(allow dhcp_28_0 self (cap_userns (setgid setuid net_bind_service net_admin net_raw)))
+(allow dhcp_28_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow dhcp_28_0 self (netlink_route_socket (nlmsg_write)))
+(allow dhcp_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dhcp_28_0 system_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dhcp_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dhcp_28_0 proc_net_28_0 (file (write)))
+(allow dhcp_28_0 property_socket_28_0 (sock_file (write)))
+(allow dhcp_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow dhcp_28_0 dhcp_prop_28_0 (property_service (set)))
+(allow dhcp_28_0 dhcp_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow dhcp_28_0 property_socket_28_0 (sock_file (write)))
+(allow dhcp_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow dhcp_28_0 pan_result_prop_28_0 (property_service (set)))
+(allow dhcp_28_0 pan_result_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow dhcp_28_0 dhcp_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow dhcp_28_0 dhcp_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow dhcp_28_0 netd_28_0 (fd (use)))
+(allow dhcp_28_0 netd_28_0 (fifo_file (ioctl read write getattr lock append map open)))
+(allow dhcp_28_0 netd_28_0 (udp_socket (read write)))
+(allow dhcp_28_0 netd_28_0 (unix_stream_socket (read write)))
+(allow dhcp_28_0 netd_28_0 (unix_dgram_socket (read write)))
+(allow dhcp_28_0 netd_28_0 (netlink_route_socket (read write)))
+(allow dhcp_28_0 netd_28_0 (netlink_nflog_socket (read write)))
+(allow dhcp_28_0 netd_28_0 (netlink_kobject_uevent_socket (read write)))
+(allow display_service_server fwk_display_hwservice_28_0 (hwservice_manager (add find)))
+(allow display_service_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_68_28_0 fwk_display_hwservice_28_0 (hwservice_manager (add)))
+(allowx dnsmasq_28_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx dnsmasq_28_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx dnsmasq_28_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow dnsmasq_28_0 self (capability (dac_override)))
+(allow dnsmasq_28_0 self (cap_userns (dac_override)))
+(allow dnsmasq_28_0 self (capability (setgid setuid net_bind_service net_admin net_raw)))
+(allow dnsmasq_28_0 self (cap_userns (setgid setuid net_bind_service net_admin net_raw)))
+(allow dnsmasq_28_0 dhcp_data_file_28_0 (dir (write lock add_name remove_name search open)))
+(allow dnsmasq_28_0 dhcp_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow dnsmasq_28_0 netd_28_0 (fd (use)))
+(allow dnsmasq_28_0 netd_28_0 (fifo_file (read write)))
+(allow dnsmasq_28_0 netd_28_0 (netlink_kobject_uevent_socket (read write)))
+(allow dnsmasq_28_0 netd_28_0 (netlink_nflog_socket (read write)))
+(allow dnsmasq_28_0 netd_28_0 (netlink_route_socket (read write)))
+(allow dnsmasq_28_0 netd_28_0 (unix_stream_socket (read write)))
+(allow dnsmasq_28_0 netd_28_0 (unix_dgram_socket (read write)))
+(allow dnsmasq_28_0 netd_28_0 (udp_socket (read write)))
+(allow domain init_28_0 (process (sigchld)))
+(allow domain self (process (fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit)))
+(allow domain self (fd (use)))
+(allow domain proc_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain proc_net_28_0 (dir (search)))
+(allow domain self (dir (ioctl read getattr lock search open)))
+(allow domain self (file (ioctl read getattr lock map open)))
+(allow domain self (lnk_file (ioctl read getattr lock map open)))
+(allow domain self (file (ioctl read write getattr lock append map open)))
+(allow domain self (fifo_file (ioctl read write getattr lock append map open)))
+(allow domain self (unix_dgram_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto)))
+(allow domain self (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto)))
+(allow domain init_28_0 (fd (use)))
+(allow domain su_28_0 (fd (use)))
+(allow domain su_28_0 (unix_stream_socket (read write getattr getopt shutdown connectto)))
+(allow domain su_28_0 (unix_dgram_socket (sendto)))
+(allow base_typeattr_69_28_0 su_28_0 (binder (call transfer)))
+(allow domain su_28_0 (fifo_file (write getattr)))
+(allow domain su_28_0 (process (sigchld)))
+(allow domain coredump_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow domain coredump_file_28_0 (dir (ioctl read write getattr lock add_name search open)))
+(allow domain rootfs_28_0 (dir (search)))
+(allow domain rootfs_28_0 (lnk_file (read getattr)))
+(allow domain device_28_0 (dir (search)))
+(allow domain dev_type (lnk_file (ioctl read getattr lock map open)))
+(allow domain devpts_28_0 (dir (search)))
+(allow domain socket_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain owntty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow domain null_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow domain zero_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow domain ashmem_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_70_28_0 binder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow base_typeattr_71_28_0 hwbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow domain ptmx_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow domain alarm_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow domain random_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow domain proc_random_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain proc_random_28_0 (file (ioctl read getattr lock map open)))
+(allow domain properties_device_28_0 (dir (getattr search)))
+(allow domain properties_serial_28_0 (file (ioctl read getattr lock map open)))
+(allow domain property_info_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain core_property_type (file (ioctl read getattr lock map open)))
+(allow coredomain core_property_type (file (ioctl read getattr lock map open)))
+(allow shell_28_0 core_property_type (file (ioctl read getattr lock map open)))
+(allow appdomain exported_dalvik_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported_dalvik_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported_dalvik_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported_ffs_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported_ffs_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported_ffs_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported_system_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported_system_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported_system_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported2_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported2_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported2_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported2_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported2_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported2_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported3_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported3_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported3_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow appdomain exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow coredomain exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 core_property_type (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported_dalvik_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported_ffs_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported_system_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported2_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported2_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported3_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow su_28_0 exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow base_typeattr_72_28_0 vendor_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain debug_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_fingerprint_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_secure_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain exported2_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain logd_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow domain log_property_type (file (ioctl read getattr lock map open)))
+(dontaudit domain property_type (file (audit_access)))
+(allow domain property_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow domain init_28_0 (key (search)))
+(allow domain vold_28_0 (key (search)))
+(allow domain logdw_socket_28_0 (sock_file (write)))
+(allow domain logd_28_0 (unix_dgram_socket (sendto)))
+(allow domain pmsg_device_28_0 (chr_file (write lock append map open)))
+(allow domain system_file_28_0 (dir (getattr search)))
+(allow domain system_file_28_0 (file (read getattr map execute open)))
+(allow domain system_file_28_0 (lnk_file (read getattr)))
+(allow domain vendor_hal_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain same_process_hal_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain same_process_hal_file_28_0 (file (read getattr map execute open)))
+(allow domain vndk_sp_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain vndk_sp_file_28_0 (file (read getattr map execute open)))
+(allow domain vendor_configs_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain vendor_configs_file_28_0 (file (read getattr open)))
+(allow domain vendor_file_type (lnk_file (read getattr open)))
+(allow domain vendor_file_28_0 (dir (getattr search)))
+(allow base_typeattr_73_28_0 vendor_file_type (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_73_28_0 vendor_file_type (file (read getattr map execute open)))
+(allow base_typeattr_73_28_0 vendor_file_type (lnk_file (read getattr)))
+(allow domain sysfs_28_0 (lnk_file (read getattr)))
+(allow domain zoneinfo_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow domain zoneinfo_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain sysfs_devices_system_cpu_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain sysfs_devices_system_cpu_28_0 (file (ioctl read getattr lock map open)))
+(allow domain sysfs_devices_system_cpu_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow domain sysfs_usb_28_0 (dir (ioctl read getattr lock search open)))
+(allow domain sysfs_usb_28_0 (file (ioctl read getattr lock map open)))
+(allow domain sysfs_usb_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow appdomain system_data_file_28_0 (dir (getattr)))
+(allow coredomain system_data_file_28_0 (dir (getattr)))
+(allow domain system_data_file_28_0 (dir (search)))
+(allow domain vendor_data_file_28_0 (dir (getattr search)))
+(allow domain proc_28_0 (lnk_file (read getattr)))
+(allow domain proc_cpuinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow domain proc_overcommit_memory_28_0 (file (ioctl read getattr lock map open)))
+(allow domain proc_perf_28_0 (file (ioctl read getattr lock map open)))
+(allow domain selinuxfs_28_0 (dir (search)))
+(allow domain selinuxfs_28_0 (file (getattr)))
+(allow domain sysfs_28_0 (dir (search)))
+(allow domain selinuxfs_28_0 (filesystem (getattr)))
+(allow domain cgroup_28_0 (dir (write search)))
+(allow domain cgroup_28_0 (file (write lock append map open)))
+(allow domain debugfs_28_0 (dir (search)))
+(allow domain debugfs_tracing_28_0 (dir (search)))
+(allow domain debugfs_tracing_debug_28_0 (dir (search)))
+(allow domain debugfs_trace_marker_28_0 (file (write lock append map open)))
+(allow domain fs_type (filesystem (getattr)))
+(allow domain fs_type (dir (getattr)))
+(allowx domain domain (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx domain domain (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx domain domain (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx domain domain (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx domain domain (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx domain domain (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx domain domain (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx domain domain (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx domain domain (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx domain domain (ioctl unix_stream_socket (0x5401 0x5411 ((range 0x5413 0x5414)) 0x541b 0x5451)))
+(allowx domain domain (ioctl unix_dgram_socket (0x5401 0x5411 ((range 0x5413 0x5414)) 0x541b 0x5451)))
+(allowx domain devpts_28_0 (ioctl chr_file (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allow base_typeattr_74_28_0 hwservice_manager_type (hwservice_manager (add find)))
+(allow base_typeattr_74_28_0 vndservice_manager_type (service_manager (add find)))
+(neverallowx domain domain (ioctl socket (0x0)))
+(neverallowx domain domain (ioctl tcp_socket (0x0)))
+(neverallowx domain domain (ioctl udp_socket (0x0)))
+(neverallowx domain domain (ioctl rawip_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_socket (0x0)))
+(neverallowx domain domain (ioctl packet_socket (0x0)))
+(neverallowx domain domain (ioctl key_socket (0x0)))
+(neverallowx domain domain (ioctl unix_stream_socket (0x0)))
+(neverallowx domain domain (ioctl unix_dgram_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_route_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_tcpdiag_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_nflog_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_xfrm_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_selinux_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_audit_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_dnrt_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_kobject_uevent_socket (0x0)))
+(neverallowx domain domain (ioctl appletalk_socket (0x0)))
+(neverallowx domain domain (ioctl tun_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_iscsi_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_fib_lookup_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_connector_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_netfilter_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_generic_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_scsitransport_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_rdma_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_crypto_socket (0x0)))
+(neverallowx domain domain (ioctl sctp_socket (0x0)))
+(neverallowx domain domain (ioctl icmp_socket (0x0)))
+(neverallowx domain domain (ioctl ax25_socket (0x0)))
+(neverallowx domain domain (ioctl ipx_socket (0x0)))
+(neverallowx domain domain (ioctl netrom_socket (0x0)))
+(neverallowx domain domain (ioctl atmpvc_socket (0x0)))
+(neverallowx domain domain (ioctl x25_socket (0x0)))
+(neverallowx domain domain (ioctl rose_socket (0x0)))
+(neverallowx domain domain (ioctl decnet_socket (0x0)))
+(neverallowx domain domain (ioctl atmsvc_socket (0x0)))
+(neverallowx domain domain (ioctl rds_socket (0x0)))
+(neverallowx domain domain (ioctl irda_socket (0x0)))
+(neverallowx domain domain (ioctl pppox_socket (0x0)))
+(neverallowx domain domain (ioctl llc_socket (0x0)))
+(neverallowx domain domain (ioctl can_socket (0x0)))
+(neverallowx domain domain (ioctl tipc_socket (0x0)))
+(neverallowx domain domain (ioctl bluetooth_socket (0x0)))
+(neverallowx domain domain (ioctl iucv_socket (0x0)))
+(neverallowx domain domain (ioctl rxrpc_socket (0x0)))
+(neverallowx domain domain (ioctl isdn_socket (0x0)))
+(neverallowx domain domain (ioctl phonet_socket (0x0)))
+(neverallowx domain domain (ioctl ieee802154_socket (0x0)))
+(neverallowx domain domain (ioctl caif_socket (0x0)))
+(neverallowx domain domain (ioctl alg_socket (0x0)))
+(neverallowx domain domain (ioctl nfc_socket (0x0)))
+(neverallowx domain domain (ioctl vsock_socket (0x0)))
+(neverallowx domain domain (ioctl kcm_socket (0x0)))
+(neverallowx domain domain (ioctl qipcrtr_socket (0x0)))
+(neverallowx domain domain (ioctl smc_socket (0x0)))
+(neverallowx domain domain (ioctl socket (0x8905)))
+(neverallowx domain domain (ioctl tcp_socket (0x8905)))
+(neverallowx domain domain (ioctl udp_socket (0x8905)))
+(neverallowx domain domain (ioctl rawip_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_socket (0x8905)))
+(neverallowx domain domain (ioctl packet_socket (0x8905)))
+(neverallowx domain domain (ioctl key_socket (0x8905)))
+(neverallowx domain domain (ioctl unix_stream_socket (0x8905)))
+(neverallowx domain domain (ioctl unix_dgram_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_route_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_tcpdiag_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_nflog_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_xfrm_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_selinux_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_audit_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_dnrt_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_kobject_uevent_socket (0x8905)))
+(neverallowx domain domain (ioctl appletalk_socket (0x8905)))
+(neverallowx domain domain (ioctl tun_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_iscsi_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_fib_lookup_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_connector_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_netfilter_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_generic_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_scsitransport_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_rdma_socket (0x8905)))
+(neverallowx domain domain (ioctl netlink_crypto_socket (0x8905)))
+(neverallowx domain domain (ioctl sctp_socket (0x8905)))
+(neverallowx domain domain (ioctl icmp_socket (0x8905)))
+(neverallowx domain domain (ioctl ax25_socket (0x8905)))
+(neverallowx domain domain (ioctl ipx_socket (0x8905)))
+(neverallowx domain domain (ioctl netrom_socket (0x8905)))
+(neverallowx domain domain (ioctl atmpvc_socket (0x8905)))
+(neverallowx domain domain (ioctl x25_socket (0x8905)))
+(neverallowx domain domain (ioctl rose_socket (0x8905)))
+(neverallowx domain domain (ioctl decnet_socket (0x8905)))
+(neverallowx domain domain (ioctl atmsvc_socket (0x8905)))
+(neverallowx domain domain (ioctl rds_socket (0x8905)))
+(neverallowx domain domain (ioctl irda_socket (0x8905)))
+(neverallowx domain domain (ioctl pppox_socket (0x8905)))
+(neverallowx domain domain (ioctl llc_socket (0x8905)))
+(neverallowx domain domain (ioctl can_socket (0x8905)))
+(neverallowx domain domain (ioctl tipc_socket (0x8905)))
+(neverallowx domain domain (ioctl bluetooth_socket (0x8905)))
+(neverallowx domain domain (ioctl iucv_socket (0x8905)))
+(neverallowx domain domain (ioctl rxrpc_socket (0x8905)))
+(neverallowx domain domain (ioctl isdn_socket (0x8905)))
+(neverallowx domain domain (ioctl phonet_socket (0x8905)))
+(neverallowx domain domain (ioctl ieee802154_socket (0x8905)))
+(neverallowx domain domain (ioctl caif_socket (0x8905)))
+(neverallowx domain domain (ioctl alg_socket (0x8905)))
+(neverallowx domain domain (ioctl nfc_socket (0x8905)))
+(neverallowx domain domain (ioctl vsock_socket (0x8905)))
+(neverallowx domain domain (ioctl kcm_socket (0x8905)))
+(neverallowx domain domain (ioctl qipcrtr_socket (0x8905)))
+(neverallowx domain domain (ioctl smc_socket (0x8905)))
+(neverallowx base_typeattr_59_28_0 devpts_28_0 (ioctl chr_file (0x5412)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (file (create)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (dir (create)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (lnk_file (create)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (chr_file (create)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (blk_file (create)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (sock_file (create)))
+(neverallow base_typeattr_75_28_0 unlabeled_28_0 (fifo_file (create)))
+(neverallow base_typeattr_76_28_0 self (capability (mknod)))
+(neverallow base_typeattr_76_28_0 self (cap_userns (mknod)))
+(neverallow base_typeattr_77_28_0 self (capability (sys_rawio)))
+(neverallow base_typeattr_77_28_0 self (cap_userns (sys_rawio)))
+(neverallow base_typeattr_59_28_0 self (memprotect (mmap_zero)))
+(neverallow base_typeattr_59_28_0 self (capability2 (mac_override)))
+(neverallow base_typeattr_59_28_0 self (cap2_userns (mac_override)))
+(neverallow base_typeattr_59_28_0 self (capability2 (mac_admin)))
+(neverallow base_typeattr_59_28_0 self (cap2_userns (mac_admin)))
+(neverallow base_typeattr_59_28_0 kernel_28_0 (security (load_policy)))
+(neverallow base_typeattr_59_28_0 kernel_28_0 (security (setenforce)))
+(neverallow base_typeattr_78_28_0 kernel_28_0 (security (setcheckreqprot)))
+(neverallow base_typeattr_59_28_0 kernel_28_0 (security (setbool)))
+(neverallow base_typeattr_69_28_0 kernel_28_0 (security (setsecparam)))
+(neverallow base_typeattr_79_28_0 hw_random_device_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_80_28_0 keychord_device_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_59_28_0 base_typeattr_81_28_0 (file (entrypoint)))
+(neverallow base_typeattr_82_28_0 kmem_device_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_59_28_0 kmem_device_28_0 (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_82_28_0 port_device_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_59_28_0 port_device_28_0 (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_69_28_0 usermodehelper_28_0 (file (write append)))
+(neverallow base_typeattr_83_28_0 sysfs_usermodehelper_28_0 (file (write append)))
+(neverallow base_typeattr_84_28_0 proc_security_28_0 (file (read write append open)))
+(neverallow base_typeattr_59_28_0 init_28_0 (process (ptrace)))
+(neverallow base_typeattr_59_28_0 init_28_0 (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_59_28_0 vendor_init_28_0 (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_85_28_0 block_device_28_0 (blk_file (read write open)))
+(neverallow base_typeattr_59_28_0 base_typeattr_59_28_0 (chr_file (rename)))
+(neverallow base_typeattr_59_28_0 base_typeattr_59_28_0 (blk_file (rename)))
+(neverallow domain device_28_0 (chr_file (read write open)))
+(neverallow base_typeattr_86_28_0 base_typeattr_87_28_0 (filesystem (mount remount relabelfrom relabelto)))
+(neverallow base_typeattr_88_28_0 base_typeattr_89_28_0 (file (execute)))
+(neverallow base_typeattr_90_28_0 base_typeattr_91_28_0 (file (execute)))
+(neverallow domain cache_file_28_0 (file (execute)))
+(neverallow domain cache_backup_file_28_0 (file (execute)))
+(neverallow domain cache_private_backup_file_28_0 (file (execute)))
+(neverallow domain cache_recovery_file_28_0 (file (execute)))
+(neverallow base_typeattr_52_28_0 base_typeattr_60_28_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_78_28_0 nativetest_data_file_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_78_28_0 nativetest_data_file_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_78_28_0 nativetest_data_file_28_0 (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_78_28_0 nativetest_data_file_28_0 (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_78_28_0 nativetest_data_file_28_0 (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_78_28_0 nativetest_data_file_28_0 (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain nativetest_data_file_28_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_92_28_0 nativetest_data_file_28_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_69_28_0 property_data_file_28_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_69_28_0 property_data_file_28_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_69_28_0 property_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_69_28_0 properties_device_28_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_69_28_0 properties_serial_28_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow domain exec_type (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain exec_type (dir (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain exec_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain exec_type (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain exec_type (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain exec_type (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain exec_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (dir (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain vendor_file_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (dir (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow domain system_file_28_0 (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_78_28_0 exec_type (file (relabelto)))
+(neverallow base_typeattr_78_28_0 exec_type (dir (relabelto)))
+(neverallow base_typeattr_78_28_0 exec_type (lnk_file (relabelto)))
+(neverallow base_typeattr_78_28_0 exec_type (chr_file (relabelto)))
+(neverallow base_typeattr_78_28_0 exec_type (blk_file (relabelto)))
+(neverallow base_typeattr_78_28_0 exec_type (sock_file (relabelto)))
+(neverallow base_typeattr_78_28_0 exec_type (fifo_file (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (file (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (dir (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (lnk_file (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (chr_file (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (blk_file (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (sock_file (relabelto)))
+(neverallow base_typeattr_78_28_0 vendor_file_type (fifo_file (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (file (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (dir (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (lnk_file (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (chr_file (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (blk_file (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (sock_file (relabelto)))
+(neverallow base_typeattr_78_28_0 system_file_28_0 (fifo_file (relabelto)))
+(neverallow base_typeattr_59_28_0 exec_type (file (mounton)))
+(neverallow base_typeattr_59_28_0 exec_type (dir (mounton)))
+(neverallow base_typeattr_59_28_0 exec_type (lnk_file (mounton)))
+(neverallow base_typeattr_59_28_0 exec_type (chr_file (mounton)))
+(neverallow base_typeattr_59_28_0 exec_type (blk_file (mounton)))
+(neverallow base_typeattr_59_28_0 exec_type (sock_file (mounton)))
+(neverallow base_typeattr_59_28_0 exec_type (fifo_file (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (file (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (dir (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (lnk_file (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (chr_file (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (blk_file (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (sock_file (mounton)))
+(neverallow base_typeattr_69_28_0 vendor_file_type (fifo_file (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (file (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (dir (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (lnk_file (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (chr_file (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (blk_file (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (sock_file (mounton)))
+(neverallow base_typeattr_69_28_0 system_file_28_0 (fifo_file (mounton)))
+(neverallow base_typeattr_59_28_0 rootfs_28_0 (file (write create setattr relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 base_typeattr_93_28_0 (filesystem (relabelto)))
+(neverallow base_typeattr_59_28_0 contextmount_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 contextmount_type (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 contextmount_type (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 contextmount_type (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 contextmount_type (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 contextmount_type (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 contextmount_type (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_59_28_0 default_android_service_28_0 (service_manager (add)))
+(neverallow base_typeattr_59_28_0 default_android_vndservice_28_0 (service_manager (add find)))
+(neverallow base_typeattr_59_28_0 default_android_hwservice_28_0 (hwservice_manager (add find)))
+(neverallow base_typeattr_59_28_0 hidl_base_hwservice_28_0 (hwservice_manager (find)))
+(neverallow base_typeattr_84_28_0 default_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_84_28_0 mmc_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_69_28_0 default_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_69_28_0 mmc_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_84_28_0 exported_default_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_69_28_0 exported_secure_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_69_28_0 exported2_default_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_84_28_0 exported3_default_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_84_28_0 vendor_default_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_94_28_0 pm_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_73_28_0 pm_prop_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_95_28_0 exported_pm_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_96_28_0 exported_pm_prop_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_97_28_0 serialno_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_98_28_0 firstboot_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_99_28_0 frp_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_100_28_0 metadata_block_device_28_0 (blk_file (ioctl read write lock append link rename open)))
+(neverallow base_typeattr_101_28_0 system_block_device_28_0 (blk_file (write append)))
+(neverallow base_typeattr_102_28_0 recovery_block_device_28_0 (blk_file (write append)))
+(neverallow base_typeattr_103_28_0 misc_block_device_28_0 (blk_file (ioctl read write lock relabelfrom append link rename open)))
+(neverallow base_typeattr_104_28_0 base_typeattr_59_28_0 (binder (set_context_mgr)))
+(neverallow servicemanager_28_0 hwbinder_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow servicemanager_28_0 vndbinder_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow hwservicemanager_28_0 binder_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow hwservicemanager_28_0 vndbinder_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow vndservicemanager_28_0 binder_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow vndservicemanager_28_0 hwbinder_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_105_28_0 binder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(neverallow base_typeattr_105_28_0 service_manager_type (service_manager (find)))
+(neverallow base_typeattr_106_28_0 base_typeattr_107_28_0 (service_manager (find)))
+(neverallow base_typeattr_105_28_0 servicemanager_28_0 (binder (call transfer)))
+(neverallow base_typeattr_108_28_0 vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(neverallow ueventd_28_0 vndbinder_device_28_0 (chr_file (ioctl read write append)))
+(neverallow base_typeattr_109_28_0 vndservice_manager_type (service_manager (add find list)))
+(neverallow base_typeattr_109_28_0 vndservicemanager_28_0 (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (udp_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (packet_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (key_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (tun_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (x25_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (rose_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (rds_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (irda_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (llc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (can_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (caif_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (alg_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (smc_socket (connect sendto)))
+(neverallow base_typeattr_110_28_0 base_typeattr_111_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (udp_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (packet_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (key_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (tun_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (x25_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (rose_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (rds_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (irda_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (llc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (can_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (caif_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (alg_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (smc_socket (connect sendto)))
+(neverallow base_typeattr_112_28_0 base_typeattr_113_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (udp_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (packet_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (key_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (tun_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (x25_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (rose_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (rds_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (irda_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (llc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (can_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (caif_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (alg_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (smc_socket (connect sendto)))
+(neverallow base_typeattr_114_28_0 netd_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_115_28_0 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_115_28_0 coredomain_socket (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_115_28_0 unlabeled_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_106_28_0 base_typeattr_116_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_117_28_0 base_typeattr_118_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_119_28_0 base_typeattr_120_28_0 (file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_119_28_0 base_typeattr_120_28_0 (lnk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_119_28_0 base_typeattr_120_28_0 (chr_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_119_28_0 base_typeattr_120_28_0 (blk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_119_28_0 base_typeattr_120_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_119_28_0 base_typeattr_120_28_0 (fifo_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_119_28_0 base_typeattr_121_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_122_28_0 base_typeattr_123_28_0 (file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_122_28_0 base_typeattr_123_28_0 (lnk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_122_28_0 base_typeattr_123_28_0 (chr_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_122_28_0 base_typeattr_123_28_0 (blk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_122_28_0 base_typeattr_123_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_122_28_0 base_typeattr_123_28_0 (fifo_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_124_28_0 base_typeattr_125_28_0 (file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_124_28_0 base_typeattr_125_28_0 (lnk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_124_28_0 base_typeattr_125_28_0 (chr_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_124_28_0 base_typeattr_125_28_0 (blk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_124_28_0 base_typeattr_125_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_124_28_0 base_typeattr_125_28_0 (fifo_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow vendor_init_28_0 unencrypted_data_file_28_0 (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod audit_access)))
+(neverallow base_typeattr_122_28_0 base_typeattr_126_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_124_28_0 base_typeattr_127_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow vendor_init_28_0 unencrypted_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent rmdir open audit_access execmod)))
+(neverallow base_typeattr_128_28_0 system_data_file_28_0 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent rmdir open audit_access execmod)))
+(neverallow base_typeattr_129_28_0 vendor_data_file_28_0 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent rmdir open audit_access execmod)))
+(neverallow base_typeattr_130_28_0 vendor_data_file_28_0 (file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_130_28_0 vendor_data_file_28_0 (lnk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_130_28_0 vendor_data_file_28_0 (chr_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_130_28_0 vendor_data_file_28_0 (blk_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_130_28_0 vendor_data_file_28_0 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_130_28_0 vendor_data_file_28_0 (fifo_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_131_28_0 vendor_app_file_28_0 (dir (read getattr search open)))
+(neverallow base_typeattr_131_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_132_28_0 vendor_overlay_file_28_0 (dir (read getattr search open)))
+(neverallow base_typeattr_132_28_0 vendor_overlay_file_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_133_28_0 vendor_shell_exec_28_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_134_28_0 base_typeattr_135_28_0 (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_136_28_0 base_typeattr_137_28_0 (file (execute)))
+(neverallow base_typeattr_138_28_0 vendor_file_type (file (execute_no_trans)))
+(neverallow base_typeattr_139_28_0 dalvikcache_data_file_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_139_28_0 dalvikcache_data_file_28_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_140_28_0 zygote_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_141_28_0 zygote_socket_28_0 (sock_file (write)))
+(neverallow base_typeattr_142_28_0 webview_zygote_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_141_28_0 webview_zygote_28_0 (sock_file (write)))
+(neverallow base_typeattr_143_28_0 tombstoned_crash_socket_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_144_28_0 tombstoned_intercept_socket_28_0 (sock_file (write)))
+(neverallow base_typeattr_144_28_0 tombstoned_intercept_socket_28_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_59_28_0 base_typeattr_59_28_0 (sem (create destroy getattr setattr read write associate unix_read unix_write)))
+(neverallow base_typeattr_59_28_0 base_typeattr_59_28_0 (msg (send receive)))
+(neverallow base_typeattr_59_28_0 base_typeattr_59_28_0 (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
+(neverallow base_typeattr_59_28_0 base_typeattr_59_28_0 (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
+(neverallow base_typeattr_59_28_0 dev_type (lnk_file (mounton)))
+(neverallow base_typeattr_59_28_0 dev_type (sock_file (mounton)))
+(neverallow base_typeattr_59_28_0 dev_type (fifo_file (mounton)))
+(neverallow base_typeattr_59_28_0 fs_type (lnk_file (mounton)))
+(neverallow base_typeattr_59_28_0 fs_type (sock_file (mounton)))
+(neverallow base_typeattr_59_28_0 fs_type (fifo_file (mounton)))
+(neverallow base_typeattr_59_28_0 file_type (lnk_file (mounton)))
+(neverallow base_typeattr_59_28_0 file_type (sock_file (mounton)))
+(neverallow base_typeattr_59_28_0 file_type (fifo_file (mounton)))
+(neverallow base_typeattr_145_28_0 su_exec_28_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_59_28_0 base_typeattr_146_28_0 (file (execmod)))
+(neverallow base_typeattr_59_28_0 self (process (execstack execheap)))
+(neverallow base_typeattr_147_28_0 file_type (file (execmod)))
+(neverallow base_typeattr_69_28_0 proc_28_0 (file (mounton)))
+(neverallow base_typeattr_69_28_0 proc_28_0 (dir (mounton)))
+(neverallow base_typeattr_148_28_0 domain (process (transition dyntransition)))
+(neverallow base_typeattr_149_28_0 system_data_file_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow installd_28_0 system_data_file_28_0 (file (write create setattr relabelto append link rename execute quotaon mounton execute_no_trans entrypoint execmod audit_access)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (file (create unlink open)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (dir (create unlink open)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (lnk_file (create unlink open)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (chr_file (create unlink open)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (blk_file (create unlink open)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (sock_file (create unlink open)))
+(neverallow base_typeattr_150_28_0 system_app_data_file_28_0 (fifo_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (dir (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (lnk_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (chr_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (blk_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (sock_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_28_0 (fifo_file (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (file (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (dir (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (lnk_file (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (chr_file (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (blk_file (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (sock_file (create unlink open)))
+(neverallow ephemeral_app_28_0 system_app_data_file_28_0 (fifo_file (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (file (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (dir (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (lnk_file (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (chr_file (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (blk_file (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (sock_file (create unlink open)))
+(neverallow isolated_app_28_0 system_app_data_file_28_0 (fifo_file (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (file (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (dir (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (lnk_file (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (chr_file (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (blk_file (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (sock_file (create unlink open)))
+(neverallow priv_app_28_0 system_app_data_file_28_0 (fifo_file (create unlink open)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (file (create unlink)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (dir (create unlink)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (lnk_file (create unlink)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (chr_file (create unlink)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (blk_file (create unlink)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (sock_file (create unlink)))
+(neverallow base_typeattr_151_28_0 app_data_file_28_0 (fifo_file (create unlink)))
+(neverallow base_typeattr_152_28_0 shell_28_0 (process (transition dyntransition)))
+(neverallow base_typeattr_153_28_0 base_typeattr_54_28_0 (process (transition dyntransition)))
+(neverallow base_typeattr_154_28_0 app_data_file_28_0 (lnk_file (read)))
+(neverallow base_typeattr_155_28_0 shell_data_file_28_0 (lnk_file (read)))
+(neverallow base_typeattr_156_28_0 shell_data_file_28_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_157_28_0 shell_data_file_28_0 (dir (search open)))
+(neverallow base_typeattr_158_28_0 shell_data_file_28_0 (file (open)))
+(neverallow base_typeattr_59_28_0 base_typeattr_159_28_0 (service_manager (list)))
+(neverallow base_typeattr_59_28_0 base_typeattr_160_28_0 (hwservice_manager (list)))
+(neverallow base_typeattr_59_28_0 domain (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_161_28_0 debugfs_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_162_28_0 profman_exec_28_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_59_28_0 base_typeattr_163_28_0 (system (module_load)))
+(neverallow base_typeattr_59_28_0 self (capability (setfcap)))
+(neverallow base_typeattr_59_28_0 self (cap_userns (setfcap)))
+(neverallow domain crash_dump_28_0 (process (noatsecure)))
+(neverallow base_typeattr_164_28_0 coredomain_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_59_28_0 same_process_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_165_28_0 vendor_file_28_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans open)))
+(neverallow base_typeattr_166_28_0 self (capability (dac_override)))
+(neverallow base_typeattr_167_28_0 self (capability (dac_read_search)))
+(neverallow domain proc_type (dir (write create link rename add_name remove_name reparent rmdir)))
+(neverallow domain sysfs_type (dir (write create link rename add_name remove_name reparent rmdir)))
+(neverallow domain cgroup_28_0 (file (create)))
+(dontaudit domain proc_type (dir (write)))
+(dontaudit domain sysfs_type (dir (write)))
+(dontaudit domain cgroup_28_0 (file (create)))
+(dontaudit domain proc_type (dir (add_name)))
+(dontaudit domain sysfs_type (dir (add_name)))
+(dontaudit domain proc_type (file (create)))
+(dontaudit domain sysfs_type (file (create)))
+(neverallow base_typeattr_168_28_0 mnt_vendor_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(allow drmserver_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 drmserver_28_0 (dir (search)))
+(allow servicemanager_28_0 drmserver_28_0 (file (read open)))
+(allow servicemanager_28_0 drmserver_28_0 (process (getattr)))
+(allow drmserver_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 drmserver_28_0 (binder (transfer)))
+(allow drmserver_28_0 system_server_28_0 (fd (use)))
+(allow drmserver_28_0 appdomain (binder (call transfer)))
+(allow appdomain drmserver_28_0 (binder (transfer)))
+(allow drmserver_28_0 appdomain (fd (use)))
+(allow drmserver_28_0 system_server_28_0 (fd (use)))
+(allow drmserver_28_0 mediaserver_28_0 (binder (call transfer)))
+(allow mediaserver_28_0 drmserver_28_0 (binder (transfer)))
+(allow drmserver_28_0 mediaserver_28_0 (fd (use)))
+(allow drmserver_28_0 sdcard_type (dir (search)))
+(allow drmserver_28_0 drm_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow drmserver_28_0 drm_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow drmserver_28_0 tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow drmserver_28_0 app_data_file_28_0 (file (read write getattr)))
+(allow drmserver_28_0 sdcard_type (file (read write getattr)))
+(allow drmserver_28_0 efs_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_28_0 efs_file_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 efs_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 apk_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow drmserver_28_0 drmserver_socket_28_0 (sock_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow drmserver_28_0 apk_data_file_28_0 (sock_file (unlink)))
+(allow drmserver_28_0 media_rw_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_28_0 media_rw_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 media_rw_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 apk_data_file_28_0 (file (read getattr)))
+(allow drmserver_28_0 asec_apk_file_28_0 (file (read getattr)))
+(allow drmserver_28_0 ringtone_file_28_0 (file (read getattr)))
+(allow drmserver_28_0 radio_data_file_28_0 (file (read getattr)))
+(allow drmserver_28_0 oemfs_28_0 (dir (search)))
+(allow drmserver_28_0 oemfs_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 drmserver_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_169_28_0 drmserver_service_28_0 (service_manager (add)))
+(allow drmserver_28_0 permission_service_28_0 (service_manager (find)))
+(allow drmserver_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow drmserver_28_0 kernel_28_0 (security (compute_av)))
+(allow drmserver_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow drmserver_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_28_0 system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 dumpstate_28_0 (dir (search)))
+(allow servicemanager_28_0 dumpstate_28_0 (file (read open)))
+(allow servicemanager_28_0 dumpstate_28_0 (process (getattr)))
+(allow dumpstate_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow dumpstate_28_0 self (capability2 (block_suspend)))
+(allow dumpstate_28_0 self (cap2_userns (block_suspend)))
+(allow dumpstate_28_0 self (capability (setgid setuid sys_resource)))
+(allow dumpstate_28_0 self (cap_userns (setgid setuid sys_resource)))
+(allow dumpstate_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 domain (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 domain (lnk_file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 self (capability (kill net_admin net_raw)))
+(allow dumpstate_28_0 self (cap_userns (kill net_admin net_raw)))
+(allow dumpstate_28_0 system_file_28_0 (file (execute_no_trans)))
+(allow dumpstate_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dumpstate_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 self (capability (chown dac_override fowner fsetid)))
+(allow dumpstate_28_0 self (cap_userns (chown dac_override fowner fsetid)))
+(allow dumpstate_28_0 anr_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow dumpstate_28_0 anr_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow dumpstate_28_0 system_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 self (capability2 (syslog)))
+(allow dumpstate_28_0 self (cap2_userns (syslog)))
+(allow dumpstate_28_0 kernel_28_0 (system (syslog_read)))
+(allow dumpstate_28_0 pstorefs_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 domain (process (getattr)))
+(allow dumpstate_28_0 appdomain (process (signal)))
+(allow dumpstate_28_0 system_server_28_0 (process (signal)))
+(allow dumpstate_28_0 hal_audio_server (process (signal)))
+(allow dumpstate_28_0 hal_camera_server (process (signal)))
+(allow dumpstate_28_0 hal_drm_server (process (signal)))
+(allow dumpstate_28_0 hal_bluetooth_server (process (signal)))
+(allow dumpstate_28_0 hal_graphics_composer_server (process (signal)))
+(allow dumpstate_28_0 hal_sensors_server (process (signal)))
+(allow dumpstate_28_0 hal_vr_server (process (signal)))
+(allow dumpstate_28_0 audioserver_28_0 (process (signal)))
+(allow dumpstate_28_0 cameraserver_28_0 (process (signal)))
+(allow dumpstate_28_0 drmserver_28_0 (process (signal)))
+(allow dumpstate_28_0 inputflinger_28_0 (process (signal)))
+(allow dumpstate_28_0 mediacodec_28_0 (process (signal)))
+(allow dumpstate_28_0 mediadrmserver_28_0 (process (signal)))
+(allow dumpstate_28_0 mediaextractor_28_0 (process (signal)))
+(allow dumpstate_28_0 mediametrics_28_0 (process (signal)))
+(allow dumpstate_28_0 mediaserver_28_0 (process (signal)))
+(allow dumpstate_28_0 sdcardd_28_0 (process (signal)))
+(allow dumpstate_28_0 surfaceflinger_28_0 (process (signal)))
+(allow dumpstate_28_0 tombstoned_intercept_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 tombstoned_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 sysfs_dm_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 sysfs_usb_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 sysfs_zram_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 qtaguid_proc_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 debugfs_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 block_device_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 rootfs_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 selinuxfs_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 tmpfs_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 metadata_file_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 storage_file_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 cache_file_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 fuse_device_28_0 (chr_file (getattr)))
+(allow dumpstate_28_0 dm_device_28_0 (blk_file (getattr)))
+(allow dumpstate_28_0 cache_block_device_28_0 (blk_file (getattr)))
+(allow dumpstate_28_0 rootfs_28_0 (lnk_file (read getattr)))
+(allow dumpstate_28_0 cache_file_28_0 (lnk_file (read getattr)))
+(allow dumpstate_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain dumpstate_28_0 (binder (transfer)))
+(allow dumpstate_28_0 binderservicedomain (fd (use)))
+(allow dumpstate_28_0 appdomain (binder (call transfer)))
+(allow dumpstate_28_0 netd_28_0 (binder (call transfer)))
+(allow dumpstate_28_0 wificond_28_0 (binder (call transfer)))
+(allow appdomain dumpstate_28_0 (binder (transfer)))
+(allow netd_28_0 dumpstate_28_0 (binder (transfer)))
+(allow wificond_28_0 dumpstate_28_0 (binder (transfer)))
+(allow dumpstate_28_0 appdomain (fd (use)))
+(allow dumpstate_28_0 netd_28_0 (fd (use)))
+(allow dumpstate_28_0 wificond_28_0 (fd (use)))
+(allow dumpstate_28_0 self (capability (sys_ptrace)))
+(allow dumpstate_28_0 self (cap_userns (sys_ptrace)))
+(allow dumpstate_28_0 shell_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow dumpstate_28_0 shell_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow dumpstate_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dumpstate_28_0 zygote_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dumpstate_28_0 ashmem_device_28_0 (chr_file (execute)))
+(allow dumpstate_28_0 self (process (execmem)))
+(allow dumpstate_28_0 dalvikcache_data_file_28_0 (dir (getattr search)))
+(allow dumpstate_28_0 dalvikcache_data_file_28_0 (file (ioctl read getattr lock map execute open)))
+(allow dumpstate_28_0 dalvikcache_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 bluetooth_data_file_28_0 (dir (search)))
+(allow dumpstate_28_0 bluetooth_logs_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 bluetooth_logs_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow dumpstate_28_0 logcat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow dumpstate_28_0 logdr_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 logd_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 runtime_event_log_tags_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_qtaguid_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_buddyinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_modules_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_pagetypeinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_pipe_conf_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_version_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_vmallocinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_vmstat_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 net_data_file_28_0 (dir (search)))
+(allow dumpstate_28_0 net_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 self (netlink_tcpdiag_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read)))
+(allow dumpstate_28_0 tombstone_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 tombstone_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 cache_recovery_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 cache_recovery_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 recovery_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 recovery_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 update_engine_log_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 update_engine_log_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 user_profile_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 user_profile_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 misc_logd_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_28_0 misc_logd_file_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 base_typeattr_170_28_0 (service_manager (find)))
+(dontaudit dumpstate_28_0 dumpstate_service_28_0 (service_manager (find)))
+(dontaudit dumpstate_28_0 gatekeeper_service_28_0 (service_manager (find)))
+(dontaudit dumpstate_28_0 incident_service_28_0 (service_manager (find)))
+(dontaudit dumpstate_28_0 virtual_touchpad_service_28_0 (service_manager (find)))
+(dontaudit dumpstate_28_0 vold_service_28_0 (service_manager (find)))
+(dontaudit dumpstate_28_0 vr_hwc_service_28_0 (service_manager (find)))
+(allow dumpstate_28_0 servicemanager_28_0 (service_manager (list)))
+(allow dumpstate_28_0 hwservicemanager_28_0 (hwservice_manager (list)))
+(allow dumpstate_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow dumpstate_28_0 property_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 dumpstate_prop_28_0 (property_service (set)))
+(allow dumpstate_28_0 dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 property_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 exported_dumpstate_prop_28_0 (property_service (set)))
+(allow dumpstate_28_0 exported_dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 property_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 dumpstate_options_prop_28_0 (property_service (set)))
+(allow dumpstate_28_0 dumpstate_options_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 property_type (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 media_rw_data_file_28_0 (dir (getattr)))
+(allow dumpstate_28_0 proc_interrupts_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_zoneinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 dumpstate_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_171_28_0 dumpstate_service_28_0 (service_manager (add)))
+(allow dumpstate_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 proc_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow dumpstate_28_0 installd_28_0 (binder (call transfer)))
+(allow installd_28_0 dumpstate_28_0 (binder (transfer)))
+(allow dumpstate_28_0 installd_28_0 (fd (use)))
+(allow dumpstate_28_0 self (netlink_xfrm_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read)))
+(allow dumpstate_28_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow dumpstate_28_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow dumpstate_28_0 property_socket_28_0 (sock_file (write)))
+(allow dumpstate_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow dumpstate_28_0 ctl_dumpstate_prop_28_0 (property_service (set)))
+(allow dumpstate_28_0 ctl_dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow dumpstate_28_0 base_typeattr_59_28_0 (process (ptrace)))
+(neverallow base_typeattr_172_28_0 dumpstate_service_28_0 (service_manager (find)))
+(allow e2fs_28_0 devpts_28_0 (chr_file (ioctl read write getattr)))
+(allow e2fs_28_0 dev_type (blk_file (getattr)))
+(allow e2fs_28_0 block_device_28_0 (dir (search)))
+(allow e2fs_28_0 userdata_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow e2fs_28_0 metadata_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow e2fs_28_0 proc_filesystems_28_0 (file (ioctl read getattr lock map open)))
+(allow e2fs_28_0 proc_mounts_28_0 (file (ioctl read getattr lock map open)))
+(allow e2fs_28_0 proc_swaps_28_0 (file (ioctl read getattr lock map open)))
+(allow e2fs_28_0 sysfs_fs_ext4_features_28_0 (dir (search)))
+(allow e2fs_28_0 sysfs_fs_ext4_features_28_0 (file (ioctl read getattr lock map open)))
+(allow e2fs_28_0 file_contexts_file_28_0 (file (read getattr open)))
+(dontaudit su_28_0 pdx_display_client_endpoint_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_client_channel_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_manager_endpoint_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_manager_channel_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_screenshot_endpoint_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_screenshot_channel_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_vsync_endpoint_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_display_vsync_channel_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_performance_client_endpoint_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_performance_client_channel_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_bufferhub_client_endpoint_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 pdx_bufferhub_client_channel_socket_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(allow fs_type self (filesystem (associate)))
+(allow cgroup_28_0 tmpfs_28_0 (filesystem (associate)))
+(allow cgroup_bpf_28_0 tmpfs_28_0 (filesystem (associate)))
+(allow sysfs_type sysfs_28_0 (filesystem (associate)))
+(allow debugfs_type debugfs_28_0 (filesystem (associate)))
+(allow debugfs_type debugfs_tracing_28_0 (filesystem (associate)))
+(allow debugfs_type debugfs_tracing_debug_28_0 (filesystem (associate)))
+(allow file_type labeledfs_28_0 (filesystem (associate)))
+(allow file_type tmpfs_28_0 (filesystem (associate)))
+(allow file_type rootfs_28_0 (filesystem (associate)))
+(allow dev_type tmpfs_28_0 (filesystem (associate)))
+(allow app_fuse_file_28_0 app_fusefs_28_0 (filesystem (associate)))
+(allow postinstall_file_28_0 self (filesystem (associate)))
+(neverallow fs_type file_type (filesystem (associate)))
+(allow fingerprintd_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 fingerprintd_28_0 (dir (search)))
+(allow servicemanager_28_0 fingerprintd_28_0 (file (read open)))
+(allow servicemanager_28_0 fingerprintd_28_0 (process (getattr)))
+(allow fingerprintd_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow fingerprintd_28_0 fingerprintd_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_173_28_0 fingerprintd_service_28_0 (service_manager (add)))
+(allow fingerprintd_28_0 fingerprintd_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow fingerprintd_28_0 fingerprintd_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow keystore_28_0 fingerprintd_28_0 (dir (search)))
+(allow keystore_28_0 fingerprintd_28_0 (file (read open)))
+(allow keystore_28_0 fingerprintd_28_0 (process (getattr)))
+(allow fingerprintd_28_0 keystore_service_28_0 (service_manager (find)))
+(allow fingerprintd_28_0 keystore_28_0 (binder (call transfer)))
+(allow keystore_28_0 fingerprintd_28_0 (binder (transfer)))
+(allow fingerprintd_28_0 keystore_28_0 (fd (use)))
+(allow keystore_28_0 fingerprintd_28_0 (binder (call transfer)))
+(allow fingerprintd_28_0 keystore_28_0 (binder (transfer)))
+(allow keystore_28_0 fingerprintd_28_0 (fd (use)))
+(allow fingerprintd_28_0 keystore_28_0 (keystore_key (add_auth)))
+(allow fingerprintd_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 fingerprintd_28_0 (binder (transfer)))
+(allow fingerprintd_28_0 system_server_28_0 (fd (use)))
+(allow fingerprintd_28_0 permission_service_28_0 (service_manager (find)))
+(allow fingerprintd_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow fsck_28_0 tmpfs_28_0 (chr_file (ioctl read write)))
+(allow fsck_28_0 devpts_28_0 (chr_file (ioctl read write getattr)))
+(allow fsck_28_0 vold_28_0 (fd (use)))
+(allow fsck_28_0 vold_28_0 (fifo_file (read write getattr)))
+(allow fsck_28_0 block_device_28_0 (dir (search)))
+(allow fsck_28_0 userdata_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow fsck_28_0 cache_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow fsck_28_0 dm_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow fsck_28_0 dev_type (blk_file (getattr)))
+(allow fsck_28_0 proc_mounts_28_0 (file (ioctl read getattr lock map open)))
+(allow fsck_28_0 proc_swaps_28_0 (file (ioctl read getattr lock map open)))
+(allow fsck_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(neverallow fsck_28_0 vold_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_28_0 root_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_28_0 frp_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_28_0 system_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_28_0 recovery_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_28_0 boot_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_28_0 swap_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_174_28_0 fsck_28_0 (process (transition)))
+(neverallow base_typeattr_59_28_0 fsck_28_0 (process (dyntransition)))
+(neverallow fsck_28_0 base_typeattr_175_28_0 (file (entrypoint)))
+(allow fsck_untrusted_28_0 devpts_28_0 (chr_file (ioctl read write getattr)))
+(allow fsck_untrusted_28_0 vold_28_0 (fd (use)))
+(allow fsck_untrusted_28_0 vold_28_0 (fifo_file (read write getattr)))
+(allow fsck_untrusted_28_0 block_device_28_0 (dir (search)))
+(allow fsck_untrusted_28_0 vold_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow fsck_untrusted_28_0 proc_mounts_28_0 (file (ioctl read getattr lock map open)))
+(allow fsck_untrusted_28_0 dev_type (blk_file (getattr)))
+(neverallow fsck_untrusted_28_0 dm_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 root_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 frp_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 system_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 recovery_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 boot_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 userdata_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 cache_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 swap_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_28_0 metadata_block_device_28_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_176_28_0 fsck_untrusted_28_0 (process (transition)))
+(neverallow base_typeattr_59_28_0 fsck_untrusted_28_0 (process (dyntransition)))
+(neverallow fsck_untrusted_28_0 base_typeattr_175_28_0 (file (entrypoint)))
+(allow gatekeeperd_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 gatekeeperd_28_0 (dir (search)))
+(allow servicemanager_28_0 gatekeeperd_28_0 (file (read open)))
+(allow servicemanager_28_0 gatekeeperd_28_0 (process (getattr)))
+(allow gatekeeperd_28_0 tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow gatekeeperd_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow gatekeeperd_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow gatekeeperd_28_0 gatekeeper_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_177_28_0 gatekeeper_service_28_0 (service_manager (add)))
+(allow keystore_28_0 gatekeeperd_28_0 (dir (search)))
+(allow keystore_28_0 gatekeeperd_28_0 (file (read open)))
+(allow keystore_28_0 gatekeeperd_28_0 (process (getattr)))
+(allow gatekeeperd_28_0 keystore_service_28_0 (service_manager (find)))
+(allow gatekeeperd_28_0 keystore_28_0 (binder (call transfer)))
+(allow keystore_28_0 gatekeeperd_28_0 (binder (transfer)))
+(allow gatekeeperd_28_0 keystore_28_0 (fd (use)))
+(allow keystore_28_0 gatekeeperd_28_0 (binder (call transfer)))
+(allow gatekeeperd_28_0 keystore_28_0 (binder (transfer)))
+(allow keystore_28_0 gatekeeperd_28_0 (fd (use)))
+(allow gatekeeperd_28_0 keystore_28_0 (keystore_key (add_auth)))
+(allow gatekeeperd_28_0 system_server_28_0 (binder (call)))
+(allow gatekeeperd_28_0 permission_service_28_0 (service_manager (find)))
+(allow gatekeeperd_28_0 gatekeeper_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow gatekeeperd_28_0 gatekeeper_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow gatekeeperd_28_0 hardware_properties_service_28_0 (service_manager (find)))
+(allow gatekeeperd_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow gatekeeperd_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow gatekeeperd_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_allocator_client hal_allocator_server (binder (call transfer)))
+(allow hal_allocator_server hal_allocator_client (binder (transfer)))
+(allow hal_allocator_client hal_allocator_server (fd (use)))
+(allow hal_allocator_server hidl_allocator_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_allocator_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_178_28_0 hidl_allocator_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_allocator_client hidl_allocator_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_allocator_client hidl_memory_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_audio_client hal_audio_server (binder (call transfer)))
+(allow hal_audio_server hal_audio_client (binder (transfer)))
+(allow hal_audio_client hal_audio_server (fd (use)))
+(allow hal_audio_server hal_audio_client (binder (call transfer)))
+(allow hal_audio_client hal_audio_server (binder (transfer)))
+(allow hal_audio_server hal_audio_client (fd (use)))
+(allow hal_audio_server hal_audio_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_audio_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_179_28_0 hal_audio_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_audio_client hal_audio_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_audio ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_audio proc_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_audio proc_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_audio proc_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_audio proc_asound_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_audio proc_asound_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_audio proc_asound_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_audio_server audio_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_audio_server audio_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_audio shell_28_0 (fd (use)))
+(allow hal_audio shell_28_0 (fifo_file (write)))
+(allow hal_audio dumpstate_28_0 (fd (use)))
+(allow hal_audio dumpstate_28_0 (fifo_file (write)))
+(allow hal_audio vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_audio vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_audio (dir (search)))
+(allow vndservicemanager_28_0 hal_audio (file (read open)))
+(allow vndservicemanager_28_0 hal_audio (process (getattr)))
+(neverallow hal_audio_server fs_type (file (execute_no_trans)))
+(neverallow hal_audio_server file_type (file (execute_no_trans)))
+(neverallow hal_audio_server domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow hal_audio_server domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_audio_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_180_28_0 audio_device_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow hal_audio bluetooth_a2dp_offload_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_audiocontrol_client hal_audiocontrol_server (binder (call transfer)))
+(allow hal_audiocontrol_server hal_audiocontrol_client (binder (transfer)))
+(allow hal_audiocontrol_client hal_audiocontrol_server (fd (use)))
+(allow hal_audiocontrol_server hal_audiocontrol_client (binder (call transfer)))
+(allow hal_audiocontrol_client hal_audiocontrol_server (binder (transfer)))
+(allow hal_audiocontrol_server hal_audiocontrol_client (fd (use)))
+(allow hal_audiocontrol_server hal_audiocontrol_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_audiocontrol_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_181_28_0 hal_audiocontrol_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_audiocontrol_client hal_audiocontrol_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_authsecret_client hal_authsecret_server (binder (call transfer)))
+(allow hal_authsecret_server hal_authsecret_client (binder (transfer)))
+(allow hal_authsecret_client hal_authsecret_server (fd (use)))
+(allow hal_authsecret_server hal_authsecret_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_authsecret_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_182_28_0 hal_authsecret_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_authsecret_client hal_authsecret_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_bluetooth_client hal_bluetooth_server (binder (call transfer)))
+(allow hal_bluetooth_server hal_bluetooth_client (binder (transfer)))
+(allow hal_bluetooth_client hal_bluetooth_server (fd (use)))
+(allow hal_bluetooth_server hal_bluetooth_client (binder (call transfer)))
+(allow hal_bluetooth_client hal_bluetooth_server (binder (transfer)))
+(allow hal_bluetooth_server hal_bluetooth_client (fd (use)))
+(allow hal_bluetooth_server hal_bluetooth_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_bluetooth_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_183_28_0 hal_bluetooth_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_bluetooth_client hal_bluetooth_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_bluetooth sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_bluetooth self (capability2 (block_suspend)))
+(allow hal_bluetooth self (cap2_userns (block_suspend)))
+(allow hal_bluetooth self (capability (net_admin)))
+(allow hal_bluetooth self (cap_userns (net_admin)))
+(allow hal_bluetooth bluetooth_efs_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_bluetooth bluetooth_efs_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_bluetooth bluetooth_efs_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_bluetooth uhid_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_bluetooth hci_attach_dev_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_bluetooth sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_bluetooth sysfs_type (file (ioctl read getattr lock map open)))
+(allow hal_bluetooth sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow hal_bluetooth sysfs_bluetooth_writable_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_bluetooth self (capability2 (wake_alarm)))
+(allow hal_bluetooth self (cap2_userns (wake_alarm)))
+(allow hal_bluetooth property_socket_28_0 (sock_file (write)))
+(allow hal_bluetooth init_28_0 (unix_stream_socket (connectto)))
+(allow hal_bluetooth bluetooth_a2dp_offload_prop_28_0 (property_service (set)))
+(allow hal_bluetooth bluetooth_a2dp_offload_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_bluetooth property_socket_28_0 (sock_file (write)))
+(allow hal_bluetooth init_28_0 (unix_stream_socket (connectto)))
+(allow hal_bluetooth bluetooth_prop_28_0 (property_service (set)))
+(allow hal_bluetooth bluetooth_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_bluetooth property_socket_28_0 (sock_file (write)))
+(allow hal_bluetooth init_28_0 (unix_stream_socket (connectto)))
+(allow hal_bluetooth exported_bluetooth_prop_28_0 (property_service (set)))
+(allow hal_bluetooth exported_bluetooth_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_bluetooth proc_bluetooth_writable_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_bluetooth self (capability (sys_nice)))
+(allow hal_bluetooth self (cap_userns (sys_nice)))
+(allow hal_bootctl_client hal_bootctl_server (binder (call transfer)))
+(allow hal_bootctl_server hal_bootctl_client (binder (transfer)))
+(allow hal_bootctl_client hal_bootctl_server (fd (use)))
+(allow hal_bootctl_server hal_bootctl_client (binder (call transfer)))
+(allow hal_bootctl_client hal_bootctl_server (binder (transfer)))
+(allow hal_bootctl_server hal_bootctl_client (fd (use)))
+(allow hal_bootctl_server hal_bootctl_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_bootctl_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_184_28_0 hal_bootctl_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_bootctl_client hal_bootctl_hwservice_28_0 (hwservice_manager (find)))
+(dontaudit hal_bootctl self (capability (sys_rawio)))
+(allow hal_broadcastradio_client hal_broadcastradio_server (binder (call transfer)))
+(allow hal_broadcastradio_server hal_broadcastradio_client (binder (transfer)))
+(allow hal_broadcastradio_client hal_broadcastradio_server (fd (use)))
+(allow hal_broadcastradio_server hal_broadcastradio_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_broadcastradio_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_185_28_0 hal_broadcastradio_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_broadcastradio_client hal_broadcastradio_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_camera_client hal_camera_server (binder (call transfer)))
+(allow hal_camera_server hal_camera_client (binder (transfer)))
+(allow hal_camera_client hal_camera_server (fd (use)))
+(allow hal_camera_server hal_camera_client (binder (call transfer)))
+(allow hal_camera_client hal_camera_server (binder (transfer)))
+(allow hal_camera_server hal_camera_client (fd (use)))
+(allow hal_camera_server hal_camera_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_camera_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_186_28_0 hal_camera_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_camera_client hal_camera_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_camera device_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_camera video_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_camera video_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_camera camera_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_camera ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_camera_client hal_graphics_allocator (fd (use)))
+(allow hal_camera_server hal_graphics_allocator (fd (use)))
+(allow hal_camera base_typeattr_43_28_0 (fd (use)))
+(allow hal_camera surfaceflinger_28_0 (fd (use)))
+(allow hal_camera hal_allocator_server (fd (use)))
+(neverallow hal_camera_server fs_type (file (execute_no_trans)))
+(neverallow hal_camera_server file_type (file (execute_no_trans)))
+(neverallow hal_camera_server domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow hal_camera_server domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_camera_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_187_28_0 camera_device_28_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow hal_cas_client hal_cas_server (binder (call transfer)))
+(allow hal_cas_server hal_cas_client (binder (transfer)))
+(allow hal_cas_client hal_cas_server (fd (use)))
+(allow hal_cas_server hal_cas_client (binder (call transfer)))
+(allow hal_cas_client hal_cas_server (binder (transfer)))
+(allow hal_cas_server hal_cas_client (fd (use)))
+(allow hal_cas_server hal_cas_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_cas_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_188_28_0 hal_cas_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_cas_client hal_cas_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_cas_server hidl_memory_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_cas_server serialno_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_cas system_data_file_28_0 (file (read getattr)))
+(allow hal_cas cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_cas cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_cas cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_cas cgroup_28_0 (dir (write search)))
+(allow hal_cas cgroup_28_0 (file (write lock append map open)))
+(allow hal_cas ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_cas hal_graphics_allocator (fd (use)))
+(allow hal_cas tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(neverallow hal_cas_server fs_type (file (execute_no_trans)))
+(neverallow hal_cas_server file_type (file (execute_no_trans)))
+(neverallowx hal_cas_server domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx hal_cas_server domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx hal_cas_server domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx hal_cas_server domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_cas_server domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_cas_server domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_cas_server domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx hal_cas_server domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx hal_cas_server domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_configstore_client hal_configstore_server (binder (call transfer)))
+(allow hal_configstore_server hal_configstore_client (binder (transfer)))
+(allow hal_configstore_client hal_configstore_server (fd (use)))
+(allow hal_configstore_client hal_configstore_ISurfaceFlingerConfigs_28_0 (hwservice_manager (find)))
+(allow hal_configstore_server hal_configstore_ISurfaceFlingerConfigs_28_0 (hwservice_manager (add find)))
+(allow hal_configstore_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_189_28_0 hal_configstore_ISurfaceFlingerConfigs_28_0 (hwservice_manager (add)))
+(allow hal_configstore_server su_28_0 (fifo_file (append)))
+(allow hal_configstore_server anr_data_file_28_0 (file (append)))
+(allow hal_configstore_server dumpstate_28_0 (fd (use)))
+(allow hal_configstore_server incidentd_28_0 (fd (use)))
+(allow hal_configstore_server dumpstate_28_0 (fifo_file (write append)))
+(allow hal_configstore_server incidentd_28_0 (fifo_file (write append)))
+(allow hal_configstore_server system_server_28_0 (fifo_file (write append)))
+(allow hal_configstore_server tombstoned_28_0 (unix_stream_socket (connectto)))
+(allow hal_configstore_server tombstoned_28_0 (fd (use)))
+(allow hal_configstore_server tombstoned_crash_socket_28_0 (sock_file (write)))
+(allow hal_configstore_server tombstone_data_file_28_0 (file (append)))
+(neverallow hal_configstore_server fs_type (file (execute_no_trans)))
+(neverallow hal_configstore_server file_type (file (execute_no_trans)))
+(neverallow hal_configstore_server domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow hal_configstore_server domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_configstore_server domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_configstore_server domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow hal_configstore_server domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow hal_configstore_server domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow hal_configstore_server domain (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow hal_configstore_server domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow hal_configstore_server domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server base_typeattr_190_28_0 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(neverallow hal_configstore_server base_typeattr_190_28_0 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server base_typeattr_191_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow hal_configstore_server base_typeattr_191_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow hal_configstore_server base_typeattr_191_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow hal_configstore_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_configstore_server fuse_28_0 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_configstore_server sdcardfs_28_0 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_configstore_server vfat_28_0 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_configstore_server exfat_28_0 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_configstore_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow hal_configstore_server fuse_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow hal_configstore_server sdcardfs_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow hal_configstore_server vfat_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow hal_configstore_server exfat_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (service_manager (add find list)))
+(neverallow hal_configstore_server self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow hal_configstore_server self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(neverallow hal_configstore_server self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow hal_configstore_server self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (process (ptrace)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (dir (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (lnk_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (chr_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (blk_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (sock_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_59_28_0 (fifo_file (relabelfrom relabelto)))
+(allow hal_confirmationui_client hal_confirmationui_server (binder (call transfer)))
+(allow hal_confirmationui_server hal_confirmationui_client (binder (transfer)))
+(allow hal_confirmationui_client hal_confirmationui_server (fd (use)))
+(allow hal_confirmationui_server hal_confirmationui_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_confirmationui_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_192_28_0 hal_confirmationui_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_confirmationui_client hal_confirmationui_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_contexthub_client hal_contexthub_server (binder (call transfer)))
+(allow hal_contexthub_server hal_contexthub_client (binder (transfer)))
+(allow hal_contexthub_client hal_contexthub_server (fd (use)))
+(allow hal_contexthub_server hal_contexthub_client (binder (call transfer)))
+(allow hal_contexthub_client hal_contexthub_server (binder (transfer)))
+(allow hal_contexthub_server hal_contexthub_client (fd (use)))
+(allow hal_contexthub_server hal_contexthub_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_contexthub_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_193_28_0 hal_contexthub_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_contexthub_client hal_contexthub_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_drm_client hal_drm_server (binder (call transfer)))
+(allow hal_drm_server hal_drm_client (binder (transfer)))
+(allow hal_drm_client hal_drm_server (fd (use)))
+(allow hal_drm_server hal_drm_client (binder (call transfer)))
+(allow hal_drm_client hal_drm_server (binder (transfer)))
+(allow hal_drm_server hal_drm_client (fd (use)))
+(allow hal_drm_server hal_drm_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_drm_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_194_28_0 hal_drm_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_drm_client hal_drm_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_drm hidl_memory_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_drm self (process (execmem)))
+(allow hal_drm serialno_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_drm system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_drm system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_drm system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_drm system_data_file_28_0 (file (read getattr)))
+(allow hal_drm cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_drm cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_drm cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_drm cgroup_28_0 (dir (write search)))
+(allow hal_drm cgroup_28_0 (file (write lock append map open)))
+(allow hal_drm ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_drm hal_graphics_allocator (fd (use)))
+(allow hal_drm mediaserver_28_0 (fd (use)))
+(allow hal_drm sysfs_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_drm tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allowx hal_drm self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_drm self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_drm self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_drm self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx hal_drm self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx hal_drm self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx hal_drm self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx hal_drm self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx hal_drm self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(neverallow hal_drm_server fs_type (file (execute_no_trans)))
+(neverallow hal_drm_server file_type (file (execute_no_trans)))
+(neverallowx hal_drm_server domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx hal_drm_server domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx hal_drm_server domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx hal_drm_server domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_drm_server domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_drm_server domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_drm_server domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx hal_drm_server domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx hal_drm_server domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_dumpstate_client hal_dumpstate_server (binder (call transfer)))
+(allow hal_dumpstate_server hal_dumpstate_client (binder (transfer)))
+(allow hal_dumpstate_client hal_dumpstate_server (fd (use)))
+(allow hal_dumpstate_server hal_dumpstate_client (binder (call transfer)))
+(allow hal_dumpstate_client hal_dumpstate_server (binder (transfer)))
+(allow hal_dumpstate_server hal_dumpstate_client (fd (use)))
+(allow hal_dumpstate_server hal_dumpstate_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_dumpstate_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_195_28_0 hal_dumpstate_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_dumpstate_client hal_dumpstate_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_dumpstate shell_data_file_28_0 (file (write)))
+(allow hal_dumpstate proc_interrupts_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_evs_client hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 hal_evs_client (binder (call transfer)))
+(allow hwservicemanager_28_0 hal_evs_client (dir (search)))
+(allow hwservicemanager_28_0 hal_evs_client (file (read open)))
+(allow hwservicemanager_28_0 hal_evs_client (process (getattr)))
+(allow hal_evs_server hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 hal_evs_server (binder (call transfer)))
+(allow hwservicemanager_28_0 hal_evs_server (dir (search)))
+(allow hwservicemanager_28_0 hal_evs_server (file (read open)))
+(allow hwservicemanager_28_0 hal_evs_server (process (getattr)))
+(allow hal_evs_client hal_evs_server (binder (call transfer)))
+(allow hal_evs_server hal_evs_client (binder (transfer)))
+(allow hal_evs_client hal_evs_server (fd (use)))
+(allow hal_evs_server hal_evs_client (binder (call transfer)))
+(allow hal_evs_client hal_evs_server (binder (transfer)))
+(allow hal_evs_server hal_evs_client (fd (use)))
+(allow hal_fingerprint_client hal_fingerprint_server (binder (call transfer)))
+(allow hal_fingerprint_server hal_fingerprint_client (binder (transfer)))
+(allow hal_fingerprint_client hal_fingerprint_server (fd (use)))
+(allow hal_fingerprint_server hal_fingerprint_client (binder (call transfer)))
+(allow hal_fingerprint_client hal_fingerprint_server (binder (transfer)))
+(allow hal_fingerprint_server hal_fingerprint_client (fd (use)))
+(allow hal_fingerprint_server hal_fingerprint_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_fingerprint_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_196_28_0 hal_fingerprint_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_fingerprint_client hal_fingerprint_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_fingerprint ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_fingerprint fingerprint_vendor_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_fingerprint fingerprint_vendor_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow hal_fingerprint cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_fingerprint cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_fingerprint cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_fingerprint sysfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_fingerprint sysfs_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_fingerprint sysfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_gatekeeper_client hal_gatekeeper_server (binder (call transfer)))
+(allow hal_gatekeeper_server hal_gatekeeper_client (binder (transfer)))
+(allow hal_gatekeeper_client hal_gatekeeper_server (fd (use)))
+(allow hal_gatekeeper_server hal_gatekeeper_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_gatekeeper_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_197_28_0 hal_gatekeeper_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_gatekeeper_client hal_gatekeeper_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_gatekeeper tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_gatekeeper ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_gnss_client hal_gnss_server (binder (call transfer)))
+(allow hal_gnss_server hal_gnss_client (binder (transfer)))
+(allow hal_gnss_client hal_gnss_server (fd (use)))
+(allow hal_gnss_server hal_gnss_client (binder (call transfer)))
+(allow hal_gnss_client hal_gnss_server (binder (transfer)))
+(allow hal_gnss_server hal_gnss_client (fd (use)))
+(allow hal_gnss_server hal_gnss_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_gnss_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_198_28_0 hal_gnss_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_gnss_client hal_gnss_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_graphics_allocator_client hal_graphics_allocator_server (binder (call transfer)))
+(allow hal_graphics_allocator_server hal_graphics_allocator_client (binder (transfer)))
+(allow hal_graphics_allocator_client hal_graphics_allocator_server (fd (use)))
+(allow hal_graphics_allocator_server hal_graphics_allocator_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_graphics_allocator_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_199_28_0 hal_graphics_allocator_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_graphics_allocator_client hal_graphics_allocator_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_graphics_allocator_client hal_graphics_mapper_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_graphics_allocator gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_graphics_allocator ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_graphics_allocator self (capability (sys_nice)))
+(allow hal_graphics_allocator self (cap_userns (sys_nice)))
+(allow hal_graphics_composer_client hal_graphics_composer_server (binder (call transfer)))
+(allow hal_graphics_composer_server hal_graphics_composer_client (binder (transfer)))
+(allow hal_graphics_composer_client hal_graphics_composer_server (fd (use)))
+(allow hal_graphics_composer_server hal_graphics_composer_client (binder (call transfer)))
+(allow hal_graphics_composer_client hal_graphics_composer_server (binder (transfer)))
+(allow hal_graphics_composer_server hal_graphics_composer_client (fd (use)))
+(allow hal_graphics_composer_server hal_graphics_composer_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_graphics_composer_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_200_28_0 hal_graphics_composer_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_graphics_composer_client hal_graphics_composer_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_graphics_composer_server hal_graphics_mapper_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_graphics_composer gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_graphics_composer ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_graphics_composer hal_graphics_allocator (fd (use)))
+(allow hal_graphics_composer graphics_device_28_0 (dir (search)))
+(allow hal_graphics_composer graphics_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_graphics_composer system_server_28_0 (fd (use)))
+(allow hal_graphics_composer bootanim_28_0 (fd (use)))
+(allow hal_graphics_composer appdomain (fd (use)))
+(allow hal_graphics_composer self (capability (sys_nice)))
+(allow hal_graphics_composer self (cap_userns (sys_nice)))
+(allow hal_health_client hal_health_server (binder (call transfer)))
+(allow hal_health_server hal_health_client (binder (transfer)))
+(allow hal_health_client hal_health_server (fd (use)))
+(allow hal_health_server hal_health_client (binder (call transfer)))
+(allow hal_health_client hal_health_server (binder (transfer)))
+(allow hal_health_server hal_health_client (fd (use)))
+(allow hal_health_server hal_health_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_health_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_201_28_0 hal_health_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_health_client hal_health_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_health system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_health system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_health system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_health_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_health_server sysfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_health_server sysfs_batteryinfo_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_health_server sysfs_batteryinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_health_server sysfs_batteryinfo_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_health_server sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_health_server self (capability2 (block_suspend)))
+(allow hal_health_server self (cap2_userns (block_suspend)))
+(allow hal_health_server kmsg_device_28_0 (chr_file (write lock append map open)))
+(allow hal_ir_client hal_ir_server (binder (call transfer)))
+(allow hal_ir_server hal_ir_client (binder (transfer)))
+(allow hal_ir_client hal_ir_server (fd (use)))
+(allow hal_ir_server hal_ir_client (binder (call transfer)))
+(allow hal_ir_client hal_ir_server (binder (transfer)))
+(allow hal_ir_server hal_ir_client (fd (use)))
+(allow hal_ir_server hal_ir_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_ir_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_202_28_0 hal_ir_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_ir_client hal_ir_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_keymaster_client hal_keymaster_server (binder (call transfer)))
+(allow hal_keymaster_server hal_keymaster_client (binder (transfer)))
+(allow hal_keymaster_client hal_keymaster_server (fd (use)))
+(allow hal_keymaster_server hal_keymaster_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_keymaster_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_203_28_0 hal_keymaster_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_keymaster_client hal_keymaster_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_keymaster tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_keymaster ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_light_client hal_light_server (binder (call transfer)))
+(allow hal_light_server hal_light_client (binder (transfer)))
+(allow hal_light_client hal_light_server (fd (use)))
+(allow hal_light_server hal_light_client (binder (call transfer)))
+(allow hal_light_client hal_light_server (binder (transfer)))
+(allow hal_light_server hal_light_client (fd (use)))
+(allow hal_light_server hal_light_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_light_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_204_28_0 hal_light_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_light_client hal_light_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_light sysfs_leds_28_0 (lnk_file (read)))
+(allow hal_light sysfs_leds_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_light sysfs_leds_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_lowpan_client hal_lowpan_server (binder (call transfer)))
+(allow hal_lowpan_server hal_lowpan_client (binder (transfer)))
+(allow hal_lowpan_client hal_lowpan_server (fd (use)))
+(allow hal_lowpan_server hal_lowpan_client (binder (call transfer)))
+(allow hal_lowpan_client hal_lowpan_server (binder (transfer)))
+(allow hal_lowpan_server hal_lowpan_client (fd (use)))
+(allow hal_lowpan_server hal_lowpan_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_lowpan_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_205_28_0 hal_lowpan_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_lowpan_client hal_lowpan_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_lowpan_server property_socket_28_0 (sock_file (write)))
+(allow hal_lowpan_server init_28_0 (unix_stream_socket (connectto)))
+(allow hal_lowpan_server lowpan_prop_28_0 (property_service (set)))
+(allow hal_lowpan_server lowpan_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_lowpan_server lowpan_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(neverallow base_typeattr_206_28_0 lowpan_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow hal_memtrack_client hal_memtrack_server (binder (call transfer)))
+(allow hal_memtrack_server hal_memtrack_client (binder (transfer)))
+(allow hal_memtrack_client hal_memtrack_server (fd (use)))
+(allow hal_memtrack_server hal_memtrack_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_memtrack_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_207_28_0 hal_memtrack_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_memtrack_client hal_memtrack_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_neuralnetworks_client hal_neuralnetworks_server (binder (call transfer)))
+(allow hal_neuralnetworks_server hal_neuralnetworks_client (binder (transfer)))
+(allow hal_neuralnetworks_client hal_neuralnetworks_server (fd (use)))
+(allow hal_neuralnetworks_server hal_neuralnetworks_client (binder (call transfer)))
+(allow hal_neuralnetworks_client hal_neuralnetworks_server (binder (transfer)))
+(allow hal_neuralnetworks_server hal_neuralnetworks_client (fd (use)))
+(allow hal_neuralnetworks_server hal_neuralnetworks_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_neuralnetworks_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_208_28_0 hal_neuralnetworks_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_neuralnetworks_client hal_neuralnetworks_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_neuralnetworks hidl_memory_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_neuralnetworks hal_allocator (fd (use)))
+(neverallow base_typeattr_209_28_0 self (capability (net_admin net_raw)))
+(neverallow base_typeattr_209_28_0 self (cap_userns (net_admin net_raw)))
+(neverallow base_typeattr_210_28_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow base_typeattr_210_28_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_210_28_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_211_28_0 fs_type (file (execute_no_trans)))
+(neverallow base_typeattr_211_28_0 file_type (file (execute_no_trans)))
+(neverallow base_typeattr_69_28_0 halserverdomain (process (transition)))
+(neverallow base_typeattr_59_28_0 halserverdomain (process (dyntransition)))
+(allow hal_nfc_client hal_nfc_server (binder (call transfer)))
+(allow hal_nfc_server hal_nfc_client (binder (transfer)))
+(allow hal_nfc_client hal_nfc_server (fd (use)))
+(allow hal_nfc_server hal_nfc_client (binder (call transfer)))
+(allow hal_nfc_client hal_nfc_server (binder (transfer)))
+(allow hal_nfc_server hal_nfc_client (fd (use)))
+(allow hal_nfc_server hal_nfc_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_nfc_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_212_28_0 hal_nfc_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_nfc_client hal_nfc_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_nfc property_socket_28_0 (sock_file (write)))
+(allow hal_nfc init_28_0 (unix_stream_socket (connectto)))
+(allow hal_nfc nfc_prop_28_0 (property_service (set)))
+(allow hal_nfc nfc_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_nfc nfc_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_oemlock_client hal_oemlock_server (binder (call transfer)))
+(allow hal_oemlock_server hal_oemlock_client (binder (transfer)))
+(allow hal_oemlock_client hal_oemlock_server (fd (use)))
+(allow hal_oemlock_server hal_oemlock_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_oemlock_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_213_28_0 hal_oemlock_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_oemlock_client hal_oemlock_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_power_client hal_power_server (binder (call transfer)))
+(allow hal_power_server hal_power_client (binder (transfer)))
+(allow hal_power_client hal_power_server (fd (use)))
+(allow hal_power_server hal_power_client (binder (call transfer)))
+(allow hal_power_client hal_power_server (binder (transfer)))
+(allow hal_power_server hal_power_client (fd (use)))
+(allow hal_power_server hal_power_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_power_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_214_28_0 hal_power_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_power_client hal_power_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_secure_element_client hal_secure_element_server (binder (call transfer)))
+(allow hal_secure_element_server hal_secure_element_client (binder (transfer)))
+(allow hal_secure_element_client hal_secure_element_server (fd (use)))
+(allow hal_secure_element_server hal_secure_element_client (binder (call transfer)))
+(allow hal_secure_element_client hal_secure_element_server (binder (transfer)))
+(allow hal_secure_element_server hal_secure_element_client (fd (use)))
+(allow hal_secure_element_server hal_secure_element_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_secure_element_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_215_28_0 hal_secure_element_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_secure_element_client hal_secure_element_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_sensors_client hal_sensors_server (binder (call transfer)))
+(allow hal_sensors_server hal_sensors_client (binder (transfer)))
+(allow hal_sensors_client hal_sensors_server (fd (use)))
+(allow hal_sensors_server hal_sensors_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_sensors_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_216_28_0 hal_sensors_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_sensors_client hal_sensors_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_sensors base_typeattr_43_28_0 (fd (use)))
+(allow hal_sensors hal_allocator (fd (use)))
+(allow hal_sensors self (capability (sys_nice)))
+(allow hal_sensors self (cap_userns (sys_nice)))
+(allow hal_telephony_client hal_telephony_server (binder (call transfer)))
+(allow hal_telephony_server hal_telephony_client (binder (transfer)))
+(allow hal_telephony_client hal_telephony_server (fd (use)))
+(allow hal_telephony_server hal_telephony_client (binder (call transfer)))
+(allow hal_telephony_client hal_telephony_server (binder (transfer)))
+(allow hal_telephony_server hal_telephony_client (fd (use)))
+(allow hal_telephony_server hal_telephony_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_telephony_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_217_28_0 hal_telephony_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_telephony_client hal_telephony_hwservice_28_0 (hwservice_manager (find)))
+(allowx hal_telephony_server self (ioctl udp_socket (0x6900 0x6902)))
+(allowx hal_telephony_server self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hal_telephony_server self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_telephony_server self (netlink_route_socket (nlmsg_write)))
+(allow hal_telephony_server kernel_28_0 (system (module_request)))
+(allow hal_telephony_server self (capability (setgid setuid setpcap net_admin net_raw)))
+(allow hal_telephony_server self (cap_userns (setgid setuid setpcap net_admin net_raw)))
+(allow hal_telephony_server alarm_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_telephony_server cgroup_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_telephony_server cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_telephony_server radio_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_telephony_server radio_device_28_0 (blk_file (ioctl read getattr lock map open)))
+(allow hal_telephony_server mtd_device_28_0 (dir (search)))
+(allow hal_telephony_server efs_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_telephony_server efs_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_telephony_server vendor_shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow hal_telephony_server bluetooth_efs_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server bluetooth_efs_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_telephony_server property_socket_28_0 (sock_file (write)))
+(allow hal_telephony_server init_28_0 (unix_stream_socket (connectto)))
+(allow hal_telephony_server radio_prop_28_0 (property_service (set)))
+(allow hal_telephony_server radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server property_socket_28_0 (sock_file (write)))
+(allow hal_telephony_server init_28_0 (unix_stream_socket (connectto)))
+(allow hal_telephony_server exported_radio_prop_28_0 (property_service (set)))
+(allow hal_telephony_server exported_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server property_socket_28_0 (sock_file (write)))
+(allow hal_telephony_server init_28_0 (unix_stream_socket (connectto)))
+(allow hal_telephony_server exported2_radio_prop_28_0 (property_service (set)))
+(allow hal_telephony_server exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server property_socket_28_0 (sock_file (write)))
+(allow hal_telephony_server init_28_0 (unix_stream_socket (connectto)))
+(allow hal_telephony_server exported3_radio_prop_28_0 (property_service (set)))
+(allow hal_telephony_server exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_telephony_server self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_telephony_server self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_telephony_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_telephony_server sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_telephony_server self (capability2 (block_suspend)))
+(allow hal_telephony_server self (cap2_userns (block_suspend)))
+(allow hal_telephony_server proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_telephony_server proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_telephony_server sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_telephony_server sysfs_type (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow hal_telephony_server system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_telephony_server system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_telephony_server system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_telephony_server self (socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_tetheroffload_client hal_tetheroffload_server (binder (call transfer)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (binder (transfer)))
+(allow hal_tetheroffload_client hal_tetheroffload_server (fd (use)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (binder (call transfer)))
+(allow hal_tetheroffload_client hal_tetheroffload_server (binder (transfer)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (fd (use)))
+(allow hal_tetheroffload_client hal_tetheroffload_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (netlink_netfilter_socket (read write getattr setopt)))
+(allow hal_thermal_client hal_thermal_server (binder (call transfer)))
+(allow hal_thermal_server hal_thermal_client (binder (transfer)))
+(allow hal_thermal_client hal_thermal_server (fd (use)))
+(allow hal_thermal_server hal_thermal_client (binder (call transfer)))
+(allow hal_thermal_client hal_thermal_server (binder (transfer)))
+(allow hal_thermal_server hal_thermal_client (fd (use)))
+(allow hal_thermal_server hal_thermal_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_thermal_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_218_28_0 hal_thermal_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_thermal_client hal_thermal_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_tv_cec_client hal_tv_cec_server (binder (call transfer)))
+(allow hal_tv_cec_server hal_tv_cec_client (binder (transfer)))
+(allow hal_tv_cec_client hal_tv_cec_server (fd (use)))
+(allow hal_tv_cec_server hal_tv_cec_client (binder (call transfer)))
+(allow hal_tv_cec_client hal_tv_cec_server (binder (transfer)))
+(allow hal_tv_cec_server hal_tv_cec_client (fd (use)))
+(allow hal_tv_cec_server hal_tv_cec_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_tv_cec_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_219_28_0 hal_tv_cec_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_tv_cec_client hal_tv_cec_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_tv_input_client hal_tv_input_server (binder (call transfer)))
+(allow hal_tv_input_server hal_tv_input_client (binder (transfer)))
+(allow hal_tv_input_client hal_tv_input_server (fd (use)))
+(allow hal_tv_input_server hal_tv_input_client (binder (call transfer)))
+(allow hal_tv_input_client hal_tv_input_server (binder (transfer)))
+(allow hal_tv_input_server hal_tv_input_client (fd (use)))
+(allow hal_tv_input_server hal_tv_input_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_tv_input_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_220_28_0 hal_tv_input_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_tv_input_client hal_tv_input_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_usb_client hal_usb_server (binder (call transfer)))
+(allow hal_usb_server hal_usb_client (binder (transfer)))
+(allow hal_usb_client hal_usb_server (fd (use)))
+(allow hal_usb_server hal_usb_client (binder (call transfer)))
+(allow hal_usb_client hal_usb_server (binder (transfer)))
+(allow hal_usb_server hal_usb_client (fd (use)))
+(allow hal_usb_server hal_usb_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_usb_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_221_28_0 hal_usb_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_usb_client hal_usb_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_usb self (netlink_kobject_uevent_socket (create)))
+(allow hal_usb self (netlink_kobject_uevent_socket (setopt)))
+(allow hal_usb self (netlink_kobject_uevent_socket (bind)))
+(allow hal_usb self (netlink_kobject_uevent_socket (read)))
+(allow hal_usb sysfs_28_0 (dir (open)))
+(allow hal_usb sysfs_28_0 (dir (read)))
+(allow hal_usb sysfs_28_0 (file (read)))
+(allow hal_usb sysfs_28_0 (file (open)))
+(allow hal_usb sysfs_28_0 (file (write)))
+(allow hal_usb sysfs_28_0 (file (getattr)))
+(allow hal_usb_gadget_client hal_usb_gadget_server (binder (call transfer)))
+(allow hal_usb_gadget_server hal_usb_gadget_client (binder (transfer)))
+(allow hal_usb_gadget_client hal_usb_gadget_server (fd (use)))
+(allow hal_usb_gadget_server hal_usb_gadget_client (binder (call transfer)))
+(allow hal_usb_gadget_client hal_usb_gadget_server (binder (transfer)))
+(allow hal_usb_gadget_server hal_usb_gadget_client (fd (use)))
+(allow hal_usb_gadget_server hal_usb_gadget_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_usb_gadget_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_222_28_0 hal_usb_gadget_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_usb_gadget_client hal_usb_gadget_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_usb_gadget_server configfs_28_0 (lnk_file (read create unlink)))
+(allow hal_usb_gadget_server configfs_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow hal_usb_gadget_server configfs_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_usb_gadget_server functionfs_28_0 (dir (read search)))
+(allow hal_usb_gadget_server functionfs_28_0 (file (read)))
+(allow hal_vehicle_client hal_vehicle_server (binder (call transfer)))
+(allow hal_vehicle_server hal_vehicle_client (binder (transfer)))
+(allow hal_vehicle_client hal_vehicle_server (fd (use)))
+(allow hal_vehicle_server hal_vehicle_client (binder (call transfer)))
+(allow hal_vehicle_client hal_vehicle_server (binder (transfer)))
+(allow hal_vehicle_server hal_vehicle_client (fd (use)))
+(allow hal_vehicle_server hal_vehicle_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_vehicle_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_223_28_0 hal_vehicle_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_vehicle_client hal_vehicle_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_vibrator_client hal_vibrator_server (binder (call transfer)))
+(allow hal_vibrator_server hal_vibrator_client (binder (transfer)))
+(allow hal_vibrator_client hal_vibrator_server (fd (use)))
+(allow hal_vibrator_server hal_vibrator_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_vibrator_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_224_28_0 hal_vibrator_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_vibrator_client hal_vibrator_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_vibrator sysfs_vibrator_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_vibrator sysfs_vibrator_28_0 (dir (search)))
+(allow hal_vr_client hal_vr_server (binder (call transfer)))
+(allow hal_vr_server hal_vr_client (binder (transfer)))
+(allow hal_vr_client hal_vr_server (fd (use)))
+(allow hal_vr_server hal_vr_client (binder (call transfer)))
+(allow hal_vr_client hal_vr_server (binder (transfer)))
+(allow hal_vr_server hal_vr_client (fd (use)))
+(allow hal_vr_server hal_vr_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_vr_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_225_28_0 hal_vr_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_vr_client hal_vr_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_weaver_client hal_weaver_server (binder (call transfer)))
+(allow hal_weaver_server hal_weaver_client (binder (transfer)))
+(allow hal_weaver_client hal_weaver_server (fd (use)))
+(allow hal_weaver_server hal_weaver_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_weaver_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_226_28_0 hal_weaver_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_weaver_client hal_weaver_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_wifi_client hal_wifi_server (binder (call transfer)))
+(allow hal_wifi_server hal_wifi_client (binder (transfer)))
+(allow hal_wifi_client hal_wifi_server (fd (use)))
+(allow hal_wifi_server hal_wifi_client (binder (call transfer)))
+(allow hal_wifi_client hal_wifi_server (binder (transfer)))
+(allow hal_wifi_server hal_wifi_client (fd (use)))
+(allow hal_wifi_server hal_wifi_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_wifi_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_227_28_0 hal_wifi_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_wifi_client hal_wifi_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_wifi proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_wifi proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_wifi proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_wifi sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_wifi sysfs_type (file (ioctl read getattr lock map open)))
+(allow hal_wifi sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow hal_wifi property_socket_28_0 (sock_file (write)))
+(allow hal_wifi init_28_0 (unix_stream_socket (connectto)))
+(allow hal_wifi exported_wifi_prop_28_0 (property_service (set)))
+(allow hal_wifi exported_wifi_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_wifi property_socket_28_0 (sock_file (write)))
+(allow hal_wifi init_28_0 (unix_stream_socket (connectto)))
+(allow hal_wifi wifi_prop_28_0 (property_service (set)))
+(allow hal_wifi wifi_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_wifi self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx hal_wifi self (ioctl udp_socket (0x8914 0x8924)))
+(allow hal_wifi self (capability (net_admin net_raw)))
+(allow hal_wifi self (cap_userns (net_admin net_raw)))
+(allow hal_wifi self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi sysfs_wlan_fwpath_28_0 (file (write lock append map open)))
+(allow hal_wifi proc_modules_28_0 (file (read getattr open)))
+(allow hal_wifi_server tombstone_wifi_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow hal_wifi_server tombstone_wifi_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_wifi_hostapd_client hal_wifi_hostapd_server (binder (call transfer)))
+(allow hal_wifi_hostapd_server hal_wifi_hostapd_client (binder (transfer)))
+(allow hal_wifi_hostapd_client hal_wifi_hostapd_server (fd (use)))
+(allow hal_wifi_hostapd_server hal_wifi_hostapd_client (binder (call transfer)))
+(allow hal_wifi_hostapd_client hal_wifi_hostapd_server (binder (transfer)))
+(allow hal_wifi_hostapd_server hal_wifi_hostapd_client (fd (use)))
+(allow hal_wifi_hostapd_server hal_wifi_hostapd_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_wifi_hostapd_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_228_28_0 hal_wifi_hostapd_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_wifi_hostapd_client hal_wifi_hostapd_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_wifi_hostapd_server self (capability (net_admin net_raw)))
+(allow hal_wifi_hostapd_server self (cap_userns (net_admin net_raw)))
+(allow hal_wifi_hostapd_server sysfs_net_28_0 (dir (search)))
+(allow hal_wifi_hostapd_server proc_net_28_0 (file (read getattr open)))
+(allowx hal_wifi_hostapd_server self (ioctl udp_socket (0x6900 0x6902)))
+(allowx hal_wifi_hostapd_server self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hal_wifi_hostapd_server self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_wifi_hostapd_server self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_hostapd_server self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_hostapd_server self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_hostapd_server self (netlink_route_socket (nlmsg_write)))
+(neverallow hal_wifi_hostapd_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_wifi_hostapd_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow hal_wifi_offload_client hal_wifi_offload_server (binder (call transfer)))
+(allow hal_wifi_offload_server hal_wifi_offload_client (binder (transfer)))
+(allow hal_wifi_offload_client hal_wifi_offload_server (fd (use)))
+(allow hal_wifi_offload_server hal_wifi_offload_client (binder (call transfer)))
+(allow hal_wifi_offload_client hal_wifi_offload_server (binder (transfer)))
+(allow hal_wifi_offload_server hal_wifi_offload_client (fd (use)))
+(allow hal_wifi_offload_server hal_wifi_offload_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_wifi_offload_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_229_28_0 hal_wifi_offload_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_wifi_offload_client hal_wifi_offload_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_wifi_offload proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_offload proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_wifi_offload proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_wifi_offload sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_offload sysfs_type (file (ioctl read getattr lock map open)))
+(allow hal_wifi_offload sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (call transfer)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (transfer)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (fd (use)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (call transfer)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (transfer)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (fd (use)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_hwservice_28_0 (hwservice_manager (add find)))
+(allow hal_wifi_supplicant_server hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_230_28_0 hal_wifi_supplicant_hwservice_28_0 (hwservice_manager (add)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice_28_0 (hwservice_manager (find)))
+(allowx hal_wifi_supplicant self (ioctl udp_socket (0x6900 0x6902)))
+(allowx hal_wifi_supplicant self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hal_wifi_supplicant self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_wifi_supplicant sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_supplicant sysfs_type (file (ioctl read getattr lock map open)))
+(allow hal_wifi_supplicant sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow hal_wifi_supplicant proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_supplicant proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_wifi_supplicant proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hal_wifi_supplicant kernel_28_0 (system (module_request)))
+(allow hal_wifi_supplicant self (capability (setgid setuid net_admin net_raw)))
+(allow hal_wifi_supplicant self (cap_userns (setgid setuid net_admin net_raw)))
+(allow hal_wifi_supplicant cgroup_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_wifi_supplicant self (netlink_route_socket (nlmsg_write)))
+(allow hal_wifi_supplicant self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_supplicant self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_supplicant self (packet_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (0x6900 0x6902)))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x8906 0x8907)) ((range 0x890b 0x890d)) ((range 0x8910 0x8927)) 0x8929 ((range 0x8930 0x8939)) ((range 0x8940 0x8943)) ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x8b00 0x8b02)) ((range 0x8b04 0x8b1d)) ((range 0x8b20 0x8b2d)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallow hal_wifi_supplicant_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_wifi_supplicant_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow healthd_28_0 kmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow healthd_28_0 sysfs_type (dir (search)))
+(allow healthd_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow healthd_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow healthd_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow healthd_28_0 self (capability (sys_tty_config)))
+(allow healthd_28_0 self (cap_userns (sys_tty_config)))
+(allow healthd_28_0 self (capability (sys_boot)))
+(allow healthd_28_0 self (cap_userns (sys_boot)))
+(allow healthd_28_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow healthd_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow healthd_28_0 self (capability2 (block_suspend)))
+(allow healthd_28_0 self (cap2_userns (block_suspend)))
+(allow healthd_28_0 sysfs_power_28_0 (file (ioctl read write getattr lock append map open)))
+(allow healthd_28_0 sysfs_usb_28_0 (file (write)))
+(allow healthd_28_0 sysfs_batteryinfo_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 sysfs_batteryinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 sysfs_batteryinfo_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow healthd_28_0 pstorefs_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 graphics_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 graphics_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow healthd_28_0 input_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_28_0 input_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow healthd_28_0 tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow healthd_28_0 ashmem_device_28_0 (chr_file (execute)))
+(allow healthd_28_0 self (process (execmem)))
+(allow healthd_28_0 proc_sysrq_28_0 (file (ioctl read write getattr lock append map open)))
+(allow healthd_28_0 property_socket_28_0 (sock_file (write)))
+(allow healthd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow healthd_28_0 system_prop_28_0 (property_service (set)))
+(allow healthd_28_0 system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 property_socket_28_0 (sock_file (write)))
+(allow healthd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow healthd_28_0 exported_system_prop_28_0 (property_service (set)))
+(allow healthd_28_0 exported_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 property_socket_28_0 (sock_file (write)))
+(allow healthd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow healthd_28_0 exported2_system_prop_28_0 (property_service (set)))
+(allow healthd_28_0 exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow healthd_28_0 property_socket_28_0 (sock_file (write)))
+(allow healthd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow healthd_28_0 exported3_system_prop_28_0 (property_service (set)))
+(allow healthd_28_0 exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hwservicemanager_28_0 self (binder (set_context_mgr)))
+(allow hwservicemanager_28_0 property_socket_28_0 (sock_file (write)))
+(allow hwservicemanager_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow hwservicemanager_28_0 hwservicemanager_prop_28_0 (property_service (set)))
+(allow hwservicemanager_28_0 hwservicemanager_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow hwservicemanager_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hwservicemanager_28_0 hwservice_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hwservicemanager_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow hwservicemanager_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow hwservicemanager_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow hwservicemanager_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow hwservicemanager_28_0 kernel_28_0 (security (compute_av)))
+(allow hwservicemanager_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow idmap_28_0 installd_28_0 (fd (use)))
+(allow idmap_28_0 resourcecache_data_file_28_0 (file (read write getattr)))
+(dontaudit idmap_28_0 installd_28_0 (file (read)))
+(allow idmap_28_0 apk_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow idmap_28_0 apk_data_file_28_0 (dir (search)))
+(allow idmap_28_0 vendor_app_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow idmap_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(allow idmap_28_0 vendor_app_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow idmap_28_0 vendor_overlay_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow idmap_28_0 vendor_overlay_file_28_0 (file (ioctl read getattr lock map open)))
+(allow idmap_28_0 vendor_overlay_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 tmpfs_28_0 (chr_file (ioctl read write create getattr setattr lock append map unlink open)))
+(allow init_28_0 tmpfs_28_0 (chr_file (relabelfrom)))
+(allow init_28_0 kmsg_device_28_0 (chr_file (write relabelto)))
+(allow init_28_0 kmsg_debug_device_28_0 (chr_file (write relabelto)))
+(allow init_28_0 properties_device_28_0 (dir (relabelto)))
+(allow init_28_0 properties_serial_28_0 (file (write relabelto)))
+(allow init_28_0 property_type (file (ioctl read write create getattr setattr lock relabelto append map unlink rename open)))
+(allow init_28_0 properties_device_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 property_info_28_0 (file (relabelto)))
+(allow init_28_0 device_28_0 (file (relabelfrom)))
+(allow init_28_0 runtime_event_log_tags_file_28_0 (file (write create setattr relabelto open)))
+(allow init_28_0 device_28_0 (dir (relabelto)))
+(allow init_28_0 socket_device_28_0 (dir (relabelto)))
+(allow init_28_0 random_device_28_0 (chr_file (relabelto)))
+(allow init_28_0 tmpfs_28_0 (chr_file (relabelfrom)))
+(allow init_28_0 tmpfs_28_0 (blk_file (relabelfrom)))
+(allow init_28_0 tmpfs_28_0 (blk_file (getattr)))
+(allow init_28_0 block_device_28_0 (dir (relabelto)))
+(allow init_28_0 block_device_28_0 (lnk_file (relabelto)))
+(allow init_28_0 block_device_28_0 (blk_file (relabelto)))
+(allow init_28_0 dm_device_28_0 (chr_file (relabelto)))
+(allow init_28_0 dm_device_28_0 (blk_file (relabelto)))
+(allow init_28_0 kernel_28_0 (fd (use)))
+(allow init_28_0 tmpfs_28_0 (lnk_file (read getattr relabelfrom)))
+(allow init_28_0 system_block_device_28_0 (lnk_file (relabelto)))
+(allow init_28_0 system_block_device_28_0 (blk_file (relabelto)))
+(allow init_28_0 recovery_block_device_28_0 (lnk_file (relabelto)))
+(allow init_28_0 recovery_block_device_28_0 (blk_file (relabelto)))
+(allow init_28_0 misc_block_device_28_0 (lnk_file (relabelto)))
+(allow init_28_0 misc_block_device_28_0 (blk_file (relabelto)))
+(allow init_28_0 self (capability (sys_resource)))
+(allow init_28_0 self (cap_userns (sys_resource)))
+(allow init_28_0 tmpfs_28_0 (file (unlink)))
+(allow init_28_0 devpts_28_0 (chr_file (read write open)))
+(allow init_28_0 fscklogs_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 tmpfs_28_0 (chr_file (write)))
+(allow init_28_0 console_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 self (capability (sys_admin)))
+(allow init_28_0 self (cap_userns (sys_admin)))
+(allow init_28_0 rootfs_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 rootfs_28_0 (dir (mounton)))
+(allow init_28_0 cgroup_28_0 (dir (mounton)))
+(allow init_28_0 system_file_28_0 (dir (mounton)))
+(allow init_28_0 vendor_file_28_0 (dir (mounton)))
+(allow init_28_0 system_data_file_28_0 (dir (mounton)))
+(allow init_28_0 storage_file_28_0 (dir (mounton)))
+(allow init_28_0 postinstall_mnt_dir_28_0 (dir (mounton)))
+(allow init_28_0 cache_file_28_0 (dir (mounton)))
+(allow init_28_0 cgroup_bpf_28_0 (dir (create mounton)))
+(allow init_28_0 fs_bpf_28_0 (dir (mounton)))
+(allow init_28_0 device_28_0 (dir (mounton)))
+(allow init_28_0 rootfs_28_0 (lnk_file (create unlink)))
+(allow init_28_0 sysfs_28_0 (dir (mounton)))
+(allow init_28_0 tmpfs_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 tmpfs_28_0 (dir (mounton)))
+(allow init_28_0 cgroup_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow init_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 cpuctl_device_28_0 (dir (create mounton)))
+(allow init_28_0 configfs_28_0 (dir (mounton)))
+(allow init_28_0 configfs_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 configfs_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 configfs_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 metadata_file_28_0 (dir (mounton)))
+(allow init_28_0 tmpfs_28_0 (dir (relabelfrom)))
+(allow init_28_0 self (capability (dac_override)))
+(allow init_28_0 self (cap_userns (dac_override)))
+(allow init_28_0 self (capability (sys_time)))
+(allow init_28_0 self (cap_userns (sys_time)))
+(allow init_28_0 self (capability (sys_rawio mknod)))
+(allow init_28_0 self (cap_userns (sys_rawio mknod)))
+(allow init_28_0 dev_type (blk_file (ioctl read getattr lock map open)))
+(allow init_28_0 fs_type (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget)))
+(allow init_28_0 unlabeled_28_0 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget)))
+(allow init_28_0 contextmount_type (filesystem (relabelto)))
+(allow init_28_0 contextmount_type (dir (ioctl read getattr lock search open)))
+(allow init_28_0 contextmount_type (file (ioctl read getattr lock map open)))
+(allow init_28_0 contextmount_type (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 contextmount_type (sock_file (ioctl read getattr lock map open)))
+(allow init_28_0 contextmount_type (fifo_file (ioctl read getattr lock map open)))
+(allow init_28_0 rootfs_28_0 (file (relabelfrom)))
+(allow init_28_0 rootfs_28_0 (dir (relabelfrom)))
+(allow init_28_0 self (capability (chown fowner fsetid)))
+(allow init_28_0 self (cap_userns (chown fowner fsetid)))
+(allow init_28_0 base_typeattr_231_28_0 (dir (ioctl read create getattr setattr search open)))
+(allow init_28_0 base_typeattr_232_28_0 (dir (write relabelfrom add_name remove_name rmdir)))
+(allow init_28_0 base_typeattr_233_28_0 (file (read write create getattr setattr relabelfrom unlink open)))
+(allow init_28_0 base_typeattr_232_28_0 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow init_28_0 base_typeattr_232_28_0 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow init_28_0 base_typeattr_232_28_0 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow init_28_0 cache_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 base_typeattr_234_28_0 (file (relabelto)))
+(allow init_28_0 base_typeattr_234_28_0 (dir (relabelto)))
+(allow init_28_0 base_typeattr_234_28_0 (lnk_file (relabelto)))
+(allow init_28_0 base_typeattr_234_28_0 (chr_file (relabelto)))
+(allow init_28_0 base_typeattr_234_28_0 (blk_file (relabelto)))
+(allow init_28_0 base_typeattr_234_28_0 (sock_file (relabelto)))
+(allow init_28_0 base_typeattr_234_28_0 (fifo_file (relabelto)))
+(allow init_28_0 sysfs_28_0 (file (getattr relabelfrom)))
+(allow init_28_0 sysfs_28_0 (dir (getattr relabelfrom)))
+(allow init_28_0 sysfs_28_0 (lnk_file (getattr relabelfrom)))
+(allow init_28_0 debugfs_28_0 (file (getattr relabelfrom)))
+(allow init_28_0 debugfs_28_0 (dir (getattr relabelfrom)))
+(allow init_28_0 debugfs_28_0 (lnk_file (getattr relabelfrom)))
+(allow init_28_0 debugfs_tracing_28_0 (file (getattr relabelfrom)))
+(allow init_28_0 debugfs_tracing_28_0 (dir (getattr relabelfrom)))
+(allow init_28_0 debugfs_tracing_28_0 (lnk_file (getattr relabelfrom)))
+(allow init_28_0 debugfs_tracing_debug_28_0 (file (getattr relabelfrom)))
+(allow init_28_0 debugfs_tracing_debug_28_0 (dir (getattr relabelfrom)))
+(allow init_28_0 debugfs_tracing_debug_28_0 (lnk_file (getattr relabelfrom)))
+(allow init_28_0 sysfs_type (file (getattr relabelto)))
+(allow init_28_0 sysfs_type (dir (getattr relabelto)))
+(allow init_28_0 sysfs_type (lnk_file (getattr relabelto)))
+(allow init_28_0 debugfs_type (file (getattr relabelto)))
+(allow init_28_0 debugfs_type (dir (getattr relabelto)))
+(allow init_28_0 debugfs_type (lnk_file (getattr relabelto)))
+(allow init_28_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 dev_type (lnk_file (create)))
+(allow init_28_0 debugfs_tracing_28_0 (file (write lock append map open)))
+(allow init_28_0 debugfs_tracing_instances_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 debugfs_tracing_instances_28_0 (file (write lock append map open)))
+(allow init_28_0 debugfs_wifi_tracing_28_0 (file (write lock append map open)))
+(allow init_28_0 base_typeattr_235_28_0 (file (read setattr open)))
+(allow init_28_0 base_typeattr_236_28_0 (dir (read setattr search open)))
+(allow init_28_0 base_typeattr_237_28_0 (chr_file (read open)))
+(auditallow init_28_0 base_typeattr_238_28_0 (chr_file (read open)))
+(allow init_28_0 base_typeattr_239_28_0 (chr_file (setattr)))
+(allow init_28_0 unlabeled_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 unlabeled_28_0 (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open)))
+(allow init_28_0 unlabeled_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open)))
+(allow init_28_0 unlabeled_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open)))
+(allow init_28_0 unlabeled_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open)))
+(allow init_28_0 kernel_28_0 (system (syslog_mod)))
+(allow init_28_0 self (capability2 (syslog)))
+(allow init_28_0 self (cap2_userns (syslog)))
+(allow init_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow init_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_diskstats_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_kmsg_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_uptime_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_version_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 proc_overcommit_memory_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_min_free_order_shift_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_abi_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_dirty_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_extra_free_kbytes_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_hostname_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_hung_task_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_max_map_count_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_net_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_page_cluster_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_panic_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_perf_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_sched_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_sysrq_28_0 (file (write lock append map open)))
+(allow init_28_0 proc_security_28_0 (file (ioctl read write getattr lock append map open)))
+(allow init_28_0 sysfs_android_usb_28_0 (file (write lock append map open)))
+(allow init_28_0 sysfs_leds_28_0 (file (write lock append map open)))
+(allow init_28_0 sysfs_power_28_0 (file (write lock append map open)))
+(allow init_28_0 sysfs_dt_firmware_android_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 sysfs_zram_28_0 (file (ioctl read write getattr lock append map open)))
+(allow init_28_0 sysfs_vibrator_28_0 (file (write lock append map open)))
+(allow init_28_0 sysfs_android_usb_28_0 (file (setattr)))
+(allow init_28_0 sysfs_ipv4_28_0 (file (setattr)))
+(allow init_28_0 sysfs_leds_28_0 (file (setattr)))
+(allow init_28_0 sysfs_wake_lock_28_0 (file (setattr)))
+(allow init_28_0 sysfs_power_28_0 (file (setattr)))
+(allow init_28_0 sysfs_devices_system_cpu_28_0 (file (setattr)))
+(allow init_28_0 sysfs_lowmemorykiller_28_0 (file (setattr)))
+(allow init_28_0 sysfs_vibrator_28_0 (file (setattr)))
+(allow init_28_0 usermodehelper_28_0 (file (ioctl read write getattr lock append map open)))
+(allow init_28_0 sysfs_usermodehelper_28_0 (file (ioctl read write getattr lock append map open)))
+(allow init_28_0 self (capability (net_admin)))
+(allow init_28_0 self (cap_userns (net_admin)))
+(allow init_28_0 self (capability (sys_boot)))
+(allow init_28_0 self (cap_userns (sys_boot)))
+(allow init_28_0 misc_logd_file_28_0 (dir (read write create getattr setattr add_name search open)))
+(allow init_28_0 misc_logd_file_28_0 (file (write create getattr setattr open)))
+(allow init_28_0 self (capability (kill)))
+(allow init_28_0 self (cap_userns (kill)))
+(allow init_28_0 domain (process (sigkill signal getpgid)))
+(allow init_28_0 keystore_data_file_28_0 (dir (read create getattr setattr search open)))
+(allow init_28_0 keystore_data_file_28_0 (file (getattr)))
+(allow init_28_0 vold_data_file_28_0 (dir (read create getattr setattr search open)))
+(allow init_28_0 vold_data_file_28_0 (file (getattr)))
+(allow init_28_0 shell_data_file_28_0 (dir (read create getattr setattr search open)))
+(allow init_28_0 shell_data_file_28_0 (file (getattr)))
+(allow init_28_0 self (capability (setgid setuid setpcap)))
+(allow init_28_0 self (cap_userns (setgid setuid setpcap)))
+(allow init_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow init_28_0 domain (file (ioctl read getattr lock map open)))
+(allow init_28_0 domain (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 self (process (setexec setfscreate setsockcreate)))
+(allow init_28_0 file_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 sepolicy_file_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow init_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow init_28_0 kernel_28_0 (security (compute_av)))
+(allow init_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow init_28_0 kernel_28_0 (security (compute_create)))
+(allow init_28_0 domain (unix_stream_socket (create bind setopt)))
+(allow init_28_0 domain (unix_dgram_socket (create bind setopt)))
+(allow init_28_0 property_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 property_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 property_type (property_service (set)))
+(allow init_28_0 self (netlink_audit_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_relay)))
+(allow init_28_0 self (capability (audit_write)))
+(allow init_28_0 self (cap_userns (audit_write)))
+(allow init_28_0 self (udp_socket (ioctl create)))
+(allowx init_28_0 self (ioctl udp_socket (0x8914)))
+(allow init_28_0 self (capability (net_raw)))
+(allow init_28_0 self (cap_userns (net_raw)))
+(allow init_28_0 kernel_28_0 (process (setsched)))
+(allow init_28_0 swap_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 hw_random_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow init_28_0 device_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 self (capability (sys_tty_config)))
+(allow init_28_0 self (cap_userns (sys_tty_config)))
+(allow init_28_0 keychord_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 dm_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 dm_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 metadata_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 pstorefs_28_0 (dir (search)))
+(allow init_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 kernel_28_0 (system (syslog_read)))
+(allow init_28_0 init_28_0 (key (write search setattr)))
+(allow init_28_0 unencrypted_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 proc_overcommit_memory_28_0 (file (write)))
+(allow init_28_0 misc_block_device_28_0 (blk_file (write lock append map open)))
+(allow init_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow init_28_0 system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 vendor_file_type (dir (ioctl read getattr lock search open)))
+(allow init_28_0 vendor_file_type (file (ioctl read getattr lock map open)))
+(allow init_28_0 vendor_file_type (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 system_data_file_28_0 (file (read getattr)))
+(allow init_28_0 system_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 vendor_shell_exec_28_0 (file (execute)))
+(allow init_28_0 vold_metadata_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_28_0 vold_metadata_file_28_0 (file (getattr)))
+(neverallow domain init_28_0 (process (dyntransition)))
+(neverallow base_typeattr_78_28_0 init_28_0 (process (transition)))
+(neverallow init_28_0 base_typeattr_240_28_0 (file (entrypoint)))
+(neverallow init_28_0 shell_data_file_28_0 (lnk_file (read)))
+(neverallow init_28_0 app_data_file_28_0 (lnk_file (read)))
+(neverallow init_28_0 fs_type (file (execute_no_trans)))
+(neverallow init_28_0 file_type (file (execute_no_trans)))
+(neverallow init_28_0 service_manager_type (service_manager (add find)))
+(neverallow init_28_0 servicemanager_28_0 (service_manager (list)))
+(neverallow init_28_0 shell_data_file_28_0 (dir (write add_name remove_name)))
+(neverallow init_28_0 sysfs_28_0 (file (read write open)))
+(allow inputflinger_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 inputflinger_28_0 (dir (search)))
+(allow servicemanager_28_0 inputflinger_28_0 (file (read open)))
+(allow servicemanager_28_0 inputflinger_28_0 (process (getattr)))
+(allow inputflinger_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 inputflinger_28_0 (binder (transfer)))
+(allow inputflinger_28_0 system_server_28_0 (fd (use)))
+(allow inputflinger_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow inputflinger_28_0 self (capability2 (block_suspend)))
+(allow inputflinger_28_0 self (cap2_userns (block_suspend)))
+(allow inputflinger_28_0 inputflinger_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_241_28_0 inputflinger_service_28_0 (service_manager (add)))
+(allow inputflinger_28_0 input_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow inputflinger_28_0 input_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow inputflinger_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow inputflinger_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow inputflinger_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow install_recovery_28_0 self (capability (dac_override)))
+(allow install_recovery_28_0 self (cap_userns (dac_override)))
+(allow install_recovery_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow install_recovery_28_0 system_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow install_recovery_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow install_recovery_28_0 block_device_28_0 (dir (search)))
+(allow install_recovery_28_0 boot_block_device_28_0 (blk_file (ioctl read getattr lock map open)))
+(allow install_recovery_28_0 recovery_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow install_recovery_28_0 cache_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow install_recovery_28_0 cache_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow install_recovery_28_0 proc_drop_caches_28_0 (file (write lock append map open)))
+(allow installd_28_0 self (capability (chown dac_override fowner fsetid setgid setuid sys_admin)))
+(allow installd_28_0 self (cap_userns (chown dac_override fowner fsetid setgid setuid sys_admin)))
+(allow installd_28_0 dalvikcache_data_file_28_0 (dir (relabelto)))
+(allow installd_28_0 dalvikcache_data_file_28_0 (file (relabelto link)))
+(allow installd_28_0 apk_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 apk_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom append map unlink link rename open)))
+(allow installd_28_0 apk_data_file_28_0 (lnk_file (ioctl read create getattr lock map unlink open)))
+(allow installd_28_0 asec_apk_file_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 apk_tmp_file_28_0 (file (ioctl read getattr lock map unlink open)))
+(allow installd_28_0 apk_tmp_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 oemfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 oemfs_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 cgroup_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 mnt_expand_file_28_0 (dir (getattr search)))
+(allow installd_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow installd_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow installd_28_0 kernel_28_0 (security (check_context)))
+(allow installd_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow installd_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow installd_28_0 vendor_app_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 vendor_app_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow installd_28_0 vendor_overlay_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 vendor_overlay_file_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 vendor_overlay_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow installd_28_0 file_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 seapp_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 asec_image_file_28_0 (dir (search)))
+(allow installd_28_0 asec_image_file_28_0 (file (getattr)))
+(allow installd_28_0 system_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 system_data_file_28_0 (lnk_file (read create getattr setattr unlink)))
+(allow installd_28_0 media_rw_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 media_rw_data_file_28_0 (file (getattr unlink)))
+(allow installd_28_0 system_data_file_28_0 (dir (relabelfrom)))
+(allow installd_28_0 media_rw_data_file_28_0 (dir (relabelto)))
+(allow installd_28_0 tmpfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow installd_28_0 storage_file_28_0 (dir (search)))
+(allow installd_28_0 sdcardfs_28_0 (dir (read write getattr remove_name search rmdir open)))
+(allow installd_28_0 sdcardfs_28_0 (file (getattr unlink)))
+(allow installd_28_0 misc_user_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 misc_user_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow installd_28_0 keychain_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 keychain_data_file_28_0 (file (ioctl read getattr lock map unlink open)))
+(allow installd_28_0 install_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow installd_28_0 dalvikcache_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 dalvikcache_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow installd_28_0 dalvikcache_data_file_28_0 (lnk_file (getattr)))
+(allow installd_28_0 resourcecache_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow installd_28_0 resourcecache_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow installd_28_0 unlabeled_28_0 (dir (ioctl read write getattr lock relabelfrom add_name remove_name search rmdir open)))
+(allow installd_28_0 unlabeled_28_0 (file (getattr setattr relabelfrom unlink rename)))
+(allow installd_28_0 unlabeled_28_0 (lnk_file (getattr setattr relabelfrom unlink rename)))
+(allow installd_28_0 unlabeled_28_0 (sock_file (getattr setattr relabelfrom unlink rename)))
+(allow installd_28_0 unlabeled_28_0 (fifo_file (getattr setattr relabelfrom unlink rename)))
+(allow installd_28_0 unlabeled_28_0 (file (ioctl read getattr lock map open)))
+(allow installd_28_0 system_data_file_28_0 (file (getattr relabelfrom unlink)))
+(allow installd_28_0 system_data_file_28_0 (lnk_file (getattr relabelfrom unlink)))
+(allow installd_28_0 system_data_file_28_0 (sock_file (getattr relabelfrom unlink)))
+(allow installd_28_0 system_data_file_28_0 (fifo_file (getattr relabelfrom unlink)))
+(allow installd_28_0 shell_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 bluetooth_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 nfc_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 radio_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 app_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 system_app_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 shell_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 shell_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 shell_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 shell_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 bluetooth_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 bluetooth_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 bluetooth_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 bluetooth_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 nfc_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 nfc_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 nfc_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 nfc_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 radio_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 radio_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 radio_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 radio_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 app_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 app_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 app_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 app_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 system_app_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 system_app_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 system_app_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 system_app_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink rename open)))
+(allow installd_28_0 user_profile_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_28_0 user_profile_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow installd_28_0 user_profile_data_file_28_0 (dir (rmdir)))
+(allow installd_28_0 user_profile_data_file_28_0 (file (unlink)))
+(allow installd_28_0 profman_dump_data_file_28_0 (dir (write add_name search)))
+(allow installd_28_0 profman_dump_data_file_28_0 (file (write create setattr open)))
+(allow installd_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow installd_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow installd_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 installd_28_0 (dir (search)))
+(allow servicemanager_28_0 installd_28_0 (file (read open)))
+(allow servicemanager_28_0 installd_28_0 (process (getattr)))
+(allow installd_28_0 installd_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_242_28_0 installd_service_28_0 (service_manager (add)))
+(allow installd_28_0 dumpstate_28_0 (fifo_file (write getattr)))
+(allow installd_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 installd_28_0 (binder (transfer)))
+(allow installd_28_0 system_server_28_0 (fd (use)))
+(allow installd_28_0 permission_service_28_0 (service_manager (find)))
+(allow installd_28_0 block_device_28_0 (dir (search)))
+(allow installd_28_0 labeledfs_28_0 (filesystem (quotamod quotaget)))
+(allow installd_28_0 preloads_data_file_28_0 (file (ioctl read getattr lock map unlink open)))
+(allow installd_28_0 preloads_data_file_28_0 (dir (ioctl read write getattr lock remove_name search rmdir open)))
+(allow installd_28_0 preloads_media_file_28_0 (file (ioctl read getattr lock map unlink open)))
+(allow installd_28_0 preloads_media_file_28_0 (dir (ioctl read write getattr lock remove_name search rmdir open)))
+(neverallow base_typeattr_243_28_0 installd_service_28_0 (service_manager (find)))
+(neverallow base_typeattr_244_28_0 installd_28_0 (binder (call)))
+(neverallow installd_28_0 base_typeattr_245_28_0 (binder (call)))
+(allow kernel_28_0 self (capability (sys_nice)))
+(allow kernel_28_0 self (cap_userns (sys_nice)))
+(allow kernel_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow kernel_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow kernel_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow kernel_28_0 proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(allow kernel_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow kernel_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow kernel_28_0 file_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow kernel_28_0 rootfs_28_0 (file (relabelfrom)))
+(allow kernel_28_0 init_exec_28_0 (file (relabelto)))
+(allow kernel_28_0 init_28_0 (process (share)))
+(allow kernel_28_0 unlabeled_28_0 (dir (search)))
+(allow kernel_28_0 usbfs_28_0 (filesystem (mount)))
+(allow kernel_28_0 usbfs_28_0 (dir (search)))
+(dontaudit kernel_28_0 self (security (setenforce)))
+(allow kernel_28_0 self (capability (sys_resource)))
+(allow kernel_28_0 self (cap_userns (sys_resource)))
+(allow kernel_28_0 self (capability (sys_boot)))
+(allow kernel_28_0 self (cap_userns (sys_boot)))
+(allow kernel_28_0 proc_sysrq_28_0 (file (write lock append map open)))
+(allow kernel_28_0 tmpfs_28_0 (chr_file (write)))
+(allow kernel_28_0 selinuxfs_28_0 (file (write)))
+(allow kernel_28_0 self (security (setcheckreqprot)))
+(allow kernel_28_0 sdcard_type (file (read write)))
+(allow kernel_28_0 mediaprovider_28_0 (fd (use)))
+(allow kernel_28_0 vold_28_0 (fd (use)))
+(allow kernel_28_0 app_data_file_28_0 (file (read)))
+(allow kernel_28_0 asec_image_file_28_0 (file (read)))
+(allow kernel_28_0 update_engine_data_file_28_0 (file (read)))
+(allow kernel_28_0 nativetest_data_file_28_0 (file (read write)))
+(allow kernel_28_0 media_rw_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow kernel_28_0 media_rw_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow kernel_28_0 vold_data_file_28_0 (file (read)))
+(neverallow base_typeattr_59_28_0 kernel_28_0 (process (transition dyntransition)))
+(neverallow kernel_28_0 base_typeattr_59_28_0 (file (execute_no_trans entrypoint)))
+(neverallow kernel_28_0 self (capability (dac_override dac_read_search)))
+(neverallow kernel_28_0 self (cap_userns (dac_override dac_read_search)))
+(allow keystore_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 keystore_28_0 (dir (search)))
+(allow servicemanager_28_0 keystore_28_0 (file (read open)))
+(allow servicemanager_28_0 keystore_28_0 (process (getattr)))
+(allow keystore_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 keystore_28_0 (binder (transfer)))
+(allow keystore_28_0 system_server_28_0 (fd (use)))
+(allow keystore_28_0 keystore_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow keystore_28_0 keystore_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow keystore_28_0 keystore_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow keystore_28_0 keystore_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow keystore_28_0 keystore_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow keystore_28_0 keystore_exec_28_0 (file (getattr)))
+(allow keystore_28_0 keystore_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_246_28_0 keystore_service_28_0 (service_manager (add)))
+(allow keystore_28_0 sec_key_att_app_id_provider_service_28_0 (service_manager (find)))
+(allow keystore_28_0 dropbox_service_28_0 (service_manager (find)))
+(allow keystore_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow keystore_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow keystore_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow keystore_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow keystore_28_0 kernel_28_0 (security (compute_av)))
+(allow keystore_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow keystore_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow keystore_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow keystore_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_246_28_0 keystore_data_file_28_0 (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton add_name remove_name reparent rmdir audit_access execmod)))
+(neverallow base_typeattr_246_28_0 keystore_data_file_28_0 (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_246_28_0 keystore_data_file_28_0 (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_246_28_0 keystore_data_file_28_0 (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_246_28_0 keystore_data_file_28_0 (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_247_28_0 keystore_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_247_28_0 keystore_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_247_28_0 keystore_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_247_28_0 keystore_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_247_28_0 keystore_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_59_28_0 keystore_28_0 (process (ptrace)))
+(allow lmkd_28_0 self (capability (dac_override kill sys_resource)))
+(allow lmkd_28_0 self (cap_userns (dac_override kill sys_resource)))
+(allow lmkd_28_0 self (capability (ipc_lock)))
+(allow lmkd_28_0 self (cap_userns (ipc_lock)))
+(allow lmkd_28_0 appdomain (dir (ioctl read getattr lock search open)))
+(allow lmkd_28_0 appdomain (file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 appdomain (lnk_file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 appdomain (file (write)))
+(allow lmkd_28_0 system_server_28_0 (dir (ioctl read getattr lock search open)))
+(allow lmkd_28_0 system_server_28_0 (file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 system_server_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 system_server_28_0 (file (write)))
+(allow lmkd_28_0 sysfs_lowmemorykiller_28_0 (dir (ioctl read getattr lock search open)))
+(allow lmkd_28_0 sysfs_lowmemorykiller_28_0 (file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 sysfs_lowmemorykiller_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 sysfs_lowmemorykiller_28_0 (file (write lock append map open)))
+(allow lmkd_28_0 appdomain (process (sigkill)))
+(allow lmkd_28_0 cgroup_28_0 (dir (remove_name rmdir)))
+(allow lmkd_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 self (capability (sys_nice)))
+(allow lmkd_28_0 self (cap_userns (sys_nice)))
+(allow lmkd_28_0 proc_zoneinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow lmkd_28_0 domain (dir (read search open)))
+(allow lmkd_28_0 domain (file (read open)))
+(allow lmkd_28_0 proc_sysrq_28_0 (file (ioctl read write getattr lock append map open)))
+(allow lmkd_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_59_28_0 lmkd_28_0 (process (noatsecure)))
+(allow logd_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow logd_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow logd_28_0 proc_kmsg_28_0 (dir (ioctl read getattr lock search open)))
+(allow logd_28_0 proc_kmsg_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 proc_kmsg_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow logd_28_0 proc_meminfo_28_0 (dir (ioctl read getattr lock search open)))
+(allow logd_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 proc_meminfo_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow logd_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow logd_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow logd_28_0 self (capability (setgid setuid setpcap sys_nice audit_control)))
+(allow logd_28_0 self (cap_userns (setgid setuid setpcap sys_nice audit_control)))
+(allow logd_28_0 self (capability2 (syslog)))
+(allow logd_28_0 self (cap2_userns (syslog)))
+(allow logd_28_0 self (netlink_audit_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_write)))
+(allow logd_28_0 kernel_28_0 (system (syslog_read)))
+(allow logd_28_0 kmsg_device_28_0 (chr_file (write lock append map open)))
+(allow logd_28_0 system_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 system_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow logd_28_0 pstorefs_28_0 (dir (search)))
+(allow logd_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 misc_logd_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow logd_28_0 misc_logd_file_28_0 (file (ioctl read write getattr lock append map open)))
+(allow logd_28_0 runtime_event_log_tags_file_28_0 (file (ioctl read write getattr lock append map open)))
+(allow logd_28_0 device_logging_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow logd_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow logd_28_0 domain (file (ioctl read getattr lock map open)))
+(allow logd_28_0 domain (lnk_file (ioctl read getattr lock map open)))
+(allow logd_28_0 kernel_28_0 (system (syslog_mod)))
+(allow logd_28_0 logd_socket_28_0 (sock_file (write)))
+(allow logd_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow logd_28_0 runtime_event_log_tags_file_28_0 (file (ioctl read getattr lock map open)))
+(allow runtime_event_log_tags_file_28_0 tmpfs_28_0 (filesystem (associate)))
+(dontaudit domain runtime_event_log_tags_file_28_0 (file (read open)))
+(neverallow logd_28_0 dev_type (blk_file (read write)))
+(neverallow logd_28_0 domain (process (ptrace)))
+(neverallow base_typeattr_248_28_0 logd_28_0 (process (ptrace)))
+(neverallow logd_28_0 system_file_28_0 (file (write)))
+(neverallow logd_28_0 system_file_28_0 (dir (write)))
+(neverallow logd_28_0 system_file_28_0 (lnk_file (write)))
+(neverallow logd_28_0 system_file_28_0 (chr_file (write)))
+(neverallow logd_28_0 system_file_28_0 (blk_file (write)))
+(neverallow logd_28_0 system_file_28_0 (sock_file (write)))
+(neverallow logd_28_0 system_file_28_0 (fifo_file (write)))
+(neverallow logd_28_0 system_data_file_28_0 (file (write)))
+(neverallow logd_28_0 system_data_file_28_0 (dir (write)))
+(neverallow logd_28_0 system_data_file_28_0 (lnk_file (write)))
+(neverallow logd_28_0 system_data_file_28_0 (chr_file (write)))
+(neverallow logd_28_0 system_data_file_28_0 (blk_file (write)))
+(neverallow logd_28_0 system_data_file_28_0 (sock_file (write)))
+(neverallow logd_28_0 system_data_file_28_0 (fifo_file (write)))
+(neverallow logd_28_0 app_data_file_28_0 (file (write)))
+(neverallow logd_28_0 app_data_file_28_0 (dir (write)))
+(neverallow logd_28_0 app_data_file_28_0 (lnk_file (write)))
+(neverallow logd_28_0 app_data_file_28_0 (chr_file (write)))
+(neverallow logd_28_0 app_data_file_28_0 (blk_file (write)))
+(neverallow logd_28_0 app_data_file_28_0 (sock_file (write)))
+(neverallow logd_28_0 app_data_file_28_0 (fifo_file (write)))
+(neverallow base_typeattr_69_28_0 logd_28_0 (process (transition)))
+(neverallow base_typeattr_59_28_0 logd_28_0 (process (dyntransition)))
+(neverallow base_typeattr_249_28_0 runtime_event_log_tags_file_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow logpersist_28_0 dev_type (blk_file (read write)))
+(neverallow logpersist_28_0 domain (process (ptrace)))
+(neverallow logpersist_28_0 system_data_file_28_0 (file (write)))
+(neverallow logpersist_28_0 system_data_file_28_0 (dir (write)))
+(neverallow logpersist_28_0 system_data_file_28_0 (lnk_file (write)))
+(neverallow logpersist_28_0 system_data_file_28_0 (chr_file (write)))
+(neverallow logpersist_28_0 system_data_file_28_0 (blk_file (write)))
+(neverallow logpersist_28_0 system_data_file_28_0 (sock_file (write)))
+(neverallow logpersist_28_0 system_data_file_28_0 (fifo_file (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (file (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (dir (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (lnk_file (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (chr_file (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (blk_file (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (sock_file (write)))
+(neverallow logpersist_28_0 app_data_file_28_0 (fifo_file (write)))
+(neverallow base_typeattr_59_28_0 logpersist_28_0 (process (dyntransition)))
+(allow mediacodec_28_0 hwservicemanager_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow mediacodec_28_0 vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediacodec_28_0 vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 mediacodec_28_0 (dir (search)))
+(allow vndservicemanager_28_0 mediacodec_28_0 (file (read open)))
+(allow vndservicemanager_28_0 mediacodec_28_0 (process (getattr)))
+(allow mediacodec_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediacodec_28_0 (binder (transfer)))
+(allow mediacodec_28_0 binderservicedomain (fd (use)))
+(allow mediacodec_28_0 appdomain (binder (call transfer)))
+(allow appdomain mediacodec_28_0 (binder (transfer)))
+(allow mediacodec_28_0 appdomain (fd (use)))
+(allow mediacodec_28_0 hal_graphics_composer (fd (use)))
+(allow mediacodec_28_0 gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediacodec_28_0 video_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediacodec_28_0 video_device_28_0 (dir (search)))
+(allow mediacodec_28_0 ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediacodec_28_0 hal_camera (fd (use)))
+(allow mediacodec_28_0 su_28_0 (fifo_file (append)))
+(allow mediacodec_28_0 anr_data_file_28_0 (file (append)))
+(allow mediacodec_28_0 dumpstate_28_0 (fd (use)))
+(allow mediacodec_28_0 incidentd_28_0 (fd (use)))
+(allow mediacodec_28_0 dumpstate_28_0 (fifo_file (write append)))
+(allow mediacodec_28_0 incidentd_28_0 (fifo_file (write append)))
+(allow mediacodec_28_0 system_server_28_0 (fifo_file (write append)))
+(allow mediacodec_28_0 tombstoned_28_0 (unix_stream_socket (connectto)))
+(allow mediacodec_28_0 tombstoned_28_0 (fd (use)))
+(allow mediacodec_28_0 tombstoned_crash_socket_28_0 (sock_file (write)))
+(allow mediacodec_28_0 tombstone_data_file_28_0 (file (append)))
+(allow mediacodec_28_0 hal_codec2_hwservice_28_0 (hwservice_manager (add find)))
+(allow mediacodec_28_0 hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_250_28_0 hal_codec2_hwservice_28_0 (hwservice_manager (add)))
+(allow mediacodec_28_0 hal_omx_hwservice_28_0 (hwservice_manager (add find)))
+(allow mediacodec_28_0 hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_250_28_0 hal_omx_hwservice_28_0 (hwservice_manager (add)))
+(allow mediacodec_28_0 bufferhubd_28_0 (fd (use)))
+(neverallow mediacodec_28_0 fs_type (file (execute_no_trans)))
+(neverallow mediacodec_28_0 file_type (file (execute_no_trans)))
+(neverallow mediacodec_28_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow mediacodec_28_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediacodec_28_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow mediadrmserver_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 mediadrmserver_28_0 (dir (search)))
+(allow servicemanager_28_0 mediadrmserver_28_0 (file (read open)))
+(allow servicemanager_28_0 mediadrmserver_28_0 (process (getattr)))
+(allow mediadrmserver_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediadrmserver_28_0 (binder (transfer)))
+(allow mediadrmserver_28_0 binderservicedomain (fd (use)))
+(allow mediadrmserver_28_0 appdomain (binder (call transfer)))
+(allow appdomain mediadrmserver_28_0 (binder (transfer)))
+(allow mediadrmserver_28_0 appdomain (fd (use)))
+(allow mediadrmserver_28_0 mediadrmserver_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_251_28_0 mediadrmserver_service_28_0 (service_manager (add)))
+(allow mediadrmserver_28_0 mediaserver_service_28_0 (service_manager (find)))
+(allow mediadrmserver_28_0 mediametrics_service_28_0 (service_manager (find)))
+(allow mediadrmserver_28_0 processinfo_service_28_0 (service_manager (find)))
+(allow mediadrmserver_28_0 surfaceflinger_service_28_0 (service_manager (find)))
+(allow mediadrmserver_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediadrmserver_28_0 mediacodec_28_0 (binder (call transfer)))
+(allow mediacodec_28_0 mediadrmserver_28_0 (binder (transfer)))
+(allow mediadrmserver_28_0 mediacodec_28_0 (fd (use)))
+(neverallow mediadrmserver_28_0 fs_type (file (execute_no_trans)))
+(neverallow mediadrmserver_28_0 file_type (file (execute_no_trans)))
+(neverallowx mediadrmserver_28_0 domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx mediadrmserver_28_0 domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx mediadrmserver_28_0 domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx mediadrmserver_28_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediadrmserver_28_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediadrmserver_28_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediadrmserver_28_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediadrmserver_28_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediadrmserver_28_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow mediaextractor_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 mediaextractor_28_0 (dir (search)))
+(allow servicemanager_28_0 mediaextractor_28_0 (file (read open)))
+(allow servicemanager_28_0 mediaextractor_28_0 (process (getattr)))
+(allow mediaextractor_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediaextractor_28_0 (binder (transfer)))
+(allow mediaextractor_28_0 binderservicedomain (fd (use)))
+(allow mediaextractor_28_0 appdomain (binder (call transfer)))
+(allow appdomain mediaextractor_28_0 (binder (transfer)))
+(allow mediaextractor_28_0 appdomain (fd (use)))
+(allow mediaextractor_28_0 mediaextractor_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_252_28_0 mediaextractor_service_28_0 (service_manager (add)))
+(allow mediaextractor_28_0 mediametrics_service_28_0 (service_manager (find)))
+(allow mediaextractor_28_0 hidl_token_hwservice_28_0 (hwservice_manager (find)))
+(allow mediaextractor_28_0 system_server_28_0 (fd (use)))
+(allow mediaextractor_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediaextractor_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow mediaextractor_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow mediaextractor_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow mediaextractor_28_0 su_28_0 (fifo_file (append)))
+(allow mediaextractor_28_0 anr_data_file_28_0 (file (append)))
+(allow mediaextractor_28_0 dumpstate_28_0 (fd (use)))
+(allow mediaextractor_28_0 incidentd_28_0 (fd (use)))
+(allow mediaextractor_28_0 dumpstate_28_0 (fifo_file (write append)))
+(allow mediaextractor_28_0 incidentd_28_0 (fifo_file (write append)))
+(allow mediaextractor_28_0 system_server_28_0 (fifo_file (write append)))
+(allow mediaextractor_28_0 tombstoned_28_0 (unix_stream_socket (connectto)))
+(allow mediaextractor_28_0 tombstoned_28_0 (fd (use)))
+(allow mediaextractor_28_0 tombstoned_crash_socket_28_0 (sock_file (write)))
+(allow mediaextractor_28_0 tombstone_data_file_28_0 (file (append)))
+(allow mediaextractor_28_0 sdcardfs_28_0 (file (read getattr)))
+(allow mediaextractor_28_0 media_rw_data_file_28_0 (file (read getattr)))
+(allow mediaextractor_28_0 app_data_file_28_0 (file (read getattr)))
+(allow mediaextractor_28_0 apk_data_file_28_0 (file (read getattr)))
+(allow mediaextractor_28_0 asec_apk_file_28_0 (file (read getattr)))
+(allow mediaextractor_28_0 ringtone_file_28_0 (file (read getattr)))
+(allow mediaextractor_28_0 system_file_28_0 (dir (read open)))
+(allow mediaextractor_28_0 mediaextractor_update_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_252_28_0 mediaextractor_update_service_28_0 (service_manager (add)))
+(allow mediaextractor_28_0 apk_data_file_28_0 (dir (search)))
+(allow mediaextractor_28_0 apk_data_file_28_0 (file (execute open)))
+(neverallow mediaextractor_28_0 fs_type (file (execute_no_trans)))
+(neverallow mediaextractor_28_0 file_type (file (execute_no_trans)))
+(neverallow mediaextractor_28_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow mediaextractor_28_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediaextractor_28_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediaextractor_28_0 base_typeattr_253_28_0 (file (open)))
+(allow mediametrics_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 mediametrics_28_0 (dir (search)))
+(allow servicemanager_28_0 mediametrics_28_0 (file (read open)))
+(allow servicemanager_28_0 mediametrics_28_0 (process (getattr)))
+(allow mediametrics_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediametrics_28_0 (binder (transfer)))
+(allow mediametrics_28_0 binderservicedomain (fd (use)))
+(allow mediametrics_28_0 mediametrics_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_254_28_0 mediametrics_service_28_0 (service_manager (add)))
+(allow mediametrics_28_0 system_server_28_0 (fd (use)))
+(allow mediametrics_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediametrics_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow mediametrics_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow mediametrics_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow mediametrics_28_0 app_data_file_28_0 (file (write)))
+(allow mediametrics_28_0 package_native_service_28_0 (service_manager (find)))
+(neverallow mediametrics_28_0 fs_type (file (execute_no_trans)))
+(neverallow mediametrics_28_0 file_type (file (execute_no_trans)))
+(neverallow mediametrics_28_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow mediametrics_28_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediametrics_28_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow mediaserver_28_0 sdcard_type (dir (ioctl read getattr lock search open)))
+(allow mediaserver_28_0 sdcard_type (file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 sdcard_type (lnk_file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 proc_28_0 (lnk_file (getattr)))
+(allow mediaserver_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_28_0 self (process (ptrace)))
+(allow mediaserver_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 mediaserver_28_0 (dir (search)))
+(allow servicemanager_28_0 mediaserver_28_0 (file (read open)))
+(allow servicemanager_28_0 mediaserver_28_0 (process (getattr)))
+(allow mediaserver_28_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediaserver_28_0 (binder (transfer)))
+(allow mediaserver_28_0 binderservicedomain (fd (use)))
+(allow mediaserver_28_0 appdomain (binder (call transfer)))
+(allow appdomain mediaserver_28_0 (binder (transfer)))
+(allow mediaserver_28_0 appdomain (fd (use)))
+(allow mediaserver_28_0 media_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow mediaserver_28_0 media_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow mediaserver_28_0 app_data_file_28_0 (dir (search)))
+(allow mediaserver_28_0 app_data_file_28_0 (file (ioctl read write getattr lock append map open)))
+(allow mediaserver_28_0 sdcard_type (file (write)))
+(allow mediaserver_28_0 gpu_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediaserver_28_0 video_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_28_0 video_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediaserver_28_0 property_socket_28_0 (sock_file (write)))
+(allow mediaserver_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow mediaserver_28_0 audio_prop_28_0 (property_service (set)))
+(allow mediaserver_28_0 audio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 apk_data_file_28_0 (file (read getattr)))
+(allow mediaserver_28_0 asec_apk_file_28_0 (file (read getattr)))
+(allow mediaserver_28_0 ringtone_file_28_0 (file (read getattr)))
+(allow mediaserver_28_0 radio_data_file_28_0 (file (read getattr)))
+(allow mediaserver_28_0 appdomain (fifo_file (read write getattr)))
+(allow mediaserver_28_0 rpmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow mediaserver_28_0 system_server_28_0 (fifo_file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 media_rw_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_28_0 media_rw_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 media_rw_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 app_fuse_file_28_0 (file (read getattr)))
+(allow mediaserver_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow mediaserver_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 drmserver_socket_28_0 (sock_file (write)))
+(allow mediaserver_28_0 drmserver_28_0 (unix_stream_socket (connectto)))
+(allow mediaserver_28_0 bluetooth_socket_28_0 (sock_file (write)))
+(allow mediaserver_28_0 bluetooth_28_0 (unix_stream_socket (connectto)))
+(allow mediaserver_28_0 mediaserver_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_255_28_0 mediaserver_service_28_0 (service_manager (add)))
+(allow mediaserver_28_0 activity_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 appops_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 audioserver_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 cameraserver_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 batterystats_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 drmserver_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 mediaextractor_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 mediacodec_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 mediametrics_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 media_session_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 permission_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 power_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 processinfo_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 scheduling_policy_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 surfaceflinger_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 mediadrmserver_service_28_0 (service_manager (find)))
+(allow mediaserver_28_0 hidl_token_hwservice_28_0 (hwservice_manager (find)))
+(allow mediaserver_28_0 oemfs_28_0 (dir (search)))
+(allow mediaserver_28_0 oemfs_28_0 (file (ioctl read getattr lock map open)))
+(allow drmserver_28_0 mediaserver_28_0 (dir (search)))
+(allow drmserver_28_0 mediaserver_28_0 (file (read open)))
+(allow drmserver_28_0 mediaserver_28_0 (process (getattr)))
+(allow mediaserver_28_0 drmserver_28_0 (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread)))
+(allowx mediaserver_28_0 self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx mediaserver_28_0 self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx mediaserver_28_0 self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx mediaserver_28_0 self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx mediaserver_28_0 self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx mediaserver_28_0 self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx mediaserver_28_0 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx mediaserver_28_0 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx mediaserver_28_0 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allow mediaserver_28_0 media_rw_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow mediaserver_28_0 media_rw_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow mediaserver_28_0 preloads_media_file_28_0 (file (ioctl read getattr)))
+(allow mediaserver_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow mediaserver_28_0 hal_graphics_allocator (fd (use)))
+(allow mediaserver_28_0 hal_graphics_composer (fd (use)))
+(allow mediaserver_28_0 hal_camera (fd (use)))
+(allow mediaserver_28_0 system_server_28_0 (fd (use)))
+(allow mediaserver_28_0 mediacodec_28_0 (binder (call transfer)))
+(allow mediacodec_28_0 mediaserver_28_0 (binder (transfer)))
+(allow mediaserver_28_0 mediacodec_28_0 (fd (use)))
+(neverallow mediaserver_28_0 fs_type (file (execute_no_trans)))
+(neverallow mediaserver_28_0 file_type (file (execute_no_trans)))
+(neverallowx mediaserver_28_0 domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx mediaserver_28_0 domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx mediaserver_28_0 domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx mediaserver_28_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediaserver_28_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediaserver_28_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediaserver_28_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediaserver_28_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediaserver_28_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow modprobe_28_0 proc_modules_28_0 (file (ioctl read getattr lock map open)))
+(allow modprobe_28_0 self (capability (sys_module)))
+(allow modprobe_28_0 self (cap_userns (sys_module)))
+(allow modprobe_28_0 kernel_28_0 (key (search)))
+(allow mtp_28_0 self (socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow mtp_28_0 self (capability (net_raw)))
+(allow mtp_28_0 self (cap_userns (net_raw)))
+(allow mtp_28_0 ppp_28_0 (process (signal)))
+(allow mtp_28_0 vpn_data_file_28_0 (dir (search)))
+(allowx netd_28_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx netd_28_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx netd_28_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow netd_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow netd_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow netd_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow netd_28_0 system_server_28_0 (fd (use)))
+(allow netd_28_0 self (capability (kill net_admin net_raw)))
+(allow netd_28_0 self (cap_userns (kill net_admin net_raw)))
+(dontaudit netd_28_0 self (capability (fsetid)))
+(dontaudit netd_28_0 self (cap_userns (fsetid)))
+(allow netd_28_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_28_0 self (netlink_route_socket (nlmsg_write)))
+(allow netd_28_0 self (netlink_nflog_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_28_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_28_0 self (netlink_tcpdiag_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
+(allow netd_28_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_28_0 self (netlink_netfilter_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow netd_28_0 system_file_28_0 (file (getattr map execute execute_no_trans)))
+(allow netd_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow netd_28_0 system_file_28_0 (file (lock)))
+(allow netd_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow netd_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow netd_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow netd_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow netd_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow netd_28_0 proc_net_28_0 (file (ioctl read write getattr lock append map open)))
+(allow netd_28_0 sysfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow netd_28_0 sysfs_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow netd_28_0 sysfs_net_28_0 (file (ioctl read getattr lock map open)))
+(allow netd_28_0 sysfs_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow netd_28_0 sysfs_net_28_0 (file (write lock append map open)))
+(allow netd_28_0 sysfs_usb_28_0 (file (write)))
+(allow netd_28_0 fs_bpf_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow netd_28_0 fs_bpf_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow netd_28_0 self (capability (chown dac_override)))
+(allow netd_28_0 self (cap_userns (chown dac_override)))
+(allow netd_28_0 net_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow netd_28_0 net_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow netd_28_0 self (capability (fowner)))
+(allow netd_28_0 self (cap_userns (fowner)))
+(allow netd_28_0 system_file_28_0 (file (lock)))
+(allow netd_28_0 dnsmasq_28_0 (process (signal)))
+(allow netd_28_0 clatd_28_0 (process (signal)))
+(allow netd_28_0 property_socket_28_0 (sock_file (write)))
+(allow netd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow netd_28_0 ctl_mdnsd_prop_28_0 (property_service (set)))
+(allow netd_28_0 ctl_mdnsd_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow netd_28_0 property_socket_28_0 (sock_file (write)))
+(allow netd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow netd_28_0 netd_stable_secret_prop_28_0 (property_service (set)))
+(allow netd_28_0 netd_stable_secret_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow netd_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 netd_28_0 (dir (search)))
+(allow servicemanager_28_0 netd_28_0 (file (read open)))
+(allow servicemanager_28_0 netd_28_0 (process (getattr)))
+(allow netd_28_0 netd_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_256_28_0 netd_service_28_0 (service_manager (add)))
+(allow netd_28_0 dumpstate_28_0 (fifo_file (write getattr)))
+(allow netd_28_0 system_server_28_0 (binder (call)))
+(allow netd_28_0 permission_service_28_0 (service_manager (find)))
+(allow netd_28_0 netd_listener_service_28_0 (service_manager (find)))
+(allow netd_28_0 netdomain (tcp_socket (read write getattr setattr getopt setopt)))
+(allow netd_28_0 netdomain (udp_socket (read write getattr setattr getopt setopt)))
+(allow netd_28_0 netdomain (rawip_socket (read write getattr setattr getopt setopt)))
+(allow netd_28_0 netdomain (tun_socket (read write getattr setattr getopt setopt)))
+(allow netd_28_0 netdomain (fd (use)))
+(allow netd_28_0 self (netlink_xfrm_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
+(allow netd_28_0 self (bpf (map_create map_read map_write)))
+(allow netd_28_0 system_net_netd_hwservice_28_0 (hwservice_manager (add find)))
+(allow netd_28_0 hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_256_28_0 system_net_netd_hwservice_28_0 (hwservice_manager (add)))
+(allow netd_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 netd_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 netd_28_0 (dir (search)))
+(allow hwservicemanager_28_0 netd_28_0 (file (read open)))
+(allow hwservicemanager_28_0 netd_28_0 (process (getattr)))
+(allow netd_28_0 hwservicemanager_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow netd_28_0 dev_type (blk_file (read write)))
+(neverallow netd_28_0 domain (process (ptrace)))
+(neverallow netd_28_0 system_file_28_0 (file (write)))
+(neverallow netd_28_0 system_file_28_0 (dir (write)))
+(neverallow netd_28_0 system_file_28_0 (lnk_file (write)))
+(neverallow netd_28_0 system_file_28_0 (chr_file (write)))
+(neverallow netd_28_0 system_file_28_0 (blk_file (write)))
+(neverallow netd_28_0 system_file_28_0 (sock_file (write)))
+(neverallow netd_28_0 system_file_28_0 (fifo_file (write)))
+(neverallow netd_28_0 system_data_file_28_0 (file (write)))
+(neverallow netd_28_0 system_data_file_28_0 (dir (write)))
+(neverallow netd_28_0 system_data_file_28_0 (lnk_file (write)))
+(neverallow netd_28_0 system_data_file_28_0 (chr_file (write)))
+(neverallow netd_28_0 system_data_file_28_0 (blk_file (write)))
+(neverallow netd_28_0 system_data_file_28_0 (sock_file (write)))
+(neverallow netd_28_0 system_data_file_28_0 (fifo_file (write)))
+(neverallow netd_28_0 app_data_file_28_0 (file (write)))
+(neverallow netd_28_0 app_data_file_28_0 (dir (write)))
+(neverallow netd_28_0 app_data_file_28_0 (lnk_file (write)))
+(neverallow netd_28_0 app_data_file_28_0 (chr_file (write)))
+(neverallow netd_28_0 app_data_file_28_0 (blk_file (write)))
+(neverallow netd_28_0 app_data_file_28_0 (sock_file (write)))
+(neverallow netd_28_0 app_data_file_28_0 (fifo_file (write)))
+(neverallow base_typeattr_257_28_0 netd_service_28_0 (service_manager (find)))
+(neverallow base_typeattr_256_28_0 netd_28_0 (bpf (map_create)))
+(neverallow appdomain netd_28_0 (binder (call)))
+(neverallow netd_28_0 base_typeattr_49_28_0 (binder (call)))
+(neverallow base_typeattr_258_28_0 netd_stable_secret_prop_28_0 (file (ioctl read getattr lock map open)))
+(neverallow base_typeattr_259_28_0 netd_stable_secret_prop_28_0 (property_service (set)))
+(neverallow domain netutils_wrapper_exec_28_0 (file (execute_no_trans)))
+(allow otapreopt_chroot_28_0 postinstall_file_28_0 (dir (mounton search)))
+(allow otapreopt_chroot_28_0 self (capability (sys_chroot sys_admin)))
+(allow otapreopt_chroot_28_0 self (cap_userns (sys_chroot sys_admin)))
+(allow otapreopt_chroot_28_0 block_device_28_0 (dir (search)))
+(allow otapreopt_chroot_28_0 labeledfs_28_0 (filesystem (mount)))
+(dontaudit otapreopt_chroot_28_0 kernel_28_0 (process (setsched)))
+(allow otapreopt_chroot_28_0 postinstall_28_0 (fd (use)))
+(allow otapreopt_chroot_28_0 update_engine_28_0 (fd (use)))
+(allow otapreopt_chroot_28_0 update_engine_28_0 (fifo_file (write)))
+(allow otapreopt_slot_28_0 ota_data_file_28_0 (dir (ioctl read write getattr lock rename add_name remove_name reparent search rmdir open)))
+(allow otapreopt_slot_28_0 ota_data_file_28_0 (file (getattr)))
+(allow otapreopt_slot_28_0 ota_data_file_28_0 (lnk_file (getattr)))
+(allow otapreopt_slot_28_0 ota_data_file_28_0 (lnk_file (read)))
+(allow otapreopt_slot_28_0 dalvikcache_data_file_28_0 (dir (read write getattr add_name remove_name search rmdir open)))
+(allow otapreopt_slot_28_0 dalvikcache_data_file_28_0 (file (getattr unlink)))
+(allow otapreopt_slot_28_0 dalvikcache_data_file_28_0 (lnk_file (read getattr unlink)))
+(allow otapreopt_slot_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow otapreopt_slot_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow performanced_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 performanced_28_0 (dir (search)))
+(allow servicemanager_28_0 performanced_28_0 (file (read open)))
+(allow servicemanager_28_0 performanced_28_0 (process (getattr)))
+(allow performanced_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 performanced_28_0 (binder (transfer)))
+(allow performanced_28_0 system_server_28_0 (fd (use)))
+(allow performanced_28_0 permission_service_28_0 (service_manager (find)))
+(allow init_28_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (create bind)))
+(allow performanced_28_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
+(allow performanced_28_0 self (process (setsockcreate)))
+(allow performanced_28_0 pdx_performance_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown)))
+(neverallow base_typeattr_260_28_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(allow performanced_28_0 self (capability (setgid setuid sys_nice)))
+(allow performanced_28_0 self (cap_userns (setgid setuid sys_nice)))
+(allow performanced_28_0 appdomain (dir (ioctl read getattr lock search open)))
+(allow performanced_28_0 bufferhubd_28_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_28_0 kernel_28_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_28_0 surfaceflinger_28_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_28_0 appdomain (file (ioctl read getattr lock map open)))
+(allow performanced_28_0 appdomain (lnk_file (ioctl read getattr lock map open)))
+(allow performanced_28_0 bufferhubd_28_0 (file (ioctl read getattr lock map open)))
+(allow performanced_28_0 bufferhubd_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow performanced_28_0 kernel_28_0 (file (ioctl read getattr lock map open)))
+(allow performanced_28_0 kernel_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow performanced_28_0 surfaceflinger_28_0 (file (ioctl read getattr lock map open)))
+(allow performanced_28_0 surfaceflinger_28_0 (lnk_file (ioctl read getattr lock map open)))
+(dontaudit performanced_28_0 domain (dir (read)))
+(allow performanced_28_0 appdomain (process (setsched)))
+(allow performanced_28_0 bufferhubd_28_0 (process (setsched)))
+(allow performanced_28_0 kernel_28_0 (process (setsched)))
+(allow performanced_28_0 surfaceflinger_28_0 (process (setsched)))
+(dontaudit performanced_28_0 domain (dir (open)))
+(dontaudit performanced_28_0 domain (file (read getattr open)))
+(allow performanced_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow performanced_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 sysfs_type (dir (search)))
+(allow perfprofd_28_0 sysfs_devices_system_cpu_28_0 (file (ioctl read write getattr lock append map open)))
+(allow perfprofd_28_0 system_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow perfprofd_28_0 app_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 app_data_file_28_0 (dir (search)))
+(allow perfprofd_28_0 self (capability (dac_override)))
+(allow perfprofd_28_0 self (cap_userns (dac_override)))
+(allow perfprofd_28_0 perfprofd_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow perfprofd_28_0 perfprofd_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow perfprofd_28_0 logcat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow perfprofd_28_0 logdr_socket_28_0 (sock_file (write)))
+(allow perfprofd_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow perfprofd_28_0 logdw_socket_28_0 (sock_file (write)))
+(allow perfprofd_28_0 logd_28_0 (unix_dgram_socket (sendto)))
+(allow perfprofd_28_0 pmsg_device_28_0 (chr_file (write lock append map open)))
+(allow perfprofd_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow perfprofd_28_0 self (capability2 (block_suspend)))
+(allow perfprofd_28_0 self (cap2_userns (block_suspend)))
+(allow perfprofd_28_0 sysfs_thermal_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 sysfs_batteryinfo_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 sysfs_batteryinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 sysfs_batteryinfo_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 sysfs_kernel_notes_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 proc_loadavg_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 proc_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 proc_modules_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 proc_perf_28_0 (file (write)))
+(dontaudit perfprofd_28_0 proc_security_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow perfprofd_28_0 self (capability (sys_admin)))
+(allow perfprofd_28_0 self (cap_userns (sys_admin)))
+(allow perfprofd_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 domain (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 domain (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 self (capability (sys_ptrace sys_resource)))
+(allow perfprofd_28_0 self (cap_userns (sys_ptrace sys_resource)))
+(neverallow perfprofd_28_0 domain (process (ptrace)))
+(allow perfprofd_28_0 exec_type (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 apk_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 apk_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 apk_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 dalvikcache_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 dalvikcache_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 dalvikcache_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 vendor_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 vendor_file_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 vendor_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 vendor_app_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 vendor_app_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 property_socket_28_0 (sock_file (write)))
+(allow perfprofd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow perfprofd_28_0 shell_prop_28_0 (property_service (set)))
+(allow perfprofd_28_0 shell_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 debugfs_tracing_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 debugfs_tracing_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 debugfs_tracing_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 debugfs_tracing_debug_28_0 (dir (ioctl read getattr lock search open)))
+(allow perfprofd_28_0 debugfs_tracing_debug_28_0 (file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 debugfs_tracing_debug_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow perfprofd_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow perfprofd_28_0 self (capability (ipc_lock)))
+(allow perfprofd_28_0 self (cap_userns (ipc_lock)))
+(dontaudit perfprofd_28_0 shell_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit perfprofd_28_0 shell_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow perfprofd_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 perfprofd_28_0 (dir (search)))
+(allow servicemanager_28_0 perfprofd_28_0 (file (read open)))
+(allow servicemanager_28_0 perfprofd_28_0 (process (getattr)))
+(allow perfprofd_28_0 perfprofd_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_261_28_0 perfprofd_service_28_0 (service_manager (add)))
+(allow perfprofd_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow perfprofd_28_0 su_28_0 (unix_stream_socket (read write getattr sendto)))
+(allow perfprofd_28_0 su_28_0 (fifo_file (ioctl read getattr lock map open)))
+(allow perfprofd_28_0 dropbox_service_28_0 (service_manager (find)))
+(allow perfprofd_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 perfprofd_28_0 (binder (transfer)))
+(allow perfprofd_28_0 system_server_28_0 (fd (use)))
+(allow postinstall_28_0 update_engine_common (fd (use)))
+(allow postinstall_28_0 update_engine_common (fifo_file (ioctl read write getattr lock append map open)))
+(allow postinstall_28_0 postinstall_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow postinstall_28_0 postinstall_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow postinstall_28_0 postinstall_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow postinstall_28_0 system_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow postinstall_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow postinstall_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 postinstall_28_0 (dir (search)))
+(allow servicemanager_28_0 postinstall_28_0 (file (read open)))
+(allow servicemanager_28_0 postinstall_28_0 (process (getattr)))
+(allow postinstall_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 postinstall_28_0 (binder (transfer)))
+(allow postinstall_28_0 system_server_28_0 (fd (use)))
+(allow postinstall_28_0 otadexopt_service_28_0 (service_manager (find)))
+(neverallow base_typeattr_101_28_0 postinstall_28_0 (process (transition dyntransition)))
+(allow postinstall_dexopt_28_0 self (capability (chown dac_override fowner fsetid setgid setuid)))
+(allow postinstall_dexopt_28_0 self (cap_userns (chown dac_override fowner fsetid setgid setuid)))
+(allow postinstall_dexopt_28_0 postinstall_file_28_0 (filesystem (getattr)))
+(allow postinstall_dexopt_28_0 postinstall_file_28_0 (dir (getattr search)))
+(allow postinstall_dexopt_28_0 postinstall_file_28_0 (lnk_file (read getattr)))
+(allow postinstall_dexopt_28_0 proc_filesystems_28_0 (file (read getattr open)))
+(allow postinstall_dexopt_28_0 tmpfs_28_0 (file (read)))
+(allow postinstall_dexopt_28_0 apk_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_28_0 apk_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 apk_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 vendor_app_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_28_0 vendor_app_file_28_0 (file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 vendor_app_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 user_profile_data_file_28_0 (dir (getattr search)))
+(allow postinstall_dexopt_28_0 user_profile_data_file_28_0 (file (ioctl read getattr lock map open)))
+(dontaudit postinstall_dexopt_28_0 user_profile_data_file_28_0 (file (write)))
+(allow postinstall_dexopt_28_0 ota_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow postinstall_dexopt_28_0 ota_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow postinstall_dexopt_28_0 ota_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (dir (relabelto)))
+(allow postinstall_dexopt_28_0 dalvikcache_data_file_28_0 (file (relabelto link)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow postinstall_dexopt_28_0 kernel_28_0 (security (check_context)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow postinstall_dexopt_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow postinstall_dexopt_28_0 kernel_28_0 (security (compute_av)))
+(allow postinstall_dexopt_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow postinstall_dexopt_28_0 postinstall_28_0 (process (sigchld)))
+(allow postinstall_dexopt_28_0 otapreopt_chroot_28_0 (fd (use)))
+(allow postinstall_dexopt_28_0 cpuctl_device_28_0 (dir (search)))
+(allow ppp_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow ppp_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow ppp_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow ppp_28_0 mtp_28_0 (socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx ppp_28_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx ppp_28_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx ppp_28_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allowx ppp_28_0 mtp_28_0 (ioctl socket (((range 0x7436 0x7441)) ((range 0x7446 0x7447)) ((range 0x744b 0x745a)) ((range 0x7480 0x7488)))))
+(allow ppp_28_0 mtp_28_0 (unix_dgram_socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow ppp_28_0 ppp_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow ppp_28_0 self (capability (net_admin)))
+(allow ppp_28_0 self (cap_userns (net_admin)))
+(allow ppp_28_0 system_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow ppp_28_0 vpn_data_file_28_0 (dir (write lock add_name remove_name search open)))
+(allow ppp_28_0 vpn_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow ppp_28_0 mtp_28_0 (fd (use)))
+(allow preopt2cachename_28_0 cppreopts_28_0 (fd (use)))
+(allow preopt2cachename_28_0 cppreopts_28_0 (fifo_file (read write getattr)))
+(allow preopt2cachename_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow profman_28_0 user_profile_data_file_28_0 (file (read write getattr lock)))
+(allow profman_28_0 asec_apk_file_28_0 (file (read)))
+(allow profman_28_0 apk_data_file_28_0 (file (read getattr)))
+(allow profman_28_0 apk_data_file_28_0 (dir (read getattr search)))
+(allow profman_28_0 oemfs_28_0 (file (read)))
+(allow profman_28_0 tmpfs_28_0 (file (read)))
+(allow profman_28_0 profman_dump_data_file_28_0 (file (write)))
+(allow profman_28_0 installd_28_0 (fd (use)))
+(allow profman_28_0 app_data_file_28_0 (file (read write getattr lock)))
+(allow profman_28_0 app_data_file_28_0 (dir (read getattr search)))
+(neverallow profman_28_0 app_data_file_28_0 (file (open)))
+(neverallow profman_28_0 app_data_file_28_0 (lnk_file (open)))
+(neverallow profman_28_0 app_data_file_28_0 (sock_file (open)))
+(neverallow profman_28_0 app_data_file_28_0 (fifo_file (open)))
+(allow property_type tmpfs_28_0 (filesystem (associate)))
+(neverallow base_typeattr_59_28_0 base_typeattr_262_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_84_28_0 ctl_sigstop_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_bootanim_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_bugreport_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_console_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_default_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_dumpstate_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_fuse_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_mdnsd_prop_28_0 (property_service (set)))
+(dontaudit domain ctl_rildaemon_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_263_28_0 base_typeattr_264_28_0 (property_service (set)))
+(neverallow base_typeattr_265_28_0 nfc_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_266_28_0 exported_radio_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_266_28_0 exported3_radio_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_267_28_0 radio_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_267_28_0 exported2_radio_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_268_28_0 bluetooth_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_269_28_0 exported_bluetooth_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_270_28_0 wifi_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_271_28_0 exported_wifi_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_263_28_0 base_typeattr_272_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_265_28_0 nfc_prop_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_267_28_0 radio_prop_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_268_28_0 bluetooth_prop_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_270_28_0 wifi_prop_28_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_273_28_0 base_typeattr_274_28_0 (property_service (set)))
+(allowx racoon_28_0 self (ioctl udp_socket (0x8914 0x8916 0x891c)))
+(allow racoon_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 racoon_28_0 (dir (search)))
+(allow servicemanager_28_0 racoon_28_0 (file (read open)))
+(allow servicemanager_28_0 racoon_28_0 (process (getattr)))
+(allow racoon_28_0 tun_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow racoon_28_0 cgroup_28_0 (dir (create add_name)))
+(allow racoon_28_0 kernel_28_0 (system (module_request)))
+(allow racoon_28_0 self (key_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow racoon_28_0 self (tun_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow racoon_28_0 self (capability (net_bind_service net_admin net_raw)))
+(allow racoon_28_0 self (cap_userns (net_bind_service net_admin net_raw)))
+(allow racoon_28_0 system_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow racoon_28_0 vpn_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow racoon_28_0 vpn_data_file_28_0 (dir (write lock add_name remove_name search open)))
+(allow keystore_28_0 racoon_28_0 (dir (search)))
+(allow keystore_28_0 racoon_28_0 (file (read open)))
+(allow keystore_28_0 racoon_28_0 (process (getattr)))
+(allow racoon_28_0 keystore_service_28_0 (service_manager (find)))
+(allow racoon_28_0 keystore_28_0 (binder (call transfer)))
+(allow keystore_28_0 racoon_28_0 (binder (transfer)))
+(allow racoon_28_0 keystore_28_0 (fd (use)))
+(allow keystore_28_0 racoon_28_0 (binder (call transfer)))
+(allow racoon_28_0 keystore_28_0 (binder (transfer)))
+(allow keystore_28_0 racoon_28_0 (fd (use)))
+(allow racoon_28_0 keystore_28_0 (keystore_key (get sign verify)))
+(allow radio_28_0 radio_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow radio_28_0 radio_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow radio_28_0 radio_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow radio_28_0 radio_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow radio_28_0 radio_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow radio_28_0 alarm_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow radio_28_0 net_data_file_28_0 (dir (search)))
+(allow radio_28_0 net_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 property_socket_28_0 (sock_file (write)))
+(allow radio_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow radio_28_0 radio_prop_28_0 (property_service (set)))
+(allow radio_28_0 radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 property_socket_28_0 (sock_file (write)))
+(allow radio_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow radio_28_0 exported_radio_prop_28_0 (property_service (set)))
+(allow radio_28_0 exported_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 property_socket_28_0 (sock_file (write)))
+(allow radio_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow radio_28_0 exported2_radio_prop_28_0 (property_service (set)))
+(allow radio_28_0 exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 property_socket_28_0 (sock_file (write)))
+(allow radio_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow radio_28_0 exported3_radio_prop_28_0 (property_service (set)))
+(allow radio_28_0 exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 property_socket_28_0 (sock_file (write)))
+(allow radio_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow radio_28_0 net_radio_prop_28_0 (property_service (set)))
+(allow radio_28_0 net_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 property_socket_28_0 (sock_file (write)))
+(allow radio_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow radio_28_0 ctl_rildaemon_prop_28_0 (property_service (set)))
+(allow radio_28_0 ctl_rildaemon_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow radio_28_0 radio_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_275_28_0 radio_service_28_0 (service_manager (add)))
+(allow radio_28_0 audioserver_service_28_0 (service_manager (find)))
+(allow radio_28_0 cameraserver_service_28_0 (service_manager (find)))
+(allow radio_28_0 drmserver_service_28_0 (service_manager (find)))
+(allow radio_28_0 mediaserver_service_28_0 (service_manager (find)))
+(allow radio_28_0 nfc_service_28_0 (service_manager (find)))
+(allow radio_28_0 app_api_service (service_manager (find)))
+(allow radio_28_0 system_api_service (service_manager (find)))
+(allow radio_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 radio_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 radio_28_0 (dir (search)))
+(allow hwservicemanager_28_0 radio_28_0 (file (read open)))
+(allow hwservicemanager_28_0 radio_28_0 (process (getattr)))
+(neverallow recovery_28_0 base_typeattr_276_28_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow recovery_28_0 base_typeattr_276_28_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(allow recovery_persist_28_0 pstorefs_28_0 (dir (search)))
+(allow recovery_persist_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow recovery_persist_28_0 recovery_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow recovery_persist_28_0 recovery_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(neverallow recovery_persist_28_0 dev_type (blk_file (read write)))
+(neverallow recovery_persist_28_0 domain (process (ptrace)))
+(neverallow recovery_persist_28_0 system_file_28_0 (file (write)))
+(neverallow recovery_persist_28_0 system_file_28_0 (dir (write)))
+(neverallow recovery_persist_28_0 system_file_28_0 (lnk_file (write)))
+(neverallow recovery_persist_28_0 system_file_28_0 (chr_file (write)))
+(neverallow recovery_persist_28_0 system_file_28_0 (blk_file (write)))
+(neverallow recovery_persist_28_0 system_file_28_0 (sock_file (write)))
+(neverallow recovery_persist_28_0 system_file_28_0 (fifo_file (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (file (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (dir (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (lnk_file (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (chr_file (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (blk_file (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (sock_file (write)))
+(neverallow recovery_persist_28_0 system_data_file_28_0 (fifo_file (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (file (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (dir (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (lnk_file (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (chr_file (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (blk_file (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (sock_file (write)))
+(neverallow recovery_persist_28_0 app_data_file_28_0 (fifo_file (write)))
+(allow recovery_refresh_28_0 pstorefs_28_0 (dir (search)))
+(allow recovery_refresh_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(neverallow recovery_refresh_28_0 dev_type (blk_file (read write)))
+(neverallow recovery_refresh_28_0 domain (process (ptrace)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (file (write)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (dir (write)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (lnk_file (write)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (chr_file (write)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (blk_file (write)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (sock_file (write)))
+(neverallow recovery_refresh_28_0 system_file_28_0 (fifo_file (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (file (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (dir (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (lnk_file (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (chr_file (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (blk_file (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (sock_file (write)))
+(neverallow recovery_refresh_28_0 system_data_file_28_0 (fifo_file (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (file (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (dir (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (lnk_file (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (chr_file (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (blk_file (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (sock_file (write)))
+(neverallow recovery_refresh_28_0 app_data_file_28_0 (fifo_file (write)))
+(allow runas_28_0 adbd_28_0 (fd (use)))
+(allow runas_28_0 adbd_28_0 (process (sigchld)))
+(allow runas_28_0 adbd_28_0 (unix_stream_socket (read write)))
+(allow runas_28_0 shell_28_0 (fd (use)))
+(allow runas_28_0 shell_28_0 (fifo_file (read write)))
+(allow runas_28_0 shell_28_0 (unix_stream_socket (read write)))
+(allow runas_28_0 devpts_28_0 (chr_file (ioctl read write)))
+(allow runas_28_0 shell_data_file_28_0 (file (read write)))
+(allow runas_28_0 system_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow runas_28_0 system_data_file_28_0 (lnk_file (getattr)))
+(allow runas_28_0 system_data_file_28_0 (lnk_file (read)))
+(dontaudit runas_28_0 self (capability (dac_override)))
+(dontaudit runas_28_0 self (cap_userns (dac_override)))
+(allow runas_28_0 app_data_file_28_0 (dir (getattr search)))
+(allow runas_28_0 self (capability (setgid setuid)))
+(allow runas_28_0 self (cap_userns (setgid setuid)))
+(allow runas_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow runas_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow runas_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow runas_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow runas_28_0 kernel_28_0 (security (check_context)))
+(allow runas_28_0 self (process (setcurrent)))
+(allow runas_28_0 base_typeattr_277_28_0 (process (dyntransition)))
+(allow runas_28_0 seapp_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(neverallow runas_28_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow runas_28_0 self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow runas_28_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(neverallow runas_28_0 self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(allow sdcardd_28_0 cgroup_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow sdcardd_28_0 fuse_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow sdcardd_28_0 rootfs_28_0 (dir (mounton)))
+(allow sdcardd_28_0 sdcardfs_28_0 (filesystem (remount)))
+(allow sdcardd_28_0 tmpfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow sdcardd_28_0 mnt_media_rw_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow sdcardd_28_0 storage_file_28_0 (dir (search)))
+(allow sdcardd_28_0 storage_stub_file_28_0 (dir (mounton search)))
+(allow sdcardd_28_0 sdcard_type (filesystem (mount unmount)))
+(allow sdcardd_28_0 self (capability (dac_override setgid setuid sys_admin sys_resource)))
+(allow sdcardd_28_0 self (cap_userns (dac_override setgid setuid sys_admin sys_resource)))
+(allow sdcardd_28_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow sdcardd_28_0 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow sdcardd_28_0 media_rw_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow sdcardd_28_0 media_rw_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow sdcardd_28_0 system_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow sdcardd_28_0 install_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow sdcardd_28_0 vold_28_0 (fd (use)))
+(allow sdcardd_28_0 vold_28_0 (fifo_file (read write getattr)))
+(allow sdcardd_28_0 mnt_expand_file_28_0 (dir (search)))
+(allow sdcardd_28_0 proc_filesystems_28_0 (file (ioctl read getattr lock map open)))
+(neverallow init_28_0 sdcardd_exec_28_0 (file (execute)))
+(neverallow init_28_0 sdcardd_28_0 (process (transition dyntransition)))
+(allow servicemanager_28_0 self (binder (set_context_mgr)))
+(allow servicemanager_28_0 base_typeattr_278_28_0 (binder (transfer)))
+(allow servicemanager_28_0 service_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow servicemanager_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow servicemanager_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow servicemanager_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow servicemanager_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow servicemanager_28_0 kernel_28_0 (security (compute_av)))
+(allow servicemanager_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow sgdisk_28_0 block_device_28_0 (dir (search)))
+(allow sgdisk_28_0 vold_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow sgdisk_28_0 devpts_28_0 (chr_file (ioctl read write getattr)))
+(allow sgdisk_28_0 vold_28_0 (fd (use)))
+(allow sgdisk_28_0 vold_28_0 (fifo_file (read write getattr)))
+(allow sgdisk_28_0 self (capability (sys_admin)))
+(allow sgdisk_28_0 self (cap_userns (sys_admin)))
+(neverallow base_typeattr_176_28_0 sgdisk_28_0 (process (transition)))
+(neverallow base_typeattr_59_28_0 sgdisk_28_0 (process (dyntransition)))
+(neverallow sgdisk_28_0 base_typeattr_279_28_0 (file (entrypoint)))
+(allow shared_relro_28_0 shared_relro_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow shared_relro_28_0 shared_relro_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow shared_relro_28_0 activity_service_28_0 (service_manager (find)))
+(allow shared_relro_28_0 webviewupdate_service_28_0 (service_manager (find)))
+(allow shell_28_0 logcat_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 logdr_socket_28_0 (sock_file (write)))
+(allow shell_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 logd_socket_28_0 (sock_file (write)))
+(allow shell_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 pstorefs_28_0 (dir (search)))
+(allow shell_28_0 pstorefs_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 anr_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 anr_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 shell_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow shell_28_0 shell_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow shell_28_0 shell_data_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 shell_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow shell_28_0 trace_data_file_28_0 (file (ioctl read getattr lock map unlink open)))
+(allow shell_28_0 trace_data_file_28_0 (dir (ioctl read write getattr lock remove_name search open)))
+(allow shell_28_0 profman_dump_data_file_28_0 (dir (ioctl read write getattr lock remove_name search open)))
+(allow shell_28_0 profman_dump_data_file_28_0 (file (ioctl read getattr lock map unlink open)))
+(allow shell_28_0 nativetest_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 nativetest_data_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 dumpstate_socket_28_0 (sock_file (write)))
+(allow shell_28_0 dumpstate_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow shell_28_0 tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow shell_28_0 console_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow shell_28_0 input_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 input_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow shell_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow shell_28_0 system_file_28_0 (file (getattr map execute execute_no_trans)))
+(allow shell_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 tzdatacheck_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 zygote_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow shell_28_0 apk_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 apk_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 apk_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 shell_prop_28_0 (property_service (set)))
+(allow shell_28_0 shell_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 ctl_bugreport_prop_28_0 (property_service (set)))
+(allow shell_28_0 ctl_bugreport_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 ctl_dumpstate_prop_28_0 (property_service (set)))
+(allow shell_28_0 ctl_dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 dumpstate_prop_28_0 (property_service (set)))
+(allow shell_28_0 dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 exported_dumpstate_prop_28_0 (property_service (set)))
+(allow shell_28_0 exported_dumpstate_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 debug_prop_28_0 (property_service (set)))
+(allow shell_28_0 debug_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 powerctl_prop_28_0 (property_service (set)))
+(allow shell_28_0 powerctl_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 log_tag_prop_28_0 (property_service (set)))
+(allow shell_28_0 log_tag_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 wifi_log_prop_28_0 (property_service (set)))
+(allow shell_28_0 wifi_log_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 traced_enabled_prop_28_0 (property_service (set)))
+(allow shell_28_0 traced_enabled_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 log_prop_28_0 (property_service (set)))
+(allow shell_28_0 log_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 logpersistd_logging_prop_28_0 (property_service (set)))
+(allow shell_28_0 logpersistd_logging_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 boottrace_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow shell_28_0 boottrace_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow shell_28_0 property_socket_28_0 (sock_file (write)))
+(allow shell_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow shell_28_0 persist_debug_prop_28_0 (property_service (set)))
+(allow shell_28_0 persist_debug_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 serialno_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 vendor_security_patch_level_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 device_logging_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 bootloader_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 last_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 system_boot_reason_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 servicemanager_28_0 (service_manager (list)))
+(allow shell_28_0 base_typeattr_280_28_0 (service_manager (find)))
+(allow shell_28_0 dumpstate_28_0 (binder (call)))
+(allow shell_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 shell_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 shell_28_0 (dir (search)))
+(allow hwservicemanager_28_0 shell_28_0 (file (read open)))
+(allow hwservicemanager_28_0 shell_28_0 (process (getattr)))
+(allow shell_28_0 hwservicemanager_28_0 (hwservice_manager (list)))
+(allow shell_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_asound_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_filesystems_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_interrupts_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_modules_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_pid_max_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_stat_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_timer_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_uptime_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_version_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 proc_zoneinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 sysfs_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 cgroup_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 cgroup_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 cgroup_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow shell_28_0 domain (dir (read getattr search open)))
+(allow shell_28_0 domain (file (read getattr open)))
+(allow shell_28_0 domain (lnk_file (read getattr open)))
+(allow shell_28_0 labeledfs_28_0 (filesystem (getattr)))
+(allow shell_28_0 proc_28_0 (filesystem (getattr)))
+(allow shell_28_0 device_28_0 (dir (getattr)))
+(allow shell_28_0 domain (process (getattr)))
+(allow shell_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 bootchart_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow shell_28_0 bootchart_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow shell_28_0 self (process (ptrace)))
+(allow shell_28_0 sysfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 sysfs_batteryinfo_28_0 (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 sysfs_batteryinfo_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 ion_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow shell_28_0 dev_type (dir (ioctl read getattr lock search open)))
+(allow shell_28_0 dev_type (chr_file (getattr)))
+(allow shell_28_0 proc_28_0 (lnk_file (getattr)))
+(allow shell_28_0 dev_type (blk_file (getattr)))
+(allow shell_28_0 file_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 property_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 seapp_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 service_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 sepolicy_file_28_0 (file (ioctl read getattr lock map open)))
+(allow shell_28_0 vendor_shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(neverallow shell_28_0 file_type (file (link)))
+(neverallowx shell_28_0 domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx shell_28_0 domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx shell_28_0 domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx shell_28_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx shell_28_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx shell_28_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx shell_28_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx shell_28_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx shell_28_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallow shell_28_0 hw_random_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_28_0 kmem_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_28_0 port_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_28_0 fuse_device_28_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_28_0 dev_type (blk_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(allow slideshow_28_0 kmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow slideshow_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow slideshow_28_0 self (capability2 (block_suspend)))
+(allow slideshow_28_0 self (cap2_userns (block_suspend)))
+(allow slideshow_28_0 device_28_0 (dir (ioctl read getattr lock search open)))
+(allow slideshow_28_0 self (capability (sys_tty_config)))
+(allow slideshow_28_0 self (cap_userns (sys_tty_config)))
+(allow slideshow_28_0 graphics_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow slideshow_28_0 graphics_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow slideshow_28_0 input_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow slideshow_28_0 input_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow slideshow_28_0 tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow su_28_0 vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow su_28_0 vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 su_28_0 (dir (search)))
+(allow vndservicemanager_28_0 su_28_0 (file (read open)))
+(allow vndservicemanager_28_0 su_28_0 (process (getattr)))
+(dontaudit su_28_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(dontaudit su_28_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(dontaudit su_28_0 self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(dontaudit su_28_0 self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(dontaudit su_28_0 kernel_28_0 (security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy validate_trans)))
+(dontaudit su_28_0 kernel_28_0 (system (ipc_info syslog_read syslog_mod syslog_console module_request module_load)))
+(dontaudit su_28_0 self (memprotect (mmap_zero)))
+(dontaudit su_28_0 domain (process (fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate getrlimit)))
+(dontaudit su_28_0 domain (fd (use)))
+(dontaudit su_28_0 domain (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_28_0 domain (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 domain (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 domain (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_28_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 domain (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_28_0 domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_28_0 domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_28_0 domain (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(dontaudit su_28_0 domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(dontaudit su_28_0 domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 domain (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 domain (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 domain (sem (create destroy getattr setattr read write associate unix_read unix_write)))
+(dontaudit su_28_0 domain (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
+(dontaudit su_28_0 domain (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
+(dontaudit su_28_0 domain (ipc (create destroy getattr setattr read write associate unix_read unix_write)))
+(dontaudit su_28_0 domain (key (view read write search link setattr create)))
+(dontaudit su_28_0 fs_type (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget)))
+(dontaudit su_28_0 dev_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 dev_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_28_0 dev_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 dev_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 dev_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 dev_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 dev_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 fs_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 fs_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_28_0 fs_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 fs_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 fs_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 fs_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 fs_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_28_0 file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 file_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 file_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_28_0 node_type (node (recvfrom sendto)))
+(dontaudit su_28_0 node_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_28_0 node_type (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 node_type (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 netif_type (netif (ingress egress)))
+(dontaudit su_28_0 port_type (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_28_0 port_type (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 port_type (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 port_type (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_28_0 port_type (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_28_0 port_type (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_28_0 port_type (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_28_0 port_type (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(dontaudit su_28_0 port_type (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(dontaudit su_28_0 port_type (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 port_type (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_28_0 port_type (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_28_0 port_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_28_0 port_type (dccp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_28_0 domain (peer (recv)))
+(dontaudit su_28_0 domain (binder (impersonate call set_context_mgr transfer)))
+(dontaudit su_28_0 property_type (property_service (set)))
+(dontaudit su_28_0 property_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_28_0 service_manager_type (service_manager (add find list)))
+(dontaudit su_28_0 hwservice_manager_type (hwservice_manager (add find list)))
+(dontaudit su_28_0 vndservice_manager_type (service_manager (add find list)))
+(dontaudit su_28_0 servicemanager_28_0 (service_manager (list)))
+(dontaudit su_28_0 hwservicemanager_28_0 (hwservice_manager (list)))
+(dontaudit su_28_0 vndservicemanager_28_0 (service_manager (list)))
+(dontaudit su_28_0 keystore_28_0 (keystore_key (get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid add_auth user_changed gen_unique_id)))
+(dontaudit su_28_0 domain (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread)))
+(dontaudit su_28_0 unlabeled_28_0 (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget)))
+(dontaudit su_28_0 postinstall_file_28_0 (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget)))
+(allow tee_28_0 fingerprint_vendor_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow tee_28_0 fingerprint_vendor_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow thermalserviced_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 thermalserviced_28_0 (dir (search)))
+(allow servicemanager_28_0 thermalserviced_28_0 (file (read open)))
+(allow servicemanager_28_0 thermalserviced_28_0 (process (getattr)))
+(allow thermalserviced_28_0 thermal_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_281_28_0 thermal_service_28_0 (service_manager (add)))
+(allow thermalserviced_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 thermalserviced_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 thermalserviced_28_0 (dir (search)))
+(allow hwservicemanager_28_0 thermalserviced_28_0 (file (read open)))
+(allow hwservicemanager_28_0 thermalserviced_28_0 (process (getattr)))
+(allow thermalserviced_28_0 thermalcallback_hwservice_28_0 (hwservice_manager (add find)))
+(allow thermalserviced_28_0 hidl_base_hwservice_28_0 (hwservice_manager (add)))
+(neverallow base_typeattr_281_28_0 thermalcallback_hwservice_28_0 (hwservice_manager (add)))
+(allow thermalserviced_28_0 platform_app_28_0 (binder (call transfer)))
+(allow platform_app_28_0 thermalserviced_28_0 (binder (transfer)))
+(allow thermalserviced_28_0 platform_app_28_0 (fd (use)))
+(allow tombstoned_28_0 domain (fd (use)))
+(allow tombstoned_28_0 domain (fifo_file (write)))
+(allow tombstoned_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow tombstoned_28_0 domain (file (ioctl read getattr lock map open)))
+(allow tombstoned_28_0 tombstone_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow tombstoned_28_0 tombstone_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink link rename open)))
+(allow tombstoned_28_0 anr_data_file_28_0 (file (write append)))
+(auditallow tombstoned_28_0 anr_data_file_28_0 (file (write append)))
+(allow tombstoned_28_0 anr_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow tombstoned_28_0 anr_data_file_28_0 (file (create getattr unlink link open)))
+(allow toolbox_28_0 tmpfs_28_0 (chr_file (ioctl read write)))
+(allow toolbox_28_0 devpts_28_0 (chr_file (ioctl read write getattr)))
+(allow toolbox_28_0 block_device_28_0 (dir (search)))
+(allow toolbox_28_0 swap_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(neverallow base_typeattr_69_28_0 toolbox_28_0 (process (transition)))
+(neverallow base_typeattr_59_28_0 toolbox_28_0 (process (dyntransition)))
+(neverallow toolbox_28_0 base_typeattr_282_28_0 (file (entrypoint)))
+(allow traceur_app_28_0 servicemanager_28_0 (service_manager (list)))
+(allow traceur_app_28_0 hwservicemanager_28_0 (hwservice_manager (list)))
+(allow traceur_app_28_0 property_socket_28_0 (sock_file (write)))
+(allow traceur_app_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow traceur_app_28_0 debug_prop_28_0 (property_service (set)))
+(allow traceur_app_28_0 debug_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow traceur_app_28_0 base_typeattr_280_28_0 (service_manager (find)))
+(dontaudit traceur_app_28_0 service_manager_type (service_manager (find)))
+(dontaudit traceur_app_28_0 hwservice_manager_type (hwservice_manager (find)))
+(dontaudit traceur_app_28_0 domain (binder (call)))
+(allow tzdatacheck_28_0 zoneinfo_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow tzdatacheck_28_0 zoneinfo_data_file_28_0 (file (unlink)))
+(neverallow base_typeattr_283_28_0 zoneinfo_data_file_28_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_283_28_0 zoneinfo_data_file_28_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(allow ueventd_28_0 kmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow ueventd_28_0 self (capability (chown dac_override fowner fsetid setgid net_admin sys_rawio mknod)))
+(allow ueventd_28_0 self (cap_userns (chown dac_override fowner fsetid setgid net_admin sys_rawio mknod)))
+(allow ueventd_28_0 device_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow ueventd_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow ueventd_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 sysfs_type (file (write lock append map open)))
+(allow ueventd_28_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow ueventd_28_0 sysfs_type (file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 sysfs_type (file (setattr relabelfrom relabelto)))
+(allow ueventd_28_0 sysfs_type (lnk_file (setattr relabelfrom relabelto)))
+(allow ueventd_28_0 sysfs_type (dir (setattr relabelfrom relabelto)))
+(allow ueventd_28_0 tmpfs_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow ueventd_28_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow ueventd_28_0 dev_type (lnk_file (create unlink)))
+(allow ueventd_28_0 dev_type (chr_file (create getattr setattr unlink)))
+(allow ueventd_28_0 dev_type (blk_file (create getattr setattr relabelfrom relabelto unlink)))
+(allow ueventd_28_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow ueventd_28_0 efs_file_28_0 (dir (search)))
+(allow ueventd_28_0 efs_file_28_0 (file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow ueventd_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 base_typeattr_284_28_0 (dir (ioctl read getattr lock search open)))
+(allow ueventd_28_0 base_typeattr_284_28_0 (file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 base_typeattr_284_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 file_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow ueventd_28_0 self (process (setfscreate)))
+(allow ueventd_28_0 proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(neverallow ueventd_28_0 property_socket_28_0 (sock_file (write)))
+(neverallow ueventd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(neverallow ueventd_28_0 property_type (property_service (set)))
+(neverallow ueventd_28_0 dev_type (blk_file (ioctl read write lock append map link rename execute quotaon mounton open audit_access execmod)))
+(neverallow ueventd_28_0 kmem_device_28_0 (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow ueventd_28_0 port_device_28_0 (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow uncrypt_28_0 self (capability (dac_override)))
+(allow uncrypt_28_0 self (cap_userns (dac_override)))
+(allow uncrypt_28_0 app_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_28_0 app_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 app_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 shell_data_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_28_0 shell_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 shell_data_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 cache_file_28_0 (dir (search)))
+(allow uncrypt_28_0 cache_recovery_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow uncrypt_28_0 cache_recovery_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow uncrypt_28_0 ota_package_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_28_0 ota_package_file_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 uncrypt_socket_28_0 (sock_file (write)))
+(allow uncrypt_28_0 uncrypt_28_0 (unix_stream_socket (connectto)))
+(allow uncrypt_28_0 property_socket_28_0 (sock_file (write)))
+(allow uncrypt_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow uncrypt_28_0 powerctl_prop_28_0 (property_service (set)))
+(allow uncrypt_28_0 powerctl_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 self (capability (sys_rawio)))
+(allow uncrypt_28_0 self (cap_userns (sys_rawio)))
+(allow uncrypt_28_0 misc_block_device_28_0 (blk_file (write lock append map open)))
+(allow uncrypt_28_0 block_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_28_0 userdata_block_device_28_0 (blk_file (write lock append map open)))
+(allow uncrypt_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 sysfs_dt_firmware_android_28_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_28_0 sysfs_dt_firmware_android_28_0 (file (ioctl read getattr lock map open)))
+(allow uncrypt_28_0 sysfs_dt_firmware_android_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow update_engine_28_0 qtaguid_proc_28_0 (file (ioctl read write getattr lock append map open)))
+(allow update_engine_28_0 qtaguid_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow update_engine_28_0 self (process (setsched)))
+(allow update_engine_28_0 self (capability (fowner sys_admin)))
+(allow update_engine_28_0 self (cap_userns (fowner sys_admin)))
+(dontaudit update_engine_28_0 self (capability (fsetid)))
+(dontaudit update_engine_28_0 self (cap_userns (fsetid)))
+(allow update_engine_28_0 kmsg_device_28_0 (chr_file (write lock append map open)))
+(allow update_engine_28_0 update_engine_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow update_engine_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow update_engine_28_0 self (capability2 (block_suspend)))
+(allow update_engine_28_0 self (cap2_userns (block_suspend)))
+(dontaudit update_engine_28_0 kernel_28_0 (process (setsched)))
+(dontaudit update_engine_28_0 self (capability (sys_rawio)))
+(allow update_engine_28_0 update_engine_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow update_engine_28_0 update_engine_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow update_engine_28_0 update_engine_log_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow update_engine_28_0 update_engine_log_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(dontaudit update_engine_28_0 kernel_28_0 (system (module_request)))
+(allow update_engine_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 update_engine_28_0 (dir (search)))
+(allow servicemanager_28_0 update_engine_28_0 (file (read open)))
+(allow servicemanager_28_0 update_engine_28_0 (process (getattr)))
+(allow update_engine_28_0 update_engine_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_285_28_0 update_engine_service_28_0 (service_manager (add)))
+(allow update_engine_28_0 priv_app_28_0 (binder (call transfer)))
+(allow priv_app_28_0 update_engine_28_0 (binder (transfer)))
+(allow update_engine_28_0 priv_app_28_0 (fd (use)))
+(allow update_engine_28_0 ota_package_file_28_0 (file (ioctl read getattr lock map open)))
+(allow update_engine_28_0 ota_package_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_28_0 proc_misc_28_0 (file (ioctl read getattr lock map open)))
+(allow update_engine_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_common block_device_28_0 (dir (search)))
+(allow update_engine_common boot_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow update_engine_common system_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow update_engine_common misc_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow update_engine_common rootfs_28_0 (dir (getattr)))
+(allow update_engine_common rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow update_engine_common postinstall_mnt_dir_28_0 (dir (getattr mounton search)))
+(allow update_engine_common postinstall_file_28_0 (filesystem (mount unmount relabelfrom relabelto)))
+(allow update_engine_common labeledfs_28_0 (filesystem (relabelfrom)))
+(allow update_engine_common postinstall_file_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow update_engine_common postinstall_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow update_engine_common postinstall_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_common cache_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_common cache_file_28_0 (file (ioctl read getattr lock map open)))
+(allow update_engine_common cache_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow update_engine_common shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow update_engine_common postinstall_28_0 (process (sigkill sigstop signal)))
+(allow update_engine_common proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(allow update_engine_common sysfs_dt_firmware_android_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_common sysfs_dt_firmware_android_28_0 (file (ioctl read getattr lock map open)))
+(allow update_engine_common sysfs_dt_firmware_android_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow update_verifier_28_0 block_device_28_0 (dir (search)))
+(allow update_verifier_28_0 ota_package_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_verifier_28_0 ota_package_file_28_0 (file (ioctl read getattr lock map open)))
+(allow update_verifier_28_0 sysfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_verifier_28_0 sysfs_dm_28_0 (dir (ioctl read getattr lock search open)))
+(allow update_verifier_28_0 sysfs_dm_28_0 (file (ioctl read getattr lock map open)))
+(allow update_verifier_28_0 dm_device_28_0 (blk_file (ioctl read getattr lock map open)))
+(allow update_verifier_28_0 kmsg_device_28_0 (chr_file (write lock append map open)))
+(allow update_verifier_28_0 property_socket_28_0 (sock_file (write)))
+(allow update_verifier_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow update_verifier_28_0 powerctl_prop_28_0 (property_service (set)))
+(allow update_verifier_28_0 powerctl_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vdc_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vdc_28_0 kmsg_device_28_0 (chr_file (write lock append map open)))
+(allow vdc_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 vdc_28_0 (dir (search)))
+(allow servicemanager_28_0 vdc_28_0 (file (read open)))
+(allow servicemanager_28_0 vdc_28_0 (process (getattr)))
+(allow vdc_28_0 vold_28_0 (binder (call transfer)))
+(allow vold_28_0 vdc_28_0 (binder (transfer)))
+(allow vdc_28_0 vold_28_0 (fd (use)))
+(allow vdc_28_0 vold_service_28_0 (service_manager (find)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (read write)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (tcp_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (udp_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (rawip_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (packet_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (key_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (unix_stream_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (unix_dgram_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_route_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_nflog_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_selinux_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_audit_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (appletalk_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (tun_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_connector_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_generic_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_rdma_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netlink_crypto_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (sctp_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (icmp_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (ax25_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (ipx_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (netrom_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (atmpvc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (x25_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (rose_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (decnet_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (atmsvc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (rds_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (irda_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (pppox_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (llc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (can_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (tipc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (bluetooth_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (iucv_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (rxrpc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (isdn_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (phonet_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (ieee802154_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (caif_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (alg_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (nfc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (vsock_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (kcm_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (qipcrtr_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (smc_socket (connect sendto)))
+(neverallow vendor_init_28_0 base_typeattr_286_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 kmsg_device_28_0 (chr_file (write open)))
+(allow vendor_init_28_0 device_28_0 (dir (mounton)))
+(allow vendor_init_28_0 rootfs_28_0 (lnk_file (create unlink)))
+(allow vendor_init_28_0 cgroup_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vendor_init_28_0 configfs_28_0 (dir (mounton)))
+(allow vendor_init_28_0 configfs_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vendor_init_28_0 configfs_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vendor_init_28_0 configfs_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vendor_init_28_0 self (capability (dac_override)))
+(allow vendor_init_28_0 self (cap_userns (dac_override)))
+(allow vendor_init_28_0 self (capability (chown fowner fsetid)))
+(allow vendor_init_28_0 self (cap_userns (chown fowner fsetid)))
+(allow vendor_init_28_0 unencrypted_data_file_28_0 (dir (search)))
+(allow vendor_init_28_0 unencrypted_data_file_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 system_data_file_28_0 (dir (getattr)))
+(allow vendor_init_28_0 base_typeattr_287_28_0 (dir (ioctl read write create getattr setattr relabelfrom add_name remove_name search rmdir open)))
+(allow vendor_init_28_0 base_typeattr_288_28_0 (file (read write create getattr setattr relabelfrom unlink open)))
+(allow vendor_init_28_0 base_typeattr_287_28_0 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow vendor_init_28_0 base_typeattr_287_28_0 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow vendor_init_28_0 base_typeattr_287_28_0 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (file (relabelto)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (dir (relabelto)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (lnk_file (relabelto)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (chr_file (relabelto)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (blk_file (relabelto)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (sock_file (relabelto)))
+(allow vendor_init_28_0 base_typeattr_289_28_0 (fifo_file (relabelto)))
+(allow vendor_init_28_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vendor_init_28_0 dev_type (lnk_file (create)))
+(allow vendor_init_28_0 debugfs_tracing_28_0 (file (write lock append map open)))
+(allow vendor_init_28_0 base_typeattr_290_28_0 (file (read setattr open)))
+(allow vendor_init_28_0 base_typeattr_290_28_0 (dir (read setattr search open)))
+(allow vendor_init_28_0 base_typeattr_291_28_0 (chr_file (setattr)))
+(allow vendor_init_28_0 dev_type (blk_file (getattr)))
+(allow vendor_init_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow vendor_init_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 proc_net_28_0 (file (write lock append map open)))
+(allow vendor_init_28_0 self (capability (net_admin)))
+(allow vendor_init_28_0 self (cap_userns (net_admin)))
+(allow vendor_init_28_0 proc_page_cluster_28_0 (file (write lock append map open)))
+(allow vendor_init_28_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow vendor_init_28_0 sysfs_type (lnk_file (read)))
+(allow vendor_init_28_0 base_typeattr_292_28_0 (file (ioctl read write getattr lock append map open)))
+(allow vendor_init_28_0 self (process (setfscreate)))
+(allow vendor_init_28_0 vendor_file_type (dir (ioctl read getattr lock search open)))
+(allow vendor_init_28_0 vendor_file_type (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 vendor_file_type (lnk_file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 serialno_prop_28_0 (file (read getattr open)))
+(allow vendor_init_28_0 self (capability (sys_admin)))
+(allow vendor_init_28_0 self (cap_userns (sys_admin)))
+(allow vendor_init_28_0 misc_block_device_28_0 (blk_file (write lock append map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 bluetooth_a2dp_offload_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 bluetooth_a2dp_offload_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 debug_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 debug_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_audio_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_audio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_bluetooth_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_bluetooth_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_config_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_dalvik_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_dalvik_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_default_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_ffs_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_ffs_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_overlay_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_overlay_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_pm_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_pm_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_radio_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_system_radio_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_system_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported_wifi_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported_wifi_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported2_config_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported2_config_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported2_system_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported2_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported2_vold_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported2_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported3_default_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported3_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 exported3_radio_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 exported3_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 logd_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 logd_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 log_tag_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 log_tag_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 log_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 log_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 serialno_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 serialno_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 vendor_default_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 vendor_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 vendor_security_patch_level_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 vendor_security_patch_level_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 property_socket_28_0 (sock_file (write)))
+(allow vendor_init_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vendor_init_28_0 wifi_log_prop_28_0 (property_service (set)))
+(allow vendor_init_28_0 wifi_log_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 exported2_radio_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 exported3_system_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_shell_28_0 vendor_shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow vendor_shell_28_0 vendor_toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow vendor_shell_28_0 shell_28_0 (fd (use)))
+(allow vendor_shell_28_0 adbd_28_0 (fd (use)))
+(allow vendor_shell_28_0 adbd_28_0 (process (sigchld)))
+(allow vendor_shell_28_0 adbd_28_0 (unix_stream_socket (ioctl read write getattr)))
+(allow vendor_shell_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vendor_shell_28_0 tty_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vendor_shell_28_0 console_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vendor_shell_28_0 input_device_28_0 (dir (ioctl read getattr lock search open)))
+(allow vendor_shell_28_0 input_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(neverallow base_typeattr_293_28_0 vendor_toolbox_exec_28_0 (file (execute execute_no_trans entrypoint)))
+(allow virtual_touchpad_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 virtual_touchpad_28_0 (dir (search)))
+(allow servicemanager_28_0 virtual_touchpad_28_0 (file (read open)))
+(allow servicemanager_28_0 virtual_touchpad_28_0 (process (getattr)))
+(allow virtual_touchpad_28_0 virtual_touchpad_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_294_28_0 virtual_touchpad_service_28_0 (service_manager (add)))
+(allow virtual_touchpad_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 virtual_touchpad_28_0 (binder (transfer)))
+(allow virtual_touchpad_28_0 system_server_28_0 (fd (use)))
+(allow virtual_touchpad_28_0 uhid_device_28_0 (chr_file (ioctl write lock append map open)))
+(allow virtual_touchpad_28_0 permission_service_28_0 (service_manager (find)))
+(allow vold_28_0 cache_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow vold_28_0 cache_file_28_0 (file (read getattr)))
+(allow vold_28_0 cache_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow vold_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow vold_28_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow vold_28_0 sysfs_type (file (ioctl read getattr lock map open)))
+(allow vold_28_0 sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow vold_28_0 sysfs_28_0 (file (write lock append map open)))
+(allow vold_28_0 sysfs_dm_28_0 (file (write lock append map open)))
+(allow vold_28_0 sysfs_usb_28_0 (file (write lock append map open)))
+(allow vold_28_0 sysfs_zram_uevent_28_0 (file (write lock append map open)))
+(allow vold_28_0 rootfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow vold_28_0 rootfs_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 rootfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow vold_28_0 metadata_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow vold_28_0 metadata_file_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 metadata_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_drop_caches_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_cmdline_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_filesystems_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_meminfo_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 proc_mounts_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 file_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 self (process (setexec)))
+(allow vold_28_0 shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow vold_28_0 e2fs_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow vold_28_0 self (process (setfscreate)))
+(allow vold_28_0 system_file_28_0 (file (getattr map execute execute_no_trans)))
+(allow vold_28_0 block_device_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 device_28_0 (dir (write)))
+(allow vold_28_0 devpts_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 rootfs_28_0 (dir (mounton)))
+(allow vold_28_0 sdcard_type (dir (mounton)))
+(allow vold_28_0 sdcard_type (filesystem (mount remount unmount)))
+(allow vold_28_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 mnt_media_rw_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 storage_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 mnt_media_rw_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 storage_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 media_rw_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 media_rw_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 mnt_media_rw_stub_file_28_0 (dir (create getattr setattr mounton rmdir)))
+(allow vold_28_0 storage_stub_file_28_0 (dir (create getattr setattr mounton rmdir)))
+(allow vold_28_0 mnt_user_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 mnt_user_file_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 mnt_expand_file_28_0 (dir (ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 apk_data_file_28_0 (dir (create getattr setattr)))
+(allow vold_28_0 shell_data_file_28_0 (dir (create getattr setattr)))
+(allow vold_28_0 tmpfs_28_0 (filesystem (mount unmount)))
+(allow vold_28_0 tmpfs_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 tmpfs_28_0 (dir (mounton)))
+(allow vold_28_0 self (capability (chown dac_override fowner fsetid net_admin sys_admin mknod)))
+(allow vold_28_0 self (cap_userns (chown dac_override fowner fsetid net_admin sys_admin mknod)))
+(allow vold_28_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow vold_28_0 app_data_file_28_0 (dir (search)))
+(allow vold_28_0 app_data_file_28_0 (file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 loop_control_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 loop_device_28_0 (blk_file (ioctl read write create getattr setattr lock append map unlink open)))
+(allow vold_28_0 vold_device_28_0 (blk_file (ioctl read write create getattr setattr lock append map unlink open)))
+(allow vold_28_0 dm_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 dm_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 domain (dir (ioctl read getattr lock search open)))
+(allow vold_28_0 domain (file (ioctl read getattr lock map open)))
+(allow vold_28_0 domain (lnk_file (ioctl read getattr lock map open)))
+(allow vold_28_0 domain (process (sigkill signal)))
+(allow vold_28_0 self (capability (kill sys_ptrace)))
+(allow vold_28_0 self (cap_userns (kill sys_ptrace)))
+(allow vold_28_0 kmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 fsck_exec_28_0 (file (ioctl read getattr lock map execute open)))
+(allow vold_28_0 fscklogs_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow vold_28_0 fscklogs_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 labeledfs_28_0 (filesystem (mount unmount)))
+(allow vold_28_0 efs_file_28_0 (file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 system_data_file_28_0 (dir (ioctl read write create getattr setattr lock mounton add_name remove_name search rmdir open)))
+(allow vold_28_0 system_data_file_28_0 (lnk_file (getattr)))
+(allow vold_28_0 vendor_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 system_data_file_28_0 (file (read)))
+(allow vold_28_0 kernel_28_0 (process (setsched)))
+(allow vold_28_0 property_socket_28_0 (sock_file (write)))
+(allow vold_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vold_28_0 vold_prop_28_0 (property_service (set)))
+(allow vold_28_0 vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 property_socket_28_0 (sock_file (write)))
+(allow vold_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vold_28_0 exported_vold_prop_28_0 (property_service (set)))
+(allow vold_28_0 exported_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 property_socket_28_0 (sock_file (write)))
+(allow vold_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vold_28_0 exported2_vold_prop_28_0 (property_service (set)))
+(allow vold_28_0 exported2_vold_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 property_socket_28_0 (sock_file (write)))
+(allow vold_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vold_28_0 powerctl_prop_28_0 (property_service (set)))
+(allow vold_28_0 powerctl_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 property_socket_28_0 (sock_file (write)))
+(allow vold_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vold_28_0 ctl_fuse_prop_28_0 (property_service (set)))
+(allow vold_28_0 ctl_fuse_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 property_socket_28_0 (sock_file (write)))
+(allow vold_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow vold_28_0 restorecon_prop_28_0 (property_service (set)))
+(allow vold_28_0 restorecon_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow vold_28_0 asec_image_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 asec_image_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow vold_28_0 asec_apk_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename mounton add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 asec_public_file_28_0 (dir (setattr relabelto)))
+(allow vold_28_0 asec_apk_file_28_0 (file (ioctl read getattr setattr lock relabelfrom relabelto map open)))
+(allow vold_28_0 asec_public_file_28_0 (file (setattr relabelto)))
+(allow vold_28_0 unlabeled_28_0 (dir (ioctl read getattr setattr lock relabelfrom search open)))
+(allow vold_28_0 unlabeled_28_0 (file (ioctl read getattr setattr lock relabelfrom map open)))
+(allow vold_28_0 sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 self (capability2 (block_suspend)))
+(allow vold_28_0 self (cap2_userns (block_suspend)))
+(allow vold_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 vold_28_0 (dir (search)))
+(allow servicemanager_28_0 vold_28_0 (file (read open)))
+(allow servicemanager_28_0 vold_28_0 (process (getattr)))
+(allow vold_28_0 vold_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_176_28_0 vold_service_28_0 (service_manager (add)))
+(allow vold_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 vold_28_0 (binder (transfer)))
+(allow vold_28_0 system_server_28_0 (fd (use)))
+(allow vold_28_0 permission_service_28_0 (service_manager (find)))
+(allow vold_28_0 healthd_28_0 (binder (call transfer)))
+(allow healthd_28_0 vold_28_0 (binder (transfer)))
+(allow vold_28_0 healthd_28_0 (fd (use)))
+(allow vold_28_0 userdata_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 metadata_block_device_28_0 (blk_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 unencrypted_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 unencrypted_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 proc_drop_caches_28_0 (file (write lock append map open)))
+(allow vold_28_0 vold_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 vold_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 vold_metadata_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 vold_metadata_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow vold_28_0 init_28_0 (key (write search setattr)))
+(allow vold_28_0 vold_28_0 (key (write search setattr)))
+(allow vold_28_0 self (capability (sys_nice)))
+(allow vold_28_0 self (cap_userns (sys_nice)))
+(allow vold_28_0 self (capability (sys_chroot)))
+(allow vold_28_0 self (cap_userns (sys_chroot)))
+(allow vold_28_0 storage_file_28_0 (dir (mounton)))
+(allow vold_28_0 fuse_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vold_28_0 fuse_28_0 (filesystem (relabelfrom)))
+(allow vold_28_0 app_fusefs_28_0 (filesystem (relabelfrom relabelto)))
+(allow vold_28_0 app_fusefs_28_0 (filesystem (mount unmount)))
+(allow vold_28_0 toolbox_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow vold_28_0 user_profile_data_file_28_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_28_0 misc_block_device_28_0 (blk_file (write lock append map open)))
+(neverallow base_typeattr_295_28_0 vold_data_file_28_0 (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton add_name remove_name reparent rmdir audit_access execmod)))
+(neverallow base_typeattr_296_28_0 vold_data_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_297_28_0 vold_metadata_file_28_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_298_28_0 vold_data_file_28_0 (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_298_28_0 vold_data_file_28_0 (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_298_28_0 vold_data_file_28_0 (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_298_28_0 vold_data_file_28_0 (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_296_28_0 vold_metadata_file_28_0 (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_296_28_0 vold_metadata_file_28_0 (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_296_28_0 vold_metadata_file_28_0 (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_296_28_0 vold_metadata_file_28_0 (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_299_28_0 vold_metadata_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_299_28_0 vold_metadata_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_299_28_0 vold_metadata_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_299_28_0 vold_metadata_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_299_28_0 vold_data_file_28_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_299_28_0 vold_data_file_28_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_299_28_0 vold_data_file_28_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_299_28_0 vold_data_file_28_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_174_28_0 restorecon_prop_28_0 (property_service (set)))
+(neverallow base_typeattr_300_28_0 vold_service_28_0 (service_manager (find)))
+(neverallow vold_28_0 base_typeattr_301_28_0 (binder (call)))
+(neverallow vold_28_0 fsck_exec_28_0 (file (execute_no_trans)))
+(neverallow base_typeattr_69_28_0 vold_28_0 (process (transition dyntransition)))
+(neverallow vold_28_0 base_typeattr_59_28_0 (process (ptrace)))
+(neverallow vold_28_0 base_typeattr_59_28_0 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow vr_hwc_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 vr_hwc_28_0 (dir (search)))
+(allow servicemanager_28_0 vr_hwc_28_0 (file (read open)))
+(allow servicemanager_28_0 vr_hwc_28_0 (process (getattr)))
+(allow vr_hwc_28_0 surfaceflinger_28_0 (binder (call transfer)))
+(allow surfaceflinger_28_0 vr_hwc_28_0 (binder (transfer)))
+(allow vr_hwc_28_0 surfaceflinger_28_0 (fd (use)))
+(allow vr_hwc_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 vr_hwc_28_0 (binder (transfer)))
+(allow vr_hwc_28_0 system_server_28_0 (fd (use)))
+(allow vr_hwc_28_0 vr_hwc_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_302_28_0 vr_hwc_service_28_0 (service_manager (add)))
+(allow vr_hwc_28_0 hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 vr_hwc_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 vr_hwc_28_0 (dir (search)))
+(allow hwservicemanager_28_0 vr_hwc_28_0 (file (read open)))
+(allow hwservicemanager_28_0 vr_hwc_28_0 (process (getattr)))
+(allow vr_hwc_28_0 system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow vr_hwc_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow vr_hwc_28_0 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow vr_hwc_28_0 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open)))
+(allow vr_hwc_28_0 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow vr_hwc_28_0 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow vr_hwc_28_0 pdx_display_client_server_type (fd (use)))
+(allow pdx_display_client_server_type vr_hwc_28_0 (fd (use)))
+(allow vr_hwc_28_0 permission_service_28_0 (service_manager (find)))
+(allow watchdogd_28_0 watchdog_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow watchdogd_28_0 kmsg_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow wificond_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 wificond_28_0 (dir (search)))
+(allow servicemanager_28_0 wificond_28_0 (file (read open)))
+(allow servicemanager_28_0 wificond_28_0 (process (getattr)))
+(allow wificond_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 wificond_28_0 (binder (transfer)))
+(allow wificond_28_0 system_server_28_0 (fd (use)))
+(allow wificond_28_0 wificond_service_28_0 (service_manager (add find)))
+(neverallow base_typeattr_303_28_0 wificond_service_28_0 (service_manager (add)))
+(allow wificond_28_0 property_socket_28_0 (sock_file (write)))
+(allow wificond_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow wificond_28_0 exported_wifi_prop_28_0 (property_service (set)))
+(allow wificond_28_0 exported_wifi_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow wificond_28_0 property_socket_28_0 (sock_file (write)))
+(allow wificond_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow wificond_28_0 wifi_prop_28_0 (property_service (set)))
+(allow wificond_28_0 wifi_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow wificond_28_0 property_socket_28_0 (sock_file (write)))
+(allow wificond_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow wificond_28_0 ctl_default_prop_28_0 (property_service (set)))
+(allow wificond_28_0 ctl_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow wificond_28_0 self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx wificond_28_0 self (ioctl udp_socket (0x8914 0x8924)))
+(allow wificond_28_0 self (capability (net_admin net_raw)))
+(allow wificond_28_0 self (cap_userns (net_admin net_raw)))
+(allow wificond_28_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow wificond_28_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow wificond_28_0 proc_net_28_0 (dir (ioctl read getattr lock search open)))
+(allow wificond_28_0 proc_net_28_0 (file (ioctl read getattr lock map open)))
+(allow wificond_28_0 proc_net_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow wificond_28_0 permission_service_28_0 (service_manager (find)))
+(allow wificond_28_0 dumpstate_28_0 (fd (use)))
+(allow wificond_28_0 dumpstate_28_0 (fifo_file (write)))
+(allow wpantund_28_0 servicemanager_28_0 (binder (call transfer)))
+(allow servicemanager_28_0 wpantund_28_0 (dir (search)))
+(allow servicemanager_28_0 wpantund_28_0 (file (read open)))
+(allow servicemanager_28_0 wpantund_28_0 (process (getattr)))
+(allow wpantund_28_0 system_server_28_0 (binder (call transfer)))
+(allow system_server_28_0 wpantund_28_0 (binder (transfer)))
+(allow wpantund_28_0 system_server_28_0 (fd (use)))
+(allow wpantund_28_0 lowpan_service_28_0 (service_manager (find)))
+(allow wpantund_28_0 priv_app_28_0 (binder (call)))
+(allow wpantund_28_0 shell_28_0 (binder (call)))
+(allow wpantund_28_0 self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx wpantund_28_0 self (ioctl udp_socket (0x8914 0x8922)))
+(allow wpantund_28_0 tun_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow wpantund_28_0 self (capability (net_admin net_raw)))
+(allow wpantund_28_0 self (cap_userns (net_admin net_raw)))
+(allow wpantund_28_0 self (tun_socket (create)))
+(typeattribute base_typeattr_303_28_0)
+(typeattributeset base_typeattr_303_28_0 ((and (domain) ((not (wificond_28_0))))))
+(typeattribute base_typeattr_302_28_0)
+(typeattributeset base_typeattr_302_28_0 ((and (domain) ((not (vr_hwc_28_0))))))
+(typeattribute base_typeattr_301_28_0)
+(typeattributeset base_typeattr_301_28_0 ((and (domain) ((not (hal_keymaster_server healthd_28_0 hwservicemanager_28_0 servicemanager_28_0 su_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_300_28_0)
+(typeattributeset base_typeattr_300_28_0 ((and (domain) ((not (system_server_28_0 vdc_28_0 vold_28_0))))))
+(typeattribute base_typeattr_299_28_0)
+(typeattributeset base_typeattr_299_28_0 ((and (domain) ((not (init_28_0 kernel_28_0 vendor_init_28_0 vold_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_298_28_0)
+(typeattributeset base_typeattr_298_28_0 ((and (domain) ((not (kernel_28_0 vold_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_297_28_0)
+(typeattributeset base_typeattr_297_28_0 ((and (domain) ((not (init_28_0 vendor_init_28_0 vold_28_0))))))
+(typeattribute base_typeattr_296_28_0)
+(typeattributeset base_typeattr_296_28_0 ((and (domain) ((not (init_28_0 vold_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_295_28_0)
+(typeattributeset base_typeattr_295_28_0 ((and (domain) ((not (vold_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_294_28_0)
+(typeattributeset base_typeattr_294_28_0 ((and (domain) ((not (virtual_touchpad_28_0))))))
+(typeattribute base_typeattr_293_28_0)
+(typeattributeset base_typeattr_293_28_0 ((and (coredomain) ((not (init_28_0 modprobe_28_0))))))
+(typeattribute base_typeattr_292_28_0)
+(typeattributeset base_typeattr_292_28_0 ((and (sysfs_type) ((not (sysfs_usermodehelper_28_0))))))
+(typeattribute base_typeattr_291_28_0)
+(typeattributeset base_typeattr_291_28_0 ((and (dev_type) ((not (hw_random_device_28_0 kmem_device_28_0 port_device_28_0 lowpan_device_28_0))))))
+(typeattribute base_typeattr_290_28_0)
+(typeattributeset base_typeattr_290_28_0 ((and (fs_type) ((not (contextmount_type sdcard_type rootfs_28_0 proc_uid_time_in_state_28_0 proc_uid_concurrent_active_time_28_0 proc_uid_concurrent_policy_time_28_0))))))
+(typeattribute base_typeattr_289_28_0)
+(typeattributeset base_typeattr_289_28_0 ((and (file_type) ((not (exec_type core_data_file_type vendor_file_type system_file_28_0 vold_metadata_file_28_0))))))
+(typeattribute base_typeattr_288_28_0)
+(typeattributeset base_typeattr_288_28_0 ((and (file_type) ((not (exec_type core_data_file_type vendor_file_type unlabeled_28_0 system_file_28_0 vold_metadata_file_28_0 runtime_event_log_tags_file_28_0))))))
+(typeattribute base_typeattr_287_28_0)
+(typeattributeset base_typeattr_287_28_0 ((and (file_type) ((not (exec_type core_data_file_type vendor_file_type unlabeled_28_0 system_file_28_0 vold_metadata_file_28_0))))))
+(typeattribute base_typeattr_286_28_0)
+(typeattributeset base_typeattr_286_28_0 ((and (domain) ((not (init_28_0 logd_28_0 su_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_285_28_0)
+(typeattributeset base_typeattr_285_28_0 ((and (domain) ((not (update_engine_28_0))))))
+(typeattribute base_typeattr_284_28_0)
+(typeattributeset base_typeattr_284_28_0 ((and (vendor_file_type) ((not (vendor_app_file_28_0 vendor_overlay_file_28_0))))))
+(typeattribute base_typeattr_283_28_0)
+(typeattributeset base_typeattr_283_28_0 ((and (domain) ((not (init_28_0 system_server_28_0 tzdatacheck_28_0))))))
+(typeattribute base_typeattr_282_28_0)
+(typeattributeset base_typeattr_282_28_0 ((and (fs_type file_type) ((not (toolbox_exec_28_0))))))
+(typeattribute base_typeattr_281_28_0)
+(typeattributeset base_typeattr_281_28_0 ((and (domain) ((not (thermalserviced_28_0))))))
+(typeattribute base_typeattr_280_28_0)
+(typeattributeset base_typeattr_280_28_0 ((and (service_manager_type) ((not (gatekeeper_service_28_0 incident_service_28_0 installd_service_28_0 netd_service_28_0 virtual_touchpad_service_28_0 vold_service_28_0 vr_hwc_service_28_0))))))
+(typeattribute base_typeattr_279_28_0)
+(typeattributeset base_typeattr_279_28_0 ((and (fs_type file_type) ((not (sgdisk_exec_28_0))))))
+(typeattribute base_typeattr_278_28_0)
+(typeattributeset base_typeattr_278_28_0 ((and (domain) ((not (hwservicemanager_28_0 init_28_0 vendor_init_28_0 vndservicemanager_28_0))))))
+(typeattribute base_typeattr_277_28_0)
+(typeattributeset base_typeattr_277_28_0 ((and (appdomain) ((not (system_app_28_0))))))
+(typeattribute base_typeattr_276_28_0)
+(typeattributeset base_typeattr_276_28_0 ((and (data_file_type) ((not (cache_file_28_0 cache_recovery_file_28_0))))))
+(typeattribute base_typeattr_275_28_0)
+(typeattributeset base_typeattr_275_28_0 ((and (domain) ((not (radio_28_0))))))
+(typeattribute base_typeattr_274_28_0)
+(typeattributeset base_typeattr_274_28_0 ((and (property_type) ((not (extended_core_property_type audio_prop_28_0 boottime_prop_28_0 bluetooth_a2dp_offload_prop_28_0 bluetooth_prop_28_0 bootloader_boot_reason_prop_28_0 config_prop_28_0 cppreopt_prop_28_0 ctl_bootanim_prop_28_0 ctl_bugreport_prop_28_0 ctl_console_prop_28_0 ctl_default_prop_28_0 ctl_dumpstate_prop_28_0 ctl_fuse_prop_28_0 ctl_interface_restart_prop_28_0 ctl_interface_start_prop_28_0 ctl_interface_stop_prop_28_0 ctl_mdnsd_prop_28_0 ctl_restart_prop_28_0 ctl_rildaemon_prop_28_0 ctl_sigstop_prop_28_0 ctl_start_prop_28_0 ctl_stop_prop_28_0 dalvik_prop_28_0 debuggerd_prop_28_0 debug_prop_28_0 default_prop_28_0 device_logging_prop_28_0 dhcp_prop_28_0 dumpstate_options_prop_28_0 dumpstate_prop_28_0 exported_secure_prop_28_0 ffs_prop_28_0 fingerprint_prop_28_0 firstboot_prop_28_0 hwservicemanager_prop_28_0 last_boot_reason_prop_28_0 logd_prop_28_0 logpersistd_logging_prop_28_0 log_prop_28_0 log_tag_prop_28_0 lowpan_prop_28_0 mmc_prop_28_0 net_dns_prop_28_0 net_radio_prop_28_0 netd_stable_secret_prop_28_0 nfc_prop_28_0 overlay_prop_28_0 pan_result_prop_28_0 persist_debug_prop_28_0 persistent_properties_ready_prop_28_0 pm_prop_28_0 powerctl_prop_28_0 radio_prop_28_0 restorecon_prop_28_0 safemode_prop_28_0 serialno_prop_28_0 shell_prop_28_0 system_boot_reason_prop_28_0 system_prop_28_0 system_radio_prop_28_0 test_boot_reason_prop_28_0 traced_enabled_prop_28_0 vold_prop_28_0 wifi_log_prop_28_0 wifi_prop_28_0 vendor_security_patch_level_prop_28_0 exported_bluetooth_prop_28_0 exported_config_prop_28_0 exported_dalvik_prop_28_0 exported_default_prop_28_0 exported_dumpstate_prop_28_0 exported_ffs_prop_28_0 exported_fingerprint_prop_28_0 exported_overlay_prop_28_0 exported_pm_prop_28_0 exported_radio_prop_28_0 exported_system_prop_28_0 exported_system_radio_prop_28_0 exported_vold_prop_28_0 exported_wifi_prop_28_0 exported2_config_prop_28_0 exported2_default_prop_28_0 exported2_radio_prop_28_0 exported2_system_prop_28_0 exported2_vold_prop_28_0 exported3_default_prop_28_0 exported3_radio_prop_28_0 exported3_system_prop_28_0 vendor_default_prop_28_0))))))
+(typeattribute base_typeattr_273_28_0)
+(typeattributeset base_typeattr_273_28_0 ((and (coredomain) ((not (system_writes_vendor_properties_violators init_28_0))))))
+(typeattribute base_typeattr_272_28_0)
+(typeattributeset base_typeattr_272_28_0 ((and (core_property_type extended_core_property_type exported_dalvik_prop_28_0 exported_ffs_prop_28_0 exported_system_radio_prop_28_0 exported2_config_prop_28_0 exported2_system_prop_28_0 exported2_vold_prop_28_0 exported3_default_prop_28_0 exported3_system_prop_28_0) ((not (debug_prop_28_0 logd_prop_28_0 nfc_prop_28_0 powerctl_prop_28_0 radio_prop_28_0))))))
+(typeattribute base_typeattr_271_28_0)
+(typeattributeset base_typeattr_271_28_0 ((and (domain) ((not (coredomain hal_wifi_server vendor_init_28_0 wificond_28_0))))))
+(typeattribute base_typeattr_270_28_0)
+(typeattributeset base_typeattr_270_28_0 ((and (domain) ((not (coredomain hal_wifi_server wificond_28_0))))))
+(typeattribute base_typeattr_269_28_0)
+(typeattributeset base_typeattr_269_28_0 ((and (domain) ((not (coredomain hal_bluetooth_server bluetooth_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_268_28_0)
+(typeattributeset base_typeattr_268_28_0 ((and (domain) ((not (coredomain hal_bluetooth_server bluetooth_28_0))))))
+(typeattribute base_typeattr_267_28_0)
+(typeattributeset base_typeattr_267_28_0 ((and (domain) ((not (appdomain coredomain hal_telephony_server))))))
+(typeattribute base_typeattr_266_28_0)
+(typeattributeset base_typeattr_266_28_0 ((and (domain) ((not (appdomain coredomain hal_telephony_server vendor_init_28_0))))))
+(typeattribute base_typeattr_265_28_0)
+(typeattributeset base_typeattr_265_28_0 ((and (domain) ((not (appdomain coredomain hal_nfc_server))))))
+(typeattribute base_typeattr_264_28_0)
+(typeattributeset base_typeattr_264_28_0 ((and (core_property_type extended_core_property_type exported_config_prop_28_0 exported_dalvik_prop_28_0 exported_default_prop_28_0 exported_dumpstate_prop_28_0 exported_ffs_prop_28_0 exported_fingerprint_prop_28_0 exported_system_prop_28_0 exported_system_radio_prop_28_0 exported_vold_prop_28_0 exported2_config_prop_28_0 exported2_default_prop_28_0 exported2_system_prop_28_0 exported2_vold_prop_28_0 exported3_default_prop_28_0 exported3_system_prop_28_0) ((not (nfc_prop_28_0 powerctl_prop_28_0 radio_prop_28_0))))))
+(typeattribute base_typeattr_263_28_0)
+(typeattributeset base_typeattr_263_28_0 ((and (domain) ((not (appdomain coredomain vendor_init_28_0))))))
+(typeattribute base_typeattr_262_28_0)
+(typeattributeset base_typeattr_262_28_0 ((and (core_property_type) ((not (audio_prop_28_0 config_prop_28_0 cppreopt_prop_28_0 dalvik_prop_28_0 debuggerd_prop_28_0 debug_prop_28_0 default_prop_28_0 dhcp_prop_28_0 dumpstate_prop_28_0 ffs_prop_28_0 fingerprint_prop_28_0 logd_prop_28_0 net_radio_prop_28_0 nfc_prop_28_0 pan_result_prop_28_0 persist_debug_prop_28_0 powerctl_prop_28_0 radio_prop_28_0 restorecon_prop_28_0 shell_prop_28_0 system_prop_28_0 system_radio_prop_28_0 vold_prop_28_0))))))
+(typeattribute base_typeattr_261_28_0)
+(typeattributeset base_typeattr_261_28_0 ((and (domain) ((not (perfprofd_28_0))))))
+(typeattribute base_typeattr_260_28_0)
+(typeattributeset base_typeattr_260_28_0 ((and (domain) ((not (performanced_28_0))))))
+(typeattribute base_typeattr_259_28_0)
+(typeattributeset base_typeattr_259_28_0 ((and (domain) ((not (init_28_0 netd_28_0))))))
+(typeattribute base_typeattr_258_28_0)
+(typeattributeset base_typeattr_258_28_0 ((and (domain) ((not (dumpstate_28_0 init_28_0 netd_28_0))))))
+(typeattribute base_typeattr_257_28_0)
+(typeattributeset base_typeattr_257_28_0 ((and (domain) ((not (dumpstate_28_0 netd_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_256_28_0)
+(typeattributeset base_typeattr_256_28_0 ((and (domain) ((not (netd_28_0))))))
+(typeattribute base_typeattr_255_28_0)
+(typeattributeset base_typeattr_255_28_0 ((and (domain) ((not (mediaserver_28_0))))))
+(typeattribute base_typeattr_254_28_0)
+(typeattributeset base_typeattr_254_28_0 ((and (domain) ((not (mediametrics_28_0))))))
+(typeattribute base_typeattr_253_28_0)
+(typeattributeset base_typeattr_253_28_0 ((and (data_file_type) ((not (apk_data_file_28_0 zoneinfo_data_file_28_0))))))
+(typeattribute base_typeattr_252_28_0)
+(typeattributeset base_typeattr_252_28_0 ((and (domain) ((not (mediaextractor_28_0))))))
+(typeattribute base_typeattr_251_28_0)
+(typeattributeset base_typeattr_251_28_0 ((and (domain) ((not (mediadrmserver_28_0))))))
+(typeattribute base_typeattr_250_28_0)
+(typeattributeset base_typeattr_250_28_0 ((and (domain) ((not (mediacodec_28_0))))))
+(typeattribute base_typeattr_249_28_0)
+(typeattributeset base_typeattr_249_28_0 ((and (domain) ((not (init_28_0 logd_28_0))))))
+(typeattribute base_typeattr_248_28_0)
+(typeattributeset base_typeattr_248_28_0 ((and (domain) ((not (crash_dump_28_0))))))
+(typeattribute base_typeattr_247_28_0)
+(typeattributeset base_typeattr_247_28_0 ((and (domain) ((not (init_28_0 keystore_28_0))))))
+(typeattribute base_typeattr_246_28_0)
+(typeattributeset base_typeattr_246_28_0 ((and (domain) ((not (keystore_28_0))))))
+(typeattribute base_typeattr_245_28_0)
+(typeattributeset base_typeattr_245_28_0 ((and (domain) ((not (servicemanager_28_0 su_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_244_28_0)
+(typeattributeset base_typeattr_244_28_0 ((and (domain) ((not (dumpstate_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_243_28_0)
+(typeattributeset base_typeattr_243_28_0 ((and (domain) ((not (dumpstate_28_0 installd_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_242_28_0)
+(typeattributeset base_typeattr_242_28_0 ((and (domain) ((not (installd_28_0))))))
+(typeattribute base_typeattr_241_28_0)
+(typeattributeset base_typeattr_241_28_0 ((and (domain) ((not (inputflinger_28_0))))))
+(typeattribute base_typeattr_240_28_0)
+(typeattributeset base_typeattr_240_28_0 ((and (fs_type file_type) ((not (init_exec_28_0))))))
+(typeattribute base_typeattr_239_28_0)
+(typeattributeset base_typeattr_239_28_0 ((and (dev_type) ((not (kmem_device_28_0 port_device_28_0))))))
+(typeattribute base_typeattr_238_28_0)
+(typeattributeset base_typeattr_238_28_0 ((and (dev_type) ((not (device_28_0 alarm_device_28_0 ashmem_device_28_0 binder_device_28_0 hwbinder_device_28_0 dm_device_28_0 keychord_device_28_0 console_device_28_0 hw_random_device_28_0 kmem_device_28_0 port_device_28_0 ptmx_device_28_0 kmsg_device_28_0 null_device_28_0 random_device_28_0 owntty_device_28_0 zero_device_28_0 devpts_28_0))))))
+(typeattribute base_typeattr_237_28_0)
+(typeattributeset base_typeattr_237_28_0 ((and (dev_type) ((not (device_28_0 vndbinder_device_28_0 kmem_device_28_0 port_device_28_0))))))
+(typeattribute base_typeattr_236_28_0)
+(typeattributeset base_typeattr_236_28_0 ((and (fs_type) ((not (contextmount_type sdcard_type rootfs_28_0))))))
+(typeattribute base_typeattr_235_28_0)
+(typeattributeset base_typeattr_235_28_0 ((and (fs_type) ((not (contextmount_type sysfs_type sdcard_type rootfs_28_0 proc_28_0))))))
+(typeattribute base_typeattr_234_28_0)
+(typeattributeset base_typeattr_234_28_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_28_0))))))
+(typeattribute base_typeattr_233_28_0)
+(typeattributeset base_typeattr_233_28_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_28_0 runtime_event_log_tags_file_28_0 shell_data_file_28_0 nativetest_data_file_28_0 keystore_data_file_28_0 vold_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 misc_logd_file_28_0))))))
+(typeattribute base_typeattr_232_28_0)
+(typeattributeset base_typeattr_232_28_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_28_0 shell_data_file_28_0 nativetest_data_file_28_0 keystore_data_file_28_0 vold_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 misc_logd_file_28_0))))))
+(typeattribute base_typeattr_231_28_0)
+(typeattributeset base_typeattr_231_28_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_28_0 nativetest_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 misc_logd_file_28_0))))))
+(typeattribute base_typeattr_230_28_0)
+(typeattributeset base_typeattr_230_28_0 ((and (domain) ((not (hal_wifi_supplicant_server))))))
+(typeattribute base_typeattr_229_28_0)
+(typeattributeset base_typeattr_229_28_0 ((and (domain) ((not (hal_wifi_offload_server))))))
+(typeattribute base_typeattr_228_28_0)
+(typeattributeset base_typeattr_228_28_0 ((and (domain) ((not (hal_wifi_hostapd_server))))))
+(typeattribute base_typeattr_227_28_0)
+(typeattributeset base_typeattr_227_28_0 ((and (domain) ((not (hal_wifi_server))))))
+(typeattribute base_typeattr_226_28_0)
+(typeattributeset base_typeattr_226_28_0 ((and (domain) ((not (hal_weaver_server))))))
+(typeattribute base_typeattr_225_28_0)
+(typeattributeset base_typeattr_225_28_0 ((and (domain) ((not (hal_vr_server))))))
+(typeattribute base_typeattr_224_28_0)
+(typeattributeset base_typeattr_224_28_0 ((and (domain) ((not (hal_vibrator_server))))))
+(typeattribute base_typeattr_223_28_0)
+(typeattributeset base_typeattr_223_28_0 ((and (domain) ((not (hal_vehicle_server))))))
+(typeattribute base_typeattr_222_28_0)
+(typeattributeset base_typeattr_222_28_0 ((and (domain) ((not (hal_usb_gadget_server))))))
+(typeattribute base_typeattr_221_28_0)
+(typeattributeset base_typeattr_221_28_0 ((and (domain) ((not (hal_usb_server))))))
+(typeattribute base_typeattr_220_28_0)
+(typeattributeset base_typeattr_220_28_0 ((and (domain) ((not (hal_tv_input_server))))))
+(typeattribute base_typeattr_219_28_0)
+(typeattributeset base_typeattr_219_28_0 ((and (domain) ((not (hal_tv_cec_server))))))
+(typeattribute base_typeattr_218_28_0)
+(typeattributeset base_typeattr_218_28_0 ((and (domain) ((not (hal_thermal_server))))))
+(typeattribute base_typeattr_217_28_0)
+(typeattributeset base_typeattr_217_28_0 ((and (domain) ((not (hal_telephony_server))))))
+(typeattribute base_typeattr_216_28_0)
+(typeattributeset base_typeattr_216_28_0 ((and (domain) ((not (hal_sensors_server))))))
+(typeattribute base_typeattr_215_28_0)
+(typeattributeset base_typeattr_215_28_0 ((and (domain) ((not (hal_secure_element_server))))))
+(typeattribute base_typeattr_214_28_0)
+(typeattributeset base_typeattr_214_28_0 ((and (domain) ((not (hal_power_server))))))
+(typeattribute base_typeattr_213_28_0)
+(typeattributeset base_typeattr_213_28_0 ((and (domain) ((not (hal_oemlock_server))))))
+(typeattribute base_typeattr_212_28_0)
+(typeattributeset base_typeattr_212_28_0 ((and (domain) ((not (hal_nfc_server))))))
+(typeattribute base_typeattr_211_28_0)
+(typeattributeset base_typeattr_211_28_0 ((and (halserverdomain) ((not (hal_dumpstate_server hal_telephony_server))))))
+(typeattribute base_typeattr_210_28_0)
+(typeattributeset base_typeattr_210_28_0 ((and (halserverdomain) ((not (hal_automotive_socket_exemption hal_telephony_server hal_tetheroffload_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server))))))
+(typeattribute base_typeattr_209_28_0)
+(typeattributeset base_typeattr_209_28_0 ((and (halserverdomain) ((not (hal_bluetooth_server hal_telephony_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server))))))
+(typeattribute base_typeattr_208_28_0)
+(typeattributeset base_typeattr_208_28_0 ((and (domain) ((not (hal_neuralnetworks_server))))))
+(typeattribute base_typeattr_207_28_0)
+(typeattributeset base_typeattr_207_28_0 ((and (domain) ((not (hal_memtrack_server))))))
+(typeattribute base_typeattr_206_28_0)
+(typeattributeset base_typeattr_206_28_0 ((and (domain) ((not (hal_lowpan_server init_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_205_28_0)
+(typeattributeset base_typeattr_205_28_0 ((and (domain) ((not (hal_lowpan_server))))))
+(typeattribute base_typeattr_204_28_0)
+(typeattributeset base_typeattr_204_28_0 ((and (domain) ((not (hal_light_server))))))
+(typeattribute base_typeattr_203_28_0)
+(typeattributeset base_typeattr_203_28_0 ((and (domain) ((not (hal_keymaster_server))))))
+(typeattribute base_typeattr_202_28_0)
+(typeattributeset base_typeattr_202_28_0 ((and (domain) ((not (hal_ir_server))))))
+(typeattribute base_typeattr_201_28_0)
+(typeattributeset base_typeattr_201_28_0 ((and (domain) ((not (hal_health_server))))))
+(typeattribute base_typeattr_200_28_0)
+(typeattributeset base_typeattr_200_28_0 ((and (domain) ((not (hal_graphics_composer_server))))))
+(typeattribute base_typeattr_199_28_0)
+(typeattributeset base_typeattr_199_28_0 ((and (domain) ((not (hal_graphics_allocator_server))))))
+(typeattribute base_typeattr_198_28_0)
+(typeattributeset base_typeattr_198_28_0 ((and (domain) ((not (hal_gnss_server))))))
+(typeattribute base_typeattr_197_28_0)
+(typeattributeset base_typeattr_197_28_0 ((and (domain) ((not (hal_gatekeeper_server))))))
+(typeattribute base_typeattr_196_28_0)
+(typeattributeset base_typeattr_196_28_0 ((and (domain) ((not (hal_fingerprint_server))))))
+(typeattribute base_typeattr_195_28_0)
+(typeattributeset base_typeattr_195_28_0 ((and (domain) ((not (hal_dumpstate_server))))))
+(typeattribute base_typeattr_194_28_0)
+(typeattributeset base_typeattr_194_28_0 ((and (domain) ((not (hal_drm_server))))))
+(typeattribute base_typeattr_193_28_0)
+(typeattributeset base_typeattr_193_28_0 ((and (domain) ((not (hal_contexthub_server))))))
+(typeattribute base_typeattr_192_28_0)
+(typeattributeset base_typeattr_192_28_0 ((and (domain) ((not (hal_confirmationui_server))))))
+(typeattribute base_typeattr_191_28_0)
+(typeattributeset base_typeattr_191_28_0 ((and (data_file_type) ((not (anr_data_file_28_0 tombstone_data_file_28_0 zoneinfo_data_file_28_0))))))
+(typeattribute base_typeattr_190_28_0)
+(typeattributeset base_typeattr_190_28_0 ((and (domain) ((not (hal_configstore_server logd_28_0 su_28_0 tombstoned_28_0))))))
+(typeattribute base_typeattr_189_28_0)
+(typeattributeset base_typeattr_189_28_0 ((and (domain) ((not (hal_configstore_server))))))
+(typeattribute base_typeattr_188_28_0)
+(typeattributeset base_typeattr_188_28_0 ((and (domain) ((not (hal_cas_server))))))
+(typeattribute base_typeattr_187_28_0)
+(typeattributeset base_typeattr_187_28_0 ((and (halserverdomain) ((not (hal_camera_server))))))
+(typeattribute base_typeattr_186_28_0)
+(typeattributeset base_typeattr_186_28_0 ((and (domain) ((not (hal_camera_server))))))
+(typeattribute base_typeattr_185_28_0)
+(typeattributeset base_typeattr_185_28_0 ((and (domain) ((not (hal_broadcastradio_server))))))
+(typeattribute base_typeattr_184_28_0)
+(typeattributeset base_typeattr_184_28_0 ((and (domain) ((not (hal_bootctl_server))))))
+(typeattribute base_typeattr_183_28_0)
+(typeattributeset base_typeattr_183_28_0 ((and (domain) ((not (hal_bluetooth_server))))))
+(typeattribute base_typeattr_182_28_0)
+(typeattributeset base_typeattr_182_28_0 ((and (domain) ((not (hal_authsecret_server))))))
+(typeattribute base_typeattr_181_28_0)
+(typeattributeset base_typeattr_181_28_0 ((and (domain) ((not (hal_audiocontrol_server))))))
+(typeattribute base_typeattr_180_28_0)
+(typeattributeset base_typeattr_180_28_0 ((and (halserverdomain) ((not (hal_audio_server))))))
+(typeattribute base_typeattr_179_28_0)
+(typeattributeset base_typeattr_179_28_0 ((and (domain) ((not (hal_audio_server))))))
+(typeattribute base_typeattr_178_28_0)
+(typeattributeset base_typeattr_178_28_0 ((and (domain) ((not (hal_allocator_server))))))
+(typeattribute base_typeattr_177_28_0)
+(typeattributeset base_typeattr_177_28_0 ((and (domain) ((not (gatekeeperd_28_0))))))
+(typeattribute base_typeattr_176_28_0)
+(typeattributeset base_typeattr_176_28_0 ((and (domain) ((not (vold_28_0))))))
+(typeattribute base_typeattr_175_28_0)
+(typeattributeset base_typeattr_175_28_0 ((and (fs_type file_type) ((not (fsck_exec_28_0))))))
+(typeattribute base_typeattr_174_28_0)
+(typeattributeset base_typeattr_174_28_0 ((and (domain) ((not (init_28_0 vold_28_0))))))
+(typeattribute base_typeattr_173_28_0)
+(typeattributeset base_typeattr_173_28_0 ((and (domain) ((not (fingerprintd_28_0))))))
+(typeattribute base_typeattr_172_28_0)
+(typeattributeset base_typeattr_172_28_0 ((and (domain) ((not (dumpstate_28_0 shell_28_0 system_server_28_0 traceur_app_28_0))))))
+(typeattribute base_typeattr_171_28_0)
+(typeattributeset base_typeattr_171_28_0 ((and (domain) ((not (dumpstate_28_0))))))
+(typeattribute base_typeattr_170_28_0)
+(typeattributeset base_typeattr_170_28_0 ((and (service_manager_type) ((not (dumpstate_service_28_0 gatekeeper_service_28_0 incident_service_28_0 virtual_touchpad_service_28_0 vold_service_28_0 vr_hwc_service_28_0))))))
+(typeattribute base_typeattr_169_28_0)
+(typeattributeset base_typeattr_169_28_0 ((and (domain) ((not (drmserver_28_0))))))
+(typeattribute base_typeattr_168_28_0)
+(typeattributeset base_typeattr_168_28_0 ((and (coredomain) ((not (init_28_0))))))
+(typeattribute base_typeattr_167_28_0)
+(typeattributeset base_typeattr_167_28_0 ((and (domain) ((not (traced_probes_28_0))))))
+(typeattribute base_typeattr_166_28_0)
+(typeattributeset base_typeattr_166_28_0 ((and (domain) ((not (dnsmasq_28_0 dumpstate_28_0 init_28_0 install_recovery_28_0 installd_28_0 lmkd_28_0 netd_28_0 perfprofd_28_0 postinstall_dexopt_28_0 recovery_28_0 sdcardd_28_0 tee_28_0 ueventd_28_0 uncrypt_28_0 vendor_init_28_0 vold_28_0 vold_prepare_subdirs_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_165_28_0)
+(typeattributeset base_typeattr_165_28_0 ((and (coredomain) ((not (appdomain bootanim_28_0 crash_dump_28_0 init_28_0 kernel_28_0 perfprofd_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_164_28_0)
+(typeattributeset base_typeattr_164_28_0 ((not (coredomain))))
+(typeattribute base_typeattr_163_28_0)
+(typeattributeset base_typeattr_163_28_0 ((not (rootfs_28_0 system_file_28_0 vendor_file_28_0))))
+(typeattribute base_typeattr_162_28_0)
+(typeattributeset base_typeattr_162_28_0 ((and (domain) ((not (installd_28_0 profman_28_0))))))
+(typeattribute base_typeattr_161_28_0)
+(typeattributeset base_typeattr_161_28_0 ((and (domain) ((not (dumpstate_28_0 init_28_0 system_server_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_160_28_0)
+(typeattributeset base_typeattr_160_28_0 ((not (hwservicemanager_28_0))))
+(typeattribute base_typeattr_159_28_0)
+(typeattributeset base_typeattr_159_28_0 ((not (servicemanager_28_0 vndservicemanager_28_0))))
+(typeattribute base_typeattr_158_28_0)
+(typeattributeset base_typeattr_158_28_0 ((and (domain) ((not (appdomain adbd_28_0 dumpstate_28_0 installd_28_0 uncrypt_28_0))))))
+(typeattribute base_typeattr_157_28_0)
+(typeattributeset base_typeattr_157_28_0 ((and (domain) ((not (appdomain adbd_28_0 dumpstate_28_0 init_28_0 installd_28_0 system_server_28_0 uncrypt_28_0))))))
+(typeattribute base_typeattr_156_28_0)
+(typeattributeset base_typeattr_156_28_0 ((and (domain) ((not (adbd_28_0 dumpstate_28_0 init_28_0 installd_28_0 shell_28_0 vold_28_0))))))
+(typeattribute base_typeattr_155_28_0)
+(typeattributeset base_typeattr_155_28_0 ((and (domain) ((not (installd_28_0 shell_28_0 uncrypt_28_0))))))
+(typeattribute base_typeattr_154_28_0)
+(typeattributeset base_typeattr_154_28_0 ((and (domain) ((not (appdomain installd_28_0 uncrypt_28_0))))))
+(typeattribute base_typeattr_153_28_0)
+(typeattributeset base_typeattr_153_28_0 ((and (domain) ((not (runas_28_0 webview_zygote_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_152_28_0)
+(typeattributeset base_typeattr_152_28_0 ((and (domain) ((not (adbd_28_0 init_28_0 runas_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_151_28_0)
+(typeattributeset base_typeattr_151_28_0 ((and (domain) ((not (appdomain installd_28_0))))))
+(typeattribute base_typeattr_150_28_0)
+(typeattributeset base_typeattr_150_28_0 ((and (domain) ((not (appdomain installd_28_0 system_server_28_0 traced_probes_28_0))))))
+(typeattribute base_typeattr_149_28_0)
+(typeattributeset base_typeattr_149_28_0 ((and (domain) ((not (init_28_0 installd_28_0 system_app_28_0 system_server_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_148_28_0)
+(typeattributeset base_typeattr_148_28_0 ((not (domain))))
+(typeattribute base_typeattr_147_28_0)
+(typeattributeset base_typeattr_147_28_0 ((and (domain) ((not (untrusted_app_all))))))
+(typeattribute base_typeattr_146_28_0)
+(typeattributeset base_typeattr_146_28_0 ((and (file_type) ((not (apk_data_file_28_0 app_data_file_28_0 asec_public_file_28_0))))))
+(typeattribute base_typeattr_145_28_0)
+(typeattributeset base_typeattr_145_28_0 ((and (domain) ((not (dumpstate_28_0 shell_28_0 su_28_0))))))
+(typeattribute base_typeattr_144_28_0)
+(typeattributeset base_typeattr_144_28_0 ((and (domain) ((not (dumpstate_28_0 incidentd_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_143_28_0)
+(typeattributeset base_typeattr_143_28_0 ((and (domain) ((not (crash_dump_28_0 dumpstate_28_0 incidentd_28_0 mediacodec_28_0 mediaextractor_28_0 system_server_28_0 tombstoned_28_0))))))
+(typeattribute base_typeattr_142_28_0)
+(typeattributeset base_typeattr_142_28_0 ((and (domain) ((not (system_server_28_0 webview_zygote_28_0))))))
+(typeattribute base_typeattr_141_28_0)
+(typeattributeset base_typeattr_141_28_0 ((and (domain) ((not (system_server_28_0))))))
+(typeattribute base_typeattr_140_28_0)
+(typeattributeset base_typeattr_140_28_0 ((and (domain) ((not (system_server_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_139_28_0)
+(typeattributeset base_typeattr_139_28_0 ((and (domain) ((not (cppreopts_28_0 dex2oat_28_0 init_28_0 installd_28_0 otapreopt_slot_28_0 postinstall_dexopt_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_138_28_0)
+(typeattributeset base_typeattr_138_28_0 ((and (coredomain) ((not (system_executes_vendor_violators shell_28_0))))))
+(typeattribute base_typeattr_137_28_0)
+(typeattributeset base_typeattr_137_28_0 ((and (vendor_file_type) ((not (vendor_app_file_28_0 same_process_hal_file_28_0 vndk_sp_file_28_0))))))
+(typeattribute base_typeattr_136_28_0)
+(typeattributeset base_typeattr_136_28_0 ((and (coredomain) ((not (system_executes_vendor_violators init_28_0 shell_28_0))))))
+(typeattribute base_typeattr_135_28_0)
+(typeattributeset base_typeattr_135_28_0 ((and (exec_type) ((not (vendor_file_type crash_dump_exec_28_0 netutils_wrapper_exec_28_0))))))
+(typeattribute base_typeattr_134_28_0)
+(typeattributeset base_typeattr_134_28_0 ((and (domain) ((not (appdomain coredomain vendor_executes_system_violators vendor_init_28_0))))))
+(typeattribute base_typeattr_133_28_0)
+(typeattributeset base_typeattr_133_28_0 ((and (coredomain) ((not (init_28_0 shell_28_0))))))
+(typeattribute base_typeattr_132_28_0)
+(typeattributeset base_typeattr_132_28_0 ((and (coredomain) ((not (appdomain idmap_28_0 init_28_0 installd_28_0 system_server_28_0 webview_zygote_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_131_28_0)
+(typeattributeset base_typeattr_131_28_0 ((and (coredomain) ((not (appdomain dex2oat_28_0 idmap_28_0 init_28_0 installd_28_0 perfprofd_28_0 postinstall_dexopt_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_130_28_0)
+(typeattributeset base_typeattr_130_28_0 ((and (coredomain) ((not (data_between_core_and_vendor_violators init_28_0))))))
+(typeattribute base_typeattr_129_28_0)
+(typeattributeset base_typeattr_129_28_0 ((and (coredomain) ((not (data_between_core_and_vendor_violators init_28_0 vold_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_128_28_0)
+(typeattributeset base_typeattr_128_28_0 ((and (domain) ((not (appdomain coredomain data_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_127_28_0)
+(typeattributeset base_typeattr_127_28_0 ((and (core_data_file_type) ((not (system_data_file_28_0 vendor_data_file_28_0 unencrypted_data_file_28_0 zoneinfo_data_file_28_0))))))
+(typeattribute base_typeattr_126_28_0)
+(typeattributeset base_typeattr_126_28_0 ((and (core_data_file_type) ((not (system_data_file_28_0 vendor_data_file_28_0 zoneinfo_data_file_28_0))))))
+(typeattribute base_typeattr_125_28_0)
+(typeattributeset base_typeattr_125_28_0 ((and (core_data_file_type) ((not (unencrypted_data_file_28_0 zoneinfo_data_file_28_0))))))
+(typeattribute base_typeattr_124_28_0)
+(typeattributeset base_typeattr_124_28_0 ((and (vendor_init_28_0) ((not (data_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_123_28_0)
+(typeattributeset base_typeattr_123_28_0 ((and (core_data_file_type) ((not (zoneinfo_data_file_28_0))))))
+(typeattribute base_typeattr_122_28_0)
+(typeattributeset base_typeattr_122_28_0 ((and (domain) ((not (appdomain coredomain data_between_core_and_vendor_violators vendor_init_28_0))))))
+(typeattribute base_typeattr_121_28_0)
+(typeattributeset base_typeattr_121_28_0 ((and (data_file_type) ((not (core_data_file_type vendor_data_file_28_0))))))
+(typeattribute base_typeattr_120_28_0)
+(typeattributeset base_typeattr_120_28_0 ((and (data_file_type) ((not (core_data_file_type))))))
+(typeattribute base_typeattr_119_28_0)
+(typeattributeset base_typeattr_119_28_0 ((and (coredomain) ((not (appdomain data_between_core_and_vendor_violators init_28_0 vold_prepare_subdirs_28_0))))))
+(typeattribute base_typeattr_118_28_0)
+(typeattributeset base_typeattr_118_28_0 ((and (dev_type file_type) ((not (core_data_file_type coredomain_socket unlabeled_28_0))))))
+(typeattribute base_typeattr_117_28_0)
+(typeattributeset base_typeattr_117_28_0 ((and (coredomain) ((not (socket_between_core_and_vendor_violators init_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_116_28_0)
+(typeattributeset base_typeattr_116_28_0 ((and (core_data_file_type coredomain_socket unlabeled_28_0) ((not (pdx_endpoint_socket_type pdx_channel_socket_type app_data_file_28_0))))))
+(typeattribute base_typeattr_115_28_0)
+(typeattributeset base_typeattr_115_28_0 ((and (domain) ((not (appdomain coredomain socket_between_core_and_vendor_violators data_between_core_and_vendor_violators vendor_init_28_0))))))
+(typeattribute base_typeattr_114_28_0)
+(typeattributeset base_typeattr_114_28_0 ((and (domain) ((not (netdomain coredomain socket_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_113_28_0)
+(typeattributeset base_typeattr_113_28_0 ((and (coredomain) ((not (incidentd_28_0 init_28_0 logd_28_0 mdnsd_28_0 netd_28_0 su_28_0 tombstoned_28_0))))))
+(typeattribute base_typeattr_112_28_0)
+(typeattributeset base_typeattr_112_28_0 ((and (domain) ((not (appdomain coredomain socket_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_111_28_0)
+(typeattributeset base_typeattr_111_28_0 ((and (domain) ((not (coredomain socket_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_110_28_0)
+(typeattributeset base_typeattr_110_28_0 ((and (coredomain) ((not (adbd_28_0 init_28_0))))))
+(typeattribute base_typeattr_109_28_0)
+(typeattributeset base_typeattr_109_28_0 ((and (coredomain) ((not (shell_28_0 su_28_0))))))
+(typeattribute base_typeattr_108_28_0)
+(typeattributeset base_typeattr_108_28_0 ((and (coredomain) ((not (shell_28_0 su_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_107_28_0)
+(typeattributeset base_typeattr_107_28_0 ((and (service_manager_type) ((not (app_api_service ephemeral_app_api_service audioserver_service_28_0 cameraserver_service_28_0 drmserver_service_28_0 keystore_service_28_0 mediaserver_service_28_0 mediametrics_service_28_0 mediaextractor_service_28_0 mediadrmserver_service_28_0 nfc_service_28_0 radio_service_28_0 virtual_touchpad_service_28_0 vr_hwc_service_28_0 vr_manager_service_28_0))))))
+(typeattribute base_typeattr_106_28_0)
+(typeattributeset base_typeattr_106_28_0 ((and (appdomain) ((not (coredomain))))))
+(typeattribute base_typeattr_105_28_0)
+(typeattributeset base_typeattr_105_28_0 ((and (domain) ((not (appdomain coredomain binder_in_vendor_violators))))))
+(typeattribute base_typeattr_104_28_0)
+(typeattributeset base_typeattr_104_28_0 ((and (domain) ((not (hwservicemanager_28_0 servicemanager_28_0 vndservicemanager_28_0))))))
+(typeattribute base_typeattr_103_28_0)
+(typeattributeset base_typeattr_103_28_0 ((and (domain) ((not (domain hal_bootctl_server init_28_0 recovery_28_0 ueventd_28_0 uncrypt_28_0 update_engine_28_0 vendor_init_28_0 vold_28_0))))))
+(typeattribute base_typeattr_102_28_0)
+(typeattributeset base_typeattr_102_28_0 ((and (domain) ((not (install_recovery_28_0 recovery_28_0))))))
+(typeattribute base_typeattr_101_28_0)
+(typeattributeset base_typeattr_101_28_0 ((and (domain) ((not (recovery_28_0 update_engine_28_0))))))
+(typeattribute base_typeattr_100_28_0)
+(typeattributeset base_typeattr_100_28_0 ((and (domain) ((not (e2fs_28_0 fsck_28_0 init_28_0 recovery_28_0 vold_28_0))))))
+(typeattribute base_typeattr_99_28_0)
+(typeattributeset base_typeattr_99_28_0 ((and (domain) ((not (init_28_0 recovery_28_0 shell_28_0 system_server_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_98_28_0)
+(typeattributeset base_typeattr_98_28_0 ((and (domain) ((not (dumpstate_28_0 init_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_97_28_0)
+(typeattributeset base_typeattr_97_28_0 ((and (domain) ((not (hal_drm_server hal_cas_server adbd_28_0 dumpstate_28_0 init_28_0 mediadrmserver_28_0 recovery_28_0 shell_28_0 system_server_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_96_28_0)
+(typeattributeset base_typeattr_96_28_0 ((and (domain) ((not (coredomain vendor_init_28_0))))))
+(typeattribute base_typeattr_95_28_0)
+(typeattributeset base_typeattr_95_28_0 ((and (domain) ((not (init_28_0 system_server_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_94_28_0)
+(typeattributeset base_typeattr_94_28_0 ((and (domain) ((not (init_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_93_28_0)
+(typeattributeset base_typeattr_93_28_0 ((and (fs_type) ((not (contextmount_type))))))
+(typeattribute base_typeattr_92_28_0)
+(typeattributeset base_typeattr_92_28_0 ((and (domain) ((not (shell_28_0))))))
+(typeattribute base_typeattr_91_28_0)
+(typeattributeset base_typeattr_91_28_0 ((and (fs_type) ((not (rootfs_28_0))))))
+(typeattribute base_typeattr_90_28_0)
+(typeattributeset base_typeattr_90_28_0 ((and (domain) ((not (appdomain bootanim_28_0 recovery_28_0))))))
+(typeattribute base_typeattr_89_28_0)
+(typeattributeset base_typeattr_89_28_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_28_0 postinstall_file_28_0))))))
+(typeattribute base_typeattr_88_28_0)
+(typeattributeset base_typeattr_88_28_0 ((and (domain) ((not (appdomain dumpstate_28_0 mediaextractor_28_0 shell_28_0 su_28_0 webview_zygote_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_87_28_0)
+(typeattributeset base_typeattr_87_28_0 ((and (fs_type) ((not (sdcard_type))))))
+(typeattribute base_typeattr_86_28_0)
+(typeattributeset base_typeattr_86_28_0 ((and (domain) ((not (init_28_0 kernel_28_0 otapreopt_chroot_28_0 recovery_28_0 update_engine_28_0 vold_28_0 zygote_28_0))))))
+(typeattribute base_typeattr_85_28_0)
+(typeattributeset base_typeattr_85_28_0 ((and (domain) ((not (init_28_0 kernel_28_0 recovery_28_0))))))
+(typeattribute base_typeattr_84_28_0)
+(typeattributeset base_typeattr_84_28_0 ((and (domain) ((not (init_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_83_28_0)
+(typeattributeset base_typeattr_83_28_0 ((and (domain) ((not (init_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_82_28_0)
+(typeattributeset base_typeattr_82_28_0 ((and (domain) ((not (shell_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_81_28_0)
+(typeattributeset base_typeattr_81_28_0 ((and (file_type) ((not (exec_type postinstall_file_28_0))))))
+(typeattribute base_typeattr_80_28_0)
+(typeattributeset base_typeattr_80_28_0 ((and (domain) ((not (init_28_0 shell_28_0 ueventd_28_0 vendor_init_28_0))))))
+(typeattribute base_typeattr_79_28_0)
+(typeattributeset base_typeattr_79_28_0 ((and (domain) ((not (init_28_0 shell_28_0 system_server_28_0 ueventd_28_0))))))
+(typeattribute base_typeattr_78_28_0)
+(typeattributeset base_typeattr_78_28_0 ((and (domain) ((not (kernel_28_0))))))
+(typeattribute base_typeattr_77_28_0)
+(typeattributeset base_typeattr_77_28_0 ((and (domain) ((not (domain healthd_28_0 init_28_0 kernel_28_0 recovery_28_0 tee_28_0 ueventd_28_0 uncrypt_28_0))))))
+(typeattribute base_typeattr_76_28_0)
+(typeattributeset base_typeattr_76_28_0 ((and (domain) ((not (init_28_0 kernel_28_0 ueventd_28_0 vold_28_0))))))
+(typeattribute base_typeattr_75_28_0)
+(typeattributeset base_typeattr_75_28_0 ((and (domain) ((not (init_28_0 recovery_28_0))))))
+(typeattribute base_typeattr_74_28_0)
+(typeattributeset base_typeattr_74_28_0 ((and (domain) ((not (domain))))))
+(typeattribute base_typeattr_73_28_0)
+(typeattributeset base_typeattr_73_28_0 ((and (domain) ((not (coredomain))))))
+(typeattribute base_typeattr_72_28_0)
+(typeattributeset base_typeattr_72_28_0 ((and (domain) ((not (appdomain coredomain))))))
+(typeattribute base_typeattr_71_28_0)
+(typeattributeset base_typeattr_71_28_0 ((and (domain) ((not (isolated_app_28_0 servicemanager_28_0 vndservicemanager_28_0))))))
+(typeattribute base_typeattr_70_28_0)
+(typeattributeset base_typeattr_70_28_0 ((and (appdomain coredomain binder_in_vendor_violators) ((not (hwservicemanager_28_0))))))
+(typeattribute base_typeattr_69_28_0)
+(typeattributeset base_typeattr_69_28_0 ((and (domain) ((not (init_28_0))))))
+(typeattribute base_typeattr_68_28_0)
+(typeattributeset base_typeattr_68_28_0 ((and (domain) ((not (display_service_server))))))
+(typeattribute base_typeattr_67_28_0)
+(typeattributeset base_typeattr_67_28_0 ((and (domain) ((not (crash_dump_28_0 init_28_0 keystore_28_0 logd_28_0))))))
+(typeattribute base_typeattr_66_28_0)
+(typeattributeset base_typeattr_66_28_0 ((and (domain) ((not (cameraserver_28_0))))))
+(typeattribute base_typeattr_65_28_0)
+(typeattributeset base_typeattr_65_28_0 ((and (domain) ((not (bufferhubd_28_0))))))
+(typeattribute base_typeattr_64_28_0)
+(typeattributeset base_typeattr_64_28_0 ((and (domain) ((not (bootstat_28_0 init_28_0))))))
+(typeattribute base_typeattr_63_28_0)
+(typeattributeset base_typeattr_63_28_0 ((and (domain) ((not (bootstat_28_0 init_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_62_28_0)
+(typeattributeset base_typeattr_62_28_0 ((and (domain) ((not (bootanim_28_0 bootstat_28_0 dumpstate_28_0 init_28_0 recovery_28_0 shell_28_0 system_server_28_0))))))
+(typeattribute base_typeattr_61_28_0)
+(typeattributeset base_typeattr_61_28_0 ((and (appdomain) ((not (bluetooth_28_0 system_app_28_0))))))
+(typeattribute base_typeattr_60_28_0)
+(typeattributeset base_typeattr_60_28_0 ((and (data_file_type) ((not (system_data_file_28_0 apk_data_file_28_0 dalvikcache_data_file_28_0))))))
+(typeattribute base_typeattr_59_28_0)
+(typeattributeset base_typeattr_59_28_0 ((all)))
+(typeattribute base_typeattr_58_28_0)
+(typeattributeset base_typeattr_58_28_0 ((and (appdomain) ((not (bluetooth_28_0 nfc_28_0))))))
+(typeattribute base_typeattr_57_28_0)
+(typeattributeset base_typeattr_57_28_0 ((and (appdomain) ((not (untrusted_app_all platform_app_28_0 priv_app_28_0))))))
+(typeattribute base_typeattr_56_28_0)
+(typeattributeset base_typeattr_56_28_0 ((and (appdomain) ((not (platform_app_28_0))))))
+(typeattribute base_typeattr_55_28_0)
+(typeattributeset base_typeattr_55_28_0 ((and (domain) ((not (appdomain crash_dump_28_0))))))
+(typeattribute base_typeattr_54_28_0)
+(typeattributeset base_typeattr_54_28_0 ((and (appdomain) ((not (shell_28_0 su_28_0))))))
+(typeattribute base_typeattr_53_28_0)
+(typeattributeset base_typeattr_53_28_0 ((and (appdomain) ((not (shell_28_0))))))
+(typeattribute base_typeattr_52_28_0)
+(typeattributeset base_typeattr_52_28_0 ((and (domain) ((not (appdomain))))))
+(typeattribute base_typeattr_51_28_0)
+(typeattributeset base_typeattr_51_28_0 ((and (appdomain) ((not (radio_28_0))))))
+(typeattribute base_typeattr_50_28_0)
+(typeattributeset base_typeattr_50_28_0 ((and (appdomain) ((not (nfc_28_0))))))
+(typeattribute base_typeattr_49_28_0)
+(typeattributeset base_typeattr_49_28_0 ((and (appdomain) ((not (su_28_0))))))
+(typeattribute base_typeattr_48_28_0)
+(typeattributeset base_typeattr_48_28_0 ((and (appdomain) ((not (bluetooth_28_0))))))
+(typeattribute base_typeattr_47_28_0)
+(typeattributeset base_typeattr_47_28_0 ((and (appdomain untrusted_v2_app_28_0) ((not (ephemeral_app_28_0))))))
+(typeattribute base_typeattr_46_28_0)
+(typeattributeset base_typeattr_46_28_0 ((and (appdomain) ((not (ephemeral_app_28_0 isolated_app_28_0))))))
+(typeattribute base_typeattr_45_28_0)
+(typeattributeset base_typeattr_45_28_0 ((and (appdomain) ((not (untrusted_v2_app_28_0))))))
+(typeattribute base_typeattr_44_28_0)
+(typeattributeset base_typeattr_44_28_0 ((and (appdomain) ((not (ephemeral_app_28_0 untrusted_v2_app_28_0))))))
+(typeattribute base_typeattr_43_28_0)
+(typeattributeset base_typeattr_43_28_0 ((and (appdomain) ((not (isolated_app_28_0))))))
+(typeattribute base_typeattr_42_28_0)
+(typeattributeset base_typeattr_42_28_0 ((and (hal_wifi_supplicant_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_41_28_0)
+(typeattributeset base_typeattr_41_28_0 ((and (hal_wifi_offload_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_40_28_0)
+(typeattributeset base_typeattr_40_28_0 ((and (hal_wifi_hostapd_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_39_28_0)
+(typeattributeset base_typeattr_39_28_0 ((and (hal_wifi_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_38_28_0)
+(typeattributeset base_typeattr_38_28_0 ((and (hal_weaver_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_37_28_0)
+(typeattributeset base_typeattr_37_28_0 ((and (hal_vr_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_36_28_0)
+(typeattributeset base_typeattr_36_28_0 ((and (hal_vibrator_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_35_28_0)
+(typeattributeset base_typeattr_35_28_0 ((and (hal_vehicle_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_34_28_0)
+(typeattributeset base_typeattr_34_28_0 ((and (hal_usb_gadget_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_33_28_0)
+(typeattributeset base_typeattr_33_28_0 ((and (hal_usb_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_32_28_0)
+(typeattributeset base_typeattr_32_28_0 ((and (hal_tv_input_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_31_28_0)
+(typeattributeset base_typeattr_31_28_0 ((and (hal_tv_cec_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_30_28_0)
+(typeattributeset base_typeattr_30_28_0 ((and (hal_thermal_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_29_28_0)
+(typeattributeset base_typeattr_29_28_0 ((and (hal_tetheroffload_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_28_28_0)
+(typeattributeset base_typeattr_28_28_0 ((and (hal_telephony_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_27_28_0)
+(typeattributeset base_typeattr_27_28_0 ((and (hal_sensors_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_26_28_0)
+(typeattributeset base_typeattr_26_28_0 ((and (hal_secure_element_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_25_28_0)
+(typeattributeset base_typeattr_25_28_0 ((and (hal_power_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_24_28_0)
+(typeattributeset base_typeattr_24_28_0 ((and (hal_oemlock_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_23_28_0)
+(typeattributeset base_typeattr_23_28_0 ((and (hal_nfc_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_22_28_0)
+(typeattributeset base_typeattr_22_28_0 ((and (hal_neuralnetworks_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_21_28_0)
+(typeattributeset base_typeattr_21_28_0 ((and (hal_memtrack_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_20_28_0)
+(typeattributeset base_typeattr_20_28_0 ((and (hal_lowpan_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_19_28_0)
+(typeattributeset base_typeattr_19_28_0 ((and (hal_light_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_18_28_0)
+(typeattributeset base_typeattr_18_28_0 ((and (hal_keymaster_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_17_28_0)
+(typeattributeset base_typeattr_17_28_0 ((and (hal_ir_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_16_28_0)
+(typeattributeset base_typeattr_16_28_0 ((and (hal_health_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_15_28_0)
+(typeattributeset base_typeattr_15_28_0 ((and (hal_graphics_composer_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_14_28_0)
+(typeattributeset base_typeattr_14_28_0 ((and (hal_graphics_allocator_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_13_28_0)
+(typeattributeset base_typeattr_13_28_0 ((and (hal_gnss_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_12_28_0)
+(typeattributeset base_typeattr_12_28_0 ((and (hal_gatekeeper_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_11_28_0)
+(typeattributeset base_typeattr_11_28_0 ((and (hal_fingerprint_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_10_28_0)
+(typeattributeset base_typeattr_10_28_0 ((and (hal_evs_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_9_28_0)
+(typeattributeset base_typeattr_9_28_0 ((and (hal_dumpstate_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_8_28_0)
+(typeattributeset base_typeattr_8_28_0 ((and (hal_contexthub_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_7_28_0)
+(typeattributeset base_typeattr_7_28_0 ((and (hal_confirmationui_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_6_28_0)
+(typeattributeset base_typeattr_6_28_0 ((and (hal_configstore_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_5_28_0)
+(typeattributeset base_typeattr_5_28_0 ((and (hal_broadcastradio_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_4_28_0)
+(typeattributeset base_typeattr_4_28_0 ((and (hal_bluetooth_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_3_28_0)
+(typeattributeset base_typeattr_3_28_0 ((and (hal_authsecret_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_2_28_0)
+(typeattributeset base_typeattr_2_28_0 ((and (hal_audiocontrol_server) ((not (halserverdomain))))))
+(typeattribute base_typeattr_1_28_0)
+(typeattributeset base_typeattr_1_28_0 ((and (hal_allocator_server) ((not (halserverdomain))))))
diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
index c8edf9f..4e0aae2 100644
--- a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
@@ -23,6 +23,7 @@
e2fs
e2fs_exec
exfat
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
index 6106748..747478c 100644
--- a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
@@ -27,6 +27,7 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
diff --git a/prebuilts/api/28.0/private/surfaceflinger.te b/prebuilts/api/28.0/private/surfaceflinger.te
index e64b8de..e2f1a07 100644
--- a/prebuilts/api/28.0/private/surfaceflinger.te
+++ b/prebuilts/api/28.0/private/surfaceflinger.te
@@ -14,6 +14,7 @@
hal_client_domain(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_composer)
hal_client_domain(surfaceflinger, hal_configstore)
+hal_client_domain(surfaceflinger, hal_power)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
diff --git a/prebuilts/api/28.0/private/system_server.te b/prebuilts/api/28.0/private/system_server.te
index b037fe4..fa84c32 100644
--- a/prebuilts/api/28.0/private/system_server.te
+++ b/prebuilts/api/28.0/private/system_server.te
@@ -536,6 +536,10 @@
# Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop)
+# Audio service in system server can read exported audio properties,
+# such as camera shutter enforcement
+get_prop(system_server, exported_audio_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index 09200b8..b0397e9 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -66,6 +66,7 @@
type vendor_security_patch_level_prop, property_type;
# Properties for whitelisting
+type exported_audio_prop, property_type;
type exported_bluetooth_prop, property_type;
type exported_config_prop, property_type;
type exported_dalvik_prop, property_type;
diff --git a/prebuilts/api/28.0/public/property_contexts b/prebuilts/api/28.0/public/property_contexts
index 842a885..4f81c1c 100644
--- a/prebuilts/api/28.0/public/property_contexts
+++ b/prebuilts/api/28.0/public/property_contexts
@@ -3,6 +3,7 @@
# vendor-init-settable
af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
diff --git a/prebuilts/api/28.0/public/vendor_init.te b/prebuilts/api/28.0/public/vendor_init.te
index d079873..4e4b313 100644
--- a/prebuilts/api/28.0/public/vendor_init.te
+++ b/prebuilts/api/28.0/public/vendor_init.te
@@ -170,6 +170,7 @@
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
diff --git a/prebuilts/api/28.0/vendor_sepolicy.cil b/prebuilts/api/28.0/vendor_sepolicy.cil
new file mode 100644
index 0000000..e116208
--- /dev/null
+++ b/prebuilts/api/28.0/vendor_sepolicy.cil
@@ -0,0 +1,1300 @@
+(genfscon nsfs / (u object_r nsfs ((s0) (s0))))
+(genfscon sysfs /devices/platform/9020000.goldfish_battery/power_supply (u object_r sysfs_batteryinfo ((s0) (s0))))
+(genfscon sysfs /devices/platform/ANDR0001:00/properties/android (u object_r sysfs_dt_firmware_android ((s0) (s0))))
+(genfscon sysfs /devices/pci0000:00/0000:00:08.0/virtio5/net (u object_r sysfs_net ((s0) (s0))))
+(genfscon sysfs /devices/platform/GFSH0001:00/power_supply (u object_r sysfs_batteryinfo ((s0) (s0))))
+(genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim0/net (u object_r sysfs_net ((s0) (s0))))
+(genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim1/net (u object_r sysfs_net ((s0) (s0))))
+(genfscon sysfs /devices/platform/GFSH0007:00/rtc (u object_r sysfs_rtc ((s0) (s0))))
+(genfscon sysfs /devices/pnp0/00:00/rtc (u object_r sysfs_rtc ((s0) (s0))))
+(typeattributeset dev_type (device_28_0 alarm_device_28_0 ashmem_device_28_0 audio_device_28_0 audio_timer_device_28_0 audio_seq_device_28_0 binder_device_28_0 hwbinder_device_28_0 vndbinder_device_28_0 block_device_28_0 camera_device_28_0 dm_device_28_0 keychord_device_28_0 loop_control_device_28_0 loop_device_28_0 pmsg_device_28_0 radio_device_28_0 ram_device_28_0 rtc_device_28_0 vold_device_28_0 console_device_28_0 cpuctl_device_28_0 fscklogs_28_0 full_device_28_0 gpu_device_28_0 graphics_device_28_0 hw_random_device_28_0 input_device_28_0 kmem_device_28_0 port_device_28_0 lowpan_device_28_0 mtd_device_28_0 mtp_device_28_0 nfc_device_28_0 ptmx_device_28_0 kmsg_device_28_0 kmsg_debug_device_28_0 null_device_28_0 random_device_28_0 secure_element_device_28_0 sensors_device_28_0 serial_device_28_0 socket_device_28_0 owntty_device_28_0 tty_device_28_0 video_device_28_0 vcs_device_28_0 zero_device_28_0 fuse_device_28_0 iio_device_28_0 ion_device_28_0 qtaguid_device_28_0 watchdog_device_28_0 uhid_device_28_0 uio_device_28_0 tun_device_28_0 usbaccessory_device_28_0 usb_device_28_0 properties_device_28_0 properties_serial_28_0 property_info_28_0 i2c_device_28_0 hci_attach_dev_28_0 rpmsg_device_28_0 root_block_device_28_0 frp_block_device_28_0 system_block_device_28_0 recovery_block_device_28_0 boot_block_device_28_0 userdata_block_device_28_0 cache_block_device_28_0 swap_block_device_28_0 metadata_block_device_28_0 misc_block_device_28_0 ppp_device_28_0 tee_device_28_0 qemu_device))
+(typeattributeset domain (adbd_28_0 audioserver_28_0 blkid_28_0 blkid_untrusted_28_0 bluetooth_28_0 bootanim_28_0 bootstat_28_0 bufferhubd_28_0 cameraserver_28_0 charger_28_0 clatd_28_0 cppreopts_28_0 crash_dump_28_0 dex2oat_28_0 dhcp_28_0 dnsmasq_28_0 drmserver_28_0 dumpstate_28_0 e2fs_28_0 ephemeral_app_28_0 fingerprintd_28_0 fsck_28_0 fsck_untrusted_28_0 gatekeeperd_28_0 healthd_28_0 hwservicemanager_28_0 idmap_28_0 incident_28_0 incident_helper_28_0 incidentd_28_0 init_28_0 inputflinger_28_0 install_recovery_28_0 installd_28_0 isolated_app_28_0 kernel_28_0 keystore_28_0 lmkd_28_0 logd_28_0 logpersist_28_0 mdnsd_28_0 mediacodec_28_0 mediadrmserver_28_0 mediaextractor_28_0 mediametrics_28_0 mediaprovider_28_0 mediaserver_28_0 modprobe_28_0 mtp_28_0 netd_28_0 netutils_wrapper_28_0 nfc_28_0 otapreopt_chroot_28_0 otapreopt_slot_28_0 performanced_28_0 perfprofd_28_0 platform_app_28_0 postinstall_28_0 postinstall_dexopt_28_0 ppp_28_0 preopt2cachename_28_0 priv_app_28_0 profman_28_0 racoon_28_0 radio_28_0 recovery_28_0 recovery_persist_28_0 recovery_refresh_28_0 runas_28_0 sdcardd_28_0 secure_element_28_0 servicemanager_28_0 sgdisk_28_0 shared_relro_28_0 shell_28_0 slideshow_28_0 su_28_0 surfaceflinger_28_0 system_app_28_0 system_server_28_0 tee_28_0 thermalserviced_28_0 tombstoned_28_0 toolbox_28_0 traced_probes_28_0 traceur_app_28_0 tzdatacheck_28_0 ueventd_28_0 uncrypt_28_0 untrusted_app_28_0 untrusted_app_27_28_0 untrusted_app_25_28_0 untrusted_v2_app_28_0 update_engine_28_0 update_verifier_28_0 usbd_28_0 vdc_28_0 vendor_init_28_0 vendor_shell_28_0 virtual_touchpad_28_0 vndservicemanager_28_0 vold_28_0 vold_prepare_subdirs_28_0 vr_hwc_28_0 watchdogd_28_0 webview_zygote_28_0 wificond_28_0 wpantund_28_0 zygote_28_0 hal_audio_default hal_audiocontrol_default hal_authsecret_default hal_bluetooth_default hal_bootctl_default hal_broadcastradio_default hal_camera_default hal_cas_default hal_configstore_default hal_confirmationui_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_evs_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_lowpan_default hal_memtrack_default hal_nfc_default hal_power_default hal_radio_config_default hal_radio_default hal_secure_element_default hal_sensors_default hal_tetheroffload_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vehicle_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_hostapd_default hal_wifi_offload_default hal_wifi_supplicant_default rild vendor_modprobe createns dhcpclient dhcpserver execns goldfish_setup hal_drm_clearkey hal_drm_widevine hostapd_nohidl ipv6proxy qemu_props))
+(typeattributeset fs_type (device_28_0 labeledfs_28_0 pipefs_28_0 sockfs_28_0 rootfs_28_0 proc_28_0 proc_security_28_0 proc_drop_caches_28_0 proc_overcommit_memory_28_0 proc_min_free_order_shift_28_0 usermodehelper_28_0 sysfs_usermodehelper_28_0 qtaguid_proc_28_0 proc_qtaguid_stat_28_0 proc_bluetooth_writable_28_0 proc_abi_28_0 proc_asound_28_0 proc_buddyinfo_28_0 proc_cmdline_28_0 proc_cpuinfo_28_0 proc_dirty_28_0 proc_diskstats_28_0 proc_extra_free_kbytes_28_0 proc_filesystems_28_0 proc_hostname_28_0 proc_hung_task_28_0 proc_interrupts_28_0 proc_iomem_28_0 proc_kmsg_28_0 proc_loadavg_28_0 proc_max_map_count_28_0 proc_meminfo_28_0 proc_misc_28_0 proc_modules_28_0 proc_mounts_28_0 proc_net_28_0 proc_page_cluster_28_0 proc_pagetypeinfo_28_0 proc_panic_28_0 proc_perf_28_0 proc_pid_max_28_0 proc_pipe_conf_28_0 proc_random_28_0 proc_sched_28_0 proc_stat_28_0 proc_swaps_28_0 proc_sysrq_28_0 proc_timer_28_0 proc_tty_drivers_28_0 proc_uid_cputime_showstat_28_0 proc_uid_cputime_removeuid_28_0 proc_uid_io_stats_28_0 proc_uid_procstat_set_28_0 proc_uid_time_in_state_28_0 proc_uid_concurrent_active_time_28_0 proc_uid_concurrent_policy_time_28_0 proc_uid_cpupower_28_0 proc_uptime_28_0 proc_version_28_0 proc_vmallocinfo_28_0 proc_vmstat_28_0 proc_zoneinfo_28_0 selinuxfs_28_0 cgroup_28_0 cgroup_bpf_28_0 sysfs_28_0 sysfs_android_usb_28_0 sysfs_uio_28_0 sysfs_batteryinfo_28_0 sysfs_bluetooth_writable_28_0 sysfs_dm_28_0 sysfs_dt_firmware_android_28_0 sysfs_ipv4_28_0 sysfs_kernel_notes_28_0 sysfs_leds_28_0 sysfs_hwrandom_28_0 sysfs_nfc_power_writable_28_0 sysfs_wake_lock_28_0 sysfs_mac_address_28_0 sysfs_net_28_0 sysfs_power_28_0 sysfs_rtc_28_0 sysfs_switch_28_0 sysfs_usb_28_0 sysfs_wakeup_reasons_28_0 sysfs_fs_ext4_features_28_0 fs_bpf_28_0 configfs_28_0 sysfs_devices_system_cpu_28_0 sysfs_lowmemorykiller_28_0 sysfs_wlan_fwpath_28_0 sysfs_vibrator_28_0 sysfs_thermal_28_0 sysfs_zram_28_0 sysfs_zram_uevent_28_0 inotify_28_0 devpts_28_0 tmpfs_28_0 shm_28_0 mqueue_28_0 fuse_28_0 sdcardfs_28_0 vfat_28_0 exfat_28_0 debugfs_28_0 debugfs_mmc_28_0 debugfs_trace_marker_28_0 debugfs_tracing_28_0 debugfs_tracing_debug_28_0 debugfs_tracing_instances_28_0 debugfs_wakeup_sources_28_0 debugfs_wifi_tracing_28_0 pstorefs_28_0 functionfs_28_0 oemfs_28_0 usbfs_28_0 binfmt_miscfs_28_0 app_fusefs_28_0 sysfs_writable nsfs firmware_file))
+(typeattributeset contextmount_type (oemfs_28_0 app_fusefs_28_0 firmware_file))
+(typeattributeset file_type (adbd_exec_28_0 bootanim_exec_28_0 bootstat_exec_28_0 bufferhubd_exec_28_0 cameraserver_exec_28_0 clatd_exec_28_0 cppreopts_exec_28_0 crash_dump_exec_28_0 dex2oat_exec_28_0 dhcp_exec_28_0 dnsmasq_exec_28_0 drmserver_exec_28_0 drmserver_socket_28_0 dumpstate_exec_28_0 e2fs_exec_28_0 unlabeled_28_0 system_file_28_0 vendor_hal_file_28_0 vendor_file_28_0 vendor_app_file_28_0 vendor_configs_file_28_0 same_process_hal_file_28_0 vndk_sp_file_28_0 vendor_framework_file_28_0 vendor_overlay_file_28_0 metadata_file_28_0 vold_metadata_file_28_0 runtime_event_log_tags_file_28_0 logcat_exec_28_0 coredump_file_28_0 system_data_file_28_0 vendor_data_file_28_0 unencrypted_data_file_28_0 install_data_file_28_0 drm_data_file_28_0 adb_data_file_28_0 anr_data_file_28_0 tombstone_data_file_28_0 tombstone_wifi_data_file_28_0 apk_data_file_28_0 apk_tmp_file_28_0 apk_private_data_file_28_0 apk_private_tmp_file_28_0 dalvikcache_data_file_28_0 ota_data_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 profman_dump_data_file_28_0 resourcecache_data_file_28_0 shell_data_file_28_0 property_data_file_28_0 bootchart_data_file_28_0 heapdump_data_file_28_0 nativetest_data_file_28_0 ringtone_file_28_0 preloads_data_file_28_0 preloads_media_file_28_0 dhcp_data_file_28_0 mnt_media_rw_file_28_0 mnt_user_file_28_0 mnt_expand_file_28_0 storage_file_28_0 mnt_media_rw_stub_file_28_0 storage_stub_file_28_0 mnt_vendor_file_28_0 postinstall_mnt_dir_28_0 postinstall_file_28_0 adb_keys_file_28_0 audio_data_file_28_0 audioserver_data_file_28_0 bluetooth_data_file_28_0 bluetooth_logs_data_file_28_0 bootstat_data_file_28_0 boottrace_data_file_28_0 camera_data_file_28_0 gatekeeper_data_file_28_0 incident_data_file_28_0 keychain_data_file_28_0 keystore_data_file_28_0 media_data_file_28_0 media_rw_data_file_28_0 misc_user_data_file_28_0 net_data_file_28_0 network_watchlist_data_file_28_0 nfc_data_file_28_0 radio_data_file_28_0 recovery_data_file_28_0 shared_relro_file_28_0 systemkeys_data_file_28_0 textclassifier_data_file_28_0 trace_data_file_28_0 vpn_data_file_28_0 wifi_data_file_28_0 zoneinfo_data_file_28_0 vold_data_file_28_0 perfprofd_data_file_28_0 tee_data_file_28_0 update_engine_data_file_28_0 update_engine_log_data_file_28_0 method_trace_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_private_backup_file_28_0 cache_recovery_file_28_0 efs_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 icon_file_28_0 asec_apk_file_28_0 asec_public_file_28_0 asec_image_file_28_0 backup_data_file_28_0 bluetooth_efs_file_28_0 fingerprintd_data_file_28_0 fingerprint_vendor_data_file_28_0 app_fuse_file_28_0 adbd_socket_28_0 bluetooth_socket_28_0 dnsproxyd_socket_28_0 dumpstate_socket_28_0 fwmarkd_socket_28_0 lmkd_socket_28_0 logd_socket_28_0 logdr_socket_28_0 logdw_socket_28_0 mdns_socket_28_0 mdnsd_socket_28_0 misc_logd_file_28_0 mtpd_socket_28_0 netd_socket_28_0 property_socket_28_0 racoon_socket_28_0 rild_socket_28_0 rild_debug_socket_28_0 system_wpa_socket_28_0 system_ndebug_socket_28_0 tombstoned_crash_socket_28_0 tombstoned_java_trace_socket_28_0 tombstoned_intercept_socket_28_0 traced_producer_socket_28_0 traced_consumer_socket_28_0 uncrypt_socket_28_0 wpa_socket_28_0 zygote_socket_28_0 gps_control_28_0 pdx_display_dir_28_0 pdx_performance_dir_28_0 pdx_bufferhub_dir_28_0 pdx_display_client_endpoint_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0 file_contexts_file_28_0 mac_perms_file_28_0 property_contexts_file_28_0 seapp_contexts_file_28_0 sepolicy_file_28_0 service_contexts_file_28_0 nonplat_service_contexts_file_28_0 hwservice_contexts_file_28_0 vndservice_contexts_file_28_0 audiohal_data_file_28_0 fingerprintd_exec_28_0 fsck_exec_28_0 gatekeeperd_exec_28_0 healthd_exec_28_0 hwservicemanager_exec_28_0 idmap_exec_28_0 init_exec_28_0 inputflinger_exec_28_0 install_recovery_exec_28_0 installd_exec_28_0 keystore_exec_28_0 lmkd_exec_28_0 logd_exec_28_0 mediacodec_exec_28_0 mediadrmserver_exec_28_0 mediaextractor_exec_28_0 mediametrics_exec_28_0 mediaserver_exec_28_0 mtp_exec_28_0 netd_exec_28_0 netutils_wrapper_exec_28_0 otapreopt_chroot_exec_28_0 otapreopt_slot_exec_28_0 performanced_exec_28_0 perfprofd_exec_28_0 ppp_exec_28_0 preopt2cachename_exec_28_0 profman_exec_28_0 racoon_exec_28_0 recovery_persist_exec_28_0 recovery_refresh_exec_28_0 runas_exec_28_0 sdcardd_exec_28_0 servicemanager_exec_28_0 sgdisk_exec_28_0 shell_exec_28_0 su_exec_28_0 thermalserviced_exec_28_0 tombstoned_exec_28_0 toolbox_exec_28_0 tzdatacheck_exec_28_0 uncrypt_exec_28_0 update_engine_exec_28_0 update_verifier_exec_28_0 usbd_exec_28_0 vdc_exec_28_0 vendor_shell_exec_28_0 vendor_toolbox_exec_28_0 virtual_touchpad_exec_28_0 vold_exec_28_0 vold_prepare_subdirs_exec_28_0 vr_hwc_exec_28_0 webview_zygote_exec_28_0 wificond_exec_28_0 wpantund_exec_28_0 zygote_exec_28_0 hostapd_data_file wpa_data_file hal_audio_default_exec hal_audio_default_tmpfs hal_audiocontrol_default_exec hal_audiocontrol_default_tmpfs hal_authsecret_default_exec hal_authsecret_default_tmpfs hal_bluetooth_default_exec hal_bluetooth_default_tmpfs hal_bootctl_default_exec hal_bootctl_default_tmpfs hal_broadcastradio_default_exec hal_broadcastradio_default_tmpfs hal_camera_default_exec hal_camera_default_tmpfs hal_cas_default_exec hal_cas_default_tmpfs hal_configstore_default_exec hal_configstore_default_tmpfs hal_confirmationui_default_exec hal_confirmationui_default_tmpfs hal_contexthub_default_exec hal_contexthub_default_tmpfs hal_drm_default_exec hal_drm_default_tmpfs hal_dumpstate_default_exec hal_dumpstate_default_tmpfs hal_evs_default_exec hal_evs_default_tmpfs hal_fingerprint_default_exec hal_fingerprint_default_tmpfs hal_gatekeeper_default_exec hal_gatekeeper_default_tmpfs hal_gnss_default_exec hal_gnss_default_tmpfs hal_graphics_allocator_default_exec hal_graphics_allocator_default_tmpfs hal_graphics_composer_default_exec hal_graphics_composer_default_tmpfs hal_health_default_exec hal_health_default_tmpfs hal_ir_default_exec hal_ir_default_tmpfs hal_keymaster_default_exec hal_keymaster_default_tmpfs hal_light_default_exec hal_light_default_tmpfs hal_lowpan_default_exec hal_lowpan_default_tmpfs hal_memtrack_default_exec hal_memtrack_default_tmpfs hal_nfc_default_exec hal_nfc_default_tmpfs mediacodec_tmpfs hal_power_default_exec hal_power_default_tmpfs hal_radio_config_default_exec hal_radio_config_default_tmpfs hal_radio_default_exec hal_radio_default_tmpfs hal_secure_element_default_exec hal_secure_element_default_tmpfs hal_sensors_default_exec hal_sensors_default_tmpfs hal_tetheroffload_default_exec hal_tetheroffload_default_tmpfs hal_thermal_default_exec hal_thermal_default_tmpfs hal_tv_cec_default_exec hal_tv_cec_default_tmpfs hal_tv_input_default_exec hal_tv_input_default_tmpfs hal_usb_default_exec hal_usb_default_tmpfs hal_vehicle_default_exec hal_vehicle_default_tmpfs hal_vibrator_default_exec hal_vibrator_default_tmpfs hal_vr_default_exec hal_vr_default_tmpfs hal_wifi_default_exec hal_wifi_default_tmpfs hal_wifi_hostapd_default_exec hal_wifi_hostapd_default_tmpfs hal_wifi_offload_default_exec hal_wifi_offload_default_tmpfs hal_wifi_supplicant_default_exec hal_wifi_supplicant_default_tmpfs rild_exec rild_tmpfs tee_exec tee_tmpfs vndservicemanager_exec vndservicemanager_tmpfs createns_exec createns_tmpfs dhcpclient_exec dhcpclient_tmpfs dhcpserver_exec dhcpserver_tmpfs execns_exec execns_tmpfs varrun_file mediadrm_vendor_data_file goldfish_setup_exec goldfish_setup_tmpfs hal_drm_clearkey_exec hal_drm_clearkey_tmpfs hal_drm_widevine_exec hal_drm_widevine_tmpfs hostapd_nohidl_exec hostapd_nohidl_tmpfs ipv6proxy_exec ipv6proxy_tmpfs qemu_props_exec qemu_props_tmpfs persist_file))
+(typeattributeset exec_type (adbd_exec_28_0 bootanim_exec_28_0 bootstat_exec_28_0 bufferhubd_exec_28_0 cameraserver_exec_28_0 clatd_exec_28_0 cppreopts_exec_28_0 crash_dump_exec_28_0 dex2oat_exec_28_0 dhcp_exec_28_0 dnsmasq_exec_28_0 drmserver_exec_28_0 dumpstate_exec_28_0 e2fs_exec_28_0 logcat_exec_28_0 fingerprintd_exec_28_0 fsck_exec_28_0 gatekeeperd_exec_28_0 healthd_exec_28_0 hwservicemanager_exec_28_0 idmap_exec_28_0 init_exec_28_0 inputflinger_exec_28_0 install_recovery_exec_28_0 installd_exec_28_0 keystore_exec_28_0 lmkd_exec_28_0 logd_exec_28_0 mediacodec_exec_28_0 mediadrmserver_exec_28_0 mediaextractor_exec_28_0 mediametrics_exec_28_0 mediaserver_exec_28_0 mtp_exec_28_0 netd_exec_28_0 netutils_wrapper_exec_28_0 otapreopt_chroot_exec_28_0 otapreopt_slot_exec_28_0 performanced_exec_28_0 perfprofd_exec_28_0 ppp_exec_28_0 preopt2cachename_exec_28_0 profman_exec_28_0 racoon_exec_28_0 recovery_persist_exec_28_0 recovery_refresh_exec_28_0 runas_exec_28_0 sdcardd_exec_28_0 servicemanager_exec_28_0 sgdisk_exec_28_0 shell_exec_28_0 su_exec_28_0 thermalserviced_exec_28_0 tombstoned_exec_28_0 toolbox_exec_28_0 tzdatacheck_exec_28_0 uncrypt_exec_28_0 update_engine_exec_28_0 update_verifier_exec_28_0 usbd_exec_28_0 vdc_exec_28_0 vendor_shell_exec_28_0 vendor_toolbox_exec_28_0 virtual_touchpad_exec_28_0 vold_exec_28_0 vold_prepare_subdirs_exec_28_0 vr_hwc_exec_28_0 webview_zygote_exec_28_0 wificond_exec_28_0 wpantund_exec_28_0 zygote_exec_28_0 hal_audio_default_exec hal_audiocontrol_default_exec hal_authsecret_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_broadcastradio_default_exec hal_camera_default_exec hal_cas_default_exec hal_configstore_default_exec hal_confirmationui_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_evs_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_lowpan_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_radio_config_default_exec hal_radio_default_exec hal_secure_element_default_exec hal_sensors_default_exec hal_tetheroffload_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vehicle_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_hostapd_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec rild_exec tee_exec vndservicemanager_exec createns_exec dhcpclient_exec dhcpserver_exec execns_exec goldfish_setup_exec hal_drm_clearkey_exec hal_drm_widevine_exec hostapd_nohidl_exec ipv6proxy_exec qemu_props_exec))
+(typeattributeset data_file_type (system_data_file_28_0 vendor_data_file_28_0 unencrypted_data_file_28_0 install_data_file_28_0 drm_data_file_28_0 adb_data_file_28_0 anr_data_file_28_0 tombstone_data_file_28_0 tombstone_wifi_data_file_28_0 apk_data_file_28_0 apk_tmp_file_28_0 apk_private_data_file_28_0 apk_private_tmp_file_28_0 dalvikcache_data_file_28_0 ota_data_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 profman_dump_data_file_28_0 resourcecache_data_file_28_0 shell_data_file_28_0 property_data_file_28_0 bootchart_data_file_28_0 heapdump_data_file_28_0 nativetest_data_file_28_0 ringtone_file_28_0 preloads_data_file_28_0 preloads_media_file_28_0 dhcp_data_file_28_0 adb_keys_file_28_0 audio_data_file_28_0 audioserver_data_file_28_0 bluetooth_data_file_28_0 bluetooth_logs_data_file_28_0 bootstat_data_file_28_0 boottrace_data_file_28_0 camera_data_file_28_0 gatekeeper_data_file_28_0 incident_data_file_28_0 keychain_data_file_28_0 keystore_data_file_28_0 media_data_file_28_0 media_rw_data_file_28_0 misc_user_data_file_28_0 net_data_file_28_0 network_watchlist_data_file_28_0 nfc_data_file_28_0 radio_data_file_28_0 recovery_data_file_28_0 shared_relro_file_28_0 systemkeys_data_file_28_0 textclassifier_data_file_28_0 trace_data_file_28_0 vpn_data_file_28_0 wifi_data_file_28_0 zoneinfo_data_file_28_0 vold_data_file_28_0 perfprofd_data_file_28_0 tee_data_file_28_0 update_engine_data_file_28_0 update_engine_log_data_file_28_0 method_trace_data_file_28_0 app_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_private_backup_file_28_0 cache_recovery_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 icon_file_28_0 asec_apk_file_28_0 asec_public_file_28_0 asec_image_file_28_0 backup_data_file_28_0 fingerprintd_data_file_28_0 fingerprint_vendor_data_file_28_0 app_fuse_file_28_0 bluetooth_socket_28_0 misc_logd_file_28_0 system_wpa_socket_28_0 system_ndebug_socket_28_0 wpa_socket_28_0 audiohal_data_file_28_0 hostapd_data_file wpa_data_file varrun_file mediadrm_vendor_data_file))
+(typeattributeset vendor_file_type (vendor_hal_file_28_0 vendor_file_28_0 vendor_app_file_28_0 vendor_configs_file_28_0 same_process_hal_file_28_0 vndk_sp_file_28_0 vendor_framework_file_28_0 vendor_overlay_file_28_0 mediacodec_exec_28_0 vendor_shell_exec_28_0 vendor_toolbox_exec_28_0 hal_audio_default_exec hal_audiocontrol_default_exec hal_authsecret_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_broadcastradio_default_exec hal_camera_default_exec hal_cas_default_exec hal_configstore_default_exec hal_confirmationui_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_evs_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_lowpan_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_radio_config_default_exec hal_radio_default_exec hal_secure_element_default_exec hal_sensors_default_exec hal_tetheroffload_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vehicle_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_hostapd_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec rild_exec tee_exec vndservicemanager_exec createns_exec dhcpclient_exec dhcpserver_exec execns_exec goldfish_setup_exec hal_drm_clearkey_exec hal_drm_widevine_exec hostapd_nohidl_exec ipv6proxy_exec qemu_props_exec))
+(typeattributeset sysfs_type (sysfs_usermodehelper_28_0 sysfs_28_0 sysfs_android_usb_28_0 sysfs_uio_28_0 sysfs_batteryinfo_28_0 sysfs_bluetooth_writable_28_0 sysfs_dm_28_0 sysfs_dt_firmware_android_28_0 sysfs_ipv4_28_0 sysfs_kernel_notes_28_0 sysfs_leds_28_0 sysfs_hwrandom_28_0 sysfs_nfc_power_writable_28_0 sysfs_wake_lock_28_0 sysfs_mac_address_28_0 sysfs_net_28_0 sysfs_power_28_0 sysfs_rtc_28_0 sysfs_switch_28_0 sysfs_usb_28_0 sysfs_wakeup_reasons_28_0 sysfs_fs_ext4_features_28_0 sysfs_devices_system_cpu_28_0 sysfs_lowmemorykiller_28_0 sysfs_wlan_fwpath_28_0 sysfs_vibrator_28_0 sysfs_thermal_28_0 sysfs_zram_28_0 sysfs_zram_uevent_28_0 sysfs_writable))
+(typeattributeset property_type (audio_prop_28_0 boottime_prop_28_0 bluetooth_a2dp_offload_prop_28_0 bluetooth_prop_28_0 bootloader_boot_reason_prop_28_0 config_prop_28_0 cppreopt_prop_28_0 ctl_bootanim_prop_28_0 ctl_bugreport_prop_28_0 ctl_console_prop_28_0 ctl_default_prop_28_0 ctl_dumpstate_prop_28_0 ctl_fuse_prop_28_0 ctl_interface_restart_prop_28_0 ctl_interface_start_prop_28_0 ctl_interface_stop_prop_28_0 ctl_mdnsd_prop_28_0 ctl_restart_prop_28_0 ctl_rildaemon_prop_28_0 ctl_sigstop_prop_28_0 ctl_start_prop_28_0 ctl_stop_prop_28_0 dalvik_prop_28_0 debuggerd_prop_28_0 debug_prop_28_0 default_prop_28_0 device_logging_prop_28_0 dhcp_prop_28_0 dumpstate_options_prop_28_0 dumpstate_prop_28_0 exported_secure_prop_28_0 ffs_prop_28_0 fingerprint_prop_28_0 firstboot_prop_28_0 hwservicemanager_prop_28_0 last_boot_reason_prop_28_0 logd_prop_28_0 logpersistd_logging_prop_28_0 log_prop_28_0 log_tag_prop_28_0 lowpan_prop_28_0 mmc_prop_28_0 net_dns_prop_28_0 net_radio_prop_28_0 netd_stable_secret_prop_28_0 nfc_prop_28_0 overlay_prop_28_0 pan_result_prop_28_0 persist_debug_prop_28_0 persistent_properties_ready_prop_28_0 pm_prop_28_0 powerctl_prop_28_0 radio_prop_28_0 restorecon_prop_28_0 safemode_prop_28_0 serialno_prop_28_0 shell_prop_28_0 system_boot_reason_prop_28_0 system_prop_28_0 system_radio_prop_28_0 test_boot_reason_prop_28_0 traced_enabled_prop_28_0 vold_prop_28_0 wifi_log_prop_28_0 wifi_prop_28_0 vendor_security_patch_level_prop_28_0 exported_audio_prop_28_0 exported_bluetooth_prop_28_0 exported_config_prop_28_0 exported_dalvik_prop_28_0 exported_default_prop_28_0 exported_dumpstate_prop_28_0 exported_ffs_prop_28_0 exported_fingerprint_prop_28_0 exported_overlay_prop_28_0 exported_pm_prop_28_0 exported_radio_prop_28_0 exported_system_prop_28_0 exported_system_radio_prop_28_0 exported_vold_prop_28_0 exported_wifi_prop_28_0 exported2_config_prop_28_0 exported2_default_prop_28_0 exported2_radio_prop_28_0 exported2_system_prop_28_0 exported2_vold_prop_28_0 exported3_default_prop_28_0 exported3_radio_prop_28_0 exported3_system_prop_28_0 vendor_default_prop_28_0 qemu_prop qemu_cmdline radio_noril_prop net_eth0_prop net_share_prop))
+(typeattributeset mlstrustedobject (alarm_device_28_0 ashmem_device_28_0 binder_device_28_0 hwbinder_device_28_0 pmsg_device_28_0 gpu_device_28_0 mtp_device_28_0 ptmx_device_28_0 null_device_28_0 random_device_28_0 owntty_device_28_0 zero_device_28_0 fuse_device_28_0 ion_device_28_0 tun_device_28_0 usbaccessory_device_28_0 usb_device_28_0 qtaguid_proc_28_0 proc_qtaguid_stat_28_0 selinuxfs_28_0 cgroup_28_0 sysfs_28_0 sysfs_bluetooth_writable_28_0 sysfs_kernel_notes_28_0 sysfs_nfc_power_writable_28_0 inotify_28_0 devpts_28_0 fuse_28_0 sdcardfs_28_0 vfat_28_0 exfat_28_0 debugfs_trace_marker_28_0 debugfs_tracing_28_0 debugfs_tracing_debug_28_0 functionfs_28_0 anr_data_file_28_0 tombstone_data_file_28_0 apk_tmp_file_28_0 apk_private_tmp_file_28_0 ota_package_file_28_0 user_profile_data_file_28_0 shell_data_file_28_0 heapdump_data_file_28_0 ringtone_file_28_0 media_rw_data_file_28_0 radio_data_file_28_0 trace_data_file_28_0 perfprofd_data_file_28_0 method_trace_data_file_28_0 system_app_data_file_28_0 cache_file_28_0 cache_backup_file_28_0 cache_recovery_file_28_0 wallpaper_file_28_0 shortcut_manager_icons_28_0 asec_apk_file_28_0 backup_data_file_28_0 app_fuse_file_28_0 dnsproxyd_socket_28_0 fwmarkd_socket_28_0 logd_socket_28_0 logdr_socket_28_0 logdw_socket_28_0 mdnsd_socket_28_0 property_socket_28_0 system_ndebug_socket_28_0 tombstoned_crash_socket_28_0 tombstoned_java_trace_socket_28_0 traced_producer_socket_28_0 pdx_display_client_endpoint_socket_28_0 pdx_display_manager_endpoint_socket_28_0 pdx_display_screenshot_endpoint_socket_28_0 pdx_display_vsync_endpoint_socket_28_0 pdx_performance_client_endpoint_socket_28_0 pdx_bufferhub_client_endpoint_socket_28_0 qemu_device sysfs_writable varrun_file))
+(typeattributeset netdomain (clatd_28_0 dhcp_28_0 dnsmasq_28_0 drmserver_28_0 dumpstate_28_0 mediadrmserver_28_0 mediaserver_28_0 mtp_28_0 netd_28_0 ppp_28_0 racoon_28_0 radio_28_0 shell_28_0 su_28_0 update_engine_28_0 wpantund_28_0 hal_wifi_hostapd_default hal_wifi_supplicant_default rild dhcpclient dhcpserver hostapd_nohidl ipv6proxy))
+(typeattributeset data_between_core_and_vendor_violators (hal_fingerprint_default))
+(typeattributeset system_writes_vendor_properties_violators (bootanim_28_0 surfaceflinger_28_0 zygote_28_0))
+(typeattributeset halserverdomain (hal_audio_default hal_audiocontrol_default hal_authsecret_default hal_bluetooth_default hal_bootctl_default hal_broadcastradio_default hal_camera_default hal_cas_default hal_configstore_default hal_confirmationui_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_evs_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_lowpan_default hal_memtrack_default hal_nfc_default hal_power_default hal_radio_config_default hal_radio_default hal_secure_element_default hal_sensors_default hal_tetheroffload_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vehicle_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_hostapd_default hal_wifi_offload_default hal_wifi_supplicant_default rild hal_drm_clearkey hal_drm_widevine))
+(typeattributeset halclientdomain (bootanim_28_0 bufferhubd_28_0 cameraserver_28_0 dumpstate_28_0 gatekeeperd_28_0 healthd_28_0 mediacodec_28_0 mediadrmserver_28_0 mediaextractor_28_0 mediaserver_28_0 radio_28_0 su_28_0 thermalserviced_28_0 update_engine_28_0 update_verifier_28_0 vold_28_0 vr_hwc_28_0 wpantund_28_0 hal_audio_default hal_camera_default hal_drm_default hal_drm_widevine))
+(typeattributeset hal_audio (hal_audio_default))
+(typeattributeset hal_audio_server (hal_audio_default))
+(typeattributeset hal_bootctl (hal_bootctl_default))
+(typeattributeset hal_bootctl_server (hal_bootctl_default))
+(typeattributeset hal_camera (hal_camera_default))
+(typeattributeset hal_camera_server (hal_camera_default))
+(typeattributeset hal_drm (hal_drm_default hal_drm_clearkey hal_drm_widevine))
+(typeattributeset hal_drm_server (hal_drm_default hal_drm_clearkey hal_drm_widevine))
+(typeattributeset hal_cas (hal_cas_default))
+(typeattributeset hal_cas_server (hal_cas_default))
+(typeattributeset hal_allocator_client (mediacodec_28_0 mediaserver_28_0 su_28_0 hal_audio_default))
+(typeattributeset hal_audiocontrol (hal_audiocontrol_default))
+(typeattributeset hal_audiocontrol_server (hal_audiocontrol_default))
+(typeattributeset hal_authsecret (hal_authsecret_default))
+(typeattributeset hal_authsecret_server (hal_authsecret_default))
+(typeattributeset hal_bluetooth (hal_bluetooth_default))
+(typeattributeset hal_bluetooth_server (hal_bluetooth_default))
+(typeattributeset hal_broadcastradio (hal_broadcastradio_default))
+(typeattributeset hal_broadcastradio_server (hal_broadcastradio_default))
+(typeattributeset hal_configstore (hal_configstore_default))
+(typeattributeset hal_configstore_server (hal_configstore_default))
+(typeattributeset hal_confirmationui (hal_confirmationui_default))
+(typeattributeset hal_confirmationui_server (hal_confirmationui_default))
+(typeattributeset hal_contexthub (hal_contexthub_default))
+(typeattributeset hal_contexthub_server (hal_contexthub_default))
+(typeattributeset hal_dumpstate (hal_dumpstate_default))
+(typeattributeset hal_dumpstate_server (hal_dumpstate_default))
+(typeattributeset hal_evs (hal_evs_default))
+(typeattributeset hal_evs_server (hal_evs_default))
+(typeattributeset hal_fingerprint (hal_fingerprint_default))
+(typeattributeset hal_fingerprint_server (hal_fingerprint_default))
+(typeattributeset hal_gatekeeper (hal_gatekeeper_default))
+(typeattributeset hal_gatekeeper_server (hal_gatekeeper_default))
+(typeattributeset hal_gnss (hal_gnss_default))
+(typeattributeset hal_gnss_server (hal_gnss_default))
+(typeattributeset hal_graphics_allocator (hal_graphics_allocator_default))
+(typeattributeset hal_graphics_allocator_server (hal_graphics_allocator_default))
+(typeattributeset hal_graphics_composer (hal_graphics_composer_default))
+(typeattributeset hal_graphics_composer_client (bootanim_28_0 su_28_0 hal_camera_default hal_drm_default hal_drm_widevine))
+(typeattributeset hal_graphics_composer_server (hal_graphics_composer_default))
+(typeattributeset hal_health (hal_health_default))
+(typeattributeset hal_health_server (hal_health_default))
+(typeattributeset hal_ir (hal_ir_default))
+(typeattributeset hal_ir_server (hal_ir_default))
+(typeattributeset hal_keymaster (hal_keymaster_default))
+(typeattributeset hal_keymaster_server (hal_keymaster_default))
+(typeattributeset hal_light (hal_light_default))
+(typeattributeset hal_light_server (hal_light_default))
+(typeattributeset hal_lowpan (hal_lowpan_default))
+(typeattributeset hal_lowpan_server (hal_lowpan_default))
+(typeattributeset hal_memtrack (hal_memtrack_default))
+(typeattributeset hal_memtrack_server (hal_memtrack_default))
+(typeattributeset hal_nfc (hal_nfc_default))
+(typeattributeset hal_nfc_server (hal_nfc_default))
+(typeattributeset hal_power (hal_power_default))
+(typeattributeset hal_power_server (hal_power_default))
+(typeattributeset hal_secure_element (hal_secure_element_default))
+(typeattributeset hal_secure_element_server (hal_secure_element_default))
+(typeattributeset hal_sensors (hal_sensors_default))
+(typeattributeset hal_sensors_server (hal_sensors_default))
+(typeattributeset hal_telephony (hal_radio_config_default hal_radio_default rild))
+(typeattributeset hal_telephony_server (hal_radio_config_default hal_radio_default rild))
+(typeattributeset hal_tetheroffload (hal_tetheroffload_default))
+(typeattributeset hal_tetheroffload_server (hal_tetheroffload_default))
+(typeattributeset hal_thermal (hal_thermal_default))
+(typeattributeset hal_thermal_server (hal_thermal_default))
+(typeattributeset hal_tv_cec (hal_tv_cec_default))
+(typeattributeset hal_tv_cec_server (hal_tv_cec_default))
+(typeattributeset hal_tv_input (hal_tv_input_default))
+(typeattributeset hal_tv_input_server (hal_tv_input_default))
+(typeattributeset hal_usb (hal_usb_default))
+(typeattributeset hal_usb_server (hal_usb_default))
+(typeattributeset hal_vehicle (hal_vehicle_default))
+(typeattributeset hal_vehicle_server (hal_vehicle_default))
+(typeattributeset hal_vibrator (hal_vibrator_default))
+(typeattributeset hal_vibrator_server (hal_vibrator_default))
+(typeattributeset hal_vr (hal_vr_default))
+(typeattributeset hal_vr_server (hal_vr_default))
+(typeattributeset hal_wifi (hal_wifi_default))
+(typeattributeset hal_wifi_server (hal_wifi_default))
+(typeattributeset hal_wifi_hostapd (hal_wifi_hostapd_default))
+(typeattributeset hal_wifi_hostapd_server (hal_wifi_hostapd_default))
+(typeattributeset hal_wifi_offload (hal_wifi_offload_default))
+(typeattributeset hal_wifi_offload_server (hal_wifi_offload_default))
+(typeattributeset hal_wifi_supplicant (hal_wifi_supplicant_default))
+(typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default))
+(type hostapd_data_file)
+(roletype object_r hostapd_data_file)
+(type wpa_data_file)
+(roletype object_r wpa_data_file)
+(type hal_audio_default)
+(roletype object_r hal_audio_default)
+(type hal_audio_default_exec)
+(roletype object_r hal_audio_default_exec)
+(type hal_audio_default_tmpfs)
+(roletype object_r hal_audio_default_tmpfs)
+(type hal_audiocontrol_default)
+(roletype object_r hal_audiocontrol_default)
+(type hal_audiocontrol_default_exec)
+(roletype object_r hal_audiocontrol_default_exec)
+(type hal_audiocontrol_default_tmpfs)
+(roletype object_r hal_audiocontrol_default_tmpfs)
+(type hal_authsecret_default)
+(roletype object_r hal_authsecret_default)
+(type hal_authsecret_default_exec)
+(roletype object_r hal_authsecret_default_exec)
+(type hal_authsecret_default_tmpfs)
+(roletype object_r hal_authsecret_default_tmpfs)
+(type hal_bluetooth_default)
+(roletype object_r hal_bluetooth_default)
+(type hal_bluetooth_default_exec)
+(roletype object_r hal_bluetooth_default_exec)
+(type hal_bluetooth_default_tmpfs)
+(roletype object_r hal_bluetooth_default_tmpfs)
+(type hal_bootctl_default)
+(roletype object_r hal_bootctl_default)
+(type hal_bootctl_default_exec)
+(roletype object_r hal_bootctl_default_exec)
+(type hal_bootctl_default_tmpfs)
+(roletype object_r hal_bootctl_default_tmpfs)
+(type hal_broadcastradio_default)
+(roletype object_r hal_broadcastradio_default)
+(type hal_broadcastradio_default_exec)
+(roletype object_r hal_broadcastradio_default_exec)
+(type hal_broadcastradio_default_tmpfs)
+(roletype object_r hal_broadcastradio_default_tmpfs)
+(type hal_camera_default)
+(roletype object_r hal_camera_default)
+(type hal_camera_default_exec)
+(roletype object_r hal_camera_default_exec)
+(type hal_camera_default_tmpfs)
+(roletype object_r hal_camera_default_tmpfs)
+(type hal_cas_default)
+(roletype object_r hal_cas_default)
+(type hal_cas_default_exec)
+(roletype object_r hal_cas_default_exec)
+(type hal_cas_default_tmpfs)
+(roletype object_r hal_cas_default_tmpfs)
+(type hal_configstore_default)
+(roletype object_r hal_configstore_default)
+(type hal_configstore_default_exec)
+(roletype object_r hal_configstore_default_exec)
+(type hal_configstore_default_tmpfs)
+(roletype object_r hal_configstore_default_tmpfs)
+(type hal_confirmationui_default)
+(roletype object_r hal_confirmationui_default)
+(type hal_confirmationui_default_exec)
+(roletype object_r hal_confirmationui_default_exec)
+(type hal_confirmationui_default_tmpfs)
+(roletype object_r hal_confirmationui_default_tmpfs)
+(type hal_contexthub_default)
+(roletype object_r hal_contexthub_default)
+(type hal_contexthub_default_exec)
+(roletype object_r hal_contexthub_default_exec)
+(type hal_contexthub_default_tmpfs)
+(roletype object_r hal_contexthub_default_tmpfs)
+(type hal_drm_default)
+(roletype object_r hal_drm_default)
+(type hal_drm_default_exec)
+(roletype object_r hal_drm_default_exec)
+(type hal_drm_default_tmpfs)
+(roletype object_r hal_drm_default_tmpfs)
+(type hal_dumpstate_default)
+(roletype object_r hal_dumpstate_default)
+(type hal_dumpstate_default_exec)
+(roletype object_r hal_dumpstate_default_exec)
+(type hal_dumpstate_default_tmpfs)
+(roletype object_r hal_dumpstate_default_tmpfs)
+(type hal_evs_default)
+(roletype object_r hal_evs_default)
+(type hal_evs_default_exec)
+(roletype object_r hal_evs_default_exec)
+(type hal_evs_default_tmpfs)
+(roletype object_r hal_evs_default_tmpfs)
+(type hal_fingerprint_default)
+(roletype object_r hal_fingerprint_default)
+(type hal_fingerprint_default_exec)
+(roletype object_r hal_fingerprint_default_exec)
+(type hal_fingerprint_default_tmpfs)
+(roletype object_r hal_fingerprint_default_tmpfs)
+(type hal_gatekeeper_default)
+(roletype object_r hal_gatekeeper_default)
+(type hal_gatekeeper_default_exec)
+(roletype object_r hal_gatekeeper_default_exec)
+(type hal_gatekeeper_default_tmpfs)
+(roletype object_r hal_gatekeeper_default_tmpfs)
+(type hal_gnss_default)
+(roletype object_r hal_gnss_default)
+(type hal_gnss_default_exec)
+(roletype object_r hal_gnss_default_exec)
+(type hal_gnss_default_tmpfs)
+(roletype object_r hal_gnss_default_tmpfs)
+(type hal_graphics_allocator_default)
+(roletype object_r hal_graphics_allocator_default)
+(type hal_graphics_allocator_default_exec)
+(roletype object_r hal_graphics_allocator_default_exec)
+(type hal_graphics_allocator_default_tmpfs)
+(roletype object_r hal_graphics_allocator_default_tmpfs)
+(type hal_graphics_composer_default)
+(roletype object_r hal_graphics_composer_default)
+(type hal_graphics_composer_default_exec)
+(roletype object_r hal_graphics_composer_default_exec)
+(type hal_graphics_composer_default_tmpfs)
+(roletype object_r hal_graphics_composer_default_tmpfs)
+(type hal_health_default)
+(roletype object_r hal_health_default)
+(type hal_health_default_exec)
+(roletype object_r hal_health_default_exec)
+(type hal_health_default_tmpfs)
+(roletype object_r hal_health_default_tmpfs)
+(type hal_ir_default)
+(roletype object_r hal_ir_default)
+(type hal_ir_default_exec)
+(roletype object_r hal_ir_default_exec)
+(type hal_ir_default_tmpfs)
+(roletype object_r hal_ir_default_tmpfs)
+(type hal_keymaster_default)
+(roletype object_r hal_keymaster_default)
+(type hal_keymaster_default_exec)
+(roletype object_r hal_keymaster_default_exec)
+(type hal_keymaster_default_tmpfs)
+(roletype object_r hal_keymaster_default_tmpfs)
+(type hal_light_default)
+(roletype object_r hal_light_default)
+(type hal_light_default_exec)
+(roletype object_r hal_light_default_exec)
+(type hal_light_default_tmpfs)
+(roletype object_r hal_light_default_tmpfs)
+(type hal_lowpan_default)
+(roletype object_r hal_lowpan_default)
+(type hal_lowpan_default_exec)
+(roletype object_r hal_lowpan_default_exec)
+(type hal_lowpan_default_tmpfs)
+(roletype object_r hal_lowpan_default_tmpfs)
+(type hal_memtrack_default)
+(roletype object_r hal_memtrack_default)
+(type hal_memtrack_default_exec)
+(roletype object_r hal_memtrack_default_exec)
+(type hal_memtrack_default_tmpfs)
+(roletype object_r hal_memtrack_default_tmpfs)
+(type hal_nfc_default)
+(roletype object_r hal_nfc_default)
+(type hal_nfc_default_exec)
+(roletype object_r hal_nfc_default_exec)
+(type hal_nfc_default_tmpfs)
+(roletype object_r hal_nfc_default_tmpfs)
+(type mediacodec_tmpfs)
+(roletype object_r mediacodec_tmpfs)
+(type hal_power_default)
+(roletype object_r hal_power_default)
+(type hal_power_default_exec)
+(roletype object_r hal_power_default_exec)
+(type hal_power_default_tmpfs)
+(roletype object_r hal_power_default_tmpfs)
+(type hal_radio_config_default)
+(roletype object_r hal_radio_config_default)
+(type hal_radio_config_default_exec)
+(roletype object_r hal_radio_config_default_exec)
+(type hal_radio_config_default_tmpfs)
+(roletype object_r hal_radio_config_default_tmpfs)
+(type hal_radio_default)
+(roletype object_r hal_radio_default)
+(type hal_radio_default_exec)
+(roletype object_r hal_radio_default_exec)
+(type hal_radio_default_tmpfs)
+(roletype object_r hal_radio_default_tmpfs)
+(type hal_secure_element_default)
+(roletype object_r hal_secure_element_default)
+(type hal_secure_element_default_exec)
+(roletype object_r hal_secure_element_default_exec)
+(type hal_secure_element_default_tmpfs)
+(roletype object_r hal_secure_element_default_tmpfs)
+(type hal_sensors_default)
+(roletype object_r hal_sensors_default)
+(type hal_sensors_default_exec)
+(roletype object_r hal_sensors_default_exec)
+(type hal_sensors_default_tmpfs)
+(roletype object_r hal_sensors_default_tmpfs)
+(type hal_tetheroffload_default)
+(roletype object_r hal_tetheroffload_default)
+(type hal_tetheroffload_default_exec)
+(roletype object_r hal_tetheroffload_default_exec)
+(type hal_tetheroffload_default_tmpfs)
+(roletype object_r hal_tetheroffload_default_tmpfs)
+(type hal_thermal_default)
+(roletype object_r hal_thermal_default)
+(type hal_thermal_default_exec)
+(roletype object_r hal_thermal_default_exec)
+(type hal_thermal_default_tmpfs)
+(roletype object_r hal_thermal_default_tmpfs)
+(type hal_tv_cec_default)
+(roletype object_r hal_tv_cec_default)
+(type hal_tv_cec_default_exec)
+(roletype object_r hal_tv_cec_default_exec)
+(type hal_tv_cec_default_tmpfs)
+(roletype object_r hal_tv_cec_default_tmpfs)
+(type hal_tv_input_default)
+(roletype object_r hal_tv_input_default)
+(type hal_tv_input_default_exec)
+(roletype object_r hal_tv_input_default_exec)
+(type hal_tv_input_default_tmpfs)
+(roletype object_r hal_tv_input_default_tmpfs)
+(type hal_usb_default)
+(roletype object_r hal_usb_default)
+(type hal_usb_default_exec)
+(roletype object_r hal_usb_default_exec)
+(type hal_usb_default_tmpfs)
+(roletype object_r hal_usb_default_tmpfs)
+(type hal_vehicle_default)
+(roletype object_r hal_vehicle_default)
+(type hal_vehicle_default_exec)
+(roletype object_r hal_vehicle_default_exec)
+(type hal_vehicle_default_tmpfs)
+(roletype object_r hal_vehicle_default_tmpfs)
+(type hal_vibrator_default)
+(roletype object_r hal_vibrator_default)
+(type hal_vibrator_default_exec)
+(roletype object_r hal_vibrator_default_exec)
+(type hal_vibrator_default_tmpfs)
+(roletype object_r hal_vibrator_default_tmpfs)
+(type hal_vr_default)
+(roletype object_r hal_vr_default)
+(type hal_vr_default_exec)
+(roletype object_r hal_vr_default_exec)
+(type hal_vr_default_tmpfs)
+(roletype object_r hal_vr_default_tmpfs)
+(type hal_wifi_default)
+(roletype object_r hal_wifi_default)
+(type hal_wifi_default_exec)
+(roletype object_r hal_wifi_default_exec)
+(type hal_wifi_default_tmpfs)
+(roletype object_r hal_wifi_default_tmpfs)
+(type hal_wifi_hostapd_default)
+(roletype object_r hal_wifi_hostapd_default)
+(type hal_wifi_hostapd_default_exec)
+(roletype object_r hal_wifi_hostapd_default_exec)
+(type hal_wifi_hostapd_default_tmpfs)
+(roletype object_r hal_wifi_hostapd_default_tmpfs)
+(type hal_wifi_offload_default)
+(roletype object_r hal_wifi_offload_default)
+(type hal_wifi_offload_default_exec)
+(roletype object_r hal_wifi_offload_default_exec)
+(type hal_wifi_offload_default_tmpfs)
+(roletype object_r hal_wifi_offload_default_tmpfs)
+(type hal_wifi_supplicant_default)
+(roletype object_r hal_wifi_supplicant_default)
+(type hal_wifi_supplicant_default_exec)
+(roletype object_r hal_wifi_supplicant_default_exec)
+(type hal_wifi_supplicant_default_tmpfs)
+(roletype object_r hal_wifi_supplicant_default_tmpfs)
+(type rild)
+(roletype object_r rild)
+(type rild_exec)
+(roletype object_r rild_exec)
+(type rild_tmpfs)
+(roletype object_r rild_tmpfs)
+(type tee_exec)
+(roletype object_r tee_exec)
+(type tee_tmpfs)
+(roletype object_r tee_tmpfs)
+(type vendor_modprobe)
+(roletype object_r vendor_modprobe)
+(type vndservicemanager_exec)
+(roletype object_r vndservicemanager_exec)
+(type vndservicemanager_tmpfs)
+(roletype object_r vndservicemanager_tmpfs)
+(type createns)
+(roletype object_r createns)
+(type createns_exec)
+(roletype object_r createns_exec)
+(type createns_tmpfs)
+(roletype object_r createns_tmpfs)
+(type qemu_device)
+(roletype object_r qemu_device)
+(type dhcpclient)
+(roletype object_r dhcpclient)
+(type dhcpclient_exec)
+(roletype object_r dhcpclient_exec)
+(type dhcpclient_tmpfs)
+(roletype object_r dhcpclient_tmpfs)
+(type dhcpserver)
+(roletype object_r dhcpserver)
+(type dhcpserver_exec)
+(roletype object_r dhcpserver_exec)
+(type dhcpserver_tmpfs)
+(roletype object_r dhcpserver_tmpfs)
+(type execns)
+(roletype object_r execns)
+(type execns_exec)
+(roletype object_r execns_exec)
+(type execns_tmpfs)
+(roletype object_r execns_tmpfs)
+(type sysfs_writable)
+(roletype object_r sysfs_writable)
+(type varrun_file)
+(roletype object_r varrun_file)
+(type mediadrm_vendor_data_file)
+(roletype object_r mediadrm_vendor_data_file)
+(type nsfs)
+(roletype object_r nsfs)
+(type goldfish_setup)
+(roletype object_r goldfish_setup)
+(type goldfish_setup_exec)
+(roletype object_r goldfish_setup_exec)
+(type goldfish_setup_tmpfs)
+(roletype object_r goldfish_setup_tmpfs)
+(type hal_drm_clearkey)
+(roletype object_r hal_drm_clearkey)
+(type hal_drm_clearkey_exec)
+(roletype object_r hal_drm_clearkey_exec)
+(type hal_drm_clearkey_tmpfs)
+(roletype object_r hal_drm_clearkey_tmpfs)
+(type hal_drm_widevine)
+(roletype object_r hal_drm_widevine)
+(type hal_drm_widevine_exec)
+(roletype object_r hal_drm_widevine_exec)
+(type hal_drm_widevine_tmpfs)
+(roletype object_r hal_drm_widevine_tmpfs)
+(type hostapd_nohidl)
+(roletype object_r hostapd_nohidl)
+(type hostapd_nohidl_exec)
+(roletype object_r hostapd_nohidl_exec)
+(type hostapd_nohidl_tmpfs)
+(roletype object_r hostapd_nohidl_tmpfs)
+(type ipv6proxy)
+(roletype object_r ipv6proxy)
+(type ipv6proxy_exec)
+(roletype object_r ipv6proxy_exec)
+(type ipv6proxy_tmpfs)
+(roletype object_r ipv6proxy_tmpfs)
+(type qemu_prop)
+(roletype object_r qemu_prop)
+(type qemu_cmdline)
+(roletype object_r qemu_cmdline)
+(type radio_noril_prop)
+(roletype object_r radio_noril_prop)
+(type net_eth0_prop)
+(roletype object_r net_eth0_prop)
+(type net_share_prop)
+(roletype object_r net_share_prop)
+(type qemu_props)
+(roletype object_r qemu_props)
+(type qemu_props_exec)
+(roletype object_r qemu_props_exec)
+(type qemu_props_tmpfs)
+(roletype object_r qemu_props_tmpfs)
+(type persist_file)
+(roletype object_r persist_file)
+(type firmware_file)
+(roletype object_r firmware_file)
+(allow init_28_0 hal_audio_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_audio_default (process (transition)))
+(allow hal_audio_default hal_audio_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_audio_default (process (noatsecure)))
+(allow init_28_0 hal_audio_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_audio_default_exec process hal_audio_default)
+(typetransition hal_audio_default tmpfs_28_0 file hal_audio_default_tmpfs)
+(allow hal_audio_default hal_audio_default_tmpfs (file (read write getattr map)))
+(allow hal_audio_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_audiocontrol_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_audiocontrol_default (process (transition)))
+(allow hal_audiocontrol_default hal_audiocontrol_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_audiocontrol_default (process (noatsecure)))
+(allow init_28_0 hal_audiocontrol_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_audiocontrol_default_exec process hal_audiocontrol_default)
+(typetransition hal_audiocontrol_default tmpfs_28_0 file hal_audiocontrol_default_tmpfs)
+(allow hal_audiocontrol_default hal_audiocontrol_default_tmpfs (file (read write getattr map)))
+(allow hal_audiocontrol_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_authsecret_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_authsecret_default (process (transition)))
+(allow hal_authsecret_default hal_authsecret_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_authsecret_default (process (noatsecure)))
+(allow init_28_0 hal_authsecret_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_authsecret_default_exec process hal_authsecret_default)
+(typetransition hal_authsecret_default tmpfs_28_0 file hal_authsecret_default_tmpfs)
+(allow hal_authsecret_default hal_authsecret_default_tmpfs (file (read write getattr map)))
+(allow hal_authsecret_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_bluetooth_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_bluetooth_default (process (transition)))
+(allow hal_bluetooth_default hal_bluetooth_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_bluetooth_default (process (noatsecure)))
+(allow init_28_0 hal_bluetooth_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_bluetooth_default_exec process hal_bluetooth_default)
+(typetransition hal_bluetooth_default tmpfs_28_0 file hal_bluetooth_default_tmpfs)
+(allow hal_bluetooth_default hal_bluetooth_default_tmpfs (file (read write getattr map)))
+(allow hal_bluetooth_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_bootctl_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_bootctl_default (process (transition)))
+(allow hal_bootctl_default hal_bootctl_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_bootctl_default (process (noatsecure)))
+(allow init_28_0 hal_bootctl_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_bootctl_default_exec process hal_bootctl_default)
+(typetransition hal_bootctl_default tmpfs_28_0 file hal_bootctl_default_tmpfs)
+(allow hal_bootctl_default hal_bootctl_default_tmpfs (file (read write getattr map)))
+(allow hal_bootctl_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_broadcastradio_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_broadcastradio_default (process (transition)))
+(allow hal_broadcastradio_default hal_broadcastradio_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_broadcastradio_default (process (noatsecure)))
+(allow init_28_0 hal_broadcastradio_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_broadcastradio_default_exec process hal_broadcastradio_default)
+(typetransition hal_broadcastradio_default tmpfs_28_0 file hal_broadcastradio_default_tmpfs)
+(allow hal_broadcastradio_default hal_broadcastradio_default_tmpfs (file (read write getattr map)))
+(allow hal_broadcastradio_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_camera_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_camera_default (process (transition)))
+(allow hal_camera_default hal_camera_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_camera_default (process (noatsecure)))
+(allow init_28_0 hal_camera_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_camera_default_exec process hal_camera_default)
+(typetransition hal_camera_default tmpfs_28_0 file hal_camera_default_tmpfs)
+(allow hal_camera_default hal_camera_default_tmpfs (file (read write getattr map)))
+(allow hal_camera_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_camera_default fwk_sensor_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_camera_default dumpstate_28_0 (fd (use)))
+(allow hal_camera_default dumpstate_28_0 (fifo_file (write)))
+(allow init_28_0 hal_cas_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_cas_default (process (transition)))
+(allow hal_cas_default hal_cas_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_cas_default (process (noatsecure)))
+(allow init_28_0 hal_cas_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_cas_default_exec process hal_cas_default)
+(typetransition hal_cas_default tmpfs_28_0 file hal_cas_default_tmpfs)
+(allow hal_cas_default hal_cas_default_tmpfs (file (read write getattr map)))
+(allow hal_cas_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_cas_default vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_cas_default vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_cas_default (dir (search)))
+(allow vndservicemanager_28_0 hal_cas_default (file (read open)))
+(allow vndservicemanager_28_0 hal_cas_default (process (getattr)))
+(allow init_28_0 hal_configstore_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_configstore_default (process (transition)))
+(allow hal_configstore_default hal_configstore_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_configstore_default (process (noatsecure)))
+(allow init_28_0 hal_configstore_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_configstore_default_exec process hal_configstore_default)
+(typetransition hal_configstore_default tmpfs_28_0 file hal_configstore_default_tmpfs)
+(allow hal_configstore_default hal_configstore_default_tmpfs (file (read write getattr map)))
+(allow hal_configstore_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_confirmationui_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_confirmationui_default (process (transition)))
+(allow hal_confirmationui_default hal_confirmationui_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_confirmationui_default (process (noatsecure)))
+(allow init_28_0 hal_confirmationui_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_confirmationui_default_exec process hal_confirmationui_default)
+(typetransition hal_confirmationui_default tmpfs_28_0 file hal_confirmationui_default_tmpfs)
+(allow hal_confirmationui_default hal_confirmationui_default_tmpfs (file (read write getattr map)))
+(allow hal_confirmationui_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_contexthub_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_contexthub_default (process (transition)))
+(allow hal_contexthub_default hal_contexthub_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_contexthub_default (process (noatsecure)))
+(allow init_28_0 hal_contexthub_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_contexthub_default_exec process hal_contexthub_default)
+(typetransition hal_contexthub_default tmpfs_28_0 file hal_contexthub_default_tmpfs)
+(allow hal_contexthub_default hal_contexthub_default_tmpfs (file (read write getattr map)))
+(allow hal_contexthub_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_drm_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_drm_default (process (transition)))
+(allow hal_drm_default hal_drm_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_drm_default (process (noatsecure)))
+(allow init_28_0 hal_drm_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_drm_default_exec process hal_drm_default)
+(typetransition hal_drm_default tmpfs_28_0 file hal_drm_default_tmpfs)
+(allow hal_drm_default hal_drm_default_tmpfs (file (read write getattr map)))
+(allow hal_drm_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_drm_default mediacodec_28_0 (fd (use)))
+(allow hal_drm_default base_typeattr_43_28_0 (fd (use)))
+(allow hal_drm_default hal_allocator_server (fd (use)))
+(allow init_28_0 hal_dumpstate_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_dumpstate_default (process (transition)))
+(allow hal_dumpstate_default hal_dumpstate_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_dumpstate_default (process (noatsecure)))
+(allow init_28_0 hal_dumpstate_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_dumpstate_default_exec process hal_dumpstate_default)
+(typetransition hal_dumpstate_default tmpfs_28_0 file hal_dumpstate_default_tmpfs)
+(allow hal_dumpstate_default hal_dumpstate_default_tmpfs (file (read write getattr map)))
+(allow hal_dumpstate_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_evs_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_evs_default (process (transition)))
+(allow hal_evs_default hal_evs_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_evs_default (process (noatsecure)))
+(allow init_28_0 hal_evs_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_evs_default_exec process hal_evs_default)
+(typetransition hal_evs_default tmpfs_28_0 file hal_evs_default_tmpfs)
+(allow hal_evs_default hal_evs_default_tmpfs (file (read write getattr map)))
+(allow hal_evs_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_evs_default hal_graphics_allocator_default (fd (use)))
+(allow init_28_0 hal_fingerprint_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_fingerprint_default (process (transition)))
+(allow hal_fingerprint_default hal_fingerprint_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_fingerprint_default (process (noatsecure)))
+(allow init_28_0 hal_fingerprint_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_fingerprint_default_exec process hal_fingerprint_default)
+(typetransition hal_fingerprint_default tmpfs_28_0 file hal_fingerprint_default_tmpfs)
+(allow hal_fingerprint_default hal_fingerprint_default_tmpfs (file (read write getattr map)))
+(allow hal_fingerprint_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_gatekeeper_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_gatekeeper_default (process (transition)))
+(allow hal_gatekeeper_default hal_gatekeeper_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_gatekeeper_default (process (noatsecure)))
+(allow init_28_0 hal_gatekeeper_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_gatekeeper_default_exec process hal_gatekeeper_default)
+(typetransition hal_gatekeeper_default tmpfs_28_0 file hal_gatekeeper_default_tmpfs)
+(allow hal_gatekeeper_default hal_gatekeeper_default_tmpfs (file (read write getattr map)))
+(allow hal_gatekeeper_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_gnss_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_gnss_default (process (transition)))
+(allow hal_gnss_default hal_gnss_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_gnss_default (process (noatsecure)))
+(allow init_28_0 hal_gnss_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_gnss_default_exec process hal_gnss_default)
+(typetransition hal_gnss_default tmpfs_28_0 file hal_gnss_default_tmpfs)
+(allow hal_gnss_default hal_gnss_default_tmpfs (file (read write getattr map)))
+(allow hal_gnss_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_gnss system_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow hal_gnss system_file_28_0 (file (ioctl read getattr lock map open)))
+(allow hal_gnss system_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 hal_graphics_allocator_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_graphics_allocator_default (process (transition)))
+(allow hal_graphics_allocator_default hal_graphics_allocator_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_graphics_allocator_default (process (noatsecure)))
+(allow init_28_0 hal_graphics_allocator_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_graphics_allocator_default_exec process hal_graphics_allocator_default)
+(typetransition hal_graphics_allocator_default tmpfs_28_0 file hal_graphics_allocator_default_tmpfs)
+(allow hal_graphics_allocator_default hal_graphics_allocator_default_tmpfs (file (read write getattr map)))
+(allow hal_graphics_allocator_default tmpfs_28_0 (dir (getattr search)))
+(dontaudit hal_graphics_allocator_default unlabeled_28_0 (dir (search)))
+(allow init_28_0 hal_graphics_composer_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_graphics_composer_default (process (transition)))
+(allow hal_graphics_composer_default hal_graphics_composer_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_graphics_composer_default (process (noatsecure)))
+(allow init_28_0 hal_graphics_composer_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_graphics_composer_default_exec process hal_graphics_composer_default)
+(typetransition hal_graphics_composer_default tmpfs_28_0 file hal_graphics_composer_default_tmpfs)
+(allow hal_graphics_composer_default hal_graphics_composer_default_tmpfs (file (read write getattr map)))
+(allow hal_graphics_composer_default tmpfs_28_0 (dir (getattr search)))
+(dontaudit hal_graphics_composer_default unlabeled_28_0 (dir (search)))
+(allow init_28_0 hal_health_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_health_default (process (transition)))
+(allow hal_health_default hal_health_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_health_default (process (noatsecure)))
+(allow init_28_0 hal_health_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_health_default_exec process hal_health_default)
+(typetransition hal_health_default tmpfs_28_0 file hal_health_default_tmpfs)
+(allow hal_health_default hal_health_default_tmpfs (file (read write getattr map)))
+(allow hal_health_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_ir_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_ir_default (process (transition)))
+(allow hal_ir_default hal_ir_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_ir_default (process (noatsecure)))
+(allow init_28_0 hal_ir_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_ir_default_exec process hal_ir_default)
+(typetransition hal_ir_default tmpfs_28_0 file hal_ir_default_tmpfs)
+(allow hal_ir_default hal_ir_default_tmpfs (file (read write getattr map)))
+(allow hal_ir_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_keymaster_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_keymaster_default (process (transition)))
+(allow hal_keymaster_default hal_keymaster_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_keymaster_default (process (noatsecure)))
+(allow init_28_0 hal_keymaster_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_keymaster_default_exec process hal_keymaster_default)
+(typetransition hal_keymaster_default tmpfs_28_0 file hal_keymaster_default_tmpfs)
+(allow hal_keymaster_default hal_keymaster_default_tmpfs (file (read write getattr map)))
+(allow hal_keymaster_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_keymaster_default vendor_security_patch_level_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow init_28_0 hal_light_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_light_default (process (transition)))
+(allow hal_light_default hal_light_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_light_default (process (noatsecure)))
+(allow init_28_0 hal_light_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_light_default_exec process hal_light_default)
+(typetransition hal_light_default tmpfs_28_0 file hal_light_default_tmpfs)
+(allow hal_light_default hal_light_default_tmpfs (file (read write getattr map)))
+(allow hal_light_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_lowpan_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_lowpan_default (process (transition)))
+(allow hal_lowpan_default hal_lowpan_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_lowpan_default (process (noatsecure)))
+(allow init_28_0 hal_lowpan_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_lowpan_default_exec process hal_lowpan_default)
+(typetransition hal_lowpan_default tmpfs_28_0 file hal_lowpan_default_tmpfs)
+(allow hal_lowpan_default hal_lowpan_default_tmpfs (file (read write getattr map)))
+(allow hal_lowpan_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_memtrack_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_memtrack_default (process (transition)))
+(allow hal_memtrack_default hal_memtrack_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_memtrack_default (process (noatsecure)))
+(allow init_28_0 hal_memtrack_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_memtrack_default_exec process hal_memtrack_default)
+(typetransition hal_memtrack_default tmpfs_28_0 file hal_memtrack_default_tmpfs)
+(allow hal_memtrack_default hal_memtrack_default_tmpfs (file (read write getattr map)))
+(allow hal_memtrack_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_nfc_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_nfc_default (process (transition)))
+(allow hal_nfc_default hal_nfc_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_nfc_default (process (noatsecure)))
+(allow init_28_0 hal_nfc_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_nfc_default_exec process hal_nfc_default)
+(typetransition hal_nfc_default tmpfs_28_0 file hal_nfc_default_tmpfs)
+(allow hal_nfc_default hal_nfc_default_tmpfs (file (read write getattr map)))
+(allow hal_nfc_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 mediacodec_exec_28_0 (file (read getattr map execute open)))
+(allow init_28_0 mediacodec_28_0 (process (transition)))
+(allow mediacodec_28_0 mediacodec_exec_28_0 (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 mediacodec_28_0 (process (noatsecure)))
+(allow init_28_0 mediacodec_28_0 (process (siginh rlimitinh)))
+(typetransition init_28_0 mediacodec_exec_28_0 process mediacodec)
+(typetransition mediacodec_28_0 tmpfs_28_0 file mediacodec_tmpfs)
+(allow mediacodec_28_0 mediacodec_tmpfs (file (read write getattr map)))
+(allow mediacodec_28_0 tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_power_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_power_default (process (transition)))
+(allow hal_power_default hal_power_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_power_default (process (noatsecure)))
+(allow init_28_0 hal_power_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_power_default_exec process hal_power_default)
+(typetransition hal_power_default tmpfs_28_0 file hal_power_default_tmpfs)
+(allow hal_power_default hal_power_default_tmpfs (file (read write getattr map)))
+(allow hal_power_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_radio_config_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_radio_config_default (process (transition)))
+(allow hal_radio_config_default hal_radio_config_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_radio_config_default (process (noatsecure)))
+(allow init_28_0 hal_radio_config_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_radio_config_default_exec process hal_radio_config_default)
+(typetransition hal_radio_config_default tmpfs_28_0 file hal_radio_config_default_tmpfs)
+(allow hal_radio_config_default hal_radio_config_default_tmpfs (file (read write getattr map)))
+(allow hal_radio_config_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_radio_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_radio_default (process (transition)))
+(allow hal_radio_default hal_radio_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_radio_default (process (noatsecure)))
+(allow init_28_0 hal_radio_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_radio_default_exec process hal_radio_default)
+(typetransition hal_radio_default tmpfs_28_0 file hal_radio_default_tmpfs)
+(allow hal_radio_default hal_radio_default_tmpfs (file (read write getattr map)))
+(allow hal_radio_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_secure_element_default secure_element_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow init_28_0 hal_secure_element_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_secure_element_default (process (transition)))
+(allow hal_secure_element_default hal_secure_element_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_secure_element_default (process (noatsecure)))
+(allow init_28_0 hal_secure_element_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_secure_element_default_exec process hal_secure_element_default)
+(typetransition hal_secure_element_default tmpfs_28_0 file hal_secure_element_default_tmpfs)
+(allow hal_secure_element_default hal_secure_element_default_tmpfs (file (read write getattr map)))
+(allow hal_secure_element_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_sensors_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_sensors_default (process (transition)))
+(allow hal_sensors_default hal_sensors_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_sensors_default (process (noatsecure)))
+(allow init_28_0 hal_sensors_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_sensors_default_exec process hal_sensors_default)
+(typetransition hal_sensors_default tmpfs_28_0 file hal_sensors_default_tmpfs)
+(allow hal_sensors_default hal_sensors_default_tmpfs (file (read write getattr map)))
+(allow hal_sensors_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_sensors_default fwk_scheduler_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_sensors_default hal_graphics_allocator_default (fd (use)))
+(allow hal_sensors_default ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow hal_sensors_default sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow hal_sensors_default self (capability2 (block_suspend)))
+(allow hal_sensors_default self (cap2_userns (block_suspend)))
+(allow init_28_0 hal_tetheroffload_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_tetheroffload_default (process (transition)))
+(allow hal_tetheroffload_default hal_tetheroffload_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_tetheroffload_default (process (noatsecure)))
+(allow init_28_0 hal_tetheroffload_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_tetheroffload_default_exec process hal_tetheroffload_default)
+(typetransition hal_tetheroffload_default tmpfs_28_0 file hal_tetheroffload_default_tmpfs)
+(allow hal_tetheroffload_default hal_tetheroffload_default_tmpfs (file (read write getattr map)))
+(allow hal_tetheroffload_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_thermal_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_thermal_default (process (transition)))
+(allow hal_thermal_default hal_thermal_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_thermal_default (process (noatsecure)))
+(allow init_28_0 hal_thermal_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_thermal_default_exec process hal_thermal_default)
+(typetransition hal_thermal_default tmpfs_28_0 file hal_thermal_default_tmpfs)
+(allow hal_thermal_default hal_thermal_default_tmpfs (file (read write getattr map)))
+(allow hal_thermal_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_tv_cec_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_tv_cec_default (process (transition)))
+(allow hal_tv_cec_default hal_tv_cec_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_tv_cec_default (process (noatsecure)))
+(allow init_28_0 hal_tv_cec_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_tv_cec_default_exec process hal_tv_cec_default)
+(typetransition hal_tv_cec_default tmpfs_28_0 file hal_tv_cec_default_tmpfs)
+(allow hal_tv_cec_default hal_tv_cec_default_tmpfs (file (read write getattr map)))
+(allow hal_tv_cec_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_tv_input_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_tv_input_default (process (transition)))
+(allow hal_tv_input_default hal_tv_input_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_tv_input_default (process (noatsecure)))
+(allow init_28_0 hal_tv_input_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_tv_input_default_exec process hal_tv_input_default)
+(typetransition hal_tv_input_default tmpfs_28_0 file hal_tv_input_default_tmpfs)
+(allow hal_tv_input_default hal_tv_input_default_tmpfs (file (read write getattr map)))
+(allow hal_tv_input_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_usb_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_usb_default (process (transition)))
+(allow hal_usb_default hal_usb_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_usb_default (process (noatsecure)))
+(allow init_28_0 hal_usb_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_usb_default_exec process hal_usb_default)
+(typetransition hal_usb_default tmpfs_28_0 file hal_usb_default_tmpfs)
+(allow hal_usb_default hal_usb_default_tmpfs (file (read write getattr map)))
+(allow hal_usb_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_vehicle_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_vehicle_default (process (transition)))
+(allow hal_vehicle_default hal_vehicle_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_vehicle_default (process (noatsecure)))
+(allow init_28_0 hal_vehicle_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_vehicle_default_exec process hal_vehicle_default)
+(typetransition hal_vehicle_default tmpfs_28_0 file hal_vehicle_default_tmpfs)
+(allow hal_vehicle_default hal_vehicle_default_tmpfs (file (read write getattr map)))
+(allow hal_vehicle_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_vibrator_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_vibrator_default (process (transition)))
+(allow hal_vibrator_default hal_vibrator_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_vibrator_default (process (noatsecure)))
+(allow init_28_0 hal_vibrator_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_vibrator_default_exec process hal_vibrator_default)
+(typetransition hal_vibrator_default tmpfs_28_0 file hal_vibrator_default_tmpfs)
+(allow hal_vibrator_default hal_vibrator_default_tmpfs (file (read write getattr map)))
+(allow hal_vibrator_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_vr_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_vr_default (process (transition)))
+(allow hal_vr_default hal_vr_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_vr_default (process (noatsecure)))
+(allow init_28_0 hal_vr_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_vr_default_exec process hal_vr_default)
+(typetransition hal_vr_default tmpfs_28_0 file hal_vr_default_tmpfs)
+(allow hal_vr_default hal_vr_default_tmpfs (file (read write getattr map)))
+(allow hal_vr_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_wifi_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_wifi_default (process (transition)))
+(allow hal_wifi_default hal_wifi_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_wifi_default (process (noatsecure)))
+(allow init_28_0 hal_wifi_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_wifi_default_exec process hal_wifi_default)
+(typetransition hal_wifi_default tmpfs_28_0 file hal_wifi_default_tmpfs)
+(allow hal_wifi_default hal_wifi_default_tmpfs (file (read write getattr map)))
+(allow hal_wifi_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_wifi_hostapd_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_wifi_hostapd_default (process (transition)))
+(allow hal_wifi_hostapd_default hal_wifi_hostapd_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_wifi_hostapd_default (process (noatsecure)))
+(allow init_28_0 hal_wifi_hostapd_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_wifi_hostapd_default_exec process hal_wifi_hostapd_default)
+(typetransition hal_wifi_hostapd_default tmpfs_28_0 file hal_wifi_hostapd_default_tmpfs)
+(allow hal_wifi_hostapd_default hal_wifi_hostapd_default_tmpfs (file (read write getattr map)))
+(allow hal_wifi_hostapd_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_wifi_hostapd_default hostapd_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_wifi_hostapd_default hostapd_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_wifi_hostapd_default hostapd_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow init_28_0 hal_wifi_offload_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_wifi_offload_default (process (transition)))
+(allow hal_wifi_offload_default hal_wifi_offload_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_wifi_offload_default (process (noatsecure)))
+(allow init_28_0 hal_wifi_offload_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_wifi_offload_default_exec process hal_wifi_offload_default)
+(typetransition hal_wifi_offload_default tmpfs_28_0 file hal_wifi_offload_default_tmpfs)
+(allow hal_wifi_offload_default hal_wifi_offload_default_tmpfs (file (read write getattr map)))
+(allow hal_wifi_offload_default tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 hal_wifi_supplicant_default_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_wifi_supplicant_default (process (transition)))
+(allow hal_wifi_supplicant_default hal_wifi_supplicant_default_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_wifi_supplicant_default (process (noatsecure)))
+(allow init_28_0 hal_wifi_supplicant_default (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_wifi_supplicant_default_exec process hal_wifi_supplicant_default)
+(typetransition hal_wifi_supplicant_default tmpfs_28_0 file hal_wifi_supplicant_default_tmpfs)
+(allow hal_wifi_supplicant_default hal_wifi_supplicant_default_tmpfs (file (read write getattr map)))
+(allow hal_wifi_supplicant_default tmpfs_28_0 (dir (getattr search)))
+(allow hal_wifi_supplicant_default proc_net_28_0 (file (write)))
+(allow hal_wifi_supplicant_default hwservicemanager_28_0 (binder (call transfer)))
+(allow hwservicemanager_28_0 hal_wifi_supplicant_default (binder (call transfer)))
+(allow hwservicemanager_28_0 hal_wifi_supplicant_default (dir (search)))
+(allow hwservicemanager_28_0 hal_wifi_supplicant_default (file (read open)))
+(allow hwservicemanager_28_0 hal_wifi_supplicant_default (process (getattr)))
+(allow hal_wifi_supplicant_default system_wifi_keystore_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_wifi_supplicant_default wifi_keystore_service_server (binder (call transfer)))
+(allow wifi_keystore_service_server hal_wifi_supplicant_default (binder (transfer)))
+(allow hal_wifi_supplicant_default wifi_keystore_service_server (fd (use)))
+(allow hal_wifi_supplicant_default wpa_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_wifi_supplicant_default wpa_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_wifi_supplicant_default wpa_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_wifi_supplicant_default device_logging_prop_28_0 (file (ioctl read getattr lock map open)))
+(dontaudit hal_wifi_supplicant_default wifi_data_file_28_0 (dir (search)))
+(allow init_28_0 rild_exec (file (read getattr map execute open)))
+(allow init_28_0 rild (process (transition)))
+(allow rild rild_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 rild (process (noatsecure)))
+(allow init_28_0 rild (process (siginh rlimitinh)))
+(typetransition init_28_0 rild_exec process rild)
+(typetransition rild tmpfs_28_0 file rild_tmpfs)
+(allow rild rild_tmpfs (file (read write getattr map)))
+(allow rild tmpfs_28_0 (dir (getattr search)))
+(allow init_28_0 tee_exec (file (read getattr map execute open)))
+(allow init_28_0 tee_28_0 (process (transition)))
+(allow tee_28_0 tee_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 tee_28_0 (process (noatsecure)))
+(allow init_28_0 tee_28_0 (process (siginh rlimitinh)))
+(typetransition init_28_0 tee_exec process tee)
+(typetransition tee_28_0 tmpfs_28_0 file tee_tmpfs)
+(allow tee_28_0 tee_tmpfs (file (read write getattr map)))
+(allow tee_28_0 tmpfs_28_0 (dir (getattr search)))
+(allow tee_28_0 self (capability (dac_override)))
+(allow tee_28_0 self (cap_userns (dac_override)))
+(allow tee_28_0 tee_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow tee_28_0 tee_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow tee_28_0 tee_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow tee_28_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow tee_28_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow tee_28_0 ion_device_28_0 (chr_file (ioctl read getattr lock map open)))
+(allow tee_28_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow tee_28_0 sysfs_type (file (ioctl read getattr lock map open)))
+(allow tee_28_0 sysfs_type (lnk_file (ioctl read getattr lock map open)))
+(allow tee_28_0 system_data_file_28_0 (file (read getattr)))
+(allow tee_28_0 system_data_file_28_0 (lnk_file (read getattr)))
+(allow init_28_0 vendor_toolbox_exec_28_0 (file (read getattr map execute open)))
+(allow init_28_0 vendor_modprobe (process (transition)))
+(allow vendor_modprobe vendor_toolbox_exec_28_0 (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 vendor_modprobe (process (noatsecure)))
+(allow init_28_0 vendor_modprobe (process (siginh rlimitinh)))
+(allow vendor_modprobe proc_modules_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_modprobe self (capability (sys_module)))
+(allow vendor_modprobe self (cap_userns (sys_module)))
+(allow vendor_modprobe kernel_28_0 (key (search)))
+(allow vendor_modprobe vendor_file_28_0 (system (module_load)))
+(allow vendor_modprobe vendor_file_28_0 (dir (ioctl read getattr lock search open)))
+(allow vendor_modprobe vendor_file_28_0 (file (ioctl read getattr lock map open)))
+(allow vendor_modprobe vendor_file_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow init_28_0 vndservicemanager_exec (file (read getattr map execute open)))
+(allow init_28_0 vndservicemanager_28_0 (process (transition)))
+(allow vndservicemanager_28_0 vndservicemanager_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 vndservicemanager_28_0 (process (noatsecure)))
+(allow init_28_0 vndservicemanager_28_0 (process (siginh rlimitinh)))
+(typetransition init_28_0 vndservicemanager_exec process vndservicemanager)
+(typetransition vndservicemanager_28_0 tmpfs_28_0 file vndservicemanager_tmpfs)
+(allow vndservicemanager_28_0 vndservicemanager_tmpfs (file (read write getattr map)))
+(allow vndservicemanager_28_0 tmpfs_28_0 (dir (getattr search)))
+(allow vndservicemanager_28_0 self (binder (set_context_mgr)))
+(allow vndservicemanager_28_0 base_typeattr_304_28_0 (binder (transfer)))
+(allow vndservicemanager_28_0 vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow vndservicemanager_28_0 vndservice_contexts_file_28_0 (file (ioctl read getattr lock map open)))
+(allow vndservicemanager_28_0 selinuxfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow vndservicemanager_28_0 selinuxfs_28_0 (file (ioctl read getattr lock map open)))
+(allow vndservicemanager_28_0 selinuxfs_28_0 (lnk_file (ioctl read getattr lock map open)))
+(allow vndservicemanager_28_0 selinuxfs_28_0 (file (write lock append map open)))
+(allow vndservicemanager_28_0 kernel_28_0 (security (compute_av)))
+(allow vndservicemanager_28_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow adbd_28_0 property_socket_28_0 (sock_file (write)))
+(allow adbd_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow adbd_28_0 ctl_mdnsd_prop_28_0 (property_service (set)))
+(allow adbd_28_0 ctl_mdnsd_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow audioserver_28_0 bootanim_28_0 (binder (call)))
+(allow bootanim_28_0 self (process (execmem)))
+(allow bootanim_28_0 ashmem_device_28_0 (chr_file (execute)))
+(dontaudit bootanim_28_0 system_data_file_28_0 (dir (read)))
+(allow bootanim_28_0 graphics_device_28_0 (chr_file (ioctl read open)))
+(allow bootanim_28_0 property_socket_28_0 (sock_file (write)))
+(allow bootanim_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow bootanim_28_0 qemu_prop (property_service (set)))
+(allow bootanim_28_0 qemu_prop (file (ioctl read getattr lock map open)))
+(allow cameraserver_28_0 system_file_28_0 (dir (read open)))
+(allow cameraserver_28_0 hal_allocator (fd (use)))
+(allow init_28_0 createns_exec (file (read getattr map execute open)))
+(allow init_28_0 createns (process (transition)))
+(allow createns createns_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 createns (process (noatsecure)))
+(allow init_28_0 createns (process (siginh rlimitinh)))
+(typetransition init_28_0 createns_exec process createns)
+(typetransition createns tmpfs_28_0 file createns_tmpfs)
+(allow createns createns_tmpfs (file (read write getattr map)))
+(allow createns tmpfs_28_0 (dir (getattr search)))
+(allow createns self (capability (setgid setuid net_raw sys_admin)))
+(allow createns varrun_file (dir (write add_name search)))
+(allow createns varrun_file (file (read write create mounton open)))
+(allow goldfish_setup createns_exec (file (read getattr map execute open)))
+(allow goldfish_setup createns (process (transition)))
+(allow createns createns_exec (file (read getattr map execute entrypoint open)))
+(allow createns goldfish_setup (process (sigchld)))
+(dontaudit goldfish_setup createns (process (noatsecure)))
+(allow goldfish_setup createns (process (siginh rlimitinh)))
+(typetransition goldfish_setup createns_exec process createns)
+(allow createns goldfish_setup (fd (use)))
+(allow init_28_0 dhcpclient_exec (file (read getattr map execute open)))
+(allow init_28_0 dhcpclient (process (transition)))
+(allow dhcpclient dhcpclient_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 dhcpclient (process (noatsecure)))
+(allow init_28_0 dhcpclient (process (siginh rlimitinh)))
+(typetransition init_28_0 dhcpclient_exec process dhcpclient)
+(typetransition dhcpclient tmpfs_28_0 file dhcpclient_tmpfs)
+(allow dhcpclient dhcpclient_tmpfs (file (read write getattr map)))
+(allow dhcpclient tmpfs_28_0 (dir (getattr search)))
+(allow dhcpclient execns (fd (use)))
+(allow dhcpclient property_socket_28_0 (sock_file (write)))
+(allow dhcpclient init_28_0 (unix_stream_socket (connectto)))
+(allow dhcpclient net_eth0_prop (property_service (set)))
+(allow dhcpclient net_eth0_prop (file (ioctl read getattr lock map open)))
+(allow dhcpclient self (capability (net_admin net_raw)))
+(allow dhcpclient self (udp_socket (create)))
+(allow dhcpclient self (netlink_route_socket (write nlmsg_write)))
+(allow dhcpclient varrun_file (dir (search)))
+(allow dhcpclient self (packet_socket (read write create bind)))
+(allowx dhcpclient self (ioctl udp_socket (0x8914 0x8916 0x891c 0x8922 0x8927)))
+(allow init_28_0 dhcpserver_exec (file (read getattr map execute open)))
+(allow init_28_0 dhcpserver (process (transition)))
+(allow dhcpserver dhcpserver_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 dhcpserver (process (noatsecure)))
+(allow init_28_0 dhcpserver (process (siginh rlimitinh)))
+(typetransition init_28_0 dhcpserver_exec process dhcpserver)
+(typetransition dhcpserver tmpfs_28_0 file dhcpserver_tmpfs)
+(allow dhcpserver dhcpserver_tmpfs (file (read write getattr map)))
+(allow dhcpserver tmpfs_28_0 (dir (getattr search)))
+(allow dhcpserver execns (fd (use)))
+(allow dhcpserver net_eth0_prop (file (ioctl read getattr lock map open)))
+(allow dhcpserver self (udp_socket (ioctl create bind setopt)))
+(allow dhcpserver self (capability (net_bind_service net_raw)))
+(allow domain qemu_device (chr_file (ioctl read write getattr lock append map open)))
+(allow domain qemu_prop (file (ioctl read getattr lock map open)))
+(allow init_28_0 execns_exec (file (read getattr map execute open)))
+(allow init_28_0 execns (process (transition)))
+(allow execns execns_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 execns (process (noatsecure)))
+(allow init_28_0 execns (process (siginh rlimitinh)))
+(typetransition init_28_0 execns_exec process execns)
+(typetransition execns tmpfs_28_0 file execns_tmpfs)
+(allow execns execns_tmpfs (file (read write getattr map)))
+(allow execns tmpfs_28_0 (dir (getattr search)))
+(allow execns varrun_file (dir (search)))
+(allow execns varrun_file (file (ioctl read getattr lock map open)))
+(allow execns self (capability (setgid setuid sys_admin)))
+(allow execns nsfs (file (read open)))
+(allow init_28_0 execns_exec (file (read getattr map execute open)))
+(allow init_28_0 execns (process (transition)))
+(allow execns execns_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 execns (process (noatsecure)))
+(allow init_28_0 execns (process (siginh rlimitinh)))
+(typetransition init_28_0 execns_exec process execns)
+(allow execns dhcpclient_exec (file (read getattr map execute open)))
+(allow execns dhcpclient (process (transition)))
+(allow dhcpclient dhcpclient_exec (file (read getattr map execute entrypoint open)))
+(allow dhcpclient execns (process (sigchld)))
+(dontaudit execns dhcpclient (process (noatsecure)))
+(allow execns dhcpclient (process (siginh rlimitinh)))
+(typetransition execns dhcpclient_exec process dhcpclient)
+(allow execns dhcpserver_exec (file (read getattr map execute open)))
+(allow execns dhcpserver (process (transition)))
+(allow dhcpserver dhcpserver_exec (file (read getattr map execute entrypoint open)))
+(allow dhcpserver execns (process (sigchld)))
+(dontaudit execns dhcpserver (process (noatsecure)))
+(allow execns dhcpserver (process (siginh rlimitinh)))
+(typetransition execns dhcpserver_exec process dhcpserver)
+(allow execns hostapd_nohidl_exec (file (read getattr map execute open)))
+(allow execns hostapd_nohidl (process (transition)))
+(allow hostapd_nohidl hostapd_nohidl_exec (file (read getattr map execute entrypoint open)))
+(allow hostapd_nohidl execns (process (sigchld)))
+(dontaudit execns hostapd_nohidl (process (noatsecure)))
+(allow execns hostapd_nohidl (process (siginh rlimitinh)))
+(typetransition execns hostapd_nohidl_exec process hostapd_nohidl)
+(allow execns createns (file (read)))
+(allow execns createns (dir (search)))
+(allow execns createns (lnk_file (read)))
+(allow init_28_0 goldfish_setup_exec (file (read getattr map execute open)))
+(allow init_28_0 goldfish_setup (process (transition)))
+(allow goldfish_setup goldfish_setup_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 goldfish_setup (process (noatsecure)))
+(allow init_28_0 goldfish_setup (process (siginh rlimitinh)))
+(typetransition init_28_0 goldfish_setup_exec process goldfish_setup)
+(typetransition goldfish_setup tmpfs_28_0 file goldfish_setup_tmpfs)
+(allow goldfish_setup goldfish_setup_tmpfs (file (read write getattr map)))
+(allow goldfish_setup tmpfs_28_0 (dir (getattr search)))
+(allow goldfish_setup self (capability (net_admin net_raw)))
+(allow goldfish_setup self (udp_socket (ioctl create)))
+(allow goldfish_setup vendor_toolbox_exec_28_0 (file (execute_no_trans)))
+(allowx goldfish_setup self (ioctl udp_socket (0x6900 0x6902)))
+(allowx goldfish_setup self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx goldfish_setup self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow goldfish_setup sysfs_wake_lock_28_0 (file (ioctl read write getattr lock append map open)))
+(allow goldfish_setup self (capability2 (block_suspend)))
+(allow goldfish_setup self (cap2_userns (block_suspend)))
+(allow goldfish_setup vendor_shell_exec_28_0 (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow goldfish_setup property_socket_28_0 (sock_file (write)))
+(allow goldfish_setup init_28_0 (unix_stream_socket (connectto)))
+(allow goldfish_setup ctl_default_prop_28_0 (property_service (set)))
+(allow goldfish_setup ctl_default_prop_28_0 (file (ioctl read getattr lock map open)))
+(allow goldfish_setup self (netlink_route_socket (read write create getattr bind setopt nlmsg_read nlmsg_write)))
+(allow goldfish_setup self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow goldfish_setup self (capability (sys_module sys_admin)))
+(allow goldfish_setup varrun_file (dir (read write mounton add_name remove_name search open)))
+(allow goldfish_setup varrun_file (file (read write create getattr unlink mounton open)))
+(allow goldfish_setup execns_exec (file (ioctl read getattr lock map execute execute_no_trans open)))
+(allow goldfish_setup proc_net_28_0 (file (ioctl read write getattr lock append map open)))
+(allow goldfish_setup proc_28_0 (file (ioctl read getattr lock map open)))
+(allow goldfish_setup nsfs (file (ioctl read getattr lock map open)))
+(allow goldfish_setup system_data_file_28_0 (dir (getattr)))
+(allow goldfish_setup kernel_28_0 (system (module_request)))
+(allow goldfish_setup property_socket_28_0 (sock_file (write)))
+(allow goldfish_setup init_28_0 (unix_stream_socket (connectto)))
+(allow goldfish_setup qemu_prop (property_service (set)))
+(allow goldfish_setup qemu_prop (file (ioctl read getattr lock map open)))
+(allow goldfish_setup net_share_prop (file (ioctl read getattr lock map open)))
+(allow goldfish_setup system_file_28_0 (file (execute_no_trans)))
+(allow goldfish_setup goldfish_setup_exec (file (execute_no_trans)))
+(allow goldfish_setup createns_exec (file (read getattr map execute open)))
+(allow goldfish_setup createns (process (transition)))
+(allow createns createns_exec (file (read getattr map execute entrypoint open)))
+(allow createns goldfish_setup (process (sigchld)))
+(dontaudit goldfish_setup createns (process (noatsecure)))
+(allow goldfish_setup createns (process (siginh rlimitinh)))
+(typetransition goldfish_setup createns_exec process createns)
+(allow goldfish_setup sysfs_28_0 (file (read open)))
+(allow goldfish_setup system_file_28_0 (file (lock)))
+(allow goldfish_setup self (rawip_socket (create getopt setopt)))
+(allow goldfish_setup createns (file (read)))
+(allow goldfish_setup createns (dir (search)))
+(allow goldfish_setup createns (lnk_file (read)))
+(allow hal_camera_default vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_camera_default vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_camera_default (dir (search)))
+(allow vndservicemanager_28_0 hal_camera_default (file (read open)))
+(allow vndservicemanager_28_0 hal_camera_default (process (getattr)))
+(allow hal_camera_default hal_graphics_mapper_hwservice_28_0 (hwservice_manager (find)))
+(allow hal_cas_default vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_cas_default vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_cas_default (dir (search)))
+(allow vndservicemanager_28_0 hal_cas_default (file (read open)))
+(allow vndservicemanager_28_0 hal_cas_default (process (getattr)))
+(allow init_28_0 hal_drm_clearkey_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_drm_clearkey (process (transition)))
+(allow hal_drm_clearkey hal_drm_clearkey_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_drm_clearkey (process (noatsecure)))
+(allow init_28_0 hal_drm_clearkey (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_drm_clearkey_exec process hal_drm_clearkey)
+(typetransition hal_drm_clearkey tmpfs_28_0 file hal_drm_clearkey_tmpfs)
+(allow hal_drm_clearkey hal_drm_clearkey_tmpfs (file (read write getattr map)))
+(allow hal_drm_clearkey tmpfs_28_0 (dir (getattr search)))
+(allow hal_drm_clearkey vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_drm_clearkey vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_drm_clearkey (dir (search)))
+(allow vndservicemanager_28_0 hal_drm_clearkey (file (read open)))
+(allow vndservicemanager_28_0 hal_drm_clearkey (process (getattr)))
+(allow hal_drm_clearkey base_typeattr_43_28_0 (fd (use)))
+(allow hal_drm_default vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_drm_default vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_drm_default (dir (search)))
+(allow vndservicemanager_28_0 hal_drm_default (file (read open)))
+(allow vndservicemanager_28_0 hal_drm_default (process (getattr)))
+(allow init_28_0 hal_drm_widevine_exec (file (read getattr map execute open)))
+(allow init_28_0 hal_drm_widevine (process (transition)))
+(allow hal_drm_widevine hal_drm_widevine_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hal_drm_widevine (process (noatsecure)))
+(allow init_28_0 hal_drm_widevine (process (siginh rlimitinh)))
+(typetransition init_28_0 hal_drm_widevine_exec process hal_drm_widevine)
+(typetransition hal_drm_widevine tmpfs_28_0 file hal_drm_widevine_tmpfs)
+(allow hal_drm_widevine hal_drm_widevine_tmpfs (file (read write getattr map)))
+(allow hal_drm_widevine tmpfs_28_0 (dir (getattr search)))
+(allow hal_drm mediacodec_28_0 (fd (use)))
+(allow hal_drm base_typeattr_43_28_0 (fd (use)))
+(allow hal_drm_widevine vndbinder_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow hal_drm_widevine vndservicemanager_28_0 (binder (call transfer)))
+(allow vndservicemanager_28_0 hal_drm_widevine (dir (search)))
+(allow vndservicemanager_28_0 hal_drm_widevine (file (read open)))
+(allow vndservicemanager_28_0 hal_drm_widevine (process (getattr)))
+(allow hal_drm_widevine hal_allocator_server (fd (use)))
+(allow hal_drm_widevine mediadrm_vendor_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_drm_widevine mediadrm_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_fingerprint_default fingerprintd_data_file_28_0 (file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(allow hal_fingerprint_default fingerprintd_data_file_28_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow hal_gnss_default vndbinder_device_28_0 (chr_file (ioctl read write open)))
+(allow hal_graphics_allocator_default graphics_device_28_0 (dir (search)))
+(allow hal_graphics_allocator_default graphics_device_28_0 (chr_file (ioctl read write open)))
+(allow hal_graphics_composer_default vndbinder_device_28_0 (chr_file (ioctl read write open)))
+(allow hal_wifi_default hal_wifi_default (netlink_route_socket (read write create bind nlmsg_read)))
+(allow healthd_28_0 sysfs_28_0 (dir (ioctl read getattr lock search open)))
+(allow init_28_0 hostapd_nohidl_exec (file (read getattr map execute open)))
+(allow init_28_0 hostapd_nohidl (process (transition)))
+(allow hostapd_nohidl hostapd_nohidl_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 hostapd_nohidl (process (noatsecure)))
+(allow init_28_0 hostapd_nohidl (process (siginh rlimitinh)))
+(typetransition init_28_0 hostapd_nohidl_exec process hostapd_nohidl)
+(typetransition hostapd_nohidl tmpfs_28_0 file hostapd_nohidl_tmpfs)
+(allow hostapd_nohidl hostapd_nohidl_tmpfs (file (read write getattr map)))
+(allow hostapd_nohidl tmpfs_28_0 (dir (getattr search)))
+(allow hostapd_nohidl execns (fd (use)))
+(allow hostapd_nohidl self (capability (net_admin net_raw)))
+(allow hostapd_nohidl self (netlink_generic_socket (read write create getattr bind setopt)))
+(allow hostapd_nohidl self (netlink_route_socket (nlmsg_write)))
+(allow hostapd_nohidl self (packet_socket (create setopt)))
+(allowx hostapd_nohidl self (ioctl udp_socket (0x6900 0x6902)))
+(allowx hostapd_nohidl self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hostapd_nohidl self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(dontaudit hostapd_nohidl sysfs_net_28_0 (dir (search)))
+(allow init_28_0 tmpfs_28_0 (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open)))
+(dontaudit init_28_0 kernel_28_0 (system (module_request)))
+(allow init_28_0 ipv6proxy_exec (file (read getattr map execute open)))
+(allow init_28_0 ipv6proxy (process (transition)))
+(allow ipv6proxy ipv6proxy_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 ipv6proxy (process (noatsecure)))
+(allow init_28_0 ipv6proxy (process (siginh rlimitinh)))
+(typetransition init_28_0 ipv6proxy_exec process ipv6proxy)
+(typetransition ipv6proxy tmpfs_28_0 file ipv6proxy_tmpfs)
+(allow ipv6proxy ipv6proxy_tmpfs (file (read write getattr map)))
+(allow ipv6proxy tmpfs_28_0 (dir (getattr search)))
+(allow execns ipv6proxy_exec (file (read getattr map execute open)))
+(allow execns ipv6proxy (process (transition)))
+(allow ipv6proxy ipv6proxy_exec (file (read getattr map execute entrypoint open)))
+(allow ipv6proxy execns (process (sigchld)))
+(dontaudit execns ipv6proxy (process (noatsecure)))
+(allow execns ipv6proxy (process (siginh rlimitinh)))
+(typetransition execns ipv6proxy_exec process ipv6proxy)
+(allow ipv6proxy execns (fd (use)))
+(allow ipv6proxy self (capability (net_admin net_raw sys_module sys_admin)))
+(allow ipv6proxy self (packet_socket (read create bind)))
+(allow ipv6proxy self (netlink_route_socket (nlmsg_write)))
+(allow ipv6proxy varrun_file (dir (search)))
+(allowx ipv6proxy self (ioctl udp_socket (0x8914 0x8927)))
+(allow init_28_0 logcat_exec_28_0 (file (read getattr map execute open)))
+(allow init_28_0 logpersist_28_0 (process (transition)))
+(allow logpersist_28_0 logcat_exec_28_0 (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 logpersist_28_0 (process (noatsecure)))
+(allow init_28_0 logpersist_28_0 (process (siginh rlimitinh)))
+(typetransition init_28_0 logcat_exec_28_0 process logpersist)
+(allow logpersist_28_0 logdr_socket_28_0 (sock_file (write)))
+(allow logpersist_28_0 logd_28_0 (unix_stream_socket (connectto)))
+(allow logpersist_28_0 serial_device_28_0 (chr_file (write open)))
+(allow logpersist_28_0 qemu_cmdline (file (ioctl read getattr lock map open)))
+(allow mediacodec_28_0 system_file_28_0 (dir (read open)))
+(dontaudit netd_28_0 self (capability (sys_module)))
+(dontaudit netd_28_0 kernel_28_0 (system (module_request)))
+(dontaudit priv_app_28_0 firstboot_prop_28_0 (file (getattr open)))
+(dontaudit priv_app_28_0 device_28_0 (dir (read open)))
+(dontaudit priv_app_28_0 proc_interrupts_28_0 (file (read getattr open)))
+(dontaudit priv_app_28_0 proc_modules_28_0 (file (read getattr open)))
+(allow init_28_0 qemu_props_exec (file (read getattr map execute open)))
+(allow init_28_0 qemu_props (process (transition)))
+(allow qemu_props qemu_props_exec (file (read getattr map execute entrypoint open)))
+(dontaudit init_28_0 qemu_props (process (noatsecure)))
+(allow init_28_0 qemu_props (process (siginh rlimitinh)))
+(typetransition init_28_0 qemu_props_exec process qemu_props)
+(typetransition qemu_props tmpfs_28_0 file qemu_props_tmpfs)
+(allow qemu_props qemu_props_tmpfs (file (read write getattr map)))
+(allow qemu_props tmpfs_28_0 (dir (getattr search)))
+(allow qemu_props property_socket_28_0 (sock_file (write)))
+(allow qemu_props init_28_0 (unix_stream_socket (connectto)))
+(allow qemu_props qemu_prop (property_service (set)))
+(allow qemu_props qemu_prop (file (ioctl read getattr lock map open)))
+(allow qemu_props property_socket_28_0 (sock_file (write)))
+(allow qemu_props init_28_0 (unix_stream_socket (connectto)))
+(allow qemu_props qemu_cmdline (property_service (set)))
+(allow qemu_props qemu_cmdline (file (ioctl read getattr lock map open)))
+(allow radio_28_0 net_eth0_prop (file (ioctl read getattr lock map open)))
+(allow rild net_eth0_prop (file (ioctl read getattr lock map open)))
+(allow shell_28_0 serial_device_28_0 (chr_file (ioctl read write getattr lock append map open)))
+(allow surfaceflinger_28_0 self (process (execmem)))
+(allow surfaceflinger_28_0 ashmem_device_28_0 (chr_file (execute)))
+(allow surfaceflinger_28_0 property_socket_28_0 (sock_file (write)))
+(allow surfaceflinger_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow surfaceflinger_28_0 qemu_prop (property_service (set)))
+(allow surfaceflinger_28_0 qemu_prop (file (ioctl read getattr lock map open)))
+(allow system_server_28_0 radio_noril_prop (file (ioctl read getattr lock map open)))
+(allow vendor_init_28_0 qemu_prop (property_service (set)))
+(allow vendor_init_28_0 qemu_prop (file (ioctl read getattr lock map open)))
+(dontaudit vold_28_0 kernel_28_0 (system (module_request)))
+(allow vold_28_0 nsfs (file (ioctl read getattr lock map open)))
+(allow zygote_28_0 property_socket_28_0 (sock_file (write)))
+(allow zygote_28_0 init_28_0 (unix_stream_socket (connectto)))
+(allow zygote_28_0 qemu_prop (property_service (set)))
+(allow zygote_28_0 qemu_prop (file (ioctl read getattr lock map open)))
+(dontaudit webview_zygote_28_0 mnt_expand_file_28_0 (dir (getattr)))
+(typetransition hal_wifi_supplicant_default wifi_data_file_28_0 dir "sockets" wpa_socket)
+(typeattribute base_typeattr_304_28_0)
+(typeattributeset base_typeattr_304_28_0 ((and (domain) ((not (coredomain init_28_0 vendor_init_28_0))))))
diff --git a/private/access_vectors b/private/access_vectors
index 898c884..59e6d32 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -282,15 +282,6 @@
class unix_dgram_socket
inherits socket
-class bpf
-{
- map_create
- map_read
- map_write
- prog_load
- prog_run
-}
-
#
# Define the access vector interpretation for process-related objects
#
@@ -330,6 +321,11 @@
getrlimit
}
+class process2
+{
+ nnp_transition
+ nosuid_transition
+}
#
# Define the access vector interpretation for ipc-related objects
@@ -672,6 +668,15 @@
class smc_socket
inherits socket
+class bpf
+{
+ map_create
+ map_read
+ map_write
+ prog_load
+ prog_run
+}
+
class property_service
{
set
diff --git a/private/adbd.te b/private/adbd.te
index 77c0d73..685b2cc 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -12,6 +12,17 @@
allow adbd su:process dyntransition;
')
+# When 'adb shell' is executed in recovery mode, adbd explicitly
+# switches into shell domain using setcon() because the shell executable
+# is not labeled as shell but as rootfs.
+recovery_only(`
+ domain_trans(adbd, rootfs, shell)
+ allow adbd shell:process dyntransition;
+
+ # Allows reboot fastboot to enter fastboot directly
+ unix_socket_connect(adbd, recovery, recovery)
+')
+
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
@@ -22,12 +33,19 @@
# Drop capabilities from bounding set on user builds.
allow adbd self:global_capability_class_set setpcap;
+# ignore spurious denials for adbd when disk space is low.
+dontaudit adbd self:global_capability_class_set sys_resource;
+
# Create and use network sockets.
net_domain(adbd)
# Access /dev/usb-ffs/adb/ep0
allow adbd functionfs:dir search;
allow adbd functionfs:file rw_file_perms;
+allowxperm adbd functionfs:file ioctl {
+ FUNCTIONFS_ENDPOINT_DESC
+ FUNCTIONFS_CLEAR_HALT
+};
# Use a pseudo tty.
allow adbd devpts:chr_file rw_file_perms;
@@ -67,6 +85,12 @@
# Read device's serial number from system properties
get_prop(adbd, serialno_prop)
+# Read device's overlayfs related properties and files
+userdebug_or_eng(`
+ get_prop(adbd, persistent_properties_ready_prop)
+ r_dir_file(adbd, sysfs_dt_firmware_android)
+')
+
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
@@ -145,4 +169,4 @@
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
neverallow adbd { domain -crash_dump -shell }:process transition;
-neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
+neverallow adbd { domain userdebug_or_eng(`-su') recovery_only(`-shell') }:process dyntransition;
diff --git a/private/apexd.te b/private/apexd.te
new file mode 100644
index 0000000..3bfc3cd
--- /dev/null
+++ b/private/apexd.te
@@ -0,0 +1,47 @@
+typeattribute apexd coredomain;
+
+init_daemon_domain(apexd)
+
+# Read /system/etc/security/apex_debug_key
+allow apexd apex_key_file:dir { search getattr };
+allow apexd apex_key_file:file r_file_perms;
+
+# Allow reading and writing of APEX files in the APEX data dir
+allow apexd apex_data_file:dir rw_dir_perms;
+allow apexd apex_data_file:file rw_file_perms;
+
+# allow apexd to create loop devices with /dev/loop-control
+allow apexd loop_control_device:chr_file rw_file_perms;
+# allow apexd to access loop devices
+allow apexd loop_device:blk_file rw_file_perms;
+allowxperm apexd loop_device:blk_file ioctl LOOP_GET_STATUS64;
+# allow apexd to access /dev/block
+allow apexd block_device:dir r_dir_perms;
+
+# allow apexd to access /dev/block/dm-* (device-mapper entries)
+allow apexd dm_device:chr_file rw_file_perms;
+allow apexd dm_device:blk_file rw_file_perms;
+
+# sys_admin is required to access the device-mapper and mount
+allow apexd self:global_capability_class_set sys_admin;
+
+# allow apexd to create a mount point in /apex
+allow apexd apex_mnt_dir:dir create_dir_perms;
+# allow apexd to mount in /apex
+allow apexd apex_mnt_dir:filesystem { mount unmount };
+allow apexd apex_mnt_dir:dir mounton;
+# allow apexd to create symlinks in /apex
+allow apexd apex_mnt_dir:lnk_file create_file_perms;
+
+# Unmount and mount filesystems
+allow apexd labeledfs:filesystem { mount unmount };
+
+# Spawning a libbinder thread results in a dac_override deny,
+# /dev/cpuset/tasks is owned by system.
+#
+# See b/35323867#comment3
+dontaudit apexd self:global_capability_class_set { dac_override dac_read_search };
+
+neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init } apex_data_file:file no_rw_file_perms;
+neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
diff --git a/private/app.te b/private/app.te
index f3e1e2a..7d9bc89 100644
--- a/private/app.te
+++ b/private/app.te
@@ -2,6 +2,14 @@
# Read system properties managed by zygote.
allow appdomain zygote_tmpfs:file read;
+# Read from (but not create) system_server buffers transferred through
+# ashmem, e.g. battery stats.
+allow appdomain system_server_tmpfs:file read;
+
+# Get info from priv_app through ashmem, such as contact
+# info etc.
+allow appdomain priv_app_tmpfs:file read;
+
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 8d9ccd6..c1f9a2b 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -10,7 +10,6 @@
untrusted_app_25
untrusted_app_27
untrusted_app_all
- untrusted_v2_app
}')
# Receive or send uevent messages.
neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
@@ -70,7 +69,7 @@
# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
# ioctl permission, or 3. disallow the socket class.
-neverallowxperm all_untrusted_apps domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
neverallow all_untrusted_apps *:{
socket netlink_socket packet_socket key_socket appletalk_socket
@@ -79,7 +78,11 @@
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
- netlink_rdma_socket netlink_crypto_socket
+ netlink_rdma_socket netlink_crypto_socket sctp_socket
+ ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
+ atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
} *;
# Do not allow untrusted apps access to /cache
@@ -96,6 +99,7 @@
-sdcard_type
file_type
-app_data_file # The apps sandbox itself
+ -privapp_data_file
-media_rw_data_file # Internal storage. Known that apps can
# leave artfacts here after uninstall.
-user_profile_data_file # Access to profile files
@@ -125,6 +129,7 @@
proc_loadavg
proc_mounts
proc_pagetypeinfo
+ proc_slabinfo
proc_stat
proc_swaps
proc_uptime
@@ -184,12 +189,13 @@
-hal_omx_hwservice
-hal_cas_hwservice
-hal_neuralnetworks_hwservice
- -untrusted_app_visible_hwservice
+ -untrusted_app_visible_hwservice_violators
}:hwservice_manager find;
# Make sure that the following services are never accessible by untrusted_apps
neverallow all_untrusted_apps {
default_android_hwservice
+ hal_atrace_hwservice
hal_audio_hwservice
hal_authsecret_hwservice
hal_bluetooth_hwservice
@@ -253,10 +259,22 @@
-hal_graphics_allocator_server
-hal_cas_server
-hal_neuralnetworks_server
+ -hal_omx_server
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- -untrusted_app_visible_halserver
+ -untrusted_app_visible_halserver_violators
}:binder { call transfer };
')
# Untrusted apps are not allowed to find mediaextractor update service.
neverallow all_untrusted_apps mediaextractor_update_service:service_manager find;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms;
+neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;
+
+# Untrusted apps are not allowed to use cgroups.
+neverallow all_untrusted_apps cgroup:file *;
diff --git a/private/atrace.te b/private/atrace.te
index 630935d..a60370d 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -2,7 +2,7 @@
# It is spawned either by traced_probes or by init for the boottrace service.
type atrace, domain, coredomain;
-type atrace_exec, exec_type, file_type;
+type atrace_exec, exec_type, file_type, system_file_type;
# boottrace services uses /data/misc/boottrace/categories
allow atrace boottrace_data_file:dir search;
@@ -22,11 +22,18 @@
binder_use(atrace)
allow atrace healthd:binder call;
allow atrace surfaceflinger:binder call;
+allow atrace system_server:binder call;
+
get_prop(atrace, hwservicemanager_prop)
+# atrace can call atrace HAL
+hal_client_domain(atrace, hal_atrace)
+
allow atrace {
service_manager_type
+ -apex_service
-incident_service
+ -iorapd_service
-netd_service
-stats_service
-dumpstate_service
diff --git a/private/audioserver.te b/private/audioserver.te
index 1d4223f..09a0a97 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -2,7 +2,7 @@
typeattribute audioserver coredomain;
-type audioserver_exec, exec_type, file_type;
+type audioserver_exec, exec_type, file_type, system_file_type;
init_daemon_domain(audioserver)
r_dir_file(audioserver, sdcard_type)
@@ -86,3 +86,6 @@
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Allow using wake locks
+wakelock_use(audioserver)
diff --git a/private/blank_screen.te b/private/blank_screen.te
index 43d273b..51310d1 100644
--- a/private/blank_screen.te
+++ b/private/blank_screen.te
@@ -1,5 +1,5 @@
type blank_screen, domain, coredomain;
-type blank_screen_exec, exec_type, file_type;
+type blank_screen_exec, exec_type, file_type, system_file_type;
init_daemon_domain(blank_screen)
diff --git a/private/blkid.te b/private/blkid.te
index 090912b..4e972ab 100644
--- a/private/blkid.te
+++ b/private/blkid.te
@@ -2,7 +2,7 @@
typeattribute blkid coredomain;
-type blkid_exec, exec_type, file_type;
+type blkid_exec, system_file_type, exec_type, file_type;
# Allowed read-only access to encrypted devices to extract UUID/label
allow blkid block_device:dir search;
diff --git a/private/bpfloader.te b/private/bpfloader.te
index 4e8ec2b..83a74a2 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -1,6 +1,6 @@
# bpf program loader
type bpfloader, domain;
-type bpfloader_exec, exec_type, file_type;
+type bpfloader_exec, system_file_type, exec_type, file_type;
typeattribute bpfloader coredomain;
# Process need CAP_NET_ADMIN to run bpf programs as cgroup filter
@@ -19,7 +19,11 @@
allow bpfloader netd:bpf { map_read map_write };
allow bpfloader self:bpf { prog_load prog_run };
-# Neverallow rules
+dontaudit bpfloader self:global_capability_class_set sys_admin;
+
+###
+### Neverallow rules
+###
neverallow { domain -bpfloader } *:bpf prog_load;
neverallow { domain -bpfloader -netd -netutils_wrapper} *:bpf prog_run;
neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_trans };
@@ -27,4 +31,5 @@
# only system_server, netd and bpfloader can read/write the bpf maps
neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
-dontaudit bpfloader self:capability sys_admin;
+# No domain should be allowed to ptrace bpfloader
+neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
diff --git a/private/bufferhubd.te b/private/bufferhubd.te
index 012eb20..31328ac 100644
--- a/private/bufferhubd.te
+++ b/private/bufferhubd.te
@@ -1,3 +1,7 @@
typeattribute bufferhubd coredomain;
init_daemon_domain(bufferhubd)
+
+# Permission for create binder service "bufferhubd"
+binder_use(bufferhubd);
+add_service(bufferhubd, buffer_hub_service);
diff --git a/private/bug_map b/private/bug_map
index 5c551c8..6eab540 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,8 +1,4 @@
cppreopts cppreopts capability 79414024
-dexoptanalyzer apk_data_file file 77853712
-dexoptanalyzer app_data_file file 77853712
-dexoptanalyzer app_data_file lnk_file 77853712
-dexoptanalyzer system_data_file lnk_file 77853712
dnsmasq netd fifo_file 77868789
dnsmasq netd unix_stream_socket 77868789
init app_data_file file 77873135
@@ -24,22 +20,11 @@
netd untrusted_app unix_stream_socket 77870037
netd untrusted_app_25 unix_stream_socket 77870037
netd untrusted_app_27 unix_stream_socket 77870037
-otapreopt_chroot postinstall_file lnk_file 75287236
platform_app nfc_data_file dir 74331887
-postinstall postinstall capability 77958490
-postinstall_dexopt postinstall_dexopt capability 77958490
-postinstall_dexopt user_profile_data_file file 77958490
-priv_app system_data_file dir 72811052
-profman apk_data_file dir 77922323
-radio statsdw_socket sock_file 78456764
-statsd hal_health_default binder 77919007
-storaged storaged capability 77634061
-surfaceflinger mediacodec binder 77924251
system_server crash_dump process 73128755
-system_server logd_socket sock_file 64734187
system_server sdcardfs file 77856826
+system_server storage_stub_file dir 112609936
system_server zygote process 77856826
-untrusted_app_25 system_data_file dir 72550646
-untrusted_app_27 system_data_file dir 72550646
usbd usbd capability 72472544
+vrcore_app mnt_user_file dir 118185801
zygote untrusted_app_25 process 77925912
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 0478a56..187712e 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -4,9 +4,14 @@
(typeattribute hal_wifi_keystore_server)
;; types removed from current policy
+(type untrusted_v2_app)
(type asan_reboot_prop)
+(type commontime_management_service)
(type log_device)
(type mediacasserver_service)
+(type mediacodec)
+(type mediacodec_exec)
+(type qtaguid_proc)
(type reboot_data_file)
(type tracing_shell_writable)
(type tracing_shell_writable_debug)
@@ -28,7 +33,7 @@
(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
-(typeattributeset app_data_file_26_0 (app_data_file))
+(typeattributeset app_data_file_26_0 (app_data_file privapp_data_file))
(typeattributeset app_fuse_file_26_0 (app_fuse_file))
(typeattributeset app_fusefs_26_0 (app_fusefs))
(typeattributeset appops_service_26_0 (appops_service))
@@ -118,7 +123,7 @@
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
-(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
@@ -276,7 +281,7 @@
(typeattributeset incident_data_file_26_0 (incident_data_file))
(typeattributeset incident_service_26_0 (incident_service))
(typeattributeset init_26_0 (init))
-(typeattributeset init_exec_26_0 (init_exec))
+(typeattributeset init_exec_26_0 (init_exec watchdogd_exec))
(typeattributeset inotify_26_0 (inotify))
(typeattributeset input_device_26_0 (input_device))
(typeattributeset inputflinger_26_0 (inputflinger))
@@ -478,6 +483,7 @@
proc_pipe_conf
proc_random
proc_sched
+ proc_slabinfo
proc_swaps
proc_uid_time_in_state
proc_uid_concurrent_active_time
@@ -498,6 +504,7 @@
(typeattributeset proc_modules_26_0 (proc_modules))
(typeattributeset proc_net_26_0
( proc_net
+ proc_net_tcp_udp
proc_qtaguid_stat))
(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
(typeattributeset proc_perf_26_0 (proc_perf))
@@ -523,7 +530,9 @@
(typeattributeset pstorefs_26_0 (pstorefs))
(typeattributeset ptmx_device_26_0 (ptmx_device))
(typeattributeset qtaguid_device_26_0 (qtaguid_device))
-(typeattributeset qtaguid_proc_26_0 (qtaguid_proc))
+(typeattributeset qtaguid_proc_26_0
+ ( qtaguid_proc
+ proc_qtaguid_ctrl))
(typeattributeset racoon_26_0 (racoon))
(typeattributeset racoon_exec_26_0 (racoon_exec))
(typeattributeset racoon_socket_26_0 (racoon_socket))
@@ -560,7 +569,9 @@
(typeattributeset runas_exec_26_0 (runas_exec))
(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
(typeattributeset safemode_prop_26_0 (safemode_prop))
-(typeattributeset same_process_hal_file_26_0 (same_process_hal_file))
+(typeattributeset same_process_hal_file_26_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
(typeattributeset sdcardd_26_0 (sdcardd))
@@ -639,8 +650,17 @@
(typeattributeset system_block_device_26_0 (system_block_device))
(typeattributeset system_data_file_26_0
( system_data_file
+ dropbox_data_file
vendor_data_file))
-(typeattributeset system_file_26_0 (system_file))
+(typeattributeset system_file_26_0
+ ( system_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ system_zoneinfo_file
+))
(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
(typeattributeset system_prop_26_0 (system_prop))
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index c8edf9f..17af59b 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -1,11 +1,24 @@
;; new_objects - a collection of types that have been introduced that have no
;; analogue in older policy. Thus, we do not need to map these types to
;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
- ( adbd_exec
+ ( new_objects
+ activity_task_service
+ adb_service
+ adbd_exec
+ app_binding_service
+ apex_data_file
+ apex_mnt_dir
+ apex_key_file
+ apex_service
+ apexd
+ apexd_exec
+ apexd_tmpfs
atrace
binder_calls_stats_service
+ biometric_service
bootloader_boot_reason_prop
blank_screen
blank_screen_exec
@@ -14,7 +27,10 @@
bpfloader
bpfloader_exec
broadcastradio_service
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
cgroup_bpf
+ color_display_service
crossprofileapps_service
ctl_interface_restart_prop
ctl_interface_start_prop
@@ -23,6 +39,7 @@
e2fs
e2fs_exec
exfat
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
@@ -46,8 +63,11 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
+ fastbootd
fingerprint_vendor_data_file
fs_bpf
+ fwk_stats_hwservice
+ hal_atrace_hwservice
hal_audiocontrol_hwservice
hal_authsecret_hwservice
hal_broadcastradio_hwservice
@@ -55,28 +75,50 @@
hal_codec2_hwservice
hal_confirmationui_hwservice
hal_evs_hwservice
+ hal_health_storage_hwservice
hal_lowpan_hwservice
hal_neuralnetworks_hwservice
hal_secure_element_hwservice
+ hal_system_suspend_default
+ hal_system_suspend_default_exec
+ hal_system_suspend_default_tmpfs
hal_tetheroffload_hwservice
hal_wifi_hostapd_hwservice
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_offload_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
incident_helper
incident_helper_exec
+ iorapd
+ iorapd_data_file
+ iorapd_exec
+ iorapd_service
+ iorapd_tmpfs
kmsg_debug_device
last_boot_reason_prop
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
lowpan_device
lowpan_prop
lowpan_service
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
mediaextractor_update_service
mediaprovider_tmpfs
metadata_file
+ mnt_product_file
mnt_vendor_file
netd_stable_secret_prop
network_watchlist_data_file
network_watchlist_service
+ overlayfs_file
package_native_service
perfetto
perfetto_exec
@@ -84,6 +126,7 @@
perfetto_traces_data_file
perfprofd_service
property_info
+ recovery_socket
secure_element
secure_element_device
secure_element_tmpfs
@@ -100,9 +143,12 @@
statsdw_socket
statscompanion_service
storaged_data_file
+ super_block_device
sysfs_fs_ext4_features
system_boot_reason_prop
+ system_lmk_prop
system_net_netd_hwservice
+ system_suspend_hwservice
system_update_service
test_boot_reason_prop
thermal_service
@@ -110,7 +156,10 @@
thermalserviced
thermalserviced_exec
thermalserviced_tmpfs
+ time_prop
+ timedetector_service
timezone_service
+ timezonedetector_service
tombstoned_java_trace_socket
tombstone_wifi_data_file
trace_data_file
@@ -129,6 +178,7 @@
update_engine_log_data_file
vendor_default_prop
vendor_security_patch_level_prop
+ uri_grants_service
usbd
usbd_exec
usbd_tmpfs
@@ -138,9 +188,11 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ vrflinger_vsync_service
wait_for_keymaster
wait_for_keymaster_exec
wait_for_keymaster_tmpfs
+ watchdogd_tmpfs
wpantund
wpantund_exec
wpantund_service
@@ -150,8 +202,9 @@
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
(typeattribute priv_objects)
(typeattributeset priv_objects
- ( adbd_tmpfs
- untrusted_app_27_tmpfs
- ))
+ ( priv_objects
+ adbd_tmpfs
+ untrusted_app_27_tmpfs))
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index dbe3e88..2a4f854 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1,8 +1,13 @@
;; types removed from current policy
-(type webview_zygote_socket)
+(type commontime_management_service)
+(type mediacodec)
+(type mediacodec_exec)
+(type qtaguid_proc)
(type reboot_data_file)
(type vold_socket)
(type rild)
+(type untrusted_v2_app)
+(type webview_zygote_socket)
(expandtypeattribute (accessibility_service_27_0) true)
(expandtypeattribute (account_service_27_0) true)
@@ -732,7 +737,7 @@
(typeattributeset apk_private_data_file_27_0 (apk_private_data_file))
(typeattributeset apk_private_tmp_file_27_0 (apk_private_tmp_file))
(typeattributeset apk_tmp_file_27_0 (apk_tmp_file))
-(typeattributeset app_data_file_27_0 (app_data_file))
+(typeattributeset app_data_file_27_0 (app_data_file privapp_data_file))
(typeattributeset app_fuse_file_27_0 (app_fuse_file))
(typeattributeset app_fusefs_27_0 (app_fusefs))
(typeattributeset appops_service_27_0 (appops_service))
@@ -822,7 +827,7 @@
(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
-(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
+(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
@@ -988,7 +993,7 @@
(typeattributeset incident_data_file_27_0 (incident_data_file))
(typeattributeset incident_service_27_0 (incident_service))
(typeattributeset init_27_0 (init))
-(typeattributeset init_exec_27_0 (init_exec))
+(typeattributeset init_exec_27_0 (init_exec watchdogd_exec))
(typeattributeset inotify_27_0 (inotify))
(typeattributeset input_device_27_0 (input_device))
(typeattributeset inputflinger_27_0 (inputflinger))
@@ -1193,6 +1198,7 @@
proc_pipe_conf
proc_random
proc_sched
+ proc_slabinfo
proc_swaps
proc_uid_concurrent_active_time
proc_uid_concurrent_policy_time
@@ -1212,6 +1218,7 @@
(typeattributeset proc_modules_27_0 (proc_modules))
(typeattributeset proc_net_27_0
( proc_net
+ proc_net_tcp_udp
proc_qtaguid_stat))
(typeattributeset proc_overcommit_memory_27_0 (proc_overcommit_memory))
(typeattributeset proc_perf_27_0 (proc_perf))
@@ -1238,7 +1245,9 @@
(typeattributeset pstorefs_27_0 (pstorefs))
(typeattributeset ptmx_device_27_0 (ptmx_device))
(typeattributeset qtaguid_device_27_0 (qtaguid_device))
-(typeattributeset qtaguid_proc_27_0 (qtaguid_proc))
+(typeattributeset qtaguid_proc_27_0
+ ( proc_qtaguid_ctrl
+ qtaguid_proc))
(typeattributeset racoon_27_0 (racoon))
(typeattributeset racoon_exec_27_0 (racoon_exec))
(typeattributeset racoon_socket_27_0 (racoon_socket))
@@ -1275,7 +1284,9 @@
(typeattributeset runas_exec_27_0 (runas_exec))
(typeattributeset runtime_event_log_tags_file_27_0 (runtime_event_log_tags_file))
(typeattributeset safemode_prop_27_0 (safemode_prop))
-(typeattributeset same_process_hal_file_27_0 (same_process_hal_file))
+(typeattributeset same_process_hal_file_27_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
(typeattributeset samplingprofiler_service_27_0 (samplingprofiler_service))
(typeattributeset scheduling_policy_service_27_0 (scheduling_policy_service))
(typeattributeset sdcardd_27_0 (sdcardd))
@@ -1356,8 +1367,17 @@
(typeattributeset system_block_device_27_0 (system_block_device))
(typeattributeset system_data_file_27_0
( system_data_file
+ dropbox_data_file
vendor_data_file))
-(typeattributeset system_file_27_0 (system_file))
+(typeattributeset system_file_27_0
+ ( system_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ system_zoneinfo_file
+))
(typeattributeset systemkeys_data_file_27_0 (systemkeys_data_file))
(typeattributeset system_ndebug_socket_27_0 (system_ndebug_socket))
(typeattributeset system_net_netd_hwservice_27_0 (system_net_netd_hwservice))
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 6106748..00ee630 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -1,10 +1,23 @@
;; new_objects - a collection of types that have been introduced that have no
;; analogue in older policy. Thus, we do not need to map these types to
;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
- ( atrace
+ ( new_objects
+ activity_task_service
+ adb_service
+ app_binding_service
+ apex_data_file
+ apex_mnt_dir
+ apex_key_file
+ apex_service
+ apexd
+ apexd_exec
+ apexd_tmpfs
+ atrace
binder_calls_stats_service
+ biometric_service
blank_screen
blank_screen_exec
blank_screen_tmpfs
@@ -12,7 +25,10 @@
bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
cgroup_bpf
+ color_display_service
crossprofileapps_service
ctl_interface_restart_prop
ctl_interface_start_prop
@@ -27,6 +43,7 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
+ exported_audio_prop
exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
@@ -42,35 +59,61 @@
exported_system_radio_prop
exported_vold_prop
exported_wifi_prop
+ fastbootd
fingerprint_vendor_data_file
fs_bpf
+ fwk_stats_hwservice
+ hal_atrace_hwservice
hal_audiocontrol_hwservice
hal_authsecret_hwservice
hal_codec2_hwservice
hal_confirmationui_hwservice
hal_evs_hwservice
+ hal_health_storage_hwservice
hal_lowpan_hwservice
hal_secure_element_hwservice
+ hal_system_suspend_default
+ hal_system_suspend_default_exec
+ hal_system_suspend_default_tmpfs
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_hostapd_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
incident_helper
incident_helper_exec
+ iorapd
+ iorapd_data_file
+ iorapd_exec
+ iorapd_service
+ iorapd_tmpfs
last_boot_reason_prop
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
lowpan_device
lowpan_prop
lowpan_service
mediaextractor_update_service
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
metadata_file
+ mnt_product_file
mnt_vendor_file
network_watchlist_data_file
network_watchlist_service
+ overlayfs_file
perfetto
perfetto_exec
perfetto_tmpfs
perfetto_traces_data_file
perfprofd_service
property_info
+ recovery_socket
secure_element
secure_element_device
secure_element_service
@@ -87,9 +130,15 @@
statsdw
statsdw_socket
storaged_data_file
+ super_block_device
system_boot_reason_prop
+ system_lmk_prop
+ system_suspend_hwservice
system_update_service
test_boot_reason_prop
+ time_prop
+ timedetector_service
+ timezonedetector_service
tombstone_wifi_data_file
trace_data_file
traced
@@ -105,6 +154,7 @@
traceur_app_tmpfs
untrusted_app_all_devpts
update_engine_log_data_file
+ uri_grants_service
usbd
usbd_exec
usbd_tmpfs
@@ -116,9 +166,11 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ vrflinger_vsync_service
wait_for_keymaster
wait_for_keymaster_exec
wait_for_keymaster_tmpfs
+ watchdogd_tmpfs
wm_trace_data_file
wpantund
wpantund_exec
@@ -128,5 +180,8 @@
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
(typeattribute priv_objects)
-(typeattributeset priv_objects (untrusted_app_27_tmpfs))
+(typeattributeset priv_objects
+ ( priv_objects
+ untrusted_app_27_tmpfs))
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
new file mode 100644
index 0000000..e76bc2d
--- /dev/null
+++ b/private/compat/28.0/28.0.cil
@@ -0,0 +1,1721 @@
+;; types removed from current policy
+(type commontime_management_service)
+(type mediacodec)
+(type mediacodec_exec)
+(type qtaguid_proc)
+(type thermalcallback_hwservice)
+(type untrusted_v2_app)
+
+;; Public 28.0 SEPolicy is divergent on different devices w.r.t
+;; exported_audio_prop type. We need this typeattribute declaration so that the
+;; mapping file compiles with vendor policies without exported_audio_prop type.
+(typeattribute exported_audio_prop_28_0)
+
+(expandtypeattribute (accessibility_service_28_0) true)
+(expandtypeattribute (account_service_28_0) true)
+(expandtypeattribute (activity_service_28_0) true)
+(expandtypeattribute (adbd_28_0) true)
+(expandtypeattribute (adb_data_file_28_0) true)
+(expandtypeattribute (adbd_exec_28_0) true)
+(expandtypeattribute (adbd_socket_28_0) true)
+(expandtypeattribute (adb_keys_file_28_0) true)
+(expandtypeattribute (alarm_device_28_0) true)
+(expandtypeattribute (alarm_service_28_0) true)
+(expandtypeattribute (anr_data_file_28_0) true)
+(expandtypeattribute (apk_data_file_28_0) true)
+(expandtypeattribute (apk_private_data_file_28_0) true)
+(expandtypeattribute (apk_private_tmp_file_28_0) true)
+(expandtypeattribute (apk_tmp_file_28_0) true)
+(expandtypeattribute (app_data_file_28_0) true)
+(expandtypeattribute (app_fuse_file_28_0) true)
+(expandtypeattribute (app_fusefs_28_0) true)
+(expandtypeattribute (appops_service_28_0) true)
+(expandtypeattribute (appwidget_service_28_0) true)
+(expandtypeattribute (asec_apk_file_28_0) true)
+(expandtypeattribute (asec_image_file_28_0) true)
+(expandtypeattribute (asec_public_file_28_0) true)
+(expandtypeattribute (ashmem_device_28_0) true)
+(expandtypeattribute (assetatlas_service_28_0) true)
+(expandtypeattribute (audio_data_file_28_0) true)
+(expandtypeattribute (audio_device_28_0) true)
+(expandtypeattribute (audiohal_data_file_28_0) true)
+(expandtypeattribute (audio_prop_28_0) true)
+(expandtypeattribute (audio_seq_device_28_0) true)
+(expandtypeattribute (audioserver_28_0) true)
+(expandtypeattribute (audioserver_data_file_28_0) true)
+(expandtypeattribute (audioserver_service_28_0) true)
+(expandtypeattribute (audio_service_28_0) true)
+(expandtypeattribute (audio_timer_device_28_0) true)
+(expandtypeattribute (autofill_service_28_0) true)
+(expandtypeattribute (backup_data_file_28_0) true)
+(expandtypeattribute (backup_service_28_0) true)
+(expandtypeattribute (batteryproperties_service_28_0) true)
+(expandtypeattribute (battery_service_28_0) true)
+(expandtypeattribute (batterystats_service_28_0) true)
+(expandtypeattribute (binder_calls_stats_service_28_0) true)
+(expandtypeattribute (binder_device_28_0) true)
+(expandtypeattribute (binfmt_miscfs_28_0) true)
+(expandtypeattribute (blkid_28_0) true)
+(expandtypeattribute (blkid_untrusted_28_0) true)
+(expandtypeattribute (block_device_28_0) true)
+(expandtypeattribute (bluetooth_28_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_28_0) true)
+(expandtypeattribute (bluetooth_data_file_28_0) true)
+(expandtypeattribute (bluetooth_efs_file_28_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_28_0) true)
+(expandtypeattribute (bluetooth_manager_service_28_0) true)
+(expandtypeattribute (bluetooth_prop_28_0) true)
+(expandtypeattribute (bluetooth_service_28_0) true)
+(expandtypeattribute (bluetooth_socket_28_0) true)
+(expandtypeattribute (bootanim_28_0) true)
+(expandtypeattribute (bootanim_exec_28_0) true)
+(expandtypeattribute (boot_block_device_28_0) true)
+(expandtypeattribute (bootchart_data_file_28_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_28_0) true)
+(expandtypeattribute (bootstat_28_0) true)
+(expandtypeattribute (bootstat_data_file_28_0) true)
+(expandtypeattribute (bootstat_exec_28_0) true)
+(expandtypeattribute (boottime_prop_28_0) true)
+(expandtypeattribute (boottrace_data_file_28_0) true)
+(expandtypeattribute (broadcastradio_service_28_0) true)
+(expandtypeattribute (bufferhubd_28_0) true)
+(expandtypeattribute (bufferhubd_exec_28_0) true)
+(expandtypeattribute (cache_backup_file_28_0) true)
+(expandtypeattribute (cache_block_device_28_0) true)
+(expandtypeattribute (cache_file_28_0) true)
+(expandtypeattribute (cache_private_backup_file_28_0) true)
+(expandtypeattribute (cache_recovery_file_28_0) true)
+(expandtypeattribute (camera_data_file_28_0) true)
+(expandtypeattribute (camera_device_28_0) true)
+(expandtypeattribute (cameraproxy_service_28_0) true)
+(expandtypeattribute (cameraserver_28_0) true)
+(expandtypeattribute (cameraserver_exec_28_0) true)
+(expandtypeattribute (cameraserver_service_28_0) true)
+(expandtypeattribute (cgroup_28_0) true)
+(expandtypeattribute (cgroup_bpf_28_0) true)
+(expandtypeattribute (charger_28_0) true)
+(expandtypeattribute (clatd_28_0) true)
+(expandtypeattribute (clatd_exec_28_0) true)
+(expandtypeattribute (clipboard_service_28_0) true)
+(expandtypeattribute (commontime_management_service_28_0) true)
+(expandtypeattribute (companion_device_service_28_0) true)
+(expandtypeattribute (configfs_28_0) true)
+(expandtypeattribute (config_prop_28_0) true)
+(expandtypeattribute (connectivity_service_28_0) true)
+(expandtypeattribute (connmetrics_service_28_0) true)
+(expandtypeattribute (console_device_28_0) true)
+(expandtypeattribute (consumer_ir_service_28_0) true)
+(expandtypeattribute (content_service_28_0) true)
+(expandtypeattribute (contexthub_service_28_0) true)
+(expandtypeattribute (coredump_file_28_0) true)
+(expandtypeattribute (country_detector_service_28_0) true)
+(expandtypeattribute (coverage_service_28_0) true)
+(expandtypeattribute (cppreopt_prop_28_0) true)
+(expandtypeattribute (cppreopts_28_0) true)
+(expandtypeattribute (cppreopts_exec_28_0) true)
+(expandtypeattribute (cpuctl_device_28_0) true)
+(expandtypeattribute (cpuinfo_service_28_0) true)
+(expandtypeattribute (crash_dump_28_0) true)
+(expandtypeattribute (crash_dump_exec_28_0) true)
+(expandtypeattribute (crossprofileapps_service_28_0) true)
+(expandtypeattribute (ctl_bootanim_prop_28_0) true)
+(expandtypeattribute (ctl_bugreport_prop_28_0) true)
+(expandtypeattribute (ctl_console_prop_28_0) true)
+(expandtypeattribute (ctl_default_prop_28_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_28_0) true)
+(expandtypeattribute (ctl_fuse_prop_28_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_28_0) true)
+(expandtypeattribute (ctl_interface_start_prop_28_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_28_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_28_0) true)
+(expandtypeattribute (ctl_restart_prop_28_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_28_0) true)
+(expandtypeattribute (ctl_sigstop_prop_28_0) true)
+(expandtypeattribute (ctl_start_prop_28_0) true)
+(expandtypeattribute (ctl_stop_prop_28_0) true)
+(expandtypeattribute (dalvikcache_data_file_28_0) true)
+(expandtypeattribute (dalvik_prop_28_0) true)
+(expandtypeattribute (dbinfo_service_28_0) true)
+(expandtypeattribute (debugfs_28_0) true)
+(expandtypeattribute (debugfs_mmc_28_0) true)
+(expandtypeattribute (debugfs_trace_marker_28_0) true)
+(expandtypeattribute (debugfs_tracing_28_0) true)
+(expandtypeattribute (debugfs_tracing_debug_28_0) true)
+(expandtypeattribute (debugfs_tracing_instances_28_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_28_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_28_0) true)
+(expandtypeattribute (debuggerd_prop_28_0) true)
+(expandtypeattribute (debug_prop_28_0) true)
+(expandtypeattribute (default_android_hwservice_28_0) true)
+(expandtypeattribute (default_android_service_28_0) true)
+(expandtypeattribute (default_android_vndservice_28_0) true)
+(expandtypeattribute (default_prop_28_0) true)
+(expandtypeattribute (device_28_0) true)
+(expandtypeattribute (device_identifiers_service_28_0) true)
+(expandtypeattribute (deviceidle_service_28_0) true)
+(expandtypeattribute (device_logging_prop_28_0) true)
+(expandtypeattribute (device_policy_service_28_0) true)
+(expandtypeattribute (devicestoragemonitor_service_28_0) true)
+(expandtypeattribute (devpts_28_0) true)
+(expandtypeattribute (dex2oat_28_0) true)
+(expandtypeattribute (dex2oat_exec_28_0) true)
+(expandtypeattribute (dhcp_28_0) true)
+(expandtypeattribute (dhcp_data_file_28_0) true)
+(expandtypeattribute (dhcp_exec_28_0) true)
+(expandtypeattribute (dhcp_prop_28_0) true)
+(expandtypeattribute (diskstats_service_28_0) true)
+(expandtypeattribute (display_service_28_0) true)
+(expandtypeattribute (dm_device_28_0) true)
+(expandtypeattribute (dnsmasq_28_0) true)
+(expandtypeattribute (dnsmasq_exec_28_0) true)
+(expandtypeattribute (dnsproxyd_socket_28_0) true)
+(expandtypeattribute (DockObserver_service_28_0) true)
+(expandtypeattribute (dreams_service_28_0) true)
+(expandtypeattribute (drm_data_file_28_0) true)
+(expandtypeattribute (drmserver_28_0) true)
+(expandtypeattribute (drmserver_exec_28_0) true)
+(expandtypeattribute (drmserver_service_28_0) true)
+(expandtypeattribute (drmserver_socket_28_0) true)
+(expandtypeattribute (dropbox_service_28_0) true)
+(expandtypeattribute (dumpstate_28_0) true)
+(expandtypeattribute (dumpstate_exec_28_0) true)
+(expandtypeattribute (dumpstate_options_prop_28_0) true)
+(expandtypeattribute (dumpstate_prop_28_0) true)
+(expandtypeattribute (dumpstate_service_28_0) true)
+(expandtypeattribute (dumpstate_socket_28_0) true)
+(expandtypeattribute (e2fs_28_0) true)
+(expandtypeattribute (e2fs_exec_28_0) true)
+(expandtypeattribute (efs_file_28_0) true)
+(expandtypeattribute (ephemeral_app_28_0) true)
+(expandtypeattribute (ethernet_service_28_0) true)
+(expandtypeattribute (exfat_28_0) true)
+(expandtypeattribute (exported2_config_prop_28_0) true)
+(expandtypeattribute (exported2_default_prop_28_0) true)
+(expandtypeattribute (exported2_radio_prop_28_0) true)
+(expandtypeattribute (exported2_system_prop_28_0) true)
+(expandtypeattribute (exported2_vold_prop_28_0) true)
+(expandtypeattribute (exported3_default_prop_28_0) true)
+(expandtypeattribute (exported3_radio_prop_28_0) true)
+(expandtypeattribute (exported3_system_prop_28_0) true)
+(expandtypeattribute (exported_audio_prop_28_0) true)
+(expandtypeattribute (exported_bluetooth_prop_28_0) true)
+(expandtypeattribute (exported_config_prop_28_0) true)
+(expandtypeattribute (exported_dalvik_prop_28_0) true)
+(expandtypeattribute (exported_default_prop_28_0) true)
+(expandtypeattribute (exported_dumpstate_prop_28_0) true)
+(expandtypeattribute (exported_ffs_prop_28_0) true)
+(expandtypeattribute (exported_fingerprint_prop_28_0) true)
+(expandtypeattribute (exported_overlay_prop_28_0) true)
+(expandtypeattribute (exported_pm_prop_28_0) true)
+(expandtypeattribute (exported_radio_prop_28_0) true)
+(expandtypeattribute (exported_secure_prop_28_0) true)
+(expandtypeattribute (exported_system_prop_28_0) true)
+(expandtypeattribute (exported_system_radio_prop_28_0) true)
+(expandtypeattribute (exported_vold_prop_28_0) true)
+(expandtypeattribute (exported_wifi_prop_28_0) true)
+(expandtypeattribute (ffs_prop_28_0) true)
+(expandtypeattribute (file_contexts_file_28_0) true)
+(expandtypeattribute (fingerprintd_28_0) true)
+(expandtypeattribute (fingerprintd_data_file_28_0) true)
+(expandtypeattribute (fingerprintd_exec_28_0) true)
+(expandtypeattribute (fingerprintd_service_28_0) true)
+(expandtypeattribute (fingerprint_prop_28_0) true)
+(expandtypeattribute (fingerprint_service_28_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_28_0) true)
+(expandtypeattribute (firstboot_prop_28_0) true)
+(expandtypeattribute (font_service_28_0) true)
+(expandtypeattribute (frp_block_device_28_0) true)
+(expandtypeattribute (fs_bpf_28_0) true)
+(expandtypeattribute (fsck_28_0) true)
+(expandtypeattribute (fsck_exec_28_0) true)
+(expandtypeattribute (fscklogs_28_0) true)
+(expandtypeattribute (fsck_untrusted_28_0) true)
+(expandtypeattribute (full_device_28_0) true)
+(expandtypeattribute (functionfs_28_0) true)
+(expandtypeattribute (fuse_28_0) true)
+(expandtypeattribute (fuse_device_28_0) true)
+(expandtypeattribute (fwk_display_hwservice_28_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_28_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_28_0) true)
+(expandtypeattribute (fwmarkd_socket_28_0) true)
+(expandtypeattribute (gatekeeperd_28_0) true)
+(expandtypeattribute (gatekeeper_data_file_28_0) true)
+(expandtypeattribute (gatekeeperd_exec_28_0) true)
+(expandtypeattribute (gatekeeper_service_28_0) true)
+(expandtypeattribute (gfxinfo_service_28_0) true)
+(expandtypeattribute (gps_control_28_0) true)
+(expandtypeattribute (gpu_device_28_0) true)
+(expandtypeattribute (gpu_service_28_0) true)
+(expandtypeattribute (graphics_device_28_0) true)
+(expandtypeattribute (graphicsstats_service_28_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_28_0) true)
+(expandtypeattribute (hal_audio_hwservice_28_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_28_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_28_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_28_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_28_0) true)
+(expandtypeattribute (hal_camera_hwservice_28_0) true)
+(expandtypeattribute (hal_cas_hwservice_28_0) true)
+(expandtypeattribute (hal_codec2_hwservice_28_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_28_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_28_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_28_0) true)
+(expandtypeattribute (hal_drm_hwservice_28_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_28_0) true)
+(expandtypeattribute (hal_evs_hwservice_28_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_28_0) true)
+(expandtypeattribute (hal_fingerprint_service_28_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_28_0) true)
+(expandtypeattribute (hal_gnss_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_28_0) true)
+(expandtypeattribute (hal_health_hwservice_28_0) true)
+(expandtypeattribute (hal_ir_hwservice_28_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_28_0) true)
+(expandtypeattribute (hal_light_hwservice_28_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_28_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_28_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_28_0) true)
+(expandtypeattribute (hal_nfc_hwservice_28_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_28_0) true)
+(expandtypeattribute (hal_omx_hwservice_28_0) true)
+(expandtypeattribute (hal_power_hwservice_28_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_28_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_28_0) true)
+(expandtypeattribute (hal_sensors_hwservice_28_0) true)
+(expandtypeattribute (hal_telephony_hwservice_28_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_28_0) true)
+(expandtypeattribute (hal_thermal_hwservice_28_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_28_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_28_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_28_0) true)
+(expandtypeattribute (hal_usb_hwservice_28_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_28_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_28_0) true)
+(expandtypeattribute (hal_vr_hwservice_28_0) true)
+(expandtypeattribute (hal_weaver_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_28_0) true)
+(expandtypeattribute (hardware_properties_service_28_0) true)
+(expandtypeattribute (hardware_service_28_0) true)
+(expandtypeattribute (hci_attach_dev_28_0) true)
+(expandtypeattribute (hdmi_control_service_28_0) true)
+(expandtypeattribute (healthd_28_0) true)
+(expandtypeattribute (healthd_exec_28_0) true)
+(expandtypeattribute (heapdump_data_file_28_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_28_0) true)
+(expandtypeattribute (hidl_base_hwservice_28_0) true)
+(expandtypeattribute (hidl_manager_hwservice_28_0) true)
+(expandtypeattribute (hidl_memory_hwservice_28_0) true)
+(expandtypeattribute (hidl_token_hwservice_28_0) true)
+(expandtypeattribute (hwbinder_device_28_0) true)
+(expandtypeattribute (hw_random_device_28_0) true)
+(expandtypeattribute (hwservice_contexts_file_28_0) true)
+(expandtypeattribute (hwservicemanager_28_0) true)
+(expandtypeattribute (hwservicemanager_exec_28_0) true)
+(expandtypeattribute (hwservicemanager_prop_28_0) true)
+(expandtypeattribute (i2c_device_28_0) true)
+(expandtypeattribute (icon_file_28_0) true)
+(expandtypeattribute (idmap_28_0) true)
+(expandtypeattribute (idmap_exec_28_0) true)
+(expandtypeattribute (iio_device_28_0) true)
+(expandtypeattribute (imms_service_28_0) true)
+(expandtypeattribute (incident_28_0) true)
+(expandtypeattribute (incidentd_28_0) true)
+(expandtypeattribute (incident_data_file_28_0) true)
+(expandtypeattribute (incident_helper_28_0) true)
+(expandtypeattribute (incident_service_28_0) true)
+(expandtypeattribute (init_28_0) true)
+(expandtypeattribute (init_exec_28_0) true)
+(expandtypeattribute (inotify_28_0) true)
+(expandtypeattribute (input_device_28_0) true)
+(expandtypeattribute (inputflinger_28_0) true)
+(expandtypeattribute (inputflinger_exec_28_0) true)
+(expandtypeattribute (inputflinger_service_28_0) true)
+(expandtypeattribute (input_method_service_28_0) true)
+(expandtypeattribute (input_service_28_0) true)
+(expandtypeattribute (installd_28_0) true)
+(expandtypeattribute (install_data_file_28_0) true)
+(expandtypeattribute (installd_exec_28_0) true)
+(expandtypeattribute (installd_service_28_0) true)
+(expandtypeattribute (install_recovery_28_0) true)
+(expandtypeattribute (install_recovery_exec_28_0) true)
+(expandtypeattribute (ion_device_28_0) true)
+(expandtypeattribute (IProxyService_service_28_0) true)
+(expandtypeattribute (ipsec_service_28_0) true)
+(expandtypeattribute (isolated_app_28_0) true)
+(expandtypeattribute (jobscheduler_service_28_0) true)
+(expandtypeattribute (kernel_28_0) true)
+(expandtypeattribute (keychain_data_file_28_0) true)
+(expandtypeattribute (keychord_device_28_0) true)
+(expandtypeattribute (keystore_28_0) true)
+(expandtypeattribute (keystore_data_file_28_0) true)
+(expandtypeattribute (keystore_exec_28_0) true)
+(expandtypeattribute (keystore_service_28_0) true)
+(expandtypeattribute (kmem_device_28_0) true)
+(expandtypeattribute (kmsg_debug_device_28_0) true)
+(expandtypeattribute (kmsg_device_28_0) true)
+(expandtypeattribute (labeledfs_28_0) true)
+(expandtypeattribute (last_boot_reason_prop_28_0) true)
+(expandtypeattribute (launcherapps_service_28_0) true)
+(expandtypeattribute (lmkd_28_0) true)
+(expandtypeattribute (lmkd_exec_28_0) true)
+(expandtypeattribute (lmkd_socket_28_0) true)
+(expandtypeattribute (location_service_28_0) true)
+(expandtypeattribute (lock_settings_service_28_0) true)
+(expandtypeattribute (logcat_exec_28_0) true)
+(expandtypeattribute (logd_28_0) true)
+(expandtypeattribute (logd_exec_28_0) true)
+(expandtypeattribute (logd_prop_28_0) true)
+(expandtypeattribute (logdr_socket_28_0) true)
+(expandtypeattribute (logd_socket_28_0) true)
+(expandtypeattribute (logdw_socket_28_0) true)
+(expandtypeattribute (logpersist_28_0) true)
+(expandtypeattribute (logpersistd_logging_prop_28_0) true)
+(expandtypeattribute (log_prop_28_0) true)
+(expandtypeattribute (log_tag_prop_28_0) true)
+(expandtypeattribute (loop_control_device_28_0) true)
+(expandtypeattribute (loop_device_28_0) true)
+(expandtypeattribute (lowpan_device_28_0) true)
+(expandtypeattribute (lowpan_prop_28_0) true)
+(expandtypeattribute (lowpan_service_28_0) true)
+(expandtypeattribute (mac_perms_file_28_0) true)
+(expandtypeattribute (mdnsd_28_0) true)
+(expandtypeattribute (mdnsd_socket_28_0) true)
+(expandtypeattribute (mdns_socket_28_0) true)
+(expandtypeattribute (mediacodec_28_0) true)
+(expandtypeattribute (mediacodec_exec_28_0) true)
+(expandtypeattribute (mediacodec_service_28_0) true)
+(expandtypeattribute (media_data_file_28_0) true)
+(expandtypeattribute (mediadrmserver_28_0) true)
+(expandtypeattribute (mediadrmserver_exec_28_0) true)
+(expandtypeattribute (mediadrmserver_service_28_0) true)
+(expandtypeattribute (mediaextractor_28_0) true)
+(expandtypeattribute (mediaextractor_exec_28_0) true)
+(expandtypeattribute (mediaextractor_service_28_0) true)
+(expandtypeattribute (mediaextractor_update_service_28_0) true)
+(expandtypeattribute (mediametrics_28_0) true)
+(expandtypeattribute (mediametrics_exec_28_0) true)
+(expandtypeattribute (mediametrics_service_28_0) true)
+(expandtypeattribute (media_projection_service_28_0) true)
+(expandtypeattribute (mediaprovider_28_0) true)
+(expandtypeattribute (media_router_service_28_0) true)
+(expandtypeattribute (media_rw_data_file_28_0) true)
+(expandtypeattribute (mediaserver_28_0) true)
+(expandtypeattribute (mediaserver_exec_28_0) true)
+(expandtypeattribute (mediaserver_service_28_0) true)
+(expandtypeattribute (media_session_service_28_0) true)
+(expandtypeattribute (meminfo_service_28_0) true)
+(expandtypeattribute (metadata_block_device_28_0) true)
+(expandtypeattribute (metadata_file_28_0) true)
+(expandtypeattribute (method_trace_data_file_28_0) true)
+(expandtypeattribute (midi_service_28_0) true)
+(expandtypeattribute (misc_block_device_28_0) true)
+(expandtypeattribute (misc_logd_file_28_0) true)
+(expandtypeattribute (misc_user_data_file_28_0) true)
+(expandtypeattribute (mmc_prop_28_0) true)
+(expandtypeattribute (mnt_expand_file_28_0) true)
+(expandtypeattribute (mnt_media_rw_file_28_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_28_0) true)
+(expandtypeattribute (mnt_user_file_28_0) true)
+(expandtypeattribute (mnt_vendor_file_28_0) true)
+(expandtypeattribute (modprobe_28_0) true)
+(expandtypeattribute (mount_service_28_0) true)
+(expandtypeattribute (mqueue_28_0) true)
+(expandtypeattribute (mtd_device_28_0) true)
+(expandtypeattribute (mtp_28_0) true)
+(expandtypeattribute (mtp_device_28_0) true)
+(expandtypeattribute (mtpd_socket_28_0) true)
+(expandtypeattribute (mtp_exec_28_0) true)
+(expandtypeattribute (nativetest_data_file_28_0) true)
+(expandtypeattribute (netd_28_0) true)
+(expandtypeattribute (net_data_file_28_0) true)
+(expandtypeattribute (netd_exec_28_0) true)
+(expandtypeattribute (netd_listener_service_28_0) true)
+(expandtypeattribute (net_dns_prop_28_0) true)
+(expandtypeattribute (netd_service_28_0) true)
+(expandtypeattribute (netd_socket_28_0) true)
+(expandtypeattribute (netd_stable_secret_prop_28_0) true)
+(expandtypeattribute (netif_28_0) true)
+(expandtypeattribute (netpolicy_service_28_0) true)
+(expandtypeattribute (net_radio_prop_28_0) true)
+(expandtypeattribute (netstats_service_28_0) true)
+(expandtypeattribute (netutils_wrapper_28_0) true)
+(expandtypeattribute (netutils_wrapper_exec_28_0) true)
+(expandtypeattribute (network_management_service_28_0) true)
+(expandtypeattribute (network_score_service_28_0) true)
+(expandtypeattribute (network_time_update_service_28_0) true)
+(expandtypeattribute (network_watchlist_data_file_28_0) true)
+(expandtypeattribute (network_watchlist_service_28_0) true)
+(expandtypeattribute (nfc_28_0) true)
+(expandtypeattribute (nfc_data_file_28_0) true)
+(expandtypeattribute (nfc_device_28_0) true)
+(expandtypeattribute (nfc_prop_28_0) true)
+(expandtypeattribute (nfc_service_28_0) true)
+(expandtypeattribute (node_28_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_28_0) true)
+(expandtypeattribute (notification_service_28_0) true)
+(expandtypeattribute (null_device_28_0) true)
+(expandtypeattribute (oemfs_28_0) true)
+(expandtypeattribute (oem_lock_service_28_0) true)
+(expandtypeattribute (ota_data_file_28_0) true)
+(expandtypeattribute (otadexopt_service_28_0) true)
+(expandtypeattribute (ota_package_file_28_0) true)
+(expandtypeattribute (otapreopt_chroot_28_0) true)
+(expandtypeattribute (otapreopt_chroot_exec_28_0) true)
+(expandtypeattribute (otapreopt_slot_28_0) true)
+(expandtypeattribute (otapreopt_slot_exec_28_0) true)
+(expandtypeattribute (overlay_prop_28_0) true)
+(expandtypeattribute (overlay_service_28_0) true)
+(expandtypeattribute (owntty_device_28_0) true)
+(expandtypeattribute (package_native_service_28_0) true)
+(expandtypeattribute (package_service_28_0) true)
+(expandtypeattribute (pan_result_prop_28_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_28_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_dir_28_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_performance_dir_28_0) true)
+(expandtypeattribute (performanced_28_0) true)
+(expandtypeattribute (performanced_exec_28_0) true)
+(expandtypeattribute (perfprofd_28_0) true)
+(expandtypeattribute (perfprofd_data_file_28_0) true)
+(expandtypeattribute (perfprofd_exec_28_0) true)
+(expandtypeattribute (perfprofd_service_28_0) true)
+(expandtypeattribute (permission_service_28_0) true)
+(expandtypeattribute (persist_debug_prop_28_0) true)
+(expandtypeattribute (persistent_data_block_service_28_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_28_0) true)
+(expandtypeattribute (pinner_service_28_0) true)
+(expandtypeattribute (pipefs_28_0) true)
+(expandtypeattribute (platform_app_28_0) true)
+(expandtypeattribute (pm_prop_28_0) true)
+(expandtypeattribute (pmsg_device_28_0) true)
+(expandtypeattribute (port_28_0) true)
+(expandtypeattribute (port_device_28_0) true)
+(expandtypeattribute (postinstall_28_0) true)
+(expandtypeattribute (postinstall_dexopt_28_0) true)
+(expandtypeattribute (postinstall_file_28_0) true)
+(expandtypeattribute (postinstall_mnt_dir_28_0) true)
+(expandtypeattribute (powerctl_prop_28_0) true)
+(expandtypeattribute (power_service_28_0) true)
+(expandtypeattribute (ppp_28_0) true)
+(expandtypeattribute (ppp_device_28_0) true)
+(expandtypeattribute (ppp_exec_28_0) true)
+(expandtypeattribute (preloads_data_file_28_0) true)
+(expandtypeattribute (preloads_media_file_28_0) true)
+(expandtypeattribute (preopt2cachename_28_0) true)
+(expandtypeattribute (preopt2cachename_exec_28_0) true)
+(expandtypeattribute (print_service_28_0) true)
+(expandtypeattribute (priv_app_28_0) true)
+(expandtypeattribute (proc_28_0) true)
+(expandtypeattribute (proc_abi_28_0) true)
+(expandtypeattribute (proc_asound_28_0) true)
+(expandtypeattribute (proc_bluetooth_writable_28_0) true)
+(expandtypeattribute (proc_buddyinfo_28_0) true)
+(expandtypeattribute (proc_cmdline_28_0) true)
+(expandtypeattribute (proc_cpuinfo_28_0) true)
+(expandtypeattribute (proc_dirty_28_0) true)
+(expandtypeattribute (proc_diskstats_28_0) true)
+(expandtypeattribute (proc_drop_caches_28_0) true)
+(expandtypeattribute (processinfo_service_28_0) true)
+(expandtypeattribute (proc_extra_free_kbytes_28_0) true)
+(expandtypeattribute (proc_filesystems_28_0) true)
+(expandtypeattribute (proc_hostname_28_0) true)
+(expandtypeattribute (proc_hung_task_28_0) true)
+(expandtypeattribute (proc_interrupts_28_0) true)
+(expandtypeattribute (proc_iomem_28_0) true)
+(expandtypeattribute (proc_kmsg_28_0) true)
+(expandtypeattribute (proc_loadavg_28_0) true)
+(expandtypeattribute (proc_max_map_count_28_0) true)
+(expandtypeattribute (proc_meminfo_28_0) true)
+(expandtypeattribute (proc_min_free_order_shift_28_0) true)
+(expandtypeattribute (proc_misc_28_0) true)
+(expandtypeattribute (proc_modules_28_0) true)
+(expandtypeattribute (proc_mounts_28_0) true)
+(expandtypeattribute (proc_net_28_0) true)
+(expandtypeattribute (proc_overcommit_memory_28_0) true)
+(expandtypeattribute (proc_page_cluster_28_0) true)
+(expandtypeattribute (proc_pagetypeinfo_28_0) true)
+(expandtypeattribute (proc_panic_28_0) true)
+(expandtypeattribute (proc_perf_28_0) true)
+(expandtypeattribute (proc_pid_max_28_0) true)
+(expandtypeattribute (proc_pipe_conf_28_0) true)
+(expandtypeattribute (proc_qtaguid_stat_28_0) true)
+(expandtypeattribute (proc_random_28_0) true)
+(expandtypeattribute (proc_sched_28_0) true)
+(expandtypeattribute (proc_security_28_0) true)
+(expandtypeattribute (proc_stat_28_0) true)
+(expandtypeattribute (procstats_service_28_0) true)
+(expandtypeattribute (proc_swaps_28_0) true)
+(expandtypeattribute (proc_sysrq_28_0) true)
+(expandtypeattribute (proc_timer_28_0) true)
+(expandtypeattribute (proc_tty_drivers_28_0) true)
+(expandtypeattribute (proc_uid_concurrent_active_time_28_0) true)
+(expandtypeattribute (proc_uid_concurrent_policy_time_28_0) true)
+(expandtypeattribute (proc_uid_cpupower_28_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_28_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_28_0) true)
+(expandtypeattribute (proc_uid_io_stats_28_0) true)
+(expandtypeattribute (proc_uid_procstat_set_28_0) true)
+(expandtypeattribute (proc_uid_time_in_state_28_0) true)
+(expandtypeattribute (proc_uptime_28_0) true)
+(expandtypeattribute (proc_version_28_0) true)
+(expandtypeattribute (proc_vmallocinfo_28_0) true)
+(expandtypeattribute (proc_vmstat_28_0) true)
+(expandtypeattribute (proc_zoneinfo_28_0) true)
+(expandtypeattribute (profman_28_0) true)
+(expandtypeattribute (profman_dump_data_file_28_0) true)
+(expandtypeattribute (profman_exec_28_0) true)
+(expandtypeattribute (properties_device_28_0) true)
+(expandtypeattribute (properties_serial_28_0) true)
+(expandtypeattribute (property_contexts_file_28_0) true)
+(expandtypeattribute (property_data_file_28_0) true)
+(expandtypeattribute (property_info_28_0) true)
+(expandtypeattribute (property_socket_28_0) true)
+(expandtypeattribute (pstorefs_28_0) true)
+(expandtypeattribute (ptmx_device_28_0) true)
+(expandtypeattribute (qtaguid_device_28_0) true)
+(expandtypeattribute (qtaguid_proc_28_0) true)
+(expandtypeattribute (racoon_28_0) true)
+(expandtypeattribute (racoon_exec_28_0) true)
+(expandtypeattribute (racoon_socket_28_0) true)
+(expandtypeattribute (radio_28_0) true)
+(expandtypeattribute (radio_data_file_28_0) true)
+(expandtypeattribute (radio_device_28_0) true)
+(expandtypeattribute (radio_prop_28_0) true)
+(expandtypeattribute (radio_service_28_0) true)
+(expandtypeattribute (ram_device_28_0) true)
+(expandtypeattribute (random_device_28_0) true)
+(expandtypeattribute (recovery_28_0) true)
+(expandtypeattribute (recovery_block_device_28_0) true)
+(expandtypeattribute (recovery_data_file_28_0) true)
+(expandtypeattribute (recovery_persist_28_0) true)
+(expandtypeattribute (recovery_persist_exec_28_0) true)
+(expandtypeattribute (recovery_refresh_28_0) true)
+(expandtypeattribute (recovery_refresh_exec_28_0) true)
+(expandtypeattribute (recovery_service_28_0) true)
+(expandtypeattribute (registry_service_28_0) true)
+(expandtypeattribute (resourcecache_data_file_28_0) true)
+(expandtypeattribute (restorecon_prop_28_0) true)
+(expandtypeattribute (restrictions_service_28_0) true)
+(expandtypeattribute (rild_debug_socket_28_0) true)
+(expandtypeattribute (rild_socket_28_0) true)
+(expandtypeattribute (ringtone_file_28_0) true)
+(expandtypeattribute (root_block_device_28_0) true)
+(expandtypeattribute (rootfs_28_0) true)
+(expandtypeattribute (rpmsg_device_28_0) true)
+(expandtypeattribute (rtc_device_28_0) true)
+(expandtypeattribute (rttmanager_service_28_0) true)
+(expandtypeattribute (runas_28_0) true)
+(expandtypeattribute (runas_exec_28_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_28_0) true)
+(expandtypeattribute (safemode_prop_28_0) true)
+(expandtypeattribute (same_process_hal_file_28_0) true)
+(expandtypeattribute (samplingprofiler_service_28_0) true)
+(expandtypeattribute (scheduling_policy_service_28_0) true)
+(expandtypeattribute (sdcardd_28_0) true)
+(expandtypeattribute (sdcardd_exec_28_0) true)
+(expandtypeattribute (sdcardfs_28_0) true)
+(expandtypeattribute (seapp_contexts_file_28_0) true)
+(expandtypeattribute (search_service_28_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_28_0) true)
+(expandtypeattribute (secure_element_28_0) true)
+(expandtypeattribute (secure_element_device_28_0) true)
+(expandtypeattribute (secure_element_service_28_0) true)
+(expandtypeattribute (selinuxfs_28_0) true)
+(expandtypeattribute (sensors_device_28_0) true)
+(expandtypeattribute (sensorservice_service_28_0) true)
+(expandtypeattribute (sepolicy_file_28_0) true)
+(expandtypeattribute (serial_device_28_0) true)
+(expandtypeattribute (serialno_prop_28_0) true)
+(expandtypeattribute (serial_service_28_0) true)
+(expandtypeattribute (service_contexts_file_28_0) true)
+(expandtypeattribute (servicediscovery_service_28_0) true)
+(expandtypeattribute (servicemanager_28_0) true)
+(expandtypeattribute (servicemanager_exec_28_0) true)
+(expandtypeattribute (settings_service_28_0) true)
+(expandtypeattribute (sgdisk_28_0) true)
+(expandtypeattribute (sgdisk_exec_28_0) true)
+(expandtypeattribute (shared_relro_28_0) true)
+(expandtypeattribute (shared_relro_file_28_0) true)
+(expandtypeattribute (shell_28_0) true)
+(expandtypeattribute (shell_data_file_28_0) true)
+(expandtypeattribute (shell_exec_28_0) true)
+(expandtypeattribute (shell_prop_28_0) true)
+(expandtypeattribute (shm_28_0) true)
+(expandtypeattribute (shortcut_manager_icons_28_0) true)
+(expandtypeattribute (shortcut_service_28_0) true)
+(expandtypeattribute (slice_service_28_0) true)
+(expandtypeattribute (slideshow_28_0) true)
+(expandtypeattribute (socket_device_28_0) true)
+(expandtypeattribute (sockfs_28_0) true)
+(expandtypeattribute (statusbar_service_28_0) true)
+(expandtypeattribute (storaged_service_28_0) true)
+(expandtypeattribute (storage_file_28_0) true)
+(expandtypeattribute (storagestats_service_28_0) true)
+(expandtypeattribute (storage_stub_file_28_0) true)
+(expandtypeattribute (su_28_0) true)
+(expandtypeattribute (su_exec_28_0) true)
+(expandtypeattribute (surfaceflinger_28_0) true)
+(expandtypeattribute (surfaceflinger_service_28_0) true)
+(expandtypeattribute (swap_block_device_28_0) true)
+(expandtypeattribute (sysfs_28_0) true)
+(expandtypeattribute (sysfs_android_usb_28_0) true)
+(expandtypeattribute (sysfs_batteryinfo_28_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_28_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_28_0) true)
+(expandtypeattribute (sysfs_dm_28_0) true)
+(expandtypeattribute (sysfs_dt_firmware_android_28_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_28_0) true)
+(expandtypeattribute (sysfs_hwrandom_28_0) true)
+(expandtypeattribute (sysfs_ipv4_28_0) true)
+(expandtypeattribute (sysfs_kernel_notes_28_0) true)
+(expandtypeattribute (sysfs_leds_28_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_28_0) true)
+(expandtypeattribute (sysfs_mac_address_28_0) true)
+(expandtypeattribute (sysfs_net_28_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_28_0) true)
+(expandtypeattribute (sysfs_power_28_0) true)
+(expandtypeattribute (sysfs_rtc_28_0) true)
+(expandtypeattribute (sysfs_switch_28_0) true)
+(expandtypeattribute (sysfs_thermal_28_0) true)
+(expandtypeattribute (sysfs_uio_28_0) true)
+(expandtypeattribute (sysfs_usb_28_0) true)
+(expandtypeattribute (sysfs_usermodehelper_28_0) true)
+(expandtypeattribute (sysfs_vibrator_28_0) true)
+(expandtypeattribute (sysfs_wake_lock_28_0) true)
+(expandtypeattribute (sysfs_wakeup_reasons_28_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_28_0) true)
+(expandtypeattribute (sysfs_zram_28_0) true)
+(expandtypeattribute (sysfs_zram_uevent_28_0) true)
+(expandtypeattribute (system_app_28_0) true)
+(expandtypeattribute (system_app_data_file_28_0) true)
+(expandtypeattribute (system_app_service_28_0) true)
+(expandtypeattribute (system_block_device_28_0) true)
+(expandtypeattribute (system_boot_reason_prop_28_0) true)
+(expandtypeattribute (system_data_file_28_0) true)
+(expandtypeattribute (system_file_28_0) true)
+(expandtypeattribute (systemkeys_data_file_28_0) true)
+(expandtypeattribute (system_ndebug_socket_28_0) true)
+(expandtypeattribute (system_net_netd_hwservice_28_0) true)
+(expandtypeattribute (system_prop_28_0) true)
+(expandtypeattribute (system_radio_prop_28_0) true)
+(expandtypeattribute (system_server_28_0) true)
+(expandtypeattribute (system_update_service_28_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_28_0) true)
+(expandtypeattribute (system_wpa_socket_28_0) true)
+(expandtypeattribute (task_service_28_0) true)
+(expandtypeattribute (tee_28_0) true)
+(expandtypeattribute (tee_data_file_28_0) true)
+(expandtypeattribute (tee_device_28_0) true)
+(expandtypeattribute (telecom_service_28_0) true)
+(expandtypeattribute (test_boot_reason_prop_28_0) true)
+(expandtypeattribute (textclassification_service_28_0) true)
+(expandtypeattribute (textclassifier_data_file_28_0) true)
+(expandtypeattribute (textservices_service_28_0) true)
+(expandtypeattribute (thermalcallback_hwservice_28_0) true)
+(expandtypeattribute (thermal_service_28_0) true)
+(expandtypeattribute (thermalserviced_28_0) true)
+(expandtypeattribute (thermalserviced_exec_28_0) true)
+(expandtypeattribute (timezone_service_28_0) true)
+(expandtypeattribute (tmpfs_28_0) true)
+(expandtypeattribute (tombstoned_28_0) true)
+(expandtypeattribute (tombstone_data_file_28_0) true)
+(expandtypeattribute (tombstoned_crash_socket_28_0) true)
+(expandtypeattribute (tombstoned_exec_28_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_28_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_28_0) true)
+(expandtypeattribute (tombstone_wifi_data_file_28_0) true)
+(expandtypeattribute (toolbox_28_0) true)
+(expandtypeattribute (toolbox_exec_28_0) true)
+(expandtypeattribute (trace_data_file_28_0) true)
+(expandtypeattribute (traced_consumer_socket_28_0) true)
+(expandtypeattribute (traced_enabled_prop_28_0) true)
+(expandtypeattribute (traced_probes_28_0) true)
+(expandtypeattribute (traced_producer_socket_28_0) true)
+(expandtypeattribute (traceur_app_28_0) true)
+(expandtypeattribute (trust_service_28_0) true)
+(expandtypeattribute (tty_device_28_0) true)
+(expandtypeattribute (tun_device_28_0) true)
+(expandtypeattribute (tv_input_service_28_0) true)
+(expandtypeattribute (tzdatacheck_28_0) true)
+(expandtypeattribute (tzdatacheck_exec_28_0) true)
+(expandtypeattribute (ueventd_28_0) true)
+(expandtypeattribute (uhid_device_28_0) true)
+(expandtypeattribute (uimode_service_28_0) true)
+(expandtypeattribute (uio_device_28_0) true)
+(expandtypeattribute (uncrypt_28_0) true)
+(expandtypeattribute (uncrypt_exec_28_0) true)
+(expandtypeattribute (uncrypt_socket_28_0) true)
+(expandtypeattribute (unencrypted_data_file_28_0) true)
+(expandtypeattribute (unlabeled_28_0) true)
+(expandtypeattribute (untrusted_app_25_28_0) true)
+(expandtypeattribute (untrusted_app_27_28_0) true)
+(expandtypeattribute (untrusted_app_28_0) true)
+(expandtypeattribute (untrusted_v2_app_28_0) true)
+(expandtypeattribute (update_engine_28_0) true)
+(expandtypeattribute (update_engine_data_file_28_0) true)
+(expandtypeattribute (update_engine_exec_28_0) true)
+(expandtypeattribute (update_engine_log_data_file_28_0) true)
+(expandtypeattribute (update_engine_service_28_0) true)
+(expandtypeattribute (updatelock_service_28_0) true)
+(expandtypeattribute (update_verifier_28_0) true)
+(expandtypeattribute (update_verifier_exec_28_0) true)
+(expandtypeattribute (usagestats_service_28_0) true)
+(expandtypeattribute (usbaccessory_device_28_0) true)
+(expandtypeattribute (usbd_28_0) true)
+(expandtypeattribute (usb_device_28_0) true)
+(expandtypeattribute (usbd_exec_28_0) true)
+(expandtypeattribute (usbfs_28_0) true)
+(expandtypeattribute (usb_service_28_0) true)
+(expandtypeattribute (userdata_block_device_28_0) true)
+(expandtypeattribute (usermodehelper_28_0) true)
+(expandtypeattribute (user_profile_data_file_28_0) true)
+(expandtypeattribute (user_service_28_0) true)
+(expandtypeattribute (vcs_device_28_0) true)
+(expandtypeattribute (vdc_28_0) true)
+(expandtypeattribute (vdc_exec_28_0) true)
+(expandtypeattribute (vendor_app_file_28_0) true)
+(expandtypeattribute (vendor_configs_file_28_0) true)
+(expandtypeattribute (vendor_data_file_28_0) true)
+(expandtypeattribute (vendor_default_prop_28_0) true)
+(expandtypeattribute (vendor_file_28_0) true)
+(expandtypeattribute (vendor_framework_file_28_0) true)
+(expandtypeattribute (vendor_hal_file_28_0) true)
+(expandtypeattribute (vendor_init_28_0) true)
+(expandtypeattribute (vendor_overlay_file_28_0) true)
+(expandtypeattribute (vendor_security_patch_level_prop_28_0) true)
+(expandtypeattribute (vendor_shell_28_0) true)
+(expandtypeattribute (vendor_shell_exec_28_0) true)
+(expandtypeattribute (vendor_toolbox_exec_28_0) true)
+(expandtypeattribute (vfat_28_0) true)
+(expandtypeattribute (vibrator_service_28_0) true)
+(expandtypeattribute (video_device_28_0) true)
+(expandtypeattribute (virtual_touchpad_28_0) true)
+(expandtypeattribute (virtual_touchpad_exec_28_0) true)
+(expandtypeattribute (virtual_touchpad_service_28_0) true)
+(expandtypeattribute (vndbinder_device_28_0) true)
+(expandtypeattribute (vndk_sp_file_28_0) true)
+(expandtypeattribute (vndservice_contexts_file_28_0) true)
+(expandtypeattribute (vndservicemanager_28_0) true)
+(expandtypeattribute (voiceinteraction_service_28_0) true)
+(expandtypeattribute (vold_28_0) true)
+(expandtypeattribute (vold_data_file_28_0) true)
+(expandtypeattribute (vold_device_28_0) true)
+(expandtypeattribute (vold_exec_28_0) true)
+(expandtypeattribute (vold_metadata_file_28_0) true)
+(expandtypeattribute (vold_prepare_subdirs_28_0) true)
+(expandtypeattribute (vold_prepare_subdirs_exec_28_0) true)
+(expandtypeattribute (vold_prop_28_0) true)
+(expandtypeattribute (vold_service_28_0) true)
+(expandtypeattribute (vpn_data_file_28_0) true)
+(expandtypeattribute (vr_hwc_28_0) true)
+(expandtypeattribute (vr_hwc_exec_28_0) true)
+(expandtypeattribute (vr_hwc_service_28_0) true)
+(expandtypeattribute (vr_manager_service_28_0) true)
+(expandtypeattribute (wallpaper_file_28_0) true)
+(expandtypeattribute (wallpaper_service_28_0) true)
+(expandtypeattribute (watchdogd_28_0) true)
+(expandtypeattribute (watchdog_device_28_0) true)
+(expandtypeattribute (webviewupdate_service_28_0) true)
+(expandtypeattribute (webview_zygote_28_0) true)
+(expandtypeattribute (webview_zygote_exec_28_0) true)
+(expandtypeattribute (wifiaware_service_28_0) true)
+(expandtypeattribute (wificond_28_0) true)
+(expandtypeattribute (wificond_exec_28_0) true)
+(expandtypeattribute (wificond_service_28_0) true)
+(expandtypeattribute (wifi_data_file_28_0) true)
+(expandtypeattribute (wifi_log_prop_28_0) true)
+(expandtypeattribute (wifip2p_service_28_0) true)
+(expandtypeattribute (wifi_prop_28_0) true)
+(expandtypeattribute (wifiscanner_service_28_0) true)
+(expandtypeattribute (wifi_service_28_0) true)
+(expandtypeattribute (window_service_28_0) true)
+(expandtypeattribute (wpantund_28_0) true)
+(expandtypeattribute (wpantund_exec_28_0) true)
+(expandtypeattribute (wpantund_service_28_0) true)
+(expandtypeattribute (wpa_socket_28_0) true)
+(expandtypeattribute (zero_device_28_0) true)
+(expandtypeattribute (zoneinfo_data_file_28_0) true)
+(expandtypeattribute (zygote_28_0) true)
+(expandtypeattribute (zygote_exec_28_0) true)
+(expandtypeattribute (zygote_socket_28_0) true)
+(typeattributeset accessibility_service_28_0 (accessibility_service))
+(typeattributeset account_service_28_0 (account_service))
+(typeattributeset activity_service_28_0 (activity_service))
+(typeattributeset adbd_28_0 (adbd))
+(typeattributeset adb_data_file_28_0 (adb_data_file))
+(typeattributeset adbd_exec_28_0 (adbd_exec))
+(typeattributeset adbd_socket_28_0 (adbd_socket))
+(typeattributeset adb_keys_file_28_0 (adb_keys_file))
+(typeattributeset alarm_device_28_0 (alarm_device))
+(typeattributeset alarm_service_28_0 (alarm_service))
+(typeattributeset anr_data_file_28_0 (anr_data_file))
+(typeattributeset apk_data_file_28_0 (apk_data_file))
+(typeattributeset apk_private_data_file_28_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_28_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_28_0 (apk_tmp_file))
+(typeattributeset app_data_file_28_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_28_0 (app_fuse_file))
+(typeattributeset app_fusefs_28_0 (app_fusefs))
+(typeattributeset appops_service_28_0 (appops_service))
+(typeattributeset appwidget_service_28_0 (appwidget_service))
+(typeattributeset asec_apk_file_28_0 (asec_apk_file))
+(typeattributeset asec_image_file_28_0 (asec_image_file))
+(typeattributeset asec_public_file_28_0 (asec_public_file))
+(typeattributeset ashmem_device_28_0 (ashmem_device))
+(typeattributeset assetatlas_service_28_0 (assetatlas_service))
+(typeattributeset audio_data_file_28_0 (audio_data_file))
+(typeattributeset audio_device_28_0 (audio_device))
+(typeattributeset audiohal_data_file_28_0 (audiohal_data_file))
+(typeattributeset audio_prop_28_0 (audio_prop))
+(typeattributeset audio_seq_device_28_0 (audio_seq_device))
+(typeattributeset audioserver_28_0 (audioserver))
+(typeattributeset audioserver_data_file_28_0 (audioserver_data_file))
+(typeattributeset audioserver_service_28_0 (audioserver_service))
+(typeattributeset audio_service_28_0 (audio_service))
+(typeattributeset audio_timer_device_28_0 (audio_timer_device))
+(typeattributeset autofill_service_28_0 (autofill_service))
+(typeattributeset backup_data_file_28_0 (backup_data_file))
+(typeattributeset backup_service_28_0 (backup_service))
+(typeattributeset batteryproperties_service_28_0 (batteryproperties_service))
+(typeattributeset battery_service_28_0 (battery_service))
+(typeattributeset batterystats_service_28_0 (batterystats_service))
+(typeattributeset binder_calls_stats_service_28_0 (binder_calls_stats_service))
+(typeattributeset binder_device_28_0 (binder_device))
+(typeattributeset binfmt_miscfs_28_0 (binfmt_miscfs))
+(typeattributeset blkid_28_0 (blkid))
+(typeattributeset blkid_untrusted_28_0 (blkid_untrusted))
+(typeattributeset block_device_28_0 (block_device))
+(typeattributeset bluetooth_28_0 (bluetooth))
+(typeattributeset bluetooth_a2dp_offload_prop_28_0 (bluetooth_a2dp_offload_prop))
+(typeattributeset bluetooth_data_file_28_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_28_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_28_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_28_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_28_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_28_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_28_0 (bluetooth_socket))
+(typeattributeset bootanim_28_0 (bootanim))
+(typeattributeset bootanim_exec_28_0 (bootanim_exec))
+(typeattributeset boot_block_device_28_0 (boot_block_device))
+(typeattributeset bootchart_data_file_28_0 (bootchart_data_file))
+(typeattributeset bootloader_boot_reason_prop_28_0 (bootloader_boot_reason_prop))
+(typeattributeset bootstat_28_0 (bootstat))
+(typeattributeset bootstat_data_file_28_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_28_0 (bootstat_exec))
+(typeattributeset boottime_prop_28_0 (boottime_prop))
+(typeattributeset boottrace_data_file_28_0 (boottrace_data_file))
+(typeattributeset broadcastradio_service_28_0 (broadcastradio_service))
+(typeattributeset bufferhubd_28_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_28_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_28_0 (cache_backup_file))
+(typeattributeset cache_block_device_28_0 (cache_block_device))
+(typeattributeset cache_file_28_0 (cache_file))
+(typeattributeset cache_private_backup_file_28_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_28_0 (cache_recovery_file))
+(typeattributeset camera_data_file_28_0 (camera_data_file))
+(typeattributeset camera_device_28_0 (camera_device))
+(typeattributeset cameraproxy_service_28_0 (cameraproxy_service))
+(typeattributeset cameraserver_28_0 (cameraserver))
+(typeattributeset cameraserver_exec_28_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_28_0 (cameraserver_service))
+(typeattributeset cgroup_28_0 (cgroup))
+(typeattributeset cgroup_bpf_28_0 (cgroup_bpf))
+(typeattributeset charger_28_0 (charger))
+(typeattributeset clatd_28_0 (clatd))
+(typeattributeset clatd_exec_28_0 (clatd_exec))
+(typeattributeset clipboard_service_28_0 (clipboard_service))
+(typeattributeset commontime_management_service_28_0 (commontime_management_service))
+(typeattributeset companion_device_service_28_0 (companion_device_service))
+(typeattributeset configfs_28_0 (configfs))
+(typeattributeset config_prop_28_0 (config_prop))
+(typeattributeset connectivity_service_28_0 (connectivity_service))
+(typeattributeset connmetrics_service_28_0 (connmetrics_service))
+(typeattributeset console_device_28_0 (console_device))
+(typeattributeset consumer_ir_service_28_0 (consumer_ir_service))
+(typeattributeset content_service_28_0 (content_service))
+(typeattributeset contexthub_service_28_0 (contexthub_service))
+(typeattributeset coredump_file_28_0 (coredump_file))
+(typeattributeset country_detector_service_28_0 (country_detector_service))
+(typeattributeset coverage_service_28_0 (coverage_service))
+(typeattributeset cppreopt_prop_28_0 (cppreopt_prop))
+(typeattributeset cppreopts_28_0 (cppreopts))
+(typeattributeset cppreopts_exec_28_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_28_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_28_0 (cpuinfo_service))
+(typeattributeset crash_dump_28_0 (crash_dump))
+(typeattributeset crash_dump_exec_28_0 (crash_dump_exec))
+(typeattributeset crossprofileapps_service_28_0 (crossprofileapps_service))
+(typeattributeset ctl_bootanim_prop_28_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_28_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_28_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_28_0
+ ( ctl_adbd_prop
+ ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_28_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_28_0 (ctl_fuse_prop))
+(typeattributeset ctl_interface_restart_prop_28_0 (ctl_interface_restart_prop))
+(typeattributeset ctl_interface_start_prop_28_0 (ctl_interface_start_prop))
+(typeattributeset ctl_interface_stop_prop_28_0 (ctl_interface_stop_prop))
+(typeattributeset ctl_mdnsd_prop_28_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_restart_prop_28_0 (ctl_restart_prop))
+(typeattributeset ctl_rildaemon_prop_28_0 (ctl_rildaemon_prop))
+(typeattributeset ctl_sigstop_prop_28_0 (ctl_sigstop_prop))
+(typeattributeset ctl_start_prop_28_0 (ctl_start_prop))
+(typeattributeset ctl_stop_prop_28_0 (ctl_stop_prop))
+(typeattributeset dalvikcache_data_file_28_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_28_0 (dalvik_prop))
+(typeattributeset dbinfo_service_28_0 (dbinfo_service))
+(typeattributeset debugfs_28_0 (debugfs))
+(typeattributeset debugfs_mmc_28_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_28_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_28_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_28_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_28_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wakeup_sources_28_0 (debugfs_wakeup_sources))
+(typeattributeset debugfs_wifi_tracing_28_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_28_0 (debuggerd_prop))
+(typeattributeset debug_prop_28_0 (debug_prop))
+(typeattributeset default_android_hwservice_28_0 (default_android_hwservice))
+(typeattributeset default_android_service_28_0 (default_android_service))
+(typeattributeset default_android_vndservice_28_0 (default_android_vndservice))
+(typeattributeset default_prop_28_0 (default_prop))
+(typeattributeset device_28_0 (device))
+(typeattributeset device_identifiers_service_28_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_28_0 (deviceidle_service))
+(typeattributeset device_logging_prop_28_0 (device_logging_prop))
+(typeattributeset device_policy_service_28_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_28_0 (devicestoragemonitor_service))
+(typeattributeset devpts_28_0 (devpts))
+(typeattributeset dex2oat_28_0 (dex2oat))
+(typeattributeset dex2oat_exec_28_0 (dex2oat_exec))
+(typeattributeset dhcp_28_0 (dhcp))
+(typeattributeset dhcp_data_file_28_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_28_0 (dhcp_exec))
+(typeattributeset dhcp_prop_28_0 (dhcp_prop))
+(typeattributeset diskstats_service_28_0 (diskstats_service))
+(typeattributeset display_service_28_0 (display_service))
+(typeattributeset dm_device_28_0 (dm_device))
+(typeattributeset dnsmasq_28_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_28_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_28_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_28_0 (DockObserver_service))
+(typeattributeset dreams_service_28_0 (dreams_service))
+(typeattributeset drm_data_file_28_0 (drm_data_file))
+(typeattributeset drmserver_28_0 (drmserver))
+(typeattributeset drmserver_exec_28_0 (drmserver_exec))
+(typeattributeset drmserver_service_28_0 (drmserver_service))
+(typeattributeset drmserver_socket_28_0 (drmserver_socket))
+(typeattributeset dropbox_service_28_0 (dropbox_service))
+(typeattributeset dumpstate_28_0 (dumpstate))
+(typeattributeset dumpstate_exec_28_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_28_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_28_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_28_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_28_0 (dumpstate_socket))
+(typeattributeset e2fs_28_0 (e2fs))
+(typeattributeset e2fs_exec_28_0 (e2fs_exec))
+(typeattributeset efs_file_28_0 (efs_file))
+(typeattributeset ephemeral_app_28_0 (ephemeral_app))
+(typeattributeset ethernet_service_28_0 (ethernet_service))
+(typeattributeset exfat_28_0 (exfat))
+(typeattributeset exported2_config_prop_28_0 (exported2_config_prop))
+(typeattributeset exported2_default_prop_28_0 (exported2_default_prop))
+(typeattributeset exported2_radio_prop_28_0 (exported2_radio_prop))
+(typeattributeset exported2_system_prop_28_0 (exported2_system_prop))
+(typeattributeset exported2_vold_prop_28_0 (exported2_vold_prop))
+(typeattributeset exported3_default_prop_28_0 (exported3_default_prop))
+(typeattributeset exported3_radio_prop_28_0 (exported3_radio_prop))
+(typeattributeset exported3_system_prop_28_0 (exported3_system_prop))
+(typeattributeset exported_audio_prop_28_0 (exported_audio_prop))
+(typeattributeset exported_bluetooth_prop_28_0 (exported_bluetooth_prop))
+(typeattributeset exported_config_prop_28_0 (exported_config_prop))
+(typeattributeset exported_dalvik_prop_28_0 (exported_dalvik_prop))
+(typeattributeset exported_default_prop_28_0 (exported_default_prop))
+(typeattributeset exported_dumpstate_prop_28_0 (exported_dumpstate_prop))
+(typeattributeset exported_ffs_prop_28_0 (exported_ffs_prop))
+(typeattributeset exported_fingerprint_prop_28_0 (exported_fingerprint_prop))
+(typeattributeset exported_overlay_prop_28_0 (exported_overlay_prop))
+(typeattributeset exported_pm_prop_28_0 (exported_pm_prop))
+(typeattributeset exported_radio_prop_28_0 (exported_radio_prop))
+(typeattributeset exported_secure_prop_28_0 (exported_secure_prop))
+(typeattributeset exported_system_prop_28_0 (exported_system_prop))
+(typeattributeset exported_system_radio_prop_28_0 (exported_system_radio_prop))
+(typeattributeset exported_vold_prop_28_0 (exported_vold_prop))
+(typeattributeset exported_wifi_prop_28_0 (exported_wifi_prop))
+(typeattributeset ffs_prop_28_0 (ffs_prop))
+(typeattributeset file_contexts_file_28_0 (file_contexts_file))
+(typeattributeset fingerprintd_28_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_28_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_28_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_28_0 (fingerprint_service))
+(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
+(typeattributeset firstboot_prop_28_0 (firstboot_prop))
+(typeattributeset font_service_28_0 (font_service))
+(typeattributeset frp_block_device_28_0 (frp_block_device))
+(typeattributeset fs_bpf_28_0 (fs_bpf))
+(typeattributeset fsck_28_0 (fsck))
+(typeattributeset fsck_exec_28_0 (fsck_exec))
+(typeattributeset fscklogs_28_0 (fscklogs))
+(typeattributeset fsck_untrusted_28_0 (fsck_untrusted))
+(typeattributeset full_device_28_0 (full_device))
+(typeattributeset functionfs_28_0 (functionfs))
+(typeattributeset fuse_28_0 (fuse))
+(typeattributeset fuse_device_28_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_28_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_28_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_28_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_28_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_28_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_28_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_28_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_28_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_28_0 (gfxinfo_service))
+(typeattributeset gps_control_28_0 (gps_control))
+(typeattributeset gpu_device_28_0 (gpu_device))
+(typeattributeset gpu_service_28_0 (gpu_service))
+(typeattributeset graphics_device_28_0 (graphics_device))
+(typeattributeset graphicsstats_service_28_0 (graphicsstats_service))
+(typeattributeset hal_audiocontrol_hwservice_28_0 (hal_audiocontrol_hwservice))
+(typeattributeset hal_audio_hwservice_28_0 (hal_audio_hwservice))
+(typeattributeset hal_authsecret_hwservice_28_0 (hal_authsecret_hwservice))
+(typeattributeset hal_bluetooth_hwservice_28_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_28_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_28_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_28_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_28_0 (hal_cas_hwservice))
+(typeattributeset hal_codec2_hwservice_28_0 (hal_codec2_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_28_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_confirmationui_hwservice_28_0 (hal_confirmationui_hwservice))
+(typeattributeset hal_contexthub_hwservice_28_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_28_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_28_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_evs_hwservice_28_0 (hal_evs_hwservice))
+(typeattributeset hal_fingerprint_hwservice_28_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_28_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_28_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_28_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_28_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_28_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_28_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_28_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_28_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_28_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_28_0 (hal_light_hwservice))
+(typeattributeset hal_lowpan_hwservice_28_0 (hal_lowpan_hwservice))
+(typeattributeset hal_memtrack_hwservice_28_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_28_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_28_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_28_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_28_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_28_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_28_0 (hal_renderscript_hwservice))
+(typeattributeset hal_secure_element_hwservice_28_0 (hal_secure_element_hwservice))
+(typeattributeset hal_sensors_hwservice_28_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_28_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_28_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_28_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_28_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_28_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_gadget_hwservice_28_0 (hal_usb_gadget_hwservice))
+(typeattributeset hal_usb_hwservice_28_0 (hal_usb_hwservice))
+(typeattributeset hal_vehicle_hwservice_28_0 (hal_vehicle_hwservice))
+(typeattributeset hal_vibrator_hwservice_28_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_28_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_28_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hostapd_hwservice_28_0 (hal_wifi_hostapd_hwservice))
+(typeattributeset hal_wifi_hwservice_28_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_28_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_28_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_28_0 (hardware_properties_service))
+(typeattributeset hardware_service_28_0 (hardware_service))
+(typeattributeset hci_attach_dev_28_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_28_0 (hdmi_control_service))
+(typeattributeset healthd_28_0 (healthd))
+(typeattributeset healthd_exec_28_0 (healthd_exec))
+(typeattributeset heapdump_data_file_28_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_28_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_28_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_28_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_28_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_28_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_28_0 (hwbinder_device))
+(typeattributeset hw_random_device_28_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_28_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_28_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_28_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_28_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_28_0 (i2c_device))
+(typeattributeset icon_file_28_0 (icon_file))
+(typeattributeset idmap_28_0 (idmap))
+(typeattributeset idmap_exec_28_0 (idmap_exec))
+(typeattributeset iio_device_28_0 (iio_device))
+(typeattributeset imms_service_28_0 (imms_service))
+(typeattributeset incident_28_0 (incident))
+(typeattributeset incidentd_28_0 (incidentd))
+(typeattributeset incident_data_file_28_0 (incident_data_file))
+(typeattributeset incident_helper_28_0 (incident_helper))
+(typeattributeset incident_service_28_0 (incident_service))
+(typeattributeset init_28_0 (init))
+(typeattributeset init_exec_28_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_28_0 (inotify))
+(typeattributeset input_device_28_0 (input_device))
+(typeattributeset inputflinger_28_0 (inputflinger))
+(typeattributeset inputflinger_exec_28_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_28_0 (inputflinger_service))
+(typeattributeset input_method_service_28_0 (input_method_service))
+(typeattributeset input_service_28_0 (input_service))
+(typeattributeset installd_28_0 (installd))
+(typeattributeset install_data_file_28_0 (install_data_file))
+(typeattributeset installd_exec_28_0 (installd_exec))
+(typeattributeset installd_service_28_0 (installd_service))
+(typeattributeset install_recovery_28_0 (install_recovery))
+(typeattributeset install_recovery_exec_28_0 (install_recovery_exec))
+(typeattributeset ion_device_28_0 (ion_device))
+(typeattributeset IProxyService_service_28_0 (IProxyService_service))
+(typeattributeset ipsec_service_28_0 (ipsec_service))
+(typeattributeset isolated_app_28_0 (isolated_app))
+(typeattributeset jobscheduler_service_28_0 (jobscheduler_service))
+(typeattributeset kernel_28_0 (kernel))
+(typeattributeset keychain_data_file_28_0 (keychain_data_file))
+(typeattributeset keychord_device_28_0 (keychord_device))
+(typeattributeset keystore_28_0 (keystore))
+(typeattributeset keystore_data_file_28_0 (keystore_data_file))
+(typeattributeset keystore_exec_28_0 (keystore_exec))
+(typeattributeset keystore_service_28_0 (keystore_service))
+(typeattributeset kmem_device_28_0 (kmem_device))
+(typeattributeset kmsg_debug_device_28_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_28_0 (kmsg_device))
+(typeattributeset labeledfs_28_0 (labeledfs))
+(typeattributeset last_boot_reason_prop_28_0 (last_boot_reason_prop))
+(typeattributeset launcherapps_service_28_0 (launcherapps_service))
+(typeattributeset lmkd_28_0 (lmkd))
+(typeattributeset lmkd_exec_28_0 (lmkd_exec))
+(typeattributeset lmkd_socket_28_0 (lmkd_socket))
+(typeattributeset location_service_28_0 (location_service))
+(typeattributeset lock_settings_service_28_0 (lock_settings_service))
+(typeattributeset logcat_exec_28_0 (logcat_exec))
+(typeattributeset logd_28_0 (logd))
+(typeattributeset logd_exec_28_0 (logd_exec))
+(typeattributeset logd_prop_28_0 (logd_prop))
+(typeattributeset logdr_socket_28_0 (logdr_socket))
+(typeattributeset logd_socket_28_0 (logd_socket))
+(typeattributeset logdw_socket_28_0 (logdw_socket))
+(typeattributeset logpersist_28_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_28_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_28_0 (log_prop))
+(typeattributeset log_tag_prop_28_0 (log_tag_prop))
+(typeattributeset loop_control_device_28_0 (loop_control_device))
+(typeattributeset loop_device_28_0 (loop_device))
+(typeattributeset lowpan_device_28_0 (lowpan_device))
+(typeattributeset lowpan_prop_28_0 (lowpan_prop))
+(typeattributeset lowpan_service_28_0 (lowpan_service))
+(typeattributeset mac_perms_file_28_0 (mac_perms_file))
+(typeattributeset mdnsd_28_0 (mdnsd))
+(typeattributeset mdnsd_socket_28_0 (mdnsd_socket))
+(typeattributeset mdns_socket_28_0 (mdns_socket))
+(typeattributeset mediacodec_28_0 (mediacodec))
+(typeattributeset mediacodec_exec_28_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_28_0 (mediacodec_service))
+(typeattributeset media_data_file_28_0 (media_data_file))
+(typeattributeset mediadrmserver_28_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_28_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_28_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_28_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_28_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_28_0 (mediaextractor_service))
+(typeattributeset mediaextractor_update_service_28_0 (mediaextractor_update_service))
+(typeattributeset mediametrics_28_0 (mediametrics))
+(typeattributeset mediametrics_exec_28_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_28_0 (mediametrics_service))
+(typeattributeset media_projection_service_28_0 (media_projection_service))
+(typeattributeset mediaprovider_28_0 (mediaprovider))
+(typeattributeset media_router_service_28_0 (media_router_service))
+(typeattributeset media_rw_data_file_28_0 (media_rw_data_file))
+(typeattributeset mediaserver_28_0 (mediaserver))
+(typeattributeset mediaserver_exec_28_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_28_0 (mediaserver_service))
+(typeattributeset media_session_service_28_0 (media_session_service))
+(typeattributeset meminfo_service_28_0 (meminfo_service))
+(typeattributeset metadata_block_device_28_0 (metadata_block_device))
+(typeattributeset metadata_file_28_0 (metadata_file))
+(typeattributeset method_trace_data_file_28_0 (method_trace_data_file))
+(typeattributeset midi_service_28_0 (midi_service))
+(typeattributeset misc_block_device_28_0 (misc_block_device))
+(typeattributeset misc_logd_file_28_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_28_0 (misc_user_data_file))
+(typeattributeset mmc_prop_28_0 (mmc_prop))
+(typeattributeset mnt_expand_file_28_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_28_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_28_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_28_0 (mnt_user_file))
+(typeattributeset mnt_vendor_file_28_0 (mnt_vendor_file))
+(typeattributeset modprobe_28_0 (modprobe))
+(typeattributeset mount_service_28_0 (mount_service))
+(typeattributeset mqueue_28_0 (mqueue))
+(typeattributeset mtd_device_28_0 (mtd_device))
+(typeattributeset mtp_28_0 (mtp))
+(typeattributeset mtp_device_28_0 (mtp_device))
+(typeattributeset mtpd_socket_28_0 (mtpd_socket))
+(typeattributeset mtp_exec_28_0 (mtp_exec))
+(typeattributeset nativetest_data_file_28_0 (nativetest_data_file))
+(typeattributeset netd_28_0 (netd))
+(typeattributeset net_data_file_28_0 (net_data_file))
+(typeattributeset netd_exec_28_0 (netd_exec))
+(typeattributeset netd_listener_service_28_0 (netd_listener_service))
+(typeattributeset net_dns_prop_28_0 (net_dns_prop))
+(typeattributeset netd_service_28_0 (netd_service))
+(typeattributeset netd_socket_28_0 (netd_socket))
+(typeattributeset netd_stable_secret_prop_28_0 (netd_stable_secret_prop))
+(typeattributeset netif_28_0 (netif))
+(typeattributeset netpolicy_service_28_0 (netpolicy_service))
+(typeattributeset net_radio_prop_28_0 (net_radio_prop))
+(typeattributeset netstats_service_28_0 (netstats_service))
+(typeattributeset netutils_wrapper_28_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_28_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_28_0 (network_management_service))
+(typeattributeset network_score_service_28_0 (network_score_service))
+(typeattributeset network_time_update_service_28_0 (network_time_update_service))
+(typeattributeset network_watchlist_data_file_28_0 (network_watchlist_data_file))
+(typeattributeset network_watchlist_service_28_0 (network_watchlist_service))
+(typeattributeset nfc_28_0 (nfc))
+(typeattributeset nfc_data_file_28_0 (nfc_data_file))
+(typeattributeset nfc_device_28_0 (nfc_device))
+(typeattributeset nfc_prop_28_0 (nfc_prop))
+(typeattributeset nfc_service_28_0 (nfc_service))
+(typeattributeset node_28_0 (node))
+(typeattributeset nonplat_service_contexts_file_28_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_28_0 (notification_service))
+(typeattributeset null_device_28_0 (null_device))
+(typeattributeset oemfs_28_0 (oemfs))
+(typeattributeset oem_lock_service_28_0 (oem_lock_service))
+(typeattributeset ota_data_file_28_0 (ota_data_file))
+(typeattributeset otadexopt_service_28_0 (otadexopt_service))
+(typeattributeset ota_package_file_28_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_28_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_28_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_28_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_28_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_28_0 (overlay_prop))
+(typeattributeset overlay_service_28_0 (overlay_service))
+(typeattributeset owntty_device_28_0 (owntty_device))
+(typeattributeset package_native_service_28_0 (package_native_service))
+(typeattributeset package_service_28_0 (package_service))
+(typeattributeset pan_result_prop_28_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_28_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_28_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_28_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_28_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_28_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_28_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_28_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_28_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_28_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_28_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_28_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_28_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_28_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_28_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_28_0 (pdx_performance_dir))
+(typeattributeset performanced_28_0 (performanced))
+(typeattributeset performanced_exec_28_0 (performanced_exec))
+(typeattributeset perfprofd_28_0 (perfprofd))
+(typeattributeset perfprofd_data_file_28_0 (perfprofd_data_file))
+(typeattributeset perfprofd_exec_28_0 (perfprofd_exec))
+(typeattributeset perfprofd_service_28_0 (perfprofd_service))
+(typeattributeset permission_service_28_0 (permission_service))
+(typeattributeset persist_debug_prop_28_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_28_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_28_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_28_0 (pinner_service))
+(typeattributeset pipefs_28_0 (pipefs))
+(typeattributeset platform_app_28_0 (platform_app))
+(typeattributeset pm_prop_28_0 (pm_prop))
+(typeattributeset pmsg_device_28_0 (pmsg_device))
+(typeattributeset port_28_0 (port))
+(typeattributeset port_device_28_0 (port_device))
+(typeattributeset postinstall_28_0 (postinstall))
+(typeattributeset postinstall_dexopt_28_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_28_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_28_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_28_0 (powerctl_prop))
+(typeattributeset power_service_28_0 (power_service))
+(typeattributeset ppp_28_0 (ppp))
+(typeattributeset ppp_device_28_0 (ppp_device))
+(typeattributeset ppp_exec_28_0 (ppp_exec))
+(typeattributeset preloads_data_file_28_0 (preloads_data_file))
+(typeattributeset preloads_media_file_28_0 (preloads_media_file))
+(typeattributeset preopt2cachename_28_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_28_0 (preopt2cachename_exec))
+(typeattributeset print_service_28_0 (print_service))
+(typeattributeset priv_app_28_0 (priv_app))
+(typeattributeset proc_28_0
+ ( proc
+ proc_slabinfo))
+(typeattributeset proc_abi_28_0 (proc_abi))
+(typeattributeset proc_asound_28_0 (proc_asound))
+(typeattributeset proc_bluetooth_writable_28_0 (proc_bluetooth_writable))
+(typeattributeset proc_buddyinfo_28_0 (proc_buddyinfo))
+(typeattributeset proc_cmdline_28_0 (proc_cmdline))
+(typeattributeset proc_cpuinfo_28_0 (proc_cpuinfo))
+(typeattributeset proc_dirty_28_0 (proc_dirty))
+(typeattributeset proc_diskstats_28_0 (proc_diskstats))
+(typeattributeset proc_drop_caches_28_0 (proc_drop_caches))
+(typeattributeset processinfo_service_28_0 (processinfo_service))
+(typeattributeset proc_extra_free_kbytes_28_0 (proc_extra_free_kbytes))
+(typeattributeset proc_filesystems_28_0 (proc_filesystems))
+(typeattributeset proc_hostname_28_0 (proc_hostname))
+(typeattributeset proc_hung_task_28_0 (proc_hung_task))
+(typeattributeset proc_interrupts_28_0 (proc_interrupts))
+(typeattributeset proc_iomem_28_0 (proc_iomem))
+(typeattributeset proc_kmsg_28_0 (proc_kmsg))
+(typeattributeset proc_loadavg_28_0 (proc_loadavg))
+(typeattributeset proc_max_map_count_28_0 (proc_max_map_count))
+(typeattributeset proc_meminfo_28_0 (proc_meminfo))
+(typeattributeset proc_min_free_order_shift_28_0 (proc_min_free_order_shift))
+(typeattributeset proc_misc_28_0 (proc_misc))
+(typeattributeset proc_modules_28_0 (proc_modules))
+(typeattributeset proc_mounts_28_0 (proc_mounts))
+(typeattributeset proc_net_28_0
+ ( proc_net
+ proc_net_tcp_udp))
+(typeattributeset proc_overcommit_memory_28_0 (proc_overcommit_memory))
+(typeattributeset proc_page_cluster_28_0 (proc_page_cluster))
+(typeattributeset proc_pagetypeinfo_28_0 (proc_pagetypeinfo))
+(typeattributeset proc_panic_28_0 (proc_panic))
+(typeattributeset proc_perf_28_0 (proc_perf))
+(typeattributeset proc_pid_max_28_0 (proc_pid_max))
+(typeattributeset proc_pipe_conf_28_0 (proc_pipe_conf))
+(typeattributeset proc_qtaguid_stat_28_0 (proc_qtaguid_stat))
+(typeattributeset proc_random_28_0 (proc_random))
+(typeattributeset proc_sched_28_0 (proc_sched))
+(typeattributeset proc_security_28_0 (proc_security))
+(typeattributeset proc_stat_28_0 (proc_stat))
+(typeattributeset procstats_service_28_0 (procstats_service))
+(typeattributeset proc_swaps_28_0 (proc_swaps))
+(typeattributeset proc_sysrq_28_0 (proc_sysrq))
+(typeattributeset proc_timer_28_0 (proc_timer))
+(typeattributeset proc_tty_drivers_28_0 (proc_tty_drivers))
+(typeattributeset proc_uid_concurrent_active_time_28_0 (proc_uid_concurrent_active_time))
+(typeattributeset proc_uid_concurrent_policy_time_28_0 (proc_uid_concurrent_policy_time))
+(typeattributeset proc_uid_cpupower_28_0 (proc_uid_cpupower))
+(typeattributeset proc_uid_cputime_removeuid_28_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_28_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_28_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_28_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_28_0 (proc_uid_time_in_state))
+(typeattributeset proc_uptime_28_0 (proc_uptime))
+(typeattributeset proc_version_28_0 (proc_version))
+(typeattributeset proc_vmallocinfo_28_0 (proc_vmallocinfo))
+(typeattributeset proc_vmstat_28_0 (proc_vmstat))
+(typeattributeset proc_zoneinfo_28_0 (proc_zoneinfo))
+(typeattributeset profman_28_0 (profman))
+(typeattributeset profman_dump_data_file_28_0 (profman_dump_data_file))
+(typeattributeset profman_exec_28_0 (profman_exec))
+(typeattributeset properties_device_28_0 (properties_device))
+(typeattributeset properties_serial_28_0 (properties_serial))
+(typeattributeset property_contexts_file_28_0 (property_contexts_file))
+(typeattributeset property_data_file_28_0 (property_data_file))
+(typeattributeset property_info_28_0 (property_info))
+(typeattributeset property_socket_28_0 (property_socket))
+(typeattributeset pstorefs_28_0 (pstorefs))
+(typeattributeset ptmx_device_28_0 (ptmx_device))
+(typeattributeset qtaguid_device_28_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_28_0
+ ( proc_qtaguid_ctrl
+ qtaguid_proc))
+(typeattributeset racoon_28_0 (racoon))
+(typeattributeset racoon_exec_28_0 (racoon_exec))
+(typeattributeset racoon_socket_28_0 (racoon_socket))
+(typeattributeset radio_28_0 (radio))
+(typeattributeset radio_data_file_28_0 (radio_data_file))
+(typeattributeset radio_device_28_0 (radio_device))
+(typeattributeset radio_prop_28_0 (radio_prop))
+(typeattributeset radio_service_28_0 (radio_service))
+(typeattributeset ram_device_28_0 (ram_device))
+(typeattributeset random_device_28_0 (random_device))
+(typeattributeset recovery_28_0 (recovery))
+(typeattributeset recovery_block_device_28_0 (recovery_block_device))
+(typeattributeset recovery_data_file_28_0 (recovery_data_file))
+(typeattributeset recovery_persist_28_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_28_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_28_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_28_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_28_0 (recovery_service))
+(typeattributeset registry_service_28_0 (registry_service))
+(typeattributeset resourcecache_data_file_28_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_28_0 (restorecon_prop))
+(typeattributeset restrictions_service_28_0 (restrictions_service))
+(typeattributeset rild_debug_socket_28_0 (rild_debug_socket))
+(typeattributeset rild_socket_28_0 (rild_socket))
+(typeattributeset ringtone_file_28_0 (ringtone_file))
+(typeattributeset root_block_device_28_0 (root_block_device))
+(typeattributeset rootfs_28_0 (rootfs))
+(typeattributeset rpmsg_device_28_0 (rpmsg_device))
+(typeattributeset rtc_device_28_0 (rtc_device))
+(typeattributeset rttmanager_service_28_0 (rttmanager_service))
+(typeattributeset runas_28_0 (runas))
+(typeattributeset runas_exec_28_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_28_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_28_0 (safemode_prop))
+(typeattributeset same_process_hal_file_28_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_28_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_28_0 (scheduling_policy_service))
+(typeattributeset sdcardd_28_0 (sdcardd))
+(typeattributeset sdcardd_exec_28_0 (sdcardd_exec))
+(typeattributeset sdcardfs_28_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_28_0 (seapp_contexts_file))
+(typeattributeset search_service_28_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_28_0 (sec_key_att_app_id_provider_service))
+(typeattributeset secure_element_28_0 (secure_element))
+(typeattributeset secure_element_device_28_0 (secure_element_device))
+(typeattributeset secure_element_service_28_0 (secure_element_service))
+(typeattributeset selinuxfs_28_0 (selinuxfs))
+(typeattributeset sensors_device_28_0 (sensors_device))
+(typeattributeset sensorservice_service_28_0 (sensorservice_service))
+(typeattributeset sepolicy_file_28_0 (sepolicy_file))
+(typeattributeset serial_device_28_0 (serial_device))
+(typeattributeset serialno_prop_28_0 (serialno_prop))
+(typeattributeset serial_service_28_0 (serial_service))
+(typeattributeset service_contexts_file_28_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_28_0 (servicediscovery_service))
+(typeattributeset servicemanager_28_0 (servicemanager))
+(typeattributeset servicemanager_exec_28_0 (servicemanager_exec))
+(typeattributeset settings_service_28_0 (settings_service))
+(typeattributeset sgdisk_28_0 (sgdisk))
+(typeattributeset sgdisk_exec_28_0 (sgdisk_exec))
+(typeattributeset shared_relro_28_0 (shared_relro))
+(typeattributeset shared_relro_file_28_0 (shared_relro_file))
+(typeattributeset shell_28_0 (shell))
+(typeattributeset shell_data_file_28_0 (shell_data_file))
+(typeattributeset shell_exec_28_0 (shell_exec))
+(typeattributeset shell_prop_28_0 (shell_prop))
+(typeattributeset shm_28_0 (shm))
+(typeattributeset shortcut_manager_icons_28_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_28_0 (shortcut_service))
+(typeattributeset slice_service_28_0 (slice_service))
+(typeattributeset slideshow_28_0 (slideshow))
+(typeattributeset socket_device_28_0 (socket_device))
+(typeattributeset sockfs_28_0 (sockfs))
+(typeattributeset statusbar_service_28_0 (statusbar_service))
+(typeattributeset storaged_service_28_0 (storaged_service))
+(typeattributeset storage_file_28_0 (storage_file))
+(typeattributeset storagestats_service_28_0 (storagestats_service))
+(typeattributeset storage_stub_file_28_0 (storage_stub_file))
+(typeattributeset su_28_0 (su))
+(typeattributeset su_exec_28_0 (su_exec))
+(typeattributeset surfaceflinger_28_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_28_0 (swap_block_device))
+(typeattributeset sysfs_28_0 (sysfs))
+(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
+(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_28_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_dm_28_0 (sysfs_dm))
+(typeattributeset sysfs_dt_firmware_android_28_0 (sysfs_dt_firmware_android))
+(typeattributeset sysfs_fs_ext4_features_28_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_hwrandom_28_0 (sysfs_hwrandom))
+(typeattributeset sysfs_ipv4_28_0 (sysfs_ipv4))
+(typeattributeset sysfs_kernel_notes_28_0 (sysfs_kernel_notes))
+(typeattributeset sysfs_leds_28_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_28_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_28_0 (sysfs_mac_address))
+(typeattributeset sysfs_net_28_0 (sysfs_net))
+(typeattributeset sysfs_nfc_power_writable_28_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_power_28_0 (sysfs_power))
+(typeattributeset sysfs_rtc_28_0 (sysfs_rtc))
+(typeattributeset sysfs_switch_28_0 (sysfs_switch))
+(typeattributeset sysfs_thermal_28_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_28_0 (sysfs_uio))
+(typeattributeset sysfs_usb_28_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_28_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_28_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_28_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wakeup_reasons_28_0 (sysfs_wakeup_reasons))
+(typeattributeset sysfs_wlan_fwpath_28_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_28_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_28_0 (sysfs_zram_uevent))
+(typeattributeset system_app_28_0 (system_app))
+(typeattributeset system_app_data_file_28_0 (system_app_data_file))
+(typeattributeset system_app_service_28_0 (system_app_service))
+(typeattributeset system_block_device_28_0 (system_block_device))
+(typeattributeset system_boot_reason_prop_28_0 (system_boot_reason_prop))
+(typeattributeset system_data_file_28_0
+ ( dropbox_data_file
+ system_data_file))
+(typeattributeset system_file_28_0
+ ( system_file
+ system_asan_options_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ tcpdump_exec
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_28_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_28_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_28_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_28_0 (system_prop))
+(typeattributeset system_radio_prop_28_0 (system_radio_prop))
+(typeattributeset system_server_28_0 (system_server))
+(typeattributeset system_update_service_28_0 (system_update_service))
+(typeattributeset system_wifi_keystore_hwservice_28_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_28_0 (system_wpa_socket))
+(typeattributeset task_service_28_0 (task_service))
+(typeattributeset tee_28_0 (tee))
+(typeattributeset tee_data_file_28_0 (tee_data_file))
+(typeattributeset tee_device_28_0 (tee_device))
+(typeattributeset telecom_service_28_0 (telecom_service))
+(typeattributeset test_boot_reason_prop_28_0 (test_boot_reason_prop))
+(typeattributeset textclassification_service_28_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_28_0 (textclassifier_data_file))
+(typeattributeset textservices_service_28_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_28_0 (thermal_service))
+(typeattributeset thermalserviced_28_0 (thermalserviced))
+(typeattributeset thermalserviced_exec_28_0 (thermalserviced_exec))
+(typeattributeset timezone_service_28_0 (timezone_service))
+(typeattributeset tmpfs_28_0 (tmpfs))
+(typeattributeset tombstoned_28_0 (tombstoned))
+(typeattributeset tombstone_data_file_28_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_28_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_28_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_28_0 (tombstoned_java_trace_socket))
+(typeattributeset tombstone_wifi_data_file_28_0 (tombstone_wifi_data_file))
+(typeattributeset toolbox_28_0 (toolbox))
+(typeattributeset toolbox_exec_28_0 (toolbox_exec))
+(typeattributeset trace_data_file_28_0 (trace_data_file))
+(typeattributeset traced_consumer_socket_28_0 (traced_consumer_socket))
+(typeattributeset traced_enabled_prop_28_0 (traced_enabled_prop))
+(typeattributeset traced_probes_28_0 (traced_probes))
+(typeattributeset traced_producer_socket_28_0 (traced_producer_socket))
+(typeattributeset traceur_app_28_0 (traceur_app))
+(typeattributeset trust_service_28_0 (trust_service))
+(typeattributeset tty_device_28_0 (tty_device))
+(typeattributeset tun_device_28_0 (tun_device))
+(typeattributeset tv_input_service_28_0 (tv_input_service))
+(typeattributeset tzdatacheck_28_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_28_0 (tzdatacheck_exec))
+(typeattributeset ueventd_28_0 (ueventd))
+(typeattributeset uhid_device_28_0 (uhid_device))
+(typeattributeset uimode_service_28_0 (uimode_service))
+(typeattributeset uio_device_28_0 (uio_device))
+(typeattributeset uncrypt_28_0 (uncrypt))
+(typeattributeset uncrypt_exec_28_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_28_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_28_0 (unencrypted_data_file))
+(typeattributeset unlabeled_28_0 (unlabeled))
+(typeattributeset untrusted_app_25_28_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_28_0 (untrusted_app_27))
+(typeattributeset untrusted_app_28_0 (untrusted_app))
+(typeattributeset untrusted_v2_app_28_0 (untrusted_v2_app))
+(typeattributeset update_engine_28_0 (update_engine))
+(typeattributeset update_engine_data_file_28_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_28_0 (update_engine_exec))
+(typeattributeset update_engine_log_data_file_28_0 (update_engine_log_data_file))
+(typeattributeset update_engine_service_28_0 (update_engine_service))
+(typeattributeset updatelock_service_28_0 (updatelock_service))
+(typeattributeset update_verifier_28_0 (update_verifier))
+(typeattributeset update_verifier_exec_28_0 (update_verifier_exec))
+(typeattributeset usagestats_service_28_0 (usagestats_service))
+(typeattributeset usbaccessory_device_28_0 (usbaccessory_device))
+(typeattributeset usbd_28_0 (usbd))
+(typeattributeset usb_device_28_0 (usb_device))
+(typeattributeset usbd_exec_28_0 (usbd_exec))
+(typeattributeset usbfs_28_0 (usbfs))
+(typeattributeset usb_service_28_0 (usb_service))
+(typeattributeset userdata_block_device_28_0 (userdata_block_device))
+(typeattributeset usermodehelper_28_0 (usermodehelper))
+(typeattributeset user_profile_data_file_28_0 (user_profile_data_file))
+(typeattributeset user_service_28_0 (user_service))
+(typeattributeset vcs_device_28_0 (vcs_device))
+(typeattributeset vdc_28_0 (vdc))
+(typeattributeset vdc_exec_28_0 (vdc_exec))
+(typeattributeset vendor_app_file_28_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_28_0 (vendor_configs_file))
+(typeattributeset vendor_data_file_28_0 (vendor_data_file))
+(typeattributeset vendor_default_prop_28_0 (vendor_default_prop))
+(typeattributeset vendor_file_28_0 (vendor_file))
+(typeattributeset vendor_framework_file_28_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_28_0 (vendor_hal_file))
+(typeattributeset vendor_init_28_0 (vendor_init))
+(typeattributeset vendor_overlay_file_28_0 (vendor_overlay_file))
+(typeattributeset vendor_security_patch_level_prop_28_0 (vendor_security_patch_level_prop))
+(typeattributeset vendor_shell_28_0 (vendor_shell))
+(typeattributeset vendor_shell_exec_28_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_28_0 (vendor_toolbox_exec))
+(typeattributeset vfat_28_0 (vfat))
+(typeattributeset vibrator_service_28_0 (vibrator_service))
+(typeattributeset video_device_28_0 (video_device))
+(typeattributeset virtual_touchpad_28_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_28_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_28_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_28_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_28_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_28_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_28_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_28_0 (voiceinteraction_service))
+(typeattributeset vold_28_0 (vold))
+(typeattributeset vold_data_file_28_0 (vold_data_file))
+(typeattributeset vold_device_28_0 (vold_device))
+(typeattributeset vold_exec_28_0 (vold_exec))
+(typeattributeset vold_metadata_file_28_0 (vold_metadata_file))
+(typeattributeset vold_prepare_subdirs_28_0 (vold_prepare_subdirs))
+(typeattributeset vold_prepare_subdirs_exec_28_0 (vold_prepare_subdirs_exec))
+(typeattributeset vold_prop_28_0 (vold_prop))
+(typeattributeset vold_service_28_0 (vold_service))
+(typeattributeset vpn_data_file_28_0 (vpn_data_file))
+(typeattributeset vr_hwc_28_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_28_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_28_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_28_0 (vr_manager_service))
+(typeattributeset wallpaper_file_28_0 (wallpaper_file))
+(typeattributeset wallpaper_service_28_0 (wallpaper_service))
+(typeattributeset watchdogd_28_0 (watchdogd))
+(typeattributeset watchdog_device_28_0 (watchdog_device))
+(typeattributeset webviewupdate_service_28_0 (webviewupdate_service))
+(typeattributeset webview_zygote_28_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_28_0 (webview_zygote_exec))
+(typeattributeset wifiaware_service_28_0 (wifiaware_service))
+(typeattributeset wificond_28_0 (wificond))
+(typeattributeset wificond_exec_28_0 (wificond_exec))
+(typeattributeset wificond_service_28_0 (wificond_service))
+(typeattributeset wifi_data_file_28_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_28_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_28_0 (wifip2p_service))
+(typeattributeset wifi_prop_28_0 (wifi_prop))
+(typeattributeset wifiscanner_service_28_0 (wifiscanner_service))
+(typeattributeset wifi_service_28_0 (wifi_service))
+(typeattributeset window_service_28_0 (window_service))
+(typeattributeset wpantund_28_0 (wpantund))
+(typeattributeset wpantund_exec_28_0 (wpantund_exec))
+(typeattributeset wpantund_service_28_0 (wpantund_service))
+(typeattributeset wpa_socket_28_0 (wpa_socket))
+(typeattributeset zero_device_28_0 (zero_device))
+(typeattributeset zoneinfo_data_file_28_0 (zoneinfo_data_file))
+(typeattributeset zygote_28_0 (zygote))
+(typeattributeset zygote_exec_28_0 (zygote_exec))
+(typeattributeset zygote_socket_28_0 (zygote_socket))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
new file mode 100644
index 0000000..24edae6
--- /dev/null
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -0,0 +1,59 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ app_binding_service
+ apex_data_file
+ apex_mnt_dir
+ apex_key_file
+ apex_service
+ apexd
+ apexd_exec
+ apexd_tmpfs
+ biometric_service
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
+ fastbootd
+ fwk_stats_hwservice
+ color_display_service
+ hal_atrace_hwservice
+ hal_health_storage_hwservice
+ hal_system_suspend_default
+ hal_system_suspend_default_exec
+ hal_system_suspend_default_tmpfs
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ iorapd
+ iorapd_exec
+ iorapd_data_file
+ iorapd_service
+ iorapd_tmpfs
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ mnt_product_file
+ overlayfs_file
+ recovery_socket
+ super_block_device
+ system_lmk_prop
+ system_suspend_hwservice
+ time_prop
+ timedetector_service
+ timezonedetector_service
+ uri_grants_service
+ vendor_idc_file
+ vendor_keychars_file
+ vendor_keylayout_file
+ vrflinger_vsync_service
+ watchdogd_tmpfs))
diff --git a/private/crash_dump.te b/private/crash_dump.te
index c3d2ed5..fe25bad 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -2,13 +2,41 @@
allow crash_dump {
domain
+ -apexd
-bpfloader
-crash_dump
-init
-kernel
-keystore
+ -llkd
-logd
-ueventd
-vendor_init
-vold
}:process { ptrace signal sigchld sigstop sigkill };
+userdebug_or_eng(`
+ allow crash_dump { llkd logd }:process { ptrace signal sigchld sigstop sigkill };
+')
+
+###
+### neverallow assertions
+###
+
+# ptrace neverallow assertions are spread throughout the other policy
+# files, so we avoid adding redundant assertions here
+
+neverallow crash_dump {
+ bpfloader
+ init
+ kernel
+ keystore
+ llkd
+ userdebug_or_eng(`-llkd')
+ logd
+ userdebug_or_eng(`-logd')
+ ueventd
+ vendor_init
+ vold
+}:process { signal sigstop sigkill };
+
+neverallow crash_dump self:process ptrace;
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index dfc81b8..212608b 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -1,6 +1,6 @@
# dexoptanalyzer
type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
-type dexoptanalyzer_exec, exec_type, file_type;
+type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
@@ -19,12 +19,12 @@
# Allow reading secondary dex files that were reported by the app to the
# package manager.
-allow dexoptanalyzer app_data_file:dir { getattr search };
-allow dexoptanalyzer app_data_file:file { getattr read };
+allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
+allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
-dontaudit dexoptanalyzer app_data_file:dir audit_access;
+dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access;
# Allow testing /data/user/0 which symlinks to /data/data
allow dexoptanalyzer system_data_file:lnk_file { getattr };
diff --git a/private/domain.te b/private/domain.te
index fb6ba4f..7945d89 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -1,6 +1,8 @@
# Transition to crash_dump when /system/bin/crash_dump* is executed.
# This occurs when the process crashes.
-domain_auto_trans(domain, crash_dump_exec, crash_dump);
+# We do not apply this to the su domain to avoid interfering with
+# tests (b/114136122)
+domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
allow domain crash_dump:process sigchld;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
@@ -8,6 +10,7 @@
neverallow {
domain
-vold
+ userdebug_or_eng(`-llkd')
-dumpstate
userdebug_or_eng(`-incidentd')
-storaged
@@ -116,3 +119,59 @@
-init
}{ usbfs binfmt_miscfs }:file no_rw_file_perms;
')
+
+# System_server owns dropbox data, and init creates/restorecons the directory
+# Disallow direct access by other processes.
+neverallow { domain -init -system_server } dropbox_data_file:dir *;
+neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
+
+###
+# Services should respect app sandboxes
+neverallow {
+ domain
+ -appdomain
+ -installd # creation of sandbox
+} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
+
+# Only the following processes should be directly accessing private app
+# directories.
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -dexoptanalyzer
+ -init
+ -installd
+ userdebug_or_eng(`-perfprofd')
+ -profman
+ -runas
+ -system_server
+} { privapp_data_file app_data_file }:dir *;
+
+# Only apps should be modifying app data. init and installd are exempted for
+# restorecon and package install/uninstall.
+neverallow {
+ domain
+ -appdomain
+ -init
+ -installd
+} { privapp_data_file app_data_file }:dir ~r_dir_perms;
+
+neverallow {
+ domain
+ -appdomain
+ -installd
+ userdebug_or_eng(`-perfprofd')
+} { privapp_data_file app_data_file }:file_class_set open;
+
+neverallow {
+ domain
+ -appdomain
+ -installd # creation of sandbox
+} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
+
+neverallow {
+ domain
+ -init
+ -installd
+} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto };
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 2c2a62f..d1fbacc 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -8,9 +8,6 @@
# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
allow dumpstate system_file:file lock;
-# TODO: deal with tmpfs_domain pub/priv split properly
-allow dumpstate dumpstate_tmpfs:file execute;
-
# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
@@ -45,3 +42,4 @@
allow dumpstate webview_zygote:process signal;
dontaudit dumpstate perfprofd:binder call;
dontaudit dumpstate update_engine:binder call;
+allow dumpstate proc_net_tcp_udp:file r_file_perms;
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 75a6317..f28d28f 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -21,7 +21,7 @@
# Some apps ship with shared libraries and binaries that they write out
# to their sandbox directory and then execute.
-allow ephemeral_app app_data_file:file {r_file_perms execute};
+allow ephemeral_app { app_data_file privapp_data_file }:file {r_file_perms execute};
# services
allow ephemeral_app audioserver_service:service_manager find;
@@ -50,7 +50,7 @@
### neverallow rules
###
-neverallow ephemeral_app app_data_file:file execute_no_trans;
+neverallow ephemeral_app { app_data_file privapp_data_file }:file execute_no_trans;
# Receive or send uevent messages.
neverallow ephemeral_app domain:netlink_kobject_uevent_socket *;
diff --git a/private/fastbootd.te b/private/fastbootd.te
new file mode 100644
index 0000000..29a9157
--- /dev/null
+++ b/private/fastbootd.te
@@ -0,0 +1 @@
+typeattribute fastbootd coredomain;
diff --git a/private/file.te b/private/file.te
index 58ee0de..8d18a90 100644
--- a/private/file.te
+++ b/private/file.te
@@ -1,11 +1,6 @@
# /proc/config.gz
type config_gz, fs_type, proc_type;
-# /data/misc/stats-data, /data/misc/stats-service
-type stats_data_file, file_type, data_file_type, core_data_file_type;
-
-type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
-
# /data/misc/storaged
type storaged_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 564e45c..ee295ca 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -16,6 +16,7 @@
# Executables
/charger u:object_r:rootfs:s0
/init u:object_r:init_exec:s0
+/system/bin/init u:object_r:init_exec:s0
/sbin(/.*)? u:object_r:rootfs:s0
# For kernel modules
@@ -29,6 +30,7 @@
/postinstall u:object_r:postinstall_mnt_dir:s0
/proc u:object_r:rootfs:s0
/sys u:object_r:sysfs:s0
+/apex u:object_r:apex_mnt_dir:s0
# Symlinks
/bin u:object_r:rootfs:s0
@@ -148,6 +150,7 @@
/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/racoon u:object_r:racoon_socket:s0
+/dev/socket/recovery u:object_r:recovery_socket:s0
/dev/socket/rild u:object_r:rild_socket:s0
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
@@ -155,6 +158,7 @@
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
+/dev/socket/heapprofd u:object_r:heapprofd_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
@@ -184,15 +188,18 @@
# System files
#
/system(/.*)? u:object_r:system_file:s0
+/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/system/bin/atrace u:object_r:atrace_exec:s0
/system/bin/blank_screen u:object_r:blank_screen_exec:s0
/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
/system/bin/mke2fs u:object_r:e2fs_exec:s0
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
+/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
/system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0
/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
+/system/bin/tcpdump -- u:object_r:tcpdump_exec:s0
/system/bin/tune2fs -- u:object_r:fsck_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
/system/bin/toybox -- u:object_r:toolbox_exec:s0
@@ -224,6 +231,7 @@
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
+/system/bin/mediaswcodec u:object_r:mediaswcodec_exec:s0
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
@@ -247,6 +255,8 @@
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/healthd u:object_r:healthd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
+/system/bin/linker(64)? u:object_r:system_linker_exec:s0
+/system/bin/llkd u:object_r:llkd_exec:s0
/system/bin/lmkd u:object_r:lmkd_exec:s0
/system/bin/usbd u:object_r:usbd_exec:s0
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
@@ -254,11 +264,13 @@
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
+/system/bin/heapprofd u:object_r:heapprofd_exec:s0
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
/system/bin/logwrapper u:object_r:system_file:s0
/system/bin/vdc u:object_r:vdc_exec:s0
/system/bin/cppreopts.sh u:object_r:cppreopts_exec:s0
+/system/bin/preloads_copy.sh u:object_r:preloads_copy_exec:s0
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
/system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0
/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
@@ -266,6 +278,7 @@
# patchoat executable has (essentially) the same requirements as dex2oat.
/system/bin/patchoat(d)? u:object_r:dex2oat_exec:s0
/system/bin/profman(d)? u:object_r:profman_exec:s0
+/system/bin/iorapd u:object_r:iorapd_exec:s0
/system/bin/sgdisk u:object_r:sgdisk_exec:s0
/system/bin/blkid u:object_r:blkid_exec:s0
/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
@@ -277,6 +290,11 @@
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
+/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:hal_system_suspend_default_exec:s0
+/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
+/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
+/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
+/system/etc/security/apex(/.*)? u:object_r:apex_key_file:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
@@ -286,6 +304,7 @@
/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
/system/etc/selinux/plat_sepolicy.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
+/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0
/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0
/system/bin/adbd u:object_r:adbd_exec:s0
/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0
@@ -293,6 +312,8 @@
/system/bin/statsd u:object_r:statsd_exec:s0
/system/bin/bpfloader u:object_r:bpfloader_exec:s0
/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0
+/system/bin/watchdogd u:object_r:watchdogd_exec:s0
+/system/bin/apexd u:object_r:apexd_exec:s0
#############################
# Vendor files
@@ -332,6 +353,11 @@
/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0
+# Input configuration
+/(odm|vendor|vendor/odm)/usr/keylayout(/.*)?.kl u:object_r:vendor_keylayout_file:s0
+/(odm|vendor|vendor/odm)/usr/keychars(/.*)?.kcm u:object_r:vendor_keychars_file:s0
+/(odm|vendor|vendor/odm)/usr/idc(/.*)?.idc u:object_r:vendor_idc_file:s0
+
/oem(/.*)? u:object_r:oemfs:s0
# The precompiled monolithic sepolicy will be under /odm only when
@@ -349,7 +375,12 @@
#############################
# Product files
#
-/(product|system/product)(/.*)? u:object_r:system_file:s0
+/(product|system/product)(/.*)? u:object_r:system_file:s0
+
+#############################
+# Product-Services files
+#
+/(product_services|system/product_services)(/.*)? u:object_r:system_file:s0
#############################
# Data files
@@ -370,6 +401,7 @@
/data/ota_package(/.*)? u:object_r:ota_package_file:s0
/data/adb(/.*)? u:object_r:adb_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0
+/data/apex(/.*)? u:object_r:apex_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
@@ -430,9 +462,11 @@
/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0
/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
+/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0
/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
+/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
/data/misc/wmtrace(/.*)? u:object_r:wm_trace_data_file:s0
@@ -494,6 +528,9 @@
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
+# iorapd per-user data
+/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0
+
#############################
# efs files
#
@@ -509,6 +546,12 @@
# LocalTransport (backup) uses this subtree
/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
+#############################
+# Overlayfs support directories
+#
+/cache/overlay(/.*)? u:object_r:overlayfs_file:s0
+/mnt/scratch(/.*)? u:object_r:overlayfs_file:s0
+
/data/cache(/.*)? u:object_r:cache_file:s0
/data/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
# General backup/restore interchange with apps
@@ -538,4 +581,8 @@
#############################
# mount point for read-write vendor partitions
-/mnt/vendor(/.*)? u:object_r:mnt_vendor_file:s0
+/mnt/vendor(/.*)? u:object_r:mnt_vendor_file:s0
+
+#############################
+# mount point for read-write product partitions
+/mnt/product(/.*)? u:object_r:mnt_product_file:s0
diff --git a/private/file_contexts_asan b/private/file_contexts_asan
index 17ee9d7..bd841a3 100644
--- a/private/file_contexts_asan
+++ b/private/file_contexts_asan
@@ -1,9 +1,10 @@
-/data/asan/system/lib(/.*)? u:object_r:system_file:s0
-/data/asan/system/lib64(/.*)? u:object_r:system_file:s0
-/data/asan/vendor/lib(/.*)? u:object_r:system_file:s0
-/data/asan/vendor/lib64(/.*)? u:object_r:system_file:s0
-/data/asan/odm/lib(/.*)? u:object_r:system_file:s0
-/data/asan/odm/lib64(/.*)? u:object_r:system_file:s0
+/data/asan/system/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/system/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/vendor/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/vendor/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/odm/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0
+/system/asan.options u:object_r:system_asan_options_file:s0
/system/bin/asan_extract u:object_r:asan_extract_exec:s0
/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0
/system/bin/asan/app_process u:object_r:zygote_exec:s0
diff --git a/private/file_contexts_overlayfs b/private/file_contexts_overlayfs
new file mode 100644
index 0000000..e472fad
--- /dev/null
+++ b/private/file_contexts_overlayfs
@@ -0,0 +1,9 @@
+#############################
+# Overlayfs support directories for userdebug/eng devices
+#
+/cache/overlay/(system|product)/upper u:object_r:system_file:s0
+/cache/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
+/cache/overlay/oem/upper u:object_r:vendor_file:s0
+/mnt/scratch/overlay/(system|product)/upper u:object_r:system_file:s0
+/mnt/scratch/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
+/mnt/scratch/overlay/oem/upper u:object_r:vendor_file:s0
diff --git a/private/fs_use b/private/fs_use
index 4bd1112..1964348 100644
--- a/private/fs_use
+++ b/private/fs_use
@@ -8,6 +8,8 @@
fs_use_xattr btrfs u:object_r:labeledfs:s0;
fs_use_xattr f2fs u:object_r:labeledfs:s0;
fs_use_xattr squashfs u:object_r:labeledfs:s0;
+fs_use_xattr overlay u:object_r:labeledfs:s0;
+fs_use_xattr erofs u:object_r:labeledfs:s0;
# Label inodes from task label.
fs_use_task pipefs u:object_r:pipefs:s0;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 7e2ea50..f87c086 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -17,10 +17,13 @@
genfscon proc /modules u:object_r:proc_modules:s0
genfscon proc /mounts u:object_r:proc_mounts:s0
genfscon proc /net u:object_r:proc_net:s0
-genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
+genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0
+genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0
@@ -36,13 +39,15 @@
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
-genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
+genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
@@ -96,6 +101,10 @@
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
genfscon sysfs /class/net u:object_r:sysfs_net:s0
+genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rfkill/rfkill1/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
@@ -146,12 +155,18 @@
genfscon debugfs /tracing/events/pagecache/ u:object_r:debugfs_tracing_debug:s0
genfscon debugfs /tracing/events/irq/ u:object_r:debugfs_tracing_debug:s0
genfscon debugfs /tracing/events/ipi/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
@@ -162,12 +177,18 @@
genfscon tracefs /events/pagecache/ u:object_r:debugfs_tracing_debug:s0
genfscon tracefs /events/irq/ u:object_r:debugfs_tracing_debug:s0
genfscon tracefs /events/ipi/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
@@ -177,6 +198,7 @@
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
+genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
@@ -205,6 +227,7 @@
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/options/record-tgid u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
diff --git a/private/hal_allocator_default.te b/private/hal_allocator_default.te
index 49ef178..7aa28aa 100644
--- a/private/hal_allocator_default.te
+++ b/private/hal_allocator_default.te
@@ -1,5 +1,5 @@
type hal_allocator_default, domain, coredomain;
hal_server_domain(hal_allocator_default, hal_allocator)
-type hal_allocator_default_exec, exec_type, file_type;
+type hal_allocator_default_exec, system_file_type, exec_type, file_type;
init_daemon_domain(hal_allocator_default)
diff --git a/private/hal_system_suspend_default.te b/private/hal_system_suspend_default.te
new file mode 100644
index 0000000..c948051
--- /dev/null
+++ b/private/hal_system_suspend_default.te
@@ -0,0 +1,5 @@
+type hal_system_suspend_default, domain, coredomain;
+hal_server_domain(hal_system_suspend_default, hal_system_suspend)
+
+type hal_system_suspend_default_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(hal_system_suspend_default)
diff --git a/private/heapprofd.te b/private/heapprofd.te
new file mode 100644
index 0000000..ada66d5
--- /dev/null
+++ b/private/heapprofd.te
@@ -0,0 +1,5 @@
+# Android Heap Profiler Daemon go/heapprofd
+type heapprofd, domain, coredomain;
+type heapprofd_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(heapprofd)
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index c75c0a5..6c00f35 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,6 +1,8 @@
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
+android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0
+android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0
android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
@@ -27,6 +29,7 @@
android.hardware.graphics.composer::IComposer u:object_r:hal_graphics_composer_hwservice:s0
android.hardware.graphics.mapper::IMapper u:object_r:hal_graphics_mapper_hwservice:s0
android.hardware.health::IHealth u:object_r:hal_health_hwservice:s0
+android.hardware.health.storage::IStorage u:object_r:hal_health_storage_hwservice:s0
android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
@@ -67,5 +70,6 @@
android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0
android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0
android.system.net.netd::INetd u:object_r:system_net_netd_hwservice:s0
+android.system.suspend::ISystemSuspend u:object_r:system_suspend_hwservice:s0
android.system.wifi.keystore::IKeystore u:object_r:system_wifi_keystore_hwservice:s0
* u:object_r:default_android_hwservice:s0
diff --git a/private/incident.te b/private/incident.te
index 1844898..98101e0 100644
--- a/private/incident.te
+++ b/private/incident.te
@@ -1,6 +1,6 @@
typeattribute incident coredomain;
-type incident_exec, exec_type, file_type;
+type incident_exec, system_file_type, exec_type, file_type;
# switch to incident domain for incident command
domain_auto_trans(shell, incident_exec, incident)
diff --git a/private/incident_helper.te b/private/incident_helper.te
index e1e3fc8..078aa24 100644
--- a/private/incident_helper.te
+++ b/private/incident_helper.te
@@ -1,6 +1,6 @@
typeattribute incident_helper coredomain;
-type incident_helper_exec, exec_type, file_type;
+type incident_helper_exec, system_file_type, exec_type, file_type;
# switch to incident_helper domain for incident_helper command
domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
diff --git a/private/incidentd.te b/private/incidentd.te
index 6b248f1..7ad3a30 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -2,7 +2,7 @@
typeattribute incidentd mlstrustedsubject;
init_daemon_domain(incidentd)
-type incidentd_exec, exec_type, file_type;
+type incidentd_exec, system_file_type, exec_type, file_type;
binder_use(incidentd)
wakelock_use(incidentd)
@@ -19,6 +19,9 @@
allow incidentd system_file:file execute_no_trans;
allow incidentd toolbox_exec:file rx_file_perms;
+# section id 1002, allow reading kernel version /proc/version
+allow incidentd proc_version:file r_file_perms;
+
# section id 2001, allow reading /proc/pagetypeinfo
allow incidentd proc_pagetypeinfo:file r_file_perms;
@@ -83,10 +86,11 @@
hal_audio_server
hal_bluetooth_server
hal_camera_server
+ hal_graphics_allocator_server
hal_graphics_composer_server
+ hal_omx_server
hal_sensors_server
hal_vr_server
- mediacodec # TODO(b/36375899): hal_omx_server
}:process signal;
# Allow incidentd to make binder calls to any binder service
diff --git a/private/init.te b/private/init.te
index e9959d3..30e5e36 100644
--- a/private/init.te
+++ b/private/init.te
@@ -9,14 +9,19 @@
domain_auto_trans(init, e2fs_exec, e2fs)
recovery_only(`
domain_trans(init, rootfs, adbd)
+ domain_trans(init, rootfs, fastbootd)
domain_trans(init, rootfs, recovery)
')
domain_trans(init, shell_exec, shell)
domain_trans(init, init_exec, ueventd)
-domain_trans(init, init_exec, watchdogd)
domain_trans(init, init_exec, vendor_init)
domain_trans(init, { rootfs toolbox_exec }, modprobe)
-# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
userdebug_or_eng(`
+ # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
domain_auto_trans(init, logcat_exec, logpersist)
+
+ # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
+ allow init su:process transition;
+ dontaudit init su:process noatsecure;
+ allow init su:process { siginh rlimitinh };
')
diff --git a/private/iorapd.te b/private/iorapd.te
new file mode 100644
index 0000000..602da03
--- /dev/null
+++ b/private/iorapd.te
@@ -0,0 +1,3 @@
+typeattribute iorapd coredomain;
+
+init_daemon_domain(iorapd)
diff --git a/private/isolated_app.te b/private/isolated_app.te
index a6276b3..95b008d 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -11,7 +11,7 @@
app_domain(isolated_app)
# Access already open app data files received over Binder or local socket IPC.
-allow isolated_app app_data_file:file { append read write getattr lock };
+allow isolated_app { app_data_file privapp_data_file }:file { append read write getattr lock };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
@@ -47,6 +47,12 @@
# suppress denials to /data/local/tmp
dontaudit isolated_app shell_data_file:dir search;
+# TODO(b/37211678): give isolated_app explicit access to same_process_hal_file
+# if needed.
+userdebug_or_eng(`
+ auditallow isolated_app same_process_hal_file:file *;
+')
+
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
allow isolated_app traced:fd use;
@@ -61,7 +67,7 @@
neverallow isolated_app tun_device:chr_file open;
# Isolated apps should not directly open app data files themselves.
-neverallow isolated_app app_data_file:file open;
+neverallow isolated_app { app_data_file privapp_data_file }:file open;
# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
# TODO: are there situations where isolated_apps write to this file?
@@ -117,3 +123,24 @@
-sysfs_devices_system_cpu
-sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
}:file no_rw_file_perms;
+
+# No creation of sockets families other than AF_UNIX sockets.
+# List taken from system/sepolicy/public/global_macros - socket_class_set
+# excluding unix_stream_socket and unix_dgram_socket.
+# Many of these are socket families which have never and will never
+# be compiled into the Android kernel.
+neverallow isolated_app self:{
+ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
+ key_socket appletalk_socket netlink_route_socket
+ netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
+ netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
+ netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+ netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+ netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
+ netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
+ netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
+ rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
+ ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
+ qipcrtr_socket smc_socket
+} create;
diff --git a/private/llkd.te b/private/llkd.te
new file mode 100644
index 0000000..385f930
--- /dev/null
+++ b/private/llkd.te
@@ -0,0 +1,53 @@
+# llkd Live LocK Daemon
+typeattribute llkd coredomain;
+
+init_daemon_domain(llkd)
+
+get_prop(llkd, llkd_prop)
+
+allow llkd self:global_capability_class_set kill;
+userdebug_or_eng(`
+ allow llkd self:global_capability_class_set sys_ptrace;
+ allow llkd self:global_capability_class_set { dac_override dac_read_search };
+')
+
+# llkd optionally locks itself in memory, to prevent it from being
+# swapped out and unable to discover a kernel in live-lock state.
+allow llkd self:global_capability_class_set ipc_lock;
+
+# Send kill signals to _anyone_ suffering from Live Lock
+allow llkd domain:process sigkill;
+
+# read stack to check for Live Lock
+userdebug_or_eng(`
+ allow llkd {
+ domain
+ -apexd
+ -kernel
+ -keystore
+ -init
+ -llkd
+ -ueventd
+ -vendor_init
+ }:process ptrace;
+')
+
+# live lock watchdog process allowed to look through /proc/
+allow llkd domain:dir r_dir_perms;
+allow llkd domain:file r_file_perms;
+allow llkd domain:lnk_file read;
+# Set /proc/sys/kernel/hung_task_*
+allow llkd proc_hung_task:file rw_file_perms;
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow llkd proc_sysrq:file w_file_perms;
+allow llkd kmsg_device:chr_file w_file_perms;
+
+### neverallow rules
+
+neverallow { domain -init } llkd:process { dyntransition transition };
+neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace;
+
+# never honor LD_PRELOAD
+neverallow * llkd:process noatsecure;
diff --git a/private/mdnsd.te b/private/mdnsd.te
index 96259e2..98e95da 100644
--- a/private/mdnsd.te
+++ b/private/mdnsd.te
@@ -3,10 +3,10 @@
typeattribute mdnsd coredomain;
typeattribute mdnsd mlstrustedsubject;
-type mdnsd_exec, exec_type, file_type;
+type mdnsd_exec, system_file_type, exec_type, file_type;
init_daemon_domain(mdnsd)
net_domain(mdnsd)
# Read from /proc/net
-r_dir_file(mdnsd, proc_net)
+r_dir_file(mdnsd, proc_net_type)
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index f5c9f69..249fee1 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -37,6 +37,7 @@
# MtpServer uses /dev/usb-ffs/mtp
allow mediaprovider functionfs:dir search;
allow mediaprovider functionfs:file rw_file_perms;
+allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
# MtpServer sets sys.usb.ffs.mtp.ready
set_prop(mediaprovider, ffs_prop)
diff --git a/private/mediaserver.te b/private/mediaserver.te
index a5fa9e1..4c30bc0 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -4,8 +4,4 @@
# allocate and use graphic buffers
hal_client_domain(mediaserver, hal_graphics_allocator)
-
-# TODO(b/36375899): Remove this once OMX HAL is attributized and mediaserver is marked as a client
-# of OMX HAL.
-allow mediaserver hal_codec2_hwservice:hwservice_manager find;
-allow mediaserver hal_omx_hwservice:hwservice_manager find;
+hal_client_domain(mediaserver, hal_omx)
diff --git a/private/mediaswcodec.te b/private/mediaswcodec.te
new file mode 100644
index 0000000..50f5698
--- /dev/null
+++ b/private/mediaswcodec.te
@@ -0,0 +1,4 @@
+typeattribute mediaswcodec coredomain;
+
+init_daemon_domain(mediaswcodec)
+
diff --git a/private/mls b/private/mls
index 3b8ee3f..d4e0e73 100644
--- a/private/mls
+++ b/private/mls
@@ -55,9 +55,9 @@
# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
# Subject must dominate object unless the subject is trusted.
mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
- (t2 != app_data_file or l1 dom l2 or t1 == mlstrustedsubject);
+ ( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject);
mlsconstrain { file lnk_file sock_file } { open setattr unlink link rename }
- (t2 != app_data_file or l1 dom l2 or t1 == mlstrustedsubject);
+ ( (t2 != app_data_file and t2 != privapp_data_file and t2 != priv_app_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
#
# Constraints for file types other than app data files.
@@ -66,18 +66,18 @@
# Read operations: Subject must dominate object unless the subject
# or the object is trusted.
mlsconstrain dir { read getattr search }
- (t2 == app_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+ (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
- (t2 == app_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+ (t2 == app_data_file or t2 == privapp_data_file or t2 == priv_app_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
# Write operations: Subject must be equivalent to the object unless the
# subject or the object is trusted.
mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir }
- (t2 == app_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+ (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename }
- (t2 == app_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+ (t2 == app_data_file or t2 == privapp_data_file or t2 == priv_app_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
# Special case for FIFOs.
# These can be unnamed pipes, in which case they will be labeled with the
diff --git a/private/net.te b/private/net.te
index f16daf9..2e6ced3 100644
--- a/private/net.te
+++ b/private/net.te
@@ -4,7 +4,8 @@
# Use network sockets.
allow netdomain self:tcp_socket create_stream_socket_perms;
-allow netdomain self:{ udp_socket rawip_socket } create_socket_perms;
+allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms;
+
# Connect to ports.
allow netdomain port_type:tcp_socket name_connect;
# Bind to ports.
diff --git a/private/netutils_wrapper.te b/private/netutils_wrapper.te
index ea58814..fc01999 100644
--- a/private/netutils_wrapper.te
+++ b/private/netutils_wrapper.te
@@ -6,7 +6,7 @@
allow netutils_wrapper self:global_capability_class_set net_raw;
allow netutils_wrapper system_file:file { execute execute_no_trans };
-allow netutils_wrapper proc_net:file { open read getattr };
+allow netutils_wrapper proc_net_type:file { open read getattr };
allow netutils_wrapper self:rawip_socket create_socket_perms;
allow netutils_wrapper self:udp_socket create_socket_perms;
allow netutils_wrapper self:global_capability_class_set net_admin;
diff --git a/private/perfetto.te b/private/perfetto.te
index 9ac5d87..c068dc5 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -4,7 +4,7 @@
# daemon.
type perfetto, domain, coredomain;
-type perfetto_exec, exec_type, file_type;
+type perfetto_exec, system_file_type, exec_type, file_type;
tmpfs_domain(perfetto);
diff --git a/private/perfprofd.te b/private/perfprofd.te
index 4da5410..dfe4c3c 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -3,6 +3,13 @@
init_daemon_domain(perfprofd)
')
-# Only servicemanager, statsd, su and systemserver can communicate.
-neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
-neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
+neverallow {
+ domain
+ -hal_system_suspend_server
+ userdebug_or_eng(`-statsd -system_server -hal_health_server -hwservicemanager')
+} perfprofd:binder call;
+neverallow perfprofd {
+ domain
+ -hal_system_suspend_server
+ userdebug_or_eng(`-servicemanager -statsd -su -system_server -hal_health_server -hwservicemanager')
+}:binder call;
diff --git a/private/platform_app.te b/private/platform_app.te
index 6d6ec98..1ee65d3 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -45,6 +45,13 @@
proc_vmstat
}:file r_file_perms;
+# /proc/net access.
+# TODO(b/9496886) Audit access for removal.
+r_dir_file(platform_app, proc_net_type)
+userdebug_or_eng(`
+ auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
allow platform_app audioserver_service:service_manager find;
allow platform_app cameraserver_service:service_manager find;
allow platform_app drmserver_service:service_manager find;
diff --git a/private/policy_capabilities b/private/policy_capabilities
index ab55c15..9290e3a 100644
--- a/private/policy_capabilities
+++ b/private/policy_capabilities
@@ -11,3 +11,10 @@
# to the rawip_socket class.
policycap extended_socket_class;
+# Enable NoNewPrivileges support. Requires libsepol 2.7+
+# and kernel 4.14 (estimated).
+#
+# Checks enabled;
+# process2: nnp_transition, nosuid_transition
+#
+policycap nnp_nosuid_transition;
diff --git a/private/preloads_copy.te b/private/preloads_copy.te
new file mode 100644
index 0000000..7177839
--- /dev/null
+++ b/private/preloads_copy.te
@@ -0,0 +1,14 @@
+type preloads_copy, domain, coredomain;
+type preloads_copy_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(preloads_copy)
+
+allow preloads_copy shell_exec:file rx_file_perms;
+allow preloads_copy toolbox_exec:file rx_file_perms;
+allow preloads_copy preloads_data_file:dir create_dir_perms;
+allow preloads_copy preloads_data_file:file create_file_perms;
+allow preloads_copy preloads_media_file:dir create_dir_perms;
+allow preloads_copy preloads_media_file:file create_file_perms;
+
+# Allow to copy from /postinstall
+allow preloads_copy system_file:dir r_dir_perms;
diff --git a/private/priv_app.te b/private/priv_app.te
index 9ff8d09..41d2a90 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -19,7 +19,7 @@
# Some apps ship with shared libraries that they write out
# to their sandbox directory and then dlopen().
-allow priv_app app_data_file:file execute;
+allow priv_app { app_data_file privapp_data_file }:file execute;
allow priv_app app_api_service:service_manager find;
allow priv_app audioserver_service:service_manager find;
@@ -148,6 +148,7 @@
dontaudit priv_app proc_stat:file read;
dontaudit priv_app proc_version:file read;
dontaudit priv_app sysfs:dir read;
+dontaudit priv_app sysfs:file read;
dontaudit priv_app sysfs_android_usb:file read;
dontaudit priv_app wifi_prop:file read;
dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
@@ -157,6 +158,12 @@
allow priv_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
+# denial to prevent apps from spamming the logs.
+dontaudit priv_app system_data_file:dir write;
+
###
### neverallow rules
###
@@ -204,3 +211,6 @@
# upon traceur to pass a file descriptor which they can then read
neverallow priv_app trace_data_file:dir *;
neverallow priv_app trace_data_file:file { no_w_file_perms open };
+
+# Do not allow priv_app access to cgroups.
+neverallow priv_app cgroup:file *;
diff --git a/private/property_contexts b/private/property_contexts
index 32be0b3..58cc983 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -34,6 +34,10 @@
debug.db. u:object_r:debuggerd_prop:s0
dumpstate. u:object_r:dumpstate_prop:s0
dumpstate.options u:object_r:dumpstate_options_prop:s0
+llk. u:object_r:llkd_prop:s0
+khungtask. u:object_r:llkd_prop:s0
+ro.llk. u:object_r:llkd_prop:s0
+ro.khungtask. u:object_r:llkd_prop:s0
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
@@ -70,8 +74,10 @@
ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
sys.boot.reason u:object_r:system_boot_reason_prop:s0
+sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
pm. u:object_r:pm_prop:s0
test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
+sys.lmk. u:object_r:system_lmk_prop:s0
# Boolean property set by system server upon boot indicating
# if device owner is provisioned.
@@ -114,6 +120,11 @@
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
+ # Restrict access to starting/stopping adbd
+ctl.start$adbd u:object_r:ctl_adbd_prop:s0
+ctl.stop$adbd u:object_r:ctl_adbd_prop:s0
+ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
+
# NFC properties
nfc. u:object_r:nfc_prop:s0
@@ -145,3 +156,8 @@
persist.odm. u:object_r:vendor_default_prop:s0
persist.vendor. u:object_r:vendor_default_prop:s0
vendor. u:object_r:vendor_default_prop:s0
+# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned.
+ro.boot. u:object_r:exported2_default_prop:s0
+
+# Properties that relate to time / time zone detection behavior.
+persist.time. u:object_r:time_prop:s0
diff --git a/private/radio.te b/private/radio.te
index b4f5390..9ac2cf1 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -3,3 +3,6 @@
app_domain(radio)
read_runtime_log_tags(radio)
+
+# Telephony code contains time / time zone detection logic so it reads the associated properties.
+get_prop(radio, time_prop)
diff --git a/private/seapp_contexts b/private/seapp_contexts
index c21d49f..418150e 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -112,7 +112,7 @@
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
-user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
user=_app minTargetSdkVersion=28 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
diff --git a/private/security_classes b/private/security_classes
index 251b721..e0007d1 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -130,6 +130,8 @@
class qipcrtr_socket
class smc_socket
+class process2
+
# Property service
class property_service # userspace
diff --git a/private/service.te b/private/service.te
index 3fec882..660bc1e 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,2 +1,3 @@
+type buffer_hub_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 5ec45a2..c2a4ca1 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,10 +1,14 @@
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
activity u:object_r:activity_service:s0
+activity_task u:object_r:activity_task_service:s0
+adb u:object_r:adb_service:s0
alarm u:object_r:alarm_service:s0
android.os.UpdateEngineService u:object_r:update_engine_service:s0
android.security.keystore u:object_r:keystore_service:s0
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
+app_binding u:object_r:app_binding_service:s0
+apexservice u:object_r:apex_service:s0
appops u:object_r:appops_service:s0
appwidget u:object_r:appwidget_service:s0
assetatlas u:object_r:assetatlas_service:s0
@@ -15,15 +19,14 @@
batterystats u:object_r:batterystats_service:s0
battery u:object_r:battery_service:s0
binder_calls_stats u:object_r:binder_calls_stats_service:s0
+biometric u:object_r:biometric_service:s0
bluetooth_manager u:object_r:bluetooth_manager_service:s0
bluetooth u:object_r:bluetooth_service:s0
broadcastradio u:object_r:broadcastradio_service:s0
+bufferhubd u:object_r:buffer_hub_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
-commontime_management u:object_r:commontime_management_service:s0
-common_time.clock u:object_r:mediaserver_service:s0
-common_time.config u:object_r:mediaserver_service:s0
companiondevice u:object_r:companion_device_service:s0
connectivity u:object_r:connectivity_service:s0
connmetrics u:object_r:connmetrics_service:s0
@@ -41,6 +44,7 @@
devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
diskstats u:object_r:diskstats_service:s0
display u:object_r:display_service:s0
+color_display u:object_r:color_display_service:s0
netd_listener u:object_r:netd_listener_service:s0
network_watchlist u:object_r:network_watchlist_service:s0
DockObserver u:object_r:DockObserver_service:s0
@@ -61,11 +65,13 @@
hardware u:object_r:hardware_service:s0
hardware_properties u:object_r:hardware_properties_service:s0
hdmi_control u:object_r:hdmi_control_service:s0
+ians u:object_r:radio_service:s0
incident u:object_r:incident_service:s0
inputflinger u:object_r:inputflinger_service:s0
input_method u:object_r:input_method_service:s0
input u:object_r:input_service:s0
installd u:object_r:installd_service:s0
+iorapd u:object_r:iorapd_service:s0
iphonesubinfo_msim u:object_r:radio_service:s0
iphonesubinfo2 u:object_r:radio_service:s0
iphonesubinfo u:object_r:radio_service:s0
@@ -80,6 +86,7 @@
launcherapps u:object_r:launcherapps_service:s0
location u:object_r:location_service:s0
lock_settings u:object_r:lock_settings_service:s0
+looper_stats u:object_r:looper_stats_service:s0
media.aaudio u:object_r:audioserver_service:s0
media.audio_flinger u:object_r:audioserver_service:s0
media.audio_policy u:object_r:audioserver_service:s0
@@ -91,6 +98,7 @@
media.extractor u:object_r:mediaextractor_service:s0
media.extractor.update u:object_r:mediaextractor_update_service:s0
media.codec u:object_r:mediacodec_service:s0
+media.codec.update u:object_r:mediaextractor_update_service:s0
media.resource_manager u:object_r:mediaserver_service:s0
media.sound_trigger_hw u:object_r:audioserver_service:s0
media.drm u:object_r:mediadrmserver_service:s0
@@ -161,12 +169,15 @@
telephony.registry u:object_r:registry_service:s0
textclassification u:object_r:textclassification_service:s0
textservices u:object_r:textservices_service:s0
+time_detector u:object_r:timedetector_service:s0
timezone u:object_r:timezone_service:s0
+time_zone_detector u:object_r:timezonedetector_service:s0
thermalservice u:object_r:thermal_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
uimode u:object_r:uimode_service:s0
updatelock u:object_r:updatelock_service:s0
+uri_grants u:object_r:uri_grants_service:s0
usagestats u:object_r:usagestats_service:s0
usb u:object_r:usb_service:s0
user u:object_r:user_service:s0
@@ -175,6 +186,7 @@
voiceinteraction u:object_r:voiceinteraction_service:s0
vold u:object_r:vold_service:s0
vr_hwc u:object_r:vr_hwc_service:s0
+vrflinger_vsync u:object_r:vrflinger_vsync_service:s0
vrmanager u:object_r:vr_manager_service:s0
wallpaper u:object_r:wallpaper_service:s0
webviewupdate u:object_r:webviewupdate_service:s0
diff --git a/private/shell.te b/private/shell.te
index 130a130..ee5b73c 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -51,3 +51,12 @@
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
allow shell perfetto_traces_data_file:dir rw_dir_perms;
allow shell perfetto_traces_data_file:file r_file_perms;
+
+# Allow shell-based "dumpsys" to call into bufferhubd.
+binder_call(shell, bufferhubd);
+
+# Allow shell to use atrace HAL
+hal_client_domain(shell, hal_atrace)
+
+# For hostside tests such as CTS listening ports test.
+allow shell proc_net_tcp_udp:file r_file_perms;
diff --git a/private/stats.te b/private/stats.te
index be8cfbd..818d9f9 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -1,6 +1,6 @@
type stats, domain;
typeattribute stats coredomain;
-type stats_exec, exec_type, file_type;
+type stats_exec, system_file_type, exec_type, file_type;
# switch to stats domain for stats command
domain_auto_trans(shell, stats_exec, stats)
@@ -23,3 +23,29 @@
binder_call(stats, statsd)
allow stats statsd:fifo_file write;
+# Only statsd can publish the binder service.
+add_service(statsd, stats_service)
+
+# Allow pipes from (and only from) stats.
+allow statsd stats:fd use;
+allow statsd stats:fifo_file write;
+
+# Allow statsd to call back to stats with status updates.
+binder_call(statsd, stats)
+
+###
+### neverallow rules
+###
+
+# Only system_server, system_app, traceur_app, and stats command can find the stats service.
+neverallow {
+ domain
+ -dumpstate
+ -priv_app
+ -shell
+ -stats
+ -statsd
+ -system_app
+ -system_server
+ -traceur_app
+} stats_service:service_manager find;
diff --git a/private/statsd.te b/private/statsd.te
index 74b89c2..1e4c5b3 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,44 +1,8 @@
-type statsd, domain, mlstrustedsubject;
typeattribute statsd coredomain;
init_daemon_domain(statsd)
-type statsd_exec, exec_type, file_type;
-binder_use(statsd)
-
-# Allow statsd to scan through /proc/pid for all processes.
-r_dir_file(statsd, domain)
-
-# Allow executing files on system, such as running a shell or running:
-# /system/bin/toolbox
-# /system/bin/logcat
-# /system/bin/dumpsys
-allow statsd devpts:chr_file { getattr ioctl read write };
-allow statsd shell_exec:file rx_file_perms;
-allow statsd system_file:file execute_no_trans;
-allow statsd toolbox_exec:file rx_file_perms;
-
-userdebug_or_eng(`
- allow statsd su:fifo_file read;
-')
-
-# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
-allow statsd stats_data_file:dir create_dir_perms;
-allow statsd stats_data_file:file create_file_perms;
-
-# Allow statsd to make binder calls to any binder service.
-binder_call(statsd, appdomain)
-binder_call(statsd, healthd)
-binder_call(statsd, incidentd)
-userdebug_or_eng(`
- binder_call(statsd, perfprofd)
-')
binder_call(statsd, statscompanion_service)
-binder_call(statsd, system_server)
-
-# Allow logd access.
-read_logd(statsd)
-control_logd(statsd)
# Allow to exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe. It allows statsd to capture traces and hand them
@@ -48,69 +12,5 @@
# Grant statsd with permissions to register the services.
allow statsd {
- app_api_service
- incident_service
statscompanion_service
- system_api_service
}:service_manager find;
-
-# Grant statsd to access health hal to access battery metrics.
-allow statsd hal_health_hwservice:hwservice_manager find;
-
-# Only statsd can publish the binder service.
-add_service(statsd, stats_service)
-
-# Allow pipes from (and only from) stats.
-allow statsd stats:fd use;
-allow statsd stats:fifo_file write;
-
-# Allow statsd to send dump info to dumpstate
-allow statsd dumpstate:fd use;
-allow statsd dumpstate:fifo_file { getattr write };
-
-# Allow statsd to call back to stats with status updates.
-binder_call(statsd, stats)
-
-# Allow access to with hardware layer and process stats.
-allow statsd proc_uid_cputime_showstat:file { getattr open read };
-hal_client_domain(statsd, hal_health)
-hal_client_domain(statsd, hal_power)
-hal_client_domain(statsd, hal_thermal)
-
-# Allow 'adb shell cmd' to upload configs and download output.
-allow statsd adbd:fd use;
-allow statsd adbd:unix_stream_socket { getattr read write };
-allow statsd shell:fifo_file { getattr read };
-
-unix_socket_send(bluetooth, statsdw, statsd)
-unix_socket_send(bootstat, statsdw, statsd)
-unix_socket_send(lmkd, statsdw, statsd)
-unix_socket_send(platform_app, statsdw, statsd)
-unix_socket_send(radio, statsdw, statsd)
-unix_socket_send(statsd, statsdw, statsd)
-unix_socket_send(system_server, statsdw, statsd)
-
-###
-### neverallow rules
-###
-
-# Only system_server, system_app, traceur_app, and stats command can find the stats service.
-neverallow {
- domain
- -dumpstate
- -priv_app
- -shell
- -stats
- -statsd
- -system_app
- -system_server
- -traceur_app
-} stats_service:service_manager find;
-
-# Only statsd and the other root services in limited circumstances.
-# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
-# Other services are prohibitted from accessing the file.
-neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
-
-# Limited access to the directory itself.
-neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
diff --git a/private/storaged.te b/private/storaged.te
index 8ad872f..0e31483 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -1,11 +1,10 @@
# storaged daemon
type storaged, domain, coredomain, mlstrustedsubject;
-type storaged_exec, exec_type, file_type;
+type storaged_exec, system_file_type, exec_type, file_type;
init_daemon_domain(storaged)
# Read access to pseudo filesystems
-r_dir_file(storaged, proc_net)
r_dir_file(storaged, domain)
# Read /proc/uid_io/stats
@@ -30,7 +29,7 @@
# Needed for GMScore to call dumpsys storaged
allow storaged priv_app:fd use;
-allow storaged app_data_file:file write;
+allow storaged { privapp_data_file app_data_file }:file write;
allow storaged permission_service:service_manager find;
# Binder permissions
@@ -49,7 +48,7 @@
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
# running as root. See b/35323867 #3.
-dontaudit storaged self:global_capability_class_set dac_override;
+dontaudit storaged self:global_capability_class_set { dac_override dac_read_search };
# For collecting bugreports.
allow storaged dumpstate:fifo_file write;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index e64b8de..000ebe1 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -2,7 +2,7 @@
typeattribute surfaceflinger coredomain;
-type surfaceflinger_exec, exec_type, file_type;
+type surfaceflinger_exec, system_file_type, exec_type, file_type;
init_daemon_domain(surfaceflinger)
typeattribute surfaceflinger mlstrustedsubject;
@@ -13,7 +13,9 @@
# Perform HwBinder IPC.
hal_client_domain(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_composer)
+hal_client_domain(surfaceflinger, hal_omx)
hal_client_domain(surfaceflinger, hal_configstore)
+hal_client_domain(surfaceflinger, hal_power)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
@@ -53,7 +55,7 @@
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
-allow surfaceflinger app_data_file:file { read write };
+allow surfaceflinger { app_data_file privapp_data_file }:file { read write };
# Allow writing surface traces to /data/misc/wmtrace.
userdebug_or_eng(`
@@ -82,6 +84,8 @@
#add_service(surfaceflinger, surfaceflinger_service)
allow surfaceflinger surfaceflinger_service:service_manager { add find };
+add_service(surfaceflinger, vrflinger_vsync_service)
+
allow surfaceflinger mediaserver_service:service_manager find;
allow surfaceflinger permission_service:service_manager find;
allow surfaceflinger power_service:service_manager find;
diff --git a/private/system_app.te b/private/system_app.te
index eb7e050..ed19b82 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -70,8 +70,10 @@
# TODO: scope this down? Too broad?
allow system_app {
service_manager_type
+ -apex_service
-dumpstate_service
-installd_service
+ -iorapd_service
-netd_service
-virtual_touchpad_service
-vold_service
@@ -81,6 +83,7 @@
dontaudit system_app {
dumpstate_service
installd_service
+ iorapd_service
netd_service
virtual_touchpad_service
vold_service
@@ -112,6 +115,9 @@
proc_version
}:file r_file_perms;
+# Settings app writes to /dev/stune/foreground/tasks.
+allow system_app cgroup:file w_file_perms;
+
control_logd(system_app)
read_runtime_log_tags(system_app)
get_prop(system_app, device_logging_prop)
diff --git a/private/system_server.te b/private/system_server.te
index b037fe4..048e5b2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -78,6 +78,9 @@
# Create and share netlink_netfilter_sockets for tetheroffload.
allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+# Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps.
+allow system_server self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
+
# Use netlink uevent sockets.
allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
@@ -105,7 +108,7 @@
allow system_server audioserver:process { getsched setsched };
allow system_server hal_audio:process { getsched setsched };
allow system_server hal_bluetooth:process { getsched setsched };
-allow system_server mediacodec:process { getsched setsched };
+allow system_server hal_omx_server:process { getsched setsched };
allow system_server cameraserver:process { getsched setsched };
allow system_server hal_camera:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched };
@@ -114,9 +117,9 @@
# Allow system_server to write to /proc/<pid>/timerslack_ns
allow system_server appdomain:file w_file_perms;
allow system_server audioserver:file w_file_perms;
-allow system_server mediacodec:file w_file_perms;
allow system_server cameraserver:file w_file_perms;
allow system_server hal_audio_server:file w_file_perms;
+allow system_server hal_omx_server:file w_file_perms;
# Read /proc/pid data for all domains. This is used by ProcessCpuTracker
# within system_server to keep track of memory and CPU usage for
@@ -124,10 +127,6 @@
# for dumping stack traces of native processes.
r_dir_file(system_server, domain)
-# Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
-allow system_server qtaguid_proc:file rw_file_perms;
-allow system_server qtaguid_device:chr_file rw_file_perms;
-
# Write /proc/uid_cputime/remove_uid_range.
allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
@@ -137,8 +136,13 @@
# Write to /proc/sysrq-trigger.
allow system_server proc_sysrq:file rw_file_perms;
+# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
+allow system_server stats_data_file:dir { open read remove_name search write };
+allow system_server stats_data_file:file unlink;
+
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs:file r_file_perms;
+auditallow system_server debugfs:file r_file_perms;
allow system_server debugfs_wakeup_sources:file r_file_perms;
# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
@@ -163,6 +167,9 @@
unix_socket_connect(system_server, racoon, racoon)
unix_socket_connect(system_server, uncrypt, uncrypt)
+# Allow system_server to write to statsd.
+unix_socket_send(system_server, statsdw, statsd)
+
# Communicate over a socket created by surfaceflinger.
allow system_server surfaceflinger:unix_stream_socket { read write setopt };
@@ -184,6 +191,9 @@
binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_call(system_server, wpantund)
+userdebug_or_eng(`
+ binder_call(system_server, perfprofd)
+')
binder_service(system_server)
# Use HALs
@@ -201,11 +211,10 @@
hal_client_domain(system_server, hal_memtrack)
hal_client_domain(system_server, hal_neuralnetworks)
hal_client_domain(system_server, hal_oemlock)
-allow system_server hal_codec2_hwservice:hwservice_manager find;
-allow system_server hal_omx_hwservice:hwservice_manager find;
-allow system_server hidl_token_hwservice:hwservice_manager find;
+hal_client_domain(system_server, hal_omx)
hal_client_domain(system_server, hal_power)
hal_client_domain(system_server, hal_sensors)
+hal_client_domain(system_server, hal_system_suspend)
hal_client_domain(system_server, hal_tetheroffload)
hal_client_domain(system_server, hal_thermal)
hal_client_domain(system_server, hal_tv_cec)
@@ -220,8 +229,6 @@
hal_client_domain(system_server, hal_wifi_offload)
hal_client_domain(system_server, hal_wifi_supplicant)
-binder_call(system_server, mediacodec)
-
# Talk with graphics composer fences
allow system_server hal_graphics_composer:fd use;
@@ -260,10 +267,11 @@
hal_audio_server
hal_bluetooth_server
hal_camera_server
+ hal_graphics_allocator_server
hal_graphics_composer_server
+ hal_omx_server
hal_sensors_server
hal_vr_server
- mediacodec # TODO(b/36375899): hal_omx_server
}:process { signal };
# Use sockets received over binder from various services.
@@ -344,6 +352,11 @@
allow system_server apk_tmp_file:dir create_dir_perms;
allow system_server apk_tmp_file:file create_file_perms;
+# Access input configuration files in the /vendor directory
+r_dir_file(system_server, vendor_keylayout_file)
+r_dir_file(system_server, vendor_keychars_file)
+r_dir_file(system_server, vendor_idc_file)
+
# Access /vendor/{app,framework,overlay}
r_dir_file(system_server, vendor_app_file)
r_dir_file(system_server, vendor_framework_file)
@@ -379,6 +392,10 @@
allow system_server tombstoned:fd use;
allow system_server dumpstate:fifo_file append;
allow system_server incidentd:fifo_file append;
+# Write to a pipe created from `adb shell` (for debuggerd -j `pidof system_server`)
+userdebug_or_eng(`
+ allow system_server su:fifo_file append;
+')
# Read /data/misc/incidents - only read. The fd will be sent over binder,
# with no DAC access to it, for dropbox to read.
@@ -391,7 +408,7 @@
# Allow dropbox to read /data/misc/perfprofd. Only the fd is sent over binder.
userdebug_or_eng(`
- allow system_server perfprofd_data_file:file read;
+ allow system_server perfprofd_data_file:file { getattr read };
allow system_server perfprofd:fd use;
')
@@ -399,6 +416,10 @@
allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:file create_file_perms;
+# Write to /data/system/dropbox
+allow system_server dropbox_data_file:dir create_dir_perms;
+allow system_server dropbox_data_file:file create_file_perms;
+
# Write to /data/system/heapdump
allow system_server heapdump_data_file:dir rw_dir_perms;
allow system_server heapdump_data_file:file create_file_perms;
@@ -442,7 +463,16 @@
# Walk /data/data subdirectories.
# Types extracted from seapp_contexts type= fields.
-allow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { getattr read search };
+allow system_server {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:dir { getattr read search };
+
# Also permit for unlabeled /data/data subdirectories and
# for unlabeled asec containers on upgrades from 4.2.
allow system_server unlabeled:dir r_dir_perms;
@@ -455,7 +485,15 @@
# Receive and use open app data files passed over binder IPC.
# Types extracted from seapp_contexts type= fields.
-allow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:file { getattr read write append };
+allow system_server {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { getattr read write append map };
# Access to /data/media for measuring disk usage.
allow system_server media_rw_data_file:dir { search getattr open read };
@@ -524,8 +562,8 @@
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
-# PowerManager to read persist.sys.boot.reason
-get_prop(system_server, last_boot_reason_prop)
+# PowerManager to read sys.boot.reason
+get_prop(system_server, system_boot_reason_prop)
# Collect metrics on boot time created by init
get_prop(system_server, boottime_prop)
@@ -536,6 +574,10 @@
# Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop)
+# Audio service in system server can read exported audio properties,
+# such as camera shutter enforcement
+get_prop(system_server, exported_audio_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
@@ -619,10 +661,14 @@
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
allow system_server stats_service:service_manager find;
+allow system_server thermal_service:service_manager find;
allow system_server storaged_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server vold_service:service_manager find;
allow system_server wificond_service:service_manager find;
+userdebug_or_eng(`
+ allow system_server perfprofd_service:service_manager find;
+')
add_service(system_server, batteryproperties_service)
@@ -728,7 +774,7 @@
allow system_server ion_device:chr_file r_file_perms;
r_dir_file(system_server, proc_asound)
-r_dir_file(system_server, proc_net)
+r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
proc_loadavg
@@ -737,6 +783,7 @@
proc_pipe_conf
proc_stat
proc_uid_cputime_showstat
+ proc_uid_io_stats
proc_uid_time_in_state
proc_uid_concurrent_active_time
proc_uid_concurrent_policy_time
@@ -794,6 +841,9 @@
allow system_server functionfs:dir search;
allow system_server functionfs:file rw_file_perms;
+# system_server contains time / time zone detection logic so reads the associated properties.
+get_prop(system_server, time_prop)
+
###
### Neverallow rules
###
@@ -809,7 +859,13 @@
# file descriptor.
# Types extracted from seapp_contexts type= fields, excluding
# those types that system_server needs to open directly.
-neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file { open create unlink link };
+neverallow system_server {
+ bluetooth_data_file
+ nfc_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { open create unlink link };
# Forking and execing is inherently dangerous and racy. See, for
# example, https://www.linuxprogrammingblog.com/threads-and-fork-think-twice-before-using-them
@@ -837,7 +893,8 @@
neverallow system_server dex2oat_exec:file no_x_file_perms;
# system_server should never execute or load executable shared libraries
-# in /data
+# in /data. Executable files in /data are a persistence vector.
+# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
neverallow system_server data_file_type:file no_x_file_perms;
# The only block device system_server should be accessing is
@@ -846,6 +903,8 @@
neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms;
# system_server should never use JIT functionality
+# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
+# in the section titled "A Short ROP Chain" for why.
neverallow system_server self:process execmem;
neverallow system_server ashmem_device:chr_file execute;
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 7f9d315..35db2b3 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -12,6 +12,10 @@
(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
(typeattributeset halclientdomain (hal_allocator_client))
+; Apps, except isolated apps, are clients of OMX-related services
+; Unfortunately, we can't currently express this in module policy language:
+(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
+
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_configstore_client;
@@ -36,3 +40,13 @@
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
+
+; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
+; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
+; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
+(typeattribute untrusted_app_visible_hwservice)
+(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
+(typeattribute untrusted_app_visible_halserver)
+(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
diff --git a/private/traced.te b/private/traced.te
index 49edc51..6571938 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -1,6 +1,6 @@
# Perfetto user-space tracing daemon (unprivileged)
type traced, domain, coredomain, mlstrustedsubject;
-type traced_exec, exec_type, file_type;
+type traced_exec, system_file_type, exec_type, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced)
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 5d80f7e..e173293 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -1,5 +1,5 @@
# Perfetto tracing probes, has tracefs access.
-type traced_probes_exec, exec_type, file_type;
+type traced_probes_exec, system_file_type, exec_type, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced_probes)
@@ -35,7 +35,7 @@
allow traced_probes system_file:dir { open read };
# Allow traced_probes to list some of the data partition.
-allow traced_probes self:capability dac_read_search;
+allow traced_probes self:global_capability_class_set dac_read_search;
allow traced_probes apk_data_file:dir { getattr open read search };
allow traced_probes dalvikcache_data_file:dir { getattr open read search };
@@ -57,6 +57,15 @@
# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
allow atrace traced_probes:fd use;
+# Allow traced_probes to access /proc files for system stats.
+# Note: trace data is NOT exposed to anything other than shell and privileged
+# system apps that have access to the traced consumer socket.
+allow traced_probes {
+ proc_meminfo
+ proc_vmstat
+ proc_stat
+}:file r_file_perms;
+
###
### Neverallow rules
###
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index ba2c1e1..61c9a81 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -40,3 +40,7 @@
# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
+
+# Text relocation support for API < 23
+# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
+allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 6cf1668..32eec26 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,8 +2,7 @@
### Untrusted_app_all.
###
### This file defines the rules shared by all untrusted app domains except
-### apps which target the v2 security sandbox (ephemeral_app for instant apps,
-### untrusted_v2_app for fully installed v2 apps).
+### ephemeral_app for instant apps.
### Apps are labeled based on mac_permissions.xml (maps signer and
### optionally package name to seinfo value) and seapp_contexts (maps UID
### and optionally seinfo value to domain for process and type for data
@@ -19,20 +18,17 @@
### seapp_contexts.
###
### Note that rules that should apply to all untrusted apps must be in app.te or also
-### added to untrusted_v2_app.te and ephemeral_app.te.
-
-# Legacy text relocations
-allow untrusted_app_all apk_data_file:file execmod;
+### added to ephemeral_app.te.
# Some apps ship with shared libraries and binaries that they write out
# to their sandbox directory and then execute.
-allow untrusted_app_all app_data_file:file { rx_file_perms execmod };
+allow untrusted_app_all { app_data_file privapp_data_file }:file { rx_file_perms };
# ASEC
allow untrusted_app_all asec_apk_file:file r_file_perms;
allow untrusted_app_all asec_apk_file:dir r_dir_perms;
# Execute libs in asec containers.
-allow untrusted_app_all asec_public_file:file { execute execmod };
+allow untrusted_app_all asec_public_file:file { execute };
# Used by Finsky / Android "Verify Apps" functionality when
# running "adb install foo.apk".
@@ -126,10 +122,6 @@
allow untrusted_app_all system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
-# Allow the allocation and use of ptys
-# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
-create_pty(untrusted_app_all)
-
# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
dontaudit untrusted_app_all net_dns_prop:file read;
@@ -138,3 +130,13 @@
dontaudit untrusted_app_all proc_stat:file read;
dontaudit untrusted_app_all proc_vmstat:file read;
dontaudit untrusted_app_all proc_uptime:file read;
+
+# Allow the allocation and use of ptys
+# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
+create_pty(untrusted_app_all)
+
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
+# denial to prevent third party apps from spamming the logs.
+dontaudit untrusted_app_all system_data_file:dir write;
diff --git a/private/untrusted_v2_app.te b/private/untrusted_v2_app.te
deleted file mode 100644
index 8f4bceb..0000000
--- a/private/untrusted_v2_app.te
+++ /dev/null
@@ -1,47 +0,0 @@
-###
-### Untrusted v2 sandbox apps.
-###
-
-typeattribute untrusted_v2_app coredomain;
-
-app_domain(untrusted_v2_app)
-net_domain(untrusted_v2_app)
-bluetooth_domain(untrusted_v2_app)
-
-# Read and write system app data files passed over Binder.
-# Motivating case was /data/data/com.android.settings/cache/*.jpg for
-# cropping or taking user photos.
-allow untrusted_v2_app system_app_data_file:file { read write getattr };
-
-# Access to /data/media.
-allow untrusted_v2_app media_rw_data_file:dir create_dir_perms;
-allow untrusted_v2_app media_rw_data_file:file create_file_perms;
-
-# Traverse into /mnt/media_rw for bypassing FUSE daemon
-# TODO: narrow this to just MediaProvider
-allow untrusted_v2_app mnt_media_rw_file:dir search;
-
-# allow cts to query all services
-allow untrusted_v2_app servicemanager:service_manager list;
-
-allow untrusted_v2_app audioserver_service:service_manager find;
-allow untrusted_v2_app cameraserver_service:service_manager find;
-allow untrusted_v2_app drmserver_service:service_manager find;
-allow untrusted_v2_app mediaserver_service:service_manager find;
-allow untrusted_v2_app mediaextractor_service:service_manager find;
-allow untrusted_v2_app mediacodec_service:service_manager find;
-allow untrusted_v2_app mediametrics_service:service_manager find;
-allow untrusted_v2_app mediadrmserver_service:service_manager find;
-allow untrusted_v2_app nfc_service:service_manager find;
-allow untrusted_v2_app radio_service:service_manager find;
-# TODO: potentially provide a tighter list of services here
-allow untrusted_v2_app app_api_service:service_manager find;
-
-# gdbserver for ndk-gdb ptrace attaches to app process.
-allow untrusted_v2_app self:process ptrace;
-
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow untrusted_v2_app traced:fd use;
-allow untrusted_v2_app traced_tmpfs:file { read write getattr map };
-unix_socket_connect(untrusted_v2_app, traced_producer, traced)
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0a11558..0d062e9 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -7,7 +7,7 @@
allow vold_prepare_subdirs vold:fd use;
allow vold_prepare_subdirs vold:fifo_file { read write };
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
-allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override fowner };
+allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
allow vold_prepare_subdirs self:process setfscreate;
allow vold_prepare_subdirs {
system_data_file
diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
index 8b8dd29..85a28da 100644
--- a/private/wait_for_keymaster.te
+++ b/private/wait_for_keymaster.te
@@ -1,6 +1,6 @@
# wait_for_keymaster service
type wait_for_keymaster, domain, coredomain;
-type wait_for_keymaster_exec, exec_type, file_type;
+type wait_for_keymaster_exec, system_file_type, exec_type, file_type;
init_daemon_domain(wait_for_keymaster)
diff --git a/private/watchdogd.te b/private/watchdogd.te
index 36dd30f..91ece70 100644
--- a/private/watchdogd.te
+++ b/private/watchdogd.te
@@ -1 +1,3 @@
typeattribute watchdogd coredomain;
+
+init_daemon_domain(watchdogd)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 55b268a..ea01412 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -95,6 +95,7 @@
# Should not have any access to app data files.
neverallow webview_zygote {
app_data_file
+ privapp_data_file
system_app_data_file
bluetooth_data_file
nfc_data_file
diff --git a/private/zygote.te b/private/zygote.te
index 2dcbdf1..ec04d8f 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -7,7 +7,7 @@
read_runtime_log_tags(zygote)
# Override DAC on files and switch uid/gid.
-allow zygote self:global_capability_class_set { dac_override setgid setuid fowner chown };
+allow zygote self:global_capability_class_set { dac_override dac_read_search setgid setuid fowner chown };
# Drop capabilities from bounding set.
allow zygote self:global_capability_class_set setpcap;
@@ -43,7 +43,9 @@
allow zygote resourcecache_data_file:file create_file_perms;
# When WITH_DEXPREOPT is true, the zygote does not load executable content from
-# /data/dalvik-cache.
+# /data/dalvik-cache. Executable files loaded from /data is a persistence vector
+# we want to avoid. See
+# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
# Execute idmap and dex2oat within zygote's own domain.
@@ -88,12 +90,14 @@
allow zygote mnt_user_file:lnk_file create_file_perms;
# Allowed to mount user-specific storage into place
allow zygote storage_file:dir { search mounton };
+# Allow mounting on sdcardfs dirs
+allow zygote sdcardfs:dir { search mounton };
# Handle --invoke-with command when launching Zygote with a wrapper command.
allow zygote zygote_exec:file rx_file_perms;
-# Read access to pseudo filesystems.
-r_dir_file(zygote, proc_net)
+# Allow zygote to write to statsd.
+unix_socket_send(zygote, statsdw, statsd)
# Root fs.
r_dir_file(zygote, rootfs)
@@ -114,6 +118,9 @@
get_prop(zygote, overlay_prop)
get_prop(zygote, exported_overlay_prop)
+# ingore spurious denials
+dontaudit zygote self:global_capability_class_set sys_resource;
+
###
### neverallow rules
###
diff --git a/public/adbd.te b/public/adbd.te
index 95854c0..68a176c 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -1,4 +1,8 @@
# adbd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type adbd, domain;
-type adbd_exec, exec_type, file_type;
+type adbd_exec, exec_type, file_type, system_file_type;
+
+# Only init is allowed to enter the adbd domain via exec()
+neverallow { domain -init } adbd:process transition;
+neverallow * adbd:process dyntransition;
diff --git a/public/apexd.te b/public/apexd.te
new file mode 100644
index 0000000..73daf38
--- /dev/null
+++ b/public/apexd.te
@@ -0,0 +1,11 @@
+# apexd -- manager for APEX packages
+type apexd, domain;
+type apexd_exec, exec_type, file_type, system_file_type;
+
+binder_use(apexd)
+add_service(apexd, apex_service)
+
+neverallow { domain -init -apexd } apex_service:service_manager find;
+neverallow { domain -init -apexd } apexd:binder call;
+
+neverallow domain apexd:process ptrace;
diff --git a/public/app.te b/public/app.te
index 439c1f8..800e891 100644
--- a/public/app.te
+++ b/public/app.te
@@ -22,10 +22,6 @@
# Notify zygote of death;
allow appdomain zygote:process sigchld;
-# Place process into foreground / background
-allow appdomain cgroup:dir { search write };
-allow appdomain cgroup:file rw_file_perms;
-
# Read /data/dalvik-cache.
allow appdomain dalvikcache_data_file:dir { search getattr };
allow appdomain dalvikcache_data_file:file r_file_perms;
@@ -66,8 +62,8 @@
allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown };
# App sandbox file accesses.
-allow { appdomain -isolated_app } app_data_file:dir create_dir_perms;
-allow { appdomain -isolated_app } app_data_file:notdevfile_class_set create_file_perms;
+allow { appdomain -isolated_app } { app_data_file privapp_data_file }:dir create_dir_perms;
+allow { appdomain -isolated_app } { app_data_file privapp_data_file }:notdevfile_class_set create_file_perms;
# Traverse into expanded storage
allow appdomain mnt_expand_file:dir r_dir_perms;
@@ -85,10 +81,10 @@
allow appdomain oemfs:file rx_file_perms;
# Execute the shell or other system executables.
-allow { appdomain -ephemeral_app -untrusted_v2_app } shell_exec:file rx_file_perms;
-allow { appdomain -ephemeral_app -untrusted_v2_app } toolbox_exec:file rx_file_perms;
-allow { appdomain -untrusted_v2_app } system_file:file x_file_perms;
-not_full_treble(`allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_file:file x_file_perms;')
+allow { appdomain -ephemeral_app } shell_exec:file rx_file_perms;
+allow { appdomain -ephemeral_app } toolbox_exec:file rx_file_perms;
+allow appdomain system_file:file x_file_perms;
+not_full_treble(`allow { appdomain -ephemeral_app } vendor_file:file x_file_perms;')
# Renderscript needs the ability to read directories on /system
allow appdomain system_file:dir r_dir_perms;
@@ -106,8 +102,8 @@
# Allow apps access to /vendor/app except for privileged
# apps which cannot be in /vendor.
-r_dir_file({ appdomain -ephemeral_app -untrusted_v2_app }, vendor_app_file)
-allow { appdomain -ephemeral_app -untrusted_v2_app } vendor_app_file:file execute;
+r_dir_file({ appdomain -ephemeral_app }, vendor_app_file)
+allow { appdomain -ephemeral_app } vendor_app_file:file execute;
# Allow apps access to /vendor/overlay
r_dir_file(appdomain, vendor_overlay_file)
@@ -116,20 +112,24 @@
# for vendor provided libraries.
r_dir_file(appdomain, vendor_framework_file)
+# Allow apps read / execute access to vendor public libraries.
+allow appdomain vendor_public_lib_file:dir r_dir_perms;
+allow appdomain vendor_public_lib_file:file { execute read open getattr map };
+
# Execute dex2oat when apps call dexclassloader
allow appdomain dex2oat_exec:file rx_file_perms;
# Read/write wallpaper file (opened by system).
-allow appdomain wallpaper_file:file { getattr read write };
+allow appdomain wallpaper_file:file { getattr read write map };
# Read/write cached ringtones (opened by system).
-allow appdomain ringtone_file:file { getattr read write };
+allow appdomain ringtone_file:file { getattr read write map };
# Read ShortcutManager icon files (opened by system).
-allow appdomain shortcut_manager_icons:file { getattr read };
+allow appdomain shortcut_manager_icons:file { getattr read map };
# Read icon file (opened by system).
-allow appdomain icon_file:file { getattr read };
+allow appdomain icon_file:file { getattr read map };
# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
#
@@ -162,6 +162,9 @@
allow appdomain incidentd:fd use;
allow appdomain incidentd:fifo_file { write getattr };
+# Allow apps to send information to statsd socket.
+unix_socket_send(appdomain, statsdw, statsd)
+
# Write profiles /data/misc/profiles
allow appdomain user_profile_data_file:dir { search write add_name };
allow appdomain user_profile_data_file:file create_file_perms;
@@ -174,36 +177,34 @@
allow appdomain heapdump_data_file:file append;
')
-# Write to /proc/net/xt_qtaguid/ctrl file.
-allow {
- untrusted_app_25
- untrusted_app_27
- priv_app
- system_app
- platform_app
- shell
-} qtaguid_proc:file rw_file_perms;
-r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
-# read /proc/net/xt_qtguid/*stat* to per-app network data usage.
-# Exclude isolated app which may not use network sockets.
+# /proc/net access.
+# TODO(b/9496886) Audit access for removal.
+# proc_net access for the negated domains below is granted (or not) in their
+# individual .te files.
r_dir_file({
- untrusted_app_25
- untrusted_app_27
- priv_app
- system_app
- platform_app
- shell
-}, proc_qtaguid_stat)
-# Everybody can read the xt_qtaguid resource tracking misc dev.
-# So allow all apps to read from /dev/xt_qtaguid.
-allow {
- untrusted_app_25
- untrusted_app_27
- priv_app
- system_app
- platform_app
- shell
-} qtaguid_device:chr_file r_file_perms;
+ appdomain
+ -ephemeral_app
+ -isolated_app
+ -platform_app
+ -priv_app
+ -shell
+ -system_app
+ -untrusted_app_all
+}, proc_net_type)
+# audit access for all these non-core app domains.
+userdebug_or_eng(`
+ auditallow {
+ appdomain
+ -ephemeral_app
+ -isolated_app
+ -platform_app
+ -priv_app
+ -shell
+ -su
+ -system_app
+ -untrusted_app_all
+ } proc_net_type:{ dir file lnk_file } { getattr open read };
+')
# Grant GPU access to all processes started by Zygote.
# They need that to render the standard UI.
@@ -218,13 +219,6 @@
# Perform binder IPC to ephemeral apps.
binder_call(appdomain, ephemeral_app)
-# TODO(b/36375899): Replace this with hal_client_domain once mediacodec is properly attributized
-# as OMX HAL
-hwbinder_use({ appdomain -isolated_app })
-allow { appdomain -isolated_app } hal_codec2_hwservice:hwservice_manager find;
-allow { appdomain -isolated_app } hal_omx_hwservice:hwservice_manager find;
-allow { appdomain -isolated_app } hidl_token_hwservice:hwservice_manager find;
-
# Talk with graphics composer fences
allow appdomain hal_graphics_composer:fd use;
@@ -236,12 +230,12 @@
# Backup ability for every app. BMS opens and passes the fd
# to any app that has backup ability. Hence, no open permissions here.
-allow appdomain backup_data_file:file { read write getattr };
-allow appdomain cache_backup_file:file { read write getattr };
+allow appdomain backup_data_file:file { read write getattr map };
+allow appdomain cache_backup_file:file { read write getattr map };
allow appdomain cache_backup_file:dir getattr;
# Backup ability using 'adb backup'
allow appdomain system_data_file:lnk_file r_file_perms;
-allow appdomain system_data_file:file { getattr read };
+allow appdomain system_data_file:file { getattr read map };
# Allow read/stat of /data/media files passed by Binder or local socket IPC.
allow { appdomain -isolated_app } media_rw_data_file:file { read getattr };
@@ -290,7 +284,7 @@
# logd access
read_logd(appdomain)
-control_logd({ appdomain -ephemeral_app untrusted_v2_app })
+control_logd({ appdomain -ephemeral_app })
# application inherit logd write socket (urge is to deprecate this long term)
allow appdomain zygote:unix_dgram_socket write;
@@ -304,15 +298,7 @@
allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
-# TODO is write really necessary ?
-auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write append };
-
-# TODO(b/36375899) replace with hal_client_domain for mediacodec (hal_omx)
-get_prop({ appdomain -isolated_app }, hwservicemanager_prop);
-
-# Allow app access to mediacodec (IOMX HAL)
-binder_call({ appdomain -isolated_app }, mediacodec)
+allow { appdomain -isolated_app } ion_device:chr_file r_file_perms;
# Allow AAudio apps to use shared memory file descriptors from the HAL
allow { appdomain -isolated_app } hal_audio:fd use;
@@ -360,6 +346,9 @@
# Allow apps to run with asanwrapper.
with_asan(`allow appdomain asanwrapper_exec:file rx_file_perms;')
+# Read access to FDs from the DropboxManagerService.
+allow appdomain dropbox_data_file:file { getattr read };
+
###
### Neverallow rules
###
@@ -418,6 +407,20 @@
# ptrace access to non-app domains.
neverallow appdomain { domain -appdomain }:process ptrace;
+# The Android security model guarantees the confidentiality and integrity
+# of application data and execution state. Ptrace bypasses those
+# confidentiality guarantees. Disallow ptrace access from system components
+# to apps. Crash_dump is excluded, as it needs ptrace access to
+# produce stack traces. llkd is excluded, as it needs ptrace access to
+# inspect stack traces for live lock conditions.
+
+neverallow {
+ domain
+ -appdomain
+ -crash_dump
+ userdebug_or_eng(`-llkd')
+} appdomain:process ptrace;
+
# Read or write access to /proc/pid entries for any non-app domain.
# A different form of hidepid=2 like protections
neverallow appdomain { domain -appdomain }:file no_w_file_perms;
@@ -570,3 +573,8 @@
# Apps cannot access proc_uid_cpupower
neverallow appdomain proc_uid_cpupower:file *;
+
+# Apps may not read /proc/net/{tcp,tcp6,udp,udp6}. These files leak information across the
+# application boundary. VPN apps may use the ConnectivityManager.getConnectionOwnerUid() API to
+# perform UID lookups.
+neverallow { appdomain -shell } proc_net_tcp_udp:file *;
diff --git a/public/attributes b/public/attributes
index 0c7ca2e..f56919a 100644
--- a/public/attributes
+++ b/public/attributes
@@ -33,6 +33,10 @@
# All types in /data, not in /data/vendor
attribute core_data_file_type;
expandattribute core_data_file_type false;
+
+# All types in /system
+attribute system_file_type;
+
# All types in /vendor
attribute vendor_file_type;
@@ -40,6 +44,13 @@
attribute proc_type;
expandattribute proc_type false;
+# Types in /proc/net, excluding qtaguid types.
+# TODO(b/9496886) Lock down access to /proc/net.
+# This attribute is used to audit access to proc_net. it is temporary and will
+# be removed.
+attribute proc_net_type;
+expandattribute proc_net_type true;
+
# All types used for sysfs files.
attribute sysfs_type;
@@ -177,6 +188,11 @@
attribute system_writes_vendor_properties_violators;
expandattribute system_writes_vendor_properties_violators false;
+# All system domains which violate the requirement of not writing to
+# /mnt/vendor/*. Must not be used on devices launched with P or later.
+attribute system_writes_mnt_vendor_violators;
+expandattribute system_writes_mnt_vendor_violators false;
+
# hwservices that are accessible from untrusted applications
# WARNING: Use of this attribute should be avoided unless
# absolutely necessary. It is a temporary allowance to aid the
@@ -184,19 +200,19 @@
# version, requiring all hwservices that are labeled with this
# attribute to be submitted to AOSP in order to maintain their
# app-visibility.
-attribute untrusted_app_visible_hwservice;
-expandattribute untrusted_app_visible_hwservice false;
+attribute untrusted_app_visible_hwservice_violators;
+expandattribute untrusted_app_visible_hwservice_violators false;
# halserver domains that are accessible to untrusted applications. These
# domains are typically those hosting hwservices attributed by the
-# untrusted_app_visible_hwservice.
+# untrusted_app_visible_hwservice_violators.
# WARNING: Use of this attribute should be avoided unless absolutely necessary.
# It is a temporary allowance to aid the transition to treble and will be
# removed in the future platform version, requiring all halserver domains that
# are labeled with this attribute to be submitted to AOSP in order to maintain
# their app-visibility.
-attribute untrusted_app_visible_halserver;
-expandattribute untrusted_app_visible_halserver false;
+attribute untrusted_app_visible_halserver_violators;
+expandattribute untrusted_app_visible_halserver_violators false;
# PDX services
attribute pdx_endpoint_dir_type;
@@ -224,47 +240,21 @@
# HALs should be able to communicate with those devices through sockets.
attribute hal_automotive_socket_exemption;
-# TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
-# can be resolve.
-attribute hal_audio;
-attribute hal_audio_client;
-expandattribute hal_audio_client true;
-attribute hal_audio_server;
-expandattribute hal_audio_server false;
-
-attribute hal_bootctl;
-attribute hal_bootctl_client;
-expandattribute hal_bootctl_client true;
-attribute hal_bootctl_server;
-expandattribute hal_bootctl_server false;
-
-attribute hal_camera;
-attribute hal_camera_client;
-expandattribute hal_camera_client true;
-attribute hal_camera_server;
-expandattribute hal_camera_server false;
-
-attribute hal_drm;
-attribute hal_drm_client;
-expandattribute hal_drm_client true;
-attribute hal_drm_server;
-expandattribute hal_drm_server false;
-
-attribute hal_cas;
-attribute hal_cas_client;
-expandattribute hal_cas_client true;
-attribute hal_cas_server;
-expandattribute hal_cas_server false;
-
# HALs
hal_attribute(allocator);
+hal_attribute(atrace);
+hal_attribute(audio);
hal_attribute(audiocontrol);
hal_attribute(authsecret);
hal_attribute(bluetooth);
+hal_attribute(bootctl);
hal_attribute(broadcastradio);
+hal_attribute(camera);
+hal_attribute(cas);
hal_attribute(configstore);
hal_attribute(confirmationui);
hal_attribute(contexthub);
+hal_attribute(drm);
hal_attribute(dumpstate);
hal_attribute(evs);
hal_attribute(fingerprint);
@@ -273,6 +263,7 @@
hal_attribute(graphics_allocator);
hal_attribute(graphics_composer);
hal_attribute(health);
+hal_attribute(health_storage);
hal_attribute(ir);
hal_attribute(keymaster);
hal_attribute(light);
@@ -281,9 +272,11 @@
hal_attribute(neuralnetworks);
hal_attribute(nfc);
hal_attribute(oemlock);
+hal_attribute(omx);
hal_attribute(power);
hal_attribute(secure_element);
hal_attribute(sensors);
+hal_attribute(system_suspend);
hal_attribute(telephony);
hal_attribute(tetheroffload);
hal_attribute(thermal);
@@ -309,3 +302,4 @@
attribute display_service_server;
attribute wifi_keystore_service_server;
+attribute mediaswcodec_server;
diff --git a/public/bootanim.te b/public/bootanim.te
index 3260227..e8cb98b 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -1,6 +1,6 @@
# bootanimation oneshot service
type bootanim, domain;
-type bootanim_exec, exec_type, file_type;
+type bootanim_exec, system_file_type, exec_type, file_type;
hal_client_domain(bootanim, hal_configstore)
hal_client_domain(bootanim, hal_graphics_allocator)
diff --git a/public/bootstat.te b/public/bootstat.te
index 7ba0238..a2a060b 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -1,6 +1,6 @@
# bootstat command
type bootstat, domain;
-type bootstat_exec, exec_type, file_type;
+type bootstat_exec, system_file_type, exec_type, file_type;
read_runtime_log_tags(bootstat)
@@ -26,6 +26,9 @@
# Allow access to reading the logs to read aspects of system health
read_logd(bootstat)
+# Allow bootstat write to statsd.
+unix_socket_send(bootstat, statsdw, statsd)
+
# ToDo: end
neverallow {
diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 274c271..7acfa69 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@@ -1,9 +1,10 @@
# bufferhubd
type bufferhubd, domain, mlstrustedsubject;
-type bufferhubd_exec, exec_type, file_type;
+type bufferhubd_exec, system_file_type, exec_type, file_type;
hal_client_domain(bufferhubd, hal_graphics_allocator)
+# TODO(b/112338294): remove these after migrate to Binder
pdx_server(bufferhubd, bufferhub_client)
pdx_client(bufferhubd, performance_client)
@@ -13,8 +14,8 @@
# Access /dev/ion
allow bufferhubd ion_device:chr_file r_file_perms;
-# Receive sync fence FDs from mediacodec. Note that mediacodec never directly
+# Receive sync fence FDs from hal_omx_server. Note that hal_omx_server never directly
# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
-# those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX.
+# those two: it talks to hal_omx_server via Binder and talks to bufferhubd via PDX.
# Thus, there is no need to use pdx_client macro.
-allow bufferhubd mediacodec:fd use;
+allow bufferhubd hal_omx_server:fd use;
diff --git a/public/cameraserver.te b/public/cameraserver.te
index 3fdca53..ba45228 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -1,6 +1,6 @@
# cameraserver - camera daemon
type cameraserver, domain;
-type cameraserver_exec, exec_type, file_type;
+type cameraserver_exec, system_file_type, exec_type, file_type;
binder_use(cameraserver)
binder_call(cameraserver, binderservicedomain)
diff --git a/public/clatd.te b/public/clatd.te
index ee44abf..5c9d724 100644
--- a/public/clatd.te
+++ b/public/clatd.te
@@ -1,10 +1,13 @@
# 464xlat daemon
type clatd, domain;
-type clatd_exec, exec_type, file_type;
+type clatd_exec, system_file_type, exec_type, file_type;
net_domain(clatd)
-r_dir_file(clatd, proc_net)
+r_dir_file(clatd, proc_net_type)
+userdebug_or_eng(`
+ auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
+')
# Access objects inherited from netd.
allow clatd netd:fd use;
diff --git a/public/cppreopts.te b/public/cppreopts.te
index fb9855e..623391e 100644
--- a/public/cppreopts.te
+++ b/public/cppreopts.te
@@ -5,7 +5,7 @@
# directories.
type cppreopts, domain, mlstrustedsubject;
-type cppreopts_exec, exec_type, file_type;
+type cppreopts_exec, system_file_type, exec_type, file_type;
# Allow cppreopts copy files into the dalvik-cache
allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write };
diff --git a/public/crash_dump.te b/public/crash_dump.te
index cd1e5a8..ec33df3 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -1,5 +1,5 @@
type crash_dump, domain;
-type crash_dump_exec, exec_type, file_type;
+type crash_dump_exec, system_file_type, exec_type, file_type;
# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
# which will result in an audit log even when it's allowed to trace.
@@ -46,7 +46,9 @@
# Append to tombstone files.
allow crash_dump tombstone_data_file:file { append getattr };
-read_logd(crash_dump)
+# crash_dump writes out logcat logs at the bottom of tombstones,
+# which is super useful in some cases.
+unix_socket_connect(crash_dump, logdr, logd)
# Crash dump is not intended to access the following data types. Since these
# are WAI, suppress the denials to clean up the logs.
diff --git a/public/device.te b/public/device.te
index 231c839..1ab08b4 100644
--- a/public/device.te
+++ b/public/device.te
@@ -80,18 +80,23 @@
type frp_block_device, dev_type;
# System block device mounted on /system.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type system_block_device, dev_type;
# Recovery block device.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type recovery_block_device, dev_type;
# boot block device.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type boot_block_device, dev_type;
# Userdata block device mounted on /data.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type userdata_block_device, dev_type;
# Cache block device mounted on /cache.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type cache_block_device, dev_type;
# Block device for any swap partition.
@@ -100,7 +105,12 @@
# Metadata block device used for encryption metadata.
# Assign this type to the partition specified by the encryptable=
# mount option in your fstab file in the entry for userdata.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type metadata_block_device, dev_type;
# The 'misc' partition used by recovery and A/B.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
type misc_block_device, dev_type;
+
+# 'super' partition to be used for logical partitioning.
+type super_block_device, dev_type;
diff --git a/public/dex2oat.te b/public/dex2oat.te
index 608ba79..0a046c6 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -1,15 +1,15 @@
# dex2oat
type dex2oat, domain;
-type dex2oat_exec, exec_type, file_type;
+type dex2oat_exec, system_file_type, exec_type, file_type;
r_dir_file(dex2oat, apk_data_file)
# Access to /vendor/app
r_dir_file(dex2oat, vendor_app_file)
# Access /vendor/framework
allow dex2oat vendor_framework_file:dir { getattr search };
-allow dex2oat vendor_framework_file:file { getattr open read };
+allow dex2oat vendor_framework_file:file { getattr open read map };
-allow dex2oat tmpfs:file { read getattr };
+allow dex2oat tmpfs:file { read getattr map };
r_dir_file(dex2oat, dalvikcache_data_file)
allow dex2oat dalvikcache_data_file:file write;
@@ -24,16 +24,16 @@
# Read already open asec_apk_file file descriptors passed by installd.
# Also allow reading unlabeled files, to allow for upgrading forward
# locked APKs.
-allow dex2oat asec_apk_file:file read;
-allow dex2oat unlabeled:file read;
-allow dex2oat oemfs:file read;
+allow dex2oat asec_apk_file:file { read map };
+allow dex2oat unlabeled:file { read map };
+allow dex2oat oemfs:file { read map };
allow dex2oat apk_tmp_file:dir search;
allow dex2oat apk_tmp_file:file r_file_perms;
-allow dex2oat user_profile_data_file:file { getattr read lock };
+allow dex2oat user_profile_data_file:file { getattr read lock map };
# Allow dex2oat to compile app's secondary dex files which were reported back to
# the framework.
-allow dex2oat app_data_file:file { getattr read write lock };
+allow dex2oat { privapp_data_file app_data_file }:file { getattr read write lock map };
##################
# A/B OTA Dexopt #
@@ -63,4 +63,4 @@
# Neverallow #
##############
-neverallow dex2oat app_data_file:notdevfile_class_set open;
+neverallow dex2oat { privapp_data_file app_data_file }:notdevfile_class_set open;
diff --git a/public/dhcp.te b/public/dhcp.te
index 1f1ef2b..4f2369d 100644
--- a/public/dhcp.te
+++ b/public/dhcp.te
@@ -1,5 +1,5 @@
type dhcp, domain;
-type dhcp_exec, exec_type, file_type;
+type dhcp_exec, system_file_type, exec_type, file_type;
net_domain(dhcp)
@@ -15,7 +15,7 @@
allow dhcp toolbox_exec:file rx_file_perms;
# For /proc/sys/net/ipv4/conf/*/promote_secondaries
-allow dhcp proc_net:file write;
+allow dhcp proc_net_type:file write;
set_prop(dhcp, dhcp_prop)
set_prop(dhcp, pan_result_prop)
diff --git a/public/dnsmasq.te b/public/dnsmasq.te
index 3aaefd3..62e1a32 100644
--- a/public/dnsmasq.te
+++ b/public/dnsmasq.te
@@ -1,12 +1,12 @@
# DNS, DHCP services
type dnsmasq, domain;
-type dnsmasq_exec, exec_type, file_type;
+type dnsmasq_exec, system_file_type, exec_type, file_type;
net_domain(dnsmasq)
allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls;
# TODO: Run with dhcp group to avoid need for dac_override.
-allow dnsmasq self:global_capability_class_set dac_override;
+allow dnsmasq self:global_capability_class_set { dac_override dac_read_search };
allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid };
diff --git a/public/domain.te b/public/domain.te
index e9337b6..3e7a0dc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -23,7 +23,7 @@
};
allow domain self:fd use;
allow domain proc:dir r_dir_perms;
-allow domain proc_net:dir search;
+allow domain proc_net_type:dir search;
r_dir_file(domain, self)
allow domain self:{ fifo_file file } rw_file_perms;
allow domain self:unix_dgram_socket { create_socket_perms sendto };
@@ -152,14 +152,30 @@
# logd access
write_logd(domain)
-# System file accesses.
-allow domain system_file:dir { search getattr };
-allow domain system_file:file { execute read open getattr map };
+# Directory/link file access for path resolution.
+allow domain {
+ system_file
+ system_lib_file
+ system_seccomp_policy_file
+ system_security_cacerts_file
+}:dir r_dir_perms;
allow domain system_file:lnk_file { getattr read };
+# Global access to /system/etc/security/cacerts/*, /system/etc/seccomp_policy/*, /system/lib[64]/*,
+# linker and its config.
+allow domain system_seccomp_policy_file:file r_file_perms;
+# cacerts are accessible from public Java API.
+allow domain system_security_cacerts_file:file r_file_perms;
+allow domain system_linker_exec:file { execute read open getattr map };
+allow domain system_linker_config_file:file r_file_perms;
+allow domain system_lib_file:file { execute read open getattr map };
+
+allow { appdomain coredomain } system_file:file { execute read open getattr map };
+
# Make sure system/vendor split doesn not affect non-treble
# devices
not_full_treble(`
+ allow domain system_file:file { execute read open getattr map };
allow domain vendor_file_type:dir { search getattr };
allow domain vendor_file_type:file { execute read open getattr map };
allow domain vendor_file_type:lnk_file { getattr read };
@@ -172,7 +188,22 @@
# Everyone can read and execute all same process HALs
allow domain same_process_hal_file:dir r_dir_perms;
+# TODO(b/37211678): whitelist domains that actually need same process HALs.
allow domain same_process_hal_file:file { execute read open getattr map };
+# Touching same_process_hal_file indicates usage of SP-HALs or abuse of
+# same_process_hal_file label, which is what we are interested in.
+userdebug_or_eng(`
+ auditallow {
+ coredomain
+ -zygote
+ -hal_allocator_client
+ # Graphics mapper clients.
+ -hal_graphics_allocator_client
+ # Renderscript clients include { system_server appdomain -isolated_app }.
+ -appdomain
+ -system_server
+ } same_process_hal_file:file *;
+')
# Any process can load vndk-sp libraries, which are system libraries
# used by same process HALs
@@ -181,7 +212,7 @@
# All domains get access to /vendor/etc
allow domain vendor_configs_file:dir r_dir_perms;
-allow domain vendor_configs_file:file { read open getattr };
+allow domain vendor_configs_file:file { read open getattr map };
full_treble_only(`
# Allow all domains to be able to follow /system/vendor and/or
@@ -202,10 +233,11 @@
# read and stat any sysfs symlinks
allow domain sysfs:lnk_file { getattr read };
-# libc references /data/misc/zoneinfo for timezone related information
+# libc references /data/misc/zoneinfo and /system/usr/share/zoneinfo for
+# timezone related information.
# This directory is considered to be a VNDK-stable
-allow domain zoneinfo_data_file:file r_file_perms;
-allow domain zoneinfo_data_file:dir r_dir_perms;
+allow domain { system_zoneinfo_file zoneinfo_data_file }:file r_file_perms;
+allow domain { system_zoneinfo_file zoneinfo_data_file }:dir r_dir_perms;
# Lots of processes access current CPU information
r_dir_file(domain, sysfs_devices_system_cpu)
@@ -241,9 +273,10 @@
allow domain sysfs:dir search;
allow domain selinuxfs:filesystem getattr;
-# For /acct/uid/*/tasks.
-allow domain cgroup:dir { search write };
-allow domain cgroup:file w_file_perms;
+# Path resolution access in cgroups.
+allow domain cgroup:dir search;
+allow { domain -appdomain } cgroup:dir w_dir_perms;
+allow { domain -appdomain } cgroup:file w_file_perms;
# Almost all processes log tracing information to
# /sys/kernel/debug/tracing/trace_marker
@@ -262,10 +295,10 @@
# defaults for all processes. Note that granting this whitelist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
-allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
+allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
# default whitelist for unix sockets.
-allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
+allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
ioctl unpriv_unix_sock_ioctls;
# Restrict PTYs to only whitelisted ioctls.
@@ -274,6 +307,35 @@
# separately.
allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
+# All domains must clearly enumerate what ioctls they use
+# on filesystem objects (plain files, directories, symbolic links,
+# named pipes, and named sockets). We start off with a safe set.
+allowxperm domain { file_type fs_type domain dev_type }:{ dir notdevfile_class_set blk_file } ioctl { FIOCLEX FIONCLEX };
+
+# Allow a process to make a determination whether a file descriptor
+# for a plain file or pipe (fifo_file) is a tty. Note that granting
+# this whitelist to domain does not grant the ioctl permission to
+# these files. That must be granted separately.
+allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
+allowxperm domain domain:fifo_file ioctl { TCGETS };
+
+# If a domain has access to perform an ioctl on a block device, allow these
+# very common, benign ioctls
+allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
+
+# Support sqlite F2FS specific optimizations
+# ioctl permission on the specific file type is still required
+# TODO: consider only compiling these rules if we know the
+# /data partition is F2FS
+allowxperm domain { file_type sdcard_type }:file ioctl {
+ F2FS_IOC_ABORT_VOLATILE_WRITE
+ F2FS_IOC_COMMIT_ATOMIC_WRITE
+ F2FS_IOC_GET_FEATURES
+ F2FS_IOC_GET_PIN_FILE
+ F2FS_IOC_SET_PIN_FILE
+ F2FS_IOC_START_ATOMIC_WRITE
+};
+
# Workaround for policy compiler being too aggressive and removing hwservice_manager_type
# when it's not explicitly used in allow rules
allow { domain -domain } hwservice_manager_type:hwservice_manager { add find };
@@ -283,13 +345,20 @@
# Under ASAN, processes will try to read /data, as the sanitized libraries are there.
with_asan(`allow domain system_data_file:dir getattr;')
+# Under ASAN, /system/asan.options needs to be globally accessible.
+with_asan(`allow domain system_asan_options_file:file r_file_perms;')
+
+# read APEX dir and stat any symlink pointing to APEXs.
+allow domain apex_mnt_dir:dir search;
+allow domain apex_mnt_dir:lnk_file r_file_perms;
###
### neverallow rules
###
-# All socket ioctls must be restricted to a whitelist.
-neverallowxperm domain domain:socket_class_set ioctl { 0 };
+# All ioctls on file-like objects (except chr_file and blk_file) and
+# sockets must be restricted to a whitelist.
+neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 };
# b/68014825 and https://android-review.googlesource.com/516535
# rfc6093 says that processes should not use the TCP urgent mechanism
@@ -366,9 +435,7 @@
# b/78174219 b/64114943
neverallow {
domain
- -init
-shell # stat of /dev, getattr only
- -vendor_init
-ueventd
} keychord_device:chr_file *;
@@ -396,12 +463,11 @@
neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write };
neverallow { domain -init -vendor_init } proc_security:file { append open read write };
-# No domain should be allowed to ptrace init.
-neverallow * init:process ptrace;
-
-# Init can't do anything with binder calls. If this neverallow rule is being
-# triggered, it's probably due to a service with no SELinux domain.
-neverallow * init:binder *;
+# Nobody is allowed to make binder calls into init.
+# Only servicemanager may transfer binder references to init
+# vendor_init shouldn't use binder at all.
+neverallow * init:binder ~{ transfer };
+neverallow { domain -servicemanager } init:binder { transfer };
neverallow * vendor_init:binder *;
# Don't allow raw read/write/open access to block_device
@@ -420,25 +486,30 @@
# Limit what domains can mount filesystems or change their mount flags.
# sdcard_type / vfat is exempt as a larger set of domains need
# this capability, including device-specific domains.
-neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapreopt_chroot } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
+neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapreopt_chroot -apexd } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
#
# Assert that, to the extent possible, we're not loading executable content from
# outside the rootfs or /system partition except for a few whitelisted domains.
+# Executable files loaded from /data is a persistence vector
+# we want to avoid. See
+# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
#
neverallow {
domain
-appdomain
with_asan(`-asan_extract')
- -dumpstate
-shell
userdebug_or_eng(`-su')
-webview_zygote
-zygote
userdebug_or_eng(`-mediaextractor')
+ userdebug_or_eng(`-mediaswcodec')
} {
file_type
- -system_file
+ -system_file_type
+ -system_lib_file
+ -system_linker_exec
-vendor_file_type
-exec_type
-postinstall_file
@@ -485,16 +556,16 @@
domain
with_asan(`-asan_extract')
} {
- system_file
+ system_file_type
vendor_file_type
exec_type
}:dir_file_class_set { create write setattr relabelfrom append unlink link rename };
-neverallow { domain -kernel with_asan(`-asan_extract') } { system_file vendor_file_type exec_type }:dir_file_class_set relabelto;
+neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
neverallow * exec_type:dir_file_class_set mounton;
-neverallow { domain -init } { system_file vendor_file_type }:dir_file_class_set mounton;
+neverallow { domain -init } { system_file_type vendor_file_type }:dir_file_class_set mounton;
# Nothing should be writing to files in the rootfs.
neverallow * rootfs:file { create write setattr relabelto append unlink link rename };
@@ -557,6 +628,7 @@
domain
-adbd
-dumpstate
+ -fastbootd
-hal_drm_server
-hal_cas_server
-init
@@ -589,13 +661,24 @@
-vold
-e2fs
-fsck
+ -fastbootd
} metadata_block_device:blk_file { append link rename write open read ioctl lock };
-# No domain other than recovery and update_engine can write to system partition(s).
-neverallow { domain -recovery -update_engine } system_block_device:blk_file { write append };
+# No domain other than recovery, update_engine and fastbootd can write to system partition(s).
+neverallow {
+ domain
+ -fastbootd
+ -recovery
+ -update_engine
+} system_block_device:blk_file { write append };
-# No domains other than install_recovery or recovery can write to recovery.
-neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file { write append };
+# No domains other than install_recovery, recovery or fastbootd can write to recovery.
+neverallow {
+ domain
+ -fastbootd
+ -install_recovery
+ -recovery
+} recovery_block_device:blk_file { write append };
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
@@ -604,6 +687,7 @@
neverallow {
domain
userdebug_or_eng(`-domain') # exclude debuggable builds
+ -fastbootd
-hal_bootctl_server
-init
-uncrypt
@@ -738,7 +822,6 @@
-mdnsd # netdomain needs this
userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds
-init
- -incidentd # TODO(b/35870313): Remove incidentd from this list once vendor domains no longer declare Binder services
-tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
});
')
@@ -777,6 +860,7 @@
unlabeled # used only by core domains
core_data_file_type
-app_data_file
+ -privapp_data_file
-pdx_endpoint_socket_type # used by VR layer
-pdx_channel_socket_type # used by VR layer
}:sock_file ~{ append getattr ioctl read write };
@@ -818,7 +902,7 @@
} {
data_file_type
-core_data_file_type
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
')
full_treble_only(`
neverallow {
@@ -847,10 +931,11 @@
} {
core_data_file_type
# libc includes functions like mktime and localtime which attempt to access
- # files in /data/misc/zoneinfo/tzdata file. These functions are considered
- # vndk-stable and thus must be allowed for all processes.
+ # files in /data/misc/zoneinfo/tzdata and /system/usr/share/zoneinfo/tzdata.
+ # These functions are considered vndk-stable and thus must be allowed for
+ # all processes.
-zoneinfo_data_file
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
neverallow {
vendor_init
-data_between_core_and_vendor_violators
@@ -858,7 +943,7 @@
core_data_file_type
-unencrypted_data_file
-zoneinfo_data_file
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
# The vendor init binary lives on the system partition so there is not a concern with stability.
neverallow vendor_init unencrypted_data_file:file ~r_file_perms;
@@ -924,7 +1009,7 @@
-init
} {
vendor_data_file # default label for files on /data/vendor{,_ce,_de}.
- }:file_class_set ~{ append getattr ioctl read write };
+ }:file_class_set ~{ append getattr ioctl read write map };
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
@@ -955,6 +1040,7 @@
userdebug_or_eng(`-perfprofd')
-postinstall_dexopt
-system_server
+ -mediaserver
} vendor_app_file:file r_file_perms;
')
@@ -1005,10 +1091,13 @@
-vendor_executes_system_violators
-vendor_init
} {
- exec_type
- -vendor_file_type
+ system_file_type
+ -system_file # TODO(b/111243627): remove once Treble violations are fixed.
+ -system_lib_file
+ -system_linker_exec
-crash_dump_exec
-netutils_wrapper_exec
+ userdebug_or_eng(`-tcpdump_exec')
}:file { entrypoint execute execute_no_trans };
')
@@ -1025,6 +1114,7 @@
-same_process_hal_file
-vndk_sp_file
-vendor_app_file
+ -vendor_public_lib_file
}:file execute;
')
@@ -1033,7 +1123,67 @@
coredomain
-shell
-system_executes_vendor_violators
- } vendor_file_type:file execute_no_trans;
+ } {
+ vendor_file_type
+ -same_process_hal_file
+ }:file execute_no_trans;
+')
+
+full_treble_only(`
+ # Do not allow system components access to /vendor files except for the
+ # ones whitelisted here.
+ neverallow {
+ coredomain
+ # TODO(b/37168747): clean up fwk access to /vendor
+ -crash_dump
+ -init # starts vendor executables
+ -kernel # loads /vendor/firmware
+ userdebug_or_eng(`-perfprofd')
+ -shell
+ -system_executes_vendor_violators
+ -ueventd # reads /vendor/ueventd.rc
+ } {
+ vendor_file_type
+ -same_process_hal_file
+ -vendor_app_file
+ -vendor_configs_file
+ -vendor_framework_file
+ -vendor_idc_file
+ -vendor_keychars_file
+ -vendor_keylayout_file
+ -vendor_overlay_file
+ -vendor_public_lib_file
+ -vndk_sp_file
+ }:file *;
+')
+
+full_treble_only(`
+ # Do not allow vendor components access to /system files except for the
+ # ones whitelisted here.
+ neverallow {
+ domain
+ -appdomain
+ -coredomain
+ -vendor_executes_system_violators
+ # vendor_init needs access to init_exec for domain transition. vendor_init
+ # neverallows are covered in public/vendor_init.te
+ -vendor_init
+ } {
+ system_file_type
+ -system_file # TODO(b/111243627): remove once Treble violations are fixed.
+ -crash_dump_exec
+ -file_contexts_file
+ -netutils_wrapper_exec
+ -property_contexts_file
+ -system_lib_file
+ with_asan(`-system_asan_options_file')
+ -system_linker_exec
+ -system_linker_config_file
+ -system_seccomp_policy_file
+ -system_security_cacerts_file
+ -system_zoneinfo_file
+ userdebug_or_eng(`-tcpdump_exec')
+ }:file *;
')
# Only authorized processes should be writing to files in /data/dalvik-cache
@@ -1075,7 +1225,8 @@
-system_server
# Processes that can't exec crash_dump
- -mediacodec
+ -hal_omx_server
+ -mediaswcodec_server
-mediaextractor
} tombstoned_crash_socket:unix_stream_socket connectto;
@@ -1128,9 +1279,9 @@
# required by some device-specific service domains.
neverallow * self:process { execstack execheap };
-# prohibit non-zygote spawned processes from using shared libraries
-# with text relocations. b/20013628 .
-neverallow { domain -untrusted_app_all } file_type:file execmod;
+# Do not allow the introduction of new execmod rules. Text relocations
+# and modification of executable pages are unsafe.
+neverallow { domain -untrusted_app_25 } file_type:file execmod;
neverallow { domain -init } proc:{ file dir } mounton;
@@ -1180,14 +1331,6 @@
priv_app
} system_app_data_file:dir_file_class_set { create unlink open };
-
-# Services should respect app sandboxes
-neverallow {
- domain
- -appdomain
- -installd # creation of sandbox
-} app_data_file:dir_file_class_set { create unlink };
-
#
# Only these domains should transition to shell domain. This domain is
# permissible for the "shell user". If you need a process to exec a shell
@@ -1212,8 +1355,7 @@
domain
-appdomain
-installd
- -uncrypt # TODO: see if we can remove
-} app_data_file:lnk_file read;
+} { app_data_file privapp_data_file }:lnk_file read;
neverallow {
domain
@@ -1342,28 +1484,36 @@
# Minimize dac_override and dac_read_search.
# Instead of granting them it is usually better to add the domain to
# a Unix group or change the permissions of a file.
-neverallow {
- domain
- -dnsmasq
- -dumpstate
- -init
- -installd
- -install_recovery
- -lmkd
- -netd
- -perfprofd
- -postinstall_dexopt
- -recovery
- -sdcardd
- -tee
- -ueventd
- -uncrypt
- -vendor_init
- -vold
- -vold_prepare_subdirs
- -zygote
-} self:capability dac_override;
-neverallow { domain -traced_probes } self:capability dac_read_search;
+define(`dac_override_allowed', `{
+ dnsmasq
+ dumpstate
+ init
+ installd
+ install_recovery
+ userdebug_or_eng(`llkd')
+ lmkd
+ netd
+ perfprofd
+ postinstall_dexopt
+ recovery
+ sdcardd
+ tee
+ ueventd
+ uncrypt
+ vendor_init
+ vold
+ vold_prepare_subdirs
+ zygote
+}')
+neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
+# Since the kernel checks dac_read_search before dac_override, domains that
+# have dac_override should also have dac_read_search to eliminate spurious
+# denials. Some domains have dac_read_search without having dac_override, so
+# this list should be a superset of the one above.
+neverallow ~{
+ dac_override_allowed
+ traced_probes
+} self:global_capability_class_set dac_read_search;
# If an already existing file is opened with O_CREAT, the kernel might generate
# a false report of a create denial. Silence these denials and make sure that
@@ -1396,4 +1546,51 @@
neverallow {
coredomain
-init
+ -ueventd
+ -vold
+ -system_writes_mnt_vendor_violators
} mnt_vendor_file:dir *;
+
+# Only apps are allowed access to vendor public libraries.
+full_treble_only(`
+ neverallow {
+ coredomain
+ -appdomain
+ } vendor_public_lib_file:file { execute execute_no_trans };
+')
+
+# Vendor domian must not have access to /mnt/product.
+neverallow {
+ domain
+ -coredomain
+} mnt_product_file:dir *;
+
+# Platform must not have access to sysfs_batteryinfo, but should do it via health HAL and healthd
+full_treble_only(`
+ neverallow {
+ coredomain
+ -healthd
+ -shell
+ # Generate uevents for health info
+ -ueventd
+ # Recovery uses health HAL passthrough implementation.
+ -recovery
+ # Charger uses health HAL passthrough implementation.
+ -charger
+ # TODO(b/110891300): remove this exception
+ -incidentd
+ } sysfs_batteryinfo:file { open read };
+')
+
+neverallow {
+ domain
+ -mediaswcodec_server
+ -hal_omx_server
+} hal_codec2_hwservice:hwservice_manager add;
+
+neverallow {
+ domain
+ userdebug_or_eng(`-mediaextractor')
+ userdebug_or_eng(`-mediaswcodec')
+} mediaextractor_update_service:service_manager add;
+
diff --git a/public/drmserver.te b/public/drmserver.te
index f752c13..4a10147 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -1,6 +1,6 @@
# drmserver - DRM service
type drmserver, domain;
-type drmserver_exec, exec_type, file_type;
+type drmserver_exec, system_file_type, exec_type, file_type;
typeattribute drmserver mlstrustedsubject;
@@ -21,8 +21,8 @@
allow drmserver drm_data_file:dir create_dir_perms;
allow drmserver drm_data_file:file create_file_perms;
allow drmserver tee_device:chr_file rw_file_perms;
-allow drmserver app_data_file:file { read write getattr };
-allow drmserver sdcard_type:file { read write getattr };
+allow drmserver { app_data_file privapp_data_file }:file { read write getattr map };
+allow drmserver sdcard_type:file { read write getattr map };
r_dir_file(drmserver, efs_file)
type drmserver_socket, file_type;
@@ -38,12 +38,12 @@
r_dir_file(drmserver, media_rw_data_file)
# Read resources from open apk files passed over Binder.
-allow drmserver apk_data_file:file { read getattr };
-allow drmserver asec_apk_file:file { read getattr };
-allow drmserver ringtone_file:file { read getattr };
+allow drmserver apk_data_file:file { read getattr map };
+allow drmserver asec_apk_file:file { read getattr map };
+allow drmserver ringtone_file:file { read getattr map };
# Read /data/data/com.android.providers.telephony files passed over Binder.
-allow drmserver radio_data_file:file { read getattr };
+allow drmserver radio_data_file:file { read getattr map };
# /oem access
allow drmserver oemfs:dir search;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 03fc737..72e2176 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -1,6 +1,6 @@
# dumpstate
type dumpstate, domain, mlstrustedsubject;
-type dumpstate_exec, exec_type, file_type;
+type dumpstate_exec, system_file_type, exec_type, file_type;
net_domain(dumpstate)
binder_use(dumpstate)
@@ -33,7 +33,7 @@
allow dumpstate system_file:dir r_dir_perms;
# Create and write into /data/anr/
-allow dumpstate self:global_capability_class_set { dac_override chown fowner fsetid };
+allow dumpstate self:global_capability_class_set { dac_override dac_read_search chown fowner fsetid };
allow dumpstate anr_data_file:dir rw_dir_perms;
allow dumpstate anr_data_file:file create_file_perms;
@@ -74,10 +74,11 @@
hal_bluetooth_server
hal_camera_server
hal_drm_server
+ hal_graphics_allocator_server
hal_graphics_composer_server
+ hal_omx_server
hal_sensors_server
hal_vr_server
- mediacodec # TODO(b/36375899): hal_omx_server
}:process signal;
# Connect to tombstoned to intercept dumps.
@@ -93,8 +94,8 @@
}:file r_file_perms;
# Other random bits of data we want to collect
-allow dumpstate qtaguid_proc:file r_file_perms;
allow dumpstate debugfs:file r_file_perms;
+auditallow dumpstate debugfs:file r_file_perms;
# df for
allow dumpstate {
@@ -136,13 +137,6 @@
# For running am and similar framework commands.
# Run /system/bin/app_process.
allow dumpstate zygote_exec:file rx_file_perms;
-# Dalvik Compiler JIT.
-allow dumpstate ashmem_device:chr_file execute;
-allow dumpstate self:process execmem;
-# For art.
-allow dumpstate dalvikcache_data_file:dir { search getattr };
-allow dumpstate dalvikcache_data_file:file { r_file_perms execute };
-allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
# For Bluetooth
allow dumpstate bluetooth_data_file:dir search;
@@ -163,10 +157,12 @@
proc_cmdline
proc_meminfo
proc_modules
- proc_net
+ proc_net_type
proc_pipe_conf
proc_pagetypeinfo
+ proc_qtaguid_ctrl
proc_qtaguid_stat
+ proc_slabinfo
proc_version
proc_vmallocinfo
proc_vmstat
@@ -209,18 +205,22 @@
allow dumpstate {
service_manager_type
+ -apex_service
-dumpstate_service
-gatekeeper_service
-incident_service
+ -iorapd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
# suppress denials for services dumpstate should not be accessing.
dontaudit dumpstate {
+ apex_service
dumpstate_service
gatekeeper_service
incident_service
+ iorapd_service
virtual_touchpad_service
vold_service
vr_hwc_service
@@ -268,6 +268,19 @@
# newer kernels (e.g. 4.4) have a new class for sockets
allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
+# Allow dumpstate to run ss
+allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
+
+# For when dumpstate runs df
+dontaudit dumpstate mnt_vendor_file:dir search;
+dontaudit dumpstate apex_mnt_dir:dir getattr;
+
+# Allow dumpstate to talk to bufferhubd over binder
+binder_call(dumpstate, bufferhubd);
+
+# Allow dumpstate to talk to mediaswcodec over binder
+binder_call(dumpstate, mediaswcodec);
+
# Allow dumpstate to kill vendor dumpstate service by init
set_prop(dumpstate, ctl_dumpstate_prop)
diff --git a/public/e2fs.te b/public/e2fs.te
index 6fcd0c2..601af16 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -1,5 +1,5 @@
type e2fs, domain, coredomain;
-type e2fs_exec, exec_type, file_type;
+type e2fs_exec, system_file_type, exec_type, file_type;
allow e2fs devpts:chr_file { read write getattr ioctl };
@@ -7,6 +7,9 @@
allow e2fs block_device:dir search;
allow e2fs userdata_block_device:blk_file rw_file_perms;
allow e2fs metadata_block_device:blk_file rw_file_perms;
+allowxperm e2fs { userdata_block_device metadata_block_device }:blk_file ioctl {
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
allow e2fs {
proc_filesystems
@@ -18,5 +21,5 @@
allow e2fs sysfs_fs_ext4_features:dir search;
allow e2fs sysfs_fs_ext4_features:file r_file_perms;
-# access sselinux context files
-allow e2fs file_contexts_file:file { getattr open read };
+# access SELinux context files
+allow e2fs file_contexts_file:file r_file_perms;
diff --git a/public/fastbootd.te b/public/fastbootd.te
new file mode 100644
index 0000000..783d2bd
--- /dev/null
+++ b/public/fastbootd.te
@@ -0,0 +1,70 @@
+# fastbootd (used in recovery init.rc for /sbin/fastbootd)
+
+# Declare the domain unconditionally so we can always reference it
+# in neverallow rules.
+type fastbootd, domain;
+
+# But the allow rules are only included in the recovery policy.
+# Otherwise fastbootd is only allowed the domain rules.
+recovery_only(`
+ # fastbootd can only use HALs in passthrough mode
+ passthrough_hal_client_domain(fastbootd, hal_bootctl)
+
+ # Access /dev/usb-ffs/fastbootd/ep0
+ allow fastbootd functionfs:dir search;
+ allow fastbootd functionfs:file rw_file_perms;
+
+ allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
+ # Log to serial
+ allow fastbootd kmsg_device:chr_file { open write };
+
+ # battery info
+ allow fastbootd sysfs_batteryinfo:file r_file_perms;
+
+ allow fastbootd device:dir r_dir_perms;
+
+ # Reboot the device
+ set_prop(fastbootd, powerctl_prop)
+
+ # Read serial number of the device from system properties
+ get_prop(fastbootd, serialno_prop)
+
+ # Set sys.usb.ffs.ready.
+ set_prop(fastbootd, ffs_prop)
+ set_prop(fastbootd, exported_ffs_prop)
+
+ unix_socket_connect(fastbootd, recovery, recovery)
+
+ # Required for flashing
+ allow fastbootd dm_device:chr_file rw_file_perms;
+ allow fastbootd dm_device:blk_file rw_file_perms;
+
+ allow fastbootd super_block_device:blk_file rw_file_perms;
+ allow fastbootd {
+ boot_block_device
+ metadata_block_device
+ system_block_device
+ userdata_block_device
+ }:blk_file { w_file_perms getattr ioctl };
+
+ allowxperm fastbootd {
+ metadata_block_device
+ userdata_block_device
+ }:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
+
+ allow fastbootd misc_block_device:blk_file rw_file_perms;
+
+ allow fastbootd proc_cmdline:file r_file_perms;
+ allow fastbootd rootfs:dir r_dir_perms;
+ allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
+')
+
+###
+### neverallow rules
+###
+
+# Write permission is required to wipe userdata
+# until recovery supports vold.
+neverallow fastbootd {
+ data_file_type
+}:file { no_x_file_perms };
diff --git a/public/file.te b/public/file.te
index ccfec15..bc32628 100644
--- a/public/file.te
+++ b/public/file.te
@@ -12,7 +12,7 @@
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
-type qtaguid_proc, fs_type, mlstrustedobject, proc_type;
+type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
type proc_bluetooth_writable, fs_type, proc_type;
type proc_abi, fs_type, proc_type;
@@ -35,7 +35,8 @@
type proc_misc, fs_type, proc_type;
type proc_modules, fs_type, proc_type;
type proc_mounts, fs_type, proc_type;
-type proc_net, fs_type, proc_type;
+type proc_net, fs_type, proc_type, proc_net_type;
+type proc_net_tcp_udp, fs_type, proc_type;
type proc_page_cluster, fs_type, proc_type;
type proc_pagetypeinfo, fs_type, proc_type;
type proc_panic, fs_type, proc_type;
@@ -44,6 +45,7 @@
type proc_pipe_conf, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
+type proc_slabinfo, fs_type, proc_type;
type proc_stat, fs_type, proc_type;
type proc_swaps, fs_type, proc_type;
type proc_sysrq, fs_type, proc_type;
@@ -129,7 +131,25 @@
type unlabeled, file_type;
# Default type for anything under /system.
-type system_file, file_type;
+type system_file, system_file_type, file_type;
+# Default type for /system/asan.options
+type system_asan_options_file, system_file_type, file_type;
+# Default type for anything under /system/lib[64].
+type system_lib_file, system_file_type, file_type;
+# Default type for linker executable /system/bin/linker[64].
+type system_linker_exec, system_file_type, file_type;
+# Default type for linker config /system/etc/ld.config.*.
+type system_linker_config_file, system_file_type, file_type;
+# Default type for linker config /system/etc/seccomp_policy/*.
+type system_seccomp_policy_file, system_file_type, file_type;
+# Default type for APEX keys in /system/etc/security/apex/*
+type apex_key_file, system_file_type, file_type;
+# Default type for cacerts in /system/etc/security/cacerts/*.
+type system_security_cacerts_file, system_file_type, file_type;
+# Default type for /system/bin/tcpdump.
+type tcpdump_exec, system_file_type, exec_type, file_type;
+# Default type for zoneinfo files in /system/usr/share/zoneinfo/*.
+type system_zoneinfo_file, system_file_type, file_type;
# Default type for directories search for
# HAL implementations
@@ -140,7 +160,7 @@
type vendor_app_file, vendor_file_type, file_type;
# Default type for everything under /vendor/etc/
type vendor_configs_file, vendor_file_type, file_type;
-# Default type for all *same process* HALs.
+# Default type for all *same process* HALs and their lib/bin dependencies.
# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so
type same_process_hal_file, vendor_file_type, file_type;
# Default type for vndk-sp libs. /vendor/lib/vndk-sp
@@ -149,6 +169,14 @@
type vendor_framework_file, vendor_file_type, file_type;
# Default type for everything in /vendor/overlay
type vendor_overlay_file, vendor_file_type, file_type;
+# Type for all vendor public libraries. These libs should only be exposed to
+# apps. ABI stability of these libs is vendor's responsibility.
+type vendor_public_lib_file, vendor_file_type, file_type;
+
+# Input configuration
+type vendor_keylayout_file, vendor_file_type, file_type;
+type vendor_keychars_file, vendor_file_type, file_type;
+type vendor_idc_file, vendor_file_type, file_type;
# /metadata partition itself
type metadata_file, file_type;
@@ -158,7 +186,7 @@
# Speedup access for trusted applications to the runtime event tags
type runtime_event_log_tags_file, file_type;
# Type for /system/bin/logcat.
-type logcat_exec, exec_type, file_type;
+type logcat_exec, system_file_type, exec_type, file_type;
# /cores for coredumps on userdebug / eng builds
type coredump_file, file_type;
# Default type for anything under /data.
@@ -180,6 +208,8 @@
type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/vendor/tombstones/wifi - vendor wifi dumps
type tombstone_wifi_data_file, file_type, data_file_type;
+# /data/apex - APEX data files
+type apex_data_file, file_type, data_file_type, core_data_file_type;
# /data/app - user-installed apps
type apk_data_file, file_type, data_file_type, core_data_file_type;
type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
@@ -204,6 +234,8 @@
type property_data_file, file_type, data_file_type, core_data_file_type;
# /data/bootchart
type bootchart_data_file, file_type, data_file_type, core_data_file_type;
+# /data/system/dropbox
+type dropbox_data_file, file_type, data_file_type, core_data_file_type;
# /data/system/heapdump
type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/nativetest
@@ -230,6 +262,12 @@
# Mount location for read-write vendor partitions.
type mnt_vendor_file, file_type;
+# Mount location for read-write product partitions.
+type mnt_product_file, file_type;
+
+# Mount point used for APEX images
+type apex_mnt_dir, file_type;
+
# /postinstall: Mount point used by update_engine to run postinstall.
type postinstall_mnt_dir, file_type;
# Files inside the /postinstall mountpoint are all labeled as postinstall_file.
@@ -257,6 +295,7 @@
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type recovery_data_file, file_type, data_file_type, core_data_file_type;
type shared_relro_file, file_type, data_file_type, core_data_file_type;
+type stats_data_file, file_type, data_file_type, core_data_file_type;
type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
@@ -264,6 +303,7 @@
type wifi_data_file, file_type, data_file_type, core_data_file_type;
type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
type vold_data_file, file_type, data_file_type, core_data_file_type;
+type iorapd_data_file, file_type, data_file_type, core_data_file_type;
type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type tee_data_file, file_type, data_file_type;
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
@@ -273,11 +313,15 @@
# /data/data subdirectories - app sandboxes
type app_data_file, file_type, data_file_type, core_data_file_type;
+# /data/data subdirectories - priv-app sandboxes
+type privapp_data_file, file_type, data_file_type, core_data_file_type;
# /data/data subdirectory for system UID apps.
type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# Compatibility with type name used in Android 4.3 and 4.4.
# Default type for anything under /cache
type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for /cache/overlay /mnt/scratch/overlay
+type overlayfs_file, file_type, data_file_type, core_data_file_type;
# Type for /cache/backup_stage/* (fd interchange with apps)
type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# type for anything under /cache/backup (local transport storage)
@@ -328,8 +372,10 @@
type netd_socket, file_type, coredomain_socket;
type property_socket, file_type, coredomain_socket, mlstrustedobject;
type racoon_socket, file_type, coredomain_socket;
+type recovery_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
+type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
@@ -340,6 +386,7 @@
type uncrypt_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
+type heapprofd_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file
type gps_control, file_type;
@@ -356,28 +403,28 @@
pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir)
# file_contexts files
-type file_contexts_file, file_type;
+type file_contexts_file, system_file_type, file_type;
# mac_permissions file
-type mac_perms_file, file_type;
+type mac_perms_file, system_file_type, file_type;
# property_contexts file
-type property_contexts_file, file_type;
+type property_contexts_file, system_file_type, file_type;
# seapp_contexts file
-type seapp_contexts_file, file_type;
+type seapp_contexts_file, system_file_type, file_type;
# sepolicy files binary and others
-type sepolicy_file, file_type;
+type sepolicy_file, system_file_type, file_type;
# service_contexts file
-type service_contexts_file, file_type;
+type service_contexts_file, system_file_type, file_type;
# nonplat service_contexts file (only accessible on non full-treble devices)
type nonplat_service_contexts_file, file_type;
# hwservice_contexts file
-type hwservice_contexts_file, file_type;
+type hwservice_contexts_file, system_file_type, file_type;
# vndservice_contexts file
type vndservice_contexts_file, file_type;
diff --git a/public/fingerprintd.te b/public/fingerprintd.te
index 2dc1107..ff7a884 100644
--- a/public/fingerprintd.te
+++ b/public/fingerprintd.te
@@ -1,5 +1,5 @@
type fingerprintd, domain;
-type fingerprintd_exec, exec_type, file_type;
+type fingerprintd_exec, system_file_type, exec_type, file_type;
binder_use(fingerprintd)
diff --git a/public/fsck.te b/public/fsck.te
index c5219d8..dbbe34c 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -1,6 +1,6 @@
# Any fsck program run by init
type fsck, domain;
-type fsck_exec, exec_type, file_type;
+type fsck_exec, system_file_type, exec_type, file_type;
# /dev/__null__ created by init prior to policy load,
# open fd inherited by fsck.
@@ -19,6 +19,13 @@
allow fsck cache_block_device:blk_file rw_file_perms;
allow fsck dm_device:blk_file rw_file_perms;
+# For the block devices where we have ioctl access,
+# allow at a minimum the following common fsck ioctls.
+allowxperm fsck dev_type:blk_file ioctl {
+ BLKDISCARDZEROES
+ BLKROGET
+};
+
# To determine if it is safe to run fsck on a filesystem, e2fsck
# must first determine if the filesystem is mounted. To do that,
# e2fsck scans through /proc/mounts and collects all the mounted
diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index 2fc3627..40c9a07 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -1,5 +1,5 @@
type gatekeeperd, domain;
-type gatekeeperd_exec, exec_type, file_type;
+type gatekeeperd_exec, system_file_type, exec_type, file_type;
# gatekeeperd
binder_service(gatekeeperd)
diff --git a/public/global_macros b/public/global_macros
index 5dab5ab..b2fe6ae 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -42,8 +42,8 @@
#####################################
# Common socket permission sets.
-define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown }')
-define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown }')
+define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown map }')
+define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown map }')
define(`create_socket_perms', `{ create rw_socket_perms }')
define(`create_socket_perms_no_ioctl', `{ create rw_socket_perms_no_ioctl }')
define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
diff --git a/public/hal_allocator.te b/public/hal_allocator.te
index 646cebd..b7e3ca5 100644
--- a/public/hal_allocator.te
+++ b/public/hal_allocator.te
@@ -1,6 +1,5 @@
# HwBinder IPC from client to server
binder_call(hal_allocator_client, hal_allocator_server)
-add_hwservice(hal_allocator_server, hidl_allocator_hwservice)
-allow hal_allocator_client hidl_allocator_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_allocator, hidl_allocator_hwservice)
allow hal_allocator_client hidl_memory_hwservice:hwservice_manager find;
diff --git a/public/hal_atrace.te b/public/hal_atrace.te
new file mode 100644
index 0000000..51d9237
--- /dev/null
+++ b/public/hal_atrace.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_atrace_client, hal_atrace_server)
+
+hal_attribute_hwservice(hal_atrace, hal_atrace_hwservice)
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 037066e..9ffb769 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -2,8 +2,7 @@
binder_call(hal_audio_client, hal_audio_server)
binder_call(hal_audio_server, hal_audio_client)
-add_hwservice(hal_audio_server, hal_audio_hwservice)
-allow hal_audio_client hal_audio_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_audio, hal_audio_hwservice)
allow hal_audio ion_device:chr_file r_file_perms;
diff --git a/public/hal_audiocontrol.te b/public/hal_audiocontrol.te
index 438db53..4a52b89 100644
--- a/public/hal_audiocontrol.te
+++ b/public/hal_audiocontrol.te
@@ -2,6 +2,4 @@
binder_call(hal_audiocontrol_client, hal_audiocontrol_server)
binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
-add_hwservice(hal_audiocontrol_server, hal_audiocontrol_hwservice)
-
-allow hal_audiocontrol_client hal_audiocontrol_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_audiocontrol, hal_audiocontrol_hwservice)
diff --git a/public/hal_authsecret.te b/public/hal_authsecret.te
index 81b0c04..daf8d48 100644
--- a/public/hal_authsecret.te
+++ b/public/hal_authsecret.te
@@ -1,5 +1,4 @@
# HwBinder IPC from client to server
binder_call(hal_authsecret_client, hal_authsecret_server)
-add_hwservice(hal_authsecret_server, hal_authsecret_hwservice)
-allow hal_authsecret_client hal_authsecret_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_authsecret, hal_authsecret_hwservice)
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 373dbec..09c3ce6 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -2,8 +2,7 @@
binder_call(hal_bluetooth_client, hal_bluetooth_server)
binder_call(hal_bluetooth_server, hal_bluetooth_client)
-add_hwservice(hal_bluetooth_server, hal_bluetooth_hwservice)
-allow hal_bluetooth_client hal_bluetooth_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice)
wakelock_use(hal_bluetooth);
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 181de4a..2491734 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -2,7 +2,6 @@
binder_call(hal_bootctl_client, hal_bootctl_server)
binder_call(hal_bootctl_server, hal_bootctl_client)
-add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
-allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
-dontaudit hal_bootctl self:capability sys_rawio;
+dontaudit hal_bootctl self:global_capability_class_set sys_rawio;
diff --git a/public/hal_broadcastradio.te b/public/hal_broadcastradio.te
index 24d4908..5653afa 100644
--- a/public/hal_broadcastradio.te
+++ b/public/hal_broadcastradio.te
@@ -1,4 +1,3 @@
binder_call(hal_broadcastradio_client, hal_broadcastradio_server)
-add_hwservice(hal_broadcastradio_server, hal_broadcastradio_hwservice)
-allow hal_broadcastradio_client hal_broadcastradio_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice)
diff --git a/public/hal_camera.te b/public/hal_camera.te
index 8fe7442..77216e4 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -2,8 +2,7 @@
binder_call(hal_camera_client, hal_camera_server)
binder_call(hal_camera_server, hal_camera_client)
-add_hwservice(hal_camera_server, hal_camera_hwservice)
-allow hal_camera_client hal_camera_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_camera, hal_camera_hwservice)
allow hal_camera device:dir r_dir_perms;
allow hal_camera video_device:dir r_dir_perms;
@@ -18,6 +17,10 @@
allow hal_camera surfaceflinger:fd use;
allow hal_camera hal_allocator_server:fd use;
+# Needed to provide debug dump output via dumpsys' pipes.
+allow hal_camera shell:fd use;
+allow hal_camera shell:fifo_file write;
+
###
### neverallow rules
###
diff --git a/public/hal_cas.te b/public/hal_cas.te
index 7f65358..7de6a13 100644
--- a/public/hal_cas.te
+++ b/public/hal_cas.te
@@ -2,8 +2,7 @@
binder_call(hal_cas_client, hal_cas_server)
binder_call(hal_cas_server, hal_cas_client)
-add_hwservice(hal_cas_server, hal_cas_hwservice)
-allow hal_cas_client hal_cas_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_cas, hal_cas_hwservice)
allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
# Permit reading device's serial number from system properties
diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index c8051e1..2931cb5 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -1,12 +1,7 @@
# HwBinder IPC from client to server
binder_call(hal_configstore_client, hal_configstore_server)
-allow hal_configstore_client hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
-
-add_hwservice(hal_configstore_server, hal_configstore_ISurfaceFlingerConfigs)
-# As opposed to the rules of most other HALs, the different services exposed by
-# this HAL should be restricted to different clients. Thus, the allow rules for
-# clients are defined in the .te files of the clients.
+hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs)
# hal_configstore runs with a strict seccomp filter. Use crash_dump's
# fallback path to collect crash data.
diff --git a/public/hal_confirmationui.te b/public/hal_confirmationui.te
index 228e864..5d2e4b7 100644
--- a/public/hal_confirmationui.te
+++ b/public/hal_confirmationui.te
@@ -1,5 +1,4 @@
# HwBinder IPC from client to server
binder_call(hal_confirmationui_client, hal_confirmationui_server)
-add_hwservice(hal_confirmationui_server, hal_confirmationui_hwservice)
-allow hal_confirmationui_client hal_confirmationui_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_confirmationui, hal_confirmationui_hwservice)
diff --git a/public/hal_contexthub.te b/public/hal_contexthub.te
index f11bfc8..34acb38 100644
--- a/public/hal_contexthub.te
+++ b/public/hal_contexthub.te
@@ -2,5 +2,4 @@
binder_call(hal_contexthub_client, hal_contexthub_server)
binder_call(hal_contexthub_server, hal_contexthub_client)
-add_hwservice(hal_contexthub_server, hal_contexthub_hwservice)
-allow hal_contexthub_client hal_contexthub_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_contexthub, hal_contexthub_hwservice)
diff --git a/public/hal_drm.te b/public/hal_drm.te
index a46dd91..bfee2d3 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -2,8 +2,7 @@
binder_call(hal_drm_client, hal_drm_server)
binder_call(hal_drm_server, hal_drm_client)
-add_hwservice(hal_drm_server, hal_drm_hwservice)
-allow hal_drm_client hal_drm_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_drm, hal_drm_hwservice)
allow hal_drm hidl_memory_hwservice:hwservice_manager find;
@@ -13,11 +12,6 @@
# Permit reading device's serial number from system properties
get_prop(hal_drm, serialno_prop)
-# System file accesses
-allow hal_drm system_file:dir r_dir_perms;
-allow hal_drm system_file:file r_file_perms;
-allow hal_drm system_file:lnk_file r_file_perms;
-
# Read files already opened under /data
allow hal_drm system_data_file:file { getattr read };
diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te
index 2853567..b7676ed 100644
--- a/public/hal_dumpstate.te
+++ b/public/hal_dumpstate.te
@@ -2,8 +2,7 @@
binder_call(hal_dumpstate_client, hal_dumpstate_server)
binder_call(hal_dumpstate_server, hal_dumpstate_client)
-add_hwservice(hal_dumpstate_server, hal_dumpstate_hwservice)
-allow hal_dumpstate_client hal_dumpstate_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice)
# write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
allow hal_dumpstate shell_data_file:file write;
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index ebe0b0c..b673e29 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -2,8 +2,7 @@
binder_call(hal_fingerprint_client, hal_fingerprint_server)
binder_call(hal_fingerprint_server, hal_fingerprint_client)
-add_hwservice(hal_fingerprint_server, hal_fingerprint_hwservice)
-allow hal_fingerprint_client hal_fingerprint_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
# For memory allocation
allow hal_fingerprint ion_device:chr_file r_file_perms;
diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te
index 123acf5..b918f88 100644
--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
@@ -1,7 +1,6 @@
binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
-add_hwservice(hal_gatekeeper_server, hal_gatekeeper_hwservice)
-allow hal_gatekeeper_client hal_gatekeeper_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
# TEE access.
allow hal_gatekeeper tee_device:chr_file rw_file_perms;
diff --git a/public/hal_gnss.te b/public/hal_gnss.te
index b59cd1d..9bfc4ec 100644
--- a/public/hal_gnss.te
+++ b/public/hal_gnss.te
@@ -2,5 +2,4 @@
binder_call(hal_gnss_client, hal_gnss_server)
binder_call(hal_gnss_server, hal_gnss_client)
-add_hwservice(hal_gnss_server, hal_gnss_hwservice)
-allow hal_gnss_client hal_gnss_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_gnss, hal_gnss_hwservice)
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index e2b04ae..41a3249 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -1,8 +1,7 @@
# HwBinder IPC from client to server
binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server)
-add_hwservice(hal_graphics_allocator_server, hal_graphics_allocator_hwservice)
-allow hal_graphics_allocator_client hal_graphics_allocator_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_graphics_allocator, hal_graphics_allocator_hwservice)
allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_manager find;
# GPU device access
diff --git a/public/hal_graphics_composer.te b/public/hal_graphics_composer.te
index 2df4612..e10daf9 100644
--- a/public/hal_graphics_composer.te
+++ b/public/hal_graphics_composer.te
@@ -2,8 +2,7 @@
binder_call(hal_graphics_composer_client, hal_graphics_composer_server)
binder_call(hal_graphics_composer_server, hal_graphics_composer_client)
-add_hwservice(hal_graphics_composer_server, hal_graphics_composer_hwservice)
-allow hal_graphics_composer_client hal_graphics_composer_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice)
# Coordinate with hal_graphics_mapper
allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;
diff --git a/public/hal_health.te b/public/hal_health.te
index c0a0f80..76efdef 100644
--- a/public/hal_health.te
+++ b/public/hal_health.te
@@ -2,13 +2,7 @@
binder_call(hal_health_client, hal_health_server)
binder_call(hal_health_server, hal_health_client)
-add_hwservice(hal_health_server, hal_health_hwservice)
-allow hal_health_client hal_health_hwservice:hwservice_manager find;
-
-# Read access to system files for HALs in
-# /{system,vendor,odm}/lib[64]/hw/ in order
-# to be able to open the hal implementation .so files
-r_dir_file(hal_health, system_file)
+hal_attribute_hwservice(hal_health, hal_health_hwservice)
# Common rules for a health service.
diff --git a/public/hal_health_storage.te b/public/hal_health_storage.te
new file mode 100644
index 0000000..61e609b
--- /dev/null
+++ b/public/hal_health_storage.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_health_storage_client, hal_health_storage_server)
+binder_call(hal_health_storage_server, hal_health_storage_client)
+
+hal_attribute_hwservice(hal_health_storage, hal_health_storage_hwservice)
diff --git a/public/hal_ir.te b/public/hal_ir.te
index b1bfdd8..29555f7 100644
--- a/public/hal_ir.te
+++ b/public/hal_ir.te
@@ -2,5 +2,4 @@
binder_call(hal_ir_client, hal_ir_server)
binder_call(hal_ir_server, hal_ir_client)
-add_hwservice(hal_ir_server, hal_ir_hwservice)
-allow hal_ir_client hal_ir_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_ir, hal_ir_hwservice)
diff --git a/public/hal_keymaster.te b/public/hal_keymaster.te
index dc5f6d0..3e164ad 100644
--- a/public/hal_keymaster.te
+++ b/public/hal_keymaster.te
@@ -1,8 +1,7 @@
# HwBinder IPC from client to server
binder_call(hal_keymaster_client, hal_keymaster_server)
-add_hwservice(hal_keymaster_server, hal_keymaster_hwservice)
-allow hal_keymaster_client hal_keymaster_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_keymaster, hal_keymaster_hwservice)
allow hal_keymaster tee_device:chr_file rw_file_perms;
allow hal_keymaster ion_device:chr_file r_file_perms;
diff --git a/public/hal_light.te b/public/hal_light.te
index 5b93dd1..333fcac 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te
@@ -2,8 +2,7 @@
binder_call(hal_light_client, hal_light_server)
binder_call(hal_light_server, hal_light_client)
-add_hwservice(hal_light_server, hal_light_hwservice)
-allow hal_light_client hal_light_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_light, hal_light_hwservice)
allow hal_light sysfs_leds:lnk_file read;
allow hal_light sysfs_leds:file rw_file_perms;
diff --git a/public/hal_lowpan.te b/public/hal_lowpan.te
index af491b1..6fb95e9 100644
--- a/public/hal_lowpan.te
+++ b/public/hal_lowpan.te
@@ -2,10 +2,9 @@
binder_call(hal_lowpan_client, hal_lowpan_server)
binder_call(hal_lowpan_server, hal_lowpan_client)
-add_hwservice(hal_lowpan_server, hal_lowpan_hwservice)
# Allow hal_lowpan_client to be able to find the hal_lowpan_server
-allow hal_lowpan_client hal_lowpan_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_lowpan, hal_lowpan_hwservice)
# hal_lowpan domain can write/read to/from lowpan_prop
set_prop(hal_lowpan_server, lowpan_prop)
diff --git a/public/hal_memtrack.te b/public/hal_memtrack.te
index b2cc9cd..ed93a29 100644
--- a/public/hal_memtrack.te
+++ b/public/hal_memtrack.te
@@ -1,5 +1,4 @@
# HwBinder IPC from client to server
binder_call(hal_memtrack_client, hal_memtrack_server)
-add_hwservice(hal_memtrack_server, hal_memtrack_hwservice)
-allow hal_memtrack_client hal_memtrack_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_memtrack, hal_memtrack_hwservice)
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index c697ac2..348fdb8 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -2,7 +2,6 @@
binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server)
binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
-add_hwservice(hal_neuralnetworks_server, hal_neuralnetworks_hwservice)
-allow hal_neuralnetworks_client hal_neuralnetworks_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice)
allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
allow hal_neuralnetworks hal_allocator:fd use;
diff --git a/public/hal_nfc.te b/public/hal_nfc.te
index 3bcdf5e..7cef4a1 100644
--- a/public/hal_nfc.te
+++ b/public/hal_nfc.te
@@ -2,8 +2,7 @@
binder_call(hal_nfc_client, hal_nfc_server)
binder_call(hal_nfc_server, hal_nfc_client)
-add_hwservice(hal_nfc_server, hal_nfc_hwservice)
-allow hal_nfc_client hal_nfc_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_nfc, hal_nfc_hwservice)
# Set NFC properties (used by bcm2079x HAL).
set_prop(hal_nfc, nfc_prop)
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
index 3fb5a18..26b2b42 100644
--- a/public/hal_oemlock.te
+++ b/public/hal_oemlock.te
@@ -1,5 +1,4 @@
# HwBinder IPC from client to server
binder_call(hal_oemlock_client, hal_oemlock_server)
-add_hwservice(hal_oemlock_server, hal_oemlock_hwservice)
-allow hal_oemlock_client hal_oemlock_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)
diff --git a/public/hal_omx.te b/public/hal_omx.te
new file mode 100644
index 0000000..656b03a
--- /dev/null
+++ b/public/hal_omx.te
@@ -0,0 +1,50 @@
+# applies all permissions to hal_omx NOT hal_omx_server
+# since OMX must always be in its own process.
+
+
+binder_call(hal_omx_server, binderservicedomain)
+binder_call(hal_omx_server, { appdomain -isolated_app })
+
+# Allow hal_omx_server access to composer sync fences
+allow hal_omx_server hal_graphics_composer:fd use;
+
+allow hal_omx_server ion_device:chr_file rw_file_perms;
+allow hal_omx_server hal_camera:fd use;
+
+crash_dump_fallback(hal_omx_server)
+
+# Recieve gralloc buffer FDs from bufferhubd. Note that hal_omx_server never
+# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
+# between those two: it talks to hal_omx_server via Binder and talks to bufferhubd
+# via PDX. Thus, there is no need to use pdx_client macro.
+allow hal_omx_server bufferhubd:fd use;
+
+hal_attribute_hwservice(hal_omx, hal_omx_hwservice)
+
+allow hal_omx_client hal_codec2_hwservice:hwservice_manager find;
+allow hal_omx_server hal_codec2_hwservice:hwservice_manager { add find };
+
+allow hal_omx_client hidl_token_hwservice:hwservice_manager find;
+
+binder_call(hal_omx_client, hal_omx_server)
+binder_call(hal_omx_server, hal_omx_client)
+
+###
+### neverallow rules
+###
+
+# hal_omx_server should never execute any executable without a
+# domain transition
+neverallow hal_omx_server { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow hal_omx_server domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/hal_power.te b/public/hal_power.te
index fcba3d2..028011a 100644
--- a/public/hal_power.te
+++ b/public/hal_power.te
@@ -2,5 +2,4 @@
binder_call(hal_power_client, hal_power_server)
binder_call(hal_power_server, hal_power_client)
-add_hwservice(hal_power_server, hal_power_hwservice)
-allow hal_power_client hal_power_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_power, hal_power_hwservice)
diff --git a/public/hal_secure_element.te b/public/hal_secure_element.te
index e3046d1..3724d35 100644
--- a/public/hal_secure_element.te
+++ b/public/hal_secure_element.te
@@ -2,5 +2,4 @@
binder_call(hal_secure_element_client, hal_secure_element_server)
binder_call(hal_secure_element_server, hal_secure_element_client)
-add_hwservice(hal_secure_element_server, hal_secure_element_hwservice)
-allow hal_secure_element_client hal_secure_element_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice)
diff --git a/public/hal_sensors.te b/public/hal_sensors.te
index 9d7cbe9..06e76f1 100644
--- a/public/hal_sensors.te
+++ b/public/hal_sensors.te
@@ -1,8 +1,7 @@
# HwBinder IPC from client to server
binder_call(hal_sensors_client, hal_sensors_server)
-add_hwservice(hal_sensors_server, hal_sensors_hwservice)
-allow hal_sensors_client hal_sensors_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_sensors, hal_sensors_hwservice)
# Allow sensor hals to access ashmem memory allocated by apps
allow hal_sensors { appdomain -isolated_app }:fd use;
diff --git a/public/hal_system_suspend.te b/public/hal_system_suspend.te
new file mode 100644
index 0000000..21c6cb6
--- /dev/null
+++ b/public/hal_system_suspend.te
@@ -0,0 +1,11 @@
+binder_call(hal_system_suspend_client, hal_system_suspend_server)
+binder_call(hal_system_suspend_server, hal_system_suspend_client)
+
+# To preserve the semantics of wakelock_use macro, not all clients of
+# system_suspend_hwservice have hal_system_suspend_client attribute. For that
+# reason we don't use hal_attribute_hwservice macro here.
+add_hwservice(hal_system_suspend_server, system_suspend_hwservice)
+allow hal_system_suspend_client system_suspend_hwservice:hwservice_manager find;
+
+allow hal_system_suspend_server sysfs_power:file rw_file_perms;
+allow hal_system_suspend_server system_server:fd use;
diff --git a/public/hal_telephony.te b/public/hal_telephony.te
index 5f8cc41..7e6212c 100644
--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te
@@ -2,8 +2,7 @@
binder_call(hal_telephony_client, hal_telephony_server)
binder_call(hal_telephony_server, hal_telephony_client)
-add_hwservice(hal_telephony_server, hal_telephony_hwservice)
-allow hal_telephony_client hal_telephony_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice)
allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
@@ -38,9 +37,8 @@
# Access to wake locks
wakelock_use(hal_telephony_server)
-r_dir_file(hal_telephony_server, proc_net)
+r_dir_file(hal_telephony_server, proc_net_type)
r_dir_file(hal_telephony_server, sysfs_type)
-r_dir_file(hal_telephony_server, system_file)
# granting the ioctl permission for hal_telephony_server should be device specific
allow hal_telephony_server self:socket create_socket_perms_no_ioctl;
diff --git a/public/hal_tetheroffload.te b/public/hal_tetheroffload.te
index 48d67a2..cf51723 100644
--- a/public/hal_tetheroffload.te
+++ b/public/hal_tetheroffload.te
@@ -2,7 +2,7 @@
binder_call(hal_tetheroffload_client, hal_tetheroffload_server)
binder_call(hal_tetheroffload_server, hal_tetheroffload_client)
-allow hal_tetheroffload_client hal_tetheroffload_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_tetheroffload, hal_tetheroffload_hwservice)
# allow the client to pass the server already open netlink sockets
allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write };
diff --git a/public/hal_thermal.te b/public/hal_thermal.te
index b1764f1..2115da1 100644
--- a/public/hal_thermal.te
+++ b/public/hal_thermal.te
@@ -2,5 +2,4 @@
binder_call(hal_thermal_client, hal_thermal_server)
binder_call(hal_thermal_server, hal_thermal_client)
-add_hwservice(hal_thermal_server, hal_thermal_hwservice)
-allow hal_thermal_client hal_thermal_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_thermal, hal_thermal_hwservice)
diff --git a/public/hal_tv_cec.te b/public/hal_tv_cec.te
index 7719cae..6584904 100644
--- a/public/hal_tv_cec.te
+++ b/public/hal_tv_cec.te
@@ -2,5 +2,4 @@
binder_call(hal_tv_cec_client, hal_tv_cec_server)
binder_call(hal_tv_cec_server, hal_tv_cec_client)
-add_hwservice(hal_tv_cec_server, hal_tv_cec_hwservice)
-allow hal_tv_cec_client hal_tv_cec_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_tv_cec, hal_tv_cec_hwservice)
diff --git a/public/hal_tv_input.te b/public/hal_tv_input.te
index 31a0067..5a5bdda 100644
--- a/public/hal_tv_input.te
+++ b/public/hal_tv_input.te
@@ -2,5 +2,4 @@
binder_call(hal_tv_input_client, hal_tv_input_server)
binder_call(hal_tv_input_server, hal_tv_input_client)
-add_hwservice(hal_tv_input_server, hal_tv_input_hwservice)
-allow hal_tv_input_client hal_tv_input_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice)
diff --git a/public/hal_usb.te b/public/hal_usb.te
index 9cfd516..b8034b8 100644
--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@@ -2,8 +2,7 @@
binder_call(hal_usb_client, hal_usb_server)
binder_call(hal_usb_server, hal_usb_client)
-add_hwservice(hal_usb_server, hal_usb_hwservice)
-allow hal_usb_client hal_usb_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_usb, hal_usb_hwservice)
allow hal_usb self:netlink_kobject_uevent_socket create;
allow hal_usb self:netlink_kobject_uevent_socket setopt;
diff --git a/public/hal_usb_gadget.te b/public/hal_usb_gadget.te
index 16f4f08..a474652 100644
--- a/public/hal_usb_gadget.te
+++ b/public/hal_usb_gadget.te
@@ -2,13 +2,12 @@
binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
-add_hwservice(hal_usb_gadget_server, hal_usb_gadget_hwservice)
-allow hal_usb_gadget_client hal_usb_gadget_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)
# Configuring usb gadget functions
allow hal_usb_gadget_server configfs:lnk_file { read create unlink};
allow hal_usb_gadget_server configfs:dir rw_dir_perms;
-allow hal_usb_gadget_server configfs:file rw_file_perms;
+allow hal_usb_gadget_server configfs:file create_file_perms;
allow hal_usb_gadget_server functionfs:dir { read search };
allow hal_usb_gadget_server functionfs:file read;
diff --git a/public/hal_vehicle.te b/public/hal_vehicle.te
index a59f8d2..6855d14 100644
--- a/public/hal_vehicle.te
+++ b/public/hal_vehicle.te
@@ -2,6 +2,5 @@
binder_call(hal_vehicle_client, hal_vehicle_server)
binder_call(hal_vehicle_server, hal_vehicle_client)
-add_hwservice(hal_vehicle_server, hal_vehicle_hwservice)
-allow hal_vehicle_client hal_vehicle_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice)
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
index 9ce34ca..ab6138d 100644
--- a/public/hal_vibrator.te
+++ b/public/hal_vibrator.te
@@ -1,8 +1,7 @@
# HwBinder IPC from client to server
binder_call(hal_vibrator_client, hal_vibrator_server)
-add_hwservice(hal_vibrator_server, hal_vibrator_hwservice)
-allow hal_vibrator_client hal_vibrator_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice)
# vibrator sysfs rw access
allow hal_vibrator sysfs_vibrator:file rw_file_perms;
diff --git a/public/hal_vr.te b/public/hal_vr.te
index 3cb392d..e52c77f 100644
--- a/public/hal_vr.te
+++ b/public/hal_vr.te
@@ -2,5 +2,4 @@
binder_call(hal_vr_client, hal_vr_server)
binder_call(hal_vr_server, hal_vr_client)
-add_hwservice(hal_vr_server, hal_vr_hwservice)
-allow hal_vr_client hal_vr_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_vr, hal_vr_hwservice)
diff --git a/public/hal_weaver.te b/public/hal_weaver.te
index b80ba29..36d1306 100644
--- a/public/hal_weaver.te
+++ b/public/hal_weaver.te
@@ -1,5 +1,4 @@
# HwBinder IPC from client to server
binder_call(hal_weaver_client, hal_weaver_server)
-add_hwservice(hal_weaver_server, hal_weaver_hwservice)
-allow hal_weaver_client hal_weaver_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice)
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 7cea7c7..f735be5 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -2,10 +2,9 @@
binder_call(hal_wifi_client, hal_wifi_server)
binder_call(hal_wifi_server, hal_wifi_client)
-add_hwservice(hal_wifi_server, hal_wifi_hwservice)
-allow hal_wifi_client hal_wifi_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice)
-r_dir_file(hal_wifi, proc_net)
+r_dir_file(hal_wifi, proc_net_type)
r_dir_file(hal_wifi, sysfs_type)
set_prop(hal_wifi, exported_wifi_prop)
diff --git a/public/hal_wifi_hostapd.te b/public/hal_wifi_hostapd.te
index 03a5546..12d72b6 100644
--- a/public/hal_wifi_hostapd.te
+++ b/public/hal_wifi_hostapd.te
@@ -2,15 +2,14 @@
binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server)
binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client)
-add_hwservice(hal_wifi_hostapd_server, hal_wifi_hostapd_hwservice)
-allow hal_wifi_hostapd_client hal_wifi_hostapd_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice)
allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw };
allow hal_wifi_hostapd_server sysfs_net:dir search;
# Allow hal_wifi_hostapd to access /proc/net/psched
-allow hal_wifi_hostapd_server proc_net:file { getattr open read };
+allow hal_wifi_hostapd_server proc_net_type:file { getattr open read };
# Various socket permissions.
allowxperm hal_wifi_hostapd_server self:udp_socket ioctl priv_sock_ioctls;
diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te
index dc0cf5a..765e72a 100644
--- a/public/hal_wifi_offload.te
+++ b/public/hal_wifi_offload.te
@@ -2,8 +2,7 @@
binder_call(hal_wifi_offload_client, hal_wifi_offload_server)
binder_call(hal_wifi_offload_server, hal_wifi_offload_client)
-add_hwservice(hal_wifi_offload_server, hal_wifi_offload_hwservice)
-allow hal_wifi_offload_client hal_wifi_offload_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_wifi_offload, hal_wifi_offload_hwservice)
-r_dir_file(hal_wifi_offload, proc_net)
+r_dir_file(hal_wifi_offload, proc_net_type)
r_dir_file(hal_wifi_offload, sysfs_type)
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 6bf0d32..6004c33 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -2,14 +2,13 @@
binder_call(hal_wifi_supplicant_client, hal_wifi_supplicant_server)
binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
-add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
-allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
-r_dir_file(hal_wifi_supplicant, proc_net)
+r_dir_file(hal_wifi_supplicant, proc_net_type)
allow hal_wifi_supplicant kernel:system module_request;
allow hal_wifi_supplicant self:global_capability_class_set { setuid net_admin setgid net_raw };
diff --git a/public/healthd.te b/public/healthd.te
index 8a1d3ec..a383dcf 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -1,19 +1,17 @@
# healthd - battery/charger monitoring service daemon
type healthd, domain;
-type healthd_exec, exec_type, file_type;
+type healthd_exec, system_file_type, exec_type, file_type;
# Write to /dev/kmsg
allow healthd kmsg_device:chr_file rw_file_perms;
# Read access to pseudo filesystems.
allow healthd sysfs_type:dir search;
+# Allow to read /sys/class/power_supply directory.
+allow healthd sysfs:dir r_dir_perms;
r_dir_file(healthd, rootfs)
r_dir_file(healthd, cgroup)
-# Read access to system files for passthrough HALs in
-# /{system,vendor,odm}/lib[64]/hw/
-r_dir_file(healthd, system_file)
-
allow healthd self:global_capability_class_set { sys_tty_config };
allow healthd self:global_capability_class_set sys_boot;
diff --git a/public/hwservice.te b/public/hwservice.te
index 5fba86a..e5c254e 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -2,6 +2,8 @@
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
+type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hal_atrace_hwservice, hwservice_manager_type;
type hal_audiocontrol_hwservice, hwservice_manager_type;
type hal_audio_hwservice, hwservice_manager_type;
type hal_authsecret_hwservice, hwservice_manager_type;
@@ -24,6 +26,7 @@
type hal_graphics_composer_hwservice, hwservice_manager_type;
type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
type hal_health_hwservice, hwservice_manager_type;
+type hal_health_storage_hwservice, hwservice_manager_type;
type hal_ir_hwservice, hwservice_manager_type;
type hal_keymaster_hwservice, hwservice_manager_type;
type hal_light_hwservice, hwservice_manager_type;
@@ -58,5 +61,6 @@
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
+type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
type thermalcallback_hwservice, hwservice_manager_type;
diff --git a/public/hwservicemanager.te b/public/hwservicemanager.te
index 1ffd2a6..7f03815 100644
--- a/public/hwservicemanager.te
+++ b/public/hwservicemanager.te
@@ -1,6 +1,6 @@
# hwservicemanager - the Binder context manager for HAL services
type hwservicemanager, domain, mlstrustedsubject;
-type hwservicemanager_exec, exec_type, file_type;
+type hwservicemanager_exec, system_file_type, exec_type, file_type;
# Note that we do not use the binder_* macros here.
# hwservicemanager provides name service (aka context manager)
diff --git a/public/idmap.te b/public/idmap.te
index 3f336a3..0899faa 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -1,6 +1,6 @@
# idmap, when executed by installd
type idmap, domain;
-type idmap_exec, exec_type, file_type;
+type idmap_exec, system_file_type, exec_type, file_type;
# Use open file to /data/resource-cache file inherited from installd.
allow idmap installd:fd use;
diff --git a/public/init.te b/public/init.te
index dafc06f..c2938ad 100644
--- a/public/init.te
+++ b/public/init.te
@@ -2,7 +2,7 @@
type init, domain, mlstrustedsubject;
# The init domain is entered by execing init.
-type init_exec, exec_type, file_type;
+type init_exec, system_file_type, exec_type, file_type;
# /dev/__null__ node created by init.
allow init tmpfs:chr_file { create setattr unlink rw_file_perms };
@@ -20,7 +20,7 @@
# /dev/__properties__
allow init properties_device:dir relabelto;
allow init properties_serial:file { write relabelto };
-allow init property_type:file { create_file_perms relabelto };
+allow init property_type:file { append create getattr map open read relabelto rename setattr unlink write };
# /dev/__properties__/property_info
allow init properties_device:file create_file_perms;
allow init property_info:file relabelto;
@@ -29,8 +29,8 @@
allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
# /dev/socket
allow init { device socket_device }:dir relabelto;
-# /dev/random, /dev/urandom
-allow init random_device:chr_file relabelto;
+# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom
+allow init { null_device ptmx_device random_device } : chr_file relabelto;
# /dev/device-mapper, /dev/block(/.*)?
allow init tmpfs:{ chr_file blk_file } relabelfrom;
allow init tmpfs:blk_file getattr;
@@ -80,6 +80,9 @@
# Mount on /dev/usb-ffs/adb.
allow init device:dir mounton;
+# Mount tmpfs on /apex
+allow init apex_mnt_dir:dir mounton;
+
# Create and remove symlinks in /.
allow init rootfs:lnk_file { create unlink };
@@ -90,7 +93,7 @@
allow init tmpfs:dir create_dir_perms;
allow init tmpfs:dir mounton;
allow init cgroup:dir create_dir_perms;
-r_dir_file(init, cgroup)
+allow init cgroup:file rw_file_perms;
allow init cpuctl_device:dir { create mounton };
# /config
@@ -105,7 +108,7 @@
allow init tmpfs:dir relabelfrom;
# Create directories under /dev/cpuctl after chowning it to system.
-allow init self:global_capability_class_set dac_override;
+allow init self:global_capability_class_set { dac_override dac_read_search };
# Set system clock.
allow init self:global_capability_class_set sys_time;
@@ -114,6 +117,7 @@
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
+allowxperm init dev_type:blk_file ioctl BLKROSET;
# Mounting filesystems.
# Only allow relabelto for types used in context= mount options,
@@ -145,8 +149,9 @@
-exec_type
-misc_logd_file
-nativetest_data_file
+ -privapp_data_file
-system_app_data_file
- -system_file
+ -system_file_type
-vendor_file_type
}:dir { create search getattr open read setattr ioctl };
@@ -154,12 +159,14 @@
file_type
-app_data_file
-exec_type
+ -iorapd_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
+ -privapp_data_file
-shell_data_file
-system_app_data_file
- -system_file
+ -system_file_type
-vendor_file_type
-vold_data_file
}:dir { write add_name remove_name rmdir relabelfrom };
@@ -167,49 +174,58 @@
allow init {
file_type
-app_data_file
- -runtime_event_log_tags_file
-exec_type
+ -iorapd_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
+ -privapp_data_file
+ -runtime_event_log_tags_file
-shell_data_file
-system_app_data_file
- -system_file
+ -system_file_type
-vendor_file_type
-vold_data_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow init {
file_type
-app_data_file
-exec_type
+ -iorapd_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
+ -privapp_data_file
-shell_data_file
-system_app_data_file
- -system_file
+ -system_file_type
-vendor_file_type
-vold_data_file
}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
allow init {
file_type
+ -apex_mnt_dir
-app_data_file
-exec_type
+ -iorapd_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
+ -privapp_data_file
-shell_data_file
-system_app_data_file
- -system_file
+ -system_file_type
-vendor_file_type
-vold_data_file
}:lnk_file { create getattr setattr relabelfrom unlink };
allow init cache_file:lnk_file r_file_perms;
-allow init { file_type -system_file -vendor_file_type -exec_type }:dir_file_class_set relabelto;
+allow init { file_type -system_file_type -vendor_file_type -exec_type }:dir_file_class_set relabelto;
+# does init really need to relabel app data?
+userdebug_or_eng(`auditallow init { app_data_file privapp_data_file }:dir_file_class_set relabelto;')
allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom };
allow init { sysfs_type debugfs_type }:{ dir file lnk_file } { relabelto getattr };
allow init dev_type:dir create_dir_perms;
@@ -227,46 +243,41 @@
allow init {
fs_type
-contextmount_type
- -proc
+ -keychord_device
+ -proc_type
-sdcard_type
-sysfs_type
-rootfs
}:file { open read setattr };
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search };
-# init should not be able to read or open generic devices
-# TODO: auditing to see if this can be deleted entirely
allow init {
- dev_type
- -kmem_device
- -port_device
- -device
- -vndbinder_device
- }:chr_file { read open };
-auditallow init {
- dev_type
- -alarm_device
- -ashmem_device
- -binder_device
- -console_device
- -device
- -devpts
- -dm_device
- -hwbinder_device
- -hw_random_device
- -keychord_device
- -kmem_device
- -kmsg_device
- -null_device
- -owntty_device
- -port_device
- -ptmx_device
- -random_device
- -zero_device
+ alarm_device
+ ashmem_device
+ binder_device
+ console_device
+ devpts
+ dm_device
+ hwbinder_device
+ hw_random_device
+ input_device
+ kmsg_device
+ null_device
+ owntty_device
+ pmsg_device
+ ptmx_device
+ random_device
+ tty_device
+ zero_device
}:chr_file { read open };
# chown/chmod on devices.
-allow init { dev_type -kmem_device -port_device }:chr_file setattr;
+allow init {
+ dev_type
+ -keychord_device
+ -kmem_device
+ -port_device
+}:chr_file setattr;
# Unlabeled file access for upgrades from 4.2.
allow init unlabeled:dir { create_dir_perms relabelfrom };
@@ -278,7 +289,12 @@
allow init self:global_capability2_class_set syslog;
# init access to /proc.
-r_dir_file(init, proc_net)
+r_dir_file(init, proc_net_type)
+
+userdebug_or_eng(`
+ # Overlayfs workdir write access check during mount to permit remount,rw
+ allow init overlayfs_file:dir { relabelfrom mounton write };
+')
allow init {
proc_cmdline
@@ -296,7 +312,7 @@
proc_hostname
proc_hung_task
proc_extra_free_kbytes
- proc_net
+ proc_net_type
proc_max_map_count
proc_min_free_order_shift
proc_overcommit_memory
@@ -311,6 +327,18 @@
proc_security
}:file rw_file_perms;
+# init chmod/chown access to /proc files.
+allow init {
+ proc_cmdline
+ proc_kmsg
+ proc_net
+ proc_qtaguid_stat
+ proc_slabinfo
+ proc_sysrq
+ proc_qtaguid_ctrl
+ proc_vmallocinfo
+}:file setattr;
+
# init access to /sys files.
allow init {
sysfs_android_usb
@@ -439,9 +467,9 @@
# only ever accessed by init.
allow init device:file create_file_perms;
-# keychord configuration
-allow init self:global_capability_class_set sys_tty_config;
-allow init keychord_device:chr_file rw_file_perms;
+# keychord retrieval from /dev/input/ devices
+allow init input_device:dir r_dir_perms;
+allow init input_device:chr_file rw_file_perms;
# Access device mapper for setting up dm-verity
allow init dm_device:chr_file rw_file_perms;
@@ -462,6 +490,12 @@
# Allow init to create /data/unencrypted
allow init unencrypted_data_file:dir create_dir_perms;
+# Set encryption policy on dirs in /data
+allowxperm init data_file_type:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_SET_ENCRYPTION_POLICY
+};
+
# Allow init to write to /proc/sys/vm/overcommit_memory
allow init proc_overcommit_memory:file { write };
@@ -481,6 +515,14 @@
allow init vold_metadata_file:dir create_dir_perms;
allow init vold_metadata_file:file getattr;
+# Allow init to use binder
+binder_use(init);
+allow init apex_service:service_manager find;
+# Allow servicemanager to pass it
+allow servicemanager init:binder transfer;
+# Allow calls from init to apexd
+allow init apexd:binder call;
+
###
### neverallow rules
###
@@ -493,13 +535,16 @@
# Never read/follow symlinks created by shell or untrusted apps.
neverallow init shell_data_file:lnk_file read;
-neverallow init app_data_file:lnk_file read;
+neverallow init { app_data_file privapp_data_file }:lnk_file read;
# init should never execute a program without changing to another domain.
neverallow init { file_type fs_type }:file execute_no_trans;
-# Init never adds or uses services via service_manager.
-neverallow init service_manager_type:service_manager { add find };
+# init can only find the APEX service
+neverallow init { service_manager_type -apex_service }:service_manager { find };
+# init can never add binder services
+neverallow init service_manager_type:service_manager { add };
+# init can never list binder services
neverallow init servicemanager:service_manager list;
# Init should not be creating subdirectories in /data/local/tmp
@@ -507,3 +552,6 @@
# Init should not access sysfs node that are not explicitly labeled.
neverallow init sysfs:file { open read write };
+
+# No domain should be allowed to ptrace init.
+neverallow * init:process ptrace;
diff --git a/public/inputflinger.te b/public/inputflinger.te
index e5f12a0..f206c05 100644
--- a/public/inputflinger.te
+++ b/public/inputflinger.te
@@ -1,6 +1,6 @@
# inputflinger
type inputflinger, domain;
-type inputflinger_exec, exec_type, file_type;
+type inputflinger_exec, system_file_type, exec_type, file_type;
binder_use(inputflinger)
binder_service(inputflinger)
diff --git a/public/install_recovery.te b/public/install_recovery.te
index ab68838..0aee9ab 100644
--- a/public/install_recovery.te
+++ b/public/install_recovery.te
@@ -1,8 +1,8 @@
# service flash_recovery in init.rc
type install_recovery, domain;
-type install_recovery_exec, exec_type, file_type;
+type install_recovery_exec, system_file_type, exec_type, file_type;
-allow install_recovery self:global_capability_class_set dac_override;
+allow install_recovery self:global_capability_class_set { dac_override dac_read_search };
# /system/bin/install-recovery.sh is a shell script.
# Needs to execute /system/bin/sh
diff --git a/public/installd.te b/public/installd.te
index 6aba962..f21cef9 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -1,8 +1,8 @@
# installer daemon
type installd, domain;
-type installd_exec, exec_type, file_type;
+type installd_exec, system_file_type, exec_type, file_type;
typeattribute installd mlstrustedsubject;
-allow installd self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid sys_admin };
+allow installd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin };
# Allow labeling of files under /data/app/com.example/oat/
allow installd dalvikcache_data_file:dir relabelto;
@@ -13,6 +13,12 @@
allow installd apk_data_file:file { create_file_perms relabelfrom link };
allow installd apk_data_file:lnk_file { create r_file_perms unlink };
+# FS_IOC_ENABLE_VERITY and FS_IOC_SET_VERITY_MEASUREMENT ioctls
+# on APKs in /data/app, to support fsverity
+allowxperm installd apk_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_SET_VERITY_MEASUREMENT
+};
+
allow installd asec_apk_file:file r_file_perms;
allow installd apk_tmp_file:file { r_file_perms unlink };
allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
@@ -103,6 +109,7 @@
radio_data_file
shell_data_file
app_data_file
+ privapp_data_file
}:dir { create_dir_perms relabelfrom relabelto };
allow installd {
@@ -112,6 +119,7 @@
radio_data_file
shell_data_file
app_data_file
+ privapp_data_file
}:notdevfile_class_set { create_file_perms relabelfrom relabelto };
# Similar for the files under /data/misc/profiles/
diff --git a/public/ioctl_defines b/public/ioctl_defines
index 4097fb9..a463023 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -1,786 +1,1814 @@
-define(`FIBMAP', `0x00000001')
-define(`FIGETBSZ', `0x00000002')
-define(`FDCLRPRM', `0x00000241')
-define(`FDMSGON', `0x00000245')
-define(`FDMSGOFF', `0x00000246')
-define(`FDFMTBEG', `0x00000247')
-define(`FDFMTEND', `0x00000249')
-define(`FDSETEMSGTRESH', `0x0000024a')
-define(`FDFLUSH', `0x0000024b')
-define(`FDRESET', `0x00000254')
-define(`FDWERRORCLR', `0x00000256')
-define(`FDRAWCMD', `0x00000258')
-define(`FDTWADDLE', `0x00000259')
-define(`FDEJECT', `0x0000025a')
-define(`HDIO_GETGEO', `0x00000301')
-define(`HDIO_GET_UNMASKINTR', `0x00000302')
-define(`HDIO_GET_MULTCOUNT', `0x00000304')
-define(`HDIO_GET_QDMA', `0x00000305')
-define(`HDIO_SET_XFER', `0x00000306')
-define(`HDIO_OBSOLETE_IDENTITY', `0x00000307')
-define(`HDIO_GET_KEEPSETTINGS', `0x00000308')
-define(`HDIO_GET_32BIT', `0x00000309')
-define(`HDIO_GET_NOWERR', `0x0000030a')
-define(`HDIO_GET_DMA', `0x0000030b')
-define(`HDIO_GET_NICE', `0x0000030c')
-define(`HDIO_GET_IDENTITY', `0x0000030d')
-define(`HDIO_GET_WCACHE', `0x0000030e')
-define(`HDIO_GET_ACOUSTIC', `0x0000030f')
-define(`HDIO_GET_ADDRESS', `0x00000310')
-define(`HDIO_GET_BUSSTATE', `0x0000031a')
-define(`HDIO_TRISTATE_HWIF', `0x0000031b')
-define(`HDIO_DRIVE_RESET', `0x0000031c')
-define(`HDIO_DRIVE_TASKFILE', `0x0000031d')
-define(`HDIO_DRIVE_TASK', `0x0000031e')
-define(`HDIO_DRIVE_CMD', `0x0000031f')
-define(`HDIO_SET_MULTCOUNT', `0x00000321')
-define(`HDIO_SET_UNMASKINTR', `0x00000322')
-define(`HDIO_SET_KEEPSETTINGS', `0x00000323')
-define(`HDIO_SET_32BIT', `0x00000324')
-define(`HDIO_SET_NOWERR', `0x00000325')
-define(`HDIO_SET_DMA', `0x00000326')
-define(`HDIO_SET_PIO_MODE', `0x00000327')
-define(`HDIO_SCAN_HWIF', `0x00000328')
-define(`HDIO_SET_NICE', `0x00000329')
-define(`HDIO_UNREGISTER_HWIF', `0x0000032a')
-define(`HDIO_SET_WCACHE', `0x0000032b')
-define(`HDIO_SET_ACOUSTIC', `0x0000032c')
-define(`HDIO_SET_BUSSTATE', `0x0000032d')
-define(`HDIO_SET_QDMA', `0x0000032e')
-define(`HDIO_SET_ADDRESS', `0x0000032f')
-define(`IOCTL_VMCI_VERSION', `0x0000079f')
-define(`IOCTL_VMCI_INIT_CONTEXT', `0x000007a0')
-define(`IOCTL_VMCI_QUEUEPAIR_SETVA', `0x000007a4')
-define(`IOCTL_VMCI_NOTIFY_RESOURCE', `0x000007a5')
-define(`IOCTL_VMCI_NOTIFICATIONS_RECEIVE', `0x000007a6')
-define(`IOCTL_VMCI_VERSION2', `0x000007a7')
-define(`IOCTL_VMCI_QUEUEPAIR_ALLOC', `0x000007a8')
-define(`IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE', `0x000007a9')
-define(`IOCTL_VMCI_QUEUEPAIR_DETACH', `0x000007aa')
-define(`IOCTL_VMCI_DATAGRAM_SEND', `0x000007ab')
-define(`IOCTL_VMCI_DATAGRAM_RECEIVE', `0x000007ac')
-define(`IOCTL_VMCI_CTX_ADD_NOTIFICATION', `0x000007af')
-define(`IOCTL_VMCI_CTX_REMOVE_NOTIFICATION', `0x000007b0')
-define(`IOCTL_VMCI_CTX_GET_CPT_STATE', `0x000007b1')
-define(`IOCTL_VMCI_CTX_SET_CPT_STATE', `0x000007b2')
-define(`IOCTL_VMCI_GET_CONTEXT_ID', `0x000007b3')
-define(`IOCTL_VMCI_SOCKETS_VERSION', `0x000007b4')
-define(`IOCTL_VMCI_SOCKETS_GET_AF_VALUE', `0x000007b8')
-define(`IOCTL_VMCI_SOCKETS_GET_LOCAL_CID', `0x000007b9')
-define(`IOCTL_VM_SOCKETS_GET_LOCAL_CID', `0x000007b9')
-define(`IOCTL_VMCI_SET_NOTIFY', `0x000007cb')
-define(`RAID_AUTORUN', `0x00000914')
-define(`CLEAR_ARRAY', `0x00000920')
-define(`HOT_REMOVE_DISK', `0x00000922')
-define(`SET_DISK_INFO', `0x00000924')
-define(`WRITE_RAID_INFO', `0x00000925')
-define(`UNPROTECT_ARRAY', `0x00000926')
-define(`PROTECT_ARRAY', `0x00000927')
-define(`HOT_ADD_DISK', `0x00000928')
-define(`SET_DISK_FAULTY', `0x00000929')
-define(`HOT_GENERATE_ERROR', `0x0000092a')
-define(`STOP_ARRAY', `0x00000932')
-define(`STOP_ARRAY_RO', `0x00000933')
-define(`RESTART_ARRAY_RW', `0x00000934')
-define(`BLKROSET', `0x0000125d')
-define(`BLKROGET', `0x0000125e')
-define(`BLKRRPART', `0x0000125f')
-define(`BLKGETSIZE', `0x00001260')
-define(`BLKFLSBUF', `0x00001261')
-define(`BLKRASET', `0x00001262')
-define(`BLKRAGET', `0x00001263')
-define(`BLKFRASET', `0x00001264')
-define(`BLKFRAGET', `0x00001265')
-define(`BLKSECTSET', `0x00001266')
-define(`BLKSECTGET', `0x00001267')
-define(`BLKSSZGET', `0x00001268')
-define(`BLKPG', `0x00001269')
-define(`BLKTRACESTART', `0x00001274')
-define(`BLKTRACESTOP', `0x00001275')
-define(`BLKTRACETEARDOWN', `0x00001276')
-define(`BLKDISCARD', `0x00001277')
-define(`BLKIOMIN', `0x00001278')
-define(`BLKIOOPT', `0x00001279')
-define(`BLKALIGNOFF', `0x0000127a')
-define(`BLKPBSZGET', `0x0000127b')
-define(`BLKDISCARDZEROES', `0x0000127c')
-define(`BLKSECDISCARD', `0x0000127d')
-define(`BLKROTATIONAL', `0x0000127e')
-define(`BLKZEROOUT', `0x0000127f')
-define(`IB_USER_MAD_ENABLE_PKEY', `0x00001b03')
-define(`SG_SET_TIMEOUT', `0x00002201')
-define(`SG_GET_TIMEOUT', `0x00002202')
-define(`SG_EMULATED_HOST', `0x00002203')
-define(`SG_SET_TRANSFORM', `0x00002204')
-define(`SG_GET_TRANSFORM', `0x00002205')
-define(`SG_GET_COMMAND_Q', `0x00002270')
-define(`SG_SET_COMMAND_Q', `0x00002271')
-define(`SG_GET_RESERVED_SIZE', `0x00002272')
-define(`SG_SET_RESERVED_SIZE', `0x00002275')
-define(`SG_GET_SCSI_ID', `0x00002276')
-define(`SG_SET_FORCE_LOW_DMA', `0x00002279')
-define(`SG_GET_LOW_DMA', `0x0000227a')
-define(`SG_SET_FORCE_PACK_ID', `0x0000227b')
-define(`SG_GET_PACK_ID', `0x0000227c')
-define(`SG_GET_NUM_WAITING', `0x0000227d')
-define(`SG_SET_DEBUG', `0x0000227e')
-define(`SG_GET_SG_TABLESIZE', `0x0000227f')
-define(`SG_GET_VERSION_NUM', `0x00002282')
-define(`SG_NEXT_CMD_LEN', `0x00002283')
-define(`SG_SCSI_RESET', `0x00002284')
-define(`SG_IO', `0x00002285')
-define(`SG_GET_REQUEST_TABLE', `0x00002286')
-define(`SG_SET_KEEP_ORPHAN', `0x00002287')
-define(`SG_GET_KEEP_ORPHAN', `0x00002288')
-define(`SG_GET_ACCESS_COUNT', `0x00002289')
-define(`FW_CDEV_IOC_GET_SPEED', `0x00002311')
-define(`PERF_EVENT_IOC_ENABLE', `0x00002400')
-define(`PERF_EVENT_IOC_DISABLE', `0x00002401')
-define(`PERF_EVENT_IOC_REFRESH', `0x00002402')
-define(`PERF_EVENT_IOC_RESET', `0x00002403')
-define(`PERF_EVENT_IOC_SET_OUTPUT', `0x00002405')
-define(`SNAPSHOT_FREEZE', `0x00003301')
-define(`SNAPSHOT_UNFREEZE', `0x00003302')
-define(`SNAPSHOT_ATOMIC_RESTORE', `0x00003304')
-define(`SNAPSHOT_FREE', `0x00003305')
-define(`SNAPSHOT_FREE_SWAP_PAGES', `0x00003309')
-define(`SNAPSHOT_S2RAM', `0x0000330b')
-define(`SNAPSHOT_PLATFORM_SUPPORT', `0x0000330f')
-define(`SNAPSHOT_POWER_OFF', `0x00003310')
-define(`SNAPSHOT_PREF_IMAGE_SIZE', `0x00003312')
-define(`VFIO_GET_API_VERSION', `0x00003b64')
-define(`VFIO_CHECK_EXTENSION', `0x00003b65')
-define(`VFIO_SET_IOMMU', `0x00003b66')
-define(`VFIO_GROUP_GET_STATUS', `0x00003b67')
-define(`VFIO_GROUP_SET_CONTAINER', `0x00003b68')
-define(`VFIO_GROUP_UNSET_CONTAINER', `0x00003b69')
-define(`VFIO_GROUP_GET_DEVICE_FD', `0x00003b6a')
-define(`VFIO_DEVICE_GET_INFO', `0x00003b6b')
-define(`VFIO_DEVICE_GET_REGION_INFO', `0x00003b6c')
-define(`VFIO_DEVICE_GET_IRQ_INFO', `0x00003b6d')
-define(`VFIO_DEVICE_SET_IRQS', `0x00003b6e')
-define(`VFIO_DEVICE_RESET', `0x00003b6f')
-define(`VFIO_DEVICE_GET_PCI_HOT_RESET_INFO', `0x00003b70')
-define(`VFIO_IOMMU_GET_INFO', `0x00003b70')
-define(`VFIO_IOMMU_SPAPR_TCE_GET_INFO', `0x00003b70')
-define(`VFIO_DEVICE_PCI_HOT_RESET', `0x00003b71')
-define(`VFIO_IOMMU_MAP_DMA', `0x00003b71')
-define(`VFIO_IOMMU_UNMAP_DMA', `0x00003b72')
-define(`VFIO_IOMMU_ENABLE', `0x00003b73')
-define(`VFIO_IOMMU_DISABLE', `0x00003b74')
-define(`VFIO_EEH_PE_OP', `0x00003b79')
-define(`AGPIOC_ACQUIRE', `0x00004101')
-define(`APM_IOC_STANDBY', `0x00004101')
-define(`AGPIOC_RELEASE', `0x00004102')
-define(`APM_IOC_SUSPEND', `0x00004102')
-define(`AGPIOC_CHIPSET_FLUSH', `0x0000410a')
-define(`SNDRV_PCM_IOCTL_HW_FREE', `0x00004112')
-define(`SNDRV_PCM_IOCTL_HWSYNC', `0x00004122')
-define(`SNDRV_PCM_IOCTL_PREPARE', `0x00004140')
-define(`SNDRV_PCM_IOCTL_RESET', `0x00004141')
-define(`SNDRV_PCM_IOCTL_START', `0x00004142')
-define(`SNDRV_PCM_IOCTL_DROP', `0x00004143')
-define(`SNDRV_PCM_IOCTL_DRAIN', `0x00004144')
-define(`SNDRV_PCM_IOCTL_RESUME', `0x00004147')
-define(`SNDRV_PCM_IOCTL_XRUN', `0x00004148')
-define(`SNDRV_PCM_IOCTL_UNLINK', `0x00004161')
-define(`IOCTL_XENBUS_BACKEND_EVTCHN', `0x00004200')
-define(`PMU_IOC_SLEEP', `0x00004200')
-define(`IOCTL_XENBUS_BACKEND_SETUP', `0x00004201')
-define(`CCISS_REVALIDVOLS', `0x0000420a')
-define(`CCISS_DEREGDISK', `0x0000420c')
-define(`CCISS_REGNEWD', `0x0000420e')
-define(`CCISS_RESCANDISK', `0x00004210')
-define(`SNDCTL_COPR_RESET', `0x00004300')
-define(`SNDRV_COMPRESS_PAUSE', `0x00004330')
-define(`SNDRV_COMPRESS_RESUME', `0x00004331')
-define(`SNDRV_COMPRESS_START', `0x00004332')
-define(`SNDRV_COMPRESS_STOP', `0x00004333')
-define(`SNDRV_COMPRESS_DRAIN', `0x00004334')
-define(`SNDRV_COMPRESS_NEXT_TRACK', `0x00004335')
-define(`SNDRV_COMPRESS_PARTIAL_DRAIN', `0x00004336')
-define(`IOCTL_EVTCHN_RESET', `0x00004505')
-define(`FBIOGET_VSCREENINFO', `0x00004600')
-define(`FBIOPUT_VSCREENINFO', `0x00004601')
-define(`FBIOGET_FSCREENINFO', `0x00004602')
-define(`FBIOGETCMAP', `0x00004604')
-define(`FBIOPUTCMAP', `0x00004605')
-define(`FBIOPAN_DISPLAY', `0x00004606')
-define(`FBIOGET_CON2FBMAP', `0x0000460f')
-define(`FBIOPUT_CON2FBMAP', `0x00004610')
-define(`FBIOBLANK', `0x00004611')
-define(`FBIO_ALLOC', `0x00004613')
-define(`FBIO_FREE', `0x00004614')
-define(`FBIOGET_GLYPH', `0x00004615')
-define(`FBIOGET_HWCINFO', `0x00004616')
-define(`FBIOPUT_MODEINFO', `0x00004617')
-define(`FBIOGET_DISPINFO', `0x00004618')
-define(`FBIO_WAITEVENT', `0x00004688')
-define(`GSMIOC_DISABLE_NET', `0x00004703')
-define(`HIDIOCAPPLICATION', `0x00004802')
-define(`HIDIOCINITREPORT', `0x00004805')
-define(`SNDRV_SB_CSP_IOCTL_UNLOAD_CODE', `0x00004812')
-define(`SNDRV_SB_CSP_IOCTL_STOP', `0x00004814')
-define(`SNDRV_SB_CSP_IOCTL_PAUSE', `0x00004815')
-define(`SNDRV_SB_CSP_IOCTL_RESTART', `0x00004816')
-define(`SNDRV_DM_FM_IOCTL_RESET', `0x00004821')
-define(`SNDRV_DM_FM_IOCTL_CLEAR_PATCHES', `0x00004840')
-define(`SNDRV_EMU10K1_IOCTL_STOP', `0x00004880')
-define(`SNDRV_EMU10K1_IOCTL_CONTINUE', `0x00004881')
-define(`SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER', `0x00004882')
-define(`SNDRV_EMUX_IOCTL_RESET_SAMPLES', `0x00004882')
-define(`SNDRV_EMUX_IOCTL_REMOVE_LAST_SAMPLES', `0x00004883')
-define(`SNDRV_FIREWIRE_IOCTL_LOCK', `0x000048f9')
-define(`SNDRV_FIREWIRE_IOCTL_UNLOCK', `0x000048fa')
-define(`IIOCNETAIF', `0x00004901')
-define(`IIOCNETDIF', `0x00004902')
-define(`IIOCNETSCF', `0x00004903')
-define(`IIOCNETGCF', `0x00004904')
-define(`IIOCNETANM', `0x00004905')
-define(`IIOCNETDNM', `0x00004906')
-define(`IIOCNETGNM', `0x00004907')
-define(`IIOCGETSET', `0x00004908')
-define(`IIOCSETSET', `0x00004909')
-define(`IIOCSETVER', `0x0000490a')
-define(`IIOCNETHUP', `0x0000490b')
-define(`IIOCSETGST', `0x0000490c')
-define(`IIOCSETBRJ', `0x0000490d')
-define(`IIOCSIGPRF', `0x0000490e')
-define(`IIOCGETPRF', `0x0000490f')
-define(`IIOCSETPRF', `0x00004910')
-define(`IIOCGETMAP', `0x00004911')
-define(`IIOCSETMAP', `0x00004912')
-define(`IIOCNETASL', `0x00004913')
-define(`IIOCNETDIL', `0x00004914')
-define(`IIOCGETCPS', `0x00004915')
-define(`IIOCGETDVR', `0x00004916')
-define(`IIOCNETLCR', `0x00004917')
-define(`IIOCNETDWRSET', `0x00004918')
-define(`IIOCNETALN', `0x00004920')
-define(`IIOCNETDLN', `0x00004921')
-define(`IIOCNETGPN', `0x00004922')
-define(`IIOCDBGVAR', `0x0000497f')
-define(`IIOCDRVCTL', `0x00004980')
-define(`ION_IOC_TEST_SET_FD', `0x000049f0')
-define(`KIOCSOUND', `0x00004b2f')
-define(`KDMKTONE', `0x00004b30')
-define(`KDGETLED', `0x00004b31')
-define(`KDSETLED', `0x00004b32')
-define(`KDGKBTYPE', `0x00004b33')
-define(`KDADDIO', `0x00004b34')
-define(`KDDELIO', `0x00004b35')
-define(`KDENABIO', `0x00004b36')
-define(`KDDISABIO', `0x00004b37')
-define(`KDSETMODE', `0x00004b3a')
-define(`KDGETMODE', `0x00004b3b')
-define(`KDMAPDISP', `0x00004b3c')
-define(`KDUNMAPDISP', `0x00004b3d')
-define(`GIO_SCRNMAP', `0x00004b40')
-define(`PIO_SCRNMAP', `0x00004b41')
-define(`KDGKBMODE', `0x00004b44')
-define(`KDSKBMODE', `0x00004b45')
-define(`KDGKBENT', `0x00004b46')
-define(`KDSKBENT', `0x00004b47')
-define(`KDGKBSENT', `0x00004b48')
-define(`KDSKBSENT', `0x00004b49')
-define(`KDGKBDIACR', `0x00004b4a')
-define(`KDSKBDIACR', `0x00004b4b')
-define(`KDGETKEYCODE', `0x00004b4c')
-define(`KDSETKEYCODE', `0x00004b4d')
-define(`KDSIGACCEPT', `0x00004b4e')
-define(`KDKBDREP', `0x00004b52')
-define(`GIO_FONT', `0x00004b60')
-define(`PIO_FONT', `0x00004b61')
-define(`KDGKBMETA', `0x00004b62')
-define(`KDSKBMETA', `0x00004b63')
-define(`KDGKBLED', `0x00004b64')
-define(`KDSKBLED', `0x00004b65')
-define(`GIO_UNIMAP', `0x00004b66')
-define(`PIO_UNIMAP', `0x00004b67')
-define(`PIO_UNIMAPCLR', `0x00004b68')
-define(`GIO_UNISCRNMAP', `0x00004b69')
-define(`PIO_UNISCRNMAP', `0x00004b6a')
-define(`GIO_FONTX', `0x00004b6b')
-define(`PIO_FONTX', `0x00004b6c')
-define(`PIO_FONTRESET', `0x00004b6d')
-define(`GIO_CMAP', `0x00004b70')
-define(`PIO_CMAP', `0x00004b71')
-define(`KDFONTOP', `0x00004b72')
-define(`KDGKBDIACRUC', `0x00004bfa')
-define(`KDSKBDIACRUC', `0x00004bfb')
-define(`LOOP_SET_FD', `0x00004c00')
-define(`LOOP_CLR_FD', `0x00004c01')
-define(`LOOP_SET_STATUS', `0x00004c02')
-define(`LOOP_GET_STATUS', `0x00004c03')
-define(`LOOP_SET_STATUS64', `0x00004c04')
-define(`LOOP_GET_STATUS64', `0x00004c05')
-define(`LOOP_CHANGE_FD', `0x00004c06')
-define(`LOOP_SET_CAPACITY', `0x00004c07')
-define(`LOOP_CTL_ADD', `0x00004c80')
-define(`LOOP_CTL_REMOVE', `0x00004c81')
-define(`LOOP_CTL_GET_FREE', `0x00004c82')
-define(`MTDFILEMODE', `0x00004d13')
-define(`NVME_IOCTL_ID', `0x00004e40')
-define(`UBI_IOCVOLRMBLK', `0x00004f08')
-define(`OMAPFB_SYNC_GFX', `0x00004f25')
-define(`OMAPFB_VSYNC', `0x00004f26')
-define(`OMAPFB_WAITFORVSYNC', `0x00004f39')
-define(`OMAPFB_WAITFORGO', `0x00004f3c')
-define(`SNDCTL_DSP_RESET', `0x00005000')
-define(`SNDCTL_DSP_SYNC', `0x00005001')
-define(`SNDCTL_DSP_POST', `0x00005008')
-define(`SNDCTL_DSP_NONBLOCK', `0x0000500e')
-define(`SNDCTL_DSP_SETSYNCRO', `0x00005015')
-define(`SNDCTL_DSP_SETDUPLEX', `0x00005016')
-define(`SNDCTL_SEQ_RESET', `0x00005100')
-define(`SNDCTL_SEQ_SYNC', `0x00005101')
-define(`SNDCTL_SEQ_PANIC', `0x00005111')
-define(`RFKILL_IOCTL_NOINPUT', `0x00005201')
-define(`RNDZAPENTCNT', `0x00005204')
-define(`RNDCLEARPOOL', `0x00005206')
-define(`CDROMPAUSE', `0x00005301')
-define(`CDROMRESUME', `0x00005302')
-define(`CDROMPLAYMSF', `0x00005303')
-define(`CDROMPLAYTRKIND', `0x00005304')
-define(`CDROMREADTOCHDR', `0x00005305')
-define(`CDROMREADTOCENTRY', `0x00005306')
-define(`CDROMSTOP', `0x00005307')
-define(`CDROMSTART', `0x00005308')
-define(`CDROMEJECT', `0x00005309')
-define(`CDROMVOLCTRL', `0x0000530a')
-define(`CDROMSUBCHNL', `0x0000530b')
-define(`CDROMREADMODE2', `0x0000530c')
-define(`CDROMREADMODE1', `0x0000530d')
-define(`CDROMREADAUDIO', `0x0000530e')
-define(`CDROMEJECT_SW', `0x0000530f')
-define(`CDROMMULTISESSION', `0x00005310')
-define(`CDROM_GET_MCN', `0x00005311')
-define(`CDROMRESET', `0x00005312')
-define(`CDROMVOLREAD', `0x00005313')
-define(`CDROMREADRAW', `0x00005314')
-define(`CDROMREADCOOKED', `0x00005315')
-define(`CDROMSEEK', `0x00005316')
-define(`CDROMPLAYBLK', `0x00005317')
-define(`CDROMREADALL', `0x00005318')
-define(`CDROMCLOSETRAY', `0x00005319')
-define(`CDROMGETSPINDOWN', `0x0000531d')
-define(`CDROMSETSPINDOWN', `0x0000531e')
-define(`CDROM_SET_OPTIONS', `0x00005320')
-define(`CDROM_CLEAR_OPTIONS', `0x00005321')
-define(`CDROM_SELECT_SPEED', `0x00005322')
-define(`CDROM_SELECT_DISC', `0x00005323')
-define(`CDROM_MEDIA_CHANGED', `0x00005325')
-define(`CDROM_DRIVE_STATUS', `0x00005326')
-define(`CDROM_DISC_STATUS', `0x00005327')
-define(`CDROM_CHANGER_NSLOTS', `0x00005328')
-define(`CDROM_LOCKDOOR', `0x00005329')
-define(`CDROM_DEBUG', `0x00005330')
-define(`CDROM_GET_CAPABILITY', `0x00005331')
-define(`SCSI_IOCTL_DOORLOCK', `0x00005380')
-define(`SCSI_IOCTL_DOORUNLOCK', `0x00005381')
-define(`CDROMAUDIOBUFSIZ', `0x00005382')
-define(`SCSI_IOCTL_GET_IDLUN', `0x00005382')
-define(`SCSI_IOCTL_PROBE_HOST', `0x00005385')
-define(`SCSI_IOCTL_GET_BUS_NUMBER', `0x00005386')
-define(`SCSI_IOCTL_GET_PCI', `0x00005387')
-define(`DVD_READ_STRUCT', `0x00005390')
-define(`DVD_WRITE_STRUCT', `0x00005391')
-define(`DVD_AUTH', `0x00005392')
-define(`CDROM_SEND_PACKET', `0x00005393')
-define(`CDROM_NEXT_WRITABLE', `0x00005394')
-define(`CDROM_LAST_WRITTEN', `0x00005395')
-define(`TCGETS', ifelse(target_arch, mips, 0x0000540d, 0x00005401))
-define(`SNDCTL_TMR_START', `0x00005402')
-define(`TCSETS', `0x00005402')
-define(`SNDCTL_TMR_STOP', `0x00005403')
-define(`TCSETSW', `0x00005403')
-define(`SNDCTL_TMR_CONTINUE', `0x00005404')
-define(`TCSETSF', `0x00005404')
-define(`TCGETA', `0x00005405')
-define(`TCSETA', `0x00005406')
-define(`TCSETAW', `0x00005407')
-define(`TCSETAF', `0x00005408')
-define(`TCSBRK', `0x00005409')
-define(`TCXONC', `0x0000540a')
-define(`TCFLSH', `0x0000540b')
-define(`TIOCEXCL', `0x0000540c')
-define(`TIOCNXCL', `0x0000540d')
-define(`TIOCSCTTY', ifelse(target_arch, mips, 0x00005480, 0x0000540e))
-define(`TIOCGPGRP', `0x0000540f')
-define(`TIOCSPGRP', `0x00005410')
-define(`TIOCOUTQ', ifelse(target_arch, mips, 0x00007472, 0x00005411))
-define(`TIOCSTI', `0x00005412')
-define(`TIOCGWINSZ', ifelse(target_arch, mips, 0x80087468, 0x00005413))
-define(`TIOCSWINSZ', ifelse(target_arch, mips, 0x40087467, 0x00005414))
-define(`TIOCMGET', `0x00005415')
-define(`TIOCMBIS', `0x00005416')
-define(`TIOCMBIC', `0x00005417')
-define(`TIOCMSET', `0x00005418')
-define(`TIOCGSOFTCAR', `0x00005419')
-define(`TIOCSSOFTCAR', `0x0000541a')
-define(`FIONREAD', ifelse(target_arch, mips, 0x0000467f, 0x0000541b))
-define(`TIOCLINUX', `0x0000541c')
-define(`TIOCCONS', `0x0000541d')
-define(`TIOCGSERIAL', `0x0000541e')
-define(`TIOCSSERIAL', `0x0000541f')
-define(`TIOCPKT', `0x00005420')
-define(`FIONBIO', `0x00005421')
-define(`TIOCNOTTY', `0x00005422')
-define(`TIOCSETD', `0x00005423')
-define(`TIOCGETD', `0x00005424')
-define(`TCSBRKP', `0x00005425')
-define(`TIOCSBRK', `0x00005427')
-define(`TIOCCBRK', `0x00005428')
-define(`TIOCGSID', `0x00005429')
-define(`TIOCGRS485', `0x0000542e')
-define(`TIOCSRS485', `0x0000542f')
-define(`TCGETX', `0x00005432')
-define(`TCSETX', `0x00005433')
-define(`TCSETXF', `0x00005434')
-define(`TCSETXW', `0x00005435')
-define(`TIOCVHANGUP', `0x00005437')
-define(`FIONCLEX', `0x00005450')
-define(`FIOCLEX', ifelse(target_arch, mips, 0x00006601, 0x00005451))
-define(`FIOASYNC', `0x00005452')
-define(`TIOCSERCONFIG', `0x00005453')
-define(`TIOCSERGWILD', `0x00005454')
-define(`TIOCSERSWILD', `0x00005455')
-define(`TIOCGLCKTRMIOS', `0x00005456')
-define(`TIOCSLCKTRMIOS', `0x00005457')
-define(`TIOCSERGSTRUCT', `0x00005458')
-define(`TIOCSERGETLSR', `0x00005459')
-define(`TIOCSERGETMULTI', `0x0000545a')
-define(`TIOCSERSETMULTI', `0x0000545b')
-define(`TIOCMIWAIT', `0x0000545c')
-define(`TIOCGICOUNT', `0x0000545d')
-define(`FIOQSIZE', `0x00005460')
-define(`SNDRV_TIMER_IOCTL_START', `0x000054a0')
-define(`SNDRV_TIMER_IOCTL_STOP', `0x000054a1')
-define(`SNDRV_TIMER_IOCTL_CONTINUE', `0x000054a2')
-define(`SNDRV_TIMER_IOCTL_PAUSE', `0x000054a3')
-define(`UI_DEV_CREATE', `0x00005501')
-define(`UI_DEV_DESTROY', `0x00005502')
-define(`USBDEVFS_DISCARDURB', `0x0000550b')
-define(`USBDEVFS_RESET', `0x00005514')
-define(`USBDEVFS_DISCONNECT', `0x00005516')
-define(`USBDEVFS_CONNECT', `0x00005517')
-define(`VT_OPENQRY', `0x00005600')
-define(`VIDIOC_RESERVED', `0x00005601')
-define(`VT_GETMODE', `0x00005601')
-define(`VT_SETMODE', `0x00005602')
-define(`VT_GETSTATE', `0x00005603')
-define(`VT_SENDSIG', `0x00005604')
-define(`VT_RELDISP', `0x00005605')
-define(`VT_ACTIVATE', `0x00005606')
-define(`VT_WAITACTIVE', `0x00005607')
-define(`VT_DISALLOCATE', `0x00005608')
-define(`VT_RESIZE', `0x00005609')
-define(`VT_RESIZEX', `0x0000560a')
-define(`VT_LOCKSWITCH', `0x0000560b')
-define(`VT_UNLOCKSWITCH', `0x0000560c')
-define(`VT_GETHIFONTMASK', `0x0000560d')
-define(`VT_WAITEVENT', `0x0000560e')
-define(`VT_SETACTIVATE', `0x0000560f')
-define(`VIDIOC_LOG_STATUS', `0x00005646')
+define(`ADD_NEW_DISK', `0x40140921')
define(`ADV7842_CMD_RAM_TEST', `0x000056c0')
-define(`USBTMC_IOCTL_INDICATOR_PULSE', `0x00005b01')
-define(`USBTMC_IOCTL_CLEAR', `0x00005b02')
-define(`USBTMC_IOCTL_ABORT_BULK_OUT', `0x00005b03')
-define(`USBTMC_IOCTL_ABORT_BULK_IN', `0x00005b04')
-define(`USBTMC_IOCTL_CLEAR_OUT_HALT', `0x00005b06')
-define(`USBTMC_IOCTL_CLEAR_IN_HALT', `0x00005b07')
+define(`AGPIOC_ACQUIRE', `0x00004101')
+define(`AGPIOC_ALLOCATE', `0xc0084106')
+define(`AGPIOC_BIND', `0x40084108')
+define(`AGPIOC_CHIPSET_FLUSH', `0x0000410a')
+define(`AGPIOC_DEALLOCATE', `0x40044107')
+define(`AGPIOC_INFO', `0x80084100')
+define(`AGPIOC_PROTECT', `0x40084105')
+define(`AGPIOC_RELEASE', `0x00004102')
+define(`AGPIOC_RESERVE', `0x40084104')
+define(`AGPIOC_SETUP', `0x40084103')
+define(`AGPIOC_UNBIND', `0x40084109')
+define(`AMDKFD_IOC_CREATE_QUEUE', `0xc0584b02')
+define(`AMDKFD_IOC_DESTROY_QUEUE', `0xc0084b03')
+define(`AMDKFD_IOC_GET_CLOCK_COUNTERS', `0xc0284b05')
+define(`AMDKFD_IOC_GET_PROCESS_APERTURES', `0x81904b06')
+define(`AMDKFD_IOC_GET_VERSION', `0x80084b01')
+define(`AMDKFD_IOC_SET_MEMORY_POLICY', `0x40204b04')
+define(`AMDKFD_IOC_UPDATE_QUEUE', `0x40184b07')
+define(`ANDROID_ALARM_SET_RTC', `0x40106105')
define(`ANDROID_ALARM_WAIT', `0x00006101')
-define(`NS_ADJBUFLEV', `0x00006163')
-define(`SIOCSIFATMTCP', `0x00006180')
-define(`ATMTCP_CREATE', `0x0000618e')
-define(`ATMTCP_REMOVE', `0x0000618f')
+define(`APEI_ERST_CLEAR_RECORD', `0x40084501')
+define(`APEI_ERST_GET_RECORD_COUNT', `0x80044502')
+define(`APM_IOC_STANDBY', `0x00004101')
+define(`APM_IOC_SUSPEND', `0x00004102')
+define(`ASHMEM_GET_NAME', `0x81007702')
+define(`ASHMEM_GET_PIN_STATUS', `0x00007709')
+define(`ASHMEM_GET_PROT_MASK', `0x00007706')
+define(`ASHMEM_GET_SIZE', `0x00007704')
+define(`ASHMEM_PIN', `0x40087707')
+define(`ASHMEM_PURGE_ALL_CACHES', `0x0000770a')
+define(`ASHMEM_SET_NAME', `0x41007701')
+define(`ASHMEM_SET_PROT_MASK', `0x40087705')
+define(`ASHMEM_SET_SIZE', `0x40087703')
+define(`ASHMEM_UNPIN', `0x40087708')
+define(`ATM_ADDADDR', `0x40106188')
+define(`ATM_ADDLECSADDR', `0x4010618e')
+define(`ATM_ADDPARTY', `0x401061f4')
+define(`ATMARPD_CTRL', `0x000061e1')
+define(`ATMARP_ENCAP', `0x000061e5')
+define(`ATMARP_MKIP', `0x000061e2')
+define(`ATMARP_SETENTRY', `0x000061e3')
+define(`ATM_DELADDR', `0x40106189')
+define(`ATM_DELLECSADDR', `0x4010618f')
+define(`ATM_DROPPARTY', `0x400461f5')
+define(`ATM_GETADDR', `0x40106186')
+define(`ATM_GETCIRANGE', `0x4010618a')
+define(`ATM_GETESI', `0x40106185')
+define(`ATM_GETLECSADDR', `0x40106190')
+define(`ATM_GETLINKRATE', `0x40106181')
+define(`ATM_GETLOOP', `0x40106152')
+define(`ATM_GETNAMES', `0x40106183')
+define(`ATM_GETSTAT', `0x40106150')
+define(`ATM_GETSTATZ', `0x40106151')
+define(`ATM_GETTYPE', `0x40106184')
define(`ATMLEC_CTRL', `0x000061d0')
define(`ATMLEC_DATA', `0x000061d1')
define(`ATMLEC_MCAST', `0x000061d2')
define(`ATMMPC_CTRL', `0x000061d8')
define(`ATMMPC_DATA', `0x000061d9')
-define(`SIOCMKCLIP', `0x000061e0')
-define(`ATMARPD_CTRL', `0x000061e1')
-define(`ATMARP_MKIP', `0x000061e2')
-define(`ATMARP_SETENTRY', `0x000061e3')
-define(`ATMARP_ENCAP', `0x000061e5')
+define(`ATM_NEWBACKENDIF', `0x400261f3')
+define(`ATM_QUERYLOOP', `0x40106154')
+define(`ATM_RSTADDR', `0x40106187')
+define(`ATM_SETBACKEND', `0x400261f2')
+define(`ATM_SETCIRANGE', `0x4010618b')
+define(`ATM_SETESI', `0x4010618c')
+define(`ATM_SETESIF', `0x4010618d')
+define(`ATM_SETLOOP', `0x40106153')
+define(`ATM_SETSC', `0x400461f1')
define(`ATMSIGD_CTRL', `0x000061f0')
-define(`BT819_FIFO_RESET_LOW', `0x00006200')
-define(`BT819_FIFO_RESET_HIGH', `0x00006201')
-define(`CM_IOCSRDR', `0x00006303')
-define(`CM_IOCARDOFF', `0x00006304')
-define(`BC_REGISTER_LOOPER', `0x0000630b')
-define(`BC_ENTER_LOOPER', `0x0000630c')
-define(`BC_EXIT_LOOPER', `0x0000630d')
-define(`CHIOINITELEM', `0x00006311')
-define(`DRM_IOCTL_SET_MASTER', `0x0000641e')
-define(`DRM_IOCTL_DROP_MASTER', `0x0000641f')
-define(`DRM_IOCTL_AGP_ACQUIRE', `0x00006430')
-define(`DRM_IOCTL_AGP_RELEASE', `0x00006431')
-define(`DRM_IOCTL_I915_FLUSH', `0x00006441')
-define(`DRM_IOCTL_R128_CCE_START', `0x00006441')
-define(`DRM_IOCTL_RADEON_CP_START', `0x00006441')
-define(`DRM_IOCTL_I915_FLIP', `0x00006442')
-define(`DRM_IOCTL_MGA_RESET', `0x00006442')
-define(`DRM_IOCTL_I810_FLUSH', `0x00006443')
-define(`DRM_IOCTL_MGA_SWAP', `0x00006443')
-define(`DRM_IOCTL_R128_CCE_RESET', `0x00006443')
-define(`DRM_IOCTL_RADEON_CP_RESET', `0x00006443')
-define(`DRM_IOCTL_I810_GETAGE', `0x00006444')
-define(`DRM_IOCTL_R128_CCE_IDLE', `0x00006444')
-define(`DRM_IOCTL_RADEON_CP_IDLE', `0x00006444')
-define(`DRM_IOCTL_RADEON_RESET', `0x00006445')
-define(`DRM_IOCTL_I810_SWAP', `0x00006446')
-define(`DRM_IOCTL_R128_RESET', `0x00006446')
-define(`DRM_IOCTL_R128_SWAP', `0x00006447')
-define(`DRM_IOCTL_RADEON_SWAP', `0x00006447')
-define(`DRM_IOCTL_I810_DOCOPY', `0x00006448')
-define(`DRM_IOCTL_VIA_FLUSH', `0x00006449')
-define(`DRM_IOCTL_I810_FSTATUS', `0x0000644a')
-define(`DRM_IOCTL_I810_OV0FLIP', `0x0000644b')
-define(`DRM_IOCTL_I810_RSTATUS', `0x0000644d')
-define(`DRM_IOCTL_I810_FLIP', `0x0000644e')
-define(`DRM_IOCTL_RADEON_FLIP', `0x00006452')
-define(`DRM_IOCTL_R128_FLIP', `0x00006453')
-define(`DRM_IOCTL_I915_GEM_THROTTLE', `0x00006458')
-define(`DRM_IOCTL_RADEON_CP_RESUME', `0x00006458')
-define(`DRM_IOCTL_I915_GEM_ENTERVT', `0x00006459')
-define(`DRM_IOCTL_I915_GEM_LEAVEVT', `0x0000645a')
-define(`S5P_FIMC_TX_END_NOTIFY', `0x00006500')
-define(`FUNCTIONFS_FIFO_STATUS', `0x00006701')
-define(`GADGETFS_FIFO_STATUS', `0x00006701')
-define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702')
-define(`GADGETFS_FIFO_FLUSH', `0x00006702')
-define(`FUNCTIONFS_CLEAR_HALT', `0x00006703')
-define(`GADGETFS_CLEAR_HALT', `0x00006703')
-define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780')
-define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781')
-define(`HPET_IE_ON', `0x00006801')
-define(`HPET_IE_OFF', `0x00006802')
-define(`HPET_EPI', `0x00006804')
-define(`HPET_DPI', `0x00006805')
-define(`LIRC_NOTIFY_DECODE', `0x00006920')
-define(`LIRC_SETUP_START', `0x00006921')
-define(`LIRC_SETUP_END', `0x00006922')
-define(`KYRO_IOCTL_OVERLAY_CREATE', `0x00006b00')
-define(`KYRO_IOCTL_OVERLAY_VIEWPORT_SET', `0x00006b01')
-define(`KYRO_IOCTL_SET_VIDEO_MODE', `0x00006b02')
-define(`KYRO_IOCTL_UVSTRIDE', `0x00006b03')
-define(`KYRO_IOCTL_OVERLAY_OFFSET', `0x00006b04')
-define(`KYRO_IOCTL_STRIDE', `0x00006b05')
-define(`HSC_RESET', `0x00006b10')
-define(`HSC_SET_PM', `0x00006b11')
-define(`HSC_SEND_BREAK', `0x00006b12')
-define(`MMTIMER_GETOFFSET', `0x00006d00')
-define(`MGSL_IOCSTXIDLE', `0x00006d02')
-define(`MGSL_IOCGTXIDLE', `0x00006d03')
-define(`MGSL_IOCTXENABLE', `0x00006d04')
-define(`MMTIMER_GETBITS', `0x00006d04')
-define(`MGSL_IOCRXENABLE', `0x00006d05')
-define(`MGSL_IOCTXABORT', `0x00006d06')
-define(`MMTIMER_MMAPAVAIL', `0x00006d06')
-define(`MGSL_IOCGSTATS', `0x00006d07')
-define(`MGSL_IOCLOOPTXDONE', `0x00006d09')
-define(`MGSL_IOCSIF', `0x00006d0a')
-define(`MGSL_IOCGIF', `0x00006d0b')
-define(`MGSL_IOCCLRMODCOUNT', `0x00006d0f')
-define(`MGSL_IOCSXSYNC', `0x00006d13')
-define(`MGSL_IOCGXSYNC', `0x00006d14')
-define(`MGSL_IOCSXCTRL', `0x00006d15')
-define(`MGSL_IOCGXCTRL', `0x00006d16')
-define(`NCP_IOC_CONN_LOGGED_IN', `0x00006e03')
-define(`AUDIO_STOP', `0x00006f01')
-define(`AUDIO_PLAY', `0x00006f02')
-define(`AUDIO_PAUSE', `0x00006f03')
-define(`AUDIO_CONTINUE', `0x00006f04')
-define(`AUDIO_SELECT_SOURCE', `0x00006f05')
-define(`AUDIO_SET_MUTE', `0x00006f06')
-define(`AUDIO_SET_AV_SYNC', `0x00006f07')
-define(`AUDIO_SET_BYPASS_MODE', `0x00006f08')
+define(`ATMTCP_CREATE', `0x0000618e')
+define(`ATMTCP_REMOVE', `0x0000618f')
+define(`AUDIO_BILINGUAL_CHANNEL_SELECT', `0x00006f14')
define(`AUDIO_CHANNEL_SELECT', `0x00006f09')
define(`AUDIO_CLEAR_BUFFER', `0x00006f0c')
-define(`AUDIO_SET_ID', `0x00006f0d')
-define(`AUDIO_SET_STREAMTYPE', `0x00006f0f')
+define(`AUDIO_CONTINUE', `0x00006f04')
+define(`AUDIO_GET_CAPABILITIES', `0x80046f0b')
+define(`AUDIO_GET_PTS', `0x80086f13')
+define(`AUDIO_GET_STATUS', `0x80206f0a')
+define(`AUDIO_PAUSE', `0x00006f03')
+define(`AUDIO_PLAY', `0x00006f02')
+define(`AUDIO_SELECT_SOURCE', `0x00006f05')
+define(`AUDIO_SET_ATTRIBUTES', `0x40026f11')
+define(`AUDIO_SET_AV_SYNC', `0x00006f07')
+define(`AUDIO_SET_BYPASS_MODE', `0x00006f08')
define(`AUDIO_SET_EXT_ID', `0x00006f10')
-define(`AUDIO_BILINGUAL_CHANNEL_SELECT', `0x00006f14')
-define(`VIDEO_STOP', `0x00006f15')
-define(`VIDEO_PLAY', `0x00006f16')
-define(`VIDEO_FREEZE', `0x00006f17')
-define(`VIDEO_CONTINUE', `0x00006f18')
-define(`VIDEO_SELECT_SOURCE', `0x00006f19')
-define(`VIDEO_SET_BLANK', `0x00006f1a')
-define(`VIDEO_SET_DISPLAY_FORMAT', `0x00006f1d')
-define(`VIDEO_FAST_FORWARD', `0x00006f1f')
-define(`VIDEO_SLOWMOTION', `0x00006f20')
-define(`VIDEO_CLEAR_BUFFER', `0x00006f22')
-define(`VIDEO_SET_ID', `0x00006f23')
-define(`VIDEO_SET_STREAMTYPE', `0x00006f24')
-define(`VIDEO_SET_FORMAT', `0x00006f25')
-define(`VIDEO_SET_SYSTEM', `0x00006f26')
+define(`AUDIO_SET_ID', `0x00006f0d')
+define(`AUDIO_SET_KARAOKE', `0x400c6f12')
+define(`AUDIO_SET_MIXER', `0x40086f0e')
+define(`AUDIO_SET_MUTE', `0x00006f06')
+define(`AUDIO_SET_STREAMTYPE', `0x00006f0f')
+define(`AUDIO_STOP', `0x00006f01')
+define(`AUTOFS_DEV_IOCTL_ASKUMOUNT', `0xc018937d')
+define(`AUTOFS_DEV_IOCTL_CATATONIC', `0xc0189379')
+define(`AUTOFS_DEV_IOCTL_CLOSEMOUNT', `0xc0189375')
+define(`AUTOFS_DEV_IOCTL_EXPIRE', `0xc018937c')
+define(`AUTOFS_DEV_IOCTL_FAIL', `0xc0189377')
+define(`AUTOFS_DEV_IOCTL_ISMOUNTPOINT', `0xc018937e')
+define(`AUTOFS_DEV_IOCTL_OPENMOUNT', `0xc0189374')
+define(`AUTOFS_DEV_IOCTL_PROTOSUBVER', `0xc0189373')
+define(`AUTOFS_DEV_IOCTL_PROTOVER', `0xc0189372')
+define(`AUTOFS_DEV_IOCTL_READY', `0xc0189376')
+define(`AUTOFS_DEV_IOCTL_REQUESTER', `0xc018937b')
+define(`AUTOFS_DEV_IOCTL_SETPIPEFD', `0xc0189378')
+define(`AUTOFS_DEV_IOCTL_TIMEOUT', `0xc018937a')
+define(`AUTOFS_DEV_IOCTL_VERSION', `0xc0189371')
+define(`AUTOFS_IOC_ASKUMOUNT', `0x80049370')
+define(`AUTOFS_IOC_CATATONIC', `0x00009362')
+define(`AUTOFS_IOC_EXPIRE', `0x810c9365')
+define(`AUTOFS_IOC_EXPIRE_MULTI', `0x40049366')
+define(`AUTOFS_IOC_FAIL', `0x00009361')
+define(`AUTOFS_IOC_PROTOSUBVER', `0x80049367')
+define(`AUTOFS_IOC_PROTOVER', `0x80049363')
+define(`AUTOFS_IOC_READY', `0x00009360')
+define(`AUTOFS_IOC_SETTIMEOUT', `0xc0089364')
+define(`AUTOFS_IOC_SETTIMEOUT32', `0xc0049364')
+define(`BC_ACQUIRE', `0x40046305')
+define(`BC_ACQUIRE_DONE', `0x40106309')
+define(`BC_ACQUIRE_RESULT', `0x40046302')
+define(`BC_ATTEMPT_ACQUIRE', `0x4008630a')
+define(`BC_CLEAR_DEATH_NOTIFICATION', `0x400c630f')
+define(`BC_DEAD_BINDER_DONE', `0x40086310')
+define(`BC_DECREFS', `0x40046307')
+define(`BC_ENTER_LOOPER', `0x0000630c')
+define(`BC_EXIT_LOOPER', `0x0000630d')
+define(`BC_FREE_BUFFER', `0x40086303')
+define(`BC_INCREFS', `0x40046304')
+define(`BC_INCREFS_DONE', `0x40106308')
+define(`BC_REGISTER_LOOPER', `0x0000630b')
+define(`BC_RELEASE', `0x40046306')
+define(`BC_REPLY', `0x40406301')
+define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
+define(`BC_TRANSACTION', `0x40406300')
+define(`BINDER_SET_CONTEXT_MGR', `0x40046207')
+define(`BINDER_SET_IDLE_PRIORITY', `0x40046206')
+define(`BINDER_SET_IDLE_TIMEOUT', `0x40086203')
+define(`BINDER_SET_MAX_THREADS', `0x40046205')
+define(`BINDER_THREAD_EXIT', `0x40046208')
+define(`BINDER_VERSION', `0xc0046209')
+define(`BINDER_WRITE_READ', `0xc0306201')
+define(`BLKALIGNOFF', `0x0000127a')
+define(`BLKBSZGET', `0x80081270')
+define(`BLKBSZSET', `0x40081271')
+define(`BLKDISCARD', `0x00001277')
+define(`BLKDISCARDZEROES', `0x0000127c')
+define(`BLKFLSBUF', `0x00001261')
+define(`BLKFRAGET', `0x00001265')
+define(`BLKFRASET', `0x00001264')
+define(`BLKGETSIZE', `0x00001260')
+define(`BLKGETSIZE64', `0x80081272')
+define(`BLKI2OGRSTRAT', `0x80043201')
+define(`BLKI2OGWSTRAT', `0x80043202')
+define(`BLKI2OSRSTRAT', `0x40043203')
+define(`BLKI2OSWSTRAT', `0x40043204')
+define(`BLKIOMIN', `0x00001278')
+define(`BLKIOOPT', `0x00001279')
+define(`BLKPBSZGET', `0x0000127b')
+define(`BLKPG', `0x00001269')
+define(`BLKRAGET', `0x00001263')
+define(`BLKRASET', `0x00001262')
+define(`BLKROGET', `0x0000125e')
+define(`BLKROSET', `0x0000125d')
+define(`BLKROTATIONAL', `0x0000127e')
+define(`BLKRRPART', `0x0000125f')
+define(`BLKSECDISCARD', `0x0000127d')
+define(`BLKSECTGET', `0x00001267')
+define(`BLKSECTSET', `0x00001266')
+define(`BLKSSZGET', `0x00001268')
+define(`BLKTRACESETUP', `0xc0481273')
+define(`BLKTRACESTART', `0x00001274')
+define(`BLKTRACESTOP', `0x00001275')
+define(`BLKTRACETEARDOWN', `0x00001276')
+define(`BLKZEROOUT', `0x0000127f')
+define(`BR2684_SETFILT', `0x401c6190')
+define(`BR_ACQUIRE', `0x80107208')
+define(`BR_ACQUIRE_RESULT', `0x80047204')
+define(`BR_ATTEMPT_ACQUIRE', `0x8018720b')
+define(`BR_CLEAR_DEATH_NOTIFICATION_DONE', `0x80087210')
+define(`BR_DEAD_BINDER', `0x8008720f')
+define(`BR_DEAD_REPLY', `0x00007205')
+define(`BR_DECREFS', `0x8010720a')
+define(`BR_ERROR', `0x80047200')
+define(`BR_FAILED_REPLY', `0x00007211')
+define(`BR_FINISHED', `0x0000720e')
+define(`BR_INCREFS', `0x80107207')
+define(`BR_NOOP', `0x0000720c')
+define(`BR_OK', `0x00007201')
+define(`BR_RELEASE', `0x80107209')
+define(`BR_REPLY', `0x80407203')
+define(`BR_SPAWN_LOOPER', `0x0000720d')
+define(`BR_TRANSACTION', `0x80407202')
+define(`BR_TRANSACTION_COMPLETE', `0x00007206')
+define(`BT819_FIFO_RESET_HIGH', `0x00006201')
+define(`BT819_FIFO_RESET_LOW', `0x00006200')
+define(`BTRFS_IOC_ADD_DEV', `0x5000940a')
+define(`BTRFS_IOC_BALANCE', `0x5000940c')
+define(`BTRFS_IOC_BALANCE_CTL', `0x40049421')
+define(`BTRFS_IOC_BALANCE_PROGRESS', `0x84009422')
+define(`BTRFS_IOC_BALANCE_V2', `0xc4009420')
+define(`BTRFS_IOC_CLONE', `0x40049409')
+define(`BTRFS_IOC_CLONE_RANGE', `0x4020940d')
+define(`BTRFS_IOC_DEFAULT_SUBVOL', `0x40089413')
+define(`BTRFS_IOC_DEFRAG', `0x50009402')
+define(`BTRFS_IOC_DEFRAG_RANGE', `0x40309410')
+define(`BTRFS_IOC_DEVICES_READY', `0x90009427')
+define(`BTRFS_IOC_DEV_INFO', `0xd000941e')
+define(`BTRFS_IOC_DEV_REPLACE', `0xca289435')
+define(`BTRFS_IOC_FILE_EXTENT_SAME', `0xc0189436')
+define(`BTRFS_IOC_FS_INFO', `0x8400941f')
+define(`BTRFS_IOC_GET_DEV_STATS', `0xc4089434')
+define(`BTRFS_IOC_GET_FEATURES', `0x80189439')
+define(`BTRFS_IOC_GET_FSLABEL', `0x81009431')
+define(`BTRFS_IOC_GET_SUPPORTED_FEATURES', `0x80489439')
+define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412')
+define(`BTRFS_IOC_INO_PATHS', `0xc0389423')
+define(`BTRFS_IOC_LOGICAL_INO', `0xc0389424')
+define(`BTRFS_IOC_QGROUP_ASSIGN', `0x40189429')
+define(`BTRFS_IOC_QGROUP_CREATE', `0x4010942a')
+define(`BTRFS_IOC_QGROUP_LIMIT', `0x8030942b')
+define(`BTRFS_IOC_QUOTA_CTL', `0xc0109428')
+define(`BTRFS_IOC_QUOTA_RESCAN', `0x4040942c')
+define(`BTRFS_IOC_QUOTA_RESCAN_STATUS', `0x8040942d')
+define(`BTRFS_IOC_QUOTA_RESCAN_WAIT', `0x0000942e')
+define(`BTRFS_IOC_RESIZE', `0x50009403')
+define(`BTRFS_IOC_RM_DEV', `0x5000940b')
+define(`BTRFS_IOC_SCAN_DEV', `0x50009404')
+define(`BTRFS_IOC_SCRUB', `0xc400941b')
+define(`BTRFS_IOC_SCRUB_CANCEL', `0x0000941c')
+define(`BTRFS_IOC_SCRUB_PROGRESS', `0xc400941d')
+define(`BTRFS_IOC_SEND', `0x40489426')
+define(`BTRFS_IOC_SET_FEATURES', `0x40309439')
+define(`BTRFS_IOC_SET_FSLABEL', `0x41009432')
+define(`BTRFS_IOC_SET_RECEIVED_SUBVOL', `0xc0c89425')
+define(`BTRFS_IOC_SNAP_CREATE', `0x50009401')
+define(`BTRFS_IOC_SNAP_CREATE_V2', `0x50009417')
+define(`BTRFS_IOC_SNAP_DESTROY', `0x5000940f')
+define(`BTRFS_IOC_SPACE_INFO', `0xc0109414')
+define(`BTRFS_IOC_START_SYNC', `0x80089418')
+define(`BTRFS_IOC_SUBVOL_CREATE', `0x5000940e')
+define(`BTRFS_IOC_SUBVOL_CREATE_V2', `0x50009418')
+define(`BTRFS_IOC_SUBVOL_GETFLAGS', `0x80089419')
+define(`BTRFS_IOC_SUBVOL_SETFLAGS', `0x4008941a')
+define(`BTRFS_IOC_SYNC', `0x00009408')
+define(`BTRFS_IOC_TRANS_END', `0x00009407')
+define(`BTRFS_IOC_TRANS_START', `0x00009406')
+define(`BTRFS_IOC_TREE_SEARCH', `0xd0009411')
+define(`BTRFS_IOC_TREE_SEARCH_V2', `0xc0709411')
+define(`BTRFS_IOC_WAIT_SYNC', `0x40089416')
+define(`CA_GET_CAP', `0x80106f81')
+define(`CA_GET_DESCR_INFO', `0x80086f83')
+define(`CA_GET_MSG', `0x810c6f84')
+define(`CA_GET_SLOT_INFO', `0x800c6f82')
+define(`CAPI_CLR_FLAGS', `0x80044325')
+define(`CAPI_GET_ERRCODE', `0x80024321')
+define(`CAPI_GET_FLAGS', `0x80044323')
+define(`CAPI_GET_MANUFACTURER', `0xc0044306')
+define(`CAPI_GET_PROFILE', `0xc0404309')
+define(`CAPI_GET_SERIAL', `0xc0044308')
+define(`CAPI_GET_VERSION', `0xc0104307')
+define(`CAPI_INSTALLED', `0x80024322')
+define(`CAPI_MANUFACTURER_CMD', `0xc0104320')
+define(`CAPI_NCCI_GETUNIT', `0x80044327')
+define(`CAPI_NCCI_OPENCOUNT', `0x80044326')
+define(`CAPI_REGISTER', `0x400c4301')
+define(`CAPI_SET_FLAGS', `0x80044324')
+define(`CA_RESET', `0x00006f80')
+define(`CA_SEND_MSG', `0x410c6f85')
+define(`CA_SET_DESCR', `0x40106f86')
+define(`CA_SET_PID', `0x40086f87')
+define(`CCISS_BIG_PASSTHRU', `0xc0604212')
+define(`CCISS_DEREGDISK', `0x0000420c')
+define(`CCISS_GETBUSTYPES', `0x80044207')
+define(`CCISS_GETDRIVVER', `0x80044209')
+define(`CCISS_GETFIRMVER', `0x80044208')
+define(`CCISS_GETHEARTBEAT', `0x80044206')
+define(`CCISS_GETINTINFO', `0x80084202')
+define(`CCISS_GETLUNINFO', `0x800c4211')
+define(`CCISS_GETNODENAME', `0x80104204')
+define(`CCISS_GETPCIINFO', `0x80084201')
+define(`CCISS_PASSTHRU', `0xc058420b')
+define(`CCISS_REGNEWD', `0x0000420e')
+define(`CCISS_REGNEWDISK', `0x4004420d')
+define(`CCISS_RESCANDISK', `0x00004210')
+define(`CCISS_REVALIDVOLS', `0x0000420a')
+define(`CCISS_SETINTINFO', `0x40084203')
+define(`CCISS_SETNODENAME', `0x40104205')
+define(`CDROMAUDIOBUFSIZ', `0x00005382')
+define(`CDROM_CHANGER_NSLOTS', `0x00005328')
+define(`CDROM_CLEAR_OPTIONS', `0x00005321')
+define(`CDROMCLOSETRAY', `0x00005319')
+define(`CDROM_DEBUG', `0x00005330')
+define(`CDROM_DISC_STATUS', `0x00005327')
+define(`CDROM_DRIVE_STATUS', `0x00005326')
+define(`CDROMEJECT', `0x00005309')
+define(`CDROMEJECT_SW', `0x0000530f')
+define(`CDROM_GET_CAPABILITY', `0x00005331')
+define(`CDROM_GET_MCN', `0x00005311')
+define(`CDROMGETSPINDOWN', `0x0000531d')
+define(`CDROM_LAST_WRITTEN', `0x00005395')
+define(`CDROM_LOCKDOOR', `0x00005329')
+define(`CDROM_MEDIA_CHANGED', `0x00005325')
+define(`CDROMMULTISESSION', `0x00005310')
+define(`CDROM_NEXT_WRITABLE', `0x00005394')
+define(`CDROMPAUSE', `0x00005301')
+define(`CDROMPLAYBLK', `0x00005317')
+define(`CDROMPLAYMSF', `0x00005303')
+define(`CDROMPLAYTRKIND', `0x00005304')
+define(`CDROMREADALL', `0x00005318')
+define(`CDROMREADAUDIO', `0x0000530e')
+define(`CDROMREADCOOKED', `0x00005315')
+define(`CDROMREADMODE1', `0x0000530d')
+define(`CDROMREADMODE2', `0x0000530c')
+define(`CDROMREADRAW', `0x00005314')
+define(`CDROMREADTOCENTRY', `0x00005306')
+define(`CDROMREADTOCHDR', `0x00005305')
+define(`CDROMRESET', `0x00005312')
+define(`CDROMRESUME', `0x00005302')
+define(`CDROMSEEK', `0x00005316')
+define(`CDROM_SELECT_DISC', `0x00005323')
+define(`CDROM_SELECT_SPEED', `0x00005322')
+define(`CDROM_SEND_PACKET', `0x00005393')
+define(`CDROM_SET_OPTIONS', `0x00005320')
+define(`CDROMSETSPINDOWN', `0x0000531e')
+define(`CDROMSTART', `0x00005308')
+define(`CDROMSTOP', `0x00005307')
+define(`CDROMSUBCHNL', `0x0000530b')
+define(`CDROMVOLCTRL', `0x0000530a')
+define(`CDROMVOLREAD', `0x00005313')
+define(`CHIOEXCHANGE', `0x401c6302')
+define(`CHIOGELEM', `0x406c6310')
+define(`CHIOGPARAMS', `0x80146306')
+define(`CHIOGPICKER', `0x80046304')
+define(`CHIOGSTATUS', `0x40106308')
+define(`CHIOGVPARAMS', `0x80706313')
+define(`CHIOINITELEM', `0x00006311')
+define(`CHIOMOVE', `0x40146301')
+define(`CHIOPOSITION', `0x400c6303')
+define(`CHIOSPICKER', `0x40046305')
+define(`CHIOSVOLTAG', `0x40306312')
+define(`CIOC_KERNEL_VERSION', `0xc008630a')
+define(`CLEAR_ARRAY', `0x00000920')
+define(`CM_IOCARDOFF', `0x00006304')
+define(`CM_IOCGATR', `0xc0086301')
+define(`CM_IOCGSTATUS', `0x80086300')
+define(`CM_IOCSPTS', `0x40086302')
+define(`CM_IOCSRDR', `0x00006303')
+define(`CM_IOSDBGLVL', `0x400863fa')
+define(`CXL_IOCTL_GET_PROCESS_ELEMENT', `0x8004ca01')
+define(`CXL_IOCTL_START_WORK', `0x4040ca00')
+define(`DM_DEV_CREATE', `0xc138fd03')
+define(`DM_DEV_REMOVE', `0xc138fd04')
+define(`DM_DEV_RENAME', `0xc138fd05')
+define(`DM_DEV_SET_GEOMETRY', `0xc138fd0f')
+define(`DM_DEV_STATUS', `0xc138fd07')
+define(`DM_DEV_SUSPEND', `0xc138fd06')
+define(`DM_DEV_WAIT', `0xc138fd08')
+define(`DM_LIST_DEVICES', `0xc138fd02')
+define(`DM_LIST_VERSIONS', `0xc138fd0d')
+define(`DM_REMOVE_ALL', `0xc138fd01')
+define(`DM_TABLE_CLEAR', `0xc138fd0a')
+define(`DM_TABLE_DEPS', `0xc138fd0b')
+define(`DM_TABLE_LOAD', `0xc138fd09')
+define(`DM_TABLE_STATUS', `0xc138fd0c')
+define(`DM_TARGET_MSG', `0xc138fd0e')
+define(`DM_VERSION', `0xc138fd00')
+define(`DMX_ADD_PID', `0x40026f33')
+define(`DMX_GET_CAPS', `0x80086f30')
+define(`DMX_GET_PES_PIDS', `0x800a6f2f')
+define(`DMX_GET_STC', `0xc0106f32')
+define(`DMX_REMOVE_PID', `0x40026f34')
+define(`DMX_SET_BUFFER_SIZE', `0x00006f2d')
+define(`DMX_SET_FILTER', `0x403c6f2b')
+define(`DMX_SET_PES_FILTER', `0x40146f2c')
+define(`DMX_SET_SOURCE', `0x40046f31')
define(`DMX_START', `0x00006f29')
define(`DMX_STOP', `0x00006f2a')
-define(`DMX_SET_BUFFER_SIZE', `0x00006f2d')
-define(`NET_REMOVE_IF', `0x00006f35')
-define(`VIDEO_SET_ATTRIBUTES', `0x00006f35')
+define(`DRM_IOCTL_ADD_BUFS', `0xc0206416')
+define(`DRM_IOCTL_ADD_CTX', `0xc0086420')
+define(`DRM_IOCTL_ADD_DRAW', `0xc0046427')
+define(`DRM_IOCTL_ADD_MAP', `0xc0286415')
+define(`DRM_IOCTL_AGP_ACQUIRE', `0x00006430')
+define(`DRM_IOCTL_AGP_ALLOC', `0xc0206434')
+define(`DRM_IOCTL_AGP_BIND', `0x40106436')
+define(`DRM_IOCTL_AGP_ENABLE', `0x40086432')
+define(`DRM_IOCTL_AGP_FREE', `0x40206435')
+define(`DRM_IOCTL_AGP_INFO', `0x80386433')
+define(`DRM_IOCTL_AGP_RELEASE', `0x00006431')
+define(`DRM_IOCTL_AGP_UNBIND', `0x40106437')
+define(`DRM_IOCTL_AUTH_MAGIC', `0x40046411')
+define(`DRM_IOCTL_BLOCK', `0xc0046412')
+define(`DRM_IOCTL_CONTROL', `0x40086414')
+define(`DRM_IOCTL_DMA', `0xc0406429')
+define(`DRM_IOCTL_DROP_MASTER', `0x0000641f')
+define(`DRM_IOCTL_EXYNOS_G2D_EXEC', `0xc0086462')
+define(`DRM_IOCTL_EXYNOS_G2D_GET_VER', `0xc0086460')
+define(`DRM_IOCTL_EXYNOS_G2D_SET_CMDLIST', `0xc0286461')
+define(`DRM_IOCTL_EXYNOS_GEM_CREATE', `0xc0106440')
+define(`DRM_IOCTL_EXYNOS_GEM_GET', `0xc0106444')
+define(`DRM_IOCTL_EXYNOS_IPP_CMD_CTRL', `0xc0086473')
+define(`DRM_IOCTL_EXYNOS_IPP_GET_PROPERTY', `0xc0506470')
+define(`DRM_IOCTL_EXYNOS_IPP_QUEUE_BUF', `0xc0286472')
+define(`DRM_IOCTL_EXYNOS_IPP_SET_PROPERTY', `0xc0606471')
+define(`DRM_IOCTL_EXYNOS_VIDI_CONNECTION', `0xc0106447')
+define(`DRM_IOCTL_FINISH', `0x4008642c')
+define(`DRM_IOCTL_FREE_BUFS', `0x4010641a')
+define(`DRM_IOCTL_GEM_CLOSE', `0x40086409')
+define(`DRM_IOCTL_GEM_FLINK', `0xc008640a')
+define(`DRM_IOCTL_GEM_OPEN', `0xc010640b')
+define(`DRM_IOCTL_GET_CAP', `0xc010640c')
+define(`DRM_IOCTL_GET_CLIENT', `0xc0286405')
+define(`DRM_IOCTL_GET_CTX', `0xc0086423')
+define(`DRM_IOCTL_GET_MAGIC', `0x80046402')
+define(`DRM_IOCTL_GET_MAP', `0xc0286404')
+define(`DRM_IOCTL_GET_SAREA_CTX', `0xc010641d')
+define(`DRM_IOCTL_GET_STATS', `0x80f86406')
+define(`DRM_IOCTL_GET_UNIQUE', `0xc0106401')
+define(`DRM_IOCTL_I810_CLEAR', `0x400c6442')
+define(`DRM_IOCTL_I810_COPY', `0x40106447')
+define(`DRM_IOCTL_I810_DOCOPY', `0x00006448')
+define(`DRM_IOCTL_I810_FLIP', `0x0000644e')
+define(`DRM_IOCTL_I810_FLUSH', `0x00006443')
+define(`DRM_IOCTL_I810_FSTATUS', `0x0000644a')
+define(`DRM_IOCTL_I810_GETAGE', `0x00006444')
+define(`DRM_IOCTL_I810_GETBUF', `0xc0186445')
+define(`DRM_IOCTL_I810_INIT', `0x40406440')
+define(`DRM_IOCTL_I810_MC', `0x4020644c')
+define(`DRM_IOCTL_I810_OV0FLIP', `0x0000644b')
+define(`DRM_IOCTL_I810_OV0INFO', `0x80086449')
+define(`DRM_IOCTL_I810_RSTATUS', `0x0000644d')
+define(`DRM_IOCTL_I810_SWAP', `0x00006446')
+define(`DRM_IOCTL_I810_VERTEX', `0x400c6441')
+define(`DRM_IOCTL_I915_ALLOC', `0xc0186448')
+define(`DRM_IOCTL_I915_BATCHBUFFER', `0x40206443')
+define(`DRM_IOCTL_I915_CMDBUFFER', `0x4020644b')
+define(`DRM_IOCTL_I915_DESTROY_HEAP', `0x4004644c')
+define(`DRM_IOCTL_I915_FLIP', `0x00006442')
+define(`DRM_IOCTL_I915_FLUSH', `0x00006441')
+define(`DRM_IOCTL_I915_FREE', `0x40086449')
+define(`DRM_IOCTL_I915_GEM_BUSY', `0xc0086457')
+define(`DRM_IOCTL_I915_GEM_CONTEXT_CREATE', `0xc008646d')
+define(`DRM_IOCTL_I915_GEM_CONTEXT_DESTROY', `0x4008646e')
+define(`DRM_IOCTL_I915_GEM_CREATE', `0xc010645b')
+define(`DRM_IOCTL_I915_GEM_ENTERVT', `0x00006459')
+define(`DRM_IOCTL_I915_GEM_EXECBUFFER', `0x40286454')
+define(`DRM_IOCTL_I915_GEM_EXECBUFFER2', `0x40406469')
+define(`DRM_IOCTL_I915_GEM_GET_APERTURE', `0x80106463')
+define(`DRM_IOCTL_I915_GEM_GET_CACHING', `0xc0086470')
+define(`DRM_IOCTL_I915_GEM_GET_TILING', `0xc0106462')
+define(`DRM_IOCTL_I915_GEM_INIT', `0x40106453')
+define(`DRM_IOCTL_I915_GEM_LEAVEVT', `0x0000645a')
+define(`DRM_IOCTL_I915_GEM_MADVISE', `0xc00c6466')
+define(`DRM_IOCTL_I915_GEM_MMAP', `0xc020645e')
+define(`DRM_IOCTL_I915_GEM_MMAP_GTT', `0xc0106464')
+define(`DRM_IOCTL_I915_GEM_PIN', `0xc0186455')
+define(`DRM_IOCTL_I915_GEM_PREAD', `0x4020645c')
+define(`DRM_IOCTL_I915_GEM_PWRITE', `0x4020645d')
+define(`DRM_IOCTL_I915_GEM_SET_CACHING', `0x4008646f')
+define(`DRM_IOCTL_I915_GEM_SET_DOMAIN', `0x400c645f')
+define(`DRM_IOCTL_I915_GEM_SET_TILING', `0xc0106461')
+define(`DRM_IOCTL_I915_GEM_SW_FINISH', `0x40046460')
+define(`DRM_IOCTL_I915_GEM_THROTTLE', `0x00006458')
+define(`DRM_IOCTL_I915_GEM_UNPIN', `0x40086456')
+define(`DRM_IOCTL_I915_GEM_USERPTR', `0xc0186473')
+define(`DRM_IOCTL_I915_GEM_WAIT', `0xc010646c')
+define(`DRM_IOCTL_I915_GETPARAM', `0xc0106446')
+define(`DRM_IOCTL_I915_GET_PIPE_FROM_CRTC_ID', `0xc0086465')
+define(`DRM_IOCTL_I915_GET_RESET_STATS', `0xc0186472')
+define(`DRM_IOCTL_I915_GET_SPRITE_COLORKEY', `0xc014646b')
+define(`DRM_IOCTL_I915_GET_VBLANK_PIPE', `0x8004644e')
+define(`DRM_IOCTL_I915_HWS_ADDR', `0x40106451')
+define(`DRM_IOCTL_I915_INIT', `0x40446440')
+define(`DRM_IOCTL_I915_INIT_HEAP', `0x400c644a')
+define(`DRM_IOCTL_I915_IRQ_EMIT', `0xc0086444')
+define(`DRM_IOCTL_I915_IRQ_WAIT', `0x40046445')
+define(`DRM_IOCTL_I915_OVERLAY_ATTRS', `0xc02c6468')
+define(`DRM_IOCTL_I915_OVERLAY_PUT_IMAGE', `0x402c6467')
+define(`DRM_IOCTL_I915_REG_READ', `0xc0106471')
+define(`DRM_IOCTL_I915_SETPARAM', `0x40086447')
+define(`DRM_IOCTL_I915_SET_SPRITE_COLORKEY', `0xc014646b')
+define(`DRM_IOCTL_I915_SET_VBLANK_PIPE', `0x4004644d')
+define(`DRM_IOCTL_I915_VBLANK_SWAP', `0xc00c644f')
+define(`DRM_IOCTL_INFO_BUFS', `0xc0106418')
+define(`DRM_IOCTL_IRQ_BUSID', `0xc0106403')
+define(`DRM_IOCTL_LOCK', `0x4008642a')
+define(`DRM_IOCTL_MAP_BUFS', `0xc0186419')
+define(`DRM_IOCTL_MARK_BUFS', `0x40206417')
+define(`DRM_IOCTL_MGA_BLIT', `0x40346448')
+define(`DRM_IOCTL_MGA_CLEAR', `0x40146444')
+define(`DRM_IOCTL_MGA_DMA_BOOTSTRAP', `0xc020644c')
+define(`DRM_IOCTL_MGA_FLUSH', `0x40086441')
+define(`DRM_IOCTL_MGA_GETPARAM', `0xc0106449')
+define(`DRM_IOCTL_MGA_ILOAD', `0x400c6447')
+define(`DRM_IOCTL_MGA_INDICES', `0x40106446')
+define(`DRM_IOCTL_MGA_INIT', `0x40806440')
+define(`DRM_IOCTL_MGA_RESET', `0x00006442')
+define(`DRM_IOCTL_MGA_SET_FENCE', `0x4004644a')
+define(`DRM_IOCTL_MGA_SWAP', `0x00006443')
+define(`DRM_IOCTL_MGA_VERTEX', `0x400c6445')
+define(`DRM_IOCTL_MGA_WAIT_FENCE', `0xc004644b')
+define(`DRM_IOCTL_MOD_CTX', `0x40086422')
+define(`DRM_IOCTL_MODE_ADDFB', `0xc01c64ae')
+define(`DRM_IOCTL_MODE_ADDFB2', `0xc04464b8')
+define(`DRM_IOCTL_MODE_ATTACHMODE', `0xc04864a8')
+define(`DRM_IOCTL_MODE_CREATE_DUMB', `0xc02064b2')
+define(`DRM_IOCTL_MODE_CURSOR', `0xc01c64a3')
+define(`DRM_IOCTL_MODE_CURSOR2', `0xc02464bb')
+define(`DRM_IOCTL_MODE_DESTROY_DUMB', `0xc00464b4')
+define(`DRM_IOCTL_MODE_DETACHMODE', `0xc04864a9')
+define(`DRM_IOCTL_MODE_DIRTYFB', `0xc01864b1')
+define(`DRM_IOCTL_MODE_GETCONNECTOR', `0xc05064a7')
+define(`DRM_IOCTL_MODE_GETCRTC', `0xc06864a1')
+define(`DRM_IOCTL_MODE_GETENCODER', `0xc01464a6')
+define(`DRM_IOCTL_MODE_GETFB', `0xc01c64ad')
+define(`DRM_IOCTL_MODE_GETGAMMA', `0xc02064a4')
+define(`DRM_IOCTL_MODE_GETPLANE', `0xc02064b6')
+define(`DRM_IOCTL_MODE_GETPLANERESOURCES', `0xc01064b5')
+define(`DRM_IOCTL_MODE_GETPROPBLOB', `0xc01064ac')
+define(`DRM_IOCTL_MODE_GETPROPERTY', `0xc04064aa')
+define(`DRM_IOCTL_MODE_GETRESOURCES', `0xc04064a0')
+define(`DRM_IOCTL_MODE_MAP_DUMB', `0xc01064b3')
+define(`DRM_IOCTL_MODE_OBJ_GETPROPERTIES', `0xc02064b9')
+define(`DRM_IOCTL_MODE_OBJ_SETPROPERTY', `0xc01864ba')
+define(`DRM_IOCTL_MODE_PAGE_FLIP', `0xc01864b0')
+define(`DRM_IOCTL_MODE_RMFB', `0xc00464af')
+define(`DRM_IOCTL_MODE_SETCRTC', `0xc06864a2')
+define(`DRM_IOCTL_MODESET_CTL', `0x40086408')
+define(`DRM_IOCTL_MODE_SETGAMMA', `0xc02064a5')
+define(`DRM_IOCTL_MODE_SETPLANE', `0xc03064b7')
+define(`DRM_IOCTL_MODE_SETPROPERTY', `0xc01064ab')
+define(`DRM_IOCTL_MSM_GEM_CPU_FINI', `0x40046445')
+define(`DRM_IOCTL_MSM_GEM_CPU_PREP', `0x40186444')
+define(`DRM_IOCTL_MSM_GEM_INFO', `0xc0106443')
+define(`DRM_IOCTL_MSM_GEM_NEW', `0xc0106442')
+define(`DRM_IOCTL_MSM_GEM_SUBMIT', `0xc0206446')
+define(`DRM_IOCTL_MSM_GET_PARAM', `0xc0106440')
+define(`DRM_IOCTL_MSM_WAIT_FENCE', `0x40186447')
+define(`DRM_IOCTL_NEW_CTX', `0x40086425')
+define(`DRM_IOCTL_NOUVEAU_GEM_CPU_FINI', `0x40046483')
+define(`DRM_IOCTL_NOUVEAU_GEM_CPU_PREP', `0x40086482')
+define(`DRM_IOCTL_NOUVEAU_GEM_INFO', `0xc0286484')
+define(`DRM_IOCTL_NOUVEAU_GEM_NEW', `0xc0306480')
+define(`DRM_IOCTL_NOUVEAU_GEM_PUSHBUF', `0xc0406481')
+define(`DRM_IOCTL_OMAP_GEM_CPU_FINI', `0x40106445')
+define(`DRM_IOCTL_OMAP_GEM_CPU_PREP', `0x40086444')
+define(`DRM_IOCTL_OMAP_GEM_INFO', `0xc0186446')
+define(`DRM_IOCTL_OMAP_GEM_NEW', `0xc0106443')
+define(`DRM_IOCTL_OMAP_GET_PARAM', `0xc0106440')
+define(`DRM_IOCTL_OMAP_SET_PARAM', `0x40106441')
+define(`DRM_IOCTL_PRIME_FD_TO_HANDLE', `0xc00c642e')
+define(`DRM_IOCTL_PRIME_HANDLE_TO_FD', `0xc00c642d')
+define(`DRM_IOCTL_QXL_ALLOC', `0xc0086440')
+define(`DRM_IOCTL_QXL_ALLOC_SURF', `0xc0186446')
+define(`DRM_IOCTL_QXL_CLIENTCAP', `0x40086445')
+define(`DRM_IOCTL_QXL_EXECBUFFER', `0x40106442')
+define(`DRM_IOCTL_QXL_GETPARAM', `0xc0106444')
+define(`DRM_IOCTL_QXL_MAP', `0xc0106441')
+define(`DRM_IOCTL_QXL_UPDATE_AREA', `0x40186443')
+define(`DRM_IOCTL_R128_BLIT', `0x4018644b')
+define(`DRM_IOCTL_R128_CCE_IDLE', `0x00006444')
+define(`DRM_IOCTL_R128_CCE_RESET', `0x00006443')
+define(`DRM_IOCTL_R128_CCE_START', `0x00006441')
+define(`DRM_IOCTL_R128_CCE_STOP', `0x40086442')
+define(`DRM_IOCTL_R128_CLEAR', `0x40146448')
+define(`DRM_IOCTL_R128_DEPTH', `0x4028644c')
+define(`DRM_IOCTL_R128_FLIP', `0x00006453')
+define(`DRM_IOCTL_R128_FULLSCREEN', `0x40046450')
+define(`DRM_IOCTL_R128_GETPARAM', `0xc0106452')
+define(`DRM_IOCTL_R128_INDICES', `0x4014644a')
+define(`DRM_IOCTL_R128_INDIRECT', `0xc010644f')
+define(`DRM_IOCTL_R128_INIT', `0x40786440')
+define(`DRM_IOCTL_R128_RESET', `0x00006446')
+define(`DRM_IOCTL_R128_STIPPLE', `0x4008644d')
+define(`DRM_IOCTL_R128_SWAP', `0x00006447')
+define(`DRM_IOCTL_R128_VERTEX', `0x40106449')
+define(`DRM_IOCTL_RADEON_ALLOC', `0xc0186453')
+define(`DRM_IOCTL_RADEON_CLEAR', `0x40206448')
+define(`DRM_IOCTL_RADEON_CMDBUF', `0x40206450')
+define(`DRM_IOCTL_RADEON_CP_IDLE', `0x00006444')
+define(`DRM_IOCTL_RADEON_CP_INIT', `0x40786440')
+define(`DRM_IOCTL_RADEON_CP_RESET', `0x00006443')
+define(`DRM_IOCTL_RADEON_CP_RESUME', `0x00006458')
+define(`DRM_IOCTL_RADEON_CP_START', `0x00006441')
+define(`DRM_IOCTL_RADEON_CP_STOP', `0x40086442')
+define(`DRM_IOCTL_RADEON_CS', `0xc0206466')
+define(`DRM_IOCTL_RADEON_FLIP', `0x00006452')
+define(`DRM_IOCTL_RADEON_FREE', `0x40086454')
+define(`DRM_IOCTL_RADEON_FULLSCREEN', `0x40046446')
+define(`DRM_IOCTL_RADEON_GEM_BUSY', `0xc008646a')
+define(`DRM_IOCTL_RADEON_GEM_CREATE', `0xc020645d')
+define(`DRM_IOCTL_RADEON_GEM_GET_TILING', `0xc00c6469')
+define(`DRM_IOCTL_RADEON_GEM_INFO', `0xc018645c')
+define(`DRM_IOCTL_RADEON_GEM_MMAP', `0xc020645e')
+define(`DRM_IOCTL_RADEON_GEM_OP', `0xc010646c')
+define(`DRM_IOCTL_RADEON_GEM_PREAD', `0xc0206461')
+define(`DRM_IOCTL_RADEON_GEM_PWRITE', `0xc0206462')
+define(`DRM_IOCTL_RADEON_GEM_SET_DOMAIN', `0xc00c6463')
+define(`DRM_IOCTL_RADEON_GEM_SET_TILING', `0xc00c6468')
+define(`DRM_IOCTL_RADEON_GEM_USERPTR', `0xc018646d')
+define(`DRM_IOCTL_RADEON_GEM_VA', `0xc018646b')
+define(`DRM_IOCTL_RADEON_GEM_WAIT_IDLE', `0x40086464')
+define(`DRM_IOCTL_RADEON_GETPARAM', `0xc0106451')
+define(`DRM_IOCTL_RADEON_INDICES', `0x4014644a')
+define(`DRM_IOCTL_RADEON_INDIRECT', `0xc010644d')
+define(`DRM_IOCTL_RADEON_INFO', `0xc0106467')
+define(`DRM_IOCTL_RADEON_INIT_HEAP', `0x400c6455')
+define(`DRM_IOCTL_RADEON_IRQ_EMIT', `0xc0086456')
+define(`DRM_IOCTL_RADEON_IRQ_WAIT', `0x40046457')
+define(`DRM_IOCTL_RADEON_RESET', `0x00006445')
+define(`DRM_IOCTL_RADEON_SETPARAM', `0x40106459')
+define(`DRM_IOCTL_RADEON_STIPPLE', `0x4008644c')
+define(`DRM_IOCTL_RADEON_SURF_ALLOC', `0x400c645a')
+define(`DRM_IOCTL_RADEON_SURF_FREE', `0x4004645b')
+define(`DRM_IOCTL_RADEON_SWAP', `0x00006447')
+define(`DRM_IOCTL_RADEON_TEXTURE', `0xc020644e')
+define(`DRM_IOCTL_RADEON_VERTEX', `0x40106449')
+define(`DRM_IOCTL_RADEON_VERTEX2', `0x4028644f')
+define(`DRM_IOCTL_RES_CTX', `0xc0106426')
+define(`DRM_IOCTL_RM_CTX', `0xc0086421')
+define(`DRM_IOCTL_RM_DRAW', `0xc0046428')
+define(`DRM_IOCTL_RM_MAP', `0x4028641b')
+define(`DRM_IOCTL_SAVAGE_BCI_CMDBUF', `0x40386441')
+define(`DRM_IOCTL_SAVAGE_BCI_EVENT_EMIT', `0xc0086442')
+define(`DRM_IOCTL_SAVAGE_BCI_EVENT_WAIT', `0x40086443')
+define(`DRM_IOCTL_SAVAGE_BCI_INIT', `0x40606440')
+define(`DRM_IOCTL_SET_CLIENT_CAP', `0x4010640d')
+define(`DRM_IOCTL_SET_MASTER', `0x0000641e')
+define(`DRM_IOCTL_SET_SAREA_CTX', `0x4010641c')
+define(`DRM_IOCTL_SET_UNIQUE', `0x40106410')
+define(`DRM_IOCTL_SET_VERSION', `0xc0106407')
+define(`DRM_IOCTL_SG_ALLOC', `0xc0106438')
+define(`DRM_IOCTL_SG_FREE', `0x40106439')
+define(`DRM_IOCTL_SIS_AGP_ALLOC', `0xc0206454')
+define(`DRM_IOCTL_SIS_AGP_FREE', `0x40206455')
+define(`DRM_IOCTL_SIS_AGP_INIT', `0xc0106453')
+define(`DRM_IOCTL_SIS_FB_ALLOC', `0xc0206444')
+define(`DRM_IOCTL_SIS_FB_FREE', `0x40206445')
+define(`DRM_IOCTL_SIS_FB_INIT', `0x40106456')
+define(`DRM_IOCTL_SWITCH_CTX', `0x40086424')
+define(`DRM_IOCTL_TEGRA_CLOSE_CHANNEL', `0xc0106446')
+define(`DRM_IOCTL_TEGRA_GEM_CREATE', `0xc0106440')
+define(`DRM_IOCTL_TEGRA_GEM_GET_FLAGS', `0xc008644d')
+define(`DRM_IOCTL_TEGRA_GEM_GET_TILING', `0xc010644b')
+define(`DRM_IOCTL_TEGRA_GEM_MMAP', `0xc0086441')
+define(`DRM_IOCTL_TEGRA_GEM_SET_FLAGS', `0xc008644c')
+define(`DRM_IOCTL_TEGRA_GEM_SET_TILING', `0xc010644a')
+define(`DRM_IOCTL_TEGRA_GET_SYNCPT', `0xc0106447')
+define(`DRM_IOCTL_TEGRA_GET_SYNCPT_BASE', `0xc0106449')
+define(`DRM_IOCTL_TEGRA_OPEN_CHANNEL', `0xc0106445')
+define(`DRM_IOCTL_TEGRA_SUBMIT', `0xc0586448')
+define(`DRM_IOCTL_TEGRA_SYNCPT_INCR', `0xc0086443')
+define(`DRM_IOCTL_TEGRA_SYNCPT_READ', `0xc0086442')
+define(`DRM_IOCTL_TEGRA_SYNCPT_WAIT', `0xc0106444')
+define(`DRM_IOCTL_UNBLOCK', `0xc0046413')
+define(`DRM_IOCTL_UNLOCK', `0x4008642b')
+define(`DRM_IOCTL_UPDATE_DRAW', `0x4018643f')
+define(`DRM_IOCTL_VERSION', `0xc0406400')
+define(`DRM_IOCTL_VIA_AGP_INIT', `0xc0086442')
+define(`DRM_IOCTL_VIA_ALLOCMEM', `0xc0206440')
+define(`DRM_IOCTL_VIA_BLIT_SYNC', `0x4008644f')
+define(`DRM_IOCTL_VIA_CMDBUFFER', `0x40106448')
+define(`DRM_IOCTL_VIA_CMDBUF_SIZE', `0xc00c644b')
+define(`DRM_IOCTL_VIA_DEC_FUTEX', `0x40106445')
+define(`DRM_IOCTL_VIA_DMA_BLIT', `0x4030644e')
+define(`DRM_IOCTL_VIA_DMA_INIT', `0xc0206447')
+define(`DRM_IOCTL_VIA_FB_INIT', `0xc0086443')
+define(`DRM_IOCTL_VIA_FLUSH', `0x00006449')
+define(`DRM_IOCTL_VIA_FREEMEM', `0x40206441')
+define(`DRM_IOCTL_VIA_MAP_INIT', `0xc0286444')
+define(`DRM_IOCTL_VIA_PCICMD', `0x4010644a')
+define(`DRM_IOCTL_VIA_WAIT_IRQ', `0xc018644d')
+define(`DRM_IOCTL_WAIT_VBLANK', `0xc018643a')
+define(`DVD_AUTH', `0x00005392')
+define(`DVD_READ_STRUCT', `0x00005390')
+define(`DVD_WRITE_STRUCT', `0x00005391')
+define(`ECCGETLAYOUT', `0x81484d11')
+define(`ECCGETSTATS', `0x80104d12')
+define(`ENI_MEMDUMP', `0x40106160')
+define(`ENI_SETMULT', `0x40106167')
+define(`EVIOCGEFFECTS', `0x80044584')
+define(`EVIOCGID', `0x80084502')
+define(`EVIOCGKEYCODE', `0x80084504')
+define(`EVIOCGKEYCODE_V2', `0x80284504')
+define(`EVIOCGRAB', `0x40044590')
+define(`EVIOCGREP', `0x80084503')
+define(`EVIOCGVERSION', `0x80044501')
+define(`EVIOCREVOKE', `0x40044591')
+define(`EVIOCRMFF', `0x40044581')
+define(`EVIOCSCLOCKID', `0x400445a0')
+define(`EVIOCSFF', `0x40304580')
+define(`EVIOCSKEYCODE', `0x40084504')
+define(`EVIOCSKEYCODE_V2', `0x40284504')
+define(`EVIOCSREP', `0x40084503')
+define(`F2FS_IOC_ABORT_VOLATILE_WRITE', `0xf505')
+define(`F2FS_IOC_COMMIT_ATOMIC_WRITE', `0xf502')
+define(`F2FS_IOC_DEFRAGMENT', `0xf508')
+define(`F2FS_IOC_FLUSH_DEVICE', `0xf50a')
+define(`F2FS_IOC_GARBAGE_COLLECT', `0xf506')
+define(`F2FS_IOC_GARBAGE_COLLECT_RANGE', `0xf50b')
+define(`F2FS_IOC_GET_FEATURES', `0xf50c')
+define(`F2FS_IOC_GET_PIN_FILE', `0xf50e')
+define(`F2FS_IOC_MOVE_RANGE', `0xf509')
+define(`F2FS_IOC_PRECACHE_EXTENTS', `0xf50f')
+define(`F2FS_IOC_RELEASE_VOLATILE_WRITE', `0xf504')
+define(`F2FS_IOC_SET_PIN_FILE', `0xf50d')
+define(`F2FS_IOC_START_ATOMIC_WRITE', `0xf501')
+define(`F2FS_IOC_START_VOLATILE_WRITE', `0xf503')
+define(`F2FS_IOC_WRITE_CHECKPOINT', `0xf507')
+define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210')
+define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213')
+define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211')
+define(`FBIGET_BRIGHTNESS', `0x80044603')
+define(`FBIGET_COLOR', `0x80044605')
+define(`FBIO_ALLOC', `0x00004613')
+define(`FBIOBLANK', `0x00004611')
+define(`FBIO_CURSOR', `0xc0684608')
+define(`FBIO_FREE', `0x00004614')
+define(`FBIOGETCMAP', `0x00004604')
+define(`FBIOGET_CON2FBMAP', `0x0000460f')
+define(`FBIOGET_CONTRAST', `0x80044601')
+define(`FBIO_GETCONTROL2', `0x80084689')
+define(`FBIOGET_DISPINFO', `0x00004618')
+define(`FBIOGET_FSCREENINFO', `0x00004602')
+define(`FBIOGET_GLYPH', `0x00004615')
+define(`FBIOGET_HWCINFO', `0x00004616')
+define(`FBIOGET_VBLANK', `0x80204612')
+define(`FBIOGET_VSCREENINFO', `0x00004600')
+define(`FBIOPAN_DISPLAY', `0x00004606')
+define(`FBIOPUTCMAP', `0x00004605')
+define(`FBIOPUT_CON2FBMAP', `0x00004610')
+define(`FBIOPUT_CONTRAST', `0x40044602')
+define(`FBIOPUT_MODEINFO', `0x00004617')
+define(`FBIOPUT_VSCREENINFO', `0x00004601')
+define(`FBIO_RADEON_GET_MIRROR', `0x80084003')
+define(`FBIO_RADEON_SET_MIRROR', `0x40084004')
+define(`FBIO_WAITEVENT', `0x00004688')
+define(`FBIO_WAITFORVSYNC', `0x40044620')
+define(`FBIPUT_BRIGHTNESS', `0x40044603')
+define(`FBIPUT_COLOR', `0x40044606')
+define(`FBIPUT_HSYNC', `0x40044609')
+define(`FBIPUT_VSYNC', `0x4004460a')
+define(`FDCLRPRM', `0x00000241')
+define(`FDDEFPRM', `0x40200243')
+define(`FDEJECT', `0x0000025a')
+define(`FDFLUSH', `0x0000024b')
+define(`FDFMTBEG', `0x00000247')
+define(`FDFMTEND', `0x00000249')
+define(`FDFMTTRK', `0x400c0248')
+define(`FDGETDRVPRM', `0x80800211')
+define(`FDGETDRVSTAT', `0x80500212')
+define(`FDGETDRVTYP', `0x8010020f')
+define(`FDGETFDCSTAT', `0x80280215')
+define(`FDGETMAXERRS', `0x8014020e')
+define(`FDGETPRM', `0x80200204')
+define(`FDMSGOFF', `0x00000246')
+define(`FDMSGON', `0x00000245')
+define(`FDPOLLDRVSTAT', `0x80500213')
+define(`FDRAWCMD', `0x00000258')
+define(`FDRESET', `0x00000254')
+define(`FDSETDRVPRM', `0x40800290')
+define(`FDSETEMSGTRESH', `0x0000024a')
+define(`FDSETMAXERRS', `0x4014024c')
+define(`FDSETPRM', `0x40200242')
+define(`FDTWADDLE', `0x00000259')
+define(`FDWERRORCLR', `0x00000256')
+define(`FDWERRORGET', `0x80280217')
+define(`FE_DISEQC_RECV_SLAVE_REPLY', `0x800c6f40')
define(`FE_DISEQC_RESET_OVERLOAD', `0x00006f3e')
define(`FE_DISEQC_SEND_BURST', `0x00006f41')
+define(`FE_DISEQC_SEND_MASTER_CMD', `0x40076f3f')
+define(`FE_DISHNETWORK_SEND_LEGACY_CMD', `0x00006f50')
+define(`FE_ENABLE_HIGH_LNB_VOLTAGE', `0x00006f44')
+define(`FE_GET_EVENT', `0x80286f4e')
+define(`FE_GET_FRONTEND', `0x80246f4d')
+define(`FE_GET_INFO', `0x80a86f3d')
+define(`FE_GET_PROPERTY', `0x80106f53')
+define(`FE_READ_BER', `0x80046f46')
+define(`FE_READ_SIGNAL_STRENGTH', `0x80026f47')
+define(`FE_READ_SNR', `0x80026f48')
+define(`FE_READ_STATUS', `0x80046f45')
+define(`FE_READ_UNCORRECTED_BLOCKS', `0x80046f49')
+define(`FE_SET_FRONTEND', `0x40246f4c')
+define(`FE_SET_FRONTEND_TUNE_MODE', `0x00006f51')
+define(`FE_SET_PROPERTY', `0x40106f52')
define(`FE_SET_TONE', `0x00006f42')
define(`FE_SET_VOLTAGE', `0x00006f43')
-define(`FE_ENABLE_HIGH_LNB_VOLTAGE', `0x00006f44')
-define(`FE_DISHNETWORK_SEND_LEGACY_CMD', `0x00006f50')
-define(`FE_SET_FRONTEND_TUNE_MODE', `0x00006f51')
-define(`CA_RESET', `0x00006f80')
-define(`RTC_AIE_ON', `0x00007001')
-define(`RTC_AIE_OFF', `0x00007002')
-define(`RTC_UIE_ON', `0x00007003')
-define(`PHN_NOT_OH', `0x00007004')
-define(`RTC_UIE_OFF', `0x00007004')
-define(`RTC_PIE_ON', `0x00007005')
-define(`RTC_PIE_OFF', `0x00007006')
-define(`RTC_WIE_ON', `0x0000700f')
-define(`RTC_WIE_OFF', `0x00007010')
-define(`RTC_VL_CLR', `0x00007014')
+define(`FIBMAP', `0x00000001')
+define(`FIFREEZE', `0xc0045877')
+define(`FIGETBSZ', `0x00000002')
+define(`FIOASYNC', `0x00005452')
+define(`FIOCLEX', ifelse(target_arch, mips, 0x00006601, 0x00005451))
+define(`FIOGETOWN', `0x00008903')
+define(`FIONBIO', `0x00005421')
+define(`FIONCLEX', ifelse(target_arch, mips, 0x00006602, 0x00005450))
+define(`FIONREAD', ifelse(target_arch, mips, 0x0000467f, 0x0000541b))
+define(`FIOQSIZE', `0x00005460')
+define(`FIOSETOWN', `0x00008901')
+define(`FITHAW', `0xc0045878')
+define(`FITRIM', `0xc0185879')
+define(`FS_IOC32_GETFLAGS', `0x80046601')
+define(`FS_IOC32_GETVERSION', `0x80047601')
+define(`FS_IOC32_SETFLAGS', `0x40046602')
+define(`FS_IOC32_SETVERSION', `0x40047602')
+define(`FS_IOC_ENABLE_VERITY', `0x6685')
+define(`FS_IOC_FIEMAP', `0xc020660b')
+define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
+define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
+define(`FS_IOC_GETFLAGS', `0x80086601')
+define(`FS_IOC_GETVERSION', `0x80087601')
+define(`FS_IOC_SET_ENCRYPTION_POLICY', `0x800c6613')
+define(`FS_IOC_SET_VERITY_MEASUREMENT', `0x6686')
+define(`FS_IOC_SETFLAGS', `0x40086602')
+define(`FS_IOC_SETVERSION', `0x40087602')
+define(`FSL_HV_IOCTL_DOORBELL', `0xc008af06')
+define(`FSL_HV_IOCTL_GETPROP', `0xc028af07')
+define(`FSL_HV_IOCTL_MEMCPY', `0xc028af05')
+define(`FSL_HV_IOCTL_PARTITION_GET_STATUS', `0xc00caf02')
+define(`FSL_HV_IOCTL_PARTITION_RESTART', `0xc008af01')
+define(`FSL_HV_IOCTL_PARTITION_START', `0xc010af03')
+define(`FSL_HV_IOCTL_PARTITION_STOP', `0xc008af04')
+define(`FSL_HV_IOCTL_SETPROP', `0xc028af08')
+define(`FUNCTIONFS_CLEAR_HALT', `0x00006703')
+define(`FUNCTIONFS_ENDPOINT_DESC', `0x80096782')
+define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781')
+define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702')
+define(`FUNCTIONFS_FIFO_STATUS', `0x00006701')
+define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780')
+define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306')
+define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302')
+define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d')
+define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE_ONCE', `0x4018230f')
+define(`FW_CDEV_IOC_CREATE_ISO_CONTEXT', `0xc0202308')
+define(`FW_CDEV_IOC_DEALLOCATE', `0x40042303')
+define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE', `0x4004230e')
+define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE_ONCE', `0x40182310')
+define(`FW_CDEV_IOC_FLUSH_ISO', `0x40042318')
+define(`FW_CDEV_IOC_GET_CYCLE_TIMER', `0x8010230c')
+define(`FW_CDEV_IOC_GET_CYCLE_TIMER2', `0xc0182314')
+define(`FW_CDEV_IOC_GET_INFO', `0xc0282300')
+define(`FW_CDEV_IOC_GET_SPEED', `0x00002311')
+define(`FW_CDEV_IOC_INITIATE_BUS_RESET', `0x40042305')
+define(`FW_CDEV_IOC_QUEUE_ISO', `0xc0182309')
+define(`FW_CDEV_IOC_RECEIVE_PHY_PACKETS', `0x40082316')
+define(`FW_CDEV_IOC_REMOVE_DESCRIPTOR', `0x40042307')
+define(`FW_CDEV_IOC_SEND_BROADCAST_REQUEST', `0x40282312')
+define(`FW_CDEV_IOC_SEND_PHY_PACKET', `0xc0182315')
+define(`FW_CDEV_IOC_SEND_REQUEST', `0x40282301')
+define(`FW_CDEV_IOC_SEND_RESPONSE', `0x40182304')
+define(`FW_CDEV_IOC_SEND_STREAM_PACKET', `0x40282313')
+define(`FW_CDEV_IOC_SET_ISO_CHANNELS', `0x40102317')
+define(`FW_CDEV_IOC_START_ISO', `0x4010230a')
+define(`FW_CDEV_IOC_STOP_ISO', `0x4004230b')
+define(`GADGETFS_CLEAR_HALT', `0x00006703')
+define(`GADGETFS_FIFO_FLUSH', `0x00006702')
+define(`GADGETFS_FIFO_STATUS', `0x00006701')
+define(`GADGET_GET_PRINTER_STATUS', `0x80016721')
+define(`GADGET_SET_PRINTER_STATUS', `0xc0016722')
+define(`GENWQE_EXECUTE_DDCB', `0xc0e8a532')
+define(`GENWQE_EXECUTE_RAW_DDCB', `0xc0e8a533')
+define(`GENWQE_GET_CARD_STATE', `0x8004a524')
+define(`GENWQE_PIN_MEM', `0xc020a528')
+define(`GENWQE_READ_REG16', `0x8010a522')
+define(`GENWQE_READ_REG32', `0x8010a520')
+define(`GENWQE_READ_REG64', `0x8010a51e')
+define(`GENWQE_SLU_READ', `0xc038a551')
+define(`GENWQE_SLU_UPDATE', `0xc038a550')
+define(`GENWQE_UNPIN_MEM', `0xc020a529')
+define(`GENWQE_WRITE_REG16', `0x4010a523')
+define(`GENWQE_WRITE_REG32', `0x4010a521')
+define(`GENWQE_WRITE_REG64', `0x4010a51f')
+define(`GET_ARRAY_INFO', `0x80480911')
+define(`GET_BITMAP_FILE', `0x90000915')
+define(`GET_DISK_INFO', `0x80140912')
+define(`GIGASET_BRKCHARS', `0x40064702')
+define(`GIGASET_CONFIG', `0xc0044701')
+define(`GIGASET_REDIR', `0xc0044700')
+define(`GIGASET_VERSION', `0xc0104703')
+define(`GIO_CMAP', `0x00004b70')
+define(`GIO_FONT', `0x00004b60')
+define(`GIO_FONTX', `0x00004b6b')
+define(`GIO_SCRNMAP', `0x00004b40')
+define(`GIO_UNIMAP', `0x00004b66')
+define(`GIO_UNISCRNMAP', `0x00004b69')
+define(`GSMIOC_DISABLE_NET', `0x00004703')
+define(`GSMIOC_ENABLE_NET', `0x40344702')
+define(`GSMIOC_GETCONF', `0x804c4700')
+define(`GSMIOC_SETCONF', `0x404c4701')
+define(`HCIBLOCKADDR', `0x400448e6')
+define(`HCIDEVDOWN', `0x400448ca')
+define(`HCIDEVRESET', `0x400448cb')
+define(`HCIDEVRESTAT', `0x400448cc')
+define(`HCIDEVUP', `0x400448c9')
+define(`HCIGETAUTHINFO', `0x800448d7')
+define(`HCIGETCONNINFO', `0x800448d5')
+define(`HCIGETCONNLIST', `0x800448d4')
+define(`HCIGETDEVINFO', `0x800448d3')
+define(`HCIGETDEVLIST', `0x800448d2')
+define(`HCIINQUIRY', `0x800448f0')
+define(`HCISETACLMTU', `0x400448e3')
+define(`HCISETAUTH', `0x400448de')
+define(`HCISETENCRYPT', `0x400448df')
+define(`HCISETLINKMODE', `0x400448e2')
+define(`HCISETLINKPOL', `0x400448e1')
+define(`HCISETPTYPE', `0x400448e0')
+define(`HCISETRAW', `0x400448dc')
+define(`HCISETSCAN', `0x400448dd')
+define(`HCISETSCOMTU', `0x400448e4')
+define(`HCIUNBLOCKADDR', `0x400448e7')
+define(`HDA_IOCTL_GET_WCAP', `0xc0084812')
+define(`HDA_IOCTL_PVERSION', `0x80044810')
+define(`HDA_IOCTL_VERB_WRITE', `0xc0084811')
+define(`HDIO_DRIVE_CMD', `0x0000031f')
+define(`HDIO_DRIVE_RESET', `0x0000031c')
+define(`HDIO_DRIVE_TASK', `0x0000031e')
+define(`HDIO_DRIVE_TASKFILE', `0x0000031d')
+define(`HDIO_GET_32BIT', `0x00000309')
+define(`HDIO_GET_ACOUSTIC', `0x0000030f')
+define(`HDIO_GET_ADDRESS', `0x00000310')
+define(`HDIO_GET_BUSSTATE', `0x0000031a')
+define(`HDIO_GET_DMA', `0x0000030b')
+define(`HDIO_GETGEO', `0x00000301')
+define(`HDIO_GET_IDENTITY', `0x0000030d')
+define(`HDIO_GET_KEEPSETTINGS', `0x00000308')
+define(`HDIO_GET_MULTCOUNT', `0x00000304')
+define(`HDIO_GET_NICE', `0x0000030c')
+define(`HDIO_GET_NOWERR', `0x0000030a')
+define(`HDIO_GET_QDMA', `0x00000305')
+define(`HDIO_GET_UNMASKINTR', `0x00000302')
+define(`HDIO_GET_WCACHE', `0x0000030e')
+define(`HDIO_OBSOLETE_IDENTITY', `0x00000307')
+define(`HDIO_SCAN_HWIF', `0x00000328')
+define(`HDIO_SET_32BIT', `0x00000324')
+define(`HDIO_SET_ACOUSTIC', `0x0000032c')
+define(`HDIO_SET_ADDRESS', `0x0000032f')
+define(`HDIO_SET_BUSSTATE', `0x0000032d')
+define(`HDIO_SET_DMA', `0x00000326')
+define(`HDIO_SET_KEEPSETTINGS', `0x00000323')
+define(`HDIO_SET_MULTCOUNT', `0x00000321')
+define(`HDIO_SET_NICE', `0x00000329')
+define(`HDIO_SET_NOWERR', `0x00000325')
+define(`HDIO_SET_PIO_MODE', `0x00000327')
+define(`HDIO_SET_QDMA', `0x0000032e')
+define(`HDIO_SET_UNMASKINTR', `0x00000322')
+define(`HDIO_SET_WCACHE', `0x0000032b')
+define(`HDIO_SET_XFER', `0x00000306')
+define(`HDIO_TRISTATE_HWIF', `0x0000031b')
+define(`HDIO_UNREGISTER_HWIF', `0x0000032a')
+define(`HE_GET_REG', `0x40106160')
+define(`HIDIOCAPPLICATION', `0x00004802')
+define(`HIDIOCGCOLLECTIONINDEX', `0x40184810')
+define(`HIDIOCGCOLLECTIONINFO', `0xc0104811')
+define(`HIDIOCGDEVINFO', `0x801c4803')
+define(`HIDIOCGFIELDINFO', `0xc038480a')
+define(`HIDIOCGFLAG', `0x8004480e')
+define(`HIDIOCGRAWINFO', `0x80084803')
+define(`HIDIOCGRDESC', `0x90044802')
+define(`HIDIOCGRDESCSIZE', `0x80044801')
+define(`HIDIOCGREPORT', `0x400c4807')
+define(`HIDIOCGREPORTINFO', `0xc00c4809')
+define(`HIDIOCGSTRING', `0x81044804')
+define(`HIDIOCGUCODE', `0xc018480d')
+define(`HIDIOCGUSAGE', `0xc018480b')
+define(`HIDIOCGUSAGES', `0xd01c4813')
+define(`HIDIOCGVERSION', `0x80044801')
+define(`HIDIOCINITREPORT', `0x00004805')
+define(`HIDIOCSFLAG', `0x4004480f')
+define(`HIDIOCSREPORT', `0x400c4808')
+define(`HIDIOCSUSAGE', `0x4018480c')
+define(`HIDIOCSUSAGES', `0x501c4814')
+define(`HOT_ADD_DISK', `0x00000928')
+define(`HOT_GENERATE_ERROR', `0x0000092a')
+define(`HOT_REMOVE_DISK', `0x00000922')
+define(`HPET_DPI', `0x00006805')
+define(`HPET_EPI', `0x00006804')
+define(`HPET_IE_OFF', `0x00006802')
+define(`HPET_IE_ON', `0x00006801')
+define(`HPET_INFO', `0x80186803')
+define(`HPET_IRQFREQ', `0x40086806')
+define(`HSC_GET_RX', `0x400c6b14')
+define(`HSC_GET_TX', `0x40106b16')
+define(`HSC_RESET', `0x00006b10')
+define(`HSC_SEND_BREAK', `0x00006b12')
+define(`HSC_SET_PM', `0x00006b11')
+define(`HSC_SET_RX', `0x400c6b13')
+define(`HSC_SET_TX', `0x40106b15')
+define(`I2OEVTGET', `0x8068690b')
+define(`I2OEVTREG', `0x400c690a')
+define(`I2OGETIOPS', `0x80206900')
+define(`I2OHRTGET', `0xc0186901')
+define(`I2OHTML', `0xc0306909')
+define(`I2OLCTGET', `0xc0186902')
+define(`I2OPARMGET', `0xc0286904')
+define(`I2OPARMSET', `0xc0286903')
+define(`I2OPASSTHRU', `0x8010690c')
+define(`I2OPASSTHRU32', `0x8008690c')
+define(`I2OSWDEL', `0xc0306907')
+define(`I2OSWDL', `0xc0306905')
+define(`I2OSWUL', `0xc0306906')
+define(`I2OVALIDATE', `0x80046908')
+define(`I8K_BIOS_VERSION', `0x80046980')
+define(`I8K_FN_STATUS', `0x80086983')
+define(`I8K_GET_FAN', `0xc0086986')
+define(`I8K_GET_SPEED', `0xc0086985')
+define(`I8K_GET_TEMP', `0x80086984')
+define(`I8K_MACHINE_ID', `0x80046981')
+define(`I8K_POWER_STATUS', `0x80086982')
+define(`I8K_SET_FAN', `0xc0086987')
+define(`IB_USER_MAD_ENABLE_PKEY', `0x00001b03')
+define(`IB_USER_MAD_REGISTER_AGENT', `0xc01c1b01')
+define(`IB_USER_MAD_REGISTER_AGENT2', `0xc0281b04')
+define(`IB_USER_MAD_UNREGISTER_AGENT', `0x40041b02')
+define(`IDT77105_GETSTAT', `0x40106132')
+define(`IDT77105_GETSTATZ', `0x40106133')
+define(`IIOCDBGVAR', `0x0000497f')
+define(`IIOCDRVCTL', `0x00004980')
+define(`IIOCGETCPS', `0x00004915')
+define(`IIOCGETDVR', `0x00004916')
+define(`IIOCGETMAP', `0x00004911')
+define(`IIOCGETPRF', `0x0000490f')
+define(`IIOCGETSET', `0x00004908')
+define(`IIOCNETAIF', `0x00004901')
+define(`IIOCNETALN', `0x00004920')
+define(`IIOCNETANM', `0x00004905')
+define(`IIOCNETASL', `0x00004913')
+define(`IIOCNETDIF', `0x00004902')
+define(`IIOCNETDIL', `0x00004914')
+define(`IIOCNETDLN', `0x00004921')
+define(`IIOCNETDNM', `0x00004906')
+define(`IIOCNETDWRSET', `0x00004918')
+define(`IIOCNETGCF', `0x00004904')
+define(`IIOCNETGNM', `0x00004907')
+define(`IIOCNETGPN', `0x00004922')
+define(`IIOCNETHUP', `0x0000490b')
+define(`IIOCNETLCR', `0x00004917')
+define(`IIOCNETSCF', `0x00004903')
+define(`IIOCSETBRJ', `0x0000490d')
+define(`IIOCSETGST', `0x0000490c')
+define(`IIOCSETMAP', `0x00004912')
+define(`IIOCSETPRF', `0x00004910')
+define(`IIOCSETSET', `0x00004909')
+define(`IIOCSETVER', `0x0000490a')
+define(`IIOCSIGPRF', `0x0000490e')
+define(`IIO_GET_EVENT_FD_IOCTL', `0x80046990')
+define(`IMADDTIMER', `0x80044940')
+define(`IMCLEAR_L2', `0x80044946')
+define(`IMCTRLREQ', `0x80044945')
+define(`IMDELTIMER', `0x80044941')
+define(`IMGETCOUNT', `0x80044943')
+define(`IMGETDEVINFO', `0x80044944')
+define(`IMGETVERSION', `0x80044942')
+define(`IMHOLD_L1', `0x80044948')
+define(`IMSETDEVNAME', `0x80184947')
+define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
+define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
+define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')
+define(`IOCTL_EVTCHN_NOTIFY', `0x00044504')
+define(`IOCTL_EVTCHN_RESET', `0x00004505')
+define(`IOCTL_EVTCHN_UNBIND', `0x00044503')
+define(`IOCTL_MEI_CONNECT_CLIENT', `0xc0104801')
+define(`IOCTL_VMCI_CTX_ADD_NOTIFICATION', `0x000007af')
+define(`IOCTL_VMCI_CTX_GET_CPT_STATE', `0x000007b1')
+define(`IOCTL_VMCI_CTX_REMOVE_NOTIFICATION', `0x000007b0')
+define(`IOCTL_VMCI_CTX_SET_CPT_STATE', `0x000007b2')
+define(`IOCTL_VMCI_DATAGRAM_RECEIVE', `0x000007ac')
+define(`IOCTL_VMCI_DATAGRAM_SEND', `0x000007ab')
+define(`IOCTL_VMCI_GET_CONTEXT_ID', `0x000007b3')
+define(`IOCTL_VMCI_INIT_CONTEXT', `0x000007a0')
+define(`IOCTL_VMCI_NOTIFICATIONS_RECEIVE', `0x000007a6')
+define(`IOCTL_VMCI_NOTIFY_RESOURCE', `0x000007a5')
+define(`IOCTL_VMCI_QUEUEPAIR_ALLOC', `0x000007a8')
+define(`IOCTL_VMCI_QUEUEPAIR_DETACH', `0x000007aa')
+define(`IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE', `0x000007a9')
+define(`IOCTL_VMCI_QUEUEPAIR_SETVA', `0x000007a4')
+define(`IOCTL_VMCI_SET_NOTIFY', `0x000007cb')
+define(`IOCTL_VMCI_SOCKETS_GET_AF_VALUE', `0x000007b8')
+define(`IOCTL_VMCI_SOCKETS_GET_LOCAL_CID', `0x000007b9')
+define(`IOCTL_VMCI_SOCKETS_VERSION', `0x000007b4')
+define(`IOCTL_VMCI_VERSION', `0x0000079f')
+define(`IOCTL_VMCI_VERSION2', `0x000007a7')
+define(`IOCTL_VM_SOCKETS_GET_LOCAL_CID', `0x000007b9')
+define(`IOCTL_WDM_MAX_COMMAND', `0x800248a0')
+define(`IOCTL_XENBUS_BACKEND_EVTCHN', `0x00004200')
+define(`IOCTL_XENBUS_BACKEND_SETUP', `0x00004201')
+define(`ION_IOC_ALLOC', `0xc0204900')
+define(`ION_IOC_CUSTOM', `0xc0104906')
+define(`ION_IOC_FREE', `0xc0044901')
+define(`ION_IOC_IMPORT', `0xc0084905')
+define(`ION_IOC_MAP', `0xc0084902')
+define(`ION_IOC_SHARE', `0xc0084904')
+define(`ION_IOC_SYNC', `0xc0084907')
+define(`ION_IOC_TEST_DMA_MAPPING', `0x402049f1')
+define(`ION_IOC_TEST_KERNEL_MAPPING', `0x402049f2')
+define(`ION_IOC_TEST_SET_FD', `0x000049f0')
+define(`IOW_GETINFO', `0x8028c003')
+define(`IOW_READ', `0x4008c002')
+define(`IOW_WRITE', `0x4008c001')
+define(`IPMICTL_GET_MAINTENANCE_MODE_CMD', `0x8004691e')
+define(`IPMICTL_GET_MY_ADDRESS_CMD', `0x80046912')
+define(`IPMICTL_GET_MY_CHANNEL_ADDRESS_CMD', `0x80046919')
+define(`IPMICTL_GET_MY_CHANNEL_LUN_CMD', `0x8004691b')
+define(`IPMICTL_GET_MY_LUN_CMD', `0x80046914')
+define(`IPMICTL_GET_TIMING_PARMS_CMD', `0x80086917')
+define(`IPMICTL_RECEIVE_MSG', `0xc030690c')
+define(`IPMICTL_RECEIVE_MSG_TRUNC', `0xc030690b')
+define(`IPMICTL_REGISTER_FOR_CMD', `0x8002690e')
+define(`IPMICTL_REGISTER_FOR_CMD_CHANS', `0x800c691c')
+define(`IPMICTL_SEND_COMMAND', `0x8028690d')
+define(`IPMICTL_SEND_COMMAND_SETTIME', `0x80306915')
+define(`IPMICTL_SET_GETS_EVENTS_CMD', `0x80046910')
+define(`IPMICTL_SET_MAINTENANCE_MODE_CMD', `0x4004691f')
+define(`IPMICTL_SET_MY_ADDRESS_CMD', `0x80046911')
+define(`IPMICTL_SET_MY_CHANNEL_ADDRESS_CMD', `0x80046918')
+define(`IPMICTL_SET_MY_CHANNEL_LUN_CMD', `0x8004691a')
+define(`IPMICTL_SET_MY_LUN_CMD', `0x80046913')
+define(`IPMICTL_SET_TIMING_PARMS_CMD', `0x80086916')
+define(`IPMICTL_UNREGISTER_FOR_CMD', `0x8002690f')
+define(`IPMICTL_UNREGISTER_FOR_CMD_CHANS', `0x800c691d')
+define(`IVTVFB_IOC_DMA_FRAME', `0x401856c0')
+define(`IVTV_IOC_DMA_FRAME', `0x404056c0')
+define(`IVTV_IOC_PASSTHROUGH_MODE', `0x400456c1')
+define(`IXJCTL_AEC_GET_LEVEL', `0x000071cd')
+define(`IXJCTL_AEC_START', `0x400471cb')
+define(`IXJCTL_AEC_STOP', `0x000071cc')
+define(`IXJCTL_CARDTYPE', `0x800471c1')
+define(`IXJCTL_CID', `0x800871d4')
+define(`IXJCTL_CIDCW', `0x400871d9')
+define(`IXJCTL_DAA_AGAIN', `0x400471d2')
+define(`IXJCTL_DAA_COEFF_SET', `0x400471d0')
+define(`IXJCTL_DRYBUFFER_CLEAR', `0x000071e7')
+define(`IXJCTL_DRYBUFFER_READ', `0x800871e6')
+define(`IXJCTL_DSP_IDLE', `0x000071c5')
+define(`IXJCTL_DSP_RESET', `0x000071c0')
+define(`IXJCTL_DSP_TYPE', `0x800471c3')
+define(`IXJCTL_DSP_VERSION', `0x800471c4')
+define(`IXJCTL_DTMF_PRESCALE', `0x400471e8')
+define(`IXJCTL_FILTER_CADENCE', `0x400871d6')
+define(`IXJCTL_FRAMES_READ', `0x800871e2')
+define(`IXJCTL_FRAMES_WRITTEN', `0x800871e3')
+define(`IXJCTL_GET_FILTER_HIST', `0x400471c8')
+define(`IXJCTL_HZ', `0x400471e0')
+define(`IXJCTL_INIT_TONE', `0x400871c9')
+define(`IXJCTL_INTERCOM_START', `0x400471fd')
+define(`IXJCTL_INTERCOM_STOP', `0x400471fe')
+define(`IXJCTL_MIXER', `0x400471cf')
+define(`IXJCTL_PLAY_CID', `0x000071d7')
+define(`IXJCTL_PORT', `0x400471d1')
+define(`IXJCTL_POTS_PSTN', `0x400471d5')
+define(`IXJCTL_PSTN_LINETEST', `0x000071d3')
+define(`IXJCTL_RATE', `0x400471e1')
+define(`IXJCTL_READ_WAIT', `0x800871e4')
+define(`IXJCTL_SC_RXG', `0x400471ea')
+define(`IXJCTL_SC_TXG', `0x400471eb')
+define(`IXJCTL_SERIAL', `0x800471c2')
+define(`IXJCTL_SET_FILTER', `0x400871c7')
+define(`IXJCTL_SET_FILTER_RAW', `0x400871dd')
+define(`IXJCTL_SET_LED', `0x400471ce')
+define(`IXJCTL_SIGCTL', `0x400871e9')
+define(`IXJCTL_TESTRAM', `0x000071c6')
+define(`IXJCTL_TONE_CADENCE', `0x400871ca')
+define(`IXJCTL_VERSION', `0x800871da')
+define(`IXJCTL_VMWI', `0x800471d8')
+define(`IXJCTL_WRITE_WAIT', `0x800871e5')
+define(`JSIOCGAXES', `0x80016a11')
+define(`JSIOCGAXMAP', `0x80406a32')
+define(`JSIOCGBTNMAP', `0x84006a34')
+define(`JSIOCGBUTTONS', `0x80016a12')
+define(`JSIOCGCORR', `0x80246a22')
+define(`JSIOCGVERSION', `0x80046a01')
+define(`JSIOCSAXMAP', `0x40406a31')
+define(`JSIOCSBTNMAP', `0x44006a33')
+define(`JSIOCSCORR', `0x40246a21')
+define(`KDADDIO', `0x00004b34')
+define(`KDDELIO', `0x00004b35')
+define(`KDDISABIO', `0x00004b37')
+define(`KDENABIO', `0x00004b36')
+define(`KDFONTOP', `0x00004b72')
+define(`KDGETKEYCODE', `0x00004b4c')
+define(`KDGETLED', `0x00004b31')
+define(`KDGETMODE', `0x00004b3b')
+define(`KDGKBDIACR', `0x00004b4a')
+define(`KDGKBDIACRUC', `0x00004bfa')
+define(`KDGKBENT', `0x00004b46')
+define(`KDGKBLED', `0x00004b64')
+define(`KDGKBMETA', `0x00004b62')
+define(`KDGKBMODE', `0x00004b44')
+define(`KDGKBSENT', `0x00004b48')
+define(`KDGKBTYPE', `0x00004b33')
+define(`KDKBDREP', `0x00004b52')
+define(`KDMAPDISP', `0x00004b3c')
+define(`KDMKTONE', `0x00004b30')
+define(`KDSETKEYCODE', `0x00004b4d')
+define(`KDSETLED', `0x00004b32')
+define(`KDSETMODE', `0x00004b3a')
+define(`KDSIGACCEPT', `0x00004b4e')
+define(`KDSKBDIACR', `0x00004b4b')
+define(`KDSKBDIACRUC', `0x00004bfb')
+define(`KDSKBENT', `0x00004b47')
+define(`KDSKBLED', `0x00004b65')
+define(`KDSKBMETA', `0x00004b63')
+define(`KDSKBMODE', `0x00004b45')
+define(`KDSKBSENT', `0x00004b49')
+define(`KDUNMAPDISP', `0x00004b3d')
+define(`KIOCSOUND', `0x00004b2f')
+define(`KVM_ALLOCATE_RMA', `0x8008aea9')
+define(`KVM_ARM_PREFERRED_TARGET', `0x8020aeaf')
+define(`KVM_ARM_SET_DEVICE_ADDR', `0x4010aeab')
+define(`KVM_ARM_VCPU_INIT', `0x4020aeae')
+define(`KVM_ASSIGN_DEV_IRQ', `0x4040ae70')
+define(`KVM_ASSIGN_PCI_DEVICE', `0x8040ae69')
+define(`KVM_ASSIGN_SET_INTX_MASK', `0x4040aea4')
+define(`KVM_ASSIGN_SET_MSIX_ENTRY', `0x4010ae74')
+define(`KVM_ASSIGN_SET_MSIX_NR', `0x4008ae73')
+define(`KVM_CHECK_EXTENSION', `0x0000ae03')
+define(`KVM_CREATE_DEVICE', `0xc00caee0')
+define(`KVM_CREATE_IRQCHIP', `0x0000ae60')
+define(`KVM_CREATE_PIT', `0x0000ae64')
+define(`KVM_CREATE_PIT2', `0x4040ae77')
+define(`KVM_CREATE_SPAPR_TCE', `0x400caea8')
+define(`KVM_CREATE_VCPU', `0x0000ae41')
+define(`KVM_CREATE_VM', `0x0000ae01')
+define(`KVM_DEASSIGN_DEV_IRQ', `0x4040ae75')
+define(`KVM_DEASSIGN_PCI_DEVICE', `0x4040ae72')
+define(`KVM_DIRTY_TLB', `0x4010aeaa')
+define(`KVM_ENABLE_CAP', `0x4068aea3')
+define(`KVM_GET_API_VERSION', `0x0000ae00')
+define(`KVM_GET_CLOCK', `0x8030ae7c')
+define(`KVM_GET_CPUID2', `0xc008ae91')
+define(`KVM_GET_DEBUGREGS', `0x8080aea1')
+define(`KVM_GET_DEVICE_ATTR', `0x4018aee2')
+define(`KVM_GET_DIRTY_LOG', `0x4010ae42')
+define(`KVM_GET_EMULATED_CPUID', `0xc008ae09')
+define(`KVM_GET_FPU', `0x81a0ae8c')
+define(`KVM_GET_IRQCHIP', `0xc208ae62')
+define(`KVM_GET_LAPIC', `0x8400ae8e')
+define(`KVM_GET_MP_STATE', `0x8004ae98')
+define(`KVM_GET_MSR_INDEX_LIST', `0xc004ae02')
+define(`KVM_GET_MSRS', `0xc008ae88')
+define(`KVM_GET_NR_MMU_PAGES', `0x0000ae45')
+define(`KVM_GET_ONE_REG', `0x4010aeab')
+define(`KVM_GET_PIT', `0xc048ae65')
+define(`KVM_GET_PIT2', `0x8070ae9f')
+define(`KVM_GET_REG_LIST', `0xc008aeb0')
+define(`KVM_GET_REGS', `0x8090ae81')
+define(`KVM_GET_SREGS', `0x8138ae83')
+define(`KVM_GET_SUPPORTED_CPUID', `0xc008ae05')
+define(`KVM_GET_TSC_KHZ', `0x0000aea3')
+define(`KVM_GET_VCPU_EVENTS', `0x8040ae9f')
+define(`KVM_GET_VCPU_MMAP_SIZE', `0x0000ae04')
+define(`KVM_GET_XCRS', `0x8188aea6')
+define(`KVM_GET_XSAVE', `0x9000aea4')
+define(`KVM_HAS_DEVICE_ATTR', `0x4018aee3')
+define(`KVM_INTERRUPT', `0x4004ae86')
+define(`KVM_IOEVENTFD', `0x4040ae79')
+define(`KVM_IRQFD', `0x4020ae76')
+define(`KVM_IRQ_LINE', `0x4008ae61')
+define(`KVM_IRQ_LINE_STATUS', `0xc008ae67')
+define(`KVM_KVMCLOCK_CTRL', `0x0000aead')
+define(`KVM_NMI', `0x0000ae9a')
+define(`KVM_PPC_ALLOCATE_HTAB', `0xc004aea7')
+define(`KVM_PPC_GET_HTAB_FD', `0x4020aeaa')
+define(`KVM_PPC_GET_PVINFO', `0x4080aea1')
+define(`KVM_PPC_GET_SMMU_INFO', `0x8250aea6')
+define(`KVM_PPC_RTAS_DEFINE_TOKEN', `0x4080aeac')
+define(`KVM_REGISTER_COALESCED_MMIO', `0x4010ae67')
+define(`KVM_REINJECT_CONTROL', `0x0000ae71')
+define(`KVM_RUN', `0x0000ae80')
+define(`KVM_S390_ENABLE_SIE', `0x0000ae06')
+define(`KVM_S390_INITIAL_RESET', `0x0000ae97')
+define(`KVM_S390_INTERRUPT', `0x4010ae94')
+define(`KVM_S390_SET_INITIAL_PSW', `0x4010ae96')
+define(`KVM_S390_STORE_STATUS', `0x4008ae95')
+define(`KVM_S390_UCAS_MAP', `0x4018ae50')
+define(`KVM_S390_UCAS_UNMAP', `0x4018ae51')
+define(`KVM_S390_VCPU_FAULT', `0x4008ae52')
+define(`KVM_SET_BOOT_CPU_ID', `0x0000ae78')
+define(`KVM_SET_CLOCK', `0x4030ae7b')
+define(`KVM_SET_CPUID', `0x4008ae8a')
+define(`KVM_SET_CPUID2', `0x4008ae90')
+define(`KVM_SET_DEBUGREGS', `0x4080aea2')
+define(`KVM_SET_DEVICE_ATTR', `0x4018aee1')
+define(`KVM_SET_FPU', `0x41a0ae8d')
+define(`KVM_SET_GSI_ROUTING', `0x4008ae6a')
+define(`KVM_SET_GUEST_DEBUG', `0x4048ae9b')
+define(`KVM_SET_IDENTITY_MAP_ADDR', `0x4008ae48')
+define(`KVM_SET_IRQCHIP', `0x8208ae63')
+define(`KVM_SET_LAPIC', `0x4400ae8f')
+define(`KVM_SET_MEMORY_ALIAS', `0x4020ae43')
+define(`KVM_SET_MEMORY_REGION', `0x4018ae40')
+define(`KVM_SET_MP_STATE', `0x4004ae99')
+define(`KVM_SET_MSRS', `0x4008ae89')
+define(`KVM_SET_NR_MMU_PAGES', `0x0000ae44')
+define(`KVM_SET_ONE_REG', `0x4010aeac')
+define(`KVM_SET_PIT', `0x8048ae66')
+define(`KVM_SET_PIT2', `0x4070aea0')
+define(`KVM_SET_REGS', `0x4090ae82')
+define(`KVM_SET_SIGNAL_MASK', `0x4004ae8b')
+define(`KVM_SET_SREGS', `0x4138ae84')
+define(`KVM_SET_TSC_KHZ', `0x0000aea2')
+define(`KVM_SET_TSS_ADDR', `0x0000ae47')
+define(`KVM_SET_USER_MEMORY_REGION', `0x4020ae46')
+define(`KVM_SET_VAPIC_ADDR', `0x4008ae93')
+define(`KVM_SET_VCPU_EVENTS', `0x4040aea0')
+define(`KVM_SET_XCRS', `0x4188aea7')
+define(`KVM_SET_XSAVE', `0x5000aea5')
+define(`KVM_SIGNAL_MSI', `0x4020aea5')
+define(`KVM_TPR_ACCESS_REPORTING', `0xc028ae92')
+define(`KVM_TRANSLATE', `0xc018ae85')
+define(`KVM_UNREGISTER_COALESCED_MMIO', `0x4010ae68')
+define(`KVM_X86_GET_MCE_CAP_SUPPORTED', `0x8008ae9d')
+define(`KVM_X86_SET_MCE', `0x4040ae9e')
+define(`KVM_X86_SETUP_MCE', `0x4008ae9c')
+define(`KVM_XEN_HVM_CONFIG', `0x4038ae7a')
+define(`KYRO_IOCTL_OVERLAY_CREATE', `0x00006b00')
+define(`KYRO_IOCTL_OVERLAY_OFFSET', `0x00006b04')
+define(`KYRO_IOCTL_OVERLAY_VIEWPORT_SET', `0x00006b01')
+define(`KYRO_IOCTL_SET_VIDEO_MODE', `0x00006b02')
+define(`KYRO_IOCTL_STRIDE', `0x00006b05')
+define(`KYRO_IOCTL_UVSTRIDE', `0x00006b03')
+define(`LIRC_GET_FEATURES', `0x80046900')
+define(`LIRC_GET_LENGTH', `0x8004690f')
+define(`LIRC_GET_MAX_FILTER_PULSE', `0x8004690b')
+define(`LIRC_GET_MAX_FILTER_SPACE', `0x8004690d')
+define(`LIRC_GET_MAX_TIMEOUT', `0x80046909')
+define(`LIRC_GET_MIN_FILTER_PULSE', `0x8004690a')
+define(`LIRC_GET_MIN_FILTER_SPACE', `0x8004690c')
+define(`LIRC_GET_MIN_TIMEOUT', `0x80046908')
+define(`LIRC_GET_REC_CARRIER', `0x80046904')
+define(`LIRC_GET_REC_DUTY_CYCLE', `0x80046906')
+define(`LIRC_GET_REC_MODE', `0x80046902')
+define(`LIRC_GET_REC_RESOLUTION', `0x80046907')
+define(`LIRC_GET_SEND_CARRIER', `0x80046903')
+define(`LIRC_GET_SEND_DUTY_CYCLE', `0x80046905')
+define(`LIRC_GET_SEND_MODE', `0x80046901')
+define(`LIRC_NOTIFY_DECODE', `0x00006920')
+define(`LIRC_SET_MEASURE_CARRIER_MODE', `0x4004691d')
+define(`LIRC_SET_REC_CARRIER', `0x40046914')
+define(`LIRC_SET_REC_CARRIER_RANGE', `0x4004691f')
+define(`LIRC_SET_REC_DUTY_CYCLE', `0x40046916')
+define(`LIRC_SET_REC_DUTY_CYCLE_RANGE', `0x4004691e')
+define(`LIRC_SET_REC_FILTER', `0x4004691c')
+define(`LIRC_SET_REC_FILTER_PULSE', `0x4004691a')
+define(`LIRC_SET_REC_FILTER_SPACE', `0x4004691b')
+define(`LIRC_SET_REC_MODE', `0x40046912')
+define(`LIRC_SET_REC_TIMEOUT', `0x40046918')
+define(`LIRC_SET_REC_TIMEOUT_REPORTS', `0x40046919')
+define(`LIRC_SET_SEND_CARRIER', `0x40046913')
+define(`LIRC_SET_SEND_DUTY_CYCLE', `0x40046915')
+define(`LIRC_SET_SEND_MODE', `0x40046911')
+define(`LIRC_SET_TRANSMITTER_MASK', `0x40046917')
+define(`LIRC_SETUP_END', `0x00006922')
+define(`LIRC_SETUP_START', `0x00006921')
+define(`LIRC_SET_WIDEBAND_RECEIVER', `0x40046923')
+define(`LOGGER_FLUSH_LOG', `0x0000ae04')
+define(`LOGGER_GET_LOG_BUF_SIZE', `0x0000ae01')
+define(`LOGGER_GET_LOG_LEN', `0x0000ae02')
+define(`LOGGER_GET_NEXT_ENTRY_LEN', `0x0000ae03')
+define(`LOGGER_GET_VERSION', `0x0000ae05')
+define(`LOGGER_SET_VERSION', `0x0000ae06')
+define(`LOOP_CHANGE_FD', `0x00004c06')
+define(`LOOP_CLR_FD', `0x00004c01')
+define(`LOOP_CTL_ADD', `0x00004c80')
+define(`LOOP_CTL_GET_FREE', `0x00004c82')
+define(`LOOP_CTL_REMOVE', `0x00004c81')
+define(`LOOP_GET_STATUS', `0x00004c03')
+define(`LOOP_GET_STATUS64', `0x00004c05')
+define(`LOOP_SET_CAPACITY', `0x00004c07')
+define(`LOOP_SET_FD', `0x00004c00')
+define(`LOOP_SET_STATUS', `0x00004c02')
+define(`LOOP_SET_STATUS64', `0x00004c04')
+define(`MATROXFB_GET_ALL_OUTPUTS', `0x80086efb')
+define(`MATROXFB_GET_AVAILABLE_OUTPUTS', `0x80086ef9')
+define(`MATROXFB_GET_OUTPUT_CONNECTION', `0x80086ef8')
+define(`MATROXFB_GET_OUTPUT_MODE', `0xc0086efa')
+define(`MATROXFB_SET_OUTPUT_CONNECTION', `0x40086ef8')
+define(`MATROXFB_SET_OUTPUT_MODE', `0x40086efa')
+define(`MBXFB_IOCG_ALPHA', `0x8018f401')
+define(`MBXFB_IOCS_ALPHA', `0x4018f402')
+define(`MBXFB_IOCS_PLANEORDER', `0x8002f403')
+define(`MBXFB_IOCS_REG', `0x400cf404')
+define(`MBXFB_IOCX_OVERLAY', `0xc030f400')
+define(`MBXFB_IOCX_REG', `0xc00cf405')
+define(`MCE_GETCLEAR_FLAGS', `0x80044d03')
+define(`MCE_GET_LOG_LEN', `0x80044d02')
+define(`MCE_GET_RECORD_LEN', `0x80044d01')
+define(`MEDIA_IOC_DEVICE_INFO', `0xc1007c00')
+define(`MEDIA_IOC_ENUM_ENTITIES', `0xc1007c01')
+define(`MEDIA_IOC_ENUM_LINKS', `0xc0287c02')
+define(`MEDIA_IOC_SETUP_LINK', `0xc0347c03')
+define(`MEMERASE', `0x40084d02')
+define(`MEMERASE64', `0x40104d14')
+define(`MEMGETBADBLOCK', `0x40084d0b')
+define(`MEMGETINFO', `0x80204d01')
+define(`MEMGETOOBSEL', `0x80c84d0a')
+define(`MEMGETREGIONCOUNT', `0x80044d07')
+define(`MEMGETREGIONINFO', `0xc0104d08')
+define(`MEMISLOCKED', `0x80084d17')
+define(`MEMLOCK', `0x40084d05')
+define(`MEMREADOOB', `0xc0104d04')
+define(`MEMREADOOB64', `0xc0184d16')
+define(`MEMSETBADBLOCK', `0x40084d0c')
+define(`MEMUNLOCK', `0x40084d06')
+define(`MEMWRITE', `0xc0304d18')
+define(`MEMWRITEOOB', `0xc0104d03')
+define(`MEMWRITEOOB64', `0xc0184d15')
+define(`MEYEIOC_G_PARAMS', `0x800676c0')
+define(`MEYEIOC_QBUF_CAPT', `0x400476c2')
+define(`MEYEIOC_S_PARAMS', `0x400676c1')
+define(`MEYEIOC_STILLCAPT', `0x000076c4')
+define(`MEYEIOC_STILLJCAPT', `0x800476c5')
+define(`MEYEIOC_SYNC', `0xc00476c3')
+define(`MFB_GET_ALPHA', `0x80014d00')
+define(`MFB_GET_AOID', `0x80084d04')
+define(`MFB_GET_GAMMA', `0x80014d01')
+define(`MFB_GET_PIXFMT', `0x80044d08')
+define(`MFB_SET_ALPHA', `0x40014d00')
+define(`MFB_SET_AOID', `0x40084d04')
+define(`MFB_SET_BRIGHTNESS', `0x40014d03')
+define(`MFB_SET_CHROMA_KEY', `0x400c4d01')
+define(`MFB_SET_GAMMA', `0x40014d01')
+define(`MFB_SET_PIXFMT', `0x40044d08')
+define(`MGSL_IOCCLRMODCOUNT', `0x00006d0f')
+define(`MGSL_IOCGGPIO', `0x80106d11')
+define(`MGSL_IOCGIF', `0x00006d0b')
+define(`MGSL_IOCGPARAMS', `0x80306d01')
+define(`MGSL_IOCGSTATS', `0x00006d07')
+define(`MGSL_IOCGTXIDLE', `0x00006d03')
+define(`MGSL_IOCGXCTRL', `0x00006d16')
+define(`MGSL_IOCGXSYNC', `0x00006d14')
+define(`MGSL_IOCLOOPTXDONE', `0x00006d09')
+define(`MGSL_IOCRXENABLE', `0x00006d05')
+define(`MGSL_IOCSGPIO', `0x40106d10')
+define(`MGSL_IOCSIF', `0x00006d0a')
+define(`MGSL_IOCSPARAMS', `0x40306d00')
+define(`MGSL_IOCSTXIDLE', `0x00006d02')
+define(`MGSL_IOCSXCTRL', `0x00006d15')
+define(`MGSL_IOCSXSYNC', `0x00006d13')
+define(`MGSL_IOCTXABORT', `0x00006d06')
+define(`MGSL_IOCTXENABLE', `0x00006d04')
+define(`MGSL_IOCWAITEVENT', `0xc0046d08')
+define(`MGSL_IOCWAITGPIO', `0xc0106d12')
+define(`MIC_VIRTIO_ADD_DEVICE', `0xc0087301')
+define(`MIC_VIRTIO_CONFIG_CHANGE', `0xc0087305')
+define(`MIC_VIRTIO_COPY_DESC', `0xc0087302')
+define(`MMC_IOC_CMD', `0xc048b300')
+define(`MMTIMER_GETBITS', `0x00006d04')
+define(`MMTIMER_GETCOUNTER', `0x80086d09')
+define(`MMTIMER_GETFREQ', `0x80086d02')
+define(`MMTIMER_GETOFFSET', `0x00006d00')
+define(`MMTIMER_GETRES', `0x80086d01')
+define(`MMTIMER_MMAPAVAIL', `0x00006d06')
+define(`MSMFB_BLIT', `0x40046d02')
+define(`MSMFB_GRP_DISP', `0x40046d01')
+define(`MTDFILEMODE', `0x00004d13')
+define(`MTIOCGET', `0x80306d02')
+define(`MTIOCPOS', `0x80086d03')
+define(`MTIOCTOP', `0x40086d01')
+define(`MTRRIOC_ADD_ENTRY', `0x40104d00')
+define(`MTRRIOC_ADD_PAGE_ENTRY', `0x40104d05')
+define(`MTRRIOC_DEL_ENTRY', `0x40104d02')
+define(`MTRRIOC_DEL_PAGE_ENTRY', `0x40104d07')
+define(`MTRRIOC_GET_ENTRY', `0xc0184d03')
+define(`MTRRIOC_GET_PAGE_ENTRY', `0xc0184d08')
+define(`MTRRIOC_KILL_ENTRY', `0x40104d04')
+define(`MTRRIOC_KILL_PAGE_ENTRY', `0x40104d09')
+define(`MTRRIOC_SET_ENTRY', `0x40104d01')
+define(`MTRRIOC_SET_PAGE_ENTRY', `0x40104d06')
+define(`NBD_CLEAR_QUE', `0x0000ab05')
+define(`NBD_CLEAR_SOCK', `0x0000ab04')
+define(`NBD_DISCONNECT', `0x0000ab08')
+define(`NBD_DO_IT', `0x0000ab03')
+define(`NBD_PRINT_DEBUG', `0x0000ab06')
+define(`NBD_SET_BLKSIZE', `0x0000ab01')
+define(`NBD_SET_FLAGS', `0x0000ab0a')
+define(`NBD_SET_SIZE', `0x0000ab02')
+define(`NBD_SET_SIZE_BLOCKS', `0x0000ab07')
+define(`NBD_SET_SOCK', `0x0000ab00')
+define(`NBD_SET_TIMEOUT', `0x0000ab09')
+define(`NCP_IOC_CONN_LOGGED_IN', `0x00006e03')
+define(`NCP_IOC_GETCHARSETS', `0xc02a6e0b')
+define(`NCP_IOC_GETDENTRYTTL', `0x40046e0c')
+define(`NCP_IOC_GET_FS_INFO', `0xc0286e04')
+define(`NCP_IOC_GET_FS_INFO_V2', `0xc0306e04')
+define(`NCP_IOC_GETMOUNTUID', `0x40026e02')
+define(`NCP_IOC_GETMOUNTUID2', `0x40086e02')
+define(`NCP_IOC_GETOBJECTNAME', `0xc0186e09')
+define(`NCP_IOC_GETPRIVATEDATA', `0xc0106e0a')
+define(`NCP_IOC_GETROOT', `0x400c6e08')
+define(`NCP_IOC_LOCKUNLOCK', `0x80146e07')
+define(`NCP_IOC_NCPREQUEST', `0x80106e01')
+define(`NCP_IOC_SETCHARSETS', `0x802a6e0b')
+define(`NCP_IOC_SETDENTRYTTL', `0x80046e0c')
+define(`NCP_IOC_SETOBJECTNAME', `0x80186e09')
+define(`NCP_IOC_SETPRIVATEDATA', `0x80106e0a')
+define(`NCP_IOC_SETROOT', `0x800c6e08')
+define(`NCP_IOC_SET_SIGN_WANTED', `0x40046e06')
+define(`NCP_IOC_SIGN_INIT', `0x80186e05')
+define(`NCP_IOC_SIGN_WANTED', `0x80046e06')
+define(`NET_ADD_IF', `0xc0066f34')
+define(`NET_GET_IF', `0xc0066f36')
+define(`NET_REMOVE_IF', `0x00006f35')
+define(`NILFS_IOCTL_CHANGE_CPMODE', `0x40106e80')
+define(`NILFS_IOCTL_CLEAN_SEGMENTS', `0x40786e88')
+define(`NILFS_IOCTL_DELETE_CHECKPOINT', `0x40086e81')
+define(`NILFS_IOCTL_GET_BDESCS', `0xc0186e87')
+define(`NILFS_IOCTL_GET_CPINFO', `0x80186e82')
+define(`NILFS_IOCTL_GET_CPSTAT', `0x80186e83')
+define(`NILFS_IOCTL_GET_SUINFO', `0x80186e84')
+define(`NILFS_IOCTL_GET_SUSTAT', `0x80306e85')
+define(`NILFS_IOCTL_GET_VINFO', `0xc0186e86')
+define(`NILFS_IOCTL_RESIZE', `0x40086e8b')
+define(`NILFS_IOCTL_SET_ALLOC_RANGE', `0x40106e8c')
+define(`NILFS_IOCTL_SET_SUINFO', `0x40186e8d')
+define(`NILFS_IOCTL_SYNC', `0x80086e8a')
+define(`NS_ADJBUFLEV', `0x00006163')
+define(`NS_GETPSTAT', `0xc0106161')
+define(`NS_SETBUFLEV', `0x40106162')
+define(`NVME_IOCTL_ADMIN_CMD', `0xc0484e41')
+define(`NVME_IOCTL_ID', `0x00004e40')
+define(`NVME_IOCTL_IO_CMD', `0xc0484e43')
+define(`NVME_IOCTL_SUBMIT_IO', `0x40304e42')
define(`NVRAM_INIT', `0x00007040')
define(`NVRAM_SETCKS', `0x00007041')
-define(`PPCLAIM', `0x0000708b')
-define(`PPRELEASE', `0x0000708c')
-define(`PPYIELD', `0x0000708d')
-define(`PPEXCL', `0x0000708f')
-define(`PHONE_CAPABILITIES', `0x00007180')
-define(`PHONE_RING', `0x00007183')
-define(`PHONE_HOOKSTATE', `0x00007184')
define(`OLD_PHONE_RING_START', `0x00007187')
-define(`PHONE_RING_STOP', `0x00007188')
-define(`PHONE_REC_START', `0x0000718a')
-define(`PHONE_REC_STOP', `0x0000718b')
-define(`PHONE_REC_LEVEL', `0x0000718f')
+define(`OMAPFB_CTRL_TEST', `0x40044f2e')
+define(`OMAPFB_GET_CAPS', `0x800c4f2a')
+define(`OMAPFB_GET_COLOR_KEY', `0x40104f33')
+define(`OMAPFB_GET_DISPLAY_INFO', `0x80204f3f')
+define(`OMAPFB_GET_OVERLAY_COLORMODE', `0x803c4f3b')
+define(`OMAPFB_GET_UPDATE_MODE', `0x40044f2b')
+define(`OMAPFB_GET_VRAM_INFO', `0x80204f3d')
+define(`OMAPFB_LCD_TEST', `0x40044f2d')
+define(`OMAPFB_MEMORY_READ', `0x80184f3a')
+define(`OMAPFB_MIRROR', `0x40044f1f')
+define(`OMAPFB_QUERY_MEM', `0x40084f38')
+define(`OMAPFB_QUERY_PLANE', `0x40444f35')
+define(`OMAPFB_SET_COLOR_KEY', `0x40104f32')
+define(`OMAPFB_SET_TEARSYNC', `0x40084f3e')
+define(`OMAPFB_SET_UPDATE_MODE', `0x40044f28')
+define(`OMAPFB_SETUP_MEM', `0x40084f37')
+define(`OMAPFB_SETUP_PLANE', `0x40444f34')
+define(`OMAPFB_SYNC_GFX', `0x00004f25')
+define(`OMAPFB_UPDATE_WINDOW', `0x40444f36')
+define(`OMAPFB_UPDATE_WINDOW_OLD', `0x40144f2f')
+define(`OMAPFB_VSYNC', `0x00004f26')
+define(`OMAPFB_WAITFORGO', `0x00004f3c')
+define(`OMAPFB_WAITFORVSYNC', `0x00004f39')
+define(`OSD_GET_CAPABILITY', `0x80106fa1')
+define(`OSD_SEND_CMD', `0x40206fa0')
+define(`OSIOCGNETADDR', `0x800489e1')
+define(`OSIOCSNETADDR', `0x400489e0')
+define(`OSS_GETVERSION', `0x80044d76')
+define(`OTPGETREGIONCOUNT', `0x40044d0e')
+define(`OTPGETREGIONINFO', `0x400c4d0f')
+define(`OTPLOCK', `0x800c4d10')
+define(`OTPSELECT', `0x80044d0d')
+define(`PACKET_CTRL_CMD', `0xc0185801')
+define(`PERF_EVENT_IOC_DISABLE', `0x00002401')
+define(`PERF_EVENT_IOC_ENABLE', `0x00002400')
+define(`PERF_EVENT_IOC_ID', `0x80082407')
+define(`PERF_EVENT_IOC_PERIOD', `0x40082404')
+define(`PERF_EVENT_IOC_REFRESH', `0x00002402')
+define(`PERF_EVENT_IOC_RESET', `0x00002403')
+define(`PERF_EVENT_IOC_SET_FILTER', `0x40082406')
+define(`PERF_EVENT_IOC_SET_OUTPUT', `0x00002405')
+define(`PHN_GET_REG', `0xc0087000')
+define(`PHN_GETREG', `0xc0087005')
+define(`PHN_GET_REGS', `0xc0087002')
+define(`PHN_GETREGS', `0xc0287007')
+define(`PHN_NOT_OH', `0x00007004')
+define(`PHN_SET_REG', `0x40087001')
+define(`PHN_SETREG', `0x40087006')
+define(`PHN_SET_REGS', `0x40087003')
+define(`PHN_SETREGS', `0x40287008')
+define(`PHONE_BUSY', `0x000071a1')
+define(`PHONE_CAPABILITIES', `0x00007180')
+define(`PHONE_CAPABILITIES_CHECK', `0x40087182')
+define(`PHONE_CAPABILITIES_LIST', `0x80087181')
+define(`PHONE_CPT_STOP', `0x000071a4')
+define(`PHONE_DIALTONE', `0x000071a3')
+define(`PHONE_DTMF_OOB', `0x40047199')
+define(`PHONE_DTMF_READY', `0x80047196')
+define(`PHONE_EXCEPTION', `0x8004719a')
+define(`PHONE_FRAME', `0x4004718d')
+define(`PHONE_GET_DTMF', `0x80047197')
+define(`PHONE_GET_DTMF_ASCII', `0x80047198')
+define(`PHONE_GET_TONE_OFF_TIME', `0x0000719f')
+define(`PHONE_GET_TONE_ON_TIME', `0x0000719e')
+define(`PHONE_GET_TONE_STATE', `0x000071a0')
+define(`PHONE_HOOKSTATE', `0x00007184')
+define(`PHONE_MAXRINGS', `0x40017185')
+define(`PHONE_PLAY_CODEC', `0x40047190')
+define(`PHONE_PLAY_DEPTH', `0x40047193')
+define(`PHONE_PLAY_LEVEL', `0x00007195')
define(`PHONE_PLAY_START', `0x00007191')
define(`PHONE_PLAY_STOP', `0x00007192')
-define(`PHONE_PLAY_LEVEL', `0x00007195')
-define(`PHONE_GET_TONE_ON_TIME', `0x0000719e')
-define(`PHONE_GET_TONE_OFF_TIME', `0x0000719f')
-define(`PHONE_GET_TONE_STATE', `0x000071a0')
-define(`PHONE_BUSY', `0x000071a1')
-define(`PHONE_RINGBACK', `0x000071a2')
-define(`PHONE_DIALTONE', `0x000071a3')
-define(`PHONE_CPT_STOP', `0x000071a4')
+define(`PHONE_PLAY_TONE', `0x4001719b')
+define(`PHONE_PLAY_VOLUME', `0x40047194')
+define(`PHONE_PLAY_VOLUME_LINEAR', `0x400471dc')
define(`PHONE_PSTN_GET_STATE', `0x000071a5')
define(`PHONE_PSTN_LINETEST', `0x000071a8')
-define(`IXJCTL_DSP_RESET', `0x000071c0')
-define(`IXJCTL_DSP_IDLE', `0x000071c5')
-define(`IXJCTL_TESTRAM', `0x000071c6')
-define(`IXJCTL_AEC_STOP', `0x000071cc')
-define(`IXJCTL_AEC_GET_LEVEL', `0x000071cd')
-define(`IXJCTL_PSTN_LINETEST', `0x000071d3')
-define(`IXJCTL_PLAY_CID', `0x000071d7')
-define(`IXJCTL_DRYBUFFER_CLEAR', `0x000071e7')
-define(`BR_OK', `0x00007201')
-define(`BR_DEAD_REPLY', `0x00007205')
-define(`BR_TRANSACTION_COMPLETE', `0x00007206')
-define(`BR_NOOP', `0x0000720c')
-define(`BR_SPAWN_LOOPER', `0x0000720d')
-define(`BR_FINISHED', `0x0000720e')
-define(`BR_FAILED_REPLY', `0x00007211')
-define(`MEYEIOC_STILLCAPT', `0x000076c4')
-define(`ASHMEM_GET_SIZE', `0x00007704')
-define(`ASHMEM_GET_PROT_MASK', `0x00007706')
-define(`ASHMEM_GET_PIN_STATUS', `0x00007709')
-define(`ASHMEM_PURGE_ALL_CACHES', `0x0000770a')
-define(`FIOSETOWN', `0x00008901')
-define(`SIOCSPGRP', `0x00008902')
-define(`FIOGETOWN', `0x00008903')
-define(`SIOCGPGRP', `0x00008904')
-define(`SIOCATMARK', `0x00008905')
-define(`SIOCGSTAMP', `0x00008906')
-define(`SIOCGSTAMPNS', `0x00008907')
-define(`SIOCADDRT', `0x0000890b')
-define(`SIOCDELRT', `0x0000890c')
-define(`SIOCRTMSG', `0x0000890d')
-define(`SIOCGIFNAME', `0x00008910')
-define(`SIOCSIFLINK', `0x00008911')
-define(`SIOCGIFCONF', `0x00008912')
-define(`SIOCGIFFLAGS', `0x00008913')
-define(`SIOCSIFFLAGS', `0x00008914')
-define(`SIOCGIFADDR', `0x00008915')
-define(`SIOCSIFADDR', `0x00008916')
-define(`SIOCGIFDSTADDR', `0x00008917')
-define(`SIOCSIFDSTADDR', `0x00008918')
-define(`SIOCGIFBRDADDR', `0x00008919')
-define(`SIOCSIFBRDADDR', `0x0000891a')
-define(`SIOCGIFNETMASK', `0x0000891b')
-define(`SIOCSIFNETMASK', `0x0000891c')
-define(`SIOCGIFMETRIC', `0x0000891d')
-define(`SIOCSIFMETRIC', `0x0000891e')
-define(`SIOCGIFMEM', `0x0000891f')
-define(`SIOCSIFMEM', `0x00008920')
-define(`SIOCGIFMTU', `0x00008921')
-define(`SIOCSIFMTU', `0x00008922')
-define(`SIOCSIFNAME', `0x00008923')
-define(`SIOCSIFHWADDR', `0x00008924')
-define(`SIOCGIFENCAP', `0x00008925')
-define(`SIOCSIFENCAP', `0x00008926')
-define(`SIOCGIFHWADDR', `0x00008927')
-define(`SIOCGIFSLAVE', `0x00008929')
-define(`SIOCSIFSLAVE', `0x00008930')
-define(`SIOCADDMULTI', `0x00008931')
-define(`SIOCDELMULTI', `0x00008932')
-define(`SIOCGIFINDEX', `0x00008933')
-define(`SIOCSIFPFLAGS', `0x00008934')
-define(`SIOCGIFPFLAGS', `0x00008935')
-define(`SIOCDIFADDR', `0x00008936')
-define(`SIOCSIFHWBROADCAST', `0x00008937')
-define(`SIOCGIFCOUNT', `0x00008938')
-define(`SIOCKILLADDR', `0x00008939')
-define(`SIOCGIFBR', `0x00008940')
-define(`SIOCSIFBR', `0x00008941')
-define(`SIOCGIFTXQLEN', `0x00008942')
-define(`SIOCSIFTXQLEN', `0x00008943')
-define(`SIOCETHTOOL', `0x00008946')
-define(`SIOCGMIIPHY', `0x00008947')
-define(`SIOCGMIIREG', `0x00008948')
-define(`SIOCSMIIREG', `0x00008949')
-define(`SIOCWANDEV', `0x0000894a')
-define(`SIOCOUTQNSD', `0x0000894b')
-define(`SIOCDARP', `0x00008953')
-define(`SIOCGARP', `0x00008954')
-define(`SIOCSARP', `0x00008955')
-define(`SIOCDRARP', `0x00008960')
-define(`SIOCGRARP', `0x00008961')
-define(`SIOCSRARP', `0x00008962')
-define(`SIOCGIFMAP', `0x00008970')
-define(`SIOCSIFMAP', `0x00008971')
+define(`PHONE_PSTN_SET_STATE', `0x400471a4')
+define(`PHONE_QUERY_CODEC', `0xc00871a7')
+define(`PHONE_REC_CODEC', `0x40047189')
+define(`PHONE_REC_DEPTH', `0x4004718c')
+define(`PHONE_REC_LEVEL', `0x0000718f')
+define(`PHONE_REC_START', `0x0000718a')
+define(`PHONE_REC_STOP', `0x0000718b')
+define(`PHONE_REC_VOLUME', `0x4004718e')
+define(`PHONE_REC_VOLUME_LINEAR', `0x400471db')
+define(`PHONE_RING', `0x00007183')
+define(`PHONE_RINGBACK', `0x000071a2')
+define(`PHONE_RING_CADENCE', `0x40027186')
+define(`PHONE_RING_START', `0x40087187')
+define(`PHONE_RING_STOP', `0x00007188')
+define(`PHONE_SET_TONE_OFF_TIME', `0x4004719d')
+define(`PHONE_SET_TONE_ON_TIME', `0x4004719c')
+define(`PHONE_VAD', `0x400471a9')
+define(`PHONE_WINK', `0x400471aa')
+define(`PHONE_WINK_DURATION', `0x400471a6')
+define(`PIO_CMAP', `0x00004b71')
+define(`PIO_FONT', `0x00004b61')
+define(`PIO_FONTRESET', `0x00004b6d')
+define(`PIO_FONTX', `0x00004b6c')
+define(`PIO_SCRNMAP', `0x00004b41')
+define(`PIO_UNIMAP', `0x00004b67')
+define(`PIO_UNIMAPCLR', `0x00004b68')
+define(`PIO_UNISCRNMAP', `0x00004b6a')
+define(`PMU_IOC_CAN_SLEEP', `0x80084205')
+define(`PMU_IOC_GET_BACKLIGHT', `0x80084201')
+define(`PMU_IOC_GET_MODEL', `0x80084203')
+define(`PMU_IOC_GRAB_BACKLIGHT', `0x80084206')
+define(`PMU_IOC_HAS_ADB', `0x80084204')
+define(`PMU_IOC_SET_BACKLIGHT', `0x40084202')
+define(`PMU_IOC_SLEEP', `0x00004200')
+define(`PPCLAIM', `0x0000708b')
+define(`PPCLRIRQ', `0x80047093')
+define(`PPDATADIR', `0x40047090')
+define(`PPEXCL', `0x0000708f')
+define(`PPFCONTROL', `0x4002708e')
+define(`PPGETFLAGS', `0x8004709a')
+define(`PPGETMODE', `0x80047098')
+define(`PPGETMODES', `0x80047097')
+define(`PPGETPHASE', `0x80047099')
+define(`PPGETTIME', `0x80107095')
+define(`PPNEGOT', `0x40047091')
+define(`PPPIOCATTACH', `0x743d')
+define(`PPPIOCATTCHAN', `0x7438')
+define(`PPPIOCBUNDLE', `0x7481')
+define(`PPPIOCCONNECT', `0x743a')
+define(`PPPIOCDETACH', `0x743c')
+define(`PPPIOCDISCONN', `0x7439')
+define(`PPPIOCGASYNCMAP', `0x7458')
+define(`PPPIOCGCALLINFO', `0x7480')
+define(`PPPIOCGCHAN', `0x7437')
+define(`PPPIOCGCOMPRESSORS', `0x7486')
+define(`PPPIOCGDEBUG', `0x7441')
+define(`PPPIOCGFLAGS', `0x745a')
+define(`PPPIOCGIDLE', `0x743f')
+define(`PPPIOCGIFNAME', `0x7488')
+define(`PPPIOCGL2TPSTATS', `0x7436')
+define(`PPPIOCGMPFLAGS', `0x7482')
+define(`PPPIOCGMRU', `0x7453')
+define(`PPPIOCGNPMODE', `0x744c')
+define(`PPPIOCGRASYNCMAP', `0x7455')
+define(`PPPIOCGUNIT', `0x7456')
+define(`PPPIOCGXASYNCMAP', `0x7450')
+define(`PPPIOCNEWUNIT', `0x743e')
+define(`PPPIOCSACTIVE', `0x7446')
+define(`PPPIOCSASYNCMAP', `0x7457')
+define(`PPPIOCSCOMPRESS', `0x744d')
+define(`PPPIOCSCOMPRESSOR', `0x7487')
+define(`PPPIOCSDEBUG', `0x7440')
+define(`PPPIOCSFLAGS', `0x7459')
+define(`PPPIOCSMAXCID', `0x7451')
+define(`PPPIOCSMPFLAGS', `0x7483')
+define(`PPPIOCSMPMRU', `0x7485')
+define(`PPPIOCSMPMTU', `0x7484')
+define(`PPPIOCSMRRU', `0x743b')
+define(`PPPIOCSMRU', `0x7452')
+define(`PPPIOCSNPMODE', `0x744b')
+define(`PPPIOCSPASS', `0x7447')
+define(`PPPIOCSRASYNCMAP', `0x7454')
+define(`PPPIOCSXASYNCMAP', `0x744f')
+define(`PPPIOCXFERUNIT', `0x744e')
+define(`PPPOEIOCDFWD', `0x0000b101')
+define(`PPPOEIOCSFWD', `0x4008b100')
+define(`PPRCONTROL', `0x80017083')
+define(`PPRDATA', `0x80017085')
+define(`PPRELEASE', `0x0000708c')
+define(`PPRSTATUS', `0x80017081')
+define(`PPSETFLAGS', `0x4004709b')
+define(`PPSETMODE', `0x40047080')
+define(`PPSETPHASE', `0x40047094')
+define(`PPSETTIME', `0x40107096')
+define(`PPS_FETCH', `0xc00870a4')
+define(`PPS_GETCAP', `0x800870a3')
+define(`PPS_GETPARAMS', `0x800870a1')
+define(`PPS_KC_BIND', `0x400870a5')
+define(`PPS_SETPARAMS', `0x400870a2')
+define(`PPWCONTROL', `0x40017084')
+define(`PPWCTLONIRQ', `0x40017092')
+define(`PPWDATA', `0x40017086')
+define(`PPYIELD', `0x0000708d')
+define(`PROTECT_ARRAY', `0x00000927')
+define(`PTP_CLOCK_GETCAPS', `0x80503d01')
+define(`PTP_ENABLE_PPS', `0x40043d04')
+define(`PTP_EXTTS_REQUEST', `0x40103d02')
+define(`PTP_PEROUT_REQUEST', `0x40383d03')
+define(`PTP_PIN_GETFUNC', `0xc0603d06')
+define(`PTP_PIN_SETFUNC', `0x40603d07')
+define(`PTP_SYS_OFFSET', `0x43403d05')
+define(`RAID_AUTORUN', `0x00000914')
+define(`RAID_VERSION', `0x800c0910')
+define(`RAW_GETBIND', `0x0000ac01')
+define(`RAW_SETBIND', `0x0000ac00')
+define(`REISERFS_IOC_UNPACK', `0x4008cd01')
+define(`RESTART_ARRAY_RW', `0x00000934')
+define(`RFCOMMCREATEDEV', `0x400452c8')
+define(`RFCOMMGETDEVINFO', `0x800452d3')
+define(`RFCOMMGETDEVLIST', `0x800452d2')
+define(`RFCOMMRELEASEDEV', `0x400452c9')
+define(`RFCOMMSTEALDLC', `0x400452dc')
+define(`RFKILL_IOCTL_NOINPUT', `0x00005201')
+define(`RNDADDENTROPY', `0x40085203')
+define(`RNDADDTOENTCNT', `0x40045201')
+define(`RNDCLEARPOOL', `0x00005206')
+define(`RNDGETENTCNT', `0x80045200')
+define(`RNDGETPOOL', `0x80085202')
+define(`RNDZAPENTCNT', `0x00005204')
+define(`ROCCATIOCGREPSIZE', `0x800448f1')
+define(`RTC_AIE_OFF', `0x00007002')
+define(`RTC_AIE_ON', `0x00007001')
+define(`RTC_ALM_READ', `0x80247008')
+define(`RTC_ALM_SET', `0x40247007')
+define(`RTC_EPOCH_READ', `0x8008700d')
+define(`RTC_EPOCH_SET', `0x4008700e')
+define(`RTC_IRQP_READ', `0x8008700b')
+define(`RTC_IRQP_SET', `0x4008700c')
+define(`RTC_PIE_OFF', `0x00007006')
+define(`RTC_PIE_ON', `0x00007005')
+define(`RTC_PLL_GET', `0x80207011')
+define(`RTC_PLL_SET', `0x40207012')
+define(`RTC_RD_TIME', `0x80247009')
+define(`RTC_SET_TIME', `0x4024700a')
+define(`RTC_UIE_OFF', `0x00007004')
+define(`RTC_UIE_ON', `0x00007003')
+define(`RTC_VL_CLR', `0x00007014')
+define(`RTC_VL_READ', `0x80047013')
+define(`RTC_WIE_OFF', `0x00007010')
+define(`RTC_WIE_ON', `0x0000700f')
+define(`RTC_WKALM_RD', `0x80287010')
+define(`RTC_WKALM_SET', `0x4028700f')
+define(`RUN_ARRAY', `0x400c0930')
+define(`S5P_FIMC_TX_END_NOTIFY', `0x00006500')
+define(`SAA6588_CMD_CLOSE', `0x40045202')
+define(`SAA6588_CMD_POLL', `0x80045204')
+define(`SAA6588_CMD_READ', `0x80045203')
+define(`SCSI_IOCTL_DOORLOCK', `0x00005380')
+define(`SCSI_IOCTL_DOORUNLOCK', `0x00005381')
+define(`SCSI_IOCTL_GET_BUS_NUMBER', `0x00005386')
+define(`SCSI_IOCTL_GET_IDLUN', `0x00005382')
+define(`SCSI_IOCTL_GET_PCI', `0x00005387')
+define(`SCSI_IOCTL_PROBE_HOST', `0x00005385')
+define(`SET_ARRAY_INFO', `0x40480923')
+define(`SET_BITMAP_FILE', `0x4004092b')
+define(`SET_DISK_FAULTY', `0x00000929')
+define(`SET_DISK_INFO', `0x00000924')
+define(`SG_EMULATED_HOST', `0x00002203')
+define(`SG_GET_ACCESS_COUNT', `0x00002289')
+define(`SG_GET_COMMAND_Q', `0x00002270')
+define(`SG_GET_KEEP_ORPHAN', `0x00002288')
+define(`SG_GET_LOW_DMA', `0x0000227a')
+define(`SG_GET_NUM_WAITING', `0x0000227d')
+define(`SG_GET_PACK_ID', `0x0000227c')
+define(`SG_GET_REQUEST_TABLE', `0x00002286')
+define(`SG_GET_RESERVED_SIZE', `0x00002272')
+define(`SG_GET_SCSI_ID', `0x00002276')
+define(`SG_GET_SG_TABLESIZE', `0x0000227f')
+define(`SG_GET_TIMEOUT', `0x00002202')
+define(`SG_GET_TRANSFORM', `0x00002205')
+define(`SG_GET_VERSION_NUM', `0x00002282')
+define(`SG_IO', `0x00002285')
+define(`SG_NEXT_CMD_LEN', `0x00002283')
+define(`SG_SCSI_RESET', `0x00002284')
+define(`SG_SET_COMMAND_Q', `0x00002271')
+define(`SG_SET_DEBUG', `0x0000227e')
+define(`SG_SET_FORCE_LOW_DMA', `0x00002279')
+define(`SG_SET_FORCE_PACK_ID', `0x0000227b')
+define(`SG_SET_KEEP_ORPHAN', `0x00002287')
+define(`SG_SET_RESERVED_SIZE', `0x00002275')
+define(`SG_SET_TIMEOUT', `0x00002201')
+define(`SG_SET_TRANSFORM', `0x00002204')
+define(`SI4713_IOC_MEASURE_RNL', `0xc01c56c0')
define(`SIOCADDDLCI', `0x00008980')
-define(`SIOCDELDLCI', `0x00008981')
-define(`SIOCGIFVLAN', `0x00008982')
-define(`SIOCSIFVLAN', `0x00008983')
+define(`SIOCADDMULTI', `0x00008931')
+define(`SIOCADDRT', `0x0000890b')
+define(`SIOCATMARK', `0x00008905')
+define(`SIOCBONDCHANGEACTIVE', `0x00008995')
define(`SIOCBONDENSLAVE', `0x00008990')
+define(`SIOCBONDINFOQUERY', `0x00008994')
define(`SIOCBONDRELEASE', `0x00008991')
define(`SIOCBONDSETHWADDR', `0x00008992')
define(`SIOCBONDSLAVEINFOQUERY', `0x00008993')
-define(`SIOCBONDINFOQUERY', `0x00008994')
-define(`SIOCBONDCHANGEACTIVE', `0x00008995')
define(`SIOCBRADDBR', `0x000089a0')
-define(`SIOCBRDELBR', `0x000089a1')
define(`SIOCBRADDIF', `0x000089a2')
+define(`SIOCBRDELBR', `0x000089a1')
define(`SIOCBRDELIF', `0x000089a3')
-define(`SIOCSHWTSTAMP', `0x000089b0')
-define(`SIOCGHWTSTAMP', `0x000089b1')
-define(`SIOCPROTOPRIVATE', `0x000089e0')
-define(`SIOCPROTOPRIVATE_1', `0x000089e1')
-define(`SIOCPROTOPRIVATE_2', `0x000089e2')
-define(`SIOCPROTOPRIVATE_3', `0x000089e3')
-define(`SIOCPROTOPRIVATE_4', `0x000089e4')
-define(`SIOCPROTOPRIVATE_5', `0x000089e5')
-define(`SIOCPROTOPRIVATE_6', `0x000089e6')
-define(`SIOCPROTOPRIVATE_7', `0x000089e7')
-define(`SIOCPROTOPRIVATE_8', `0x000089e8')
-define(`SIOCPROTOPRIVATE_9', `0x000089e9')
-define(`SIOCPROTOPRIVATE_A', `0x000089ea')
-define(`SIOCPROTOPRIVATE_B', `0x000089eb')
-define(`SIOCPROTOPRIVATE_C', `0x000089ec')
-define(`SIOCPROTOPRIVATE_D', `0x000089ed')
-define(`SIOCPROTOPRIVATE_E', `0x000089ee')
-define(`SIOCPROTOPRIVLAST', `0x000089ef')
+define(`SIOCDARP', `0x00008953')
+define(`SIOCDELDLCI', `0x00008981')
+define(`SIOCDELMULTI', `0x00008932')
+define(`SIOCDELRT', `0x0000890c')
define(`SIOCDEVPRIVATE', `0x000089f0')
define(`SIOCDEVPRIVATE_1', `0x000089f1')
define(`SIOCDEVPRIVATE_2', `0x000089f2')
@@ -797,59 +1825,64 @@
define(`SIOCDEVPRIVATE_D', `0x000089fd')
define(`SIOCDEVPRIVATE_E', `0x000089fe')
define(`SIOCDEVPRIVLAST', `0x000089ff')
-define(`SIOCIWFIRST', `0x00008b00')
-define(`SIOCSIWCOMMIT', `0x00008b00')
-define(`SIOCGIWNAME', `0x00008b01')
-define(`SIOCSIWNWID', `0x00008b02')
-define(`SIOCGIWNWID', `0x00008b03')
-define(`SIOCSIWFREQ', `0x00008b04')
-define(`SIOCGIWFREQ', `0x00008b05')
-define(`SIOCSIWMODE', `0x00008b06')
-define(`SIOCGIWMODE', `0x00008b07')
-define(`SIOCSIWSENS', `0x00008b08')
-define(`SIOCGIWSENS', `0x00008b09')
-define(`SIOCSIWRANGE', `0x00008b0a')
-define(`SIOCGIWRANGE', `0x00008b0b')
-define(`SIOCSIWPRIV', `0x00008b0c')
-define(`SIOCGIWPRIV', `0x00008b0d')
-define(`SIOCSIWSTATS', `0x00008b0e')
-define(`SIOCGIWSTATS', `0x00008b0f')
-define(`SIOCSIWSPY', `0x00008b10')
-define(`SIOCGIWSPY', `0x00008b11')
-define(`SIOCSIWTHRSPY', `0x00008b12')
-define(`SIOCGIWTHRSPY', `0x00008b13')
-define(`SIOCSIWAP', `0x00008b14')
+define(`SIOCDIFADDR', `0x00008936')
+define(`SIOCDRARP', `0x00008960')
+define(`SIOCETHTOOL', `0x00008946')
+define(`SIOCGARP', `0x00008954')
+define(`SIOCGHWTSTAMP', `0x000089b1')
+define(`SIOCGIFADDR', `0x00008915')
+define(`SIOCGIFBR', `0x00008940')
+define(`SIOCGIFBRDADDR', `0x00008919')
+define(`SIOCGIFCONF', `0x00008912')
+define(`SIOCGIFCOUNT', `0x00008938')
+define(`SIOCGIFDSTADDR', `0x00008917')
+define(`SIOCGIFENCAP', `0x00008925')
+define(`SIOCGIFFLAGS', `0x00008913')
+define(`SIOCGIFHWADDR', `0x00008927')
+define(`SIOCGIFINDEX', `0x00008933')
+define(`SIOCGIFMAP', `0x00008970')
+define(`SIOCGIFMEM', `0x0000891f')
+define(`SIOCGIFMETRIC', `0x0000891d')
+define(`SIOCGIFMTU', `0x00008921')
+define(`SIOCGIFNAME', `0x00008910')
+define(`SIOCGIFNETMASK', `0x0000891b')
+define(`SIOCGIFPFLAGS', `0x00008935')
+define(`SIOCGIFSLAVE', `0x00008929')
+define(`SIOCGIFTXQLEN', `0x00008942')
+define(`SIOCGIFVLAN', `0x00008982')
define(`SIOCGIWAP', `0x00008b15')
-define(`SIOCSIWMLME', `0x00008b16')
define(`SIOCGIWAPLIST', `0x00008b17')
-define(`SIOCSIWSCAN', `0x00008b18')
-define(`SIOCGIWSCAN', `0x00008b19')
-define(`SIOCSIWESSID', `0x00008b1a')
-define(`SIOCGIWESSID', `0x00008b1b')
-define(`SIOCSIWNICKN', `0x00008b1c')
-define(`SIOCGIWNICKN', `0x00008b1d')
-define(`SIOCSIWRATE', `0x00008b20')
-define(`SIOCGIWRATE', `0x00008b21')
-define(`SIOCSIWRTS', `0x00008b22')
-define(`SIOCGIWRTS', `0x00008b23')
-define(`SIOCSIWFRAG', `0x00008b24')
-define(`SIOCGIWFRAG', `0x00008b25')
-define(`SIOCSIWTXPOW', `0x00008b26')
-define(`SIOCGIWTXPOW', `0x00008b27')
-define(`SIOCSIWRETRY', `0x00008b28')
-define(`SIOCGIWRETRY', `0x00008b29')
-define(`SIOCSIWENCODE', `0x00008b2a')
-define(`SIOCGIWENCODE', `0x00008b2b')
-define(`SIOCSIWPOWER', `0x00008b2c')
-define(`SIOCGIWPOWER', `0x00008b2d')
-define(`SIOCSIWGENIE', `0x00008b30')
-define(`SIOCGIWGENIE', `0x00008b31')
-define(`SIOCSIWAUTH', `0x00008b32')
define(`SIOCGIWAUTH', `0x00008b33')
-define(`SIOCSIWENCODEEXT', `0x00008b34')
+define(`SIOCGIWENCODE', `0x00008b2b')
define(`SIOCGIWENCODEEXT', `0x00008b35')
-define(`SIOCSIWPMKSA', `0x00008b36')
-define(`SIOCIWFIRSTPRIV', `0x00008be0')
+define(`SIOCGIWESSID', `0x00008b1b')
+define(`SIOCGIWFRAG', `0x00008b25')
+define(`SIOCGIWFREQ', `0x00008b05')
+define(`SIOCGIWGENIE', `0x00008b31')
+define(`SIOCGIWMODE', `0x00008b07')
+define(`SIOCGIWNAME', `0x00008b01')
+define(`SIOCGIWNICKN', `0x00008b1d')
+define(`SIOCGIWNWID', `0x00008b03')
+define(`SIOCGIWPOWER', `0x00008b2d')
+define(`SIOCGIWPRIV', `0x00008b0d')
+define(`SIOCGIWRANGE', `0x00008b0b')
+define(`SIOCGIWRATE', `0x00008b21')
+define(`SIOCGIWRETRY', `0x00008b29')
+define(`SIOCGIWRTS', `0x00008b23')
+define(`SIOCGIWSCAN', `0x00008b19')
+define(`SIOCGIWSENS', `0x00008b09')
+define(`SIOCGIWSPY', `0x00008b11')
+define(`SIOCGIWSTATS', `0x00008b0f')
+define(`SIOCGIWTHRSPY', `0x00008b13')
+define(`SIOCGIWTXPOW', `0x00008b27')
+define(`SIOCGMIIPHY', `0x00008947')
+define(`SIOCGMIIREG', `0x00008948')
+define(`SIOCGNETADDR', `0x800489e1')
+define(`SIOCGPGRP', `0x00008904')
+define(`SIOCGRARP', `0x00008961')
+define(`SIOCGSTAMP', `0x00008906')
+define(`SIOCGSTAMPNS', `0x00008907')
+define(`SIOCIWFIRST', `0x00008b00')
define(`SIOCIWFIRSTPRIV_01', `0x00008be1')
define(`SIOCIWFIRSTPRIV_02', `0x00008be2')
define(`SIOCIWFIRSTPRIV_03', `0x00008be3')
@@ -865,6 +1898,7 @@
define(`SIOCIWFIRSTPRIV_0D', `0x00008bed')
define(`SIOCIWFIRSTPRIV_0E', `0x00008bee')
define(`SIOCIWFIRSTPRIV_0F', `0x00008bef')
+define(`SIOCIWFIRSTPRIV', `0x00008be0')
define(`SIOCIWFIRSTPRIV_10', `0x00008bf0')
define(`SIOCIWFIRSTPRIV_11', `0x00008bf1')
define(`SIOCIWFIRSTPRIV_12', `0x00008bf2')
@@ -881,1814 +1915,800 @@
define(`SIOCIWFIRSTPRIV_1D', `0x00008bfd')
define(`SIOCIWFIRSTPRIV_1E', `0x00008bfe')
define(`SIOCIWLASTPRIV', `0x00008bff')
-define(`AUTOFS_IOC_READY', `0x00009360')
-define(`AUTOFS_IOC_FAIL', `0x00009361')
-define(`AUTOFS_IOC_CATATONIC', `0x00009362')
-define(`BTRFS_IOC_TRANS_START', `0x00009406')
-define(`BTRFS_IOC_TRANS_END', `0x00009407')
-define(`BTRFS_IOC_SYNC', `0x00009408')
-define(`BTRFS_IOC_SCRUB_CANCEL', `0x0000941c')
-define(`BTRFS_IOC_QUOTA_RESCAN_WAIT', `0x0000942e')
-define(`NBD_SET_SOCK', `0x0000ab00')
-define(`NBD_SET_BLKSIZE', `0x0000ab01')
-define(`NBD_SET_SIZE', `0x0000ab02')
-define(`NBD_DO_IT', `0x0000ab03')
-define(`NBD_CLEAR_SOCK', `0x0000ab04')
-define(`NBD_CLEAR_QUE', `0x0000ab05')
-define(`NBD_PRINT_DEBUG', `0x0000ab06')
-define(`NBD_SET_SIZE_BLOCKS', `0x0000ab07')
-define(`NBD_DISCONNECT', `0x0000ab08')
-define(`NBD_SET_TIMEOUT', `0x0000ab09')
-define(`NBD_SET_FLAGS', `0x0000ab0a')
-define(`RAW_SETBIND', `0x0000ac00')
-define(`RAW_GETBIND', `0x0000ac01')
-define(`KVM_GET_API_VERSION', `0x0000ae00')
-define(`KVM_CREATE_VM', `0x0000ae01')
-define(`LOGGER_GET_LOG_BUF_SIZE', `0x0000ae01')
-define(`LOGGER_GET_LOG_LEN', `0x0000ae02')
-define(`KVM_CHECK_EXTENSION', `0x0000ae03')
-define(`LOGGER_GET_NEXT_ENTRY_LEN', `0x0000ae03')
-define(`KVM_GET_VCPU_MMAP_SIZE', `0x0000ae04')
-define(`LOGGER_FLUSH_LOG', `0x0000ae04')
-define(`LOGGER_GET_VERSION', `0x0000ae05')
-define(`KVM_S390_ENABLE_SIE', `0x0000ae06')
-define(`LOGGER_SET_VERSION', `0x0000ae06')
-define(`KVM_CREATE_VCPU', `0x0000ae41')
-define(`KVM_SET_NR_MMU_PAGES', `0x0000ae44')
-define(`KVM_GET_NR_MMU_PAGES', `0x0000ae45')
-define(`KVM_SET_TSS_ADDR', `0x0000ae47')
-define(`KVM_CREATE_IRQCHIP', `0x0000ae60')
-define(`KVM_CREATE_PIT', `0x0000ae64')
-define(`KVM_REINJECT_CONTROL', `0x0000ae71')
-define(`KVM_SET_BOOT_CPU_ID', `0x0000ae78')
-define(`KVM_RUN', `0x0000ae80')
-define(`KVM_S390_INITIAL_RESET', `0x0000ae97')
-define(`KVM_NMI', `0x0000ae9a')
-define(`KVM_SET_TSC_KHZ', `0x0000aea2')
-define(`KVM_GET_TSC_KHZ', `0x0000aea3')
-define(`KVM_KVMCLOCK_CTRL', `0x0000aead')
-define(`VHOST_SET_OWNER', `0x0000af01')
-define(`VHOST_RESET_OWNER', `0x0000af02')
-define(`PPPOEIOCDFWD', `0x0000b101')
-define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')
-define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
-define(`IOCTL_EVTCHN_UNBIND', `0x00044503')
-define(`IOCTL_EVTCHN_NOTIFY', `0x00044504')
-define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
-define(`SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER', `0x40005344')
-define(`MFB_SET_ALPHA', `0x40014d00')
-define(`MFB_SET_GAMMA', `0x40014d01')
-define(`MFB_SET_BRIGHTNESS', `0x40014d03')
-define(`SPI_IOC_WR_MODE', `0x40016b01')
-define(`SPI_IOC_WR_LSB_FIRST', `0x40016b02')
-define(`SPI_IOC_WR_BITS_PER_WORD', `0x40016b03')
-define(`PPWCONTROL', `0x40017084')
-define(`PPWDATA', `0x40017086')
-define(`PPWCTLONIRQ', `0x40017092')
-define(`PHONE_MAXRINGS', `0x40017185')
-define(`PHONE_PLAY_TONE', `0x4001719b')
-define(`SONYPI_IOCSBRT', `0x40017600')
-define(`SONYPI_IOCSBLUE', `0x40017609')
-define(`SONYPI_IOCSFAN', `0x4001760b')
-define(`ATM_SETBACKEND', `0x400261f2')
-define(`ATM_NEWBACKENDIF', `0x400261f3')
-define(`NCP_IOC_GETMOUNTUID', `0x40026e02')
-define(`AUDIO_SET_ATTRIBUTES', `0x40026f11')
-define(`DMX_ADD_PID', `0x40026f33')
-define(`DMX_REMOVE_PID', `0x40026f34')
-define(`PPFCONTROL', `0x4002708e')
-define(`PHONE_RING_CADENCE', `0x40027186')
-define(`SET_BITMAP_FILE', `0x4004092b')
-define(`IB_USER_MAD_UNREGISTER_AGENT', `0x40041b02')
-define(`FW_CDEV_IOC_DEALLOCATE', `0x40042303')
-define(`FW_CDEV_IOC_INITIATE_BUS_RESET', `0x40042305')
-define(`FW_CDEV_IOC_REMOVE_DESCRIPTOR', `0x40042307')
-define(`FW_CDEV_IOC_STOP_ISO', `0x4004230b')
-define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE', `0x4004230e')
-define(`FW_CDEV_IOC_FLUSH_ISO', `0x40042318')
-define(`BLKI2OSRSTRAT', `0x40043203')
-define(`BLKI2OSWSTRAT', `0x40043204')
+define(`SIOCKILLADDR', `0x00008939')
+define(`SIOCMKCLIP', `0x000061e0')
+define(`SIOCOUTQNSD', `0x0000894b')
+define(`SIOCPROTOPRIVATE', `0x000089e0')
+define(`SIOCPROTOPRIVATE_1', `0x000089e1')
+define(`SIOCPROTOPRIVATE_2', `0x000089e2')
+define(`SIOCPROTOPRIVATE_3', `0x000089e3')
+define(`SIOCPROTOPRIVATE_4', `0x000089e4')
+define(`SIOCPROTOPRIVATE_5', `0x000089e5')
+define(`SIOCPROTOPRIVATE_6', `0x000089e6')
+define(`SIOCPROTOPRIVATE_7', `0x000089e7')
+define(`SIOCPROTOPRIVATE_8', `0x000089e8')
+define(`SIOCPROTOPRIVATE_9', `0x000089e9')
+define(`SIOCPROTOPRIVATE_A', `0x000089ea')
+define(`SIOCPROTOPRIVATE_B', `0x000089eb')
+define(`SIOCPROTOPRIVATE_C', `0x000089ec')
+define(`SIOCPROTOPRIVATE_D', `0x000089ed')
+define(`SIOCPROTOPRIVATE_E', `0x000089ee')
+define(`SIOCPROTOPRIVLAST', `0x000089ef')
+define(`SIOCRTMSG', `0x0000890d')
+define(`SIOCSARP', `0x00008955')
+define(`SIOCSHWTSTAMP', `0x000089b0')
+define(`SIOCSIFADDR', `0x00008916')
+define(`SIOCSIFATMTCP', `0x00006180')
+define(`SIOCSIFBR', `0x00008941')
+define(`SIOCSIFBRDADDR', `0x0000891a')
+define(`SIOCSIFDSTADDR', `0x00008918')
+define(`SIOCSIFENCAP', `0x00008926')
+define(`SIOCSIFFLAGS', `0x00008914')
+define(`SIOCSIFHWADDR', `0x00008924')
+define(`SIOCSIFHWBROADCAST', `0x00008937')
+define(`SIOCSIFLINK', `0x00008911')
+define(`SIOCSIFMAP', `0x00008971')
+define(`SIOCSIFMEM', `0x00008920')
+define(`SIOCSIFMETRIC', `0x0000891e')
+define(`SIOCSIFMTU', `0x00008922')
+define(`SIOCSIFNAME', `0x00008923')
+define(`SIOCSIFNETMASK', `0x0000891c')
+define(`SIOCSIFPFLAGS', `0x00008934')
+define(`SIOCSIFSLAVE', `0x00008930')
+define(`SIOCSIFTXQLEN', `0x00008943')
+define(`SIOCSIFVLAN', `0x00008983')
+define(`SIOCSIWAP', `0x00008b14')
+define(`SIOCSIWAUTH', `0x00008b32')
+define(`SIOCSIWCOMMIT', `0x00008b00')
+define(`SIOCSIWENCODE', `0x00008b2a')
+define(`SIOCSIWENCODEEXT', `0x00008b34')
+define(`SIOCSIWESSID', `0x00008b1a')
+define(`SIOCSIWFRAG', `0x00008b24')
+define(`SIOCSIWFREQ', `0x00008b04')
+define(`SIOCSIWGENIE', `0x00008b30')
+define(`SIOCSIWMLME', `0x00008b16')
+define(`SIOCSIWMODE', `0x00008b06')
+define(`SIOCSIWNICKN', `0x00008b1c')
+define(`SIOCSIWNWID', `0x00008b02')
+define(`SIOCSIWPMKSA', `0x00008b36')
+define(`SIOCSIWPOWER', `0x00008b2c')
+define(`SIOCSIWPRIV', `0x00008b0c')
+define(`SIOCSIWRANGE', `0x00008b0a')
+define(`SIOCSIWRATE', `0x00008b20')
+define(`SIOCSIWRETRY', `0x00008b28')
+define(`SIOCSIWRTS', `0x00008b22')
+define(`SIOCSIWSCAN', `0x00008b18')
+define(`SIOCSIWSENS', `0x00008b08')
+define(`SIOCSIWSPY', `0x00008b10')
+define(`SIOCSIWSTATS', `0x00008b0e')
+define(`SIOCSIWTHRSPY', `0x00008b12')
+define(`SIOCSIWTXPOW', `0x00008b26')
+define(`SIOCSMIIREG', `0x00008949')
+define(`SIOCSNETADDR', `0x400489e0')
+define(`SIOCSPGRP', `0x00008902')
+define(`SIOCSRARP', `0x00008962')
+define(`SIOCWANDEV', `0x0000894a')
+define(`SISFB_COMMAND', `0xc054f305')
+define(`SISFB_GET_AUTOMAXIMIZE', `0x8004f303')
+define(`SISFB_GET_AUTOMAXIMIZE_OLD', `0x80046efa')
+define(`SISFB_GET_INFO', `0x811cf301')
+define(`SISFB_GET_INFO_OLD', `0x80046ef8')
+define(`SISFB_GET_INFO_SIZE', `0x8004f300')
+define(`SISFB_GET_TVPOSOFFSET', `0x8004f304')
+define(`SISFB_GET_VBRSTATUS', `0x8004f302')
+define(`SISFB_GET_VBRSTATUS_OLD', `0x80046ef9')
+define(`SISFB_SET_AUTOMAXIMIZE', `0x4004f303')
+define(`SISFB_SET_AUTOMAXIMIZE_OLD', `0x40046efa')
+define(`SISFB_SET_LOCK', `0x4004f306')
+define(`SISFB_SET_TVPOSOFFSET', `0x4004f304')
+define(`SNAPSHOT_ALLOC_SWAP_PAGE', `0x80083314')
+define(`SNAPSHOT_ATOMIC_RESTORE', `0x00003304')
+define(`SNAPSHOT_AVAIL_SWAP_SIZE', `0x80083313')
define(`SNAPSHOT_CREATE_IMAGE', `0x40043311')
-define(`PTP_ENABLE_PPS', `0x40043d04')
-define(`SYNC_IOC_WAIT', `0x40043e00')
-define(`SNDRV_PCM_IOCTL_TSTAMP', `0x40044102')
-define(`SNDRV_PCM_IOCTL_TTSTAMP', `0x40044103')
-define(`AGPIOC_DEALLOCATE', `0x40044107')
-define(`SNDRV_PCM_IOCTL_PAUSE', `0x40044145')
-define(`SNDRV_PCM_IOCTL_LINK', `0x40044160')
-define(`CCISS_REGNEWDISK', `0x4004420d')
-define(`EVIOCRMFF', `0x40044581')
-define(`EVIOCGRAB', `0x40044590')
-define(`EVIOCREVOKE', `0x40044591')
-define(`EVIOCSCLOCKID', `0x400445a0')
-define(`FBIOPUT_CONTRAST', `0x40044602')
-define(`FBIPUT_BRIGHTNESS', `0x40044603')
-define(`FBIPUT_COLOR', `0x40044606')
-define(`FBIPUT_HSYNC', `0x40044609')
-define(`FBIPUT_VSYNC', `0x4004460a')
-define(`FBIO_WAITFORVSYNC', `0x40044620')
-define(`SSTFB_SET_VGAPASS', `0x400446dd')
-define(`HIDIOCSFLAG', `0x4004480f')
-define(`SNDRV_EMU10K1_IOCTL_TRAM_SETUP', `0x40044820')
-define(`SNDRV_DM_FM_IOCTL_SET_MODE', `0x40044825')
-define(`SNDRV_DM_FM_IOCTL_SET_CONNECTION', `0x40044826')
-define(`SNDRV_EMU10K1_IOCTL_SINGLE_STEP', `0x40044883')
-define(`SNDRV_EMUX_IOCTL_MEM_AVAIL', `0x40044884')
-define(`HCIDEVUP', `0x400448c9')
-define(`HCIDEVDOWN', `0x400448ca')
-define(`HCIDEVRESET', `0x400448cb')
-define(`HCIDEVRESTAT', `0x400448cc')
-define(`HCISETRAW', `0x400448dc')
-define(`HCISETSCAN', `0x400448dd')
-define(`HCISETAUTH', `0x400448de')
-define(`HCISETENCRYPT', `0x400448df')
-define(`HCISETPTYPE', `0x400448e0')
-define(`HCISETLINKPOL', `0x400448e1')
-define(`HCISETLINKMODE', `0x400448e2')
-define(`HCISETACLMTU', `0x400448e3')
-define(`HCISETSCOMTU', `0x400448e4')
-define(`HCIBLOCKADDR', `0x400448e6')
-define(`HCIUNBLOCKADDR', `0x400448e7')
-define(`MFB_SET_PIXFMT', `0x40044d08')
-define(`OTPGETREGIONCOUNT', `0x40044d0e')
-define(`UBI_IOCEBER', `0x40044f01')
-define(`UBI_IOCEBCH', `0x40044f02')
-define(`UBI_IOCEBUNMAP', `0x40044f04')
-define(`OMAPFB_MIRROR', `0x40044f1f')
-define(`OMAPFB_SET_UPDATE_MODE', `0x40044f28')
-define(`OMAPFB_GET_UPDATE_MODE', `0x40044f2b')
-define(`OMAPFB_LCD_TEST', `0x40044f2d')
-define(`OMAPFB_CTRL_TEST', `0x40044f2e')
-define(`SNDCTL_DSP_SETTRIGGER', `0x40045010')
+define(`SNAPSHOT_FREE', `0x00003305')
+define(`SNAPSHOT_FREE_SWAP_PAGES', `0x00003309')
+define(`SNAPSHOT_FREEZE', `0x00003301')
+define(`SNAPSHOT_GET_IMAGE_SIZE', `0x8008330e')
+define(`SNAPSHOT_PLATFORM_SUPPORT', `0x0000330f')
+define(`SNAPSHOT_POWER_OFF', `0x00003310')
+define(`SNAPSHOT_PREF_IMAGE_SIZE', `0x00003312')
+define(`SNAPSHOT_S2RAM', `0x0000330b')
+define(`SNAPSHOT_SET_SWAP_AREA', `0x400c330d')
+define(`SNAPSHOT_UNFREEZE', `0x00003302')
+define(`SNDCTL_COPR_HALT', `0xc0144307')
+define(`SNDCTL_COPR_LOAD', `0xcfb04301')
+define(`SNDCTL_COPR_RCODE', `0xc0144303')
+define(`SNDCTL_COPR_RCVMSG', `0x8fa44309')
+define(`SNDCTL_COPR_RDATA', `0xc0144302')
+define(`SNDCTL_COPR_RESET', `0x00004300')
+define(`SNDCTL_COPR_RUN', `0xc0144306')
+define(`SNDCTL_COPR_SENDMSG', `0xcfa44308')
+define(`SNDCTL_COPR_WCODE', `0x40144305')
+define(`SNDCTL_COPR_WDATA', `0x40144304')
+define(`SNDCTL_DSP_BIND_CHANNEL', `0xc0045041')
+define(`SNDCTL_DSP_CHANNELS', `0xc0045006')
+define(`SNDCTL_DSP_GETBLKSIZE', `0xc0045004')
+define(`SNDCTL_DSP_GETCAPS', `0x8004500f')
+define(`SNDCTL_DSP_GETCHANNELMASK', `0xc0045040')
+define(`SNDCTL_DSP_GETFMTS', `0x8004500b')
+define(`SNDCTL_DSP_GETIPTR', `0x800c5011')
+define(`SNDCTL_DSP_GETISPACE', `0x8010500d')
+define(`SNDCTL_DSP_GETODELAY', `0x80045017')
+define(`SNDCTL_DSP_GETOPTR', `0x800c5012')
+define(`SNDCTL_DSP_GETOSPACE', `0x8010500c')
+define(`SNDCTL_DSP_GETSPDIF', `0x80045043')
+define(`SNDCTL_DSP_GETTRIGGER', `0x80045010')
+define(`SNDCTL_DSP_MAPINBUF', `0x80105013')
+define(`SNDCTL_DSP_MAPOUTBUF', `0x80105014')
+define(`SNDCTL_DSP_NONBLOCK', `0x0000500e')
+define(`SNDCTL_DSP_POST', `0x00005008')
define(`SNDCTL_DSP_PROFILE', `0x40045017')
+define(`SNDCTL_DSP_RESET', `0x00005000')
+define(`SNDCTL_DSP_SETDUPLEX', `0x00005016')
+define(`SNDCTL_DSP_SETFMT', `0xc0045005')
+define(`SNDCTL_DSP_SETFRAGMENT', `0xc004500a')
define(`SNDCTL_DSP_SETSPDIF', `0x40045042')
-define(`SNDCTL_SEQ_PERCMODE', `0x40045106')
-define(`SNDCTL_SEQ_TESTMIDI', `0x40045108')
-define(`SNDCTL_SEQ_RESETSAMPLES', `0x40045109')
-define(`SNDCTL_SEQ_THRESHOLD', `0x4004510d')
+define(`SNDCTL_DSP_SETSYNCRO', `0x00005015')
+define(`SNDCTL_DSP_SETTRIGGER', `0x40045010')
+define(`SNDCTL_DSP_SPEED', `0xc0045002')
+define(`SNDCTL_DSP_STEREO', `0xc0045003')
+define(`SNDCTL_DSP_SUBDIVIDE', `0xc0045009')
+define(`SNDCTL_DSP_SYNC', `0x00005001')
define(`SNDCTL_FM_4OP_ENABLE', `0x4004510f')
-define(`RNDADDTOENTCNT', `0x40045201')
-define(`SAA6588_CMD_CLOSE', `0x40045202')
-define(`RFCOMMCREATEDEV', `0x400452c8')
-define(`RFCOMMRELEASEDEV', `0x400452c9')
-define(`RFCOMMSTEALDLC', `0x400452dc')
-define(`SNDRV_TIMER_IOCTL_TREAD', `0x40045402')
+define(`SNDCTL_FM_LOAD_INSTR', `0x40285107')
+define(`SNDCTL_MIDI_INFO', `0xc074510c')
+define(`SNDCTL_MIDI_MPUCMD', `0xc0216d02')
+define(`SNDCTL_MIDI_MPUMODE', `0xc0046d01')
+define(`SNDCTL_MIDI_PRETIME', `0xc0046d00')
+define(`SNDCTL_SEQ_CTRLRATE', `0xc0045103')
+define(`SNDCTL_SEQ_GETINCOUNT', `0x80045105')
+define(`SNDCTL_SEQ_GETOUTCOUNT', `0x80045104')
+define(`SNDCTL_SEQ_GETTIME', `0x80045113')
+define(`SNDCTL_SEQ_NRMIDIS', `0x8004510b')
+define(`SNDCTL_SEQ_NRSYNTHS', `0x8004510a')
+define(`SNDCTL_SEQ_OUTOFBAND', `0x40085112')
+define(`SNDCTL_SEQ_PANIC', `0x00005111')
+define(`SNDCTL_SEQ_PERCMODE', `0x40045106')
+define(`SNDCTL_SEQ_RESET', `0x00005100')
+define(`SNDCTL_SEQ_RESETSAMPLES', `0x40045109')
+define(`SNDCTL_SEQ_SYNC', `0x00005101')
+define(`SNDCTL_SEQ_TESTMIDI', `0x40045108')
+define(`SNDCTL_SEQ_THRESHOLD', `0x4004510d')
+define(`SNDCTL_SYNTH_CONTROL', `0xcfa45115')
+define(`SNDCTL_SYNTH_ID', `0xc08c5114')
+define(`SNDCTL_SYNTH_INFO', `0xc08c5102')
+define(`SNDCTL_SYNTH_MEMAVL', `0xc004510e')
+define(`SNDCTL_SYNTH_REMOVESAMPLE', `0xc00c5116')
+define(`SNDCTL_TMR_CONTINUE', `0x00005404')
define(`SNDCTL_TMR_METRONOME', `0x40045407')
define(`SNDCTL_TMR_SELECT', `0x40045408')
-define(`TIOCSPTLCK', `0x40045431')
-define(`TIOCSIG', `0x40045436')
-define(`TUNSETNOCSUM', `0x400454c8')
-define(`TUNSETDEBUG', `0x400454c9')
-define(`TUNSETIFF', `0x400454ca')
-define(`TUNSETPERSIST', `0x400454cb')
-define(`TUNSETOWNER', `0x400454cc')
-define(`TUNSETLINK', `0x400454cd')
-define(`TUNSETGROUP', `0x400454ce')
-define(`TUNSETOFFLOAD', `0x400454d0')
-define(`TUNSETTXFILTER', `0x400454d1')
-define(`TUNSETSNDBUF', `0x400454d4')
-define(`TUNSETVNETHDRSZ', `0x400454d8')
-define(`TUNSETQUEUE', `0x400454d9')
-define(`TUNSETIFINDEX', `0x400454da')
-define(`TUNSETVNETLE', `0x400454dc')
-define(`USBDEVFS_REAPURB32', `0x4004550c')
-define(`USBDEVFS_REAPURBNDELAY32', `0x4004550d')
+define(`SNDCTL_TMR_SOURCE', `0xc0045406')
+define(`SNDCTL_TMR_START', `0x00005402')
+define(`SNDCTL_TMR_STOP', `0x00005403')
+define(`SNDCTL_TMR_TEMPO', `0xc0045405')
+define(`SNDCTL_TMR_TIMEBASE', `0xc0045401')
+define(`SNDRV_COMPRESS_AVAIL', `0x801c4321')
+define(`SNDRV_COMPRESS_DRAIN', `0x00004334')
+define(`SNDRV_COMPRESS_GET_CAPS', `0xc0c44310')
+define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311')
+define(`SNDRV_COMPRESS_GET_METADATA', `0xc0244315')
+define(`SNDRV_COMPRESS_GET_PARAMS', `0x80784313')
+define(`SNDRV_COMPRESS_IOCTL_VERSION', `0x80044300')
+define(`SNDRV_COMPRESS_NEXT_TRACK', `0x00004335')
+define(`SNDRV_COMPRESS_PARTIAL_DRAIN', `0x00004336')
+define(`SNDRV_COMPRESS_PAUSE', `0x00004330')
+define(`SNDRV_COMPRESS_RESUME', `0x00004331')
+define(`SNDRV_COMPRESS_SET_METADATA', `0x40244314')
+define(`SNDRV_COMPRESS_SET_PARAMS', `0x40844312')
+define(`SNDRV_COMPRESS_START', `0x00004332')
+define(`SNDRV_COMPRESS_STOP', `0x00004333')
+define(`SNDRV_COMPRESS_TSTAMP', `0x80144320')
+define(`SNDRV_CTL_IOCTL_CARD_INFO', `0x81785501')
+define(`SNDRV_CTL_IOCTL_ELEM_ADD', `0xc1105517')
+define(`SNDRV_CTL_IOCTL_ELEM_INFO', `0xc1105511')
+define(`SNDRV_CTL_IOCTL_ELEM_LIST', `0xc0505510')
+define(`SNDRV_CTL_IOCTL_ELEM_LOCK', `0x40405514')
+define(`SNDRV_CTL_IOCTL_ELEM_READ', `0xc4c85512')
+define(`SNDRV_CTL_IOCTL_ELEM_REMOVE', `0xc0405519')
+define(`SNDRV_CTL_IOCTL_ELEM_REPLACE', `0xc1105518')
+define(`SNDRV_CTL_IOCTL_ELEM_UNLOCK', `0x40405515')
+define(`SNDRV_CTL_IOCTL_ELEM_WRITE', `0xc4c85513')
+define(`SNDRV_CTL_IOCTL_HWDEP_INFO', `0x80dc5521')
+define(`SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE', `0xc0045520')
+define(`SNDRV_CTL_IOCTL_PCM_INFO', `0xc1205531')
+define(`SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE', `0x80045530')
define(`SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE', `0x40045532')
+define(`SNDRV_CTL_IOCTL_POWER', `0xc00455d0')
+define(`SNDRV_CTL_IOCTL_POWER_STATE', `0x800455d1')
+define(`SNDRV_CTL_IOCTL_PVERSION', `0x80045500')
+define(`SNDRV_CTL_IOCTL_RAWMIDI_INFO', `0xc10c5541')
+define(`SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE', `0xc0045540')
define(`SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE', `0x40045542')
-define(`UI_SET_EVBIT', `0x40045564')
-define(`UI_SET_KEYBIT', `0x40045565')
-define(`UI_SET_RELBIT', `0x40045566')
-define(`UI_SET_ABSBIT', `0x40045567')
-define(`UI_SET_MSCBIT', `0x40045568')
-define(`UI_SET_LEDBIT', `0x40045569')
-define(`UI_SET_SNDBIT', `0x4004556a')
-define(`UI_SET_FFBIT', `0x4004556b')
-define(`UI_SET_SWBIT', `0x4004556d')
-define(`UI_SET_PROPBIT', `0x4004556e')
-define(`VIDIOC_OVERLAY', `0x4004560e')
-define(`VIDIOC_STREAMON', `0x40045612')
-define(`VIDIOC_STREAMOFF', `0x40045613')
-define(`VIDIOC_S_PRIORITY', `0x40045644')
-define(`IVTV_IOC_PASSTHROUGH_MODE', `0x400456c1')
-define(`SW_SYNC_IOC_INC', `0x40045701')
-define(`SNDRV_RAWMIDI_IOCTL_DROP', `0x40045730')
-define(`SNDRV_RAWMIDI_IOCTL_DRAIN', `0x40045731')
-define(`SONET_SETFRAMING', `0x40046115')
-define(`ATM_SETSC', `0x400461f1')
-define(`ATM_DROPPARTY', `0x400461f5')
-define(`BINDER_SET_MAX_THREADS', `0x40046205')
-define(`BINDER_SET_IDLE_PRIORITY', `0x40046206')
-define(`BINDER_SET_CONTEXT_MGR', `0x40046207')
-define(`BINDER_THREAD_EXIT', `0x40046208')
-define(`BC_ACQUIRE_RESULT', `0x40046302')
-define(`BC_INCREFS', `0x40046304')
-define(`BC_ACQUIRE', `0x40046305')
-define(`CHIOSPICKER', `0x40046305')
-define(`BC_RELEASE', `0x40046306')
-define(`BC_DECREFS', `0x40046307')
-define(`DRM_IOCTL_AUTH_MAGIC', `0x40046411')
-define(`DRM_IOCTL_I915_IRQ_WAIT', `0x40046445')
-define(`DRM_IOCTL_MSM_GEM_CPU_FINI', `0x40046445')
-define(`DRM_IOCTL_RADEON_FULLSCREEN', `0x40046446')
-define(`DRM_IOCTL_MGA_SET_FENCE', `0x4004644a')
-define(`DRM_IOCTL_I915_DESTROY_HEAP', `0x4004644c')
-define(`DRM_IOCTL_I915_SET_VBLANK_PIPE', `0x4004644d')
-define(`DRM_IOCTL_R128_FULLSCREEN', `0x40046450')
-define(`DRM_IOCTL_RADEON_IRQ_WAIT', `0x40046457')
-define(`DRM_IOCTL_RADEON_SURF_FREE', `0x4004645b')
-define(`DRM_IOCTL_I915_GEM_SW_FINISH', `0x40046460')
-define(`VIDIOC_INT_RESET', `0x40046466')
-define(`DRM_IOCTL_NOUVEAU_GEM_CPU_FINI', `0x40046483')
-define(`FS_IOC32_SETFLAGS', `0x40046602')
-define(`LIRC_SET_SEND_MODE', `0x40046911')
-define(`LIRC_SET_REC_MODE', `0x40046912')
-define(`LIRC_SET_SEND_CARRIER', `0x40046913')
-define(`LIRC_SET_REC_CARRIER', `0x40046914')
-define(`LIRC_SET_SEND_DUTY_CYCLE', `0x40046915')
-define(`LIRC_SET_REC_DUTY_CYCLE', `0x40046916')
-define(`LIRC_SET_TRANSMITTER_MASK', `0x40046917')
-define(`LIRC_SET_REC_TIMEOUT', `0x40046918')
-define(`LIRC_SET_REC_TIMEOUT_REPORTS', `0x40046919')
-define(`LIRC_SET_REC_FILTER_PULSE', `0x4004691a')
-define(`LIRC_SET_REC_FILTER_SPACE', `0x4004691b')
-define(`LIRC_SET_REC_FILTER', `0x4004691c')
-define(`LIRC_SET_MEASURE_CARRIER_MODE', `0x4004691d')
-define(`LIRC_SET_REC_DUTY_CYCLE_RANGE', `0x4004691e')
-define(`IPMICTL_SET_MAINTENANCE_MODE_CMD', `0x4004691f')
-define(`LIRC_SET_REC_CARRIER_RANGE', `0x4004691f')
-define(`LIRC_SET_WIDEBAND_RECEIVER', `0x40046923')
-define(`SPI_IOC_WR_MAX_SPEED_HZ', `0x40046b04')
-define(`SPI_IOC_WR_MODE32', `0x40046b05')
-define(`MSMFB_GRP_DISP', `0x40046d01')
-define(`MSMFB_BLIT', `0x40046d02')
-define(`NCP_IOC_SET_SIGN_WANTED', `0x40046e06')
-define(`NCP_IOC_GETDENTRYTTL', `0x40046e0c')
-define(`SISFB_SET_AUTOMAXIMIZE_OLD', `0x40046efa')
-define(`UBI_IOCRMVOL', `0x40046f01')
-define(`DMX_SET_SOURCE', `0x40046f31')
-define(`UBI_IOCDET', `0x40046f41')
-define(`PPSETMODE', `0x40047080')
-define(`PPDATADIR', `0x40047090')
-define(`PPNEGOT', `0x40047091')
-define(`PPSETPHASE', `0x40047094')
-define(`PPSETFLAGS', `0x4004709b')
-define(`PHONE_REC_CODEC', `0x40047189')
-define(`PHONE_REC_DEPTH', `0x4004718c')
-define(`PHONE_FRAME', `0x4004718d')
-define(`PHONE_REC_VOLUME', `0x4004718e')
-define(`PHONE_PLAY_CODEC', `0x40047190')
-define(`PHONE_PLAY_DEPTH', `0x40047193')
-define(`PHONE_PLAY_VOLUME', `0x40047194')
-define(`PHONE_DTMF_OOB', `0x40047199')
-define(`PHONE_SET_TONE_ON_TIME', `0x4004719c')
-define(`PHONE_SET_TONE_OFF_TIME', `0x4004719d')
-define(`PHONE_PSTN_SET_STATE', `0x400471a4')
-define(`PHONE_WINK_DURATION', `0x400471a6')
-define(`PHONE_VAD', `0x400471a9')
-define(`PHONE_WINK', `0x400471aa')
-define(`IXJCTL_GET_FILTER_HIST', `0x400471c8')
-define(`IXJCTL_AEC_START', `0x400471cb')
-define(`IXJCTL_SET_LED', `0x400471ce')
-define(`IXJCTL_MIXER', `0x400471cf')
-define(`IXJCTL_DAA_COEFF_SET', `0x400471d0')
-define(`IXJCTL_PORT', `0x400471d1')
-define(`IXJCTL_DAA_AGAIN', `0x400471d2')
-define(`IXJCTL_POTS_PSTN', `0x400471d5')
-define(`PHONE_REC_VOLUME_LINEAR', `0x400471db')
-define(`PHONE_PLAY_VOLUME_LINEAR', `0x400471dc')
-define(`IXJCTL_HZ', `0x400471e0')
-define(`IXJCTL_RATE', `0x400471e1')
-define(`IXJCTL_DTMF_PRESCALE', `0x400471e8')
-define(`IXJCTL_SC_RXG', `0x400471ea')
-define(`IXJCTL_SC_TXG', `0x400471eb')
-define(`IXJCTL_INTERCOM_START', `0x400471fd')
-define(`IXJCTL_INTERCOM_STOP', `0x400471fe')
-define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211')
-define(`V4L2_SUBDEV_IR_RX_NOTIFY', `0x40047600')
-define(`V4L2_SUBDEV_IR_TX_NOTIFY', `0x40047601')
-define(`FS_IOC32_SETVERSION', `0x40047602')
-define(`MEYEIOC_QBUF_CAPT', `0x400476c2')
-define(`OSIOCSNETADDR', `0x400489e0')
-define(`SIOCSNETADDR', `0x400489e0')
-define(`AUTOFS_IOC_EXPIRE_MULTI', `0x40049366')
-define(`BTRFS_IOC_CLONE', `0x40049409')
-define(`BTRFS_IOC_BALANCE_CTL', `0x40049421')
-define(`KVM_INTERRUPT', `0x4004ae86')
-define(`KVM_SET_SIGNAL_MASK', `0x4004ae8b')
-define(`KVM_SET_MP_STATE', `0x4004ae99')
-define(`VHOST_SET_LOG_FD', `0x4004af07')
-define(`VHOST_SCSI_GET_ABI_VERSION', `0x4004af42')
-define(`VHOST_SCSI_SET_EVENTS_MISSED', `0x4004af43')
-define(`VHOST_SCSI_GET_EVENTS_MISSED', `0x4004af44')
-define(`SISFB_SET_AUTOMAXIMIZE', `0x4004f303')
-define(`SISFB_SET_TVPOSOFFSET', `0x4004f304')
-define(`SISFB_SET_LOCK', `0x4004f306')
-define(`GIGASET_BRKCHARS', `0x40064702')
-define(`MEYEIOC_S_PARAMS', `0x400676c1')
-define(`FE_DISEQC_SEND_MASTER_CMD', `0x40076f3f')
-define(`BLKBSZSET', `0x40081271')
-define(`FW_CDEV_IOC_RECEIVE_PHY_PACKETS', `0x40082316')
-define(`PERF_EVENT_IOC_PERIOD', `0x40082404')
-define(`PERF_EVENT_IOC_SET_FILTER', `0x40082406')
-define(`FBIO_RADEON_SET_MIRROR', `0x40084004')
-define(`AGPIOC_SETUP', `0x40084103')
-define(`AGPIOC_RESERVE', `0x40084104')
-define(`AGPIOC_PROTECT', `0x40084105')
-define(`AGPIOC_BIND', `0x40084108')
-define(`AGPIOC_UNBIND', `0x40084109')
-define(`SNDRV_PCM_IOCTL_REWIND', `0x40084146')
-define(`SNDRV_PCM_IOCTL_FORWARD', `0x40084149')
-define(`PMU_IOC_SET_BACKLIGHT', `0x40084202')
-define(`CCISS_SETINTINFO', `0x40084203')
-define(`APEI_ERST_CLEAR_RECORD', `0x40084501')
-define(`EVIOCSREP', `0x40084503')
-define(`EVIOCSKEYCODE', `0x40084504')
-define(`SNDRV_SB_CSP_IOCTL_START', `0x40084813')
-define(`SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE', `0x40084842')
-define(`MEMERASE', `0x40084d02')
-define(`MFB_SET_AOID', `0x40084d04')
-define(`MEMLOCK', `0x40084d05')
-define(`MEMUNLOCK', `0x40084d06')
-define(`MEMGETBADBLOCK', `0x40084d0b')
-define(`MEMSETBADBLOCK', `0x40084d0c')
-define(`UBI_IOCVOLUP', `0x40084f00')
-define(`UBI_IOCEBMAP', `0x40084f03')
-define(`OMAPFB_SETUP_MEM', `0x40084f37')
-define(`OMAPFB_QUERY_MEM', `0x40084f38')
-define(`OMAPFB_SET_TEARSYNC', `0x40084f3e')
-define(`SNDCTL_SEQ_OUTOFBAND', `0x40085112')
-define(`RNDADDENTROPY', `0x40085203')
-define(`TFD_IOC_SET_TICKS', `0x40085400')
-define(`USBDEVFS_REAPURB', `0x4008550c')
-define(`USBDEVFS_REAPURBNDELAY', `0x4008550d')
-define(`USBDEVFS_CONNECTINFO', `0x40085511')
-define(`UI_SET_PHYS', `0x4008556c')
-define(`VIDIOC_S_STD', `0x40085618')
-define(`VPFE_CMD_S_CCDC_RAW_PARAMS', `0x400856c1')
-define(`BINDER_SET_IDLE_TIMEOUT', `0x40086203')
-define(`CM_IOCSPTS', `0x40086302')
-define(`BC_FREE_BUFFER', `0x40086303')
-define(`BC_ATTEMPT_ACQUIRE', `0x4008630a')
-define(`BC_DEAD_BINDER_DONE', `0x40086310')
-define(`CM_IOSDBGLVL', `0x400863fa')
-define(`DRM_IOCTL_MODESET_CTL', `0x40086408')
-define(`DRM_IOCTL_GEM_CLOSE', `0x40086409')
-define(`DRM_IOCTL_CONTROL', `0x40086414')
-define(`DRM_IOCTL_MOD_CTX', `0x40086422')
-define(`DRM_IOCTL_SWITCH_CTX', `0x40086424')
-define(`DRM_IOCTL_NEW_CTX', `0x40086425')
-define(`DRM_IOCTL_LOCK', `0x4008642a')
-define(`DRM_IOCTL_UNLOCK', `0x4008642b')
-define(`DRM_IOCTL_FINISH', `0x4008642c')
-define(`DRM_IOCTL_AGP_ENABLE', `0x40086432')
-define(`DRM_IOCTL_MGA_FLUSH', `0x40086441')
-define(`DRM_IOCTL_R128_CCE_STOP', `0x40086442')
-define(`DRM_IOCTL_RADEON_CP_STOP', `0x40086442')
-define(`DRM_IOCTL_SAVAGE_BCI_EVENT_WAIT', `0x40086443')
-define(`DRM_IOCTL_OMAP_GEM_CPU_PREP', `0x40086444')
-define(`DRM_IOCTL_QXL_CLIENTCAP', `0x40086445')
-define(`DRM_IOCTL_I915_SETPARAM', `0x40086447')
-define(`DRM_IOCTL_I915_FREE', `0x40086449')
-define(`DRM_IOCTL_RADEON_STIPPLE', `0x4008644c')
-define(`DRM_IOCTL_R128_STIPPLE', `0x4008644d')
-define(`DRM_IOCTL_VIA_BLIT_SYNC', `0x4008644f')
-define(`DRM_IOCTL_RADEON_FREE', `0x40086454')
-define(`DRM_IOCTL_I915_GEM_UNPIN', `0x40086456')
-define(`DRM_IOCTL_RADEON_GEM_WAIT_IDLE', `0x40086464')
-define(`DRM_IOCTL_I915_GEM_CONTEXT_DESTROY', `0x4008646e')
-define(`DRM_IOCTL_I915_GEM_SET_CACHING', `0x4008646f')
-define(`DRM_IOCTL_NOUVEAU_GEM_CPU_PREP', `0x40086482')
-define(`FS_IOC_SETFLAGS', `0x40086602')
-define(`HPET_IRQFREQ', `0x40086806')
-define(`MTIOCTOP', `0x40086d01')
-define(`NCP_IOC_GETMOUNTUID2', `0x40086e02')
-define(`NILFS_IOCTL_DELETE_CHECKPOINT', `0x40086e81')
-define(`NILFS_IOCTL_RESIZE', `0x40086e8b')
-define(`MATROXFB_SET_OUTPUT_CONNECTION', `0x40086ef8')
-define(`MATROXFB_SET_OUTPUT_MODE', `0x40086efa')
-define(`AUDIO_SET_MIXER', `0x40086f0e')
-define(`VIDEO_SET_SPU', `0x40086f32')
-define(`CA_SET_PID', `0x40086f87')
-define(`PHN_SET_REG', `0x40087001')
-define(`PHN_SET_REGS', `0x40087003')
-define(`PHN_SETREG', `0x40087006')
-define(`RTC_IRQP_SET', `0x4008700c')
-define(`RTC_EPOCH_SET', `0x4008700e')
-define(`PPS_SETPARAMS', `0x400870a2')
-define(`PPS_KC_BIND', `0x400870a5')
-define(`SPIOCSTYPE', `0x40087101')
-define(`PHONE_CAPABILITIES_CHECK', `0x40087182')
-define(`PHONE_RING_START', `0x40087187')
-define(`IXJCTL_SET_FILTER', `0x400871c7')
-define(`IXJCTL_INIT_TONE', `0x400871c9')
-define(`IXJCTL_TONE_CADENCE', `0x400871ca')
-define(`IXJCTL_FILTER_CADENCE', `0x400871d6')
-define(`IXJCTL_CIDCW', `0x400871d9')
-define(`IXJCTL_SET_FILTER_RAW', `0x400871dd')
-define(`IXJCTL_SIGCTL', `0x400871e9')
-define(`FS_IOC_SETVERSION', `0x40087602')
-define(`ASHMEM_SET_SIZE', `0x40087703')
-define(`ASHMEM_SET_PROT_MASK', `0x40087705')
-define(`ASHMEM_PIN', `0x40087707')
-define(`ASHMEM_UNPIN', `0x40087708')
-define(`BTRFS_IOC_DEFAULT_SUBVOL', `0x40089413')
-define(`BTRFS_IOC_WAIT_SYNC', `0x40089416')
-define(`BTRFS_IOC_SUBVOL_SETFLAGS', `0x4008941a')
-define(`KVM_SET_IDENTITY_MAP_ADDR', `0x4008ae48')
-define(`KVM_S390_VCPU_FAULT', `0x4008ae52')
-define(`KVM_IRQ_LINE', `0x4008ae61')
-define(`KVM_SET_GSI_ROUTING', `0x4008ae6a')
-define(`KVM_ASSIGN_SET_MSIX_NR', `0x4008ae73')
-define(`KVM_SET_MSRS', `0x4008ae89')
-define(`KVM_SET_CPUID', `0x4008ae8a')
-define(`KVM_SET_CPUID2', `0x4008ae90')
-define(`KVM_SET_VAPIC_ADDR', `0x4008ae93')
-define(`KVM_S390_STORE_STATUS', `0x4008ae95')
-define(`KVM_X86_SETUP_MCE', `0x4008ae9c')
-define(`VHOST_SET_FEATURES', `0x4008af00')
-define(`VHOST_SET_MEM_TABLE', `0x4008af03')
-define(`VHOST_SET_LOG_BASE', `0x4008af04')
-define(`VHOST_SET_VRING_NUM', `0x4008af10')
-define(`VHOST_SET_VRING_BASE', `0x4008af12')
-define(`VHOST_SET_VRING_KICK', `0x4008af20')
-define(`VHOST_SET_VRING_CALL', `0x4008af21')
-define(`VHOST_SET_VRING_ERR', `0x4008af22')
-define(`VHOST_NET_SET_BACKEND', `0x4008af30')
-define(`PPPOEIOCSFWD', `0x4008b100')
-define(`IOW_WRITE', `0x4008c001')
-define(`IOW_READ', `0x4008c002')
-define(`REISERFS_IOC_UNPACK', `0x4008cd01')
-define(`SNDRV_DM_FM_IOCTL_SET_PARAMS', `0x40094824')
-define(`FDFMTTRK', `0x400c0248')
-define(`RUN_ARRAY', `0x400c0930')
-define(`SNAPSHOT_SET_SWAP_AREA', `0x400c330d')
-define(`CAPI_REGISTER', `0x400c4301')
-define(`HIDIOCGREPORT', `0x400c4807')
-define(`HIDIOCSREPORT', `0x400c4808')
+define(`SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS', `0xc0045516')
+define(`SNDRV_CTL_IOCTL_TLV_COMMAND', `0xc008551c')
+define(`SNDRV_CTL_IOCTL_TLV_READ', `0xc008551a')
+define(`SNDRV_CTL_IOCTL_TLV_WRITE', `0xc008551b')
+define(`SNDRV_DM_FM_IOCTL_CLEAR_PATCHES', `0x00004840')
+define(`SNDRV_DM_FM_IOCTL_INFO', `0x80024820')
define(`SNDRV_DM_FM_IOCTL_PLAY_NOTE', `0x400c4822')
-define(`MFB_SET_CHROMA_KEY', `0x400c4d01')
-define(`OTPGETREGIONINFO', `0x400c4d0f')
-define(`UI_END_FF_ERASE', `0x400c55cb')
-define(`CHIOPOSITION', `0x400c6303')
-define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
-define(`BC_CLEAR_DEATH_NOTIFICATION', `0x400c630f')
-define(`DRM_IOCTL_I810_VERTEX', `0x400c6441')
-define(`DRM_IOCTL_I810_CLEAR', `0x400c6442')
-define(`DRM_IOCTL_MGA_VERTEX', `0x400c6445')
-define(`DRM_IOCTL_MGA_ILOAD', `0x400c6447')
-define(`DRM_IOCTL_I915_INIT_HEAP', `0x400c644a')
-define(`DRM_IOCTL_RADEON_INIT_HEAP', `0x400c6455')
-define(`DRM_IOCTL_RADEON_SURF_ALLOC', `0x400c645a')
-define(`DRM_IOCTL_I915_GEM_SET_DOMAIN', `0x400c645f')
-define(`I2OEVTREG', `0x400c690a')
-define(`HSC_SET_RX', `0x400c6b13')
-define(`HSC_GET_RX', `0x400c6b14')
-define(`NCP_IOC_GETROOT', `0x400c6e08')
-define(`UBI_IOCRSVOL', `0x400c6f02')
-define(`AUDIO_SET_KARAOKE', `0x400c6f12')
-define(`KVM_CREATE_SPAPR_TCE', `0x400caea8')
-define(`MBXFB_IOCS_REG', `0x400cf404')
-define(`FW_CDEV_IOC_START_ISO', `0x4010230a')
-define(`FW_CDEV_IOC_SET_ISO_CHANNELS', `0x40102317')
-define(`PTP_EXTTS_REQUEST', `0x40103d02')
-define(`CCISS_SETNODENAME', `0x40104205')
-define(`SNDRV_EMU10K1_IOCTL_TRAM_POKE', `0x40104821')
-define(`MTRRIOC_ADD_ENTRY', `0x40104d00')
-define(`MTRRIOC_SET_ENTRY', `0x40104d01')
-define(`MTRRIOC_DEL_ENTRY', `0x40104d02')
-define(`MTRRIOC_KILL_ENTRY', `0x40104d04')
-define(`MTRRIOC_ADD_PAGE_ENTRY', `0x40104d05')
-define(`MTRRIOC_SET_PAGE_ENTRY', `0x40104d06')
-define(`MTRRIOC_DEL_PAGE_ENTRY', `0x40104d07')
-define(`MTRRIOC_KILL_PAGE_ENTRY', `0x40104d09')
-define(`MEMERASE64', `0x40104d14')
-define(`UBI_IOCSETVOLPROP', `0x40104f06')
-define(`OMAPFB_SET_COLOR_KEY', `0x40104f32')
-define(`OMAPFB_GET_COLOR_KEY', `0x40104f33')
-define(`TUNATTACHFILTER', `0x401054d5')
-define(`TUNDETACHFILTER', `0x401054d6')
-define(`ANDROID_ALARM_SET_RTC', `0x40106105')
-define(`IDT77105_GETSTAT', `0x40106132')
-define(`IDT77105_GETSTATZ', `0x40106133')
-define(`ATM_GETSTAT', `0x40106150')
-define(`ATM_GETSTATZ', `0x40106151')
-define(`ATM_GETLOOP', `0x40106152')
-define(`ATM_SETLOOP', `0x40106153')
-define(`ATM_QUERYLOOP', `0x40106154')
-define(`ENI_MEMDUMP', `0x40106160')
-define(`HE_GET_REG', `0x40106160')
-define(`ZATM_GETPOOL', `0x40106161')
-define(`NS_SETBUFLEV', `0x40106162')
-define(`ZATM_GETPOOLZ', `0x40106162')
-define(`ZATM_SETPOOL', `0x40106163')
-define(`ENI_SETMULT', `0x40106167')
-define(`ATM_GETLINKRATE', `0x40106181')
-define(`ATM_GETNAMES', `0x40106183')
-define(`ATM_GETTYPE', `0x40106184')
-define(`ATM_GETESI', `0x40106185')
-define(`ATM_GETADDR', `0x40106186')
-define(`ATM_RSTADDR', `0x40106187')
-define(`ATM_ADDADDR', `0x40106188')
-define(`ATM_DELADDR', `0x40106189')
-define(`ATM_GETCIRANGE', `0x4010618a')
-define(`ATM_SETCIRANGE', `0x4010618b')
-define(`ATM_SETESI', `0x4010618c')
-define(`ATM_SETESIF', `0x4010618d')
-define(`ATM_ADDLECSADDR', `0x4010618e')
-define(`ATM_DELLECSADDR', `0x4010618f')
-define(`ATM_GETLECSADDR', `0x40106190')
-define(`ATM_ADDPARTY', `0x401061f4')
-define(`BC_INCREFS_DONE', `0x40106308')
-define(`CHIOGSTATUS', `0x40106308')
-define(`BC_ACQUIRE_DONE', `0x40106309')
-define(`DRM_IOCTL_SET_CLIENT_CAP', `0x4010640d')
-define(`DRM_IOCTL_SET_UNIQUE', `0x40106410')
-define(`DRM_IOCTL_FREE_BUFS', `0x4010641a')
-define(`DRM_IOCTL_SET_SAREA_CTX', `0x4010641c')
-define(`DRM_IOCTL_AGP_BIND', `0x40106436')
-define(`DRM_IOCTL_AGP_UNBIND', `0x40106437')
-define(`DRM_IOCTL_SG_FREE', `0x40106439')
-define(`DRM_IOCTL_OMAP_SET_PARAM', `0x40106441')
-define(`DRM_IOCTL_QXL_EXECBUFFER', `0x40106442')
-define(`DRM_IOCTL_OMAP_GEM_CPU_FINI', `0x40106445')
-define(`DRM_IOCTL_VIA_DEC_FUTEX', `0x40106445')
-define(`DRM_IOCTL_MGA_INDICES', `0x40106446')
-define(`DRM_IOCTL_I810_COPY', `0x40106447')
-define(`DRM_IOCTL_VIA_CMDBUFFER', `0x40106448')
-define(`DRM_IOCTL_R128_VERTEX', `0x40106449')
-define(`DRM_IOCTL_RADEON_VERTEX', `0x40106449')
-define(`DRM_IOCTL_VIA_PCICMD', `0x4010644a')
-define(`DRM_IOCTL_I915_HWS_ADDR', `0x40106451')
-define(`DRM_IOCTL_I915_GEM_INIT', `0x40106453')
-define(`DRM_IOCTL_SIS_FB_INIT', `0x40106456')
-define(`DRM_IOCTL_RADEON_SETPARAM', `0x40106459')
-define(`TUNER_SET_CONFIG', `0x4010645c')
-define(`HSC_SET_TX', `0x40106b15')
-define(`HSC_GET_TX', `0x40106b16')
-define(`MGSL_IOCSGPIO', `0x40106d10')
-define(`NILFS_IOCTL_CHANGE_CPMODE', `0x40106e80')
-define(`NILFS_IOCTL_SET_ALLOC_RANGE', `0x40106e8c')
-define(`VIDEO_STILLPICTURE', `0x40106f1e')
-define(`VIDEO_SET_HIGHLIGHT', `0x40106f27')
-define(`VIDEO_SET_SPU_PALETTE', `0x40106f33')
-define(`FE_SET_PROPERTY', `0x40106f52')
-define(`CA_SET_DESCR', `0x40106f86')
-define(`PPSETTIME', `0x40107096')
-define(`BTRFS_IOC_QGROUP_CREATE', `0x4010942a')
-define(`GENWQE_WRITE_REG64', `0x4010a51f')
-define(`GENWQE_WRITE_REG32', `0x4010a521')
-define(`GENWQE_WRITE_REG16', `0x4010a523')
-define(`KVM_GET_DIRTY_LOG', `0x4010ae42')
-define(`KVM_REGISTER_COALESCED_MMIO', `0x4010ae67')
-define(`KVM_UNREGISTER_COALESCED_MMIO', `0x4010ae68')
-define(`KVM_ASSIGN_SET_MSIX_ENTRY', `0x4010ae74')
-define(`KVM_S390_INTERRUPT', `0x4010ae94')
-define(`KVM_S390_SET_INITIAL_PSW', `0x4010ae96')
-define(`KVM_DIRTY_TLB', `0x4010aeaa')
-define(`KVM_ARM_SET_DEVICE_ADDR', `0x4010aeab')
-define(`KVM_GET_ONE_REG', `0x4010aeab')
-define(`KVM_SET_ONE_REG', `0x4010aeac')
+define(`SNDRV_DM_FM_IOCTL_RESET', `0x00004821')
+define(`SNDRV_DM_FM_IOCTL_SET_CONNECTION', `0x40044826')
+define(`SNDRV_DM_FM_IOCTL_SET_MODE', `0x40044825')
+define(`SNDRV_DM_FM_IOCTL_SET_PARAMS', `0x40094824')
define(`SNDRV_DM_FM_IOCTL_SET_VOICE', `0x40124823')
-define(`FDSETMAXERRS', `0x4014024c')
-define(`ADD_NEW_DISK', `0x40140921')
-define(`SNDCTL_COPR_WDATA', `0x40144304')
-define(`SNDCTL_COPR_WCODE', `0x40144305')
-define(`OMAPFB_UPDATE_WINDOW_OLD', `0x40144f2f')
-define(`VIDIOC_S_CROP', `0x4014563c')
-define(`CHIOMOVE', `0x40146301')
-define(`DRM_IOCTL_MGA_CLEAR', `0x40146444')
-define(`DRM_IOCTL_R128_CLEAR', `0x40146448')
-define(`DRM_IOCTL_R128_INDICES', `0x4014644a')
-define(`DRM_IOCTL_RADEON_INDICES', `0x4014644a')
-define(`DMX_SET_PES_FILTER', `0x40146f2c')
-define(`FW_CDEV_IOC_SEND_RESPONSE', `0x40182304')
-define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE_ONCE', `0x4018230f')
-define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE_ONCE', `0x40182310')
+define(`SNDRV_EMU10K1_IOCTL_CODE_PEEK', `0xc1b04812')
+define(`SNDRV_EMU10K1_IOCTL_CODE_POKE', `0x41b04811')
+define(`SNDRV_EMU10K1_IOCTL_CONTINUE', `0x00004881')
+define(`SNDRV_EMU10K1_IOCTL_DBG_READ', `0x80044884')
+define(`SNDRV_EMU10K1_IOCTL_INFO', `0x880c4810')
+define(`SNDRV_EMU10K1_IOCTL_PCM_PEEK', `0xc0484831')
+define(`SNDRV_EMU10K1_IOCTL_PCM_POKE', `0x40484830')
+define(`SNDRV_EMU10K1_IOCTL_PVERSION', `0x80044840')
+define(`SNDRV_EMU10K1_IOCTL_SINGLE_STEP', `0x40044883')
+define(`SNDRV_EMU10K1_IOCTL_STOP', `0x00004880')
+define(`SNDRV_EMU10K1_IOCTL_TRAM_PEEK', `0xc0104822')
+define(`SNDRV_EMU10K1_IOCTL_TRAM_POKE', `0x40104821')
+define(`SNDRV_EMU10K1_IOCTL_TRAM_SETUP', `0x40044820')
+define(`SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER', `0x00004882')
+define(`SNDRV_EMUX_IOCTL_LOAD_PATCH', `0xc0104881')
+define(`SNDRV_EMUX_IOCTL_MEM_AVAIL', `0x40044884')
+define(`SNDRV_EMUX_IOCTL_MISC_MODE', `0xc0104884')
+define(`SNDRV_EMUX_IOCTL_REMOVE_LAST_SAMPLES', `0x00004883')
+define(`SNDRV_EMUX_IOCTL_RESET_SAMPLES', `0x00004882')
+define(`SNDRV_EMUX_IOCTL_VERSION', `0x80044880')
+define(`SNDRV_FIREWIRE_IOCTL_GET_INFO', `0x802048f8')
+define(`SNDRV_FIREWIRE_IOCTL_LOCK', `0x000048f9')
+define(`SNDRV_FIREWIRE_IOCTL_UNLOCK', `0x000048fa')
+define(`SNDRV_HDSP_IOCTL_GET_9632_AEB', `0x80084845')
+define(`SNDRV_HDSP_IOCTL_GET_CONFIG_INFO', `0x80244841')
+define(`SNDRV_HDSP_IOCTL_GET_MIXER', `0x90004844')
+define(`SNDRV_HDSP_IOCTL_GET_PEAK_RMS', `0x83b04840')
+define(`SNDRV_HDSP_IOCTL_GET_VERSION', `0x80084843')
+define(`SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE', `0x40084842')
+define(`SNDRV_HDSPM_IOCTL_GET_CONFIG', `0x80184841')
+define(`SNDRV_HDSPM_IOCTL_GET_LTC', `0x80104846')
+define(`SNDRV_HDSPM_IOCTL_GET_MIXER', `0x80084844')
+define(`SNDRV_HDSPM_IOCTL_GET_PEAK_RMS', `0x89084842')
+define(`SNDRV_HDSPM_IOCTL_GET_STATUS', `0x80204847')
+define(`SNDRV_HDSPM_IOCTL_GET_VERSION', `0x80244848')
+define(`SNDRV_HWDEP_IOCTL_DSP_LOAD', `0x40604803')
+define(`SNDRV_HWDEP_IOCTL_DSP_STATUS', `0x80404802')
+define(`SNDRV_HWDEP_IOCTL_INFO', `0x80dc4801')
+define(`SNDRV_HWDEP_IOCTL_PVERSION', `0x80044800')
+define(`SNDRV_PCM_IOCTL_CHANNEL_INFO', `0x80184132')
+define(`SNDRV_PCM_IOCTL_DELAY', `0x80084121')
+define(`SNDRV_PCM_IOCTL_DRAIN', `0x00004144')
+define(`SNDRV_PCM_IOCTL_DROP', `0x00004143')
+define(`SNDRV_PCM_IOCTL_FORWARD', `0x40084149')
+define(`SNDRV_PCM_IOCTL_HW_FREE', `0x00004112')
+define(`SNDRV_PCM_IOCTL_HW_PARAMS', `0xc2604111')
+define(`SNDRV_PCM_IOCTL_HW_REFINE', `0xc2604110')
+define(`SNDRV_PCM_IOCTL_HWSYNC', `0x00004122')
+define(`SNDRV_PCM_IOCTL_INFO', `0x81204101')
+define(`SNDRV_PCM_IOCTL_LINK', `0x40044160')
+define(`SNDRV_PCM_IOCTL_PAUSE', `0x40044145')
+define(`SNDRV_PCM_IOCTL_PREPARE', `0x00004140')
+define(`SNDRV_PCM_IOCTL_PVERSION', `0x80044100')
+define(`SNDRV_PCM_IOCTL_READI_FRAMES', `0x80184151')
+define(`SNDRV_PCM_IOCTL_READN_FRAMES', `0x80184153')
+define(`SNDRV_PCM_IOCTL_RESET', `0x00004141')
+define(`SNDRV_PCM_IOCTL_RESUME', `0x00004147')
+define(`SNDRV_PCM_IOCTL_REWIND', `0x40084146')
+define(`SNDRV_PCM_IOCTL_START', `0x00004142')
+define(`SNDRV_PCM_IOCTL_STATUS', `0x80984120')
+define(`SNDRV_PCM_IOCTL_SW_PARAMS', `0xc0884113')
+define(`SNDRV_PCM_IOCTL_SYNC_PTR', `0xc0884123')
+define(`SNDRV_PCM_IOCTL_TSTAMP', `0x40044102')
+define(`SNDRV_PCM_IOCTL_TTSTAMP', `0x40044103')
+define(`SNDRV_PCM_IOCTL_UNLINK', `0x00004161')
define(`SNDRV_PCM_IOCTL_WRITEI_FRAMES', `0x40184150')
define(`SNDRV_PCM_IOCTL_WRITEN_FRAMES', `0x40184152')
-define(`HIDIOCSUSAGE', `0x4018480c')
-define(`HIDIOCGCOLLECTIONINDEX', `0x40184810')
-define(`AMDKFD_IOC_UPDATE_QUEUE', `0x40184b07')
-define(`IVTVFB_IOC_DMA_FRAME', `0x401856c0')
-define(`DRM_IOCTL_UPDATE_DRAW', `0x4018643f')
-define(`DRM_IOCTL_QXL_UPDATE_AREA', `0x40186443')
-define(`DRM_IOCTL_MSM_GEM_CPU_PREP', `0x40186444')
-define(`DRM_IOCTL_MSM_WAIT_FENCE', `0x40186447')
-define(`DRM_IOCTL_R128_BLIT', `0x4018644b')
-define(`NILFS_IOCTL_SET_SUINFO', `0x40186e8d')
-define(`UBI_IOCATT', `0x40186f40')
-define(`BTRFS_IOC_QGROUP_ASSIGN', `0x40189429')
-define(`KVM_SET_MEMORY_REGION', `0x4018ae40')
-define(`KVM_S390_UCAS_MAP', `0x4018ae50')
-define(`KVM_S390_UCAS_UNMAP', `0x4018ae51')
-define(`KVM_SET_DEVICE_ATTR', `0x4018aee1')
-define(`KVM_GET_DEVICE_ATTR', `0x4018aee2')
-define(`KVM_HAS_DEVICE_ATTR', `0x4018aee3')
-define(`MBXFB_IOCS_ALPHA', `0x4018f402')
-define(`BR2684_SETFILT', `0x401c6190')
-define(`CHIOEXCHANGE', `0x401c6302')
-define(`FDSETPRM', `0x40200242')
-define(`FDDEFPRM', `0x40200243')
-define(`ION_IOC_TEST_DMA_MAPPING', `0x402049f1')
-define(`ION_IOC_TEST_KERNEL_MAPPING', `0x402049f2')
-define(`AMDKFD_IOC_SET_MEMORY_POLICY', `0x40204b04')
-define(`VIDIOC_SUBSCRIBE_EVENT', `0x4020565a')
-define(`VIDIOC_UNSUBSCRIBE_EVENT', `0x4020565b')
-define(`DRM_IOCTL_MARK_BUFS', `0x40206417')
-define(`DRM_IOCTL_AGP_FREE', `0x40206435')
-define(`DRM_IOCTL_VIA_FREEMEM', `0x40206441')
-define(`DRM_IOCTL_I915_BATCHBUFFER', `0x40206443')
-define(`DRM_IOCTL_SIS_FB_FREE', `0x40206445')
-define(`DRM_IOCTL_RADEON_CLEAR', `0x40206448')
-define(`DRM_IOCTL_I915_CMDBUFFER', `0x4020644b')
-define(`DRM_IOCTL_I810_MC', `0x4020644c')
-define(`DRM_IOCTL_RADEON_CMDBUF', `0x40206450')
-define(`DRM_IOCTL_SIS_AGP_FREE', `0x40206455')
-define(`DRM_IOCTL_I915_GEM_PREAD', `0x4020645c')
-define(`DRM_IOCTL_I915_GEM_PWRITE', `0x4020645d')
-define(`OSD_SEND_CMD', `0x40206fa0')
-define(`RTC_PLL_SET', `0x40207012')
-define(`BTRFS_IOC_CLONE_RANGE', `0x4020940d')
-define(`KVM_SET_MEMORY_ALIAS', `0x4020ae43')
-define(`KVM_SET_USER_MEMORY_REGION', `0x4020ae46')
-define(`KVM_IRQFD', `0x4020ae76')
-define(`KVM_SIGNAL_MSI', `0x4020aea5')
-define(`KVM_PPC_GET_HTAB_FD', `0x4020aeaa')
-define(`KVM_ARM_VCPU_INIT', `0x4020aeae')
-define(`SNDRV_COMPRESS_SET_METADATA', `0x40244314')
-define(`JSIOCSCORR', `0x40246a21')
-define(`FE_SET_FRONTEND', `0x40246f4c')
-define(`RTC_ALM_SET', `0x40247007')
-define(`RTC_SET_TIME', `0x4024700a')
-define(`FW_CDEV_IOC_SEND_REQUEST', `0x40282301')
-define(`FW_CDEV_IOC_SEND_BROADCAST_REQUEST', `0x40282312')
-define(`FW_CDEV_IOC_SEND_STREAM_PACKET', `0x40282313')
-define(`EVIOCSKEYCODE_V2', `0x40284504')
-define(`SNDCTL_FM_LOAD_INSTR', `0x40285107')
-define(`DRM_IOCTL_RM_MAP', `0x4028641b')
-define(`DRM_IOCTL_R128_DEPTH', `0x4028644c')
-define(`DRM_IOCTL_RADEON_VERTEX2', `0x4028644f')
-define(`DRM_IOCTL_I915_GEM_EXECBUFFER', `0x40286454')
-define(`PHN_SETREGS', `0x40287008')
-define(`RTC_WKALM_SET', `0x4028700f')
-define(`VHOST_SET_VRING_ADDR', `0x4028af11')
-define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO', `0x402c5342')
-define(`TCSETS2', `0x402c542b')
-define(`TCSETSW2', `0x402c542c')
-define(`TCSETSF2', `0x402c542d')
-define(`VIDIOC_S_FREQUENCY', `0x402c5639')
-define(`DRM_IOCTL_I915_OVERLAY_PUT_IMAGE', `0x402c6467')
-define(`EVIOCSFF', `0x40304580')
-define(`NVME_IOCTL_SUBMIT_IO', `0x40304e42')
-define(`VIDIOC_S_FBUF', `0x4030560b')
-define(`VIDIOC_S_HW_FREQ_SEEK', `0x40305652')
-define(`CHIOSVOLTAG', `0x40306312')
-define(`DRM_IOCTL_VIA_DMA_BLIT', `0x4030644e')
-define(`MGSL_IOCSPARAMS', `0x40306d00')
-define(`BTRFS_IOC_DEFRAG_RANGE', `0x40309410')
-define(`BTRFS_IOC_SET_FEATURES', `0x40309439')
-define(`KVM_SET_CLOCK', `0x4030ae7b')
-define(`GSMIOC_ENABLE_NET', `0x40344702')
-define(`SNDRV_TIMER_IOCTL_SELECT', `0x40345410')
-define(`VIDIOC_S_AUDIO', `0x40345622')
-define(`VIDIOC_S_AUDOUT', `0x40345632')
-define(`DRM_IOCTL_MGA_BLIT', `0x40346448')
-define(`PTP_PEROUT_REQUEST', `0x40383d03')
-define(`VIDIOC_DBG_S_REGISTER', `0x4038564f')
-define(`DRM_IOCTL_SAVAGE_BCI_CMDBUF', `0x40386441')
-define(`KVM_XEN_HVM_CONFIG', `0x4038ae7a')
-define(`DMX_SET_FILTER', `0x403c6f2b')
-define(`SNDRV_SEQ_IOCTL_REMOVE_EVENTS', `0x4040534e')
-define(`SNDRV_CTL_IOCTL_ELEM_LOCK', `0x40405514')
-define(`SNDRV_CTL_IOCTL_ELEM_UNLOCK', `0x40405515')
-define(`IVTV_IOC_DMA_FRAME', `0x404056c0')
-define(`BC_TRANSACTION', `0x40406300')
-define(`BC_REPLY', `0x40406301')
-define(`DRM_IOCTL_I810_INIT', `0x40406440')
-define(`DRM_IOCTL_I915_GEM_EXECBUFFER2', `0x40406469')
-define(`JSIOCSAXMAP', `0x40406a31')
-define(`BTRFS_IOC_QUOTA_RESCAN', `0x4040942c')
-define(`KVM_ASSIGN_DEV_IRQ', `0x4040ae70')
-define(`KVM_DEASSIGN_PCI_DEVICE', `0x4040ae72')
-define(`KVM_DEASSIGN_DEV_IRQ', `0x4040ae75')
-define(`KVM_CREATE_PIT2', `0x4040ae77')
-define(`KVM_IOEVENTFD', `0x4040ae79')
-define(`KVM_X86_SET_MCE', `0x4040ae9e')
-define(`KVM_SET_VCPU_EVENTS', `0x4040aea0')
-define(`KVM_ASSIGN_SET_INTX_MASK', `0x4040aea4')
-define(`CXL_IOCTL_START_WORK', `0x4040ca00')
-define(`OMAPFB_SETUP_PLANE', `0x40444f34')
-define(`OMAPFB_QUERY_PLANE', `0x40444f35')
-define(`OMAPFB_UPDATE_WINDOW', `0x40444f36')
-define(`VIDIOC_S_MODULATOR', `0x40445637')
-define(`DRM_IOCTL_I915_INIT', `0x40446440')
-define(`SET_ARRAY_INFO', `0x40480923')
-define(`SNDRV_EMU10K1_IOCTL_PCM_POKE', `0x40484830')
-define(`SNDRV_TIMER_IOCTL_GPARAMS', `0x40485404')
-define(`BTRFS_IOC_SEND', `0x40489426')
-define(`KVM_SET_GUEST_DEBUG', `0x4048ae9b')
-define(`GSMIOC_SETCONF', `0x404c4701')
-define(`SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT', `0x404c534a')
-define(`SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT', `0x40505330')
-define(`SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT', `0x40505331')
-define(`SNDRV_TIMER_IOCTL_PARAMS', `0x40505412')
-define(`VIDIOC_S_TUNER', `0x4054561e')
-define(`SNDRV_SEQ_IOCTL_SET_CLIENT_POOL', `0x4058534c')
-define(`PTP_PIN_SETFUNC', `0x40603d07')
-define(`SNDRV_HWDEP_IOCTL_DSP_LOAD', `0x40604803')
-define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER', `0x40605346')
-define(`DRM_IOCTL_SAVAGE_BCI_INIT', `0x40606440')
-define(`UI_END_FF_UPLOAD', `0x406855c9')
-define(`KVM_ENABLE_CAP', `0x4068aea3')
-define(`CHIOGELEM', `0x406c6310')
-define(`KVM_SET_PIT2', `0x4070aea0')
-define(`DRM_IOCTL_R128_INIT', `0x40786440')
-define(`DRM_IOCTL_RADEON_CP_INIT', `0x40786440')
-define(`NILFS_IOCTL_CLEAN_SEGMENTS', `0x40786e88')
-define(`FDSETDRVPRM', `0x40800290')
-define(`UBI_IOCVOLCRBLK', `0x40804f07')
-define(`DRM_IOCTL_MGA_INIT', `0x40806440')
-define(`KVM_PPC_GET_PVINFO', `0x4080aea1')
-define(`KVM_SET_DEBUGREGS', `0x4080aea2')
-define(`KVM_PPC_RTAS_DEFINE_TOKEN', `0x4080aeac')
-define(`SNDRV_COMPRESS_SET_PARAMS', `0x40844312')
-define(`SNDRV_SEQ_IOCTL_DELETE_QUEUE', `0x408c5333')
-define(`VIDIOC_S_JPEGCOMP', `0x408c563e')
-define(`KVM_SET_REGS', `0x4090ae82')
-define(`UBI_IOCMKVOL', `0x40986f00')
-define(`SNDRV_SEQ_IOCTL_DELETE_PORT', `0x40a85321')
-define(`SNDRV_SEQ_IOCTL_SET_PORT_INFO', `0x40a85323')
-define(`SNDRV_SEQ_IOCTL_SET_CLIENT_INFO', `0x40bc5311')
-define(`VHOST_SCSI_SET_ENDPOINT', `0x40e8af40')
-define(`VHOST_SCSI_CLEAR_ENDPOINT', `0x40e8af41')
-define(`ASHMEM_SET_NAME', `0x41007701')
-define(`BTRFS_IOC_SET_FSLABEL', `0x41009432')
-define(`USBDEVFS_GETDRIVER', `0x41045508')
-define(`CA_SEND_MSG', `0x410c6f85')
-define(`KVM_SET_SREGS', `0x4138ae84')
-define(`KVM_SET_XCRS', `0x4188aea7')
-define(`KVM_SET_FPU', `0x41a0ae8d')
-define(`SNDRV_EMU10K1_IOCTL_CODE_POKE', `0x41b04811')
-define(`PTP_SYS_OFFSET', `0x43403d05')
-define(`JSIOCSBTNMAP', `0x44006a33')
-define(`KVM_SET_LAPIC', `0x4400ae8f')
-define(`BTRFS_IOC_SNAP_CREATE', `0x50009401')
-define(`BTRFS_IOC_DEFRAG', `0x50009402')
-define(`BTRFS_IOC_RESIZE', `0x50009403')
-define(`BTRFS_IOC_SCAN_DEV', `0x50009404')
-define(`BTRFS_IOC_ADD_DEV', `0x5000940a')
-define(`BTRFS_IOC_RM_DEV', `0x5000940b')
-define(`BTRFS_IOC_BALANCE', `0x5000940c')
-define(`BTRFS_IOC_SUBVOL_CREATE', `0x5000940e')
-define(`BTRFS_IOC_SNAP_DESTROY', `0x5000940f')
-define(`BTRFS_IOC_SNAP_CREATE_V2', `0x50009417')
-define(`BTRFS_IOC_SUBVOL_CREATE_V2', `0x50009418')
-define(`KVM_SET_XSAVE', `0x5000aea5')
-define(`HIDIOCSUSAGES', `0x501c4814')
-define(`UBI_IOCRNVOL', `0x51106f03')
+define(`SNDRV_PCM_IOCTL_XRUN', `0x00004148')
+define(`SNDRV_RAWMIDI_IOCTL_DRAIN', `0x40045731')
+define(`SNDRV_RAWMIDI_IOCTL_DROP', `0x40045730')
+define(`SNDRV_RAWMIDI_IOCTL_INFO', `0x810c5701')
+define(`SNDRV_RAWMIDI_IOCTL_PARAMS', `0xc0305710')
+define(`SNDRV_RAWMIDI_IOCTL_PVERSION', `0x80045700')
+define(`SNDRV_RAWMIDI_IOCTL_STATUS', `0xc0385720')
+define(`SNDRV_SB_CSP_IOCTL_INFO', `0x80284810')
define(`SNDRV_SB_CSP_IOCTL_LOAD_CODE', `0x70124811')
-define(`MFB_GET_ALPHA', `0x80014d00')
-define(`MFB_GET_GAMMA', `0x80014d01')
-define(`GADGET_GET_PRINTER_STATUS', `0x80016721')
-define(`JSIOCGAXES', `0x80016a11')
-define(`JSIOCGBUTTONS', `0x80016a12')
-define(`SPI_IOC_RD_MODE', `0x80016b01')
-define(`SPI_IOC_RD_LSB_FIRST', `0x80016b02')
-define(`SPI_IOC_RD_BITS_PER_WORD', `0x80016b03')
-define(`PPRSTATUS', `0x80017081')
-define(`PPRCONTROL', `0x80017083')
-define(`PPRDATA', `0x80017085')
-define(`SONYPI_IOCGBRT', `0x80017600')
-define(`SONYPI_IOCGBATFLAGS', `0x80017607')
-define(`SONYPI_IOCGBLUE', `0x80017608')
-define(`SONYPI_IOCGFAN', `0x8001760a')
-define(`SONYPI_IOCGTEMP', `0x8001760c')
-define(`CAPI_GET_ERRCODE', `0x80024321')
-define(`CAPI_INSTALLED', `0x80024322')
-define(`SNDRV_DM_FM_IOCTL_INFO', `0x80024820')
-define(`IOCTL_WDM_MAX_COMMAND', `0x800248a0')
-define(`IPMICTL_REGISTER_FOR_CMD', `0x8002690e')
-define(`IPMICTL_UNREGISTER_FOR_CMD', `0x8002690f')
-define(`FE_READ_SIGNAL_STRENGTH', `0x80026f47')
-define(`FE_READ_SNR', `0x80026f48')
+define(`SNDRV_SB_CSP_IOCTL_PAUSE', `0x00004815')
+define(`SNDRV_SB_CSP_IOCTL_RESTART', `0x00004816')
+define(`SNDRV_SB_CSP_IOCTL_START', `0x40084813')
+define(`SNDRV_SB_CSP_IOCTL_STOP', `0x00004814')
+define(`SNDRV_SB_CSP_IOCTL_UNLOAD_CODE', `0x00004812')
+define(`SNDRV_SEQ_IOCTL_CLIENT_ID', `0x80045301')
+define(`SNDRV_SEQ_IOCTL_CREATE_PORT', `0xc0a85320')
+define(`SNDRV_SEQ_IOCTL_CREATE_QUEUE', `0xc08c5332')
+define(`SNDRV_SEQ_IOCTL_DELETE_PORT', `0x40a85321')
+define(`SNDRV_SEQ_IOCTL_DELETE_QUEUE', `0x408c5333')
+define(`SNDRV_SEQ_IOCTL_GET_CLIENT_INFO', `0xc0bc5310')
+define(`SNDRV_SEQ_IOCTL_GET_CLIENT_POOL', `0xc058534b')
+define(`SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE', `0xc08c5336')
+define(`SNDRV_SEQ_IOCTL_GET_PORT_INFO', `0xc0a85322')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT', `0xc04c5349')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_INFO', `0xc08c5334')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER', `0xc0005343')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS', `0xc05c5340')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO', `0xc02c5341')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER', `0xc0605345')
+define(`SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION', `0xc0505350')
+define(`SNDRV_SEQ_IOCTL_PVERSION', `0x80045300')
+define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT', `0xc0bc5351')
+define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT', `0xc0a85352')
+define(`SNDRV_SEQ_IOCTL_QUERY_SUBS', `0xc058534f')
+define(`SNDRV_SEQ_IOCTL_REMOVE_EVENTS', `0x4040534e')
+define(`SNDRV_SEQ_IOCTL_RUNNING_MODE', `0xc0105303')
+define(`SNDRV_SEQ_IOCTL_SET_CLIENT_INFO', `0x40bc5311')
+define(`SNDRV_SEQ_IOCTL_SET_CLIENT_POOL', `0x4058534c')
+define(`SNDRV_SEQ_IOCTL_SET_PORT_INFO', `0x40a85323')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT', `0x404c534a')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_INFO', `0xc08c5335')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER', `0x40005344')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO', `0x402c5342')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER', `0x40605346')
+define(`SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT', `0x40505330')
+define(`SNDRV_SEQ_IOCTL_SYSTEM_INFO', `0xc0305302')
+define(`SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT', `0x40505331')
+define(`SNDRV_TIMER_IOCTL_CONTINUE', `0x000054a2')
+define(`SNDRV_TIMER_IOCTL_GINFO', `0xc0f85403')
+define(`SNDRV_TIMER_IOCTL_GPARAMS', `0x40485404')
+define(`SNDRV_TIMER_IOCTL_GSTATUS', `0xc0505405')
+define(`SNDRV_TIMER_IOCTL_INFO', `0x80e85411')
+define(`SNDRV_TIMER_IOCTL_NEXT_DEVICE', `0xc0145401')
+define(`SNDRV_TIMER_IOCTL_PARAMS', `0x40505412')
+define(`SNDRV_TIMER_IOCTL_PAUSE', `0x000054a3')
+define(`SNDRV_TIMER_IOCTL_PVERSION', `0x80045400')
+define(`SNDRV_TIMER_IOCTL_SELECT', `0x40345410')
+define(`SNDRV_TIMER_IOCTL_START', `0x000054a0')
+define(`SNDRV_TIMER_IOCTL_STATUS', `0x80605414')
+define(`SNDRV_TIMER_IOCTL_STOP', `0x000054a1')
+define(`SNDRV_TIMER_IOCTL_TREAD', `0x40045402')
+define(`SONET_CLRDIAG', `0xc0046113')
+define(`SONET_GETDIAG', `0x80046114')
+define(`SONET_GETFRAMING', `0x80046116')
+define(`SONET_GETFRSENSE', `0x80066117')
+define(`SONET_GETSTAT', `0x80246110')
+define(`SONET_GETSTATZ', `0x80246111')
+define(`SONET_SETDIAG', `0xc0046112')
+define(`SONET_SETFRAMING', `0x40046115')
define(`SONYPI_IOCGBAT1CAP', `0x80027602')
define(`SONYPI_IOCGBAT1REM', `0x80027603')
define(`SONYPI_IOCGBAT2CAP', `0x80027604')
define(`SONYPI_IOCGBAT2REM', `0x80027605')
-define(`MBXFB_IOCS_PLANEORDER', `0x8002f403')
-define(`BLKI2OGRSTRAT', `0x80043201')
-define(`BLKI2OGWSTRAT', `0x80043202')
-define(`SNDRV_PCM_IOCTL_PVERSION', `0x80044100')
-define(`CCISS_GETHEARTBEAT', `0x80044206')
-define(`CCISS_GETBUSTYPES', `0x80044207')
-define(`CCISS_GETFIRMVER', `0x80044208')
-define(`CCISS_GETDRIVVER', `0x80044209')
-define(`SNDRV_COMPRESS_IOCTL_VERSION', `0x80044300')
-define(`CAPI_GET_FLAGS', `0x80044323')
-define(`CAPI_SET_FLAGS', `0x80044324')
-define(`CAPI_CLR_FLAGS', `0x80044325')
-define(`CAPI_NCCI_OPENCOUNT', `0x80044326')
-define(`CAPI_NCCI_GETUNIT', `0x80044327')
-define(`EVIOCGVERSION', `0x80044501')
-define(`APEI_ERST_GET_RECORD_COUNT', `0x80044502')
-define(`EVIOCGEFFECTS', `0x80044584')
-define(`FBIOGET_CONTRAST', `0x80044601')
-define(`FBIGET_BRIGHTNESS', `0x80044603')
-define(`FBIGET_COLOR', `0x80044605')
-define(`SSTFB_GET_VGAPASS', `0x800446dd')
-define(`SNDRV_HWDEP_IOCTL_PVERSION', `0x80044800')
-define(`HIDIOCGRDESCSIZE', `0x80044801')
-define(`HIDIOCGVERSION', `0x80044801')
-define(`HIDIOCGFLAG', `0x8004480e')
-define(`HDA_IOCTL_PVERSION', `0x80044810')
-define(`SNDRV_EMU10K1_IOCTL_PVERSION', `0x80044840')
-define(`SNDRV_EMUX_IOCTL_VERSION', `0x80044880')
-define(`SNDRV_EMU10K1_IOCTL_DBG_READ', `0x80044884')
-define(`HCIGETDEVLIST', `0x800448d2')
-define(`HCIGETDEVINFO', `0x800448d3')
-define(`HCIGETCONNLIST', `0x800448d4')
-define(`HCIGETCONNINFO', `0x800448d5')
-define(`HCIGETAUTHINFO', `0x800448d7')
-define(`HCIINQUIRY', `0x800448f0')
-define(`ROCCATIOCGREPSIZE', `0x800448f1')
-define(`IMADDTIMER', `0x80044940')
-define(`IMDELTIMER', `0x80044941')
-define(`IMGETVERSION', `0x80044942')
-define(`IMGETCOUNT', `0x80044943')
-define(`IMGETDEVINFO', `0x80044944')
-define(`IMCTRLREQ', `0x80044945')
-define(`IMCLEAR_L2', `0x80044946')
-define(`IMHOLD_L1', `0x80044948')
-define(`MCE_GET_RECORD_LEN', `0x80044d01')
-define(`MCE_GET_LOG_LEN', `0x80044d02')
-define(`MCE_GETCLEAR_FLAGS', `0x80044d03')
-define(`MEMGETREGIONCOUNT', `0x80044d07')
-define(`MFB_GET_PIXFMT', `0x80044d08')
-define(`OTPSELECT', `0x80044d0d')
-define(`OSS_GETVERSION', `0x80044d76')
-define(`UBI_IOCEBISMAP', `0x80044f05')
-define(`SOUND_PCM_READ_RATE', `0x80045002')
-define(`SOUND_PCM_READ_BITS', `0x80045005')
-define(`SOUND_PCM_READ_CHANNELS', `0x80045006')
-define(`SOUND_PCM_READ_FILTER', `0x80045007')
-define(`SNDCTL_DSP_GETFMTS', `0x8004500b')
-define(`SNDCTL_DSP_GETCAPS', `0x8004500f')
-define(`SNDCTL_DSP_GETTRIGGER', `0x80045010')
-define(`SNDCTL_DSP_GETODELAY', `0x80045017')
-define(`SNDCTL_DSP_GETSPDIF', `0x80045043')
-define(`SNDCTL_SEQ_GETOUTCOUNT', `0x80045104')
-define(`SNDCTL_SEQ_GETINCOUNT', `0x80045105')
-define(`SNDCTL_SEQ_NRSYNTHS', `0x8004510a')
-define(`SNDCTL_SEQ_NRMIDIS', `0x8004510b')
-define(`SNDCTL_SEQ_GETTIME', `0x80045113')
-define(`RNDGETENTCNT', `0x80045200')
-define(`SAA6588_CMD_READ', `0x80045203')
-define(`SAA6588_CMD_POLL', `0x80045204')
-define(`RFCOMMGETDEVLIST', `0x800452d2')
-define(`RFCOMMGETDEVINFO', `0x800452d3')
-define(`SNDRV_SEQ_IOCTL_PVERSION', `0x80045300')
-define(`SNDRV_SEQ_IOCTL_CLIENT_ID', `0x80045301')
-define(`SNDRV_TIMER_IOCTL_PVERSION', `0x80045400')
-define(`TIOCGPTN', `0x80045430')
-define(`TIOCGDEV', `0x80045432')
-define(`TIOCGPKT', `0x80045438')
-define(`TIOCGPTLCK', `0x80045439')
-define(`TIOCGEXCL', `0x80045440')
-define(`TUNGETFEATURES', `0x800454cf')
-define(`TUNGETIFF', `0x800454d2')
-define(`TUNGETSNDBUF', `0x800454d3')
-define(`TUNGETVNETHDRSZ', `0x800454d7')
-define(`TUNGETVNETLE', `0x800454dd')
-define(`SNDRV_CTL_IOCTL_PVERSION', `0x80045500')
-define(`USBDEVFS_RESETEP', `0x80045503')
-define(`USBDEVFS_SETCONFIGURATION', `0x80045505')
-define(`USBDEVFS_CLAIMINTERFACE', `0x8004550f')
-define(`USBDEVFS_RELEASEINTERFACE', `0x80045510')
-define(`USBDEVFS_CLEAR_HALT', `0x80045515')
-define(`USBDEVFS_CLAIM_PORT', `0x80045518')
-define(`USBDEVFS_RELEASE_PORT', `0x80045519')
-define(`USBDEVFS_GET_CAPABILITIES', `0x8004551a')
-define(`UI_GET_VERSION', `0x8004552d')
-define(`SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE', `0x80045530')
-define(`SNDRV_CTL_IOCTL_POWER_STATE', `0x800455d1')
-define(`VIDIOC_G_INPUT', `0x80045626')
-define(`VIDIOC_G_OUTPUT', `0x8004562e')
-define(`VIDIOC_G_PRIORITY', `0x80045643')
-define(`SNDRV_RAWMIDI_IOCTL_PVERSION', `0x80045700')
-define(`WDIOC_GETSTATUS', `0x80045701')
-define(`WDIOC_GETBOOTSTATUS', `0x80045702')
-define(`WDIOC_GETTEMP', `0x80045703')
-define(`WDIOC_SETOPTIONS', `0x80045704')
-define(`WDIOC_KEEPALIVE', `0x80045705')
-define(`WDIOC_GETTIMEOUT', `0x80045707')
-define(`WDIOC_GETPRETIMEOUT', `0x80045709')
-define(`WDIOC_GETTIMELEFT', `0x8004570a')
-define(`SONET_GETDIAG', `0x80046114')
-define(`SONET_GETFRAMING', `0x80046116')
-define(`CHIOGPICKER', `0x80046304')
-define(`DRM_IOCTL_GET_MAGIC', `0x80046402')
-define(`DRM_IOCTL_I915_GET_VBLANK_PIPE', `0x8004644e')
-define(`FS_IOC32_GETFLAGS', `0x80046601')
-define(`LIRC_GET_FEATURES', `0x80046900')
-define(`LIRC_GET_SEND_MODE', `0x80046901')
-define(`LIRC_GET_REC_MODE', `0x80046902')
-define(`LIRC_GET_SEND_CARRIER', `0x80046903')
-define(`LIRC_GET_REC_CARRIER', `0x80046904')
-define(`LIRC_GET_SEND_DUTY_CYCLE', `0x80046905')
-define(`LIRC_GET_REC_DUTY_CYCLE', `0x80046906')
-define(`LIRC_GET_REC_RESOLUTION', `0x80046907')
-define(`I2OVALIDATE', `0x80046908')
-define(`LIRC_GET_MIN_TIMEOUT', `0x80046908')
-define(`LIRC_GET_MAX_TIMEOUT', `0x80046909')
-define(`LIRC_GET_MIN_FILTER_PULSE', `0x8004690a')
-define(`LIRC_GET_MAX_FILTER_PULSE', `0x8004690b')
-define(`LIRC_GET_MIN_FILTER_SPACE', `0x8004690c')
-define(`LIRC_GET_MAX_FILTER_SPACE', `0x8004690d')
-define(`LIRC_GET_LENGTH', `0x8004690f')
-define(`IPMICTL_SET_GETS_EVENTS_CMD', `0x80046910')
-define(`IPMICTL_SET_MY_ADDRESS_CMD', `0x80046911')
-define(`IPMICTL_GET_MY_ADDRESS_CMD', `0x80046912')
-define(`IPMICTL_SET_MY_LUN_CMD', `0x80046913')
-define(`IPMICTL_GET_MY_LUN_CMD', `0x80046914')
-define(`IPMICTL_SET_MY_CHANNEL_ADDRESS_CMD', `0x80046918')
-define(`IPMICTL_GET_MY_CHANNEL_ADDRESS_CMD', `0x80046919')
-define(`IPMICTL_SET_MY_CHANNEL_LUN_CMD', `0x8004691a')
-define(`IPMICTL_GET_MY_CHANNEL_LUN_CMD', `0x8004691b')
-define(`IPMICTL_GET_MAINTENANCE_MODE_CMD', `0x8004691e')
-define(`I8K_BIOS_VERSION', `0x80046980')
-define(`I8K_MACHINE_ID', `0x80046981')
-define(`IIO_GET_EVENT_FD_IOCTL', `0x80046990')
-define(`JSIOCGVERSION', `0x80046a01')
-define(`SPI_IOC_RD_MAX_SPEED_HZ', `0x80046b04')
-define(`SPI_IOC_RD_MODE32', `0x80046b05')
-define(`UDF_GETEASIZE', `0x80046c40')
-define(`NCP_IOC_SIGN_WANTED', `0x80046e06')
-define(`NCP_IOC_SETDENTRYTTL', `0x80046e0c')
-define(`SISFB_GET_INFO_OLD', `0x80046ef8')
-define(`SISFB_GET_VBRSTATUS_OLD', `0x80046ef9')
-define(`SISFB_GET_AUTOMAXIMIZE_OLD', `0x80046efa')
-define(`AUDIO_GET_CAPABILITIES', `0x80046f0b')
-define(`VIDEO_GET_CAPABILITIES', `0x80046f21')
-define(`VIDEO_GET_FRAME_RATE', `0x80046f38')
-define(`FE_READ_STATUS', `0x80046f45')
-define(`FE_READ_BER', `0x80046f46')
-define(`FE_READ_UNCORRECTED_BLOCKS', `0x80046f49')
-define(`RTC_VL_READ', `0x80047013')
-define(`PPCLRIRQ', `0x80047093')
-define(`PPGETMODES', `0x80047097')
-define(`PPGETMODE', `0x80047098')
-define(`PPGETPHASE', `0x80047099')
-define(`PPGETFLAGS', `0x8004709a')
-define(`PHONE_DTMF_READY', `0x80047196')
-define(`PHONE_GET_DTMF', `0x80047197')
-define(`PHONE_GET_DTMF_ASCII', `0x80047198')
-define(`PHONE_EXCEPTION', `0x8004719a')
-define(`IXJCTL_CARDTYPE', `0x800471c1')
-define(`IXJCTL_SERIAL', `0x800471c2')
-define(`IXJCTL_DSP_TYPE', `0x800471c3')
-define(`IXJCTL_DSP_VERSION', `0x800471c4')
-define(`IXJCTL_VMWI', `0x800471d8')
-define(`BR_ERROR', `0x80047200')
-define(`BR_ACQUIRE_RESULT', `0x80047204')
-define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210')
-define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213')
-define(`FS_IOC32_GETVERSION', `0x80047601')
-define(`MEYEIOC_STILLJCAPT', `0x800476c5')
-define(`OSIOCGNETADDR', `0x800489e1')
-define(`SIOCGNETADDR', `0x800489e1')
-define(`AUTOFS_IOC_PROTOVER', `0x80049363')
-define(`AUTOFS_IOC_PROTOSUBVER', `0x80049367')
-define(`AUTOFS_IOC_ASKUMOUNT', `0x80049370')
-define(`GENWQE_GET_CARD_STATE', `0x8004a524')
-define(`KVM_GET_MP_STATE', `0x8004ae98')
-define(`CXL_IOCTL_GET_PROCESS_ELEMENT', `0x8004ca01')
-define(`SISFB_GET_INFO_SIZE', `0x8004f300')
-define(`SISFB_GET_VBRSTATUS', `0x8004f302')
-define(`SISFB_GET_AUTOMAXIMIZE', `0x8004f303')
-define(`SISFB_GET_TVPOSOFFSET', `0x8004f304')
-define(`SONET_GETFRSENSE', `0x80066117')
-define(`MEYEIOC_G_PARAMS', `0x800676c0')
-define(`BLKBSZGET', `0x80081270')
-define(`BLKGETSIZE64', `0x80081272')
-define(`PERF_EVENT_IOC_ID', `0x80082407')
-define(`SNAPSHOT_GET_IMAGE_SIZE', `0x8008330e')
-define(`SNAPSHOT_AVAIL_SWAP_SIZE', `0x80083313')
-define(`SNAPSHOT_ALLOC_SWAP_PAGE', `0x80083314')
-define(`FBIO_RADEON_GET_MIRROR', `0x80084003')
-define(`AGPIOC_INFO', `0x80084100')
-define(`SNDRV_PCM_IOCTL_DELAY', `0x80084121')
-define(`CCISS_GETPCIINFO', `0x80084201')
-define(`PMU_IOC_GET_BACKLIGHT', `0x80084201')
-define(`CCISS_GETINTINFO', `0x80084202')
-define(`PMU_IOC_GET_MODEL', `0x80084203')
-define(`PMU_IOC_HAS_ADB', `0x80084204')
-define(`PMU_IOC_CAN_SLEEP', `0x80084205')
-define(`PMU_IOC_GRAB_BACKLIGHT', `0x80084206')
-define(`EVIOCGID', `0x80084502')
-define(`EVIOCGREP', `0x80084503')
-define(`EVIOCGKEYCODE', `0x80084504')
-define(`FBIO_GETCONTROL2', `0x80084689')
-define(`HIDIOCGRAWINFO', `0x80084803')
-define(`SNDRV_HDSP_IOCTL_GET_VERSION', `0x80084843')
-define(`SNDRV_HDSPM_IOCTL_GET_MIXER', `0x80084844')
-define(`SNDRV_HDSP_IOCTL_GET_9632_AEB', `0x80084845')
-define(`AMDKFD_IOC_GET_VERSION', `0x80084b01')
-define(`MFB_GET_AOID', `0x80084d04')
-define(`MEMISLOCKED', `0x80084d17')
-define(`RNDGETPOOL', `0x80085202')
-define(`USBDEVFS_SETINTERFACE', `0x80085504')
-define(`USBDEVFS_DISCSIGNAL32', `0x8008550e')
-define(`USBDEVFS_ALLOC_STREAMS', `0x8008551c')
-define(`USBDEVFS_FREE_STREAMS', `0x8008551d')
-define(`VIDIOC_G_STD', `0x80085617')
-define(`VIDIOC_QUERYSTD', `0x8008563f')
-define(`CM_IOCGSTATUS', `0x80086300')
-define(`DRM_IOCTL_I810_OV0INFO', `0x80086449')
-define(`FS_IOC_GETFLAGS', `0x80086601')
-define(`I2OPASSTHRU32', `0x8008690c')
-define(`IPMICTL_SET_TIMING_PARMS_CMD', `0x80086916')
-define(`IPMICTL_GET_TIMING_PARMS_CMD', `0x80086917')
-define(`I8K_POWER_STATUS', `0x80086982')
-define(`I8K_FN_STATUS', `0x80086983')
-define(`I8K_GET_TEMP', `0x80086984')
-define(`UDF_GETEABLOCK', `0x80086c41')
-define(`UDF_GETVOLIDENT', `0x80086c42')
-define(`MMTIMER_GETRES', `0x80086d01')
-define(`MMTIMER_GETFREQ', `0x80086d02')
-define(`MTIOCPOS', `0x80086d03')
-define(`MMTIMER_GETCOUNTER', `0x80086d09')
-define(`NILFS_IOCTL_SYNC', `0x80086e8a')
-define(`MATROXFB_GET_OUTPUT_CONNECTION', `0x80086ef8')
-define(`MATROXFB_GET_AVAILABLE_OUTPUTS', `0x80086ef9')
-define(`MATROXFB_GET_ALL_OUTPUTS', `0x80086efb')
-define(`AUDIO_GET_PTS', `0x80086f13')
-define(`DMX_GET_CAPS', `0x80086f30')
-define(`VIDEO_GET_PTS', `0x80086f39')
-define(`VIDEO_GET_FRAME_COUNT', `0x80086f3a')
-define(`CA_GET_DESCR_INFO', `0x80086f83')
-define(`RTC_IRQP_READ', `0x8008700b')
-define(`RTC_EPOCH_READ', `0x8008700d')
-define(`PPS_GETPARAMS', `0x800870a1')
-define(`PPS_GETCAP', `0x800870a3')
-define(`PHONE_CAPABILITIES_LIST', `0x80087181')
-define(`IXJCTL_CID', `0x800871d4')
-define(`IXJCTL_VERSION', `0x800871da')
-define(`IXJCTL_FRAMES_READ', `0x800871e2')
-define(`IXJCTL_FRAMES_WRITTEN', `0x800871e3')
-define(`IXJCTL_READ_WAIT', `0x800871e4')
-define(`IXJCTL_WRITE_WAIT', `0x800871e5')
-define(`IXJCTL_DRYBUFFER_READ', `0x800871e6')
-define(`BR_DEAD_BINDER', `0x8008720f')
-define(`BR_CLEAR_DEATH_NOTIFICATION_DONE', `0x80087210')
-define(`FS_IOC_GETVERSION', `0x80087601')
-define(`BTRFS_IOC_START_SYNC', `0x80089418')
-define(`BTRFS_IOC_SUBVOL_GETFLAGS', `0x80089419')
-define(`KVM_X86_GET_MCE_CAP_SUPPORTED', `0x8008ae9d')
-define(`KVM_ALLOCATE_RMA', `0x8008aea9')
-define(`VHOST_GET_FEATURES', `0x8008af00')
-define(`FUNCTIONFS_ENDPOINT_DESC', `0x80096782')
-define(`DMX_GET_PES_PIDS', `0x800a6f2f')
-define(`RAID_VERSION', `0x800c0910')
-define(`CCISS_GETLUNINFO', `0x800c4211')
-define(`OTPLOCK', `0x800c4d10')
-define(`OMAPFB_GET_CAPS', `0x800c4f2a')
-define(`SNDCTL_DSP_GETIPTR', `0x800c5011')
-define(`SNDCTL_DSP_GETOPTR', `0x800c5012')
-define(`IPMICTL_REGISTER_FOR_CMD_CHANS', `0x800c691c')
-define(`IPMICTL_UNREGISTER_FOR_CMD_CHANS', `0x800c691d')
-define(`NCP_IOC_SETROOT', `0x800c6e08')
-define(`VIDEO_GET_SIZE', `0x800c6f37')
-define(`FE_DISEQC_RECV_SLAVE_REPLY', `0x800c6f40')
-define(`CA_GET_SLOT_INFO', `0x800c6f82')
-define(`FDGETDRVTYP', `0x8010020f')
-define(`FW_CDEV_IOC_GET_CYCLE_TIMER', `0x8010230c')
-define(`CCISS_GETNODENAME', `0x80104204')
-define(`SNDRV_HDSPM_IOCTL_GET_LTC', `0x80104846')
-define(`ECCGETSTATS', `0x80104d12')
-define(`SNDCTL_DSP_GETOSPACE', `0x8010500c')
-define(`SNDCTL_DSP_GETISPACE', `0x8010500d')
-define(`SNDCTL_DSP_MAPINBUF', `0x80105013')
-define(`SNDCTL_DSP_MAPOUTBUF', `0x80105014')
-define(`TUNGETFILTER', `0x801054db')
-define(`USBDEVFS_DISCSIGNAL', `0x8010550e')
-define(`DRM_IOCTL_I915_GEM_GET_APERTURE', `0x80106463')
-define(`I2OPASSTHRU', `0x8010690c')
-define(`MGSL_IOCGGPIO', `0x80106d11')
-define(`NCP_IOC_NCPREQUEST', `0x80106e01')
-define(`NCP_IOC_SETPRIVATEDATA', `0x80106e0a')
-define(`FE_GET_PROPERTY', `0x80106f53')
-define(`CA_GET_CAP', `0x80106f81')
-define(`OSD_GET_CAPABILITY', `0x80106fa1')
-define(`PPGETTIME', `0x80107095')
-define(`BR_INCREFS', `0x80107207')
-define(`BR_ACQUIRE', `0x80107208')
-define(`BR_RELEASE', `0x80107209')
-define(`BR_DECREFS', `0x8010720a')
-define(`GENWQE_READ_REG64', `0x8010a51e')
-define(`GENWQE_READ_REG32', `0x8010a520')
-define(`GENWQE_READ_REG16', `0x8010a522')
-define(`FDGETMAXERRS', `0x8014020e')
-define(`GET_DISK_INFO', `0x80140912')
-define(`SNDRV_COMPRESS_TSTAMP', `0x80144320')
-define(`CHIOGPARAMS', `0x80146306')
-define(`NCP_IOC_LOCKUNLOCK', `0x80146e07')
-define(`VIDEO_GET_STATUS', `0x80146f1b')
-define(`SNDRV_PCM_IOCTL_CHANNEL_INFO', `0x80184132')
-define(`SNDRV_PCM_IOCTL_READI_FRAMES', `0x80184151')
-define(`SNDRV_PCM_IOCTL_READN_FRAMES', `0x80184153')
-define(`SNDRV_HDSPM_IOCTL_GET_CONFIG', `0x80184841')
-define(`IMSETDEVNAME', `0x80184947')
-define(`OMAPFB_MEMORY_READ', `0x80184f3a')
-define(`HPET_INFO', `0x80186803')
-define(`NCP_IOC_SIGN_INIT', `0x80186e05')
-define(`NCP_IOC_SETOBJECTNAME', `0x80186e09')
-define(`NILFS_IOCTL_GET_CPINFO', `0x80186e82')
-define(`NILFS_IOCTL_GET_CPSTAT', `0x80186e83')
-define(`NILFS_IOCTL_GET_SUINFO', `0x80186e84')
-define(`BR_ATTEMPT_ACQUIRE', `0x8018720b')
-define(`BTRFS_IOC_GET_FEATURES', `0x80189439')
-define(`MBXFB_IOCG_ALPHA', `0x8018f401')
-define(`SNDRV_COMPRESS_AVAIL', `0x801c4321')
-define(`HIDIOCGDEVINFO', `0x801c4803')
-define(`FDGETPRM', `0x80200204')
-define(`FBIOGET_VBLANK', `0x80204612')
-define(`SNDRV_HDSPM_IOCTL_GET_STATUS', `0x80204847')
-define(`SNDRV_FIREWIRE_IOCTL_GET_INFO', `0x802048f8')
-define(`MEMGETINFO', `0x80204d01')
-define(`OMAPFB_GET_VRAM_INFO', `0x80204f3d')
-define(`OMAPFB_GET_DISPLAY_INFO', `0x80204f3f')
-define(`I2OGETIOPS', `0x80206900')
-define(`AUDIO_GET_STATUS', `0x80206f0a')
-define(`VIDEO_GET_EVENT', `0x80206f1c')
-define(`RTC_PLL_GET', `0x80207011')
-define(`KVM_ARM_PREFERRED_TARGET', `0x8020aeaf')
-define(`SNDRV_HDSP_IOCTL_GET_CONFIG_INFO', `0x80244841')
-define(`SNDRV_HDSPM_IOCTL_GET_VERSION', `0x80244848')
-define(`SONET_GETSTAT', `0x80246110')
-define(`SONET_GETSTATZ', `0x80246111')
-define(`JSIOCGCORR', `0x80246a22')
-define(`FE_GET_FRONTEND', `0x80246f4d')
-define(`RTC_ALM_READ', `0x80247008')
-define(`RTC_RD_TIME', `0x80247009')
-define(`FDGETFDCSTAT', `0x80280215')
-define(`FDWERRORGET', `0x80280217')
-define(`EVIOCGKEYCODE_V2', `0x80284504')
-define(`SNDRV_SB_CSP_IOCTL_INFO', `0x80284810')
-define(`WDIOC_GETSUPPORT', `0x80285700')
-define(`IPMICTL_SEND_COMMAND', `0x8028690d')
-define(`FE_GET_EVENT', `0x80286f4e')
-define(`RTC_WKALM_RD', `0x80287010')
-define(`IOW_GETINFO', `0x8028c003')
-define(`USBDEVFS_SUBMITURB32', `0x802a550a')
-define(`NCP_IOC_SETCHARSETS', `0x802a6e0b')
-define(`TCGETS2', `0x802c542a')
-define(`SOUND_OLD_MIXER_INFO', `0x80304d65')
-define(`VIDIOC_G_FBUF', `0x8030560a')
-define(`IPMICTL_SEND_COMMAND_SETTIME', `0x80306915')
-define(`MGSL_IOCGPARAMS', `0x80306d01')
-define(`MTIOCGET', `0x80306d02')
-define(`NILFS_IOCTL_GET_SUSTAT', `0x80306e85')
-define(`BTRFS_IOC_QGROUP_LIMIT', `0x8030942b')
-define(`KVM_GET_CLOCK', `0x8030ae7c')
-define(`VIDIOC_G_AUDIO', `0x80345621')
-define(`VIDIOC_G_AUDOUT', `0x80345631')
-define(`USBDEVFS_SUBMITURB', `0x8038550a')
-define(`DRM_IOCTL_AGP_INFO', `0x80386433')
-define(`OMAPFB_GET_OVERLAY_COLORMODE', `0x803c4f3b')
-define(`SNDRV_HWDEP_IOCTL_DSP_STATUS', `0x80404802')
-define(`JSIOCGAXMAP', `0x80406a32')
-define(`BR_TRANSACTION', `0x80407202')
-define(`BR_REPLY', `0x80407203')
-define(`BTRFS_IOC_QUOTA_RESCAN_STATUS', `0x8040942d')
-define(`KVM_ASSIGN_PCI_DEVICE', `0x8040ae69')
-define(`KVM_GET_VCPU_EVENTS', `0x8040ae9f')
-define(`GET_ARRAY_INFO', `0x80480911')
-define(`BTRFS_IOC_GET_SUPPORTED_FEATURES', `0x80489439')
-define(`KVM_SET_PIT', `0x8048ae66')
-define(`GSMIOC_GETCONF', `0x804c4700')
-define(`FDGETDRVSTAT', `0x80500212')
-define(`FDPOLLDRVSTAT', `0x80500213')
-define(`PTP_CLOCK_GETCAPS', `0x80503d01')
-define(`SOUND_MIXER_INFO', `0x805c4d65')
-define(`SNDRV_TIMER_IOCTL_STATUS', `0x80605414')
-define(`VIDIOC_QUERYCAP', `0x80685600')
-define(`I2OEVTGET', `0x8068690b')
-define(`CHIOGVPARAMS', `0x80706313')
-define(`KVM_GET_PIT2', `0x8070ae9f')
-define(`SNDRV_COMPRESS_GET_PARAMS', `0x80784313')
-define(`FDGETDRVPRM', `0x80800211')
-define(`USBDEVFS_HUB_PORTINFO', `0x80805513')
-define(`KVM_GET_DEBUGREGS', `0x8080aea1')
-define(`VIDIOC_QUERY_DV_TIMINGS', `0x80845663')
-define(`VIDIOC_SUBDEV_QUERY_DV_TIMINGS', `0x80845663')
-define(`VIDIOC_DQEVENT', `0x80885659')
-define(`VIDIOC_G_JPEGCOMP', `0x808c563d')
-define(`KVM_GET_REGS', `0x8090ae81')
-define(`SNDRV_PCM_IOCTL_STATUS', `0x80984120')
-define(`FE_GET_INFO', `0x80a86f3d')
-define(`MEMGETOOBSEL', `0x80c84d0a')
-define(`SNDRV_HWDEP_IOCTL_INFO', `0x80dc4801')
-define(`SNDRV_CTL_IOCTL_HWDEP_INFO', `0x80dc5521')
-define(`SNDRV_TIMER_IOCTL_INFO', `0x80e85411')
-define(`DRM_IOCTL_GET_STATS', `0x80f86406')
-define(`ASHMEM_GET_NAME', `0x81007702')
-define(`BTRFS_IOC_GET_FSLABEL', `0x81009431')
-define(`HIDIOCGSTRING', `0x81044804')
-define(`USBDEVFS_DISCONNECT_CLAIM', `0x8108551b')
-define(`SNDRV_RAWMIDI_IOCTL_INFO', `0x810c5701')
-define(`CA_GET_MSG', `0x810c6f84')
-define(`AUTOFS_IOC_EXPIRE', `0x810c9365')
-define(`SISFB_GET_INFO', `0x811cf301')
-define(`SNDRV_PCM_IOCTL_INFO', `0x81204101')
-define(`KVM_GET_SREGS', `0x8138ae83')
-define(`ECCGETLAYOUT', `0x81484d11')
-define(`SNDRV_CTL_IOCTL_CARD_INFO', `0x81785501')
-define(`KVM_GET_XCRS', `0x8188aea6')
-define(`AMDKFD_IOC_GET_PROCESS_APERTURES', `0x81904b06')
-define(`KVM_GET_FPU', `0x81a0ae8c')
-define(`KVM_SET_IRQCHIP', `0x8208ae63')
-define(`VFAT_IOCTL_READDIR_BOTH', `0x82307201')
-define(`VFAT_IOCTL_READDIR_SHORT', `0x82307202')
-define(`KVM_PPC_GET_SMMU_INFO', `0x8250aea6')
-define(`SNDRV_HDSP_IOCTL_GET_PEAK_RMS', `0x83b04840')
-define(`JSIOCGBTNMAP', `0x84006a34')
-define(`BTRFS_IOC_FS_INFO', `0x8400941f')
-define(`BTRFS_IOC_BALANCE_PROGRESS', `0x84009422')
-define(`KVM_GET_LAPIC', `0x8400ae8e')
-define(`VIDEO_GET_NAVI', `0x84046f34')
-define(`SNDRV_EMU10K1_IOCTL_INFO', `0x880c4810')
-define(`VIDIOC_G_ENC_INDEX', `0x8818564c')
-define(`SNDRV_HDSPM_IOCTL_GET_PEAK_RMS', `0x89084842')
-define(`SNDCTL_COPR_RCVMSG', `0x8fa44309')
-define(`GET_BITMAP_FILE', `0x90000915')
-define(`SNDRV_HDSP_IOCTL_GET_MIXER', `0x90004844')
-define(`BTRFS_IOC_DEVICES_READY', `0x90009427')
-define(`KVM_GET_XSAVE', `0x9000aea4')
-define(`HIDIOCGRDESC', `0x90044802')
-define(`SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER', `0xc0005343')
-define(`GADGET_SET_PRINTER_STATUS', `0xc0016722')
-define(`CAPI_GET_MANUFACTURER', `0xc0044306')
-define(`CAPI_GET_SERIAL', `0xc0044308')
-define(`GIGASET_REDIR', `0xc0044700')
-define(`GIGASET_CONFIG', `0xc0044701')
-define(`ION_IOC_FREE', `0xc0044901')
-define(`SOUND_MIXER_AGC', `0xc0044d67')
+define(`SONYPI_IOCGBATFLAGS', `0x80017607')
+define(`SONYPI_IOCGBLUE', `0x80017608')
+define(`SONYPI_IOCGBRT', `0x80017600')
+define(`SONYPI_IOCGFAN', `0x8001760a')
+define(`SONYPI_IOCGTEMP', `0x8001760c')
+define(`SONYPI_IOCSBLUE', `0x40017609')
+define(`SONYPI_IOCSBRT', `0x40017600')
+define(`SONYPI_IOCSFAN', `0x4001760b')
define(`SOUND_MIXER_3DSE', `0xc0044d68')
+define(`SOUND_MIXER_ACCESS', `0xc0804d66')
+define(`SOUND_MIXER_AGC', `0xc0044d67')
+define(`SOUND_MIXER_GETLEVELS', `0xc0a44d74')
+define(`SOUND_MIXER_INFO', `0x805c4d65')
define(`SOUND_MIXER_PRIVATE1', `0xc0044d6f')
define(`SOUND_MIXER_PRIVATE2', `0xc0044d70')
define(`SOUND_MIXER_PRIVATE3', `0xc0044d71')
define(`SOUND_MIXER_PRIVATE4', `0xc0044d72')
define(`SOUND_MIXER_PRIVATE5', `0xc0044d73')
-define(`SNDCTL_DSP_SPEED', `0xc0045002')
-define(`SNDCTL_DSP_STEREO', `0xc0045003')
-define(`SNDCTL_DSP_GETBLKSIZE', `0xc0045004')
-define(`SNDCTL_DSP_SETFMT', `0xc0045005')
-define(`SNDCTL_DSP_CHANNELS', `0xc0045006')
+define(`SOUND_MIXER_SETLEVELS', `0xc0a44d75')
+define(`SOUND_OLD_MIXER_INFO', `0x80304d65')
+define(`SOUND_PCM_READ_BITS', `0x80045005')
+define(`SOUND_PCM_READ_CHANNELS', `0x80045006')
+define(`SOUND_PCM_READ_FILTER', `0x80045007')
+define(`SOUND_PCM_READ_RATE', `0x80045002')
define(`SOUND_PCM_WRITE_FILTER', `0xc0045007')
-define(`SNDCTL_DSP_SUBDIVIDE', `0xc0045009')
-define(`SNDCTL_DSP_SETFRAGMENT', `0xc004500a')
-define(`SNDCTL_DSP_GETCHANNELMASK', `0xc0045040')
-define(`SNDCTL_DSP_BIND_CHANNEL', `0xc0045041')
-define(`SNDCTL_SEQ_CTRLRATE', `0xc0045103')
-define(`SNDCTL_SYNTH_MEMAVL', `0xc004510e')
-define(`SNDCTL_TMR_TIMEBASE', `0xc0045401')
-define(`SNDCTL_TMR_TEMPO', `0xc0045405')
-define(`SNDCTL_TMR_SOURCE', `0xc0045406')
-define(`SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS', `0xc0045516')
-define(`SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE', `0xc0045520')
-define(`SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE', `0xc0045540')
-define(`SNDRV_CTL_IOCTL_POWER', `0xc00455d0')
-define(`VIDIOC_S_INPUT', `0xc0045627')
-define(`VIDIOC_S_OUTPUT', `0xc004562f')
-define(`WDIOC_SETTIMEOUT', `0xc0045706')
-define(`WDIOC_SETPRETIMEOUT', `0xc0045708')
-define(`FIFREEZE', `0xc0045877')
-define(`FITHAW', `0xc0045878')
-define(`SONET_SETDIAG', `0xc0046112')
-define(`SONET_CLRDIAG', `0xc0046113')
-define(`BINDER_VERSION', `0xc0046209')
-define(`DRM_IOCTL_BLOCK', `0xc0046412')
-define(`DRM_IOCTL_UNBLOCK', `0xc0046413')
-define(`DRM_IOCTL_ADD_DRAW', `0xc0046427')
-define(`DRM_IOCTL_RM_DRAW', `0xc0046428')
-define(`DRM_IOCTL_MGA_WAIT_FENCE', `0xc004644b')
-define(`DRM_IOCTL_MODE_RMFB', `0xc00464af')
-define(`DRM_IOCTL_MODE_DESTROY_DUMB', `0xc00464b4')
-define(`SNDCTL_MIDI_PRETIME', `0xc0046d00')
-define(`SNDCTL_MIDI_MPUMODE', `0xc0046d01')
-define(`MGSL_IOCWAITEVENT', `0xc0046d08')
-define(`TOSH_SMM', `0xc0047490')
-define(`MEYEIOC_SYNC', `0xc00476c3')
-define(`AUTOFS_IOC_SETTIMEOUT32', `0xc0049364')
-define(`KVM_GET_MSR_INDEX_LIST', `0xc004ae02')
-define(`KVM_PPC_ALLOCATE_HTAB', `0xc004aea7')
-define(`NET_ADD_IF', `0xc0066f34')
-define(`NET_GET_IF', `0xc0066f36')
-define(`AGPIOC_ALLOCATE', `0xc0084106')
-define(`HDA_IOCTL_VERB_WRITE', `0xc0084811')
-define(`HDA_IOCTL_GET_WCAP', `0xc0084812')
-define(`ION_IOC_MAP', `0xc0084902')
-define(`ION_IOC_SHARE', `0xc0084904')
-define(`ION_IOC_IMPORT', `0xc0084905')
-define(`ION_IOC_SYNC', `0xc0084907')
-define(`AMDKFD_IOC_DESTROY_QUEUE', `0xc0084b03')
-define(`SNDRV_CTL_IOCTL_TLV_READ', `0xc008551a')
-define(`SNDRV_CTL_IOCTL_TLV_WRITE', `0xc008551b')
-define(`SNDRV_CTL_IOCTL_TLV_COMMAND', `0xc008551c')
-define(`VIDIOC_G_CTRL', `0xc008561b')
-define(`VIDIOC_S_CTRL', `0xc008561c')
-define(`VIDIOC_OMAP3ISP_STAT_EN', `0xc00856c7')
-define(`CM_IOCGATR', `0xc0086301')
-define(`CIOC_KERNEL_VERSION', `0xc008630a')
-define(`DRM_IOCTL_GEM_FLINK', `0xc008640a')
-define(`DRM_IOCTL_ADD_CTX', `0xc0086420')
-define(`DRM_IOCTL_RM_CTX', `0xc0086421')
-define(`DRM_IOCTL_GET_CTX', `0xc0086423')
-define(`DRM_IOCTL_QXL_ALLOC', `0xc0086440')
-define(`DRM_IOCTL_TEGRA_GEM_MMAP', `0xc0086441')
-define(`DRM_IOCTL_SAVAGE_BCI_EVENT_EMIT', `0xc0086442')
-define(`DRM_IOCTL_TEGRA_SYNCPT_READ', `0xc0086442')
-define(`DRM_IOCTL_VIA_AGP_INIT', `0xc0086442')
-define(`DRM_IOCTL_TEGRA_SYNCPT_INCR', `0xc0086443')
-define(`DRM_IOCTL_VIA_FB_INIT', `0xc0086443')
-define(`DRM_IOCTL_I915_IRQ_EMIT', `0xc0086444')
-define(`DRM_IOCTL_TEGRA_GEM_SET_FLAGS', `0xc008644c')
-define(`DRM_IOCTL_TEGRA_GEM_GET_FLAGS', `0xc008644d')
-define(`DRM_IOCTL_RADEON_IRQ_EMIT', `0xc0086456')
-define(`DRM_IOCTL_I915_GEM_BUSY', `0xc0086457')
-define(`DRM_IOCTL_EXYNOS_G2D_GET_VER', `0xc0086460')
-define(`DRM_IOCTL_EXYNOS_G2D_EXEC', `0xc0086462')
-define(`DRM_IOCTL_I915_GET_PIPE_FROM_CRTC_ID', `0xc0086465')
-define(`DRM_IOCTL_RADEON_GEM_BUSY', `0xc008646a')
-define(`DRM_IOCTL_I915_GEM_CONTEXT_CREATE', `0xc008646d')
-define(`DRM_IOCTL_I915_GEM_GET_CACHING', `0xc0086470')
-define(`DRM_IOCTL_EXYNOS_IPP_CMD_CTRL', `0xc0086473')
-define(`I8K_GET_SPEED', `0xc0086985')
-define(`I8K_GET_FAN', `0xc0086986')
-define(`I8K_SET_FAN', `0xc0086987')
-define(`UDF_RELOCATE_BLOCKS', `0xc0086c43')
-define(`MATROXFB_GET_OUTPUT_MODE', `0xc0086efa')
-define(`PHN_GET_REG', `0xc0087000')
-define(`PHN_GET_REGS', `0xc0087002')
-define(`PHN_GETREG', `0xc0087005')
-define(`PPS_FETCH', `0xc00870a4')
-define(`PHONE_QUERY_CODEC', `0xc00871a7')
-define(`MIC_VIRTIO_ADD_DEVICE', `0xc0087301')
-define(`MIC_VIRTIO_COPY_DESC', `0xc0087302')
-define(`MIC_VIRTIO_CONFIG_CHANGE', `0xc0087305')
-define(`AUTOFS_IOC_SETTIMEOUT', `0xc0089364')
-define(`KVM_GET_SUPPORTED_CPUID', `0xc008ae05')
-define(`KVM_GET_EMULATED_CPUID', `0xc008ae09')
-define(`KVM_IRQ_LINE_STATUS', `0xc008ae67')
-define(`KVM_GET_MSRS', `0xc008ae88')
-define(`KVM_GET_CPUID2', `0xc008ae91')
-define(`KVM_GET_REG_LIST', `0xc008aeb0')
-define(`FSL_HV_IOCTL_PARTITION_RESTART', `0xc008af01')
-define(`FSL_HV_IOCTL_PARTITION_STOP', `0xc008af04')
-define(`FSL_HV_IOCTL_DOORBELL', `0xc008af06')
-define(`VHOST_GET_VRING_BASE', `0xc008af12')
-define(`HIDIOCGREPORTINFO', `0xc00c4809')
-define(`SNDCTL_SYNTH_REMOVESAMPLE', `0xc00c5116')
-define(`USBDEVFS_IOCTL32', `0xc00c5512')
-define(`UI_BEGIN_FF_ERASE', `0xc00c55ca')
-define(`DRM_IOCTL_PRIME_HANDLE_TO_FD', `0xc00c642d')
-define(`DRM_IOCTL_PRIME_FD_TO_HANDLE', `0xc00c642e')
-define(`DRM_IOCTL_VIA_CMDBUF_SIZE', `0xc00c644b')
-define(`DRM_IOCTL_I915_VBLANK_SWAP', `0xc00c644f')
-define(`DRM_IOCTL_RADEON_GEM_SET_DOMAIN', `0xc00c6463')
-define(`DRM_IOCTL_I915_GEM_MADVISE', `0xc00c6466')
-define(`DRM_IOCTL_RADEON_GEM_SET_TILING', `0xc00c6468')
-define(`DRM_IOCTL_RADEON_GEM_GET_TILING', `0xc00c6469')
-define(`KVM_CREATE_DEVICE', `0xc00caee0')
-define(`FSL_HV_IOCTL_PARTITION_GET_STATUS', `0xc00caf02')
-define(`MBXFB_IOCX_REG', `0xc00cf405')
-define(`CAPI_GET_VERSION', `0xc0104307')
-define(`CAPI_MANUFACTURER_CMD', `0xc0104320')
-define(`GIGASET_VERSION', `0xc0104703')
-define(`IOCTL_MEI_CONNECT_CLIENT', `0xc0104801')
-define(`HIDIOCGCOLLECTIONINFO', `0xc0104811')
-define(`SNDRV_EMU10K1_IOCTL_TRAM_PEEK', `0xc0104822')
-define(`SNDRV_EMUX_IOCTL_LOAD_PATCH', `0xc0104881')
-define(`SNDRV_EMUX_IOCTL_MISC_MODE', `0xc0104884')
-define(`ION_IOC_CUSTOM', `0xc0104906')
-define(`MEMWRITEOOB', `0xc0104d03')
-define(`MEMREADOOB', `0xc0104d04')
-define(`MEMGETREGIONINFO', `0xc0104d08')
-define(`SNDRV_SEQ_IOCTL_RUNNING_MODE', `0xc0105303')
-define(`USBDEVFS_CONTROL32', `0xc0105500')
-define(`USBDEVFS_BULK32', `0xc0105502')
-define(`USBDEVFS_IOCTL', `0xc0105512')
-define(`NS_GETPSTAT', `0xc0106161')
-define(`DRM_IOCTL_GET_UNIQUE', `0xc0106401')
-define(`DRM_IOCTL_IRQ_BUSID', `0xc0106403')
-define(`DRM_IOCTL_SET_VERSION', `0xc0106407')
-define(`DRM_IOCTL_GEM_OPEN', `0xc010640b')
-define(`DRM_IOCTL_GET_CAP', `0xc010640c')
-define(`DRM_IOCTL_INFO_BUFS', `0xc0106418')
-define(`DRM_IOCTL_GET_SAREA_CTX', `0xc010641d')
-define(`DRM_IOCTL_RES_CTX', `0xc0106426')
-define(`DRM_IOCTL_SG_ALLOC', `0xc0106438')
-define(`DRM_IOCTL_EXYNOS_GEM_CREATE', `0xc0106440')
-define(`DRM_IOCTL_MSM_GET_PARAM', `0xc0106440')
-define(`DRM_IOCTL_OMAP_GET_PARAM', `0xc0106440')
-define(`DRM_IOCTL_TEGRA_GEM_CREATE', `0xc0106440')
-define(`DRM_IOCTL_QXL_MAP', `0xc0106441')
-define(`DRM_IOCTL_MSM_GEM_NEW', `0xc0106442')
-define(`DRM_IOCTL_MSM_GEM_INFO', `0xc0106443')
-define(`DRM_IOCTL_OMAP_GEM_NEW', `0xc0106443')
-define(`DRM_IOCTL_EXYNOS_GEM_GET', `0xc0106444')
-define(`DRM_IOCTL_QXL_GETPARAM', `0xc0106444')
-define(`DRM_IOCTL_TEGRA_SYNCPT_WAIT', `0xc0106444')
-define(`DRM_IOCTL_TEGRA_OPEN_CHANNEL', `0xc0106445')
-define(`DRM_IOCTL_I915_GETPARAM', `0xc0106446')
-define(`DRM_IOCTL_TEGRA_CLOSE_CHANNEL', `0xc0106446')
-define(`DRM_IOCTL_EXYNOS_VIDI_CONNECTION', `0xc0106447')
-define(`DRM_IOCTL_TEGRA_GET_SYNCPT', `0xc0106447')
-define(`DRM_IOCTL_MGA_GETPARAM', `0xc0106449')
-define(`DRM_IOCTL_TEGRA_GET_SYNCPT_BASE', `0xc0106449')
-define(`DRM_IOCTL_TEGRA_GEM_SET_TILING', `0xc010644a')
-define(`DRM_IOCTL_TEGRA_GEM_GET_TILING', `0xc010644b')
-define(`DRM_IOCTL_RADEON_INDIRECT', `0xc010644d')
-define(`DRM_IOCTL_R128_INDIRECT', `0xc010644f')
-define(`DRM_IOCTL_RADEON_GETPARAM', `0xc0106451')
-define(`DRM_IOCTL_R128_GETPARAM', `0xc0106452')
-define(`DRM_IOCTL_SIS_AGP_INIT', `0xc0106453')
-define(`DRM_IOCTL_I915_GEM_CREATE', `0xc010645b')
-define(`DRM_IOCTL_I915_GEM_SET_TILING', `0xc0106461')
-define(`DRM_IOCTL_I915_GEM_GET_TILING', `0xc0106462')
-define(`DRM_IOCTL_I915_GEM_MMAP_GTT', `0xc0106464')
-define(`DRM_IOCTL_RADEON_INFO', `0xc0106467')
-define(`DRM_IOCTL_I915_GEM_WAIT', `0xc010646c')
-define(`DRM_IOCTL_RADEON_GEM_OP', `0xc010646c')
-define(`DRM_IOCTL_I915_REG_READ', `0xc0106471')
-define(`DRM_IOCTL_MODE_SETPROPERTY', `0xc01064ab')
-define(`DRM_IOCTL_MODE_GETPROPBLOB', `0xc01064ac')
-define(`DRM_IOCTL_MODE_MAP_DUMB', `0xc01064b3')
-define(`DRM_IOCTL_MODE_GETPLANERESOURCES', `0xc01064b5')
-define(`MGSL_IOCWAITGPIO', `0xc0106d12')
-define(`NCP_IOC_GETPRIVATEDATA', `0xc0106e0a')
-define(`DMX_GET_STC', `0xc0106f32')
-define(`UVCIOC_CTRL_QUERY', `0xc0107521')
-define(`BTRFS_IOC_SPACE_INFO', `0xc0109414')
-define(`BTRFS_IOC_QUOTA_CTL', `0xc0109428')
-define(`FSL_HV_IOCTL_PARTITION_START', `0xc010af03')
-define(`SNDCTL_COPR_RDATA', `0xc0144302')
-define(`SNDCTL_COPR_RCODE', `0xc0144303')
-define(`SNDCTL_COPR_RUN', `0xc0144306')
-define(`SNDCTL_COPR_HALT', `0xc0144307')
-define(`SNDRV_TIMER_IOCTL_NEXT_DEVICE', `0xc0145401')
-define(`VIDIOC_REQBUFS', `0xc0145608')
-define(`VIDIOC_G_CROP', `0xc014563b')
-define(`DRM_IOCTL_I915_GET_SPRITE_COLORKEY', `0xc014646b')
-define(`DRM_IOCTL_I915_SET_SPRITE_COLORKEY', `0xc014646b')
-define(`DRM_IOCTL_MODE_GETENCODER', `0xc01464a6')
-define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306')
-define(`FW_CDEV_IOC_QUEUE_ISO', `0xc0182309')
-define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d')
-define(`FW_CDEV_IOC_GET_CYCLE_TIMER2', `0xc0182314')
-define(`FW_CDEV_IOC_SEND_PHY_PACKET', `0xc0182315')
-define(`HIDIOCGUSAGE', `0xc018480b')
-define(`HIDIOCGUCODE', `0xc018480d')
-define(`MTRRIOC_GET_ENTRY', `0xc0184d03')
-define(`MTRRIOC_GET_PAGE_ENTRY', `0xc0184d08')
-define(`MEMWRITEOOB64', `0xc0184d15')
-define(`MEMREADOOB64', `0xc0184d16')
-define(`USBDEVFS_CONTROL', `0xc0185500')
-define(`USBDEVFS_BULK', `0xc0185502')
-define(`PACKET_CTRL_CMD', `0xc0185801')
-define(`FITRIM', `0xc0185879')
-define(`DRM_IOCTL_MAP_BUFS', `0xc0186419')
-define(`DRM_IOCTL_WAIT_VBLANK', `0xc018643a')
-define(`DRM_IOCTL_I810_GETBUF', `0xc0186445')
-define(`DRM_IOCTL_OMAP_GEM_INFO', `0xc0186446')
-define(`DRM_IOCTL_QXL_ALLOC_SURF', `0xc0186446')
-define(`DRM_IOCTL_I915_ALLOC', `0xc0186448')
-define(`DRM_IOCTL_VIA_WAIT_IRQ', `0xc018644d')
-define(`DRM_IOCTL_RADEON_ALLOC', `0xc0186453')
-define(`DRM_IOCTL_I915_GEM_PIN', `0xc0186455')
-define(`DRM_IOCTL_RADEON_GEM_INFO', `0xc018645c')
-define(`DRM_IOCTL_RADEON_GEM_VA', `0xc018646b')
-define(`DRM_IOCTL_RADEON_GEM_USERPTR', `0xc018646d')
-define(`DRM_IOCTL_I915_GET_RESET_STATS', `0xc0186472')
-define(`DRM_IOCTL_I915_GEM_USERPTR', `0xc0186473')
-define(`DRM_IOCTL_MODE_PAGE_FLIP', `0xc01864b0')
-define(`DRM_IOCTL_MODE_DIRTYFB', `0xc01864b1')
-define(`DRM_IOCTL_MODE_OBJ_SETPROPERTY', `0xc01864ba')
-define(`I2OHRTGET', `0xc0186901')
-define(`I2OLCTGET', `0xc0186902')
-define(`NCP_IOC_GETOBJECTNAME', `0xc0186e09')
-define(`NILFS_IOCTL_GET_VINFO', `0xc0186e86')
-define(`NILFS_IOCTL_GET_BDESCS', `0xc0186e87')
-define(`AUTOFS_DEV_IOCTL_VERSION', `0xc0189371')
-define(`AUTOFS_DEV_IOCTL_PROTOVER', `0xc0189372')
-define(`AUTOFS_DEV_IOCTL_PROTOSUBVER', `0xc0189373')
-define(`AUTOFS_DEV_IOCTL_OPENMOUNT', `0xc0189374')
-define(`AUTOFS_DEV_IOCTL_CLOSEMOUNT', `0xc0189375')
-define(`AUTOFS_DEV_IOCTL_READY', `0xc0189376')
-define(`AUTOFS_DEV_IOCTL_FAIL', `0xc0189377')
-define(`AUTOFS_DEV_IOCTL_SETPIPEFD', `0xc0189378')
-define(`AUTOFS_DEV_IOCTL_CATATONIC', `0xc0189379')
-define(`AUTOFS_DEV_IOCTL_TIMEOUT', `0xc018937a')
-define(`AUTOFS_DEV_IOCTL_REQUESTER', `0xc018937b')
-define(`AUTOFS_DEV_IOCTL_EXPIRE', `0xc018937c')
-define(`AUTOFS_DEV_IOCTL_ASKUMOUNT', `0xc018937d')
-define(`AUTOFS_DEV_IOCTL_ISMOUNTPOINT', `0xc018937e')
-define(`BTRFS_IOC_FILE_EXTENT_SAME', `0xc0189436')
-define(`KVM_TRANSLATE', `0xc018ae85')
-define(`IB_USER_MAD_REGISTER_AGENT', `0xc01c1b01')
-define(`SI4713_IOC_MEASURE_RNL', `0xc01c56c0')
-define(`DRM_IOCTL_MODE_CURSOR', `0xc01c64a3')
-define(`DRM_IOCTL_MODE_GETFB', `0xc01c64ad')
-define(`DRM_IOCTL_MODE_ADDFB', `0xc01c64ae')
-define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302')
-define(`FW_CDEV_IOC_CREATE_ISO_CONTEXT', `0xc0202308')
-define(`ION_IOC_ALLOC', `0xc0204900')
-define(`VIDIOC_G_EXT_CTRLS', `0xc0205647')
-define(`VIDIOC_S_EXT_CTRLS', `0xc0205648')
-define(`VIDIOC_TRY_EXT_CTRLS', `0xc0205649')
-define(`VIDIOC_OMAP3ISP_AEWB_CFG', `0xc02056c3')
-define(`X86_IOC_RDMSR_REGS', `0xc02063a0')
-define(`X86_IOC_WRMSR_REGS', `0xc02063a1')
-define(`DRM_IOCTL_ADD_BUFS', `0xc0206416')
-define(`DRM_IOCTL_AGP_ALLOC', `0xc0206434')
-define(`DRM_IOCTL_VIA_ALLOCMEM', `0xc0206440')
-define(`DRM_IOCTL_SIS_FB_ALLOC', `0xc0206444')
-define(`DRM_IOCTL_MSM_GEM_SUBMIT', `0xc0206446')
-define(`DRM_IOCTL_VIA_DMA_INIT', `0xc0206447')
-define(`DRM_IOCTL_MGA_DMA_BOOTSTRAP', `0xc020644c')
-define(`DRM_IOCTL_RADEON_TEXTURE', `0xc020644e')
-define(`DRM_IOCTL_SIS_AGP_ALLOC', `0xc0206454')
-define(`DRM_IOCTL_RADEON_GEM_CREATE', `0xc020645d')
-define(`DRM_IOCTL_I915_GEM_MMAP', `0xc020645e')
-define(`DRM_IOCTL_RADEON_GEM_MMAP', `0xc020645e')
-define(`DRM_IOCTL_RADEON_GEM_PREAD', `0xc0206461')
-define(`DRM_IOCTL_RADEON_GEM_PWRITE', `0xc0206462')
-define(`DRM_IOCTL_RADEON_CS', `0xc0206466')
-define(`DRM_IOCTL_MODE_GETGAMMA', `0xc02064a4')
-define(`DRM_IOCTL_MODE_SETGAMMA', `0xc02064a5')
-define(`DRM_IOCTL_MODE_CREATE_DUMB', `0xc02064b2')
-define(`DRM_IOCTL_MODE_GETPLANE', `0xc02064b6')
-define(`DRM_IOCTL_MODE_OBJ_GETPROPERTIES', `0xc02064b9')
-define(`FS_IOC_FIEMAP', `0xc020660b')
-define(`GENWQE_PIN_MEM', `0xc020a528')
-define(`GENWQE_UNPIN_MEM', `0xc020a529')
-define(`SNDCTL_MIDI_MPUCMD', `0xc0216d02')
-define(`SNDRV_COMPRESS_GET_METADATA', `0xc0244315')
-define(`DRM_IOCTL_MODE_CURSOR2', `0xc02464bb')
-define(`IB_USER_MAD_REGISTER_AGENT2', `0xc0281b04')
-define(`FW_CDEV_IOC_GET_INFO', `0xc0282300')
-define(`SYNC_IOC_MERGE', `0xc0283e01')
-define(`SYNC_IOC_FENCE_INFO', `0xc0283e02')
-define(`AMDKFD_IOC_GET_CLOCK_COUNTERS', `0xc0284b05')
-define(`VIDIOC_G_EDID', `0xc0285628')
-define(`VIDIOC_SUBDEV_G_EDID', `0xc0285628')
-define(`VIDIOC_SUBDEV_S_EDID', `0xc0285629')
-define(`VIDIOC_S_EDID', `0xc0285629')
-define(`VIDIOC_ENCODER_CMD', `0xc028564d')
-define(`VIDIOC_TRY_ENCODER_CMD', `0xc028564e')
-define(`VIDIOC_OMAP3ISP_STAT_REQ', `0xc02856c6')
+define(`SPI_IOC_RD_BITS_PER_WORD', `0x80016b03')
+define(`SPI_IOC_RD_LSB_FIRST', `0x80016b02')
+define(`SPI_IOC_RD_MAX_SPEED_HZ', `0x80046b04')
+define(`SPI_IOC_RD_MODE', `0x80016b01')
+define(`SPI_IOC_RD_MODE32', `0x80046b05')
+define(`SPI_IOC_WR_BITS_PER_WORD', `0x40016b03')
+define(`SPI_IOC_WR_LSB_FIRST', `0x40016b02')
+define(`SPI_IOC_WR_MAX_SPEED_HZ', `0x40046b04')
+define(`SPI_IOC_WR_MODE', `0x40016b01')
+define(`SPI_IOC_WR_MODE32', `0x40046b05')
+define(`SPIOCSTYPE', `0x40087101')
+define(`SSTFB_GET_VGAPASS', `0x800446dd')
+define(`SSTFB_SET_VGAPASS', `0x400446dd')
+define(`STOP_ARRAY', `0x00000932')
+define(`STOP_ARRAY_RO', `0x00000933')
define(`SW_SYNC_IOC_CREATE_FENCE', `0xc0285700')
-define(`DRM_IOCTL_GET_MAP', `0xc0286404')
-define(`DRM_IOCTL_GET_CLIENT', `0xc0286405')
-define(`DRM_IOCTL_ADD_MAP', `0xc0286415')
-define(`DRM_IOCTL_VIA_MAP_INIT', `0xc0286444')
-define(`DRM_IOCTL_EXYNOS_G2D_SET_CMDLIST', `0xc0286461')
-define(`DRM_IOCTL_EXYNOS_IPP_QUEUE_BUF', `0xc0286472')
-define(`DRM_IOCTL_NOUVEAU_GEM_INFO', `0xc0286484')
-define(`I2OPARMSET', `0xc0286903')
-define(`I2OPARMGET', `0xc0286904')
-define(`NCP_IOC_GET_FS_INFO', `0xc0286e04')
-define(`PHN_GETREGS', `0xc0287007')
-define(`MEDIA_IOC_ENUM_LINKS', `0xc0287c02')
-define(`KVM_TPR_ACCESS_REPORTING', `0xc028ae92')
-define(`FSL_HV_IOCTL_MEMCPY', `0xc028af05')
-define(`FSL_HV_IOCTL_GETPROP', `0xc028af07')
-define(`FSL_HV_IOCTL_SETPROP', `0xc028af08')
-define(`NCP_IOC_GETCHARSETS', `0xc02a6e0b')
-define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO', `0xc02c5341')
-define(`VIDIOC_QUERYMENU', `0xc02c5625')
-define(`VIDIOC_G_FREQUENCY', `0xc02c5638')
+define(`SW_SYNC_IOC_INC', `0x40045701')
+define(`SYNC_IOC_FENCE_INFO', `0xc0283e02')
+define(`SYNC_IOC_MERGE', `0xc0283e01')
+define(`SYNC_IOC_WAIT', `0x40043e00')
+define(`TCFLSH', `0x0000540b')
+define(`TCGETA', `0x00005405')
+define(`TCGETS2', `0x802c542a')
+define(`TCGETS', ifelse(target_arch, mips, 0x0000540d, 0x00005401))
+define(`TCGETX', `0x00005432')
+define(`TCSBRK', `0x00005409')
+define(`TCSBRKP', `0x00005425')
+define(`TCSETA', `0x00005406')
+define(`TCSETAF', `0x00005408')
+define(`TCSETAW', `0x00005407')
+define(`TCSETS', `0x00005402')
+define(`TCSETS2', `0x402c542b')
+define(`TCSETSF', `0x00005404')
+define(`TCSETSF2', `0x402c542d')
+define(`TCSETSW', `0x00005403')
+define(`TCSETSW2', `0x402c542c')
+define(`TCSETX', `0x00005433')
+define(`TCSETXF', `0x00005434')
+define(`TCSETXW', `0x00005435')
+define(`TCXONC', `0x0000540a')
+define(`TFD_IOC_SET_TICKS', `0x40085400')
+define(`TIOCCBRK', `0x00005428')
+define(`TIOCCONS', `0x0000541d')
+define(`TIOCEXCL', `0x0000540c')
+define(`TIOCGDEV', `0x80045432')
+define(`TIOCGETD', `0x00005424')
+define(`TIOCGEXCL', `0x80045440')
+define(`TIOCGICOUNT', `0x0000545d')
+define(`TIOCGLCKTRMIOS', `0x00005456')
+define(`TIOCGPGRP', `0x0000540f')
+define(`TIOCGPKT', `0x80045438')
+define(`TIOCGPTLCK', `0x80045439')
+define(`TIOCGPTN', `0x80045430')
+define(`TIOCGRS485', `0x0000542e')
+define(`TIOCGSERIAL', `0x0000541e')
+define(`TIOCGSID', `0x00005429')
+define(`TIOCGSOFTCAR', `0x00005419')
+define(`TIOCGWINSZ', ifelse(target_arch, mips, 0x80087468, 0x00005413))
+define(`TIOCLINUX', `0x0000541c')
+define(`TIOCMBIC', `0x00005417')
+define(`TIOCMBIS', `0x00005416')
+define(`TIOCMGET', `0x00005415')
+define(`TIOCMIWAIT', `0x0000545c')
+define(`TIOCMSET', `0x00005418')
+define(`TIOCNOTTY', `0x00005422')
+define(`TIOCNXCL', `0x0000540d')
+define(`TIOCOUTQ', ifelse(target_arch, mips, 0x00007472, 0x00005411))
+define(`TIOCPKT', `0x00005420')
+define(`TIOCSBRK', `0x00005427')
+define(`TIOCSCTTY', ifelse(target_arch, mips, 0x00005480, 0x0000540e))
+define(`TIOCSERCONFIG', `0x00005453')
+define(`TIOCSERGETLSR', `0x00005459')
+define(`TIOCSERGETMULTI', `0x0000545a')
+define(`TIOCSERGSTRUCT', `0x00005458')
+define(`TIOCSERGWILD', `0x00005454')
+define(`TIOCSERSETMULTI', `0x0000545b')
+define(`TIOCSERSWILD', `0x00005455')
+define(`TIOCSETD', `0x00005423')
+define(`TIOCSIG', `0x40045436')
+define(`TIOCSLCKTRMIOS', `0x00005457')
+define(`TIOCSPGRP', `0x00005410')
+define(`TIOCSPTLCK', `0x40045431')
+define(`TIOCSRS485', `0x0000542f')
+define(`TIOCSSERIAL', `0x0000541f')
+define(`TIOCSSOFTCAR', `0x0000541a')
+define(`TIOCSTI', `0x00005412')
+define(`TIOCSWINSZ', ifelse(target_arch, mips, 0x40087467, 0x00005414))
+define(`TIOCVHANGUP', `0x00005437')
+define(`TOSH_SMM', `0xc0047490')
+define(`TUNATTACHFILTER', `0x401054d5')
+define(`TUNDETACHFILTER', `0x401054d6')
+define(`TUNER_SET_CONFIG', `0x4010645c')
+define(`TUNGETFEATURES', `0x800454cf')
+define(`TUNGETFILTER', `0x801054db')
+define(`TUNGETIFF', `0x800454d2')
+define(`TUNGETSNDBUF', `0x800454d3')
+define(`TUNGETVNETHDRSZ', `0x800454d7')
+define(`TUNGETVNETLE', `0x800454dd')
+define(`TUNSETDEBUG', `0x400454c9')
+define(`TUNSETGROUP', `0x400454ce')
+define(`TUNSETIFF', `0x400454ca')
+define(`TUNSETIFINDEX', `0x400454da')
+define(`TUNSETLINK', `0x400454cd')
+define(`TUNSETNOCSUM', `0x400454c8')
+define(`TUNSETOFFLOAD', `0x400454d0')
+define(`TUNSETOWNER', `0x400454cc')
+define(`TUNSETPERSIST', `0x400454cb')
+define(`TUNSETQUEUE', `0x400454d9')
+define(`TUNSETSNDBUF', `0x400454d4')
+define(`TUNSETTXFILTER', `0x400454d1')
+define(`TUNSETVNETHDRSZ', `0x400454d8')
+define(`TUNSETVNETLE', `0x400454dc')
+define(`UBI_IOCATT', `0x40186f40')
+define(`UBI_IOCDET', `0x40046f41')
+define(`UBI_IOCEBCH', `0x40044f02')
+define(`UBI_IOCEBER', `0x40044f01')
+define(`UBI_IOCEBISMAP', `0x80044f05')
+define(`UBI_IOCEBMAP', `0x40084f03')
+define(`UBI_IOCEBUNMAP', `0x40044f04')
+define(`UBI_IOCMKVOL', `0x40986f00')
+define(`UBI_IOCRMVOL', `0x40046f01')
+define(`UBI_IOCRNVOL', `0x51106f03')
+define(`UBI_IOCRSVOL', `0x400c6f02')
+define(`UBI_IOCSETVOLPROP', `0x40104f06')
+define(`UBI_IOCVOLCRBLK', `0x40804f07')
+define(`UBI_IOCVOLRMBLK', `0x00004f08')
+define(`UBI_IOCVOLUP', `0x40084f00')
+define(`UDF_GETEABLOCK', `0x80086c41')
+define(`UDF_GETEASIZE', `0x80046c40')
+define(`UDF_GETVOLIDENT', `0x80086c42')
+define(`UDF_RELOCATE_BLOCKS', `0xc0086c43')
+define(`UI_BEGIN_FF_ERASE', `0xc00c55ca')
+define(`UI_BEGIN_FF_UPLOAD', `0xc06855c8')
+define(`UI_DEV_CREATE', `0x00005501')
+define(`UI_DEV_DESTROY', `0x00005502')
+define(`UI_END_FF_ERASE', `0x400c55cb')
+define(`UI_END_FF_UPLOAD', `0x406855c9')
+define(`UI_GET_VERSION', `0x8004552d')
+define(`UI_SET_ABSBIT', `0x40045567')
+define(`UI_SET_EVBIT', `0x40045564')
+define(`UI_SET_FFBIT', `0x4004556b')
+define(`UI_SET_KEYBIT', `0x40045565')
+define(`UI_SET_LEDBIT', `0x40045569')
+define(`UI_SET_MSCBIT', `0x40045568')
+define(`UI_SET_PHYS', `0x4008556c')
+define(`UI_SET_PROPBIT', `0x4004556e')
+define(`UI_SET_RELBIT', `0x40045566')
+define(`UI_SET_SNDBIT', `0x4004556a')
+define(`UI_SET_SWBIT', `0x4004556d')
+define(`UNPROTECT_ARRAY', `0x00000926')
+define(`USBDEVFS_ALLOC_STREAMS', `0x8008551c')
+define(`USBDEVFS_BULK', `0xc0185502')
+define(`USBDEVFS_BULK32', `0xc0105502')
+define(`USBDEVFS_CLAIMINTERFACE', `0x8004550f')
+define(`USBDEVFS_CLAIM_PORT', `0x80045518')
+define(`USBDEVFS_CLEAR_HALT', `0x80045515')
+define(`USBDEVFS_CONNECT', `0x00005517')
+define(`USBDEVFS_CONNECTINFO', `0x40085511')
+define(`USBDEVFS_CONTROL', `0xc0185500')
+define(`USBDEVFS_CONTROL32', `0xc0105500')
+define(`USBDEVFS_DISCARDURB', `0x0000550b')
+define(`USBDEVFS_DISCONNECT', `0x00005516')
+define(`USBDEVFS_DISCONNECT_CLAIM', `0x8108551b')
+define(`USBDEVFS_DISCSIGNAL', `0x8010550e')
+define(`USBDEVFS_DISCSIGNAL32', `0x8008550e')
+define(`USBDEVFS_FREE_STREAMS', `0x8008551d')
+define(`USBDEVFS_GET_CAPABILITIES', `0x8004551a')
+define(`USBDEVFS_GETDRIVER', `0x41045508')
+define(`USBDEVFS_HUB_PORTINFO', `0x80805513')
+define(`USBDEVFS_IOCTL', `0xc0105512')
+define(`USBDEVFS_IOCTL32', `0xc00c5512')
+define(`USBDEVFS_REAPURB', `0x4008550c')
+define(`USBDEVFS_REAPURB32', `0x4004550c')
+define(`USBDEVFS_REAPURBNDELAY', `0x4008550d')
+define(`USBDEVFS_REAPURBNDELAY32', `0x4004550d')
+define(`USBDEVFS_RELEASEINTERFACE', `0x80045510')
+define(`USBDEVFS_RELEASE_PORT', `0x80045519')
+define(`USBDEVFS_RESET', `0x00005514')
+define(`USBDEVFS_RESETEP', `0x80045503')
+define(`USBDEVFS_SETCONFIGURATION', `0x80045505')
+define(`USBDEVFS_SETINTERFACE', `0x80085504')
+define(`USBDEVFS_SUBMITURB', `0x8038550a')
+define(`USBDEVFS_SUBMITURB32', `0x802a550a')
+define(`USBTMC_IOCTL_ABORT_BULK_IN', `0x00005b04')
+define(`USBTMC_IOCTL_ABORT_BULK_OUT', `0x00005b03')
+define(`USBTMC_IOCTL_CLEAR', `0x00005b02')
+define(`USBTMC_IOCTL_CLEAR_IN_HALT', `0x00005b07')
+define(`USBTMC_IOCTL_CLEAR_OUT_HALT', `0x00005b06')
+define(`USBTMC_IOCTL_INDICATOR_PULSE', `0x00005b01')
+define(`UVCIOC_CTRL_MAP', `0xc0607520')
+define(`UVCIOC_CTRL_QUERY', `0xc0107521')
+define(`V4L2_SUBDEV_IR_RX_NOTIFY', `0x40047600')
+define(`V4L2_SUBDEV_IR_TX_NOTIFY', `0x40047601')
+define(`VFAT_IOCTL_READDIR_BOTH', `0x82307201')
+define(`VFAT_IOCTL_READDIR_SHORT', `0x82307202')
+define(`VFIO_CHECK_EXTENSION', `0x00003b65')
+define(`VFIO_DEVICE_GET_INFO', `0x00003b6b')
+define(`VFIO_DEVICE_GET_IRQ_INFO', `0x00003b6d')
+define(`VFIO_DEVICE_GET_PCI_HOT_RESET_INFO', `0x00003b70')
+define(`VFIO_DEVICE_GET_REGION_INFO', `0x00003b6c')
+define(`VFIO_DEVICE_PCI_HOT_RESET', `0x00003b71')
+define(`VFIO_DEVICE_RESET', `0x00003b6f')
+define(`VFIO_DEVICE_SET_IRQS', `0x00003b6e')
+define(`VFIO_EEH_PE_OP', `0x00003b79')
+define(`VFIO_GET_API_VERSION', `0x00003b64')
+define(`VFIO_GROUP_GET_DEVICE_FD', `0x00003b6a')
+define(`VFIO_GROUP_GET_STATUS', `0x00003b67')
+define(`VFIO_GROUP_SET_CONTAINER', `0x00003b68')
+define(`VFIO_GROUP_UNSET_CONTAINER', `0x00003b69')
+define(`VFIO_IOMMU_DISABLE', `0x00003b74')
+define(`VFIO_IOMMU_ENABLE', `0x00003b73')
+define(`VFIO_IOMMU_GET_INFO', `0x00003b70')
+define(`VFIO_IOMMU_MAP_DMA', `0x00003b71')
+define(`VFIO_IOMMU_SPAPR_TCE_GET_INFO', `0x00003b70')
+define(`VFIO_IOMMU_UNMAP_DMA', `0x00003b72')
+define(`VFIO_SET_IOMMU', `0x00003b66')
+define(`VHOST_GET_FEATURES', `0x8008af00')
+define(`VHOST_GET_VRING_BASE', `0xc008af12')
+define(`VHOST_NET_SET_BACKEND', `0x4008af30')
+define(`VHOST_RESET_OWNER', `0x0000af02')
+define(`VHOST_SCSI_CLEAR_ENDPOINT', `0x40e8af41')
+define(`VHOST_SCSI_GET_ABI_VERSION', `0x4004af42')
+define(`VHOST_SCSI_GET_EVENTS_MISSED', `0x4004af44')
+define(`VHOST_SCSI_SET_ENDPOINT', `0x40e8af40')
+define(`VHOST_SCSI_SET_EVENTS_MISSED', `0x4004af43')
+define(`VHOST_SET_FEATURES', `0x4008af00')
+define(`VHOST_SET_LOG_BASE', `0x4008af04')
+define(`VHOST_SET_LOG_FD', `0x4004af07')
+define(`VHOST_SET_MEM_TABLE', `0x4008af03')
+define(`VHOST_SET_OWNER', `0x0000af01')
+define(`VHOST_SET_VRING_ADDR', `0x4028af11')
+define(`VHOST_SET_VRING_BASE', `0x4008af12')
+define(`VHOST_SET_VRING_CALL', `0x4008af21')
+define(`VHOST_SET_VRING_ERR', `0x4008af22')
+define(`VHOST_SET_VRING_KICK', `0x4008af20')
+define(`VHOST_SET_VRING_NUM', `0x4008af10')
+define(`VIDEO_CLEAR_BUFFER', `0x00006f22')
+define(`VIDEO_COMMAND', `0xc0486f3b')
+define(`VIDEO_CONTINUE', `0x00006f18')
+define(`VIDEO_FAST_FORWARD', `0x00006f1f')
+define(`VIDEO_FREEZE', `0x00006f17')
+define(`VIDEO_GET_CAPABILITIES', `0x80046f21')
+define(`VIDEO_GET_EVENT', `0x80206f1c')
+define(`VIDEO_GET_FRAME_COUNT', `0x80086f3a')
+define(`VIDEO_GET_FRAME_RATE', `0x80046f38')
+define(`VIDEO_GET_NAVI', `0x84046f34')
+define(`VIDEO_GET_PTS', `0x80086f39')
+define(`VIDEO_GET_SIZE', `0x800c6f37')
+define(`VIDEO_GET_STATUS', `0x80146f1b')
+define(`VIDEO_PLAY', `0x00006f16')
+define(`VIDEO_SELECT_SOURCE', `0x00006f19')
+define(`VIDEO_SET_ATTRIBUTES', `0x00006f35')
+define(`VIDEO_SET_BLANK', `0x00006f1a')
+define(`VIDEO_SET_DISPLAY_FORMAT', `0x00006f1d')
+define(`VIDEO_SET_FORMAT', `0x00006f25')
+define(`VIDEO_SET_HIGHLIGHT', `0x40106f27')
+define(`VIDEO_SET_ID', `0x00006f23')
+define(`VIDEO_SET_SPU', `0x40086f32')
+define(`VIDEO_SET_SPU_PALETTE', `0x40106f33')
+define(`VIDEO_SET_STREAMTYPE', `0x00006f24')
+define(`VIDEO_SET_SYSTEM', `0x00006f26')
+define(`VIDEO_SLOWMOTION', `0x00006f20')
+define(`VIDEO_STILLPICTURE', `0x40106f1e')
+define(`VIDEO_STOP', `0x00006f15')
+define(`VIDEO_TRY_COMMAND', `0xc0486f3c')
+define(`VIDIOC_CREATE_BUFS', `0xc100565c')
define(`VIDIOC_CROPCAP', `0xc02c563a')
-define(`VIDIOC_ENUM_FRAMESIZES', `0xc02c564a')
-define(`DRM_IOCTL_I915_OVERLAY_ATTRS', `0xc02c6468')
-define(`MEMWRITE', `0xc0304d18')
-define(`SNDRV_SEQ_IOCTL_SYSTEM_INFO', `0xc0305302')
-define(`VIDIOC_SUBDEV_ENUM_MBUS_CODE', `0xc0305602')
-define(`VIDIOC_SUBDEV_G_FRAME_INTERVAL', `0xc0305615')
-define(`VIDIOC_SUBDEV_S_FRAME_INTERVAL', `0xc0305616')
-define(`VIDIOC_OMAP3ISP_HIST_CFG', `0xc03056c4')
-define(`SNDRV_RAWMIDI_IOCTL_PARAMS', `0xc0305710')
-define(`BINDER_WRITE_READ', `0xc0306201')
-define(`DRM_IOCTL_NOUVEAU_GEM_NEW', `0xc0306480')
-define(`DRM_IOCTL_MODE_SETPLANE', `0xc03064b7')
-define(`I2OSWDL', `0xc0306905')
-define(`I2OSWUL', `0xc0306906')
-define(`I2OSWDEL', `0xc0306907')
-define(`I2OHTML', `0xc0306909')
-define(`IPMICTL_RECEIVE_MSG_TRUNC', `0xc030690b')
-define(`IPMICTL_RECEIVE_MSG', `0xc030690c')
-define(`NCP_IOC_GET_FS_INFO_V2', `0xc0306e04')
-define(`MBXFB_IOCX_OVERLAY', `0xc030f400')
+define(`VIDIOC_DBG_G_CHIP_INFO', `0xc0c85666')
+define(`VIDIOC_DBG_G_REGISTER', `0xc0385650')
+define(`VIDIOC_DBG_S_REGISTER', `0x4038564f')
+define(`VIDIOC_DECODER_CMD', `0xc0485660')
+define(`VIDIOC_DQBUF', `0xc0585611')
+define(`VIDIOC_DQEVENT', `0x80885659')
+define(`VIDIOC_DV_TIMINGS_CAP', `0xc0905664')
+define(`VIDIOC_ENCODER_CMD', `0xc028564d')
define(`VIDIOC_ENUMAUDIO', `0xc0345641')
define(`VIDIOC_ENUMAUDOUT', `0xc0345642')
-define(`VIDIOC_ENUM_FRAMEINTERVALS', `0xc034564b')
-define(`MEDIA_IOC_SETUP_LINK', `0xc0347c03')
-define(`HIDIOCGFIELDINFO', `0xc038480a')
-define(`VIDIOC_SUBDEV_G_CROP', `0xc038563b')
-define(`VIDIOC_SUBDEV_S_CROP', `0xc038563c')
-define(`VIDIOC_DBG_G_REGISTER', `0xc0385650')
-define(`VIDIOC_OMAP3ISP_CCDC_CFG', `0xc03856c1')
-define(`SNDRV_RAWMIDI_IOCTL_STATUS', `0xc0385720')
-define(`BTRFS_IOC_INO_PATHS', `0xc0389423')
-define(`BTRFS_IOC_LOGICAL_INO', `0xc0389424')
-define(`GENWQE_SLU_UPDATE', `0xc038a550')
-define(`GENWQE_SLU_READ', `0xc038a551')
-define(`CAPI_GET_PROFILE', `0xc0404309')
-define(`SNDRV_CTL_IOCTL_ELEM_REMOVE', `0xc0405519')
-define(`VIDIOC_ENUM_FMT', `0xc0405602')
-define(`VIDIOC_EXPBUF', `0xc0405610')
-define(`VIDIOC_SUBDEV_G_SELECTION', `0xc040563d')
-define(`VIDIOC_SUBDEV_S_SELECTION', `0xc040563e')
-define(`VIDIOC_SUBDEV_ENUM_FRAME_SIZE', `0xc040564a')
-define(`VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL', `0xc040564b')
-define(`VIDIOC_G_SELECTION', `0xc040565e')
-define(`VIDIOC_S_SELECTION', `0xc040565f')
-define(`VIDIOC_ENUM_FREQ_BANDS', `0xc0405665')
-define(`DRM_IOCTL_VERSION', `0xc0406400')
-define(`DRM_IOCTL_DMA', `0xc0406429')
-define(`DRM_IOCTL_NOUVEAU_GEM_PUSHBUF', `0xc0406481')
-define(`DRM_IOCTL_MODE_GETRESOURCES', `0xc04064a0')
-define(`DRM_IOCTL_MODE_GETPROPERTY', `0xc04064aa')
-define(`VIDIOC_QUERYCTRL', `0xc0445624')
-define(`VIDIOC_G_MODULATOR', `0xc0445636')
-define(`DRM_IOCTL_MODE_ADDFB2', `0xc04464b8')
-define(`BLKTRACESETUP', `0xc0481273')
-define(`SNDRV_EMU10K1_IOCTL_PCM_PEEK', `0xc0484831')
-define(`NVME_IOCTL_ADMIN_CMD', `0xc0484e41')
-define(`NVME_IOCTL_IO_CMD', `0xc0484e43')
-define(`VIDIOC_ENUMSTD', `0xc0485619')
-define(`VIDIOC_ENUMOUTPUT', `0xc0485630')
-define(`VIDIOC_DECODER_CMD', `0xc0485660')
-define(`VIDIOC_TRY_DECODER_CMD', `0xc0485661')
-define(`DRM_IOCTL_MODE_ATTACHMODE', `0xc04864a8')
-define(`DRM_IOCTL_MODE_DETACHMODE', `0xc04864a9')
-define(`VIDEO_COMMAND', `0xc0486f3b')
-define(`VIDEO_TRY_COMMAND', `0xc0486f3c')
-define(`KVM_GET_PIT', `0xc048ae65')
-define(`MMC_IOC_CMD', `0xc048b300')
-define(`SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT', `0xc04c5349')
-define(`VIDIOC_OMAP3ISP_AF_CFG', `0xc04c56c5')
-define(`SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION', `0xc0505350')
-define(`SNDRV_TIMER_IOCTL_GSTATUS', `0xc0505405')
-define(`SNDRV_CTL_IOCTL_ELEM_LIST', `0xc0505510')
-define(`VIDIOC_ENUMINPUT', `0xc050561a')
-define(`DRM_IOCTL_EXYNOS_IPP_GET_PROPERTY', `0xc0506470')
-define(`DRM_IOCTL_MODE_GETCONNECTOR', `0xc05064a7')
-define(`VIDIOC_G_TUNER', `0xc054561d')
-define(`SISFB_COMMAND', `0xc054f305')
-define(`CCISS_PASSTHRU', `0xc058420b')
-define(`AMDKFD_IOC_CREATE_QUEUE', `0xc0584b02')
-define(`SNDRV_SEQ_IOCTL_GET_CLIENT_POOL', `0xc058534b')
-define(`SNDRV_SEQ_IOCTL_QUERY_SUBS', `0xc058534f')
-define(`VIDIOC_SUBDEV_G_FMT', `0xc0585604')
-define(`VIDIOC_SUBDEV_S_FMT', `0xc0585605')
-define(`VIDIOC_QUERYBUF', `0xc0585609')
-define(`VIDIOC_QBUF', `0xc058560f')
-define(`VIDIOC_DQBUF', `0xc0585611')
-define(`VIDIOC_PREPARE_BUF', `0xc058565d')
-define(`DRM_IOCTL_TEGRA_SUBMIT', `0xc0586448')
-define(`SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS', `0xc05c5340')
-define(`PTP_PIN_GETFUNC', `0xc0603d06')
-define(`CCISS_BIG_PASSTHRU', `0xc0604212')
-define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER', `0xc0605345')
-define(`DRM_IOCTL_EXYNOS_IPP_SET_PROPERTY', `0xc0606471')
-define(`UVCIOC_CTRL_MAP', `0xc0607520')
-define(`FBIO_CURSOR', `0xc0684608')
-define(`UI_BEGIN_FF_UPLOAD', `0xc06855c8')
-define(`DRM_IOCTL_MODE_GETCRTC', `0xc06864a1')
-define(`DRM_IOCTL_MODE_SETCRTC', `0xc06864a2')
-define(`VIDIOC_OMAP3ISP_PRV_CFG', `0xc07056c2')
-define(`BTRFS_IOC_TREE_SEARCH_V2', `0xc0709411')
-define(`SNDCTL_MIDI_INFO', `0xc074510c')
-define(`VIDIOC_G_SLICED_VBI_CAP', `0xc0745645')
-define(`SOUND_MIXER_ACCESS', `0xc0804d66')
-define(`VIDIOC_SUBDEV_S_DV_TIMINGS', `0xc0845657')
-define(`VIDIOC_S_DV_TIMINGS', `0xc0845657')
-define(`VIDIOC_G_DV_TIMINGS', `0xc0845658')
-define(`VIDIOC_SUBDEV_G_DV_TIMINGS', `0xc0845658')
-define(`SNDRV_PCM_IOCTL_SW_PARAMS', `0xc0884113')
-define(`SNDRV_PCM_IOCTL_SYNC_PTR', `0xc0884123')
-define(`SNDCTL_SYNTH_INFO', `0xc08c5102')
-define(`SNDCTL_SYNTH_ID', `0xc08c5114')
-define(`SNDRV_SEQ_IOCTL_CREATE_QUEUE', `0xc08c5332')
-define(`SNDRV_SEQ_IOCTL_GET_QUEUE_INFO', `0xc08c5334')
-define(`SNDRV_SEQ_IOCTL_SET_QUEUE_INFO', `0xc08c5335')
-define(`SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE', `0xc08c5336')
-define(`VIDIOC_DV_TIMINGS_CAP', `0xc0905664')
-define(`VIDIOC_SUBDEV_DV_TIMINGS_CAP', `0xc0905664')
define(`VIDIOC_ENUM_DV_TIMINGS', `0xc0945662')
-define(`VIDIOC_SUBDEV_ENUM_DV_TIMINGS', `0xc0945662')
-define(`SOUND_MIXER_GETLEVELS', `0xc0a44d74')
-define(`SOUND_MIXER_SETLEVELS', `0xc0a44d75')
-define(`SNDRV_SEQ_IOCTL_CREATE_PORT', `0xc0a85320')
-define(`SNDRV_SEQ_IOCTL_GET_PORT_INFO', `0xc0a85322')
-define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT', `0xc0a85352')
-define(`SNDRV_SEQ_IOCTL_GET_CLIENT_INFO', `0xc0bc5310')
-define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT', `0xc0bc5351')
-define(`SNDRV_COMPRESS_GET_CAPS', `0xc0c44310')
-define(`VIDIOC_DBG_G_CHIP_INFO', `0xc0c85666')
-define(`BTRFS_IOC_SET_RECEIVED_SUBVOL', `0xc0c89425')
-define(`VIDIOC_G_PARM', `0xc0cc5615')
-define(`VIDIOC_S_PARM', `0xc0cc5616')
+define(`VIDIOC_ENUM_FMT', `0xc0405602')
+define(`VIDIOC_ENUM_FRAMEINTERVALS', `0xc034564b')
+define(`VIDIOC_ENUM_FRAMESIZES', `0xc02c564a')
+define(`VIDIOC_ENUM_FREQ_BANDS', `0xc0405665')
+define(`VIDIOC_ENUMINPUT', `0xc050561a')
+define(`VIDIOC_ENUMOUTPUT', `0xc0485630')
+define(`VIDIOC_ENUMSTD', `0xc0485619')
+define(`VIDIOC_EXPBUF', `0xc0405610')
+define(`VIDIOC_G_AUDIO', `0x80345621')
+define(`VIDIOC_G_AUDOUT', `0x80345631')
+define(`VIDIOC_G_CROP', `0xc014563b')
+define(`VIDIOC_G_CTRL', `0xc008561b')
+define(`VIDIOC_G_DV_TIMINGS', `0xc0845658')
+define(`VIDIOC_G_EDID', `0xc0285628')
+define(`VIDIOC_G_ENC_INDEX', `0x8818564c')
+define(`VIDIOC_G_EXT_CTRLS', `0xc0205647')
+define(`VIDIOC_G_FBUF', `0x8030560a')
define(`VIDIOC_G_FMT', `0xc0d05604')
-define(`VIDIOC_S_FMT', `0xc0d05605')
-define(`VIDIOC_TRY_FMT', `0xc0d05640')
+define(`VIDIOC_G_FREQUENCY', `0xc02c5638')
+define(`VIDIOC_G_INPUT', `0x80045626')
+define(`VIDIOC_G_JPEGCOMP', `0x808c563d')
+define(`VIDIOC_G_MODULATOR', `0xc0445636')
+define(`VIDIOC_G_OUTPUT', `0x8004562e')
+define(`VIDIOC_G_PARM', `0xc0cc5615')
+define(`VIDIOC_G_PRIORITY', `0x80045643')
+define(`VIDIOC_G_SELECTION', `0xc040565e')
+define(`VIDIOC_G_SLICED_VBI_CAP', `0xc0745645')
+define(`VIDIOC_G_STD', `0x80085617')
+define(`VIDIOC_G_TUNER', `0xc054561d')
+define(`VIDIOC_INT_RESET', `0x40046466')
+define(`VIDIOC_LOG_STATUS', `0x00005646')
+define(`VIDIOC_OMAP3ISP_AEWB_CFG', `0xc02056c3')
+define(`VIDIOC_OMAP3ISP_AF_CFG', `0xc04c56c5')
+define(`VIDIOC_OMAP3ISP_CCDC_CFG', `0xc03856c1')
+define(`VIDIOC_OMAP3ISP_HIST_CFG', `0xc03056c4')
+define(`VIDIOC_OMAP3ISP_PRV_CFG', `0xc07056c2')
+define(`VIDIOC_OMAP3ISP_STAT_EN', `0xc00856c7')
+define(`VIDIOC_OMAP3ISP_STAT_REQ', `0xc02856c6')
+define(`VIDIOC_OVERLAY', `0x4004560e')
+define(`VIDIOC_PREPARE_BUF', `0xc058565d')
+define(`VIDIOC_QBUF', `0xc058560f')
+define(`VIDIOC_QUERYBUF', `0xc0585609')
+define(`VIDIOC_QUERYCAP', `0x80685600')
+define(`VIDIOC_QUERYCTRL', `0xc0445624')
+define(`VIDIOC_QUERY_DV_TIMINGS', `0x80845663')
define(`VIDIOC_QUERY_EXT_CTRL', `0xc0e85667')
-define(`GENWQE_EXECUTE_DDCB', `0xc0e8a532')
-define(`GENWQE_EXECUTE_RAW_DDCB', `0xc0e8a533')
-define(`SNDRV_TIMER_IOCTL_GINFO', `0xc0f85403')
-define(`VIDIOC_CREATE_BUFS', `0xc100565c')
-define(`MEDIA_IOC_DEVICE_INFO', `0xc1007c00')
-define(`MEDIA_IOC_ENUM_ENTITIES', `0xc1007c01')
-define(`SNDRV_CTL_IOCTL_RAWMIDI_INFO', `0xc10c5541')
-define(`SNDRV_CTL_IOCTL_ELEM_INFO', `0xc1105511')
-define(`SNDRV_CTL_IOCTL_ELEM_ADD', `0xc1105517')
-define(`SNDRV_CTL_IOCTL_ELEM_REPLACE', `0xc1105518')
-define(`SNDRV_CTL_IOCTL_PCM_INFO', `0xc1205531')
-define(`DM_VERSION', `0xc138fd00')
-define(`DM_REMOVE_ALL', `0xc138fd01')
-define(`DM_LIST_DEVICES', `0xc138fd02')
-define(`DM_DEV_CREATE', `0xc138fd03')
-define(`DM_DEV_REMOVE', `0xc138fd04')
-define(`DM_DEV_RENAME', `0xc138fd05')
-define(`DM_DEV_SUSPEND', `0xc138fd06')
-define(`DM_DEV_STATUS', `0xc138fd07')
-define(`DM_DEV_WAIT', `0xc138fd08')
-define(`DM_TABLE_LOAD', `0xc138fd09')
-define(`DM_TABLE_CLEAR', `0xc138fd0a')
-define(`DM_TABLE_DEPS', `0xc138fd0b')
-define(`DM_TABLE_STATUS', `0xc138fd0c')
-define(`DM_LIST_VERSIONS', `0xc138fd0d')
-define(`DM_TARGET_MSG', `0xc138fd0e')
-define(`DM_DEV_SET_GEOMETRY', `0xc138fd0f')
-define(`SNDRV_EMU10K1_IOCTL_CODE_PEEK', `0xc1b04812')
-define(`KVM_GET_IRQCHIP', `0xc208ae62')
-define(`SNDRV_PCM_IOCTL_HW_REFINE', `0xc2604110')
-define(`SNDRV_PCM_IOCTL_HW_PARAMS', `0xc2604111')
+define(`VIDIOC_QUERYMENU', `0xc02c5625')
+define(`VIDIOC_QUERYSTD', `0x8008563f')
+define(`VIDIOC_REQBUFS', `0xc0145608')
+define(`VIDIOC_RESERVED', `0x00005601')
+define(`VIDIOC_S_AUDIO', `0x40345622')
+define(`VIDIOC_S_AUDOUT', `0x40345632')
+define(`VIDIOC_S_CROP', `0x4014563c')
+define(`VIDIOC_S_CTRL', `0xc008561c')
+define(`VIDIOC_S_DV_TIMINGS', `0xc0845657')
+define(`VIDIOC_S_EDID', `0xc0285629')
+define(`VIDIOC_S_EXT_CTRLS', `0xc0205648')
+define(`VIDIOC_S_FBUF', `0x4030560b')
+define(`VIDIOC_S_FMT', `0xc0d05605')
+define(`VIDIOC_S_FREQUENCY', `0x402c5639')
+define(`VIDIOC_S_HW_FREQ_SEEK', `0x40305652')
+define(`VIDIOC_S_INPUT', `0xc0045627')
+define(`VIDIOC_S_JPEGCOMP', `0x408c563e')
+define(`VIDIOC_S_MODULATOR', `0x40445637')
+define(`VIDIOC_S_OUTPUT', `0xc004562f')
+define(`VIDIOC_S_PARM', `0xc0cc5616')
+define(`VIDIOC_S_PRIORITY', `0x40045644')
+define(`VIDIOC_S_SELECTION', `0xc040565f')
+define(`VIDIOC_S_STD', `0x40085618')
+define(`VIDIOC_STREAMOFF', `0x40045613')
+define(`VIDIOC_STREAMON', `0x40045612')
+define(`VIDIOC_S_TUNER', `0x4054561e')
+define(`VIDIOC_SUBDEV_DV_TIMINGS_CAP', `0xc0905664')
+define(`VIDIOC_SUBDEV_ENUM_DV_TIMINGS', `0xc0945662')
+define(`VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL', `0xc040564b')
+define(`VIDIOC_SUBDEV_ENUM_FRAME_SIZE', `0xc040564a')
+define(`VIDIOC_SUBDEV_ENUM_MBUS_CODE', `0xc0305602')
+define(`VIDIOC_SUBDEV_G_CROP', `0xc038563b')
+define(`VIDIOC_SUBDEV_G_DV_TIMINGS', `0xc0845658')
+define(`VIDIOC_SUBDEV_G_EDID', `0xc0285628')
+define(`VIDIOC_SUBDEV_G_FMT', `0xc0585604')
+define(`VIDIOC_SUBDEV_G_FRAME_INTERVAL', `0xc0305615')
+define(`VIDIOC_SUBDEV_G_SELECTION', `0xc040563d')
+define(`VIDIOC_SUBDEV_QUERY_DV_TIMINGS', `0x80845663')
+define(`VIDIOC_SUBDEV_S_CROP', `0xc038563c')
+define(`VIDIOC_SUBDEV_S_DV_TIMINGS', `0xc0845657')
+define(`VIDIOC_SUBDEV_S_EDID', `0xc0285629')
+define(`VIDIOC_SUBDEV_S_FMT', `0xc0585605')
+define(`VIDIOC_SUBDEV_S_FRAME_INTERVAL', `0xc0305616')
+define(`VIDIOC_SUBDEV_S_SELECTION', `0xc040563e')
+define(`VIDIOC_SUBSCRIBE_EVENT', `0x4020565a')
+define(`VIDIOC_TRY_DECODER_CMD', `0xc0485661')
+define(`VIDIOC_TRY_ENCODER_CMD', `0xc028564e')
+define(`VIDIOC_TRY_EXT_CTRLS', `0xc0205649')
+define(`VIDIOC_TRY_FMT', `0xc0d05640')
+define(`VIDIOC_UNSUBSCRIBE_EVENT', `0x4020565b')
define(`VIDIOC_VSP1_LUT_CONFIG', `0xc40056c1')
-define(`BTRFS_IOC_SCRUB', `0xc400941b')
-define(`BTRFS_IOC_SCRUB_PROGRESS', `0xc400941d')
-define(`BTRFS_IOC_BALANCE_V2', `0xc4009420')
-define(`BTRFS_IOC_GET_DEV_STATS', `0xc4089434')
-define(`SNDRV_CTL_IOCTL_ELEM_READ', `0xc4c85512')
-define(`SNDRV_CTL_IOCTL_ELEM_WRITE', `0xc4c85513')
-define(`BTRFS_IOC_DEV_REPLACE', `0xca289435')
-define(`SNDCTL_COPR_SENDMSG', `0xcfa44308')
-define(`SNDCTL_SYNTH_CONTROL', `0xcfa45115')
-define(`SNDCTL_COPR_LOAD', `0xcfb04301')
-define(`BTRFS_IOC_TREE_SEARCH', `0xd0009411')
-define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412')
-define(`BTRFS_IOC_DEV_INFO', `0xd000941e')
-define(`HIDIOCGUSAGES', `0xd01c4813')
-define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311')
-define(`WAN_IOC_ADD_FLT_RULE', `0x00006900')
+define(`VPFE_CMD_S_CCDC_RAW_PARAMS', `0x400856c1')
+define(`VT_ACTIVATE', `0x00005606')
+define(`VT_DISALLOCATE', `0x00005608')
+define(`VT_GETHIFONTMASK', `0x0000560d')
+define(`VT_GETMODE', `0x00005601')
+define(`VT_GETSTATE', `0x00005603')
+define(`VT_LOCKSWITCH', `0x0000560b')
+define(`VT_OPENQRY', `0x00005600')
+define(`VT_RELDISP', `0x00005605')
+define(`VT_RESIZE', `0x00005609')
+define(`VT_RESIZEX', `0x0000560a')
+define(`VT_SENDSIG', `0x00005604')
+define(`VT_SETACTIVATE', `0x0000560f')
+define(`VT_SETMODE', `0x00005602')
+define(`VT_UNLOCKSWITCH', `0x0000560c')
+define(`VT_WAITACTIVE', `0x00005607')
+define(`VT_WAITEVENT', `0x0000560e')
define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902')
-define(`PPPIOCGL2TPSTATS', `0x7436')
-define(`PPPIOCGCHAN', `0x7437')
-define(`PPPIOCATTCHAN', `0x7438')
-define(`PPPIOCDISCONN', `0x7439')
-define(`PPPIOCCONNECT', `0x743a')
-define(`PPPIOCSMRRU', `0x743b')
-define(`PPPIOCDETACH', `0x743c')
-define(`PPPIOCATTACH', `0x743d')
-define(`PPPIOCNEWUNIT', `0x743e')
-define(`PPPIOCGIDLE', `0x743f')
-define(`PPPIOCSDEBUG', `0x7440')
-define(`PPPIOCGDEBUG', `0x7441')
-define(`PPPIOCSACTIVE', `0x7446')
-define(`PPPIOCSPASS', `0x7447')
-define(`PPPIOCSNPMODE', `0x744b')
-define(`PPPIOCGNPMODE', `0x744c')
-define(`PPPIOCSCOMPRESS', `0x744d')
-define(`PPPIOCXFERUNIT', `0x744e')
-define(`PPPIOCSXASYNCMAP', `0x744f')
-define(`PPPIOCGXASYNCMAP', `0x7450')
-define(`PPPIOCSMAXCID', `0x7451')
-define(`PPPIOCSMRU', `0x7452')
-define(`PPPIOCGMRU', `0x7453')
-define(`PPPIOCSRASYNCMAP', `0x7454')
-define(`PPPIOCGRASYNCMAP', `0x7455')
-define(`PPPIOCGUNIT', `0x7456')
-define(`PPPIOCSASYNCMAP', `0x7457')
-define(`PPPIOCGASYNCMAP', `0x7458')
-define(`PPPIOCSFLAGS', `0x7459')
-define(`PPPIOCGFLAGS', `0x745a')
-define(`PPPIOCGCALLINFO', `0x7480')
-define(`PPPIOCBUNDLE', `0x7481')
-define(`PPPIOCGMPFLAGS', `0x7482')
-define(`PPPIOCSMPFLAGS', `0x7483')
-define(`PPPIOCSMPMTU', `0x7484')
-define(`PPPIOCSMPMRU', `0x7485')
-define(`PPPIOCGCOMPRESSORS', `0x7486')
-define(`PPPIOCSCOMPRESSOR', `0x7487')
-define(`PPPIOCGIFNAME', `0x7488')
+define(`WAN_IOC_ADD_FLT_RULE', `0x00006900')
+define(`WDIOC_GETBOOTSTATUS', `0x80045702')
+define(`WDIOC_GETPRETIMEOUT', `0x80045709')
+define(`WDIOC_GETSTATUS', `0x80045701')
+define(`WDIOC_GETSUPPORT', `0x80285700')
+define(`WDIOC_GETTEMP', `0x80045703')
+define(`WDIOC_GETTIMELEFT', `0x8004570a')
+define(`WDIOC_GETTIMEOUT', `0x80045707')
+define(`WDIOC_KEEPALIVE', `0x80045705')
+define(`WDIOC_SETOPTIONS', `0x80045704')
+define(`WDIOC_SETPRETIMEOUT', `0xc0045708')
+define(`WDIOC_SETTIMEOUT', `0xc0045706')
+define(`WRITE_RAID_INFO', `0x00000925')
+define(`X86_IOC_RDMSR_REGS', `0xc02063a0')
+define(`X86_IOC_WRMSR_REGS', `0xc02063a1')
+define(`ZATM_GETPOOL', `0x40106161')
+define(`ZATM_GETPOOLZ', `0x40106162')
+define(`ZATM_SETPOOL', `0x40106163')
diff --git a/public/ioctl_macros b/public/ioctl_macros
index f7081d5..5cbfae5 100644
--- a/public/ioctl_macros
+++ b/public/ioctl_macros
@@ -43,14 +43,14 @@
# commonly used ioctls on unix sockets
define(`unpriv_unix_sock_ioctls', `{
- TIOCOUTQ FIOCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD
+ TIOCOUTQ FIOCLEX FIONCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD
}')
# commonly used TTY ioctls
# merge with unpriv_unix_sock_ioctls?
define(`unpriv_tty_ioctls', `{
- TIOCOUTQ FIOCLEX TCGETS TCSETS TIOCGWINSZ TIOCSWINSZ TIOCSCTTY TCSETSW
- TCFLSH TIOCSPGRP TIOCGPGRP
+ TIOCOUTQ FIOCLEX FIONCLEX TCGETS TCSETS TIOCGWINSZ TIOCSWINSZ TIOCSCTTY
+ TCSETSW TCFLSH TIOCSPGRP TIOCGPGRP
}')
# point to point ioctls
diff --git a/public/iorapd.te b/public/iorapd.te
new file mode 100644
index 0000000..c056943
--- /dev/null
+++ b/public/iorapd.te
@@ -0,0 +1,75 @@
+# volume manager
+type iorapd, domain;
+type iorapd_exec, exec_type, file_type, system_file_type;
+
+r_dir_file(iorapd, rootfs)
+
+# Allow read/write /proc/sys/vm/drop/caches
+allow iorapd proc_drop_caches:file rw_file_perms;
+
+# Give iorapd a place where only iorapd can store files; everyone else is off limits
+allow iorapd iorapd_data_file:dir create_dir_perms;
+allow iorapd iorapd_data_file:file create_file_perms;
+
+# Allow iorapd to publish a binder service and make binder calls.
+binder_use(iorapd)
+add_service(iorapd, iorapd_service)
+
+# Allow iorapd to call into the system server so it can check permissions.
+binder_call(iorapd, system_server)
+allow iorapd permission_service:service_manager find;
+# IUserManager
+allow iorapd user_service:service_manager find;
+# IPackageManagerNative
+allow iorapd package_native_service:service_manager find;
+
+# talk to batteryservice
+binder_call(iorapd, healthd)
+
+# TODO: does each of the service_manager allow finds above need the binder_call?
+
+# iorapd temporarily changes its priority when running benchmarks
+allow iorapd self:global_capability_class_set sys_nice;
+
+
+###
+### neverallow rules
+###
+
+neverallow {
+ domain
+ -iorapd
+} iorapd_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
+
+neverallow {
+ domain
+ -init
+ -iorapd
+} iorapd_data_file:dir *;
+
+neverallow {
+ domain
+ -kernel
+ -iorapd
+} iorapd_data_file:notdevfile_class_set ~{ relabelto getattr };
+
+neverallow {
+ domain
+ -init
+ -kernel
+ -vendor_init
+ -iorapd
+} { iorapd_data_file }:notdevfile_class_set *;
+
+# Only system_server can interact with iorapd over binder
+neverallow { domain -system_server -iorapd } iorapd_service:service_manager find;
+neverallow iorapd {
+ domain
+ -healthd
+ -servicemanager
+ -system_server
+ userdebug_or_eng(`-su')
+}:binder call;
+
+neverallow { domain -init } iorapd:process { transition dyntransition };
+neverallow iorapd domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/kernel.te b/public/kernel.te
index b7a351c..d20bc47 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -62,7 +62,7 @@
# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountObbNormal
# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountTwoObbs
allow kernel vold:fd use;
-allow kernel app_data_file:file read;
+allow kernel { app_data_file privapp_data_file }:file read;
allow kernel asec_image_file:file read;
# Allow reading loop device in update_engine_unittests. (b/28319454)
@@ -79,7 +79,22 @@
allow kernel media_rw_data_file:file create_file_perms;
# Access to /data/misc/vold/virtual_disk.
-allow kernel vold_data_file:file read;
+allow kernel vold_data_file:file { read write };
+
+# Allow the first-stage init (which is running in the kernel domain) to execute the
+# dynamic linker when it re-executes /init to switch into the second stage.
+# Until Linux 4.8, the program interpreter (dynamic linker in this case) is executed
+# before the domain is switched to the target domain. So, we need to allow the kernel
+# domain (the source domain) to execute the dynamic linker (system_file type).
+# TODO(b/110147943) remove these allow rules when we no longer need to support Linux
+# kernel older than 4.8.
+allow kernel system_file:file execute;
+# The label for the dynamic linker is rootfs in the recovery partition. This is because
+# the recovery partition which is rootfs does not support xattr and thus labeling can't be
+# done at build-time. All files are by default labeled as rootfs upon booting.
+recovery_only(`
+ allow kernel rootfs:file execute;
+')
###
### neverallow rules
@@ -103,3 +118,6 @@
# Instead of adding dac_{read_search,override}, fix the unix permissions
# on files being accessed.
neverallow kernel self:global_capability_class_set { dac_override dac_read_search };
+
+# Nobody should be ptracing kernel threads
+neverallow * kernel:process ptrace;
diff --git a/public/keystore.te b/public/keystore.te
index 49355bd..e869f32 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -1,5 +1,5 @@
type keystore, domain;
-type keystore_exec, exec_type, file_type;
+type keystore_exec, system_file_type, exec_type, file_type;
# keystore daemon
typeattribute keystore mlstrustedsubject;
diff --git a/public/llkd.te b/public/llkd.te
new file mode 100644
index 0000000..1faa429
--- /dev/null
+++ b/public/llkd.te
@@ -0,0 +1,3 @@
+# llkd Live LocK Daemon
+type llkd, domain, mlstrustedsubject;
+type llkd_exec, system_file_type, exec_type, file_type;
diff --git a/public/lmkd.te b/public/lmkd.te
index 472946e..0fc5d0f 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -1,8 +1,8 @@
# lmkd low memory killer daemon
type lmkd, domain, mlstrustedsubject;
-type lmkd_exec, exec_type, file_type;
+type lmkd_exec, system_file_type, exec_type, file_type;
-allow lmkd self:global_capability_class_set { dac_override sys_resource kill };
+allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill };
# lmkd locks itself in memory, to prevent it from being
# swapped out and unable to kill other memory hogs.
@@ -35,6 +35,9 @@
allow lmkd proc_zoneinfo:file r_file_perms;
+# Set sys.lmk.* properties.
+set_prop(lmkd, system_lmk_prop)
+
# live lock watchdog process allowed to look through /proc/
allow lmkd domain:dir { search open read };
allow lmkd domain:file { open read };
@@ -46,6 +49,9 @@
# Read /proc/meminfo
allow lmkd proc_meminfo:file r_file_perms;
+# Allow lmkd to write to statsd.
+unix_socket_send(lmkd, statsdw, statsd)
+
### neverallow rules
# never honor LD_PRELOAD
diff --git a/public/logd.te b/public/logd.te
index 817a705..a26aa25 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -1,12 +1,11 @@
# android user-space log manager
type logd, domain, mlstrustedsubject;
-type logd_exec, exec_type, file_type;
+type logd_exec, system_file_type, exec_type, file_type;
# Read access to pseudo filesystems.
r_dir_file(logd, cgroup)
r_dir_file(logd, proc_kmsg)
r_dir_file(logd, proc_meminfo)
-r_dir_file(logd, proc_net)
allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
allow logd self:global_capability2_class_set syslog;
@@ -53,13 +52,13 @@
neverallow logd domain:process ptrace;
# ... and nobody may ptrace me (except on userdebug or eng builds)
-neverallow { domain userdebug_or_eng(`-crash_dump') } logd:process ptrace;
+neverallow { domain userdebug_or_eng(`-crash_dump -llkd') } logd:process ptrace;
# Write to /system.
neverallow logd system_file:dir_file_class_set write;
# Write to files in /data/data or system files on /data
-neverallow logd { app_data_file system_data_file }:dir_file_class_set write;
+neverallow logd { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
# Only init is allowed to enter the logd domain via exec()
neverallow { domain -init } logd:process transition;
diff --git a/public/logpersist.te b/public/logpersist.te
index 7536cb8..c7cab80 100644
--- a/public/logpersist.te
+++ b/public/logpersist.te
@@ -13,7 +13,7 @@
neverallow logpersist domain:process ptrace;
# Write to files in /data/data or system files on /data except misc_logd_file
-neverallow logpersist { app_data_file system_data_file }:dir_file_class_set write;
+neverallow logpersist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write;
# Only init should be allowed to enter the logpersist domain via exec()
# Following is a list of debug domains we know that transition to logpersist
diff --git a/public/mediacodec.te b/public/mediacodec.te
deleted file mode 100644
index e5b4a7d..0000000
--- a/public/mediacodec.te
+++ /dev/null
@@ -1,70 +0,0 @@
-# mediacodec - audio and video codecs live here
-type mediacodec, domain;
-type mediacodec_exec, exec_type, vendor_file_type, file_type;
-
-typeattribute mediacodec mlstrustedsubject;
-
-# TODO(b/36375899) attributize this domain appropriately as hal_omx
-# and use macro hal_server_domain
-get_prop(mediacodec, hwservicemanager_prop)
-
-# can route /dev/binder traffic to /dev/vndbinder
-vndbinder_use(mediacodec)
-
-not_full_treble(`
- # on legacy devices, continue to allow /dev/binder traffic
- binder_use(mediacodec)
- binder_service(mediacodec)
- add_service(mediacodec, mediacodec_service)
- allow mediacodec mediametrics_service:service_manager find;
- allow mediacodec surfaceflinger_service:service_manager find;
-')
-binder_call(mediacodec, binderservicedomain)
-binder_call(mediacodec, appdomain)
-
-# Allow mediacodec access to composer sync fences
-allow mediacodec hal_graphics_composer:fd use;
-
-allow mediacodec gpu_device:chr_file rw_file_perms;
-allow mediacodec video_device:chr_file rw_file_perms;
-allow mediacodec video_device:dir search;
-allow mediacodec ion_device:chr_file rw_file_perms;
-allow mediacodec hal_camera:fd use;
-
-crash_dump_fallback(mediacodec)
-
-add_hwservice(mediacodec, hal_codec2_hwservice)
-add_hwservice(mediacodec, hal_omx_hwservice)
-
-hal_client_domain(mediacodec, hal_allocator)
-
-hal_client_domain(mediacodec, hal_cas)
-
-# allocate and use graphic buffers
-hal_client_domain(mediacodec, hal_graphics_allocator)
-
-# Recieve gralloc buffer FDs from bufferhubd. Note that mediacodec never
-# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
-# between those two: it talks to mediacodec via Binder and talks to bufferhubd
-# via PDX. Thus, there is no need to use pdx_client macro.
-allow mediacodec bufferhubd:fd use;
-
-###
-### neverallow rules
-###
-
-# mediacodec should never execute any executable without a
-# domain transition
-neverallow mediacodec { file_type fs_type }:file execute_no_trans;
-
-# The goal of the mediaserver split is to place media processing code into
-# restrictive sandboxes with limited responsibilities and thus limited
-# permissions. Example: Audioserver is only responsible for controlling audio
-# hardware and processing audio content. Cameraserver does the same for camera
-# hardware/content. Etc.
-#
-# Media processing code is inherently risky and thus should have limited
-# permissions and be isolated from the rest of the system and network.
-# Lengthier explanation here:
-# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
-neverallow mediacodec domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/mediadrmserver.te b/public/mediadrmserver.te
index 123cb29..a52295e 100644
--- a/public/mediadrmserver.te
+++ b/public/mediadrmserver.te
@@ -1,6 +1,6 @@
# mediadrmserver - mediadrm daemon
type mediadrmserver, domain;
-type mediadrmserver_exec, exec_type, file_type;
+type mediadrmserver_exec, system_file_type, exec_type, file_type;
typeattribute mediadrmserver mlstrustedsubject;
@@ -18,7 +18,9 @@
allow mediadrmserver surfaceflinger_service:service_manager find;
allow mediadrmserver system_file:dir r_dir_perms;
-binder_call(mediadrmserver, mediacodec)
+# TODO(b/80317992): remove
+binder_call(mediadrmserver, hal_omx_server)
+
###
### neverallow rules
###
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index b055462..8f58868 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -1,6 +1,6 @@
# mediaextractor - multimedia daemon
type mediaextractor, domain;
-type mediaextractor_exec, exec_type, file_type;
+type mediaextractor_exec, system_file_type, exec_type, file_type;
typeattribute mediaextractor mlstrustedsubject;
@@ -25,7 +25,7 @@
# allow mediaextractor read permissions for file sources
allow mediaextractor sdcardfs:file { getattr read };
allow mediaextractor media_rw_data_file:file { getattr read };
-allow mediaextractor app_data_file:file { getattr read };
+allow mediaextractor { app_data_file privapp_data_file }:file { getattr read };
# Read resources from open apk files passed over Binder
allow mediaextractor apk_data_file:file { read getattr };
@@ -37,7 +37,7 @@
userdebug_or_eng(`
# Allow extractor to add update service.
- add_service(mediaextractor, mediaextractor_update_service)
+ allow mediaextractor mediaextractor_update_service:service_manager { find add };
# Allow extractor to load media extractor plugins from update apk.
allow mediaextractor apk_data_file:dir search;
diff --git a/public/mediametrics.te b/public/mediametrics.te
index ada90cc..622e169 100644
--- a/public/mediametrics.te
+++ b/public/mediametrics.te
@@ -1,6 +1,6 @@
# mediametrics - daemon for collecting media.metrics data
type mediametrics, domain;
-type mediametrics_exec, exec_type, file_type;
+type mediametrics_exec, system_file_type, exec_type, file_type;
binder_use(mediametrics)
@@ -15,7 +15,7 @@
allow mediametrics proc_meminfo:file r_file_perms;
# allows interactions with dumpsys to GMScore
-allow mediametrics app_data_file:file write;
+allow mediametrics { app_data_file privapp_data_file }:file write;
# allow access to package manager for uid->apk mapping
allow mediametrics package_native_service:service_manager find;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index f0c94ed..540c039 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -1,12 +1,9 @@
# mediaserver - multimedia daemon
type mediaserver, domain;
-type mediaserver_exec, exec_type, file_type;
+type mediaserver_exec, system_file_type, exec_type, file_type;
typeattribute mediaserver mlstrustedsubject;
-# TODO(b/36375899): replace with hal_client_domain macro on hal_omx
-typeattribute mediaserver halclientdomain;
-
net_domain(mediaserver)
r_dir_file(mediaserver, sdcard_type)
@@ -30,8 +27,7 @@
allow mediaserver media_data_file:dir create_dir_perms;
allow mediaserver media_data_file:file create_file_perms;
-allow mediaserver app_data_file:dir search;
-allow mediaserver app_data_file:file rw_file_perms;
+allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write };
allow mediaserver sdcard_type:file write;
allow mediaserver gpu_device:chr_file rw_file_perms;
allow mediaserver video_device:dir r_dir_perms;
@@ -60,10 +56,6 @@
# Grant access to read files on appfuse.
allow mediaserver app_fuse_file:file { read getattr };
-# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
-allow mediaserver qtaguid_proc:file rw_file_perms;
-allow mediaserver qtaguid_device:chr_file r_file_perms;
-
# Needed on some devices for playing DRM protected content,
# but seems expected and appropriate for all devices.
unix_socket_connect(mediaserver, drmserver, drmserver)
@@ -99,6 +91,9 @@
allow mediaserver oemfs:dir search;
allow mediaserver oemfs:file r_file_perms;
+# /vendor apk access
+allow mediaserver vendor_app_file:file { read map getattr };
+
use_drmservice(mediaserver)
allow mediaserver drmserver:drmservice {
consumeRights
@@ -133,8 +128,6 @@
hal_client_domain(mediaserver, hal_allocator)
-binder_call(mediaserver, mediacodec)
-
###
### neverallow rules
###
diff --git a/public/mediaswcodec.te b/public/mediaswcodec.te
new file mode 100644
index 0000000..9702562
--- /dev/null
+++ b/public/mediaswcodec.te
@@ -0,0 +1,18 @@
+type mediaswcodec, domain;
+type mediaswcodec_exec, system_file_type, exec_type, file_type;
+
+typeattribute mediaswcodec halserverdomain;
+typeattribute mediaswcodec mediaswcodec_server;
+
+hal_client_domain(mediaswcodec, hal_allocator)
+hal_client_domain(mediaswcodec, hal_graphics_allocator)
+
+userdebug_or_eng(`
+ binder_use(mediaswcodec)
+ # Add mediaextractor_update_service service
+ allow mediaswcodec mediaextractor_update_service:service_manager { find add };
+
+ # Allow mediaswcodec to load libs from update apk.
+ allow mediaswcodec apk_data_file:file { open read execute getattr map };
+ allow mediaswcodec apk_data_file:dir { search getattr };
+')
diff --git a/public/mtp.te b/public/mtp.te
index 7256bcf..c744343 100644
--- a/public/mtp.te
+++ b/public/mtp.te
@@ -1,6 +1,6 @@
# vpn tunneling protocol manager
type mtp, domain;
-type mtp_exec, exec_type, file_type;
+type mtp_exec, system_file_type, exec_type, file_type;
net_domain(mtp)
diff --git a/public/netd.te b/public/netd.te
index 18113e7..241380b 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -1,6 +1,6 @@
# network manager
type netd, domain, mlstrustedsubject;
-type netd_exec, exec_type, file_type;
+type netd_exec, system_file_type, exec_type, file_type;
net_domain(netd)
# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
@@ -34,16 +34,16 @@
# Acquire advisory lock on /system/etc/xtables.lock
allow netd system_file:file lock;
-# Allow netd to write to qtaguid ctrl file. This is the same privilege level that normal apps have
-# TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
-# complete
-allow netd qtaguid_proc:file rw_file_perms;
+# Allow netd to write to qtaguid ctrl file.
+# TODO: Add proper rules to prevent other process to access qtaguid_proc file
+# after migration complete
+allow netd proc_qtaguid_ctrl:file rw_file_perms;
# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
allow netd qtaguid_device:chr_file r_file_perms;
-r_dir_file(netd, proc_net)
+r_dir_file(netd, proc_net_type)
# For /proc/sys/net/ipv[46]/route/flush.
-allow netd proc_net:file rw_file_perms;
+allow netd proc_net_type:file rw_file_perms;
# Enables PppController and interface enumeration (among others)
allow netd sysfs:dir r_dir_perms;
@@ -61,7 +61,7 @@
# TODO: netd previously thought it needed these permissions to do WiFi related
# work. However, after all the WiFi stuff is gone, we still need them.
# Why?
-allow netd self:global_capability_class_set { dac_override chown };
+allow netd self:global_capability_class_set { dac_override dac_read_search chown };
# Needed to update /data/misc/net/rt_tables
allow netd net_data_file:file create_file_perms;
@@ -94,6 +94,7 @@
# Allow netd to operate on sockets that are passed to it.
allow netd netdomain:{
+ icmp_socket
tcp_socket
udp_socket
rawip_socket
@@ -127,7 +128,7 @@
neverallow netd system_file:dir_file_class_set write;
# Write to files in /data/data or system files on /data
-neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
+neverallow netd { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
# only system_server and dumpstate may find netd service
neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
@@ -146,3 +147,12 @@
# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
+
+# If an already existing file is opened with O_CREATE, the kernel might generate
+# a false report of a create denial. Silence these denials and make sure that
+# inappropriate permissions are not granted.
+neverallow netd proc_net:dir no_w_dir_perms;
+dontaudit netd proc_net:dir write;
+
+neverallow netd sysfs_net:dir no_w_dir_perms;
+dontaudit netd sysfs_net:dir write;
diff --git a/public/netutils_wrapper.te b/public/netutils_wrapper.te
index c844762..27aa749 100644
--- a/public/netutils_wrapper.te
+++ b/public/netutils_wrapper.te
@@ -1,4 +1,4 @@
type netutils_wrapper, domain;
-type netutils_wrapper_exec, exec_type, file_type;
+type netutils_wrapper_exec, system_file_type, exec_type, file_type;
neverallow domain netutils_wrapper_exec:file execute_no_trans;
diff --git a/public/otapreopt_chroot.te b/public/otapreopt_chroot.te
index 894363a..902708b 100644
--- a/public/otapreopt_chroot.te
+++ b/public/otapreopt_chroot.te
@@ -1,6 +1,6 @@
# otapreopt_chroot executable
type otapreopt_chroot, domain;
-type otapreopt_chroot_exec, exec_type, file_type;
+type otapreopt_chroot_exec, system_file_type, exec_type, file_type;
# Chroot preparation and execution.
# We need to create an unshared mount namespace, and then mount /data.
diff --git a/public/otapreopt_slot.te b/public/otapreopt_slot.te
index 6551864..5726e2e 100644
--- a/public/otapreopt_slot.te
+++ b/public/otapreopt_slot.te
@@ -4,7 +4,7 @@
# from /data/ota to /data/dalvik-cache.
type otapreopt_slot, domain, mlstrustedsubject;
-type otapreopt_slot_exec, exec_type, file_type;
+type otapreopt_slot_exec, system_file_type, exec_type, file_type;
# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up
diff --git a/public/performanced.te b/public/performanced.te
index 248d345..7dcb5ea 100644
--- a/public/performanced.te
+++ b/public/performanced.te
@@ -1,6 +1,6 @@
# performanced
type performanced, domain, mlstrustedsubject;
-type performanced_exec, exec_type, file_type;
+type performanced_exec, system_file_type, exec_type, file_type;
# Needed to check for app permissions.
binder_use(performanced)
diff --git a/public/perfprofd.te b/public/perfprofd.te
index f067af5..a0fcf37 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -1,6 +1,6 @@
# perfprofd - perf profile collection daemon
type perfprofd, domain;
-type perfprofd_exec, exec_type, file_type;
+type perfprofd_exec, system_file_type, exec_type, file_type;
userdebug_or_eng(`
@@ -21,9 +21,9 @@
allow perfprofd system_file:file rx_file_perms;
# perfprofd reads a config file from /data/data/com.google.android.gms/files
- allow perfprofd app_data_file:file r_file_perms;
- allow perfprofd app_data_file:dir search;
- allow perfprofd self:global_capability_class_set { dac_override };
+ allow perfprofd { privapp_data_file app_data_file }:file r_file_perms;
+ allow perfprofd { privapp_data_file app_data_file }:dir search;
+ allow perfprofd self:global_capability_class_set { dac_override dac_read_search };
# perfprofd opens a file for writing in /data/misc/perfprofd
allow perfprofd perfprofd_data_file:file create_file_perms;
@@ -39,8 +39,8 @@
# perfprofd looks at thermals.
allow perfprofd sysfs_thermal:dir r_dir_perms;
- # perfprofd checks power_supply.
- r_dir_file(perfprofd, sysfs_batteryinfo)
+ # perfprofd gets charging status.
+ hal_client_domain(perfprofd, hal_health)
# simpleperf reads kernel notes.
allow perfprofd sysfs_kernel_notes:file r_file_perms;
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index ffd8bc5..8b6d6cc 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -5,7 +5,7 @@
type postinstall_dexopt, domain;
-allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid };
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
diff --git a/public/ppp.te b/public/ppp.te
index 9340dee..0fc3bee 100644
--- a/public/ppp.te
+++ b/public/ppp.te
@@ -1,11 +1,11 @@
# Point to Point Protocol daemon
type ppp, domain;
type ppp_device, dev_type;
-type ppp_exec, exec_type, file_type;
+type ppp_exec, system_file_type, exec_type, file_type;
net_domain(ppp)
-r_dir_file(ppp, proc_net)
+r_dir_file(ppp, proc_net_type)
allow ppp mtp:socket rw_socket_perms;
diff --git a/public/preopt2cachename.te b/public/preopt2cachename.te
index 49df647..de70c9f 100644
--- a/public/preopt2cachename.te
+++ b/public/preopt2cachename.te
@@ -3,11 +3,14 @@
# This executable translates names from the preopted versions the build system
# creates to the names the runtime expects in the data directory.
type preopt2cachename, domain;
-type preopt2cachename_exec, exec_type, file_type;
+type preopt2cachename_exec, system_file_type, exec_type, file_type;
# Allow write to stdout.
allow preopt2cachename cppreopts:fd use;
allow preopt2cachename cppreopts:fifo_file { getattr read write };
# Allow write to logcat.
-allow preopt2cachename proc_net:file r_file_perms;
+allow preopt2cachename proc_net_type:file r_file_perms;
+userdebug_or_eng(`
+ auditallow preopt2cachename proc_net_type:{ dir file lnk_file } { getattr open read };
+')
diff --git a/public/profman.te b/public/profman.te
index 4296d1b..8ff6271 100644
--- a/public/profman.te
+++ b/public/profman.te
@@ -1,29 +1,29 @@
# profman
type profman, domain;
-type profman_exec, exec_type, file_type;
+type profman_exec, system_file_type, exec_type, file_type;
-allow profman user_profile_data_file:file { getattr read write lock };
+allow profman user_profile_data_file:file { getattr read write lock map };
# Dumping profile info opens the application APK file for pretty printing.
-allow profman asec_apk_file:file { read };
-allow profman apk_data_file:file { getattr read };
+allow profman asec_apk_file:file { read map };
+allow profman apk_data_file:file { getattr read map };
allow profman apk_data_file:dir { getattr read search };
-allow profman oemfs:file { read };
+allow profman oemfs:file { read map };
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
-allow profman tmpfs:file { read };
-allow profman profman_dump_data_file:file { write };
+allow profman tmpfs:file { read map };
+allow profman profman_dump_data_file:file { write map };
allow profman installd:fd use;
# Allow profman to analyze profiles for the secondary dex files. These
# are application dex files reported back to the framework when using
# BaseDexClassLoader.
-allow profman app_data_file:file { getattr read write lock };
-allow profman app_data_file:dir { getattr read search };
+allow profman { privapp_data_file app_data_file }:file { getattr read write lock map };
+allow profman { privapp_data_file app_data_file }:dir { getattr read search };
###
### neverallow rules
###
-neverallow profman app_data_file:notdevfile_class_set open;
+neverallow profman { privapp_data_file app_data_file }:notdevfile_class_set open;
diff --git a/public/property.te b/public/property.te
index 09200b8..0457300 100644
--- a/public/property.te
+++ b/public/property.te
@@ -5,6 +5,7 @@
type bootloader_boot_reason_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
+type ctl_adbd_prop, property_type;
type ctl_bootanim_prop, property_type;
type ctl_bugreport_prop, property_type;
type ctl_console_prop, property_type;
@@ -34,6 +35,8 @@
type firstboot_prop, property_type;
type hwservicemanager_prop, property_type;
type last_boot_reason_prop, property_type;
+type system_lmk_prop, property_type;
+type llkd_prop, property_type;
type logd_prop, property_type, core_property_type;
type logpersistd_logging_prop, property_type;
type log_prop, property_type, log_property_type;
@@ -59,6 +62,7 @@
type system_prop, property_type, core_property_type;
type system_radio_prop, property_type, core_property_type;
type test_boot_reason_prop, property_type;
+type time_prop, property_type;
type traced_enabled_prop, property_type;
type vold_prop, property_type, core_property_type;
type wifi_log_prop, property_type, log_property_type;
@@ -66,6 +70,7 @@
type vendor_security_patch_level_prop, property_type;
# Properties for whitelisting
+type exported_audio_prop, property_type;
type exported_bluetooth_prop, property_type;
type exported_config_prop, property_type;
type exported_dalvik_prop, property_type;
@@ -96,6 +101,12 @@
### Neverallow rules
###
+# There is no need to perform ioctl or advisory locking operations on
+# property files. If this neverallow is being triggered, it is
+# likely that the policy is using r_file_perms directly instead of
+# the get_prop() macro.
+neverallow domain property_type:file { ioctl lock };
+
# core_property_type should not be used for new properties or
# device specific properties. Properties with this attribute
# are readable to everyone, which is overly broad and should
@@ -325,6 +336,7 @@
-boottime_prop
-config_prop
-cppreopt_prop
+ -ctl_adbd_prop
-ctl_bootanim_prop
-ctl_bugreport_prop
-ctl_console_prop
@@ -377,6 +389,7 @@
-firstboot_prop
-hwservicemanager_prop
-last_boot_reason_prop
+ -system_lmk_prop
-log_prop
-log_tag_prop
-logd_prop
@@ -402,6 +415,7 @@
-system_prop
-system_radio_prop
-test_boot_reason_prop
+ -time_prop
-traced_enabled_prop
-vendor_default_prop
-vendor_security_patch_level_prop
diff --git a/public/property_contexts b/public/property_contexts
index 842a885..07b5892 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -3,10 +3,14 @@
# vendor-init-settable
af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
+audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
@@ -16,6 +20,7 @@
dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
@@ -55,8 +60,6 @@
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.stack-trace-dir u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
@@ -64,8 +67,10 @@
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
+media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
@@ -79,8 +84,12 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
+ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
@@ -89,29 +98,39 @@
ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
-ro.com.google.clientidbase u:object_r:exported3_default_prop:s0 exact string
ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
+ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
+ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
+ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
-ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact int
+ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
+ro.telephony.iwlan_operation_mode u:object_r:exported3_default_prop:s0 exact int
ro.url.legal u:object_r:exported3_default_prop:s0 exact string
ro.url.legal.android_privacy u:object_r:exported3_default_prop:s0 exact string
ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
@@ -120,20 +139,25 @@
sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool
sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
+sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
sys.usb.state u:object_r:exported2_system_prop:s0 exact string
telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
-# vendor-init-readable|vendor-init-actionable
+# vendor-init-readable
dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
+sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
+sys.vdso u:object_r:exported3_system_prop:s0 exact string
-# vendor-init-settable|vendor-init-actionable
+# vendor-init-settable
persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
@@ -148,10 +172,16 @@
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+init.svc.console u:object_r:exported2_default_prop:s0 exact string
+init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string
+init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string
+init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
+init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+persist.sys.locale u:object_r:exported_system_prop:s0 exact string
persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
ro.adb.secure u:object_r:exported_secure_prop:s0 exact int
ro.arch u:object_r:exported2_default_prop:s0 exact string
@@ -271,7 +301,7 @@
ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
-ro.kernel.qemu u:object_r:exported_default_prop:s0 exact int
+ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
ro.kernel.qemu. u:object_r:exported_default_prop:s0
ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
@@ -298,10 +328,11 @@
ro.vndk.lite u:object_r:exported_default_prop:s0 exact bool
ro.vndk.version u:object_r:exported_default_prop:s0 exact string
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
-# vendor-init-actionable|public-readable
+# public-readable
ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
ro.bootmode u:object_r:exported2_default_prop:s0 exact string
ro.build.type u:object_r:exported2_default_prop:s0 exact string
diff --git a/public/racoon.te b/public/racoon.te
index c759217..7d1247a 100644
--- a/public/racoon.te
+++ b/public/racoon.te
@@ -1,6 +1,6 @@
# IKE key management daemon
type racoon, domain;
-type racoon_exec, exec_type, file_type;
+type racoon_exec, system_file_type, exec_type, file_type;
typeattribute racoon mlstrustedsubject;
diff --git a/public/radio.te b/public/radio.te
index 8fb5ad6..05bfd8c 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -35,6 +35,8 @@
allow radio nfc_service:service_manager find;
allow radio app_api_service:service_manager find;
allow radio system_api_service:service_manager find;
+allow radio timedetector_service:service_manager find;
+allow radio timezonedetector_service:service_manager find;
# Perform HwBinder IPC.
hwbinder_use(radio)
diff --git a/public/recovery.te b/public/recovery.te
index 57ad202..9db6f5e 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -15,6 +15,7 @@
allow recovery self:global_capability_class_set {
chown
dac_override
+ dac_read_search
fowner
setuid
setgid
@@ -30,6 +31,7 @@
# Mount filesystems.
allow recovery rootfs:dir mounton;
+ allow recovery tmpfs:dir mounton;
allow recovery fs_type:filesystem ~relabelto;
allow recovery unlabeled:filesystem ~relabelto;
allow recovery contextmount_type:filesystem relabelto;
@@ -107,9 +109,6 @@
# Reboot the device
set_prop(recovery, powerctl_prop)
- # Start/stop adbd via ctl.start adbd
- set_prop(recovery, ctl_default_prop)
-
# Read serial number of the device from system properties
get_prop(recovery, serialno_prop)
@@ -117,6 +116,10 @@
set_prop(recovery, ffs_prop)
set_prop(recovery, exported_ffs_prop)
+ # Set sys.usb.config when switching into fastboot.
+ set_prop(recovery, system_radio_prop)
+ set_prop(recovery, exported_system_radio_prop)
+
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
diff --git a/public/recovery_persist.te b/public/recovery_persist.te
index 091d300..d4b4562 100644
--- a/public/recovery_persist.te
+++ b/public/recovery_persist.te
@@ -1,6 +1,6 @@
# android recovery persistent log manager
type recovery_persist, domain;
-type recovery_persist_exec, exec_type, file_type;
+type recovery_persist_exec, system_file_type, exec_type, file_type;
allow recovery_persist pstorefs:dir search;
allow recovery_persist pstorefs:file r_file_perms;
@@ -8,6 +8,11 @@
allow recovery_persist recovery_data_file:file create_file_perms;
allow recovery_persist recovery_data_file:dir create_dir_perms;
+allow recovery_persist cache_file:dir search;
+allow recovery_persist cache_file:lnk_file read;
+allow recovery_persist cache_recovery_file:dir rw_dir_perms;
+allow recovery_persist cache_recovery_file:file { r_file_perms unlink };
+
###
### Neverallow rules
###
@@ -23,5 +28,5 @@
neverallow recovery_persist system_file:dir_file_class_set write;
# Write to files in /data/data
-neverallow recovery_persist { app_data_file system_data_file }:dir_file_class_set write;
+neverallow recovery_persist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write;
diff --git a/public/recovery_refresh.te b/public/recovery_refresh.te
index 602ed51..d6870dc 100644
--- a/public/recovery_refresh.te
+++ b/public/recovery_refresh.te
@@ -1,6 +1,6 @@
# android recovery refresh log manager
type recovery_refresh, domain;
-type recovery_refresh_exec, exec_type, file_type;
+type recovery_refresh_exec, system_file_type, exec_type, file_type;
allow recovery_refresh pstorefs:dir search;
allow recovery_refresh pstorefs:file r_file_perms;
@@ -21,4 +21,4 @@
neverallow recovery_refresh system_file:dir_file_class_set write;
# Write to files in /data/data or system files on /data
-neverallow recovery_refresh { app_data_file system_data_file }:dir_file_class_set write;
+neverallow recovery_refresh { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
diff --git a/public/runas.te b/public/runas.te
index 053a87f..b1daa31 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -1,5 +1,5 @@
type runas, domain, mlstrustedsubject;
-type runas_exec, exec_type, file_type;
+type runas_exec, system_file_type, exec_type, file_type;
allow runas adbd:fd use;
allow runas adbd:process sigchld;
@@ -18,7 +18,7 @@
allow runas system_data_file:lnk_file read;
# run-as checks and changes to the app data dir.
-dontaudit runas self:global_capability_class_set dac_override;
+dontaudit runas self:global_capability_class_set { dac_override dac_read_search };
allow runas app_data_file:dir { getattr search };
# run-as switches to the app UID/GID.
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 4a88f54..6d9edfa 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -1,5 +1,5 @@
type sdcardd, domain;
-type sdcardd_exec, exec_type, file_type;
+type sdcardd_exec, system_file_type, exec_type, file_type;
allow sdcardd cgroup:dir create_dir_perms;
allow sdcardd fuse_device:chr_file rw_file_perms;
@@ -10,7 +10,7 @@
allow sdcardd storage_file:dir search;
allow sdcardd storage_stub_file:dir { search mounton };
allow sdcardd sdcard_type:filesystem { mount unmount };
-allow sdcardd self:global_capability_class_set { setuid setgid dac_override sys_admin sys_resource };
+allow sdcardd self:global_capability_class_set { setuid setgid dac_override dac_read_search sys_admin sys_resource };
allow sdcardd sdcard_type:dir create_dir_perms;
allow sdcardd sdcard_type:file create_file_perms;
diff --git a/public/service.te b/public/service.te
index 3526049..dd80f92 100644
--- a/public/service.te
+++ b/public/service.te
@@ -1,3 +1,4 @@
+type apex_service, service_manager_type;
type audioserver_service, service_manager_type;
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type bluetooth_service, service_manager_type;
@@ -9,6 +10,7 @@
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, service_manager_type;
+type iorapd_service, service_manager_type;
type inputflinger_service, service_manager_type;
type incident_service, service_manager_type;
type installd_service, service_manager_type;
@@ -32,12 +34,16 @@
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
type vr_hwc_service, service_manager_type;
+type vrflinger_vsync_service, service_manager_type;
# system_server_services broken down
type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type adb_service, system_server_service, service_manager_type;
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type app_binding_service, system_server_service, service_manager_type;
type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -54,7 +60,6 @@
type contexthub_service, app_api_service, system_server_service, service_manager_type;
type crossprofileapps_service, app_api_service, system_server_service, service_manager_type;
type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type commontime_management_service, system_server_service, service_manager_type;
type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -72,6 +77,7 @@
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type color_display_service, system_api_service, system_server_service, service_manager_type;
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type network_watchlist_service, system_server_service, service_manager_type;
@@ -80,6 +86,7 @@
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type lowpan_service, system_api_service, system_server_service, service_manager_type;
type ethernet_service, app_api_service, system_server_service, service_manager_type;
+type biometric_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -94,6 +101,7 @@
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type lock_settings_service, system_api_service, system_server_service, service_manager_type;
+type looper_stats_service, system_server_service, service_manager_type;
type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -139,11 +147,14 @@
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type timedetector_service, system_server_service, service_manager_type;
type timezone_service, system_server_service, service_manager_type;
+type timezonedetector_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type updatelock_service, system_api_service, system_server_service, service_manager_type;
+type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type usb_service, app_api_service, system_server_service, service_manager_type;
type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/servicemanager.te b/public/servicemanager.te
index 87e3a22..df20941 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -1,6 +1,6 @@
# servicemanager - the Binder context manager
type servicemanager, domain, mlstrustedsubject;
-type servicemanager_exec, exec_type, file_type;
+type servicemanager_exec, system_file_type, exec_type, file_type;
# Note that we do not use the binder_* macros here.
# servicemanager is unique in that it only provides
diff --git a/public/sgdisk.te b/public/sgdisk.te
index ca3096c..7a7ba82 100644
--- a/public/sgdisk.te
+++ b/public/sgdisk.te
@@ -1,6 +1,6 @@
# sgdisk called from vold
type sgdisk, domain;
-type sgdisk_exec, exec_type, file_type;
+type sgdisk_exec, system_file_type, exec_type, file_type;
# Allowed to read/write low-level partition tables
allow sgdisk block_device:dir search;
diff --git a/public/shared_relro.te b/public/shared_relro.te
index 8fe1fea..8e58e42 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -8,3 +8,4 @@
# Needs to contact the "webviewupdate" and "activity" services
allow shared_relro activity_service:service_manager find;
allow shared_relro webviewupdate_service:service_manager find;
+allow shared_relro package_service:service_manager find;
diff --git a/public/shell.te b/public/shell.te
index 307e103..cef1b0a 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -1,6 +1,6 @@
# Domain for shell processes spawned by ADB or console service.
type shell, domain, mlstrustedsubject;
-type shell_exec, exec_type, file_type;
+type shell_exec, system_file_type, exec_type, file_type;
# Create and use network sockets.
net_domain(shell)
@@ -45,8 +45,10 @@
allow shell devpts:chr_file rw_file_perms;
allow shell tty_device:chr_file rw_file_perms;
allow shell console_device:chr_file rw_file_perms;
+
allow shell input_device:dir r_dir_perms;
-allow shell input_device:chr_file rw_file_perms;
+allow shell input_device:chr_file r_file_perms;
+
r_dir_file(shell, system_file)
allow shell system_file:file x_file_perms;
allow shell toolbox_exec:file rx_file_perms;
@@ -102,9 +104,11 @@
# - dumpstate_service (so it can receive dumpstate progress updates)
allow shell {
service_manager_type
+ -apex_service
-gatekeeper_service
-incident_service
-installd_service
+ -iorapd_service
-netd_service
-virtual_touchpad_service
-vold_service
@@ -118,7 +122,7 @@
allow shell hwservicemanager:hwservice_manager list;
# allow shell to look through /proc/ for lsmod, ps, top, netstat.
-r_dir_file(shell, proc_net)
+r_dir_file(shell, proc_net_type)
allow shell {
proc_asound
@@ -127,6 +131,7 @@
proc_meminfo
proc_modules
proc_pid_max
+ proc_slabinfo
proc_stat
proc_timer
proc_uptime
@@ -142,7 +147,7 @@
allow shell domain:{ file lnk_file } { open read getattr };
# statvfs() of /proc and other labeled filesystems
-# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs)
+# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs, overlay)
allow shell { proc labeledfs }:filesystem getattr;
# stat() of /dev
@@ -198,6 +203,12 @@
# Allow shell to start up vendor shell
allow shell vendor_shell_exec:file rx_file_perms;
+# Everything is labeled as rootfs in recovery mode. Allow shell to
+# execute them.
+recovery_only(`
+ allow shell rootfs:file rx_file_perms;
+')
+
###
### Neverallow rules
###
@@ -224,3 +235,12 @@
# Limit shell to only getattr on blk devices for host side tests.
neverallow shell dev_type:blk_file ~getattr;
+
+# b/30861057: Shell access to existing input devices is an abuse
+# vector. The shell user can inject events that look like they
+# originate from the touchscreen etc.
+# Everyone should have already moved to UiAutomation#injectInputEvent
+# if they are running instrumentation tests (i.e. CTS), Monkey for
+# their stress tests, and the input command (adb shell input ...) for
+# injecting swipes and things.
+neverallow shell input_device:chr_file no_w_file_perms;
diff --git a/public/statsd.te b/public/statsd.te
new file mode 100644
index 0000000..603ee14
--- /dev/null
+++ b/public/statsd.te
@@ -0,0 +1,82 @@
+type statsd, domain, mlstrustedsubject;
+
+type statsd_exec, system_file_type, exec_type, file_type;
+binder_use(statsd)
+
+# Allow statsd to scan through /proc/pid for all processes.
+r_dir_file(statsd, domain)
+
+# Allow executing files on system, such as running a shell or running:
+# /system/bin/toolbox
+# /system/bin/logcat
+# /system/bin/dumpsys
+allow statsd devpts:chr_file { getattr ioctl read write };
+allow statsd shell_exec:file rx_file_perms;
+allow statsd system_file:file execute_no_trans;
+allow statsd toolbox_exec:file rx_file_perms;
+
+userdebug_or_eng(`
+ allow statsd su:fifo_file read;
+')
+
+# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
+allow statsd stats_data_file:dir create_dir_perms;
+allow statsd stats_data_file:file create_file_perms;
+
+# Allow statsd to make binder calls to any binder service.
+binder_call(statsd, appdomain)
+binder_call(statsd, healthd)
+binder_call(statsd, incidentd)
+userdebug_or_eng(`
+ binder_call(statsd, perfprofd)
+')
+binder_call(statsd, system_server)
+
+# Allow logd access.
+read_logd(statsd)
+control_logd(statsd)
+
+# Grant statsd with permissions to register the services.
+allow statsd {
+ app_api_service
+ incident_service
+ userdebug_or_eng(`
+ perfprofd_service
+ ')
+ system_api_service
+}:service_manager find;
+
+# Allow statsd to add as HIDL service.
+add_hwservice(statsd, fwk_stats_hwservice)
+
+# Grant statsd to access health hal to access battery metrics.
+allow statsd hal_health_hwservice:hwservice_manager find;
+
+# Allow statsd to send dump info to dumpstate
+allow statsd dumpstate:fd use;
+allow statsd dumpstate:fifo_file { getattr write };
+
+# Allow access to with hardware layer and process stats.
+allow statsd proc_uid_cputime_showstat:file { getattr open read };
+hal_client_domain(statsd, hal_health)
+hal_client_domain(statsd, hal_power)
+hal_client_domain(statsd, hal_thermal)
+
+# Allow 'adb shell cmd' to upload configs and download output.
+allow statsd adbd:fd use;
+allow statsd adbd:unix_stream_socket { getattr read write };
+allow statsd shell:fifo_file { getattr read };
+
+unix_socket_send(statsd, statsdw, statsd)
+
+###
+### neverallow rules
+###
+
+# Only statsd and the other root services in limited circumstances.
+# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
+# Other services are prohibitted from accessing the file.
+neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
+
+# Limited access to the directory itself.
+neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
diff --git a/public/su.te b/public/su.te
index 0312945..dad9c49 100644
--- a/public/su.te
+++ b/public/su.te
@@ -3,7 +3,7 @@
type su, domain;
# File types must be defined for file_contexts.
-type su_exec, exec_type, file_type;
+type su_exec, system_file_type, exec_type, file_type;
userdebug_or_eng(`
# Domain used for su processes, as well as for adbd and adb shell
@@ -19,7 +19,7 @@
dontaudit su self:capability_class_set *;
dontaudit su kernel:security *;
- dontaudit su kernel:system *;
+ dontaudit su { kernel file_type }:system *;
dontaudit su self:memprotect *;
dontaudit su domain:process *;
dontaudit su domain:fd *;
@@ -50,6 +50,7 @@
dontaudit su domain:drmservice *;
dontaudit su unlabeled:filesystem *;
dontaudit su postinstall_file:filesystem *;
+ dontaudit su domain:bpf *;
# VTS tests run in the permissive su domain on debug builds, but the HALs
# being tested run in enforcing mode. Because hal_foo_server is enforcing
@@ -57,6 +58,7 @@
# permission to interact with it.
typeattribute su halclientdomain;
typeattribute su hal_allocator_client;
+ typeattribute su hal_atrace_client;
typeattribute su hal_audio_client;
typeattribute su hal_authsecret_client;
typeattribute su hal_bluetooth_client;
@@ -84,6 +86,7 @@
typeattribute su hal_power_client;
typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
+ typeattribute su hal_system_suspend_client;
typeattribute su hal_telephony_client;
typeattribute su hal_tetheroffload_client;
typeattribute su hal_thermal_client;
diff --git a/public/swcodec_service_server.te b/public/swcodec_service_server.te
new file mode 100644
index 0000000..f20d990
--- /dev/null
+++ b/public/swcodec_service_server.te
@@ -0,0 +1,40 @@
+# Add hal_codec2_hwservice to mediaswcodec_server
+allow mediaswcodec_server hal_codec2_hwservice:hwservice_manager { add find };
+allow mediaswcodec_server hidl_base_hwservice:hwservice_manager add;
+
+# Allow mediaswcodec_server access to composer sync fences
+allow mediaswcodec_server hal_graphics_composer:fd use;
+
+allow mediaswcodec_server ion_device:chr_file r_file_perms;
+allow mediaswcodec_server hal_camera:fd use;
+
+crash_dump_fallback(mediaswcodec_server)
+
+# Recieve gralloc buffer FDs from bufferhubd. Note that mediaswcodec_server never
+# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
+# between those two: it talks to hal_omx_server via Binder and talks to bufferhubd
+# via PDX. Thus, there is no need to use pdx_client macro.
+allow mediaswcodec_server bufferhubd:fd use;
+
+binder_call(mediaswcodec_server, hal_omx_client)
+binder_call(hal_omx_client, mediaswcodec_server)
+
+###
+### neverallow rules
+###
+
+# mediaswcodec_server should never execute any executable without a
+# domain transition
+neverallow mediaswcodec_server { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver/codec split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediaswcodec_server domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/te_macros b/public/te_macros
index 9cfe47c..e756f36 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -178,6 +178,13 @@
allow $1 $1_tmpfs:file execute;
neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
+# The Android security model guarantees the confidentiality and integrity
+# of application data and execution state. Ptrace bypasses those
+# confidentiality guarantees. Disallow ptrace access from system components
+# to apps. Crash_dump is excluded, as it needs ptrace access to
+# produce stack traces. llkd is excluded, as it needs to inspect
+# the kernel stack for live lock conditions.
+neverallow { domain -$1 -crash_dump userdebug_or_eng(`-llkd') } $1:process ptrace;
')
#####################################
@@ -214,6 +221,13 @@
expandattribute hal_$1_server false;
neverallow { hal_$1_server -halserverdomain } domain:process fork;
+# hal_*_client and halclientdomain attributes are always expanded for
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+# verified by CTS since these attributes are already expanded by that time.
+build_test_only(`
+neverallow { hal_$1_server -hal_$1 } domain:process fork;
+neverallow { hal_$1_client -halclientdomain } domain:process fork;
+')
')
#####################################
@@ -309,7 +323,7 @@
# targetproperty.
#
define(`get_prop', `
-allow $1 $2:file r_file_perms;
+allow $1 $2:file { getattr open read map };
')
#####################################
@@ -345,7 +359,7 @@
allow hwservicemanager $1:binder { call transfer };
# hwservicemanager performs getpidcon on clients.
allow hwservicemanager $1:dir search;
-allow hwservicemanager $1:file { read open };
+allow hwservicemanager $1:file { read open map };
allow hwservicemanager $1:process getattr;
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
# all domains in domain.te.
@@ -361,7 +375,7 @@
allow $1 vndservicemanager:binder { call transfer };
# vndservicemanager performs getpidcon on clients.
allow vndservicemanager $1:dir search;
-allow vndservicemanager $1:file { read open };
+allow vndservicemanager $1:file { read open map };
allow vndservicemanager $1:process getattr;
')
@@ -393,6 +407,18 @@
allow $1 sysfs_wake_lock:file rw_file_perms;
# Accessing these files requires CAP_BLOCK_SUSPEND
allow $1 self:global_capability2_class_set block_suspend;
+# TODO(b/36375663): wake lock clients should be tagged with
+# hal_system_suspend_client and halclientdomain attributes. However,
+# typeattribute statements do not allow applying attributes to other attributes,
+# so instead we grant appropriate permissions directly within this macro.
+# hal_system_suspend_client permissions
+binder_call($1, hal_system_suspend_server)
+binder_call(hal_system_suspend_server, $1)
+allow $1 system_suspend_hwservice:hwservice_manager find;
+# halclientdomain perimssions
+hwbinder_use($1)
+get_prop($1, hwservicemanager_prop)
+allow $1 hidl_manager_hwservice:hwservice_manager find;
')
#####################################
@@ -490,6 +516,12 @@
#
define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), ))
+#####################################
+# Build-time-only test
+# SELinux rules which are verified during build, but not as part of *TS testing.
+#
+define(`build_test_only', ifelse(target_exclude_build_test, `true', , $1))
+
####################################
# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
#
@@ -595,3 +627,19 @@
allow $1 hidl_base_hwservice:hwservice_manager add;
neverallow { domain -$1 } $2:hwservice_manager add;
')
+
+###########################################
+# hal_attribute_hwservice(attribute, service)
+# Ability for domain to get a service to hwservice_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+#
+# Used to pair hal_foo_client with hal_foo_hwservice
+define(`hal_attribute_hwservice', `
+ allow $1_client $2:hwservice_manager find;
+ add_hwservice($1_server, $2)
+
+ build_test_only(`
+ neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
+ ')
+')
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
index 00e0071..4716826 100644
--- a/public/thermalserviced.te
+++ b/public/thermalserviced.te
@@ -1,6 +1,6 @@
# thermalserviced -- thermal management services for system and vendor
type thermalserviced, domain;
-type thermalserviced_exec, exec_type, file_type;
+type thermalserviced_exec, system_file_type, exec_type, file_type;
binder_use(thermalserviced)
binder_service(thermalserviced)
@@ -11,3 +11,4 @@
add_hwservice(thermalserviced, thermalcallback_hwservice)
binder_call(thermalserviced, platform_app)
+binder_call(thermalserviced, system_server)
diff --git a/public/tombstoned.te b/public/tombstoned.te
index 0e585b6..ea2abbb 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -1,6 +1,6 @@
# debugger interface
type tombstoned, domain, mlstrustedsubject;
-type tombstoned_exec, exec_type, file_type;
+type tombstoned_exec, system_file_type, exec_type, file_type;
# Write to arbitrary pipes given to us.
allow tombstoned domain:fd use;
@@ -11,12 +11,7 @@
allow tombstoned tombstone_data_file:dir rw_dir_perms;
allow tombstoned tombstone_data_file:file { create_file_perms link };
-# TODO: Remove append / write permissions. They were temporarily
-# granted due to a bug which appears to have been fixed.
-allow tombstoned anr_data_file:file { append write };
-auditallow tombstoned anr_data_file:file { append write };
-
# Changes for the new stack dumping mechanism. Each trace goes into a
# separate file, and these files are managed by tombstoned.
allow tombstoned anr_data_file:dir rw_dir_perms;
-allow tombstoned anr_data_file:file { create getattr open link unlink };
+allow tombstoned anr_data_file:file { append create getattr open link unlink };
diff --git a/public/toolbox.te b/public/toolbox.te
index 59c3a9c..19cc3b6 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -2,7 +2,7 @@
# At present, the only known usage is for running mkswap via fs_mgr.
# Do NOT use this domain for toolbox when run by any other domain.
type toolbox, domain;
-type toolbox_exec, exec_type, file_type;
+type toolbox_exec, system_file_type, exec_type, file_type;
# /dev/__null__ created by init prior to policy load,
# open fd inherited by fsck.
diff --git a/public/traceur_app.te b/public/traceur_app.te
index 7113fa7..aea13ef 100644
--- a/public/traceur_app.te
+++ b/public/traceur_app.te
@@ -7,15 +7,20 @@
allow traceur_app {
service_manager_type
+ -apex_service
-gatekeeper_service
-incident_service
-installd_service
+ -iorapd_service
-netd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
+# Allow traceur_app to use atrace HAL
+hal_client_domain(traceur_app, hal_atrace)
+
dontaudit traceur_app service_manager_type:service_manager find;
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
dontaudit traceur_app domain:binder call;
diff --git a/public/tzdatacheck.te b/public/tzdatacheck.te
index 6f60c8e..cf9b95d 100644
--- a/public/tzdatacheck.te
+++ b/public/tzdatacheck.te
@@ -1,6 +1,6 @@
# The tzdatacheck command run by init.
type tzdatacheck, domain;
-type tzdatacheck_exec, exec_type, file_type;
+type tzdatacheck_exec, system_file_type, exec_type, file_type;
allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
allow tzdatacheck zoneinfo_data_file:file unlink;
diff --git a/public/ueventd.te b/public/ueventd.te
index 9b9eacb..0863302 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -5,7 +5,7 @@
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
-allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
+allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner };
allow ueventd device:file create_file_perms;
r_dir_file(ueventd, rootfs)
@@ -39,6 +39,21 @@
# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
allow ueventd proc_cmdline:file r_file_perms;
+# Everything is labeled as rootfs in recovery mode. ueventd has to execute
+# the dynamic linker and shared libraries.
+recovery_only(`
+ allow ueventd rootfs:file { r_file_perms execute };
+')
+
+# Suppress denials for ueventd to getattr /postinstall. This occurs when the
+# linker tries to resolve paths in ld.config.txt.
+dontaudit ueventd postinstall_mnt_dir:dir getattr;
+
+# ueventd loads modules in response to modalias events.
+allow ueventd self:global_capability_class_set sys_module;
+allow ueventd vendor_file:system module_load;
+allow ueventd kernel:key search;
+
#####
##### neverallow rules
#####
@@ -55,3 +70,6 @@
# Only relabelto as we would never want to relabelfrom kmem_device or port_device
neverallow ueventd { kmem_device port_device }:chr_file ~{ getattr create setattr unlink relabelto };
+
+# Nobody should be able to ptrace ueventd
+neverallow * ueventd:process ptrace;
diff --git a/public/uncrypt.te b/public/uncrypt.te
index 1e48b83..28dc3f2 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -1,11 +1,8 @@
# uncrypt
type uncrypt, domain, mlstrustedsubject;
-type uncrypt_exec, exec_type, file_type;
+type uncrypt_exec, system_file_type, exec_type, file_type;
-allow uncrypt self:global_capability_class_set dac_override;
-
-# Read OTA zip file from /data/data/com.google.android.gsf/app_download
-r_dir_file(uncrypt, app_data_file)
+allow uncrypt self:global_capability_class_set { dac_override dac_read_search };
userdebug_or_eng(`
# For debugging, allow /data/local/tmp access
diff --git a/public/untrusted_v2_app.te b/public/untrusted_v2_app.te
deleted file mode 100644
index ac82f15..0000000
--- a/public/untrusted_v2_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-###
-### Untrusted v2 sandbox apps.
-###
-
-type untrusted_v2_app, domain;
diff --git a/public/update_engine.te b/public/update_engine.te
index ca73c7e..d13be7d 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -1,14 +1,9 @@
# Domain for update_engine daemon.
type update_engine, domain, update_engine_common;
-type update_engine_exec, exec_type, file_type;
+type update_engine_exec, system_file_type, exec_type, file_type;
net_domain(update_engine);
-# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid to tag network
-# sockets.
-allow update_engine qtaguid_proc:file rw_file_perms;
-allow update_engine qtaguid_device:chr_file r_file_perms;
-
# Following permissions are needed for update_engine.
allow update_engine self:process { setsched };
allow update_engine self:global_capability_class_set { fowner sys_admin };
@@ -24,7 +19,7 @@
# Ignore these denials.
dontaudit update_engine kernel:process setsched;
-dontaudit update_engine self:capability sys_rawio;
+dontaudit update_engine self:global_capability_class_set sys_rawio;
# Allow using persistent storage in /data/misc/update_engine.
allow update_engine update_engine_data_file:dir create_dir_perms;
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index eb4cdc1..ccc3352 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -8,6 +8,18 @@
allow update_engine_common boot_block_device:blk_file rw_file_perms;
allow update_engine_common system_block_device:blk_file rw_file_perms;
+# Where ioctls are granted via standard allow rules to block devices,
+# automatically allow common ioctls that are generally needed by
+# update_engine.
+allowxperm update_engine_common dev_type:blk_file ioctl {
+ BLKDISCARD
+ BLKDISCARDZEROES
+ BLKROGET
+ BLKROSET
+ BLKSECDISCARD
+ BLKZEROOUT
+};
+
# Allow to set recovery options in the BCB. Used to trigger factory reset when
# the update to an older version (channel change) or incompatible version
# requires it.
@@ -43,3 +55,12 @@
# Read files in /sys/firmware/devicetree/base/firmware/android/
r_dir_file(update_engine_common, sysfs_dt_firmware_android)
+
+# read / write on /dev/device-mapper to map / unmap devices
+allow update_engine_common dm_device:chr_file rw_file_perms;
+
+# apply / verify updates on devices mapped via device mapper
+allow update_engine_common dm_device:blk_file rw_file_perms;
+
+# read / write metadata on super device to resize partitions
+allow update_engine_common super_block_device:blk_file rw_file_perms;
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 5d20eca..da2eaf8 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -1,6 +1,6 @@
# update_verifier
type update_verifier, domain;
-type update_verifier_exec, exec_type, file_type;
+type update_verifier_exec, system_file_type, exec_type, file_type;
# Allow update_verifier to reach block devices in /dev/block.
allow update_verifier block_device:dir search;
diff --git a/public/usbd.te b/public/usbd.te
index 98786e0..991e7be 100644
--- a/public/usbd.te
+++ b/public/usbd.te
@@ -1,3 +1,5 @@
type usbd, domain;
-type usbd_exec, exec_type, file_type;
+type usbd_exec, system_file_type, exec_type, file_type;
+# Start/stop adbd via ctl.start adbd
+set_prop(usbd, ctl_adbd_prop)
diff --git a/public/vdc.te b/public/vdc.te
index 424bdea..b59dcf6 100644
--- a/public/vdc.te
+++ b/public/vdc.te
@@ -6,7 +6,7 @@
# collecting bug reports.
type vdc, domain;
-type vdc_exec, exec_type, file_type;
+type vdc_exec, system_file_type, exec_type, file_type;
# vdc can be invoked with logwrapper, so let it write to pty
allow vdc devpts:chr_file rw_file_perms;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index d079873..c5cad47 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -4,9 +4,6 @@
# Communication to the main init process
allow vendor_init init:unix_stream_socket { read write };
-# Vendor init shouldn't communicate with any vendor process, nor most system processes.
-neverallow_establish_socket_comms(vendor_init, { domain -init -logd -su -vendor_init });
-
# Logging to kmsg
allow vendor_init kmsg_device:chr_file { open write };
@@ -18,6 +15,7 @@
# Create cgroups mount points in tmpfs and mount cgroups on them.
allow vendor_init cgroup:dir create_dir_perms;
+allow vendor_init cgroup:file w_file_perms;
# /config
allow vendor_init configfs:dir mounton;
@@ -25,7 +23,7 @@
allow vendor_init configfs:{ file lnk_file } create_file_perms;
# Create directories under /dev/cpuctl after chowning it to system.
-allow vendor_init self:global_capability_class_set dac_override;
+allow vendor_init self:global_capability_class_set { dac_override dac_read_search };
# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files.
# chown/chmod require open+read+setattr required for open()+fchown/fchmod().
@@ -38,13 +36,20 @@
allow vendor_init unencrypted_data_file:dir search;
allow vendor_init unencrypted_data_file:file r_file_perms;
+# Set encryption policy on dirs in /data
+allowxperm vendor_init data_file_type:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_SET_ENCRYPTION_POLICY
+};
+
allow vendor_init system_data_file:dir getattr;
allow vendor_init {
file_type
-core_data_file_type
-exec_type
- -system_file
+ -system_file_type
+ -mnt_product_file
-unlabeled
-vendor_file_type
-vold_metadata_file
@@ -55,17 +60,17 @@
-core_data_file_type
-exec_type
-runtime_event_log_tags_file
- -system_file
+ -system_file_type
-unlabeled
-vendor_file_type
-vold_metadata_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow vendor_init {
file_type
-core_data_file_type
-exec_type
- -system_file
+ -system_file_type
-unlabeled
-vendor_file_type
-vold_metadata_file
@@ -73,9 +78,10 @@
allow vendor_init {
file_type
+ -apex_mnt_dir
-core_data_file_type
-exec_type
- -system_file
+ -system_file_type
-unlabeled
-vendor_file_type
-vold_metadata_file
@@ -85,7 +91,8 @@
file_type
-core_data_file_type
-exec_type
- -system_file
+ -mnt_product_file
+ -system_file_type
-vendor_file_type
-vold_metadata_file
}:dir_file_class_set relabelto;
@@ -100,12 +107,13 @@
allow vendor_init {
fs_type
-contextmount_type
+ -keychord_device
-sdcard_type
-rootfs
-proc_uid_time_in_state
-proc_uid_concurrent_active_time
-proc_uid_concurrent_policy_time
-}:file { open read setattr };
+}:file { open read setattr map };
allow vendor_init {
fs_type
@@ -120,6 +128,7 @@
# chown/chmod on devices, e.g. /dev/ttyHS0
allow vendor_init {
dev_type
+ -keychord_device
-kmem_device
-port_device
-lowpan_device
@@ -129,8 +138,8 @@
allow vendor_init dev_type:blk_file getattr;
# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files.
-r_dir_file(vendor_init, proc_net)
-allow vendor_init proc_net:file w_file_perms;
+r_dir_file(vendor_init, proc_net_type)
+allow vendor_init proc_net_type:file w_file_perms;
allow vendor_init self:global_capability_class_set net_admin;
# Write to /proc/sys/vm/page-cluster
@@ -147,7 +156,7 @@
r_dir_file(vendor_init, vendor_file_type)
# Vendor init can read properties
-allow vendor_init serialno_prop:file { getattr open read };
+allow vendor_init serialno_prop:file { getattr open read map };
# Vendor init can perform operations on trusted and security Extended Attributes
allow vendor_init self:global_capability_class_set sys_admin;
@@ -155,6 +164,12 @@
# Raw writes to misc block device
allow vendor_init misc_block_device:blk_file w_file_perms;
+# Everything is labeled as rootfs in recovery mode. Vendor init has to execute
+# the dynamic linker and shared libraries.
+recovery_only(`
+ allow vendor_init rootfs:file { r_file_perms execute };
+')
+
not_compatible_property(`
set_prop(vendor_init, {
property_type
@@ -168,8 +183,12 @@
})
')
+# Get file context
+allow vendor_init file_contexts_file:file r_file_perms;
+
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
@@ -195,3 +214,32 @@
get_prop(vendor_init, exported2_radio_prop)
get_prop(vendor_init, exported3_system_prop)
+
+###
+### neverallow rules
+###
+
+# Vendor init shouldn't communicate with any vendor process, nor most system processes.
+neverallow_establish_socket_comms(vendor_init, { domain -init -logd -su -vendor_init });
+
+# The vendor_init domain is only entered via an exec based transition from the
+# init domain, never via setcon().
+neverallow domain vendor_init:process dyntransition;
+neverallow { domain -init } vendor_init:process transition;
+neverallow vendor_init { file_type fs_type -init_exec }:file entrypoint;
+
+# Never read/follow symlinks created by shell or untrusted apps.
+neverallow vendor_init { app_data_file privapp_data_file }:lnk_file read;
+neverallow vendor_init shell_data_file:lnk_file read;
+# Init should not be creating subdirectories in /data/local/tmp
+neverallow vendor_init shell_data_file:dir { write add_name remove_name };
+
+# init should never execute a program without changing to another domain.
+neverallow vendor_init { file_type fs_type }:file execute_no_trans;
+
+# Init never adds or uses services via service_manager.
+neverallow vendor_init service_manager_type:service_manager { add find };
+neverallow vendor_init servicemanager:service_manager list;
+
+# vendor_init should never be ptraced
+neverallow * vendor_init:process ptrace;
diff --git a/public/virtual_touchpad.te b/public/virtual_touchpad.te
index c2800e3..49c8704 100644
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -1,5 +1,5 @@
type virtual_touchpad, domain;
-type virtual_touchpad_exec, exec_type, file_type;
+type virtual_touchpad_exec, system_file_type, exec_type, file_type;
binder_use(virtual_touchpad)
binder_service(virtual_touchpad)
diff --git a/public/vold.te b/public/vold.te
index 131f555..5e8c34b 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -1,6 +1,6 @@
# volume manager
type vold, domain;
-type vold_exec, exec_type, file_type;
+type vold_exec, exec_type, file_type, system_file_type;
# Read already opened /cache files.
allow vold cache_file:dir r_dir_perms;
@@ -8,8 +8,12 @@
allow vold cache_file:lnk_file r_file_perms;
# Read access to pseudo filesystems.
-r_dir_file(vold, proc_net)
-r_dir_file(vold, sysfs_type)
+r_dir_file(vold, proc_net_type)
+userdebug_or_eng(`
+ auditallow vold proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
+r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
# XXX Label sysfs files with a specific type?
allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
allow vold sysfs_dm:file w_file_perms;
@@ -39,6 +43,22 @@
# For formatting adoptable storage devices
allow vold e2fs_exec:file rx_file_perms;
+# Run fstrim on mounted partitions
+# allowxperm still requires the ioctl permission for the individual type
+allowxperm vold { fs_type file_type }:dir ioctl FITRIM;
+
+# Get encryption policy for dirs in /data
+allowxperm vold data_file_type:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_SET_ENCRYPTION_POLICY
+};
+
+# Find the location on the raw block device where the
+# crypto key is stored so it can be destroyed
+allowxperm vold vold_data_file:file ioctl {
+ FS_IOC_FIEMAP
+};
+
typeattribute vold mlstrustedsubject;
allow vold self:process setfscreate;
allow vold system_file:file x_file_perms;
@@ -64,7 +84,7 @@
allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr };
# Manage per-user primary symlinks
-allow vold mnt_user_file:dir create_dir_perms;
+allow vold mnt_user_file:dir { create_dir_perms mounton };
allow vold mnt_user_file:lnk_file create_file_perms;
# Allow to create and mount expanded storage
@@ -75,15 +95,15 @@
allow vold tmpfs:filesystem { mount unmount };
allow vold tmpfs:dir create_dir_perms;
allow vold tmpfs:dir mounton;
-allow vold self:global_capability_class_set { net_admin dac_override mknod sys_admin chown fowner fsetid };
+allow vold self:global_capability_class_set { net_admin dac_override dac_read_search mknod sys_admin chown fowner fsetid };
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow vold app_data_file:dir search;
-allow vold app_data_file:file rw_file_perms;
allow vold loop_control_device:chr_file rw_file_perms;
allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
+allowxperm vold loop_device:blk_file ioctl LOOP_GET_STATUS64;
allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
allow vold dm_device:chr_file rw_file_perms;
allow vold dm_device:blk_file rw_file_perms;
+allowxperm vold dm_device:blk_file ioctl BLKSECDISCARD;
# For vold Process::killProcessesWithOpenFiles function.
allow vold domain:dir r_dir_perms;
allow vold domain:{ file lnk_file } r_file_perms;
@@ -159,8 +179,15 @@
# talk to keymaster
hal_client_domain(vold, hal_keymaster)
+# talk to health storage HAL
+hal_client_domain(vold, hal_health_storage)
+
+# talk to bootloader HAL
+full_treble_only(`hal_client_domain(vold, hal_bootctl)')
+
# Access userdata block device.
allow vold userdata_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD;
# Access metadata block device used for encryption meta-data.
allow vold metadata_block_device:blk_file rw_file_perms;
@@ -206,6 +233,9 @@
# Raw writes to misc block device
allow vold misc_block_device:blk_file w_file_perms;
+# vold might need to search or mount /mnt/vendor/*
+allow vold mnt_vendor_file:dir search;
+
neverallow {
domain
-vold
@@ -255,9 +285,13 @@
neverallow { domain -system_server -vdc -vold } vold_service:service_manager find;
neverallow vold {
domain
+ -hal_health_storage_server
-hal_keymaster_server
+ -hal_system_suspend_server
+ -hal_bootctl
-healthd
-hwservicemanager
+ -iorapd_service
-servicemanager
-system_server
userdebug_or_eng(`-su')
diff --git a/public/vold_prepare_subdirs.te b/public/vold_prepare_subdirs.te
index 6405d2d..3087fa8 100644
--- a/public/vold_prepare_subdirs.te
+++ b/public/vold_prepare_subdirs.te
@@ -1,6 +1,6 @@
# SELinux directory creation and labelling for vold-managed directories
type vold_prepare_subdirs, domain;
-type vold_prepare_subdirs_exec, exec_type, file_type;
+type vold_prepare_subdirs_exec, system_file_type, exec_type, file_type;
typeattribute vold_prepare_subdirs coredomain;
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index c05dd63..c146887 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -1,5 +1,5 @@
type vr_hwc, domain;
-type vr_hwc_exec, exec_type, file_type;
+type vr_hwc_exec, system_file_type, exec_type, file_type;
# Get buffer metadata.
hal_client_domain(vr_hwc, hal_graphics_allocator)
@@ -29,3 +29,5 @@
# Requires access to the permission service to validate that clients have the
# appropriate VR permissions.
allow vr_hwc permission_service:service_manager find;
+
+allow vr_hwc vrflinger_vsync_service:service_manager find;
diff --git a/public/watchdogd.te b/public/watchdogd.te
index 00292a9..72e3685 100644
--- a/public/watchdogd.te
+++ b/public/watchdogd.te
@@ -1,4 +1,6 @@
# watchdogd seclabel is specified in init.<board>.rc
type watchdogd, domain;
+type watchdogd_exec, system_file_type, exec_type, file_type;
+
allow watchdogd watchdog_device:chr_file rw_file_perms;
allow watchdogd kmsg_device:chr_file rw_file_perms;
diff --git a/public/wificond.te b/public/wificond.te
index 9e4dc7d..656abad 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -1,6 +1,6 @@
# wificond
type wificond, domain;
-type wificond_exec, exec_type, file_type;
+type wificond_exec, system_file_type, exec_type, file_type;
binder_use(wificond)
binder_call(wificond, system_server)
@@ -21,7 +21,7 @@
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl;
-r_dir_file(wificond, proc_net)
+r_dir_file(wificond, proc_net_type)
# allow wificond to check permission for dumping logs
allow wificond permission_service:service_manager find;
diff --git a/public/wpantund.te b/public/wpantund.te
index b317236..8ddd693 100644
--- a/public/wpantund.te
+++ b/public/wpantund.te
@@ -1,5 +1,5 @@
type wpantund, domain;
-type wpantund_exec, exec_type, file_type;
+type wpantund_exec, system_file_type, exec_type, file_type;
hal_client_domain(wpantund, hal_lowpan)
net_domain(wpantund)
diff --git a/public/zygote.te b/public/zygote.te
index 83c42ef..85c3580 100644
--- a/public/zygote.te
+++ b/public/zygote.te
@@ -1,3 +1,3 @@
# zygote
type zygote, domain;
-type zygote_exec, exec_type, file_type;
+type zygote_exec, system_file_type, exec_type, file_type;
diff --git a/tests/Android.bp b/tests/Android.bp
index abb5e35..a7d7023 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -63,3 +63,12 @@
required: ["libsepolwrap"],
defaults: ["py2_only"],
}
+
+python_binary_host {
+ name: "combine_maps",
+ srcs: [
+ "combine_maps.py",
+ "mini_parser.py",
+ ],
+ defaults: ["py2_only"],
+}
diff --git a/tests/combine_maps.py b/tests/combine_maps.py
new file mode 100644
index 0000000..a2bf38d
--- /dev/null
+++ b/tests/combine_maps.py
@@ -0,0 +1,66 @@
+# Copyright 2018 - The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Tool to combine SEPolicy mapping file.
+
+Say, x, y, z are platform SEPolicy versions such that x > y > z. Then given two
+mapping files from x to y (top) and y to z (bottom), it's possible to construct
+a mapping file from x to z. We do the following to combine two maps.
+1. Add all new types declarations from top to bottom.
+2. Say, a new type "bar" in top is mapped like this "foo_V_v<-bar", then we map
+"bar" to whatever "foo" is mapped to in the bottom map. We do this for all new
+types in the top map.
+
+More generally, we can correctly construct x->z from x->y' and y"->z as long as
+y">y'.
+
+This file contains the implementation of combining two mapping files.
+"""
+import argparse
+import re
+from mini_parser import MiniCilParser
+
+def Combine(top, bottom):
+ bottom.types.update(top.types)
+
+ for top_ta in top.typeattributesets:
+ top_type_set = top.typeattributesets[top_ta]
+ if len(top_type_set) == 1:
+ continue
+
+ m = re.match(r"(\w+)_\d+_\d+", top_ta)
+ # Typeattributes in V.v.cil have _V_v suffix, but not in V.v.ignore.cil
+ bottom_type = m.group(1) if m else top_ta
+
+ for bottom_ta in bottom.rTypeattributesets[bottom_type]:
+ bottom.typeattributesets[bottom_ta].update(top_type_set)
+
+ return bottom
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser()
+ parser.add_argument("-t", "--top-map", dest="top_map",
+ required=True, help="top map file")
+ parser.add_argument("-b", "--bottom-map", dest="bottom_map",
+ required=True, help="bottom map file")
+ parser.add_argument("-o", "--output-file", dest="output_file",
+ required=True, help="output map file")
+ args = parser.parse_args()
+
+ top_map_cil = MiniCilParser(args.top_map)
+ bottom_map_cil = MiniCilParser(args.bottom_map)
+ result = Combine(top_map_cil, bottom_map_cil)
+
+ with open(args.output_file, "w") as output:
+ output.write(result.unparse())
diff --git a/tests/mini_parser.py b/tests/mini_parser.py
index 5dfda06..cba9e39 100644
--- a/tests/mini_parser.py
+++ b/tests/mini_parser.py
@@ -9,12 +9,50 @@
# get the text in the next matching parens
class MiniCilParser:
- types = set() # types declared in mapping
- pubtypes = set()
- typeattributes = set() # attributes declared in mapping
- typeattributesets = {} # sets defined in mapping
- rTypeattributesets = {} # reverse mapping of above sets
- apiLevel = None
+ def __init__(self, policyFile):
+ self.types = set() # types declared in mapping
+ self.pubtypes = set()
+ self.expandtypeattributes = {}
+ self.typeattributes = set() # attributes declared in mapping
+ self.typeattributesets = {} # sets defined in mapping
+ self.rTypeattributesets = {} # reverse mapping of above sets
+ self.apiLevel = None
+
+ with open(policyFile, 'r') as infile:
+ s = self._getNextStmt(infile)
+ while s:
+ self._parseStmt(s)
+ s = self._getNextStmt(infile)
+ fn = basename(policyFile)
+ m = re.match(r"(\d+\.\d+).+\.cil", fn)
+ if m:
+ self.apiLevel = m.group(1)
+
+ def unparse(self):
+ def wrapParens(stmt):
+ return "(" + stmt + ")"
+
+ def joinWrapParens(entries):
+ return wrapParens(" ".join(entries))
+
+ result = ""
+ for ty in sorted(self.types):
+ result += joinWrapParens(["type", ty]) + "\n"
+
+ for ta in sorted(self.typeattributes):
+ result += joinWrapParens(["typeattribute", ta]) + "\n"
+
+ for eta in sorted(self.expandtypeattributes.items(),
+ key=lambda x: x[0]):
+ result += joinWrapParens(
+ ["expandtypeattribute", wrapParens(eta[0]), eta[1]]) + "\n"
+
+ for tas in sorted(self.typeattributesets.items(), key=lambda x: x[0]):
+ result += joinWrapParens(
+ ["typeattributeset", tas[0],
+ joinWrapParens(sorted(tas[1]))]) + "\n"
+
+ return result
def _getNextStmt(self, infile):
parens = 0
@@ -44,6 +82,11 @@
self.types.add(m.group(1))
return
+ def _parseExpandtypeattribute(self, stmt):
+ m = re.match(r"expandtypeattribute\s+\((.+)\)\s+(true|false)", stmt)
+ self.expandtypeattributes[m.group(1)] = m.group(2)
+ return
+
def _parseTypeattribute(self, stmt):
m = re.match(r"typeattribute\s+(.+)", stmt)
self.typeattributes.add(m.group(1))
@@ -62,7 +105,7 @@
for t in tas:
if self.rTypeattributesets.get(t) is None:
self.rTypeattributesets[t] = set()
- self.rTypeattributesets[t].update(set(ta))
+ self.rTypeattributesets[t].update([ta])
# check to see if this typeattributeset is a versioned public type
pub = re.match(r"(\w+)_\d+_\d+", ta)
@@ -78,26 +121,9 @@
elif re.match(r"typeattributeset\s+.+", stmt):
self._parseTypeattributeset(stmt)
elif re.match(r"expandtypeattribute\s+.+", stmt):
- # To silence the build warnings.
- pass
- else:
- m = re.match(r"(\w+)\s+.+", stmt)
- ret = "Warning: Unknown statement type (" + m.group(1) + ") in "
- ret += "mapping file, perhaps consider adding support for it in "
- ret += "system/sepolicy/tests/mini_parser.py!\n"
- print ret
+ self._parseExpandtypeattribute(stmt)
return
- def __init__(self, policyFile):
- with open(policyFile, 'r') as infile:
- s = self._getNextStmt(infile)
- while s:
- self._parseStmt(s)
- s = self._getNextStmt(infile)
- fn = basename(policyFile)
- m = re.match(r"(\d+\.\d+).+\.cil", fn)
- self.apiLevel = m.group(1)
-
if __name__ == '__main__':
f = sys.argv[1]
p = MiniCilParser(f)
diff --git a/tests/sepol_wrap.cpp b/tests/sepol_wrap.cpp
index 39b618b..15f3e70 100644
--- a/tests/sepol_wrap.cpp
+++ b/tests/sepol_wrap.cpp
@@ -29,7 +29,7 @@
if (!out) {
std::cerr << "Failed to allocate genfs iterator" << std::endl;
- return NULL;
+ return nullptr;
}
policydb_t *db = static_cast<policydb_t *>(policydbp);
@@ -66,8 +66,8 @@
}
i->ocon = i->ocon->next;
- if (i->ocon == NULL) {
- if (i->genfs->next != NULL) {
+ if (i->ocon == nullptr) {
+ if (i->genfs->next != nullptr) {
i->genfs = i->genfs->next;
i->ocon = i->genfs->head;
} else {
@@ -103,10 +103,10 @@
if (!out) {
std::cerr << "Failed to allocate type type iterator" << std::endl;
- return NULL;
+ return nullptr;
}
- if (type == NULL) {
+ if (type == nullptr) {
out->length = db->p_types.nprim;
out->bit = 0;
if (is_attr)
@@ -116,14 +116,19 @@
} else {
out->alltypes = TYPE_ITER_LOOKUP;
out->d = static_cast<type_datum *>(hashtab_search(db->p_types.table, type));
+ if (out->d == nullptr) {
+ std::cerr << "\"" << type << "\" does not exist" << std::endl;
+ free(out);
+ return nullptr;
+ }
if (is_attr && out->d->flavor != TYPE_ATTRIB) {
std::cerr << "\"" << type << "\" MUST be an attribute in the policy" << std::endl;
free(out);
- return NULL;
- } else if (!is_attr && out->d->flavor !=TYPE_TYPE) {
+ return nullptr;
+ } else if (!is_attr && out->d->flavor != TYPE_TYPE) {
std::cerr << "\"" << type << "\" MUST be a type in the policy" << std::endl;
free(out);
- return NULL;
+ return nullptr;
}
if (is_attr) {
@@ -191,14 +196,14 @@
fp = fopen(policy_path, "re");
if (!fp) {
std::cerr << "Invalid or non-existing policy file: " << policy_path << std::endl;
- return NULL;
+ return nullptr;
}
db = (policydb_t *) calloc(1, sizeof(policydb_t));
if (!db) {
std::cerr << "Failed to allocate memory for policy db." << std::endl;
fclose(fp);
- return NULL;
+ return nullptr;
}
sidtab_t sidtab;
@@ -210,17 +215,17 @@
std::cerr << "Failed to stat the policy file" << std::endl;
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
auto unmap = [=](void *ptr) { munmap(ptr, sb.st_size); };
std::unique_ptr<void, decltype(unmap)> map(
- mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fileno(fp), 0), unmap);
+ mmap(nullptr, sb.st_size, PROT_READ, MAP_PRIVATE, fileno(fp), 0), unmap);
if (!map) {
std::cerr << "Failed to map the policy file" << std::endl;
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
struct policy_file pf;
@@ -232,7 +237,7 @@
std::cerr << "Failed to initialize policydb" << std::endl;
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
if (policydb_read(db, &pf, 0)) {
@@ -240,7 +245,7 @@
policydb_destroy(db);
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
return static_cast<void *>(db);
@@ -266,7 +271,7 @@
size_t len;
for (; avtab_i->i < avtab_i->avtab->nslot; (avtab_i->i)++) {
- if (avtab_i->cur == NULL) {
+ if (avtab_i->cur == nullptr) {
avtab_i->cur = avtab_i->avtab->htable[avtab_i->i];
}
for (; avtab_i->cur; avtab_i->cur = (avtab_i->cur)->next) {
@@ -286,7 +291,7 @@
}
return 0;
}
- avtab_i->cur = NULL;
+ avtab_i->cur = nullptr;
}
return 1;
@@ -306,7 +311,7 @@
calloc(1, sizeof(struct avtab_iter));
if (!out) {
std::cerr << "Failed to allocate avtab iterator" << std::endl;
- return NULL;
+ return nullptr;
}
out->avtab = in;
@@ -344,7 +349,7 @@
calloc(1, sizeof(struct avtab_iter));
if (!out) {
std::cerr << "Failed to allocate avtab iterator" << std::endl;
- return NULL;
+ return nullptr;
}
avtab_t *avtab = (avtab_t *) calloc(1, sizeof(avtab_t));
@@ -352,7 +357,7 @@
if (!avtab) {
std::cerr << "Failed to allocate avtab" << std::endl;
free(out);
- return NULL;
+ return nullptr;
}
out->avtab = avtab;
@@ -360,14 +365,14 @@
std::cerr << "Failed to initialize avtab" << std::endl;
free(avtab);
free(out);
- return NULL;
+ return nullptr;
}
if (expand_avtab(p, in, out->avtab)) {
std::cerr << "Failed to expand avtab" << std::endl;
free(avtab);
free(out);
- return NULL;
+ return nullptr;
}
return out;
}
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 6f69147..f8dc466 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -11,6 +11,9 @@
def TestDataTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/data/"], [], "data_file_type")
+def TestSystemTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
+
def TestProcTypeViolations(pol):
return pol.AssertGenfsFilesystemTypesHaveAttr("proc", "proc_type")
@@ -55,6 +58,7 @@
"TestDataTypeViolators",
"TestProcTypeViolations",
"TestSysfsTypeViolations",
+ "TestSystemTypeViolators",
"TestDebugfsTypeViolations",
"TestVendorTypeViolations",
"TestCoreDataTypeViolations",
@@ -103,6 +107,8 @@
results += TestProcTypeViolations(pol)
if options.test is None or "TestSysfsTypeViolations" in options.test:
results += TestSysfsTypeViolations(pol)
+ if options.test is None or "TestSystemTypeViolations" in options.test:
+ results += TestSystemTypeViolations(pol)
if options.test is None or "TestDebugfsTypeViolations" in options.test:
results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test:
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index cfa8ef9..f2d600a 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -29,7 +29,6 @@
'system_app',
'untrusted_app',
'untrusted_app_25',
- 'untrusted_v2_app',
}
coredomainWhitelist = {
'adbd',
@@ -77,6 +76,7 @@
alltypes = set()
oldalltypes = set()
compatMapping = None
+pubtypes = set()
# Distinguish between PRODUCT_FULL_TREBLE and PRODUCT_FULL_TREBLE_OVERRIDE
FakeTreble = False
@@ -171,11 +171,13 @@
GetCoreDomains()
# setup for the policy compatibility tests
-def compatSetup(pol, oldpol, mapping):
+def compatSetup(pol, oldpol, mapping, types):
global compatMapping
+ global pubtypes
GetAllTypes(pol, oldpol)
compatMapping = mapping
+ pubtypes = types
def DomainsWithAttribute(attr):
global alldomains
@@ -220,25 +222,26 @@
return ret
###
-# Make sure that any new type introduced in the new policy that was not present
-# in the old policy has been recorded in the mapping file.
+# Make sure that any new public type introduced in the new policy that was not
+# present in the old policy has been recorded in the mapping file.
def TestNoUnmappedNewTypes():
global alltypes
global oldalltypes
global compatMapping
+ global pubtypes
newt = alltypes - oldalltypes
ret = ""
violators = []
for n in newt:
- if compatMapping.rTypeattributesets.get(n) is None:
+ if n in pubtypes and compatMapping.rTypeattributesets.get(n) is None:
violators.append(n)
if len(violators) > 0:
- ret += "SELinux: The following types were found added to the policy "
- ret += "without an entry into the compatibility mapping file(s) found "
- ret += "in private/compat/" + compatMapping.apiLevel + "/"
- ret += compatMapping.apiLevel + "[.ignore].cil\n"
+ ret += "SELinux: The following public types were found added to the "
+ ret += "policy without an entry into the compatibility mapping file(s) "
+ ret += "found in private/compat/V.v/V.v[.ignore].cil, where V.v is the "
+ ret += "latest API level.\n"
ret += " ".join(str(x) for x in sorted(violators)) + "\n"
return ret
@@ -260,7 +263,8 @@
if len(violators) > 0:
ret += "SELinux: The following formerly public types were removed from "
ret += "policy without a declaration in the compatibility mapping "
- ret += "file(s) found in prebuilts/api/" + compatMapping.apiLevel + "/\n"
+ ret += "found in private/compat/V.v/V.v[.ignore].cil, where V.v is the "
+ ret += "latest API level.\n"
ret += " ".join(str(x) for x in sorted(violators)) + "\n"
return ret
@@ -323,6 +327,8 @@
usage +="-m mapping file [--test test] [--help]"
parser = OptionParser(option_class=MultipleOption, usage=usage)
parser.add_option("-b", "--basepolicy", dest="basepolicy", metavar="FILE")
+ parser.add_option("-u", "--base-pub-policy", dest="base_pub_policy",
+ metavar="FILE")
parser.add_option("-f", "--file_contexts", dest="file_contexts",
metavar="FILE", action="extend", type="string")
parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
@@ -353,19 +359,26 @@
sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage)
- # Mapping files are only necessary for the TrebleCompatMapping test
+ # Mapping files and public platform policy are only necessary for the
+ # TrebleCompatMapping test.
if options.tests is None or options.tests is "TrebleCompatMapping":
if not options.basepolicy:
- sys.exit("Must specify the current platform-only policy file\n" + parser.usage)
+ sys.exit("Must specify the current platform-only policy file\n"
+ + parser.usage)
if not options.mapping:
- sys.exit("Must specify a compatibility mapping file\n" + parser.usage)
+ sys.exit("Must specify a compatibility mapping file\n"
+ + parser.usage)
if not options.oldpolicy:
- sys.exit("Must specify the previous monolithic policy file\n" + parser.usage)
+ sys.exit("Must specify the previous monolithic policy file\n"
+ + parser.usage)
+ if not options.base_pub_policy:
+ sys.exit("Must specify the current platform-only public policy "
+ + ".cil file\n" + parser.usage)
basepol = policy.Policy(options.basepolicy, None, options.libpath)
oldpol = policy.Policy(options.oldpolicy, None, options.libpath)
mapping = mini_parser.MiniCilParser(options.mapping)
- compatSetup(basepol, oldpol, mapping)
-
+ pubpol = mini_parser.MiniCilParser(options.base_pub_policy)
+ compatSetup(basepol, oldpol, mapping, pubpol.types)
if options.faketreble:
FakeTreble = True
diff --git a/tools/Android.bp b/tools/Android.bp
new file mode 100644
index 0000000..2809c9d
--- /dev/null
+++ b/tools/Android.bp
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+cc_defaults {
+ name: "sepolicy_tools_defaults",
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ static_libs: ["libsepol"],
+ stl: "none",
+}
+
+cc_binary_host {
+ name: "checkseapp",
+ defaults: ["sepolicy_tools_defaults"],
+ srcs: ["check_seapp.c"],
+ whole_static_libs: ["libpcre2"],
+ cflags: ["-DLINK_SEPOL_STATIC"],
+}
+
+cc_binary_host {
+ name: "checkfc",
+ defaults: ["sepolicy_tools_defaults"],
+ srcs: ["checkfc.c"],
+ static_libs: ["libselinux"],
+}
+
+cc_binary_host {
+ name: "sepolicy-check",
+ defaults: ["sepolicy_tools_defaults"],
+ srcs: ["sepolicy-check.c"],
+}
+
+cc_binary_host {
+ name: "version_policy",
+ defaults: ["sepolicy_tools_defaults"],
+ srcs: ["version_policy.c"],
+}
+
+cc_prebuilt_binary {
+ name: "insertkeys.py",
+ srcs: ["insertkeys.py"],
+ host_supported: true,
+}
diff --git a/tools/Android.mk b/tools/Android.mk
index 1948b7a..34f4385 100644
--- a/tools/Android.mk
+++ b/tools/Android.mk
@@ -1,62 +1,3 @@
LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := checkseapp
-LOCAL_MODULE_TAGS := optional
-LOCAL_CFLAGS := -DLINK_SEPOL_STATIC -Wall -Werror
-LOCAL_SRC_FILES := check_seapp.c
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_WHOLE_STATIC_LIBRARIES := libpcre2
-LOCAL_CXX_STL := none
-
-include $(BUILD_HOST_EXECUTABLE)
-
-###################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := checkfc
-LOCAL_MODULE_TAGS := optional
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := checkfc.c
-LOCAL_STATIC_LIBRARIES := libsepol libselinux
-LOCAL_CXX_STL := none
-
-include $(BUILD_HOST_EXECUTABLE)
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := insertkeys.py
-LOCAL_SRC_FILES := insertkeys.py
-LOCAL_MODULE_CLASS := EXECUTABLES
-LOCAL_IS_HOST_MODULE := true
-LOCAL_MODULE_TAGS := optional
-
-include $(BUILD_PREBUILT)
-###################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := sepolicy-check
-LOCAL_MODULE_TAGS := optional
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := sepolicy-check.c
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_CXX_STL := none
-
-include $(BUILD_HOST_EXECUTABLE)
-
-###################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := version_policy
-LOCAL_MODULE_TAGS := optional
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := version_policy.c
-LOCAL_SHARED_LIBRARIES := libsepol
-LOCAL_CXX_STL := none
-
-include $(BUILD_HOST_EXECUTABLE)
-
-
include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/tools/fc_sort/Android.bp b/tools/fc_sort/Android.bp
new file mode 100644
index 0000000..d0a391b
--- /dev/null
+++ b/tools/fc_sort/Android.bp
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+cc_binary_host {
+ name: "fc_sort",
+ srcs: ["fc_sort.c"],
+ stl: "none",
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+}
diff --git a/tools/fc_sort/Android.mk b/tools/fc_sort/Android.mk
deleted file mode 100644
index 6b4ed23..0000000
--- a/tools/fc_sort/Android.mk
+++ /dev/null
@@ -1,13 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := fc_sort
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := fc_sort.c
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_CXX_STL := none
-
-include $(BUILD_HOST_EXECUTABLE)
-
-###################################
diff --git a/tools/sepolicy-analyze/typecmp.c b/tools/sepolicy-analyze/typecmp.c
index 5fffd63..c00c13c 100644
--- a/tools/sepolicy-analyze/typecmp.c
+++ b/tools/sepolicy-analyze/typecmp.c
@@ -174,26 +174,33 @@
if (avtab_init(&exp_avtab) || avtab_init(&exp_cond_avtab)) {
fputs("out of memory\n", stderr);
+ free(type_rules);
return -1;
}
if (expand_avtab(policydb, &policydb->te_avtab, &exp_avtab)) {
fputs("out of memory\n", stderr);
avtab_destroy(&exp_avtab);
+ free(type_rules);
return -1;
}
if (expand_avtab(policydb, &policydb->te_cond_avtab, &exp_cond_avtab)) {
fputs("out of memory\n", stderr);
avtab_destroy(&exp_avtab); /* */
+ free(type_rules);
return -1;
}
- if (avtab_map(&exp_avtab, create_type_rules, type_rules))
+ if (avtab_map(&exp_avtab, create_type_rules, type_rules)) {
+ free(type_rules);
exit(1);
+ }
- if (avtab_map(&exp_cond_avtab, create_type_rules_cond, type_rules))
+ if (avtab_map(&exp_cond_avtab, create_type_rules_cond, type_rules)) {
+ free(type_rules);
exit(1);
+ }
avtab_destroy(&exp_avtab);
avtab_destroy(&exp_cond_avtab);
diff --git a/tools/sepolicy_cleanup_check.sh b/tools/sepolicy_cleanup_check.sh
new file mode 100755
index 0000000..dd8c7af
--- /dev/null
+++ b/tools/sepolicy_cleanup_check.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+# This script uses some heuristics to suggest potential ways to clean up SELinux policy.
+# As these are heuristics, not everything it outputs is an error.
+# It is better to run this on device-specific policy rather than core policy.
+# It requires a device connected to adb.
+# Usage:
+# ./sepolicy_cleanup_check.sh <sepolicy source path> [serial]
+
+if [[ $# -lt 1 ]]; then
+ echo "Usage: $0 <sepolicy source path> [serial]"
+ exit
+fi
+
+sedir=$1
+shift
+
+adb_cmd="adb"
+if [[ $# -eq 1 ]]; then
+ adb_cmd="$adb_cmd -s $1"
+ shift
+fi
+
+$adb_cmd shell id &>/dev/null
+if [[ $? -ne 0 ]]; then
+ echo "Please plug in a device and/or specify a serial"
+ adb devices
+ exit
+fi
+
+echo "Warning: this file uses heuristics, so all of its outputs are not necessarily errors."
+echo "For example, when run on core policy, it will likely find many things that do not exist on a given device but might exist on others."
+
+echo
+echo "Scanning for labels that are not assigned to any files."
+# Find all types.
+grep -r "^type " --exclude=\*.go $sedir --exclude=\*_macros | sed 's/^.*:.*type \([^,]*\)*.*$/\1/' | sort | uniq | while read -r type; do
+ # Find types that are not referenced in *_contexts.
+ if [[ `find $sedir -name "*_contexts" -not -path "*prebuilts*" -exec grep $type '{}' \; |wc -l` -eq 0 ]]; then
+ echo "None for $type"
+ grep -r $type --exclude-dir=prebuilts --exclude=\*.cil $sedir
+ fi
+done
+
+echo
+echo "Scanning for executables that don't exist."
+# Find executable types.
+grep -r "^type .*exec_type" --exclude=\*.go $sedir | sed 's/^.*:.*type \([^,]*\)*.*$/\1/' | sort | uniq | while read -r type; do
+ path_line=`grep -r $type --include=\*_contexts $sedir`
+ # Note that this only examines one entry, even if multiple executables have the same label.
+ # But the file_contexts scan below covers that case.
+ path=`echo $path_line | sed 's/^.*:[^\/]*\([^ ]*\) .*$/\1/'`
+ # Replace character classes and + with *.
+ path=`echo $path | sed 's/\[[^]]*\]/*/' | sed 's/+/*/'`
+ # Check whether the file exists.
+ if [ -n "`$adb_cmd shell ls -lZ $path < /dev/null |& grep "No such file or directory"`" ]; then
+ echo "$path does not exist"
+ fi
+done
+
+echo
+echo "Scanning genfs_contexts for files that don't exist."
+# Find files in genfs_contexts.
+find $sedir -name genfs_contexts -exec grep "^genfscon " '{}' \; | cut -d' ' -f2,3 | sort | uniq | while read -r file_line; do
+ # Extract the full path.
+ path=`echo $file_line | sed 's/rootfs //' | sed 's/sysfs /\/sys/' | sed 's/proc /\/proc/' | sed 's/debugfs /\/sys\/kernel\/debug/' | sed 's/tracefs /\/sys\/kernel\/debug\/tracing/'`
+ # Skip things whose prefix we don't recognize.
+ if [[ $path = *" "* ]]; then
+ continue
+ fi
+ # Check whether the file exists.
+ if [ -n "`$adb_cmd shell ls -lZ $path < /dev/null |& grep "No such file or directory"`" ]; then
+ echo "$path does not exist"
+ fi
+done
+
+echo
+echo "Scanning file_contexts for files that don't exist."
+# Find files in file_contexts.
+find $sedir -name file_contexts -not -path "*prebuilts*" -exec grep "^/" '{}' \; | cut -d' ' -f1 | cut -f1 | sort | uniq | while read -r path; do
+ # Replace (/.*)? with *
+ # Replace (64)? with ??
+ # Replace (vendor|system/vendor) with /vendor
+ # Replace character classes and + with *.
+ # Replace captures.
+ # Replace \. with .
+ # Replace .* with *
+ # Replace ** with *
+ path=`echo "$path" | sed 's/(\/\.\*)?$//' | sed 's/(64)?/??/' | sed 's/\(vendor|system\/vendor\)/vendor/' | sed 's/\[[^]]*\]/*/' | sed 's/+/*/' | sed 's/(\([^)]*\))/\1/' | sed 's/\\\././g' | sed 's/\.\*/\*/g' | sed 's/\*\*/\*/g'`
+ # Check whether the file exists.
+ if [ -n "`$adb_cmd shell ls -lZ "$path" < /dev/null |& grep "No such file or directory"`" ]; then
+ echo "$path does not exist"
+ fi
+done
+
+echo
+echo "Scanning for rules that are defined in the wrong file."
+echo "That is, rules that do not contain the name of the file."
+# Find .te files.
+find $sedir -name "*.te" -not -path "*prebuilts*" | while read -r file; do
+ filename=`basename $file`
+ filename="${filename%.*}"
+ # Look for lines that don't have the filename in them.
+ lines=$(grep "^[^# }']" $file | grep -v $filename | grep -v "^userdebug_or_eng(\`$" | grep -v "^type " | grep "[,)]" | grep -v "^define(")
+ if [[ -n "$lines" ]]; then
+ echo "$file:"
+ echo "$lines"
+ fi
+done
+
+echo
+echo "Scanning for labels in file_contexts that do not escape '.' properly."
+find $sedir -name file_contexts -not -path "*prebuilts*" -exec grep -H "^[^#].*[^\\]\.[^*]" '{}' \;
+
+echo
+echo "Scanning for rules that use the wrong file/dir macros."
+grep -r ":file.*_dir_perms" --exclude=\*_macros $sedir
+grep -r ":dir.*_file_perms" --exclude=\*_macros $sedir
diff --git a/tools/version_policy.c b/tools/version_policy.c
index 24b2a3c..8848190 100644
--- a/tools/version_policy.c
+++ b/tools/version_policy.c
@@ -151,8 +151,8 @@
usage(argv[0]);
}
- /* gimme all the details */
- cil_set_log_level(CIL_INFO);
+ /* gimme only the important details */
+ cil_set_log_level(CIL_WARN);
/* read platform policy */
rc = read_cil_file(&base_db, base);
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
index 5f419d1..e7c73c9 100644
--- a/treble_sepolicy_tests_for_release.mk
+++ b/treble_sepolicy_tests_for_release.mk
@@ -51,9 +51,19 @@
# targeting the $(version) SELinux release. This ensures that our policy will build
# when used on a device that has non-platform policy targetting the $(version) release.
$(version)_compat := $(intermediates)/$(version)_compat
-$(version)_mapping.cil := $(LOCAL_PATH)/private/compat/$(version)/$(version).cil
-$(version)_mapping.ignore.cil := $(LOCAL_PATH)/private/compat/$(version)/$(version).ignore.cil
-$(version)_nonplat := $(LOCAL_PATH)/prebuilts/api/$(version)/nonplat_sepolicy.cil
+$(version)_mapping.cil := $(call intermediates-dir-for,ETC,$(version).cil)/$(version).cil
+$(version)_mapping.ignore.cil := \
+ $(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
+$(version)_prebuilts_dir := $(LOCAL_PATH)/prebuilts/api/$(version)
+
+# vendor_sepolicy.cil and plat_pub_versioned.cil are the new design to replace
+# nonplat_sepolicy.cil.
+$(version)_nonplat := $($(version)_prebuilts_dir)/vendor_sepolicy.cil \
+$($(version)_prebuilts_dir)/plat_pub_versioned.cil
+ifeq (,$(wildcard $($(version)_nonplat)))
+$(version)_nonplat := $($(version)_prebuilts_dir)/nonplat_sepolicy.cil
+endif
+
$($(version)_compat): PRIVATE_CIL_FILES := \
$(built_plat_cil) $($(version)_mapping.cil) $($(version)_nonplat)
$($(version)_compat): $(HOST_OUT_EXECUTABLES)/secilc \
@@ -76,19 +86,30 @@
$(treble_sepolicy_tests_$(version)): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
$(treble_sepolicy_tests_$(version)): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
$(treble_sepolicy_tests_$(version)): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
-ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
-$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE := --fake-treble
-else
+$(treble_sepolicy_tests_$(version)): PRIVATE_PLAT_PUB_SEPOLICY := $(base_plat_pub_policy.cil)
$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE :=
-endif
+ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
+ifdef PRODUCT_SHIPPING_API_LEVEL
+# These requirements were originally added in Android Oreo. Devices
+# launching after this should not distinguish between
+# PRODUCT_FULL_TREBLE and PRODUCT_FULL_TREBLE_OVERRIDE since this could
+# lead to release problems where they think they pass this test but
+# fail it when it actually gets runned for compliance.
+ifeq ($(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),26),)
+$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE := --fake-treble
+endif # if PRODUCT_SHIPPING_API_LEVEL < 26 (Android Oreo)
+endif # PRODUCT_SHIPPING_API_LEVEL defined
+endif # PRODUCT_FULL_TREBLE_OVERRIDE = true
$(treble_sepolicy_tests_$(version)): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
$(all_fc_files) $(built_sepolicy) $(built_plat_sepolicy) \
+ $(base_plat_pub_policy.cil) \
$(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests -l \
$(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) $(ALL_FC_ARGS) \
-b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
-o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \
+ -u $(PRIVATE_PLAT_PUB_SEPOLICY) \
$(PRIVATE_FAKE_TREBLE)
$(hide) touch $@
@@ -99,6 +120,7 @@
$(version)_mapping.combined.cil :=
$(version)_mapping.ignore.cil :=
$(version)_nonplat :=
+$(version)_prebuilts_dir :=
built_$(version)_plat_sepolicy :=
version :=
version_under_treble_tests :=
diff --git a/vendor/bug_map b/vendor/bug_map
deleted file mode 100644
index e69de29..0000000
--- a/vendor/bug_map
+++ /dev/null
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 22f0dbb..44198cc 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -1,11 +1,13 @@
#############################
# Default HALs
#
+/(vendor|system/vendor)/bin/hw/android\.hardware\.atrace@1\.0-service u:object_r:hal_atrace_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
@@ -25,6 +27,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.2-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service u:object_r:hal_keymaster_default_exec:s0
diff --git a/vendor/hal_atrace_default.te b/vendor/hal_atrace_default.te
new file mode 100644
index 0000000..55c9730
--- /dev/null
+++ b/vendor/hal_atrace_default.te
@@ -0,0 +1,14 @@
+type hal_atrace_default, domain;
+hal_server_domain(hal_atrace_default, hal_atrace)
+
+type hal_atrace_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_atrace_default)
+
+# Allow atrace HAL to access tracefs.
+allow hal_atrace_default debugfs_tracing:dir r_dir_perms;
+allow hal_atrace_default debugfs_tracing:file rw_file_perms;
+
+userdebug_or_eng(`
+ allow hal_atrace_default debugfs_tracing_debug:dir r_dir_perms;
+ allow hal_atrace_default debugfs_tracing_debug:file rw_file_perms;
+')
diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index 0dc2170..82cbf8e 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -6,3 +6,5 @@
hal_client_domain(hal_audio_default, hal_allocator)
+# allow audioserver to call hal_audio dump with its own fd to retrieve status
+allow hal_audio_default audioserver:fifo_file write;
diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te
new file mode 100644
index 0000000..22d9cf0
--- /dev/null
+++ b/vendor/hal_bluetooth_btlinux.te
@@ -0,0 +1,8 @@
+type hal_bluetooth_btlinux, domain;
+type hal_bluetooth_btlinux_exec, exec_type, file_type, vendor_file_type;
+
+hal_server_domain(hal_bluetooth_btlinux, hal_bluetooth)
+init_daemon_domain(hal_bluetooth_btlinux)
+
+allow hal_bluetooth_btlinux self:socket { create bind read write };
+allow hal_bluetooth_btlinux self:bluetooth_socket { create bind read write };
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index 0dac075..5bcbe9a 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -4,7 +4,7 @@
type hal_drm_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_default)
-allow hal_drm_default mediacodec:fd use;
+allow hal_drm_default hal_omx_server:fd use;
allow hal_drm_default { appdomain -isolated_app }:fd use;
allow hal_drm_default hal_allocator_server:fd use;
diff --git a/vendor/hal_gnss_default.te b/vendor/hal_gnss_default.te
index 4c40617..92af53b 100644
--- a/vendor/hal_gnss_default.te
+++ b/vendor/hal_gnss_default.te
@@ -3,8 +3,3 @@
type hal_gnss_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_gnss_default)
-
-# Read access to system files for HALs in
-# /{system,vendor,odm}/lib[64]/hw/ in order
-# to be able to open the hal implementation .so files
-r_dir_file(hal_gnss, system_file)
diff --git a/vendor/hal_health_storage_default.te b/vendor/hal_health_storage_default.te
new file mode 100644
index 0000000..37b3e24
--- /dev/null
+++ b/vendor/hal_health_storage_default.te
@@ -0,0 +1,6 @@
+type hal_health_storage_default, domain;
+hal_server_domain(hal_health_storage_default, hal_health_storage)
+
+type hal_health_storage_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_health_storage_default)
+
diff --git a/vendor/hal_omx.te b/vendor/hal_omx.te
deleted file mode 100644
index fdb4aca..0000000
--- a/vendor/hal_omx.te
+++ /dev/null
@@ -1 +0,0 @@
-init_daemon_domain(mediacodec)
diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te
index 1bde858..172e686 100644
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te
@@ -6,6 +6,9 @@
allow hal_sensors_default fwk_scheduler_hwservice:hwservice_manager find;
+allow hal_sensors_default input_device:dir r_dir_perms;
+allow hal_sensors_default input_device:chr_file r_file_perms;
+
# Allow sensor hals to access and use gralloc memory allocated by
# android.hardware.graphics.allocator
allow hal_sensors_default hal_graphics_allocator_default:fd use;
diff --git a/vendor/mediacodec.te b/vendor/mediacodec.te
new file mode 100644
index 0000000..29e1a90
--- /dev/null
+++ b/vendor/mediacodec.te
@@ -0,0 +1,26 @@
+type mediacodec, domain, mlstrustedsubject;
+type mediacodec_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(mediacodec)
+
+not_full_treble(`
+ # on legacy devices, continue to allow /dev/binder traffic
+ binder_use(mediacodec)
+ binder_service(mediacodec)
+ add_service(mediacodec, mediacodec_service)
+ allow mediacodec mediametrics_service:service_manager find;
+ allow mediacodec surfaceflinger_service:service_manager find;
+')
+
+# can route /dev/binder traffic to /dev/vndbinder
+vndbinder_use(mediacodec)
+
+hal_server_domain(mediacodec, hal_omx)
+
+hal_client_domain(mediacodec, hal_allocator)
+hal_client_domain(mediacodec, hal_graphics_allocator)
+
+allow mediacodec gpu_device:chr_file rw_file_perms;
+allow mediacodec video_device:chr_file rw_file_perms;
+allow mediacodec video_device:dir search;
+