Backport more public types to 202504
* drm_config_prop
* fwk_vold_service
* hal_attribute(hwcrypto);
Steps taken to re-finalize:
1. Temporarily reset BOARD_API_LEVEL of fina_0 to 202504
2. Revert 202504 APIs
* Remove system/sepolicy/prebuilts/api/202504
* Reset FREEZE_TEST_BOARD_API_LEVEL to 202504
3. Run the finalization script
4. Remove systsem/sepolicy/prebuilts/api/202504/private/compat/202504
Ignore-AOSP-First: VINTF finalization
Bug: 396240580
Test: TH
Test: build aosp_arm64-next-userdebug
Test: build aosp_arm64-trunk_staging-userdebug
Change-Id: I1c86544fadf938799038a31a652c015c320655d8
diff --git a/prebuilts/api/202504/202504_general_sepolicy.conf b/prebuilts/api/202504/202504_general_sepolicy.conf
index 1c271ff..19c4234 100644
--- a/prebuilts/api/202504/202504_general_sepolicy.conf
+++ b/prebuilts/api/202504/202504_general_sepolicy.conf
@@ -7985,293 +7985,241 @@
;
#line 369
-attribute hal_identity;
-#line 369
-expandattribute hal_identity true;
-#line 369
-attribute hal_identity_client;
-#line 369
-expandattribute hal_identity_client true;
-#line 369
-attribute hal_identity_server;
-#line 369
-expandattribute hal_identity_server false;
-#line 369
-
-#line 369
-neverallow { hal_identity_server -halserverdomain } domain:process fork;
-#line 369
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 369
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 369
-# verified by CTS since these attributes are already expanded by that time.
-#line 369
-
-#line 369
-;
-
-#line 370
-attribute hal_input_classifier;
-#line 370
-expandattribute hal_input_classifier true;
-#line 370
-attribute hal_input_classifier_client;
-#line 370
-expandattribute hal_input_classifier_client true;
-#line 370
-attribute hal_input_classifier_server;
-#line 370
-expandattribute hal_input_classifier_server false;
-#line 370
-
-#line 370
-neverallow { hal_input_classifier_server -halserverdomain } domain:process fork;
-#line 370
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 370
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 370
-# verified by CTS since these attributes are already expanded by that time.
-#line 370
-
-#line 370
-;
-
-#line 371
-attribute hal_input_processor;
-#line 371
-expandattribute hal_input_processor true;
-#line 371
-attribute hal_input_processor_client;
-#line 371
-expandattribute hal_input_processor_client true;
-#line 371
-attribute hal_input_processor_server;
-#line 371
-expandattribute hal_input_processor_server false;
-#line 371
-
-#line 371
-neverallow { hal_input_processor_server -halserverdomain } domain:process fork;
-#line 371
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 371
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 371
-# verified by CTS since these attributes are already expanded by that time.
-#line 371
-
-#line 371
-;
-
-#line 372
-attribute hal_ir;
-#line 372
-expandattribute hal_ir true;
-#line 372
-attribute hal_ir_client;
-#line 372
-expandattribute hal_ir_client true;
-#line 372
-attribute hal_ir_server;
-#line 372
-expandattribute hal_ir_server false;
-#line 372
-
-#line 372
-neverallow { hal_ir_server -halserverdomain } domain:process fork;
-#line 372
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 372
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 372
-# verified by CTS since these attributes are already expanded by that time.
-#line 372
-
-#line 372
-;
-
-#line 373
-attribute hal_ivn;
-#line 373
-expandattribute hal_ivn true;
-#line 373
-attribute hal_ivn_client;
-#line 373
-expandattribute hal_ivn_client true;
-#line 373
-attribute hal_ivn_server;
-#line 373
-expandattribute hal_ivn_server false;
-#line 373
-
-#line 373
-neverallow { hal_ivn_server -halserverdomain } domain:process fork;
-#line 373
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 373
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 373
-# verified by CTS since these attributes are already expanded by that time.
-#line 373
-
-#line 373
-;
-
-#line 374
-attribute hal_keymaster;
-#line 374
-expandattribute hal_keymaster true;
-#line 374
-attribute hal_keymaster_client;
-#line 374
-expandattribute hal_keymaster_client true;
-#line 374
-attribute hal_keymaster_server;
-#line 374
-expandattribute hal_keymaster_server false;
-#line 374
-
-#line 374
-neverallow { hal_keymaster_server -halserverdomain } domain:process fork;
-#line 374
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 374
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 374
-# verified by CTS since these attributes are already expanded by that time.
-#line 374
-
-#line 374
-;
-
-#line 375
-attribute hal_keymint;
-#line 375
-expandattribute hal_keymint true;
-#line 375
-attribute hal_keymint_client;
-#line 375
-expandattribute hal_keymint_client true;
-#line 375
-attribute hal_keymint_server;
-#line 375
-expandattribute hal_keymint_server false;
-#line 375
-
-#line 375
-neverallow { hal_keymint_server -halserverdomain } domain:process fork;
-#line 375
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 375
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 375
-# verified by CTS since these attributes are already expanded by that time.
-#line 375
-
-#line 375
-;
-
-#line 376
-attribute hal_light;
-#line 376
-expandattribute hal_light true;
-#line 376
-attribute hal_light_client;
-#line 376
-expandattribute hal_light_client true;
-#line 376
-attribute hal_light_server;
-#line 376
-expandattribute hal_light_server false;
-#line 376
-
-#line 376
-neverallow { hal_light_server -halserverdomain } domain:process fork;
-#line 376
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 376
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 376
-# verified by CTS since these attributes are already expanded by that time.
-#line 376
-
-#line 376
-;
-
-#line 377
-attribute hal_lowpan;
-#line 377
-expandattribute hal_lowpan true;
-#line 377
-attribute hal_lowpan_client;
-#line 377
-expandattribute hal_lowpan_client true;
-#line 377
-attribute hal_lowpan_server;
-#line 377
-expandattribute hal_lowpan_server false;
-#line 377
-
-#line 377
-neverallow { hal_lowpan_server -halserverdomain } domain:process fork;
-#line 377
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 377
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 377
-# verified by CTS since these attributes are already expanded by that time.
-#line 377
-
-#line 377
-;
-
-#line 378
-attribute hal_macsec;
-#line 378
-expandattribute hal_macsec true;
-#line 378
-attribute hal_macsec_client;
-#line 378
-expandattribute hal_macsec_client true;
-#line 378
-attribute hal_macsec_server;
-#line 378
-expandattribute hal_macsec_server false;
-#line 378
-
-#line 378
-neverallow { hal_macsec_server -halserverdomain } domain:process fork;
-#line 378
-# hal_*_client and halclientdomain attributes are always expanded for
-#line 378
-# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 378
-# verified by CTS since these attributes are already expanded by that time.
-#line 378
-
-#line 378
-;
-
-#line 379
+#line 369
+attribute hal_hwcrypto;
+#line 369
+expandattribute hal_hwcrypto true;
+#line 369
+attribute hal_hwcrypto_client;
+#line 369
+expandattribute hal_hwcrypto_client true;
+#line 369
+attribute hal_hwcrypto_server;
+#line 369
+expandattribute hal_hwcrypto_server false;
+#line 369
+
+#line 369
+neverallow { hal_hwcrypto_server -halserverdomain } domain:process fork;
+#line 369
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 369
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 369
+# verified by CTS since these attributes are already expanded by that time.
+#line 369
+
+#line 369
+;
+#line 371
+
+
+#line 372
+attribute hal_identity;
+#line 372
+expandattribute hal_identity true;
+#line 372
+attribute hal_identity_client;
+#line 372
+expandattribute hal_identity_client true;
+#line 372
+attribute hal_identity_server;
+#line 372
+expandattribute hal_identity_server false;
+#line 372
+
+#line 372
+neverallow { hal_identity_server -halserverdomain } domain:process fork;
+#line 372
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 372
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 372
+# verified by CTS since these attributes are already expanded by that time.
+#line 372
+
+#line 372
+;
+
+#line 373
+attribute hal_input_classifier;
+#line 373
+expandattribute hal_input_classifier true;
+#line 373
+attribute hal_input_classifier_client;
+#line 373
+expandattribute hal_input_classifier_client true;
+#line 373
+attribute hal_input_classifier_server;
+#line 373
+expandattribute hal_input_classifier_server false;
+#line 373
+
+#line 373
+neverallow { hal_input_classifier_server -halserverdomain } domain:process fork;
+#line 373
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 373
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 373
+# verified by CTS since these attributes are already expanded by that time.
+#line 373
+
+#line 373
+;
+
+#line 374
+attribute hal_input_processor;
+#line 374
+expandattribute hal_input_processor true;
+#line 374
+attribute hal_input_processor_client;
+#line 374
+expandattribute hal_input_processor_client true;
+#line 374
+attribute hal_input_processor_server;
+#line 374
+expandattribute hal_input_processor_server false;
+#line 374
+
+#line 374
+neverallow { hal_input_processor_server -halserverdomain } domain:process fork;
+#line 374
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 374
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 374
+# verified by CTS since these attributes are already expanded by that time.
+#line 374
+
+#line 374
+;
+
+#line 375
+attribute hal_ir;
+#line 375
+expandattribute hal_ir true;
+#line 375
+attribute hal_ir_client;
+#line 375
+expandattribute hal_ir_client true;
+#line 375
+attribute hal_ir_server;
+#line 375
+expandattribute hal_ir_server false;
+#line 375
+
+#line 375
+neverallow { hal_ir_server -halserverdomain } domain:process fork;
+#line 375
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 375
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 375
+# verified by CTS since these attributes are already expanded by that time.
+#line 375
+
+#line 375
+;
+
+#line 376
+attribute hal_ivn;
+#line 376
+expandattribute hal_ivn true;
+#line 376
+attribute hal_ivn_client;
+#line 376
+expandattribute hal_ivn_client true;
+#line 376
+attribute hal_ivn_server;
+#line 376
+expandattribute hal_ivn_server false;
+#line 376
+
+#line 376
+neverallow { hal_ivn_server -halserverdomain } domain:process fork;
+#line 376
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 376
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 376
+# verified by CTS since these attributes are already expanded by that time.
+#line 376
+
+#line 376
+;
+
+#line 377
+attribute hal_keymaster;
+#line 377
+expandattribute hal_keymaster true;
+#line 377
+attribute hal_keymaster_client;
+#line 377
+expandattribute hal_keymaster_client true;
+#line 377
+attribute hal_keymaster_server;
+#line 377
+expandattribute hal_keymaster_server false;
+#line 377
+
+#line 377
+neverallow { hal_keymaster_server -halserverdomain } domain:process fork;
+#line 377
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 377
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 377
+# verified by CTS since these attributes are already expanded by that time.
+#line 377
+
+#line 377
+;
+
+#line 378
+attribute hal_keymint;
+#line 378
+expandattribute hal_keymint true;
+#line 378
+attribute hal_keymint_client;
+#line 378
+expandattribute hal_keymint_client true;
+#line 378
+attribute hal_keymint_server;
+#line 378
+expandattribute hal_keymint_server false;
+#line 378
+
+#line 378
+neverallow { hal_keymint_server -halserverdomain } domain:process fork;
+#line 378
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 378
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 378
+# verified by CTS since these attributes are already expanded by that time.
+#line 378
+
+#line 378
+;
+
#line 379
-attribute hal_mediaquality;
+attribute hal_light;
#line 379
-expandattribute hal_mediaquality true;
+expandattribute hal_light true;
#line 379
-attribute hal_mediaquality_client;
+attribute hal_light_client;
#line 379
-expandattribute hal_mediaquality_client true;
+expandattribute hal_light_client true;
#line 379
-attribute hal_mediaquality_server;
+attribute hal_light_server;
#line 379
-expandattribute hal_mediaquality_server false;
+expandattribute hal_light_server false;
#line 379
#line 379
-neverallow { hal_mediaquality_server -halserverdomain } domain:process fork;
+neverallow { hal_light_server -halserverdomain } domain:process fork;
#line 379
# hal_*_client and halclientdomain attributes are always expanded for
#line 379
@@ -8282,954 +8230,1037 @@
#line 379
;
+
+#line 380
+attribute hal_lowpan;
+#line 380
+expandattribute hal_lowpan true;
+#line 380
+attribute hal_lowpan_client;
+#line 380
+expandattribute hal_lowpan_client true;
+#line 380
+attribute hal_lowpan_server;
+#line 380
+expandattribute hal_lowpan_server false;
+#line 380
+
+#line 380
+neverallow { hal_lowpan_server -halserverdomain } domain:process fork;
+#line 380
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 380
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 380
+# verified by CTS since these attributes are already expanded by that time.
+#line 380
+
+#line 380
+;
+
+#line 381
+attribute hal_macsec;
+#line 381
+expandattribute hal_macsec true;
+#line 381
+attribute hal_macsec_client;
+#line 381
+expandattribute hal_macsec_client true;
+#line 381
+attribute hal_macsec_server;
+#line 381
+expandattribute hal_macsec_server false;
#line 381
+#line 381
+neverallow { hal_macsec_server -halserverdomain } domain:process fork;
+#line 381
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 381
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 381
+# verified by CTS since these attributes are already expanded by that time.
+#line 381
+
+#line 381
+;
#line 382
+
+#line 382
+attribute hal_mediaquality;
+#line 382
+expandattribute hal_mediaquality true;
+#line 382
+attribute hal_mediaquality_client;
+#line 382
+expandattribute hal_mediaquality_client true;
+#line 382
+attribute hal_mediaquality_server;
+#line 382
+expandattribute hal_mediaquality_server false;
+#line 382
+
+#line 382
+neverallow { hal_mediaquality_server -halserverdomain } domain:process fork;
+#line 382
+# hal_*_client and halclientdomain attributes are always expanded for
+#line 382
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+#line 382
+# verified by CTS since these attributes are already expanded by that time.
+#line 382
+
+#line 382
+;
+#line 384
+
+
+#line 385
attribute hal_memtrack;
-#line 382
+#line 385
expandattribute hal_memtrack true;
-#line 382
+#line 385
attribute hal_memtrack_client;
-#line 382
+#line 385
expandattribute hal_memtrack_client true;
-#line 382
+#line 385
attribute hal_memtrack_server;
-#line 382
+#line 385
expandattribute hal_memtrack_server false;
-#line 382
+#line 385
-#line 382
+#line 385
neverallow { hal_memtrack_server -halserverdomain } domain:process fork;
-#line 382
+#line 385
# hal_*_client and halclientdomain attributes are always expanded for
-#line 382
+#line 385
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 382
+#line 385
# verified by CTS since these attributes are already expanded by that time.
-#line 382
+#line 385
-#line 382
+#line 385
;
-#line 383
+#line 386
attribute hal_neuralnetworks;
-#line 383
+#line 386
expandattribute hal_neuralnetworks true;
-#line 383
+#line 386
attribute hal_neuralnetworks_client;
-#line 383
+#line 386
expandattribute hal_neuralnetworks_client true;
-#line 383
+#line 386
attribute hal_neuralnetworks_server;
-#line 383
+#line 386
expandattribute hal_neuralnetworks_server false;
-#line 383
+#line 386
-#line 383
+#line 386
neverallow { hal_neuralnetworks_server -halserverdomain } domain:process fork;
-#line 383
+#line 386
# hal_*_client and halclientdomain attributes are always expanded for
-#line 383
+#line 386
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 383
+#line 386
# verified by CTS since these attributes are already expanded by that time.
-#line 383
+#line 386
-#line 383
+#line 386
;
-#line 384
+#line 387
attribute hal_nfc;
-#line 384
+#line 387
expandattribute hal_nfc true;
-#line 384
+#line 387
attribute hal_nfc_client;
-#line 384
+#line 387
expandattribute hal_nfc_client true;
-#line 384
+#line 387
attribute hal_nfc_server;
-#line 384
+#line 387
expandattribute hal_nfc_server false;
-#line 384
+#line 387
-#line 384
+#line 387
neverallow { hal_nfc_server -halserverdomain } domain:process fork;
-#line 384
+#line 387
# hal_*_client and halclientdomain attributes are always expanded for
-#line 384
+#line 387
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 384
+#line 387
# verified by CTS since these attributes are already expanded by that time.
-#line 384
+#line 387
-#line 384
+#line 387
;
-#line 385
+#line 388
attribute hal_nlinterceptor;
-#line 385
+#line 388
expandattribute hal_nlinterceptor true;
-#line 385
+#line 388
attribute hal_nlinterceptor_client;
-#line 385
+#line 388
expandattribute hal_nlinterceptor_client true;
-#line 385
+#line 388
attribute hal_nlinterceptor_server;
-#line 385
+#line 388
expandattribute hal_nlinterceptor_server false;
-#line 385
+#line 388
-#line 385
+#line 388
neverallow { hal_nlinterceptor_server -halserverdomain } domain:process fork;
-#line 385
+#line 388
# hal_*_client and halclientdomain attributes are always expanded for
-#line 385
+#line 388
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 385
+#line 388
# verified by CTS since these attributes are already expanded by that time.
-#line 385
+#line 388
-#line 385
+#line 388
;
-#line 386
+#line 389
attribute hal_oemlock;
-#line 386
+#line 389
expandattribute hal_oemlock true;
-#line 386
+#line 389
attribute hal_oemlock_client;
-#line 386
+#line 389
expandattribute hal_oemlock_client true;
-#line 386
+#line 389
attribute hal_oemlock_server;
-#line 386
+#line 389
expandattribute hal_oemlock_server false;
-#line 386
+#line 389
-#line 386
+#line 389
neverallow { hal_oemlock_server -halserverdomain } domain:process fork;
-#line 386
+#line 389
# hal_*_client and halclientdomain attributes are always expanded for
-#line 386
+#line 389
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 386
+#line 389
# verified by CTS since these attributes are already expanded by that time.
-#line 386
+#line 389
-#line 386
+#line 389
;
-#line 387
+#line 390
attribute hal_omx;
-#line 387
+#line 390
expandattribute hal_omx true;
-#line 387
+#line 390
attribute hal_omx_client;
-#line 387
+#line 390
expandattribute hal_omx_client true;
-#line 387
+#line 390
attribute hal_omx_server;
-#line 387
+#line 390
expandattribute hal_omx_server false;
-#line 387
+#line 390
-#line 387
+#line 390
neverallow { hal_omx_server -halserverdomain } domain:process fork;
-#line 387
+#line 390
# hal_*_client and halclientdomain attributes are always expanded for
-#line 387
+#line 390
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 387
+#line 390
# verified by CTS since these attributes are already expanded by that time.
-#line 387
+#line 390
-#line 387
+#line 390
;
-#line 388
+#line 391
attribute hal_power;
-#line 388
+#line 391
expandattribute hal_power true;
-#line 388
+#line 391
attribute hal_power_client;
-#line 388
+#line 391
expandattribute hal_power_client true;
-#line 388
+#line 391
attribute hal_power_server;
-#line 388
+#line 391
expandattribute hal_power_server false;
-#line 388
+#line 391
-#line 388
+#line 391
neverallow { hal_power_server -halserverdomain } domain:process fork;
-#line 388
+#line 391
# hal_*_client and halclientdomain attributes are always expanded for
-#line 388
+#line 391
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 388
+#line 391
# verified by CTS since these attributes are already expanded by that time.
-#line 388
+#line 391
-#line 388
+#line 391
;
-#line 389
+#line 392
attribute hal_power_stats;
-#line 389
+#line 392
expandattribute hal_power_stats true;
-#line 389
+#line 392
attribute hal_power_stats_client;
-#line 389
+#line 392
expandattribute hal_power_stats_client true;
-#line 389
+#line 392
attribute hal_power_stats_server;
-#line 389
+#line 392
expandattribute hal_power_stats_server false;
-#line 389
+#line 392
-#line 389
+#line 392
neverallow { hal_power_stats_server -halserverdomain } domain:process fork;
-#line 389
+#line 392
# hal_*_client and halclientdomain attributes are always expanded for
-#line 389
+#line 392
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 389
+#line 392
# verified by CTS since these attributes are already expanded by that time.
-#line 389
+#line 392
-#line 389
+#line 392
;
-#line 390
+#line 393
attribute hal_rebootescrow;
-#line 390
+#line 393
expandattribute hal_rebootescrow true;
-#line 390
+#line 393
attribute hal_rebootescrow_client;
-#line 390
+#line 393
expandattribute hal_rebootescrow_client true;
-#line 390
+#line 393
attribute hal_rebootescrow_server;
-#line 390
+#line 393
expandattribute hal_rebootescrow_server false;
-#line 390
+#line 393
-#line 390
+#line 393
neverallow { hal_rebootescrow_server -halserverdomain } domain:process fork;
-#line 390
+#line 393
# hal_*_client and halclientdomain attributes are always expanded for
-#line 390
+#line 393
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 390
+#line 393
# verified by CTS since these attributes are already expanded by that time.
-#line 390
+#line 393
-#line 390
+#line 393
;
-#line 391
+#line 394
attribute hal_remoteaccess;
-#line 391
+#line 394
expandattribute hal_remoteaccess true;
-#line 391
+#line 394
attribute hal_remoteaccess_client;
-#line 391
+#line 394
expandattribute hal_remoteaccess_client true;
-#line 391
+#line 394
attribute hal_remoteaccess_server;
-#line 391
+#line 394
expandattribute hal_remoteaccess_server false;
-#line 391
+#line 394
-#line 391
+#line 394
neverallow { hal_remoteaccess_server -halserverdomain } domain:process fork;
-#line 391
+#line 394
# hal_*_client and halclientdomain attributes are always expanded for
-#line 391
+#line 394
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 391
+#line 394
# verified by CTS since these attributes are already expanded by that time.
-#line 391
+#line 394
-#line 391
+#line 394
;
-#line 392
+#line 395
attribute hal_secretkeeper;
-#line 392
+#line 395
expandattribute hal_secretkeeper true;
-#line 392
+#line 395
attribute hal_secretkeeper_client;
-#line 392
+#line 395
expandattribute hal_secretkeeper_client true;
-#line 392
+#line 395
attribute hal_secretkeeper_server;
-#line 392
+#line 395
expandattribute hal_secretkeeper_server false;
-#line 392
+#line 395
-#line 392
+#line 395
neverallow { hal_secretkeeper_server -halserverdomain } domain:process fork;
-#line 392
+#line 395
# hal_*_client and halclientdomain attributes are always expanded for
-#line 392
+#line 395
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 392
+#line 395
# verified by CTS since these attributes are already expanded by that time.
-#line 392
+#line 395
-#line 392
+#line 395
;
-#line 393
+#line 396
attribute hal_remotelyprovisionedcomponent_avf;
-#line 393
+#line 396
expandattribute hal_remotelyprovisionedcomponent_avf true;
-#line 393
+#line 396
attribute hal_remotelyprovisionedcomponent_avf_client;
-#line 393
+#line 396
expandattribute hal_remotelyprovisionedcomponent_avf_client true;
-#line 393
+#line 396
attribute hal_remotelyprovisionedcomponent_avf_server;
-#line 393
+#line 396
expandattribute hal_remotelyprovisionedcomponent_avf_server false;
-#line 393
+#line 396
-#line 393
+#line 396
neverallow { hal_remotelyprovisionedcomponent_avf_server -halserverdomain } domain:process fork;
-#line 393
+#line 396
# hal_*_client and halclientdomain attributes are always expanded for
-#line 393
+#line 396
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 393
+#line 396
# verified by CTS since these attributes are already expanded by that time.
-#line 393
+#line 396
-#line 393
+#line 396
;
-#line 394
+#line 397
attribute hal_secure_element;
-#line 394
+#line 397
expandattribute hal_secure_element true;
-#line 394
+#line 397
attribute hal_secure_element_client;
-#line 394
+#line 397
expandattribute hal_secure_element_client true;
-#line 394
+#line 397
attribute hal_secure_element_server;
-#line 394
+#line 397
expandattribute hal_secure_element_server false;
-#line 394
+#line 397
-#line 394
+#line 397
neverallow { hal_secure_element_server -halserverdomain } domain:process fork;
-#line 394
+#line 397
# hal_*_client and halclientdomain attributes are always expanded for
-#line 394
+#line 397
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 394
+#line 397
# verified by CTS since these attributes are already expanded by that time.
-#line 394
+#line 397
-#line 394
+#line 397
;
-#line 395
+#line 398
attribute hal_sensors;
-#line 395
+#line 398
expandattribute hal_sensors true;
-#line 395
+#line 398
attribute hal_sensors_client;
-#line 395
+#line 398
expandattribute hal_sensors_client true;
-#line 395
+#line 398
attribute hal_sensors_server;
-#line 395
+#line 398
expandattribute hal_sensors_server false;
-#line 395
+#line 398
-#line 395
+#line 398
neverallow { hal_sensors_server -halserverdomain } domain:process fork;
-#line 395
+#line 398
# hal_*_client and halclientdomain attributes are always expanded for
-#line 395
+#line 398
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 395
+#line 398
# verified by CTS since these attributes are already expanded by that time.
-#line 395
+#line 398
-#line 395
+#line 398
;
-#line 396
+#line 399
attribute hal_telephony;
-#line 396
+#line 399
expandattribute hal_telephony true;
-#line 396
+#line 399
attribute hal_telephony_client;
-#line 396
+#line 399
expandattribute hal_telephony_client true;
-#line 396
+#line 399
attribute hal_telephony_server;
-#line 396
+#line 399
expandattribute hal_telephony_server false;
-#line 396
+#line 399
-#line 396
+#line 399
neverallow { hal_telephony_server -halserverdomain } domain:process fork;
-#line 396
+#line 399
# hal_*_client and halclientdomain attributes are always expanded for
-#line 396
+#line 399
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 396
+#line 399
# verified by CTS since these attributes are already expanded by that time.
-#line 396
+#line 399
-#line 396
+#line 399
;
-#line 397
+#line 400
attribute hal_tetheroffload;
-#line 397
+#line 400
expandattribute hal_tetheroffload true;
-#line 397
+#line 400
attribute hal_tetheroffload_client;
-#line 397
+#line 400
expandattribute hal_tetheroffload_client true;
-#line 397
+#line 400
attribute hal_tetheroffload_server;
-#line 397
+#line 400
expandattribute hal_tetheroffload_server false;
-#line 397
+#line 400
-#line 397
+#line 400
neverallow { hal_tetheroffload_server -halserverdomain } domain:process fork;
-#line 397
+#line 400
# hal_*_client and halclientdomain attributes are always expanded for
-#line 397
+#line 400
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 397
+#line 400
# verified by CTS since these attributes are already expanded by that time.
-#line 397
+#line 400
-#line 397
+#line 400
;
-#line 398
+#line 401
attribute hal_thermal;
-#line 398
+#line 401
expandattribute hal_thermal true;
-#line 398
+#line 401
attribute hal_thermal_client;
-#line 398
+#line 401
expandattribute hal_thermal_client true;
-#line 398
+#line 401
attribute hal_thermal_server;
-#line 398
+#line 401
expandattribute hal_thermal_server false;
-#line 398
+#line 401
-#line 398
+#line 401
neverallow { hal_thermal_server -halserverdomain } domain:process fork;
-#line 398
+#line 401
# hal_*_client and halclientdomain attributes are always expanded for
-#line 398
+#line 401
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 398
+#line 401
# verified by CTS since these attributes are already expanded by that time.
-#line 398
+#line 401
-#line 398
+#line 401
;
-#line 399
+#line 402
attribute hal_threadnetwork;
-#line 399
+#line 402
expandattribute hal_threadnetwork true;
-#line 399
+#line 402
attribute hal_threadnetwork_client;
-#line 399
+#line 402
expandattribute hal_threadnetwork_client true;
-#line 399
+#line 402
attribute hal_threadnetwork_server;
-#line 399
+#line 402
expandattribute hal_threadnetwork_server false;
-#line 399
+#line 402
-#line 399
+#line 402
neverallow { hal_threadnetwork_server -halserverdomain } domain:process fork;
-#line 399
+#line 402
# hal_*_client and halclientdomain attributes are always expanded for
-#line 399
+#line 402
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 399
+#line 402
# verified by CTS since these attributes are already expanded by that time.
-#line 399
+#line 402
-#line 399
+#line 402
;
-#line 400
+#line 403
attribute hal_tv_cec;
-#line 400
+#line 403
expandattribute hal_tv_cec true;
-#line 400
+#line 403
attribute hal_tv_cec_client;
-#line 400
+#line 403
expandattribute hal_tv_cec_client true;
-#line 400
+#line 403
attribute hal_tv_cec_server;
-#line 400
+#line 403
expandattribute hal_tv_cec_server false;
-#line 400
+#line 403
-#line 400
+#line 403
neverallow { hal_tv_cec_server -halserverdomain } domain:process fork;
-#line 400
+#line 403
# hal_*_client and halclientdomain attributes are always expanded for
-#line 400
+#line 403
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 400
+#line 403
# verified by CTS since these attributes are already expanded by that time.
-#line 400
+#line 403
-#line 400
+#line 403
;
-#line 401
+#line 404
attribute hal_tv_hdmi_cec;
-#line 401
+#line 404
expandattribute hal_tv_hdmi_cec true;
-#line 401
+#line 404
attribute hal_tv_hdmi_cec_client;
-#line 401
+#line 404
expandattribute hal_tv_hdmi_cec_client true;
-#line 401
+#line 404
attribute hal_tv_hdmi_cec_server;
-#line 401
+#line 404
expandattribute hal_tv_hdmi_cec_server false;
-#line 401
+#line 404
-#line 401
+#line 404
neverallow { hal_tv_hdmi_cec_server -halserverdomain } domain:process fork;
-#line 401
+#line 404
# hal_*_client and halclientdomain attributes are always expanded for
-#line 401
+#line 404
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 401
+#line 404
# verified by CTS since these attributes are already expanded by that time.
-#line 401
+#line 404
-#line 401
+#line 404
;
-#line 402
+#line 405
attribute hal_tv_hdmi_connection;
-#line 402
+#line 405
expandattribute hal_tv_hdmi_connection true;
-#line 402
+#line 405
attribute hal_tv_hdmi_connection_client;
-#line 402
+#line 405
expandattribute hal_tv_hdmi_connection_client true;
-#line 402
+#line 405
attribute hal_tv_hdmi_connection_server;
-#line 402
+#line 405
expandattribute hal_tv_hdmi_connection_server false;
-#line 402
+#line 405
-#line 402
+#line 405
neverallow { hal_tv_hdmi_connection_server -halserverdomain } domain:process fork;
-#line 402
+#line 405
# hal_*_client and halclientdomain attributes are always expanded for
-#line 402
+#line 405
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 402
+#line 405
# verified by CTS since these attributes are already expanded by that time.
-#line 402
+#line 405
-#line 402
+#line 405
;
-#line 403
+#line 406
attribute hal_tv_hdmi_earc;
-#line 403
+#line 406
expandattribute hal_tv_hdmi_earc true;
-#line 403
+#line 406
attribute hal_tv_hdmi_earc_client;
-#line 403
+#line 406
expandattribute hal_tv_hdmi_earc_client true;
-#line 403
+#line 406
attribute hal_tv_hdmi_earc_server;
-#line 403
+#line 406
expandattribute hal_tv_hdmi_earc_server false;
-#line 403
+#line 406
-#line 403
+#line 406
neverallow { hal_tv_hdmi_earc_server -halserverdomain } domain:process fork;
-#line 403
+#line 406
# hal_*_client and halclientdomain attributes are always expanded for
-#line 403
+#line 406
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 403
+#line 406
# verified by CTS since these attributes are already expanded by that time.
-#line 403
+#line 406
-#line 403
+#line 406
;
-#line 404
+#line 407
attribute hal_tv_input;
-#line 404
+#line 407
expandattribute hal_tv_input true;
-#line 404
+#line 407
attribute hal_tv_input_client;
-#line 404
+#line 407
expandattribute hal_tv_input_client true;
-#line 404
+#line 407
attribute hal_tv_input_server;
-#line 404
+#line 407
expandattribute hal_tv_input_server false;
-#line 404
+#line 407
-#line 404
+#line 407
neverallow { hal_tv_input_server -halserverdomain } domain:process fork;
-#line 404
+#line 407
# hal_*_client and halclientdomain attributes are always expanded for
-#line 404
+#line 407
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 404
+#line 407
# verified by CTS since these attributes are already expanded by that time.
-#line 404
+#line 407
-#line 404
+#line 407
;
-#line 405
+#line 408
attribute hal_tv_tuner;
-#line 405
+#line 408
expandattribute hal_tv_tuner true;
-#line 405
+#line 408
attribute hal_tv_tuner_client;
-#line 405
+#line 408
expandattribute hal_tv_tuner_client true;
-#line 405
+#line 408
attribute hal_tv_tuner_server;
-#line 405
+#line 408
expandattribute hal_tv_tuner_server false;
-#line 405
+#line 408
-#line 405
+#line 408
neverallow { hal_tv_tuner_server -halserverdomain } domain:process fork;
-#line 405
+#line 408
# hal_*_client and halclientdomain attributes are always expanded for
-#line 405
+#line 408
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 405
+#line 408
# verified by CTS since these attributes are already expanded by that time.
-#line 405
+#line 408
-#line 405
+#line 408
;
-#line 406
+#line 409
attribute hal_usb;
-#line 406
+#line 409
expandattribute hal_usb true;
-#line 406
+#line 409
attribute hal_usb_client;
-#line 406
+#line 409
expandattribute hal_usb_client true;
-#line 406
+#line 409
attribute hal_usb_server;
-#line 406
+#line 409
expandattribute hal_usb_server false;
-#line 406
+#line 409
-#line 406
+#line 409
neverallow { hal_usb_server -halserverdomain } domain:process fork;
-#line 406
+#line 409
# hal_*_client and halclientdomain attributes are always expanded for
-#line 406
+#line 409
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 406
+#line 409
# verified by CTS since these attributes are already expanded by that time.
-#line 406
+#line 409
-#line 406
+#line 409
;
-#line 407
+#line 410
attribute hal_usb_gadget;
-#line 407
+#line 410
expandattribute hal_usb_gadget true;
-#line 407
+#line 410
attribute hal_usb_gadget_client;
-#line 407
+#line 410
expandattribute hal_usb_gadget_client true;
-#line 407
+#line 410
attribute hal_usb_gadget_server;
-#line 407
+#line 410
expandattribute hal_usb_gadget_server false;
-#line 407
+#line 410
-#line 407
+#line 410
neverallow { hal_usb_gadget_server -halserverdomain } domain:process fork;
-#line 407
+#line 410
# hal_*_client and halclientdomain attributes are always expanded for
-#line 407
+#line 410
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 407
+#line 410
# verified by CTS since these attributes are already expanded by that time.
-#line 407
+#line 410
-#line 407
+#line 410
;
-#line 408
+#line 411
attribute hal_uwb;
-#line 408
+#line 411
expandattribute hal_uwb true;
-#line 408
+#line 411
attribute hal_uwb_client;
-#line 408
+#line 411
expandattribute hal_uwb_client true;
-#line 408
+#line 411
attribute hal_uwb_server;
-#line 408
+#line 411
expandattribute hal_uwb_server false;
-#line 408
+#line 411
-#line 408
+#line 411
neverallow { hal_uwb_server -halserverdomain } domain:process fork;
-#line 408
+#line 411
# hal_*_client and halclientdomain attributes are always expanded for
-#line 408
+#line 411
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 408
+#line 411
# verified by CTS since these attributes are already expanded by that time.
-#line 408
+#line 411
-#line 408
+#line 411
;
# TODO(b/196225233): Remove this attribute and its usages elsewhere
# once all chip vendors integrate to the new UWB stack.
-#line 411
+#line 414
attribute hal_uwb_vendor;
-#line 411
+#line 414
expandattribute hal_uwb_vendor true;
-#line 411
+#line 414
attribute hal_uwb_vendor_client;
-#line 411
+#line 414
expandattribute hal_uwb_vendor_client true;
-#line 411
+#line 414
attribute hal_uwb_vendor_server;
-#line 411
+#line 414
expandattribute hal_uwb_vendor_server false;
-#line 411
+#line 414
-#line 411
+#line 414
neverallow { hal_uwb_vendor_server -halserverdomain } domain:process fork;
-#line 411
+#line 414
# hal_*_client and halclientdomain attributes are always expanded for
-#line 411
+#line 414
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 411
+#line 414
# verified by CTS since these attributes are already expanded by that time.
-#line 411
+#line 414
-#line 411
+#line 414
;
-#line 412
+#line 415
attribute hal_vehicle;
-#line 412
+#line 415
expandattribute hal_vehicle true;
-#line 412
+#line 415
attribute hal_vehicle_client;
-#line 412
+#line 415
expandattribute hal_vehicle_client true;
-#line 412
+#line 415
attribute hal_vehicle_server;
-#line 412
+#line 415
expandattribute hal_vehicle_server false;
-#line 412
+#line 415
-#line 412
+#line 415
neverallow { hal_vehicle_server -halserverdomain } domain:process fork;
-#line 412
+#line 415
# hal_*_client and halclientdomain attributes are always expanded for
-#line 412
+#line 415
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 412
+#line 415
# verified by CTS since these attributes are already expanded by that time.
-#line 412
+#line 415
-#line 412
+#line 415
;
-#line 413
+#line 416
attribute hal_vibrator;
-#line 413
+#line 416
expandattribute hal_vibrator true;
-#line 413
+#line 416
attribute hal_vibrator_client;
-#line 413
+#line 416
expandattribute hal_vibrator_client true;
-#line 413
+#line 416
attribute hal_vibrator_server;
-#line 413
+#line 416
expandattribute hal_vibrator_server false;
-#line 413
+#line 416
-#line 413
+#line 416
neverallow { hal_vibrator_server -halserverdomain } domain:process fork;
-#line 413
+#line 416
# hal_*_client and halclientdomain attributes are always expanded for
-#line 413
+#line 416
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 413
+#line 416
# verified by CTS since these attributes are already expanded by that time.
-#line 413
+#line 416
-#line 413
+#line 416
;
-#line 414
+#line 417
attribute hal_vr;
-#line 414
+#line 417
expandattribute hal_vr true;
-#line 414
+#line 417
attribute hal_vr_client;
-#line 414
+#line 417
expandattribute hal_vr_client true;
-#line 414
+#line 417
attribute hal_vr_server;
-#line 414
+#line 417
expandattribute hal_vr_server false;
-#line 414
+#line 417
-#line 414
+#line 417
neverallow { hal_vr_server -halserverdomain } domain:process fork;
-#line 414
+#line 417
# hal_*_client and halclientdomain attributes are always expanded for
-#line 414
+#line 417
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 414
+#line 417
# verified by CTS since these attributes are already expanded by that time.
-#line 414
+#line 417
-#line 414
+#line 417
;
-#line 415
+#line 418
attribute hal_weaver;
-#line 415
+#line 418
expandattribute hal_weaver true;
-#line 415
+#line 418
attribute hal_weaver_client;
-#line 415
+#line 418
expandattribute hal_weaver_client true;
-#line 415
+#line 418
attribute hal_weaver_server;
-#line 415
+#line 418
expandattribute hal_weaver_server false;
-#line 415
+#line 418
-#line 415
+#line 418
neverallow { hal_weaver_server -halserverdomain } domain:process fork;
-#line 415
+#line 418
# hal_*_client and halclientdomain attributes are always expanded for
-#line 415
+#line 418
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 415
+#line 418
# verified by CTS since these attributes are already expanded by that time.
-#line 415
+#line 418
-#line 415
+#line 418
;
-#line 416
+#line 419
attribute hal_wifi;
-#line 416
+#line 419
expandattribute hal_wifi true;
-#line 416
+#line 419
attribute hal_wifi_client;
-#line 416
+#line 419
expandattribute hal_wifi_client true;
-#line 416
+#line 419
attribute hal_wifi_server;
-#line 416
+#line 419
expandattribute hal_wifi_server false;
-#line 416
+#line 419
-#line 416
+#line 419
neverallow { hal_wifi_server -halserverdomain } domain:process fork;
-#line 416
+#line 419
# hal_*_client and halclientdomain attributes are always expanded for
-#line 416
+#line 419
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 416
+#line 419
# verified by CTS since these attributes are already expanded by that time.
-#line 416
+#line 419
-#line 416
+#line 419
;
-#line 417
+#line 420
attribute hal_wifi_hostapd;
-#line 417
+#line 420
expandattribute hal_wifi_hostapd true;
-#line 417
+#line 420
attribute hal_wifi_hostapd_client;
-#line 417
+#line 420
expandattribute hal_wifi_hostapd_client true;
-#line 417
+#line 420
attribute hal_wifi_hostapd_server;
-#line 417
+#line 420
expandattribute hal_wifi_hostapd_server false;
-#line 417
+#line 420
-#line 417
+#line 420
neverallow { hal_wifi_hostapd_server -halserverdomain } domain:process fork;
-#line 417
+#line 420
# hal_*_client and halclientdomain attributes are always expanded for
-#line 417
+#line 420
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 417
+#line 420
# verified by CTS since these attributes are already expanded by that time.
-#line 417
+#line 420
-#line 417
+#line 420
;
-#line 418
+#line 421
attribute hal_wifi_supplicant;
-#line 418
+#line 421
expandattribute hal_wifi_supplicant true;
-#line 418
+#line 421
attribute hal_wifi_supplicant_client;
-#line 418
+#line 421
expandattribute hal_wifi_supplicant_client true;
-#line 418
+#line 421
attribute hal_wifi_supplicant_server;
-#line 418
+#line 421
expandattribute hal_wifi_supplicant_server false;
-#line 418
+#line 421
-#line 418
+#line 421
neverallow { hal_wifi_supplicant_server -halserverdomain } domain:process fork;
-#line 418
+#line 421
# hal_*_client and halclientdomain attributes are always expanded for
-#line 418
+#line 421
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 418
+#line 421
# verified by CTS since these attributes are already expanded by that time.
-#line 418
+#line 421
-#line 418
+#line 421
;
# HwBinder services offered across the core-vendor boundary
@@ -9280,42 +9311,42 @@
# All tee services that can be accessed by VMs
-#line 467
+#line 470
attribute tee_service_type;
-#line 469
+#line 472
# HAL service used for custom smc filtering project
-#line 472
+#line 475
-#line 472
+#line 475
attribute hal_vm_capabilities;
-#line 472
+#line 475
expandattribute hal_vm_capabilities true;
-#line 472
+#line 475
attribute hal_vm_capabilities_client;
-#line 472
+#line 475
expandattribute hal_vm_capabilities_client true;
-#line 472
+#line 475
attribute hal_vm_capabilities_server;
-#line 472
+#line 475
expandattribute hal_vm_capabilities_server false;
-#line 472
+#line 475
-#line 472
+#line 475
neverallow { hal_vm_capabilities_server -halserverdomain } domain:process fork;
-#line 472
+#line 475
# hal_*_client and halclientdomain attributes are always expanded for
-#line 472
+#line 475
# performance reasons. Neverallow rules targeting expanded attributes can not be
-#line 472
+#line 475
# verified by CTS since these attributes are already expanded by that time.
-#line 472
+#line 475
-#line 472
+#line 475
;
-#line 474
+#line 477
#line 1 "system/sepolicy/public/adbd.te"
# adbd seclabel is specified in init.rc since
@@ -14113,1654 +14144,1594 @@
#line 156
-
-#line 156
- type drm_service_config_prop, property_type, system_property_type, system_public_property_type;
-#line 156
-
-#line 156
-
-#line 156
-
-#line 156
-allow vendor_init property_socket:sock_file write;
-#line 156
-allow vendor_init init:unix_stream_socket connectto;
-#line 156
-
-#line 156
-allow vendor_init drm_service_config_prop:property_service set;
-#line 156
-
-#line 156
-allow vendor_init drm_service_config_prop:file { getattr open read map };
-#line 156
-
-#line 156
-
-#line 156
- neverallow { domain -init -vendor_init } drm_service_config_prop:property_service set;
-#line 156
-
-
-#line 157
-
-#line 157
- type exported_camera_prop, property_type, system_property_type, system_public_property_type;
-#line 157
-
-#line 157
-
-#line 157
-
-#line 157
-allow vendor_init property_socket:sock_file write;
-#line 157
-allow vendor_init init:unix_stream_socket connectto;
-#line 157
-
-#line 157
-allow vendor_init exported_camera_prop:property_service set;
-#line 157
-
-#line 157
-allow vendor_init exported_camera_prop:file { getattr open read map };
-#line 157
-
-#line 157
-
-#line 157
- neverallow { domain -init -vendor_init } exported_camera_prop:property_service set;
-#line 157
-
-
-#line 158
-
-#line 158
- type exported_config_prop, property_type, system_property_type, system_public_property_type;
-#line 158
-
-#line 158
-
-#line 158
-
-#line 158
-allow vendor_init property_socket:sock_file write;
-#line 158
-allow vendor_init init:unix_stream_socket connectto;
-#line 158
-
-#line 158
-allow vendor_init exported_config_prop:property_service set;
-#line 158
-
-#line 158
-allow vendor_init exported_config_prop:file { getattr open read map };
-#line 158
-
-#line 158
-
-#line 158
- neverallow { domain -init -vendor_init } exported_config_prop:property_service set;
-#line 158
-
-
-#line 159
-
-#line 159
- type exported_default_prop, property_type, system_property_type, system_public_property_type;
-#line 159
-
-#line 159
-
-#line 159
-
-#line 159
-allow vendor_init property_socket:sock_file write;
-#line 159
-allow vendor_init init:unix_stream_socket connectto;
-#line 159
-
-#line 159
-allow vendor_init exported_default_prop:property_service set;
-#line 159
-
-#line 159
-allow vendor_init exported_default_prop:file { getattr open read map };
-#line 159
-
-#line 159
-
-#line 159
- neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
-#line 159
-
-
-#line 160
-
-#line 160
- type ffs_config_prop, property_type, system_property_type, system_public_property_type;
-#line 160
-
-#line 160
-
-#line 160
-
-#line 160
-allow vendor_init property_socket:sock_file write;
-#line 160
-allow vendor_init init:unix_stream_socket connectto;
-#line 160
-
-#line 160
-allow vendor_init ffs_config_prop:property_service set;
-#line 160
-
-#line 160
-allow vendor_init ffs_config_prop:file { getattr open read map };
-#line 160
-
-#line 160
-
-#line 160
- neverallow { domain -init -vendor_init } ffs_config_prop:property_service set;
-#line 160
-
-
-#line 161
-
-#line 161
- type framework_watchdog_config_prop, property_type, system_property_type, system_public_property_type;
-#line 161
-
-#line 161
-
-#line 161
-
-#line 161
-allow vendor_init property_socket:sock_file write;
-#line 161
-allow vendor_init init:unix_stream_socket connectto;
-#line 161
-
-#line 161
-allow vendor_init framework_watchdog_config_prop:property_service set;
-#line 161
-
-#line 161
-allow vendor_init framework_watchdog_config_prop:file { getattr open read map };
-#line 161
-
-#line 161
-
-#line 161
- neverallow { domain -init -vendor_init } framework_watchdog_config_prop:property_service set;
-#line 161
-
-
-#line 162
-
-#line 162
- type graphics_config_prop, property_type, system_property_type, system_public_property_type;
-#line 162
-
-#line 162
-
-#line 162
-
-#line 162
-allow vendor_init property_socket:sock_file write;
-#line 162
-allow vendor_init init:unix_stream_socket connectto;
-#line 162
-
-#line 162
-allow vendor_init graphics_config_prop:property_service set;
-#line 162
-
-#line 162
-allow vendor_init graphics_config_prop:file { getattr open read map };
-#line 162
-
-#line 162
-
-#line 162
- neverallow { domain -init -vendor_init } graphics_config_prop:property_service set;
-#line 162
-
-
-#line 163
-
-#line 163
- type hdmi_config_prop, property_type, system_property_type, system_public_property_type;
-#line 163
-
-#line 163
-
-#line 163
-
-#line 163
-allow vendor_init property_socket:sock_file write;
-#line 163
-allow vendor_init init:unix_stream_socket connectto;
-#line 163
-
-#line 163
-allow vendor_init hdmi_config_prop:property_service set;
-#line 163
-
-#line 163
-allow vendor_init hdmi_config_prop:file { getattr open read map };
-#line 163
-
-#line 163
-
-#line 163
- neverallow { domain -init -vendor_init } hdmi_config_prop:property_service set;
-#line 163
-
-
-#line 164
-
-#line 164
- type hw_timeout_multiplier_prop, property_type, system_property_type, system_public_property_type;
-#line 164
-
-#line 164
-
-#line 164
-
-#line 164
-allow vendor_init property_socket:sock_file write;
-#line 164
-allow vendor_init init:unix_stream_socket connectto;
-#line 164
-
-#line 164
-allow vendor_init hw_timeout_multiplier_prop:property_service set;
-#line 164
-
-#line 164
-allow vendor_init hw_timeout_multiplier_prop:file { getattr open read map };
-#line 164
-
-#line 164
-
-#line 164
- neverallow { domain -init -vendor_init } hw_timeout_multiplier_prop:property_service set;
-#line 164
-
-
-#line 165
-
-#line 165
- type hypervisor_prop, property_type, system_property_type, system_public_property_type;
-#line 165
-
-#line 165
-
-#line 165
-
-#line 165
-allow vendor_init property_socket:sock_file write;
-#line 165
-allow vendor_init init:unix_stream_socket connectto;
-#line 165
-
-#line 165
-allow vendor_init hypervisor_prop:property_service set;
-#line 165
-
-#line 165
-allow vendor_init hypervisor_prop:file { getattr open read map };
-#line 165
-
-#line 165
-
-#line 165
- neverallow { domain -init -vendor_init } hypervisor_prop:property_service set;
-#line 165
-
-
-#line 166
-
-#line 166
- type hypervisor_restricted_prop, property_type, system_property_type, system_public_property_type;
-#line 166
-
-#line 166
-
-#line 166
-
-#line 166
-allow vendor_init property_socket:sock_file write;
-#line 166
-allow vendor_init init:unix_stream_socket connectto;
-#line 166
-
-#line 166
-allow vendor_init hypervisor_restricted_prop:property_service set;
-#line 166
-
-#line 166
-allow vendor_init hypervisor_restricted_prop:file { getattr open read map };
-#line 166
-
-#line 166
-
-#line 166
- neverallow { domain -init -vendor_init } hypervisor_restricted_prop:property_service set;
-#line 166
-
-
-#line 167
-
-#line 167
- type incremental_prop, property_type, system_property_type, system_public_property_type;
-#line 167
-
-#line 167
-
-#line 167
-
-#line 167
-allow vendor_init property_socket:sock_file write;
-#line 167
-allow vendor_init init:unix_stream_socket connectto;
-#line 167
-
-#line 167
-allow vendor_init incremental_prop:property_service set;
-#line 167
-
-#line 167
-allow vendor_init incremental_prop:file { getattr open read map };
-#line 167
-
-#line 167
-
-#line 167
- neverallow { domain -init -vendor_init } incremental_prop:property_service set;
-#line 167
-
-
-#line 168
-
-#line 168
- type input_device_config_prop, property_type, system_property_type, system_public_property_type;
-#line 168
-
-#line 168
-
-#line 168
-
-#line 168
-allow vendor_init property_socket:sock_file write;
-#line 168
-allow vendor_init init:unix_stream_socket connectto;
-#line 168
-
-#line 168
-allow vendor_init input_device_config_prop:property_service set;
-#line 168
-
-#line 168
-allow vendor_init input_device_config_prop:file { getattr open read map };
-#line 168
-
-#line 168
-
-#line 168
- neverallow { domain -init -vendor_init } input_device_config_prop:property_service set;
-#line 168
-
-
-#line 169
-
-#line 169
- type keyguard_config_prop, property_type, system_property_type, system_public_property_type;
-#line 169
-
-#line 169
-
-#line 169
-
-#line 169
-allow vendor_init property_socket:sock_file write;
-#line 169
-allow vendor_init init:unix_stream_socket connectto;
-#line 169
-
-#line 169
-allow vendor_init keyguard_config_prop:property_service set;
-#line 169
-
-#line 169
-allow vendor_init keyguard_config_prop:file { getattr open read map };
-#line 169
-
-#line 169
-
-#line 169
- neverallow { domain -init -vendor_init } keyguard_config_prop:property_service set;
-#line 169
-
-
-#line 170
-
-#line 170
- type keystore_config_prop, property_type, system_property_type, system_public_property_type;
-#line 170
-
-#line 170
-
-#line 170
-
-#line 170
-allow vendor_init property_socket:sock_file write;
-#line 170
-allow vendor_init init:unix_stream_socket connectto;
-#line 170
-
-#line 170
-allow vendor_init keystore_config_prop:property_service set;
-#line 170
-
-#line 170
-allow vendor_init keystore_config_prop:file { getattr open read map };
-#line 170
-
-#line 170
-
-#line 170
- neverallow { domain -init -vendor_init } keystore_config_prop:property_service set;
-#line 170
-
-
-#line 171
-
-#line 171
- type lmkd_config_prop, property_type, system_property_type, system_public_property_type;
-#line 171
-
-#line 171
-
-#line 171
-
-#line 171
-allow vendor_init property_socket:sock_file write;
-#line 171
-allow vendor_init init:unix_stream_socket connectto;
-#line 171
-
-#line 171
-allow vendor_init lmkd_config_prop:property_service set;
-#line 171
-
-#line 171
-allow vendor_init lmkd_config_prop:file { getattr open read map };
-#line 171
-
-#line 171
-
-#line 171
- neverallow { domain -init -vendor_init } lmkd_config_prop:property_service set;
-#line 171
-
-
-#line 172
-
-#line 172
- type media_config_prop, property_type, system_property_type, system_public_property_type;
-#line 172
-
-#line 172
-
-#line 172
-
-#line 172
-allow vendor_init property_socket:sock_file write;
-#line 172
-allow vendor_init init:unix_stream_socket connectto;
-#line 172
-
-#line 172
-allow vendor_init media_config_prop:property_service set;
-#line 172
-
-#line 172
-allow vendor_init media_config_prop:file { getattr open read map };
-#line 172
-
-#line 172
-
-#line 172
- neverallow { domain -init -vendor_init } media_config_prop:property_service set;
-#line 172
-
-
-#line 173
-
-#line 173
- type media_variant_prop, property_type, system_property_type, system_public_property_type;
-#line 173
-
-#line 173
-
-#line 173
-
-#line 173
-allow vendor_init property_socket:sock_file write;
-#line 173
-allow vendor_init init:unix_stream_socket connectto;
-#line 173
-
-#line 173
-allow vendor_init media_variant_prop:property_service set;
-#line 173
-
-#line 173
-allow vendor_init media_variant_prop:file { getattr open read map };
-#line 173
-
-#line 173
-
-#line 173
- neverallow { domain -init -vendor_init } media_variant_prop:property_service set;
-#line 173
-
-
-#line 174
-
-#line 174
- type mediadrm_config_prop, property_type, system_property_type, system_public_property_type;
-#line 174
-
-#line 174
-
-#line 174
-
-#line 174
-allow vendor_init property_socket:sock_file write;
-#line 174
-allow vendor_init init:unix_stream_socket connectto;
-#line 174
-
-#line 174
-allow vendor_init mediadrm_config_prop:property_service set;
-#line 174
-
-#line 174
-allow vendor_init mediadrm_config_prop:file { getattr open read map };
-#line 174
-
-#line 174
-
-#line 174
- neverallow { domain -init -vendor_init } mediadrm_config_prop:property_service set;
-#line 174
-
-
-#line 175
-
-#line 175
- type mm_events_config_prop, property_type, system_property_type, system_public_property_type;
-#line 175
-
-#line 175
-
-#line 175
-
-#line 175
-allow vendor_init property_socket:sock_file write;
-#line 175
-allow vendor_init init:unix_stream_socket connectto;
-#line 175
-
-#line 175
-allow vendor_init mm_events_config_prop:property_service set;
-#line 175
-
-#line 175
-allow vendor_init mm_events_config_prop:file { getattr open read map };
-#line 175
-
-#line 175
-
-#line 175
- neverallow { domain -init -vendor_init } mm_events_config_prop:property_service set;
-#line 175
-
-
-#line 176
-
-#line 176
- type oem_unlock_prop, property_type, system_property_type, system_public_property_type;
-#line 176
-
-#line 176
-
-#line 176
-
-#line 176
-allow vendor_init property_socket:sock_file write;
-#line 176
-allow vendor_init init:unix_stream_socket connectto;
-#line 176
-
-#line 176
-allow vendor_init oem_unlock_prop:property_service set;
-#line 176
-
-#line 176
-allow vendor_init oem_unlock_prop:file { getattr open read map };
-#line 176
-
-#line 176
-
-#line 176
- neverallow { domain -init -vendor_init } oem_unlock_prop:property_service set;
-#line 176
-
-
-#line 177
-
-#line 177
- type ota_build_prop, property_type, system_property_type, system_public_property_type;
-#line 177
-
-#line 177
-
-#line 177
-
-#line 177
-allow vendor_init property_socket:sock_file write;
-#line 177
-allow vendor_init init:unix_stream_socket connectto;
-#line 177
-
-#line 177
-allow vendor_init ota_build_prop:property_service set;
-#line 177
-
-#line 177
-allow vendor_init ota_build_prop:file { getattr open read map };
-#line 177
-
-#line 177
-
-#line 177
- neverallow { domain -init -vendor_init } ota_build_prop:property_service set;
-#line 177
-
-
-#line 178
-
-#line 178
- type packagemanager_config_prop, property_type, system_property_type, system_public_property_type;
-#line 178
-
-#line 178
-
-#line 178
-
-#line 178
-allow vendor_init property_socket:sock_file write;
-#line 178
-allow vendor_init init:unix_stream_socket connectto;
-#line 178
-
-#line 178
-allow vendor_init packagemanager_config_prop:property_service set;
-#line 178
-
-#line 178
-allow vendor_init packagemanager_config_prop:file { getattr open read map };
-#line 178
-
-#line 178
-
-#line 178
- neverallow { domain -init -vendor_init } packagemanager_config_prop:property_service set;
-#line 178
-
-
-#line 179
-
-#line 179
- type quick_start_prop, property_type, system_property_type, system_public_property_type;
-#line 179
-
-#line 179
-
-#line 179
-
-#line 179
-allow vendor_init property_socket:sock_file write;
-#line 179
-allow vendor_init init:unix_stream_socket connectto;
-#line 179
-
-#line 179
-allow vendor_init quick_start_prop:property_service set;
-#line 179
-
-#line 179
-allow vendor_init quick_start_prop:file { getattr open read map };
-#line 179
-
-#line 179
-
-#line 179
- neverallow { domain -init -vendor_init } quick_start_prop:property_service set;
-#line 179
-
-
-#line 180
-
-#line 180
- type recovery_config_prop, property_type, system_property_type, system_public_property_type;
-#line 180
-
-#line 180
-
-#line 180
-
-#line 180
-allow vendor_init property_socket:sock_file write;
-#line 180
-allow vendor_init init:unix_stream_socket connectto;
-#line 180
-
-#line 180
-allow vendor_init recovery_config_prop:property_service set;
-#line 180
-
-#line 180
-allow vendor_init recovery_config_prop:file { getattr open read map };
-#line 180
-
-#line 180
-
-#line 180
- neverallow { domain -init -vendor_init } recovery_config_prop:property_service set;
-#line 180
-
-
-#line 181
-
-#line 181
- type recovery_usb_config_prop, property_type, system_property_type, system_public_property_type;
-#line 181
-
-#line 181
-
-#line 181
-
-#line 181
-allow vendor_init property_socket:sock_file write;
-#line 181
-allow vendor_init init:unix_stream_socket connectto;
-#line 181
-
-#line 181
-allow vendor_init recovery_usb_config_prop:property_service set;
-#line 181
-
-#line 181
-allow vendor_init recovery_usb_config_prop:file { getattr open read map };
-#line 181
-
-#line 181
-
-#line 181
- neverallow { domain -init -vendor_init } recovery_usb_config_prop:property_service set;
-#line 181
-
-
-#line 182
-
-#line 182
- type sendbug_config_prop, property_type, system_property_type, system_public_property_type;
-#line 182
-
-#line 182
-
-#line 182
-
-#line 182
-allow vendor_init property_socket:sock_file write;
-#line 182
-allow vendor_init init:unix_stream_socket connectto;
-#line 182
-
-#line 182
-allow vendor_init sendbug_config_prop:property_service set;
-#line 182
-
-#line 182
-allow vendor_init sendbug_config_prop:file { getattr open read map };
-#line 182
-
-#line 182
-
-#line 182
- neverallow { domain -init -vendor_init } sendbug_config_prop:property_service set;
-#line 182
-
-
-#line 183
-
-#line 183
- type soc_prop, property_type, system_property_type, system_public_property_type;
-#line 183
-
-#line 183
-
-#line 183
-
-#line 183
-allow vendor_init property_socket:sock_file write;
-#line 183
-allow vendor_init init:unix_stream_socket connectto;
-#line 183
-
-#line 183
-allow vendor_init soc_prop:property_service set;
-#line 183
-
-#line 183
-allow vendor_init soc_prop:file { getattr open read map };
-#line 183
-
-#line 183
-
-#line 183
- neverallow { domain -init -vendor_init } soc_prop:property_service set;
-#line 183
-
-
-#line 184
-
-#line 184
- type storage_config_prop, property_type, system_property_type, system_public_property_type;
-#line 184
-
-#line 184
-
-#line 184
-
-#line 184
-allow vendor_init property_socket:sock_file write;
-#line 184
-allow vendor_init init:unix_stream_socket connectto;
-#line 184
-
-#line 184
-allow vendor_init storage_config_prop:property_service set;
-#line 184
-
-#line 184
-allow vendor_init storage_config_prop:file { getattr open read map };
-#line 184
-
-#line 184
-
-#line 184
- neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
-#line 184
-
-
-#line 185
-
-#line 185
- type storagemanager_config_prop, property_type, system_property_type, system_public_property_type;
-#line 185
-
-#line 185
-
-#line 185
-
-#line 185
-allow vendor_init property_socket:sock_file write;
-#line 185
-allow vendor_init init:unix_stream_socket connectto;
-#line 185
-
-#line 185
-allow vendor_init storagemanager_config_prop:property_service set;
-#line 185
-
-#line 185
-allow vendor_init storagemanager_config_prop:file { getattr open read map };
-#line 185
-
-#line 185
-
-#line 185
- neverallow { domain -init -vendor_init } storagemanager_config_prop:property_service set;
-#line 185
-
-
-#line 186
-
-#line 186
- type surfaceflinger_prop, property_type, system_property_type, system_public_property_type;
-#line 186
-
-#line 186
-
-#line 186
-
-#line 186
-allow vendor_init property_socket:sock_file write;
-#line 186
-allow vendor_init init:unix_stream_socket connectto;
-#line 186
-
-#line 186
-allow vendor_init surfaceflinger_prop:property_service set;
-#line 186
-
-#line 186
-allow vendor_init surfaceflinger_prop:file { getattr open read map };
-#line 186
-
-#line 186
-
-#line 186
- neverallow { domain -init -vendor_init } surfaceflinger_prop:property_service set;
-#line 186
-
-
-#line 187
-
-#line 187
- type suspend_prop, property_type, system_property_type, system_public_property_type;
-#line 187
-
-#line 187
-
-#line 187
-
-#line 187
-allow vendor_init property_socket:sock_file write;
-#line 187
-allow vendor_init init:unix_stream_socket connectto;
-#line 187
-
-#line 187
-allow vendor_init suspend_prop:property_service set;
-#line 187
-
-#line 187
-allow vendor_init suspend_prop:file { getattr open read map };
-#line 187
-
-#line 187
-
-#line 187
- neverallow { domain -init -vendor_init } suspend_prop:property_service set;
-#line 187
-
-
-#line 188
-
-#line 188
- type systemsound_config_prop, property_type, system_property_type, system_public_property_type;
-#line 188
-
-#line 188
-
-#line 188
-
-#line 188
-allow vendor_init property_socket:sock_file write;
-#line 188
-allow vendor_init init:unix_stream_socket connectto;
-#line 188
-
-#line 188
-allow vendor_init systemsound_config_prop:property_service set;
-#line 188
-
-#line 188
-allow vendor_init systemsound_config_prop:file { getattr open read map };
-#line 188
-
-#line 188
-
-#line 188
- neverallow { domain -init -vendor_init } systemsound_config_prop:property_service set;
-#line 188
-
-
-#line 189
-
-#line 189
- type telephony_config_prop, property_type, system_property_type, system_public_property_type;
-#line 189
-
-#line 189
-
-#line 189
-
-#line 189
-allow vendor_init property_socket:sock_file write;
-#line 189
-allow vendor_init init:unix_stream_socket connectto;
-#line 189
-
-#line 189
-allow vendor_init telephony_config_prop:property_service set;
-#line 189
-
-#line 189
-allow vendor_init telephony_config_prop:file { getattr open read map };
-#line 189
-
-#line 189
-
-#line 189
- neverallow { domain -init -vendor_init } telephony_config_prop:property_service set;
-#line 189
-
-
-#line 190
-
-#line 190
- type threadnetwork_config_prop, property_type, system_property_type, system_public_property_type;
-#line 190
-
-#line 190
-
-#line 190
-
-#line 190
-allow vendor_init property_socket:sock_file write;
-#line 190
-allow vendor_init init:unix_stream_socket connectto;
-#line 190
-
-#line 190
-allow vendor_init threadnetwork_config_prop:property_service set;
-#line 190
-
-#line 190
-allow vendor_init threadnetwork_config_prop:file { getattr open read map };
-#line 190
-
-#line 190
-
-#line 190
- neverallow { domain -init -vendor_init } threadnetwork_config_prop:property_service set;
-#line 190
-
-
-#line 191
-
-#line 191
- type tombstone_config_prop, property_type, system_property_type, system_public_property_type;
-#line 191
-
-#line 191
-
-#line 191
-
-#line 191
-allow vendor_init property_socket:sock_file write;
-#line 191
-allow vendor_init init:unix_stream_socket connectto;
-#line 191
-
-#line 191
-allow vendor_init tombstone_config_prop:property_service set;
-#line 191
-
-#line 191
-allow vendor_init tombstone_config_prop:file { getattr open read map };
-#line 191
-
-#line 191
-
-#line 191
- neverallow { domain -init -vendor_init } tombstone_config_prop:property_service set;
-#line 191
-
-
-#line 192
-
-#line 192
- type usb_config_prop, property_type, system_property_type, system_public_property_type;
-#line 192
-
-#line 192
-
-#line 192
-
-#line 192
-allow vendor_init property_socket:sock_file write;
-#line 192
-allow vendor_init init:unix_stream_socket connectto;
-#line 192
-
-#line 192
-allow vendor_init usb_config_prop:property_service set;
-#line 192
-
-#line 192
-allow vendor_init usb_config_prop:file { getattr open read map };
-#line 192
-
-#line 192
-
-#line 192
- neverallow { domain -init -vendor_init } usb_config_prop:property_service set;
-#line 192
-
-
-#line 193
-
-#line 193
- type userspace_reboot_config_prop, property_type, system_property_type, system_public_property_type;
-#line 193
-
-#line 193
-
-#line 193
-
-#line 193
-allow vendor_init property_socket:sock_file write;
-#line 193
-allow vendor_init init:unix_stream_socket connectto;
-#line 193
-
-#line 193
-allow vendor_init userspace_reboot_config_prop:property_service set;
-#line 193
-
-#line 193
-allow vendor_init userspace_reboot_config_prop:file { getattr open read map };
-#line 193
-
-#line 193
-
-#line 193
- neverallow { domain -init -vendor_init } userspace_reboot_config_prop:property_service set;
-#line 193
-
-
-#line 194
-
-#line 194
- type vehicle_hal_prop, property_type, system_property_type, system_public_property_type;
-#line 194
-
-#line 194
-
-#line 194
-
-#line 194
-allow vendor_init property_socket:sock_file write;
-#line 194
-allow vendor_init init:unix_stream_socket connectto;
-#line 194
-
-#line 194
-allow vendor_init vehicle_hal_prop:property_service set;
-#line 194
-
-#line 194
-allow vendor_init vehicle_hal_prop:file { getattr open read map };
-#line 194
-
-#line 194
-
-#line 194
- neverallow { domain -init -vendor_init } vehicle_hal_prop:property_service set;
-#line 194
-
-
-#line 195
-
-#line 195
- type vendor_security_patch_level_prop, property_type, system_property_type, system_public_property_type;
-#line 195
-
-#line 195
-
-#line 195
-
-#line 195
-allow vendor_init property_socket:sock_file write;
-#line 195
-allow vendor_init init:unix_stream_socket connectto;
-#line 195
-
-#line 195
-allow vendor_init vendor_security_patch_level_prop:property_service set;
-#line 195
-
-#line 195
-allow vendor_init vendor_security_patch_level_prop:file { getattr open read map };
-#line 195
-
-#line 195
-
-#line 195
- neverallow { domain -init -vendor_init } vendor_security_patch_level_prop:property_service set;
-#line 195
-
-
-#line 196
-
-#line 196
- type vendor_socket_hook_prop, property_type, system_property_type, system_public_property_type;
-#line 196
-
-#line 196
-
-#line 196
-
-#line 196
-allow vendor_init property_socket:sock_file write;
-#line 196
-allow vendor_init init:unix_stream_socket connectto;
-#line 196
-
-#line 196
-allow vendor_init vendor_socket_hook_prop:property_service set;
-#line 196
-
-#line 196
-allow vendor_init vendor_socket_hook_prop:file { getattr open read map };
-#line 196
-
-#line 196
-
-#line 196
- neverallow { domain -init -vendor_init } vendor_socket_hook_prop:property_service set;
-#line 196
-
-
-#line 197
-
-#line 197
- type virtual_ab_prop, property_type, system_property_type, system_public_property_type;
-#line 197
-
-#line 197
-
-#line 197
-
-#line 197
-allow vendor_init property_socket:sock_file write;
-#line 197
-allow vendor_init init:unix_stream_socket connectto;
-#line 197
-
-#line 197
-allow vendor_init virtual_ab_prop:property_service set;
-#line 197
-
-#line 197
-allow vendor_init virtual_ab_prop:file { getattr open read map };
-#line 197
-
-#line 197
-
-#line 197
- neverallow { domain -init -vendor_init } virtual_ab_prop:property_service set;
-#line 197
-
-
-#line 198
-
-#line 198
- type vndk_prop, property_type, system_property_type, system_public_property_type;
-#line 198
-
-#line 198
-
-#line 198
-
-#line 198
-allow vendor_init property_socket:sock_file write;
-#line 198
-allow vendor_init init:unix_stream_socket connectto;
-#line 198
-
-#line 198
-allow vendor_init vndk_prop:property_service set;
-#line 198
-
-#line 198
-allow vendor_init vndk_prop:file { getattr open read map };
-#line 198
-
-#line 198
-
-#line 198
- neverallow { domain -init -vendor_init } vndk_prop:property_service set;
-#line 198
-
-
-#line 199
-
-#line 199
- type vts_config_prop, property_type, system_property_type, system_public_property_type;
-#line 199
-
-#line 199
-
-#line 199
-
-#line 199
-allow vendor_init property_socket:sock_file write;
-#line 199
-allow vendor_init init:unix_stream_socket connectto;
-#line 199
-
-#line 199
-allow vendor_init vts_config_prop:property_service set;
-#line 199
-
-#line 199
-allow vendor_init vts_config_prop:file { getattr open read map };
-#line 199
-
-#line 199
-
-#line 199
- neverallow { domain -init -vendor_init } vts_config_prop:property_service set;
-#line 199
-
-
-#line 200
-
-#line 200
- type vold_config_prop, property_type, system_property_type, system_public_property_type;
-#line 200
-
-#line 200
-
-#line 200
-
-#line 200
-allow vendor_init property_socket:sock_file write;
-#line 200
-allow vendor_init init:unix_stream_socket connectto;
-#line 200
-
-#line 200
-allow vendor_init vold_config_prop:property_service set;
-#line 200
-
-#line 200
-allow vendor_init vold_config_prop:file { getattr open read map };
-#line 200
-
-#line 200
-
-#line 200
- neverallow { domain -init -vendor_init } vold_config_prop:property_service set;
-#line 200
-
-
-#line 201
-
-#line 201
- type wifi_config_prop, property_type, system_property_type, system_public_property_type;
-#line 201
-
-#line 201
-
-#line 201
-
-#line 201
-allow vendor_init property_socket:sock_file write;
-#line 201
-allow vendor_init init:unix_stream_socket connectto;
-#line 201
-
-#line 201
-allow vendor_init wifi_config_prop:property_service set;
-#line 201
-
-#line 201
-allow vendor_init wifi_config_prop:file { getattr open read map };
-#line 201
-
-#line 201
-
-#line 201
- neverallow { domain -init -vendor_init } wifi_config_prop:property_service set;
-#line 201
-
-
-#line 202
-
-#line 202
- type zram_config_prop, property_type, system_property_type, system_public_property_type;
-#line 202
-
-#line 202
-
-#line 202
-
-#line 202
-allow vendor_init property_socket:sock_file write;
-#line 202
-allow vendor_init init:unix_stream_socket connectto;
-#line 202
-
-#line 202
-allow vendor_init zram_config_prop:property_service set;
-#line 202
-
-#line 202
-allow vendor_init zram_config_prop:file { getattr open read map };
-#line 202
-
-#line 202
-
-#line 202
- neverallow { domain -init -vendor_init } zram_config_prop:property_service set;
-#line 202
-
-
-#line 203
-
-#line 203
- type zygote_config_prop, property_type, system_property_type, system_public_property_type;
-#line 203
-
-#line 203
-
-#line 203
-
-#line 203
-allow vendor_init property_socket:sock_file write;
-#line 203
-allow vendor_init init:unix_stream_socket connectto;
-#line 203
-
-#line 203
-allow vendor_init zygote_config_prop:property_service set;
-#line 203
-
-#line 203
-allow vendor_init zygote_config_prop:file { getattr open read map };
-#line 203
-
-#line 203
-
-#line 203
- neverallow { domain -init -vendor_init } zygote_config_prop:property_service set;
-#line 203
-
-
-#line 204
-
-#line 204
- type dck_prop, property_type, system_property_type, system_public_property_type;
-#line 204
-
-#line 204
-
-#line 204
-
-#line 204
-allow vendor_init property_socket:sock_file write;
-#line 204
-allow vendor_init init:unix_stream_socket connectto;
-#line 204
-
-#line 204
-allow vendor_init dck_prop:property_service set;
-#line 204
-
-#line 204
-allow vendor_init dck_prop:file { getattr open read map };
-#line 204
-
-#line 204
-
-#line 204
- neverallow { domain -init -vendor_init } dck_prop:property_service set;
-#line 204
-
-
-#line 205
-
-#line 205
- type tuner_config_prop, property_type, system_property_type, system_public_property_type;
-#line 205
-
-#line 205
-
-#line 205
-
-#line 205
-allow vendor_init property_socket:sock_file write;
-#line 205
-allow vendor_init init:unix_stream_socket connectto;
-#line 205
-
-#line 205
-allow vendor_init tuner_config_prop:property_service set;
-#line 205
-
-#line 205
-allow vendor_init tuner_config_prop:file { getattr open read map };
-#line 205
-
-#line 205
-
-#line 205
- neverallow { domain -init -vendor_init } tuner_config_prop:property_service set;
-#line 205
-
-
-#line 206
-
-#line 206
- type usb_uvc_enabled_prop, property_type, system_property_type, system_public_property_type;
-#line 206
-
-#line 206
-
-#line 206
-
-#line 206
-allow vendor_init property_socket:sock_file write;
-#line 206
-allow vendor_init init:unix_stream_socket connectto;
-#line 206
-
-#line 206
-allow vendor_init usb_uvc_enabled_prop:property_service set;
-#line 206
-
-#line 206
-allow vendor_init usb_uvc_enabled_prop:file { getattr open read map };
-#line 206
-
-#line 206
-
-#line 206
- neverallow { domain -init -vendor_init } usb_uvc_enabled_prop:property_service set;
-#line 206
-
-
-#line 207
-
-#line 207
- type setupwizard_mode_prop, property_type, system_property_type, system_public_property_type;
-#line 207
-
-#line 207
-
-#line 207
-
-#line 207
-allow vendor_init property_socket:sock_file write;
-#line 207
-allow vendor_init init:unix_stream_socket connectto;
-#line 207
-
-#line 207
-allow vendor_init setupwizard_mode_prop:property_service set;
-#line 207
-
-#line 207
-allow vendor_init setupwizard_mode_prop:file { getattr open read map };
-#line 207
-
-#line 207
-
-#line 207
- neverallow { domain -init -vendor_init } setupwizard_mode_prop:property_service set;
-#line 207
-
-
-#line 208
-
-#line 208
- type pm_archiving_enabled_prop, property_type, system_property_type, system_public_property_type;
-#line 208
-
-#line 208
-
-#line 208
-
-#line 208
-allow vendor_init property_socket:sock_file write;
-#line 208
-allow vendor_init init:unix_stream_socket connectto;
-#line 208
-
-#line 208
-allow vendor_init pm_archiving_enabled_prop:property_service set;
-#line 208
-
-#line 208
-allow vendor_init pm_archiving_enabled_prop:file { getattr open read map };
-#line 208
-
-#line 208
-
-#line 208
- neverallow { domain -init -vendor_init } pm_archiving_enabled_prop:property_service set;
-#line 208
-
-
-#line 209
+#line 156
+
+#line 156
+ type drm_config_prop, property_type, system_property_type, system_public_property_type;
+#line 156
+
+#line 156
+
+#line 156
+
+#line 156
+allow vendor_init property_socket:sock_file write;
+#line 156
+allow vendor_init init:unix_stream_socket connectto;
+#line 156
+
+#line 156
+allow vendor_init drm_config_prop:property_service set;
+#line 156
+
+#line 156
+allow vendor_init drm_config_prop:file { getattr open read map };
+#line 156
+
+#line 156
+
+#line 156
+ neverallow { domain -init -vendor_init } drm_config_prop:property_service set;
+#line 156
+
+#line 158
+
+
+#line 159
+
+#line 159
+ type drm_service_config_prop, property_type, system_property_type, system_public_property_type;
+#line 159
+
+#line 159
+
+#line 159
+
+#line 159
+allow vendor_init property_socket:sock_file write;
+#line 159
+allow vendor_init init:unix_stream_socket connectto;
+#line 159
+
+#line 159
+allow vendor_init drm_service_config_prop:property_service set;
+#line 159
+
+#line 159
+allow vendor_init drm_service_config_prop:file { getattr open read map };
+#line 159
+
+#line 159
+
+#line 159
+ neverallow { domain -init -vendor_init } drm_service_config_prop:property_service set;
+#line 159
+
+
+#line 160
+
+#line 160
+ type exported_camera_prop, property_type, system_property_type, system_public_property_type;
+#line 160
+
+#line 160
+
+#line 160
+
+#line 160
+allow vendor_init property_socket:sock_file write;
+#line 160
+allow vendor_init init:unix_stream_socket connectto;
+#line 160
+
+#line 160
+allow vendor_init exported_camera_prop:property_service set;
+#line 160
+
+#line 160
+allow vendor_init exported_camera_prop:file { getattr open read map };
+#line 160
+
+#line 160
+
+#line 160
+ neverallow { domain -init -vendor_init } exported_camera_prop:property_service set;
+#line 160
+
+
+#line 161
+
+#line 161
+ type exported_config_prop, property_type, system_property_type, system_public_property_type;
+#line 161
+
+#line 161
+
+#line 161
+
+#line 161
+allow vendor_init property_socket:sock_file write;
+#line 161
+allow vendor_init init:unix_stream_socket connectto;
+#line 161
+
+#line 161
+allow vendor_init exported_config_prop:property_service set;
+#line 161
+
+#line 161
+allow vendor_init exported_config_prop:file { getattr open read map };
+#line 161
+
+#line 161
+
+#line 161
+ neverallow { domain -init -vendor_init } exported_config_prop:property_service set;
+#line 161
+
+
+#line 162
+
+#line 162
+ type exported_default_prop, property_type, system_property_type, system_public_property_type;
+#line 162
+
+#line 162
+
+#line 162
+
+#line 162
+allow vendor_init property_socket:sock_file write;
+#line 162
+allow vendor_init init:unix_stream_socket connectto;
+#line 162
+
+#line 162
+allow vendor_init exported_default_prop:property_service set;
+#line 162
+
+#line 162
+allow vendor_init exported_default_prop:file { getattr open read map };
+#line 162
+
+#line 162
+
+#line 162
+ neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
+#line 162
+
+
+#line 163
+
+#line 163
+ type ffs_config_prop, property_type, system_property_type, system_public_property_type;
+#line 163
+
+#line 163
+
+#line 163
+
+#line 163
+allow vendor_init property_socket:sock_file write;
+#line 163
+allow vendor_init init:unix_stream_socket connectto;
+#line 163
+
+#line 163
+allow vendor_init ffs_config_prop:property_service set;
+#line 163
+
+#line 163
+allow vendor_init ffs_config_prop:file { getattr open read map };
+#line 163
+
+#line 163
+
+#line 163
+ neverallow { domain -init -vendor_init } ffs_config_prop:property_service set;
+#line 163
+
+
+#line 164
+
+#line 164
+ type framework_watchdog_config_prop, property_type, system_property_type, system_public_property_type;
+#line 164
+
+#line 164
+
+#line 164
+
+#line 164
+allow vendor_init property_socket:sock_file write;
+#line 164
+allow vendor_init init:unix_stream_socket connectto;
+#line 164
+
+#line 164
+allow vendor_init framework_watchdog_config_prop:property_service set;
+#line 164
+
+#line 164
+allow vendor_init framework_watchdog_config_prop:file { getattr open read map };
+#line 164
+
+#line 164
+
+#line 164
+ neverallow { domain -init -vendor_init } framework_watchdog_config_prop:property_service set;
+#line 164
+
+
+#line 165
+
+#line 165
+ type graphics_config_prop, property_type, system_property_type, system_public_property_type;
+#line 165
+
+#line 165
+
+#line 165
+
+#line 165
+allow vendor_init property_socket:sock_file write;
+#line 165
+allow vendor_init init:unix_stream_socket connectto;
+#line 165
+
+#line 165
+allow vendor_init graphics_config_prop:property_service set;
+#line 165
+
+#line 165
+allow vendor_init graphics_config_prop:file { getattr open read map };
+#line 165
+
+#line 165
+
+#line 165
+ neverallow { domain -init -vendor_init } graphics_config_prop:property_service set;
+#line 165
+
+
+#line 166
+
+#line 166
+ type hdmi_config_prop, property_type, system_property_type, system_public_property_type;
+#line 166
+
+#line 166
+
+#line 166
+
+#line 166
+allow vendor_init property_socket:sock_file write;
+#line 166
+allow vendor_init init:unix_stream_socket connectto;
+#line 166
+
+#line 166
+allow vendor_init hdmi_config_prop:property_service set;
+#line 166
+
+#line 166
+allow vendor_init hdmi_config_prop:file { getattr open read map };
+#line 166
+
+#line 166
+
+#line 166
+ neverallow { domain -init -vendor_init } hdmi_config_prop:property_service set;
+#line 166
+
+
+#line 167
+
+#line 167
+ type hw_timeout_multiplier_prop, property_type, system_property_type, system_public_property_type;
+#line 167
+
+#line 167
+
+#line 167
+
+#line 167
+allow vendor_init property_socket:sock_file write;
+#line 167
+allow vendor_init init:unix_stream_socket connectto;
+#line 167
+
+#line 167
+allow vendor_init hw_timeout_multiplier_prop:property_service set;
+#line 167
+
+#line 167
+allow vendor_init hw_timeout_multiplier_prop:file { getattr open read map };
+#line 167
+
+#line 167
+
+#line 167
+ neverallow { domain -init -vendor_init } hw_timeout_multiplier_prop:property_service set;
+#line 167
+
+
+#line 168
+
+#line 168
+ type hypervisor_prop, property_type, system_property_type, system_public_property_type;
+#line 168
+
+#line 168
+
+#line 168
+
+#line 168
+allow vendor_init property_socket:sock_file write;
+#line 168
+allow vendor_init init:unix_stream_socket connectto;
+#line 168
+
+#line 168
+allow vendor_init hypervisor_prop:property_service set;
+#line 168
+
+#line 168
+allow vendor_init hypervisor_prop:file { getattr open read map };
+#line 168
+
+#line 168
+
+#line 168
+ neverallow { domain -init -vendor_init } hypervisor_prop:property_service set;
+#line 168
+
+
+#line 169
+
+#line 169
+ type hypervisor_restricted_prop, property_type, system_property_type, system_public_property_type;
+#line 169
+
+#line 169
+
+#line 169
+
+#line 169
+allow vendor_init property_socket:sock_file write;
+#line 169
+allow vendor_init init:unix_stream_socket connectto;
+#line 169
+
+#line 169
+allow vendor_init hypervisor_restricted_prop:property_service set;
+#line 169
+
+#line 169
+allow vendor_init hypervisor_restricted_prop:file { getattr open read map };
+#line 169
+
+#line 169
+
+#line 169
+ neverallow { domain -init -vendor_init } hypervisor_restricted_prop:property_service set;
+#line 169
+
+
+#line 170
+
+#line 170
+ type incremental_prop, property_type, system_property_type, system_public_property_type;
+#line 170
+
+#line 170
+
+#line 170
+
+#line 170
+allow vendor_init property_socket:sock_file write;
+#line 170
+allow vendor_init init:unix_stream_socket connectto;
+#line 170
+
+#line 170
+allow vendor_init incremental_prop:property_service set;
+#line 170
+
+#line 170
+allow vendor_init incremental_prop:file { getattr open read map };
+#line 170
+
+#line 170
+
+#line 170
+ neverallow { domain -init -vendor_init } incremental_prop:property_service set;
+#line 170
+
+
+#line 171
+
+#line 171
+ type input_device_config_prop, property_type, system_property_type, system_public_property_type;
+#line 171
+
+#line 171
+
+#line 171
+
+#line 171
+allow vendor_init property_socket:sock_file write;
+#line 171
+allow vendor_init init:unix_stream_socket connectto;
+#line 171
+
+#line 171
+allow vendor_init input_device_config_prop:property_service set;
+#line 171
+
+#line 171
+allow vendor_init input_device_config_prop:file { getattr open read map };
+#line 171
+
+#line 171
+
+#line 171
+ neverallow { domain -init -vendor_init } input_device_config_prop:property_service set;
+#line 171
+
+
+#line 172
+
+#line 172
+ type keyguard_config_prop, property_type, system_property_type, system_public_property_type;
+#line 172
+
+#line 172
+
+#line 172
+
+#line 172
+allow vendor_init property_socket:sock_file write;
+#line 172
+allow vendor_init init:unix_stream_socket connectto;
+#line 172
+
+#line 172
+allow vendor_init keyguard_config_prop:property_service set;
+#line 172
+
+#line 172
+allow vendor_init keyguard_config_prop:file { getattr open read map };
+#line 172
+
+#line 172
+
+#line 172
+ neverallow { domain -init -vendor_init } keyguard_config_prop:property_service set;
+#line 172
+
+
+#line 173
+
+#line 173
+ type keystore_config_prop, property_type, system_property_type, system_public_property_type;
+#line 173
+
+#line 173
+
+#line 173
+
+#line 173
+allow vendor_init property_socket:sock_file write;
+#line 173
+allow vendor_init init:unix_stream_socket connectto;
+#line 173
+
+#line 173
+allow vendor_init keystore_config_prop:property_service set;
+#line 173
+
+#line 173
+allow vendor_init keystore_config_prop:file { getattr open read map };
+#line 173
+
+#line 173
+
+#line 173
+ neverallow { domain -init -vendor_init } keystore_config_prop:property_service set;
+#line 173
+
+
+#line 174
+
+#line 174
+ type lmkd_config_prop, property_type, system_property_type, system_public_property_type;
+#line 174
+
+#line 174
+
+#line 174
+
+#line 174
+allow vendor_init property_socket:sock_file write;
+#line 174
+allow vendor_init init:unix_stream_socket connectto;
+#line 174
+
+#line 174
+allow vendor_init lmkd_config_prop:property_service set;
+#line 174
+
+#line 174
+allow vendor_init lmkd_config_prop:file { getattr open read map };
+#line 174
+
+#line 174
+
+#line 174
+ neverallow { domain -init -vendor_init } lmkd_config_prop:property_service set;
+#line 174
+
+
+#line 175
+
+#line 175
+ type media_config_prop, property_type, system_property_type, system_public_property_type;
+#line 175
+
+#line 175
+
+#line 175
+
+#line 175
+allow vendor_init property_socket:sock_file write;
+#line 175
+allow vendor_init init:unix_stream_socket connectto;
+#line 175
+
+#line 175
+allow vendor_init media_config_prop:property_service set;
+#line 175
+
+#line 175
+allow vendor_init media_config_prop:file { getattr open read map };
+#line 175
+
+#line 175
+
+#line 175
+ neverallow { domain -init -vendor_init } media_config_prop:property_service set;
+#line 175
+
+
+#line 176
+
+#line 176
+ type media_variant_prop, property_type, system_property_type, system_public_property_type;
+#line 176
+
+#line 176
+
+#line 176
+
+#line 176
+allow vendor_init property_socket:sock_file write;
+#line 176
+allow vendor_init init:unix_stream_socket connectto;
+#line 176
+
+#line 176
+allow vendor_init media_variant_prop:property_service set;
+#line 176
+
+#line 176
+allow vendor_init media_variant_prop:file { getattr open read map };
+#line 176
+
+#line 176
+
+#line 176
+ neverallow { domain -init -vendor_init } media_variant_prop:property_service set;
+#line 176
+
+
+#line 177
+
+#line 177
+ type mediadrm_config_prop, property_type, system_property_type, system_public_property_type;
+#line 177
+
+#line 177
+
+#line 177
+
+#line 177
+allow vendor_init property_socket:sock_file write;
+#line 177
+allow vendor_init init:unix_stream_socket connectto;
+#line 177
+
+#line 177
+allow vendor_init mediadrm_config_prop:property_service set;
+#line 177
+
+#line 177
+allow vendor_init mediadrm_config_prop:file { getattr open read map };
+#line 177
+
+#line 177
+
+#line 177
+ neverallow { domain -init -vendor_init } mediadrm_config_prop:property_service set;
+#line 177
+
+
+#line 178
+
+#line 178
+ type mm_events_config_prop, property_type, system_property_type, system_public_property_type;
+#line 178
+
+#line 178
+
+#line 178
+
+#line 178
+allow vendor_init property_socket:sock_file write;
+#line 178
+allow vendor_init init:unix_stream_socket connectto;
+#line 178
+
+#line 178
+allow vendor_init mm_events_config_prop:property_service set;
+#line 178
+
+#line 178
+allow vendor_init mm_events_config_prop:file { getattr open read map };
+#line 178
+
+#line 178
+
+#line 178
+ neverallow { domain -init -vendor_init } mm_events_config_prop:property_service set;
+#line 178
+
+
+#line 179
+
+#line 179
+ type oem_unlock_prop, property_type, system_property_type, system_public_property_type;
+#line 179
+
+#line 179
+
+#line 179
+
+#line 179
+allow vendor_init property_socket:sock_file write;
+#line 179
+allow vendor_init init:unix_stream_socket connectto;
+#line 179
+
+#line 179
+allow vendor_init oem_unlock_prop:property_service set;
+#line 179
+
+#line 179
+allow vendor_init oem_unlock_prop:file { getattr open read map };
+#line 179
+
+#line 179
+
+#line 179
+ neverallow { domain -init -vendor_init } oem_unlock_prop:property_service set;
+#line 179
+
+
+#line 180
+
+#line 180
+ type ota_build_prop, property_type, system_property_type, system_public_property_type;
+#line 180
+
+#line 180
+
+#line 180
+
+#line 180
+allow vendor_init property_socket:sock_file write;
+#line 180
+allow vendor_init init:unix_stream_socket connectto;
+#line 180
+
+#line 180
+allow vendor_init ota_build_prop:property_service set;
+#line 180
+
+#line 180
+allow vendor_init ota_build_prop:file { getattr open read map };
+#line 180
+
+#line 180
+
+#line 180
+ neverallow { domain -init -vendor_init } ota_build_prop:property_service set;
+#line 180
+
+
+#line 181
+
+#line 181
+ type packagemanager_config_prop, property_type, system_property_type, system_public_property_type;
+#line 181
+
+#line 181
+
+#line 181
+
+#line 181
+allow vendor_init property_socket:sock_file write;
+#line 181
+allow vendor_init init:unix_stream_socket connectto;
+#line 181
+
+#line 181
+allow vendor_init packagemanager_config_prop:property_service set;
+#line 181
+
+#line 181
+allow vendor_init packagemanager_config_prop:file { getattr open read map };
+#line 181
+
+#line 181
+
+#line 181
+ neverallow { domain -init -vendor_init } packagemanager_config_prop:property_service set;
+#line 181
+
+
+#line 182
+
+#line 182
+ type quick_start_prop, property_type, system_property_type, system_public_property_type;
+#line 182
+
+#line 182
+
+#line 182
+
+#line 182
+allow vendor_init property_socket:sock_file write;
+#line 182
+allow vendor_init init:unix_stream_socket connectto;
+#line 182
+
+#line 182
+allow vendor_init quick_start_prop:property_service set;
+#line 182
+
+#line 182
+allow vendor_init quick_start_prop:file { getattr open read map };
+#line 182
+
+#line 182
+
+#line 182
+ neverallow { domain -init -vendor_init } quick_start_prop:property_service set;
+#line 182
+
+
+#line 183
+
+#line 183
+ type recovery_config_prop, property_type, system_property_type, system_public_property_type;
+#line 183
+
+#line 183
+
+#line 183
+
+#line 183
+allow vendor_init property_socket:sock_file write;
+#line 183
+allow vendor_init init:unix_stream_socket connectto;
+#line 183
+
+#line 183
+allow vendor_init recovery_config_prop:property_service set;
+#line 183
+
+#line 183
+allow vendor_init recovery_config_prop:file { getattr open read map };
+#line 183
+
+#line 183
+
+#line 183
+ neverallow { domain -init -vendor_init } recovery_config_prop:property_service set;
+#line 183
+
+
+#line 184
+
+#line 184
+ type recovery_usb_config_prop, property_type, system_property_type, system_public_property_type;
+#line 184
+
+#line 184
+
+#line 184
+
+#line 184
+allow vendor_init property_socket:sock_file write;
+#line 184
+allow vendor_init init:unix_stream_socket connectto;
+#line 184
+
+#line 184
+allow vendor_init recovery_usb_config_prop:property_service set;
+#line 184
+
+#line 184
+allow vendor_init recovery_usb_config_prop:file { getattr open read map };
+#line 184
+
+#line 184
+
+#line 184
+ neverallow { domain -init -vendor_init } recovery_usb_config_prop:property_service set;
+#line 184
+
+
+#line 185
+
+#line 185
+ type sendbug_config_prop, property_type, system_property_type, system_public_property_type;
+#line 185
+
+#line 185
+
+#line 185
+
+#line 185
+allow vendor_init property_socket:sock_file write;
+#line 185
+allow vendor_init init:unix_stream_socket connectto;
+#line 185
+
+#line 185
+allow vendor_init sendbug_config_prop:property_service set;
+#line 185
+
+#line 185
+allow vendor_init sendbug_config_prop:file { getattr open read map };
+#line 185
+
+#line 185
+
+#line 185
+ neverallow { domain -init -vendor_init } sendbug_config_prop:property_service set;
+#line 185
+
+
+#line 186
+
+#line 186
+ type soc_prop, property_type, system_property_type, system_public_property_type;
+#line 186
+
+#line 186
+
+#line 186
+
+#line 186
+allow vendor_init property_socket:sock_file write;
+#line 186
+allow vendor_init init:unix_stream_socket connectto;
+#line 186
+
+#line 186
+allow vendor_init soc_prop:property_service set;
+#line 186
+
+#line 186
+allow vendor_init soc_prop:file { getattr open read map };
+#line 186
+
+#line 186
+
+#line 186
+ neverallow { domain -init -vendor_init } soc_prop:property_service set;
+#line 186
+
+
+#line 187
+
+#line 187
+ type storage_config_prop, property_type, system_property_type, system_public_property_type;
+#line 187
+
+#line 187
+
+#line 187
+
+#line 187
+allow vendor_init property_socket:sock_file write;
+#line 187
+allow vendor_init init:unix_stream_socket connectto;
+#line 187
+
+#line 187
+allow vendor_init storage_config_prop:property_service set;
+#line 187
+
+#line 187
+allow vendor_init storage_config_prop:file { getattr open read map };
+#line 187
+
+#line 187
+
+#line 187
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
+#line 187
+
+
+#line 188
+
+#line 188
+ type storagemanager_config_prop, property_type, system_property_type, system_public_property_type;
+#line 188
+
+#line 188
+
+#line 188
+
+#line 188
+allow vendor_init property_socket:sock_file write;
+#line 188
+allow vendor_init init:unix_stream_socket connectto;
+#line 188
+
+#line 188
+allow vendor_init storagemanager_config_prop:property_service set;
+#line 188
+
+#line 188
+allow vendor_init storagemanager_config_prop:file { getattr open read map };
+#line 188
+
+#line 188
+
+#line 188
+ neverallow { domain -init -vendor_init } storagemanager_config_prop:property_service set;
+#line 188
+
+
+#line 189
+
+#line 189
+ type surfaceflinger_prop, property_type, system_property_type, system_public_property_type;
+#line 189
+
+#line 189
+
+#line 189
+
+#line 189
+allow vendor_init property_socket:sock_file write;
+#line 189
+allow vendor_init init:unix_stream_socket connectto;
+#line 189
+
+#line 189
+allow vendor_init surfaceflinger_prop:property_service set;
+#line 189
+
+#line 189
+allow vendor_init surfaceflinger_prop:file { getattr open read map };
+#line 189
+
+#line 189
+
+#line 189
+ neverallow { domain -init -vendor_init } surfaceflinger_prop:property_service set;
+#line 189
+
+
+#line 190
+
+#line 190
+ type suspend_prop, property_type, system_property_type, system_public_property_type;
+#line 190
+
+#line 190
+
+#line 190
+
+#line 190
+allow vendor_init property_socket:sock_file write;
+#line 190
+allow vendor_init init:unix_stream_socket connectto;
+#line 190
+
+#line 190
+allow vendor_init suspend_prop:property_service set;
+#line 190
+
+#line 190
+allow vendor_init suspend_prop:file { getattr open read map };
+#line 190
+
+#line 190
+
+#line 190
+ neverallow { domain -init -vendor_init } suspend_prop:property_service set;
+#line 190
+
+
+#line 191
+
+#line 191
+ type systemsound_config_prop, property_type, system_property_type, system_public_property_type;
+#line 191
+
+#line 191
+
+#line 191
+
+#line 191
+allow vendor_init property_socket:sock_file write;
+#line 191
+allow vendor_init init:unix_stream_socket connectto;
+#line 191
+
+#line 191
+allow vendor_init systemsound_config_prop:property_service set;
+#line 191
+
+#line 191
+allow vendor_init systemsound_config_prop:file { getattr open read map };
+#line 191
+
+#line 191
+
+#line 191
+ neverallow { domain -init -vendor_init } systemsound_config_prop:property_service set;
+#line 191
+
+
+#line 192
+
+#line 192
+ type telephony_config_prop, property_type, system_property_type, system_public_property_type;
+#line 192
+
+#line 192
+
+#line 192
+
+#line 192
+allow vendor_init property_socket:sock_file write;
+#line 192
+allow vendor_init init:unix_stream_socket connectto;
+#line 192
+
+#line 192
+allow vendor_init telephony_config_prop:property_service set;
+#line 192
+
+#line 192
+allow vendor_init telephony_config_prop:file { getattr open read map };
+#line 192
+
+#line 192
+
+#line 192
+ neverallow { domain -init -vendor_init } telephony_config_prop:property_service set;
+#line 192
+
+
+#line 193
+
+#line 193
+ type threadnetwork_config_prop, property_type, system_property_type, system_public_property_type;
+#line 193
+
+#line 193
+
+#line 193
+
+#line 193
+allow vendor_init property_socket:sock_file write;
+#line 193
+allow vendor_init init:unix_stream_socket connectto;
+#line 193
+
+#line 193
+allow vendor_init threadnetwork_config_prop:property_service set;
+#line 193
+
+#line 193
+allow vendor_init threadnetwork_config_prop:file { getattr open read map };
+#line 193
+
+#line 193
+
+#line 193
+ neverallow { domain -init -vendor_init } threadnetwork_config_prop:property_service set;
+#line 193
+
+
+#line 194
+
+#line 194
+ type tombstone_config_prop, property_type, system_property_type, system_public_property_type;
+#line 194
+
+#line 194
+
+#line 194
+
+#line 194
+allow vendor_init property_socket:sock_file write;
+#line 194
+allow vendor_init init:unix_stream_socket connectto;
+#line 194
+
+#line 194
+allow vendor_init tombstone_config_prop:property_service set;
+#line 194
+
+#line 194
+allow vendor_init tombstone_config_prop:file { getattr open read map };
+#line 194
+
+#line 194
+
+#line 194
+ neverallow { domain -init -vendor_init } tombstone_config_prop:property_service set;
+#line 194
+
+
+#line 195
+
+#line 195
+ type usb_config_prop, property_type, system_property_type, system_public_property_type;
+#line 195
+
+#line 195
+
+#line 195
+
+#line 195
+allow vendor_init property_socket:sock_file write;
+#line 195
+allow vendor_init init:unix_stream_socket connectto;
+#line 195
+
+#line 195
+allow vendor_init usb_config_prop:property_service set;
+#line 195
+
+#line 195
+allow vendor_init usb_config_prop:file { getattr open read map };
+#line 195
+
+#line 195
+
+#line 195
+ neverallow { domain -init -vendor_init } usb_config_prop:property_service set;
+#line 195
+
+
+#line 196
+
+#line 196
+ type userspace_reboot_config_prop, property_type, system_property_type, system_public_property_type;
+#line 196
+
+#line 196
+
+#line 196
+
+#line 196
+allow vendor_init property_socket:sock_file write;
+#line 196
+allow vendor_init init:unix_stream_socket connectto;
+#line 196
+
+#line 196
+allow vendor_init userspace_reboot_config_prop:property_service set;
+#line 196
+
+#line 196
+allow vendor_init userspace_reboot_config_prop:file { getattr open read map };
+#line 196
+
+#line 196
+
+#line 196
+ neverallow { domain -init -vendor_init } userspace_reboot_config_prop:property_service set;
+#line 196
+
+
+#line 197
+
+#line 197
+ type vehicle_hal_prop, property_type, system_property_type, system_public_property_type;
+#line 197
+
+#line 197
+
+#line 197
+
+#line 197
+allow vendor_init property_socket:sock_file write;
+#line 197
+allow vendor_init init:unix_stream_socket connectto;
+#line 197
+
+#line 197
+allow vendor_init vehicle_hal_prop:property_service set;
+#line 197
+
+#line 197
+allow vendor_init vehicle_hal_prop:file { getattr open read map };
+#line 197
+
+#line 197
+
+#line 197
+ neverallow { domain -init -vendor_init } vehicle_hal_prop:property_service set;
+#line 197
+
+
+#line 198
+
+#line 198
+ type vendor_security_patch_level_prop, property_type, system_property_type, system_public_property_type;
+#line 198
+
+#line 198
+
+#line 198
+
+#line 198
+allow vendor_init property_socket:sock_file write;
+#line 198
+allow vendor_init init:unix_stream_socket connectto;
+#line 198
+
+#line 198
+allow vendor_init vendor_security_patch_level_prop:property_service set;
+#line 198
+
+#line 198
+allow vendor_init vendor_security_patch_level_prop:file { getattr open read map };
+#line 198
+
+#line 198
+
+#line 198
+ neverallow { domain -init -vendor_init } vendor_security_patch_level_prop:property_service set;
+#line 198
+
+
+#line 199
+
+#line 199
+ type vendor_socket_hook_prop, property_type, system_property_type, system_public_property_type;
+#line 199
+
+#line 199
+
+#line 199
+
+#line 199
+allow vendor_init property_socket:sock_file write;
+#line 199
+allow vendor_init init:unix_stream_socket connectto;
+#line 199
+
+#line 199
+allow vendor_init vendor_socket_hook_prop:property_service set;
+#line 199
+
+#line 199
+allow vendor_init vendor_socket_hook_prop:file { getattr open read map };
+#line 199
+
+#line 199
+
+#line 199
+ neverallow { domain -init -vendor_init } vendor_socket_hook_prop:property_service set;
+#line 199
+
+
+#line 200
+
+#line 200
+ type virtual_ab_prop, property_type, system_property_type, system_public_property_type;
+#line 200
+
+#line 200
+
+#line 200
+
+#line 200
+allow vendor_init property_socket:sock_file write;
+#line 200
+allow vendor_init init:unix_stream_socket connectto;
+#line 200
+
+#line 200
+allow vendor_init virtual_ab_prop:property_service set;
+#line 200
+
+#line 200
+allow vendor_init virtual_ab_prop:file { getattr open read map };
+#line 200
+
+#line 200
+
+#line 200
+ neverallow { domain -init -vendor_init } virtual_ab_prop:property_service set;
+#line 200
+
+
+#line 201
+
+#line 201
+ type vndk_prop, property_type, system_property_type, system_public_property_type;
+#line 201
+
+#line 201
+
+#line 201
+
+#line 201
+allow vendor_init property_socket:sock_file write;
+#line 201
+allow vendor_init init:unix_stream_socket connectto;
+#line 201
+
+#line 201
+allow vendor_init vndk_prop:property_service set;
+#line 201
+
+#line 201
+allow vendor_init vndk_prop:file { getattr open read map };
+#line 201
+
+#line 201
+
+#line 201
+ neverallow { domain -init -vendor_init } vndk_prop:property_service set;
+#line 201
+
+
+#line 202
+
+#line 202
+ type vts_config_prop, property_type, system_property_type, system_public_property_type;
+#line 202
+
+#line 202
+
+#line 202
+
+#line 202
+allow vendor_init property_socket:sock_file write;
+#line 202
+allow vendor_init init:unix_stream_socket connectto;
+#line 202
+
+#line 202
+allow vendor_init vts_config_prop:property_service set;
+#line 202
+
+#line 202
+allow vendor_init vts_config_prop:file { getattr open read map };
+#line 202
+
+#line 202
+
+#line 202
+ neverallow { domain -init -vendor_init } vts_config_prop:property_service set;
+#line 202
+
+
+#line 203
+
+#line 203
+ type vold_config_prop, property_type, system_property_type, system_public_property_type;
+#line 203
+
+#line 203
+
+#line 203
+
+#line 203
+allow vendor_init property_socket:sock_file write;
+#line 203
+allow vendor_init init:unix_stream_socket connectto;
+#line 203
+
+#line 203
+allow vendor_init vold_config_prop:property_service set;
+#line 203
+
+#line 203
+allow vendor_init vold_config_prop:file { getattr open read map };
+#line 203
+
+#line 203
+
+#line 203
+ neverallow { domain -init -vendor_init } vold_config_prop:property_service set;
+#line 203
+
+
+#line 204
+
+#line 204
+ type wifi_config_prop, property_type, system_property_type, system_public_property_type;
+#line 204
+
+#line 204
+
+#line 204
+
+#line 204
+allow vendor_init property_socket:sock_file write;
+#line 204
+allow vendor_init init:unix_stream_socket connectto;
+#line 204
+
+#line 204
+allow vendor_init wifi_config_prop:property_service set;
+#line 204
+
+#line 204
+allow vendor_init wifi_config_prop:file { getattr open read map };
+#line 204
+
+#line 204
+
+#line 204
+ neverallow { domain -init -vendor_init } wifi_config_prop:property_service set;
+#line 204
+
+
+#line 205
+
+#line 205
+ type zram_config_prop, property_type, system_property_type, system_public_property_type;
+#line 205
+
+#line 205
+
+#line 205
+
+#line 205
+allow vendor_init property_socket:sock_file write;
+#line 205
+allow vendor_init init:unix_stream_socket connectto;
+#line 205
+
+#line 205
+allow vendor_init zram_config_prop:property_service set;
+#line 205
+
+#line 205
+allow vendor_init zram_config_prop:file { getattr open read map };
+#line 205
+
+#line 205
+
+#line 205
+ neverallow { domain -init -vendor_init } zram_config_prop:property_service set;
+#line 205
+
+
+#line 206
+
+#line 206
+ type zygote_config_prop, property_type, system_property_type, system_public_property_type;
+#line 206
+
+#line 206
+
+#line 206
+
+#line 206
+allow vendor_init property_socket:sock_file write;
+#line 206
+allow vendor_init init:unix_stream_socket connectto;
+#line 206
+
+#line 206
+allow vendor_init zygote_config_prop:property_service set;
+#line 206
+
+#line 206
+allow vendor_init zygote_config_prop:file { getattr open read map };
+#line 206
+
+#line 206
+
+#line 206
+ neverallow { domain -init -vendor_init } zygote_config_prop:property_service set;
+#line 206
+
+
+#line 207
+
+#line 207
+ type dck_prop, property_type, system_property_type, system_public_property_type;
+#line 207
+
+#line 207
+
+#line 207
+
+#line 207
+allow vendor_init property_socket:sock_file write;
+#line 207
+allow vendor_init init:unix_stream_socket connectto;
+#line 207
+
+#line 207
+allow vendor_init dck_prop:property_service set;
+#line 207
+
+#line 207
+allow vendor_init dck_prop:file { getattr open read map };
+#line 207
+
+#line 207
+
+#line 207
+ neverallow { domain -init -vendor_init } dck_prop:property_service set;
+#line 207
+
+
+#line 208
+
+#line 208
+ type tuner_config_prop, property_type, system_property_type, system_public_property_type;
+#line 208
+
+#line 208
+
+#line 208
+
+#line 208
+allow vendor_init property_socket:sock_file write;
+#line 208
+allow vendor_init init:unix_stream_socket connectto;
+#line 208
+
+#line 208
+allow vendor_init tuner_config_prop:property_service set;
+#line 208
+
+#line 208
+allow vendor_init tuner_config_prop:file { getattr open read map };
+#line 208
+
+#line 208
+
+#line 208
+ neverallow { domain -init -vendor_init } tuner_config_prop:property_service set;
+#line 208
+
+
#line 209
#line 209
- type trusty_security_vm_sys_vendor_prop, property_type, system_property_type, system_public_property_type;
+ type usb_uvc_enabled_prop, property_type, system_property_type, system_public_property_type;
#line 209
#line 209
@@ -15774,804 +15745,899 @@
#line 209
#line 209
-allow vendor_init trusty_security_vm_sys_vendor_prop:property_service set;
+allow vendor_init usb_uvc_enabled_prop:property_service set;
#line 209
#line 209
-allow vendor_init trusty_security_vm_sys_vendor_prop:file { getattr open read map };
+allow vendor_init usb_uvc_enabled_prop:file { getattr open read map };
#line 209
#line 209
#line 209
- neverallow { domain -init -vendor_init } trusty_security_vm_sys_vendor_prop:property_service set;
+ neverallow { domain -init -vendor_init } usb_uvc_enabled_prop:property_service set;
#line 209
+
+#line 210
+
+#line 210
+ type setupwizard_mode_prop, property_type, system_property_type, system_public_property_type;
+#line 210
+
+#line 210
+
+#line 210
+
+#line 210
+allow vendor_init property_socket:sock_file write;
+#line 210
+allow vendor_init init:unix_stream_socket connectto;
+#line 210
+
+#line 210
+allow vendor_init setupwizard_mode_prop:property_service set;
+#line 210
+
+#line 210
+allow vendor_init setupwizard_mode_prop:file { getattr open read map };
+#line 210
+
+#line 210
+
+#line 210
+ neverallow { domain -init -vendor_init } setupwizard_mode_prop:property_service set;
+#line 210
+
+
#line 211
+
+#line 211
+ type pm_archiving_enabled_prop, property_type, system_property_type, system_public_property_type;
+#line 211
+
+#line 211
+
+#line 211
+
+#line 211
+allow vendor_init property_socket:sock_file write;
+#line 211
+allow vendor_init init:unix_stream_socket connectto;
+#line 211
+
+#line 211
+allow vendor_init pm_archiving_enabled_prop:property_service set;
+#line 211
+
+#line 211
+allow vendor_init pm_archiving_enabled_prop:file { getattr open read map };
+#line 211
+
+#line 211
+
+#line 211
+ neverallow { domain -init -vendor_init } pm_archiving_enabled_prop:property_service set;
+#line 211
+
+
+#line 212
+
+#line 212
+
+#line 212
+ type trusty_security_vm_sys_vendor_prop, property_type, system_property_type, system_public_property_type;
+#line 212
+
+#line 212
+
+#line 212
+
+#line 212
+allow vendor_init property_socket:sock_file write;
+#line 212
+allow vendor_init init:unix_stream_socket connectto;
+#line 212
+
+#line 212
+allow vendor_init trusty_security_vm_sys_vendor_prop:property_service set;
+#line 212
+
+#line 212
+allow vendor_init trusty_security_vm_sys_vendor_prop:file { getattr open read map };
+#line 212
+
+#line 212
+
+#line 212
+ neverallow { domain -init -vendor_init } trusty_security_vm_sys_vendor_prop:property_service set;
+#line 212
+
+#line 214
# Properties with no restrictions
-#line 214
+#line 217
type adbd_config_prop, property_type, system_property_type, system_public_property_type;
-#line 214
+#line 217
-#line 215
+#line 218
type audio_prop, property_type, system_property_type, system_public_property_type;
-#line 215
+#line 218
-#line 216
+#line 219
type bluetooth_a2dp_offload_prop, property_type, system_property_type, system_public_property_type;
-#line 216
+#line 219
-#line 217
+#line 220
type bluetooth_audio_hal_prop, property_type, system_property_type, system_public_property_type;
-#line 217
-
-
-#line 218
-
-#line 218
- type bluetooth_finder_prop, property_type, system_property_type, system_public_property_type;
-#line 218
-
#line 220
#line 221
- type bluetooth_prop, property_type, system_property_type, system_public_property_type;
+
+#line 221
+ type bluetooth_finder_prop, property_type, system_property_type, system_public_property_type;
#line 221
+#line 223
-#line 222
+
+#line 224
+ type bluetooth_prop, property_type, system_property_type, system_public_property_type;
+#line 224
+
+
+#line 225
type bpf_progs_loaded_prop, property_type, system_property_type, system_public_property_type;
-#line 222
+#line 225
-#line 223
+#line 226
type charger_status_prop, property_type, system_property_type, system_public_property_type;
-#line 223
+#line 226
-#line 224
+#line 227
type ctl_default_prop, property_type, system_property_type, system_public_property_type;
-#line 224
+#line 227
-#line 225
+#line 228
type ctl_interface_start_prop, property_type, system_property_type, system_public_property_type;
-#line 225
+#line 228
-#line 226
+#line 229
type ctl_start_prop, property_type, system_property_type, system_public_property_type;
-#line 226
+#line 229
-#line 227
+#line 230
type ctl_stop_prop, property_type, system_property_type, system_public_property_type;
-#line 227
+#line 230
-#line 228
+#line 231
type dalvik_config_prop, property_type, system_property_type, system_public_property_type;
-#line 228
+#line 231
-#line 229
+#line 232
type dalvik_dynamic_config_prop, property_type, system_property_type, system_public_property_type;
-#line 229
+#line 232
-#line 230
+#line 233
type dalvik_runtime_prop, property_type, system_property_type, system_public_property_type;
-#line 230
+#line 233
-#line 231
+#line 234
type debug_prop, property_type, system_property_type, system_public_property_type;
-#line 231
+#line 234
-#line 232
+#line 235
type device_config_memory_safety_native_boot_prop, property_type, system_property_type, system_public_property_type;
-#line 232
+#line 235
-#line 233
+#line 236
type device_config_memory_safety_native_prop, property_type, system_property_type, system_public_property_type;
-#line 233
+#line 236
-#line 234
+#line 237
type dumpstate_options_prop, property_type, system_property_type, system_public_property_type;
-#line 234
+#line 237
-#line 235
+#line 238
type exported_system_prop, property_type, system_property_type, system_public_property_type;
-#line 235
+#line 238
-#line 236
+#line 239
type exported_bluetooth_prop, property_type, system_property_type, system_public_property_type;
-#line 236
+#line 239
-#line 237
+#line 240
type exported_overlay_prop, property_type, system_property_type, system_public_property_type;
-#line 237
+#line 240
-#line 238
+#line 241
type exported_pm_prop, property_type, system_property_type, system_public_property_type;
-#line 238
+#line 241
-#line 239
+#line 242
type future_pm_prop, property_type, system_property_type, system_public_property_type;
-#line 239
+#line 242
-#line 240
+#line 243
type ffs_control_prop, property_type, system_property_type, system_public_property_type;
-#line 240
+#line 243
-#line 241
+#line 244
type framework_status_prop, property_type, system_property_type, system_public_property_type;
-#line 241
+#line 244
-#line 242
+#line 245
type gesture_prop, property_type, system_property_type, system_public_property_type;
-#line 242
+#line 245
-#line 243
+#line 246
type graphics_config_writable_prop, property_type, system_property_type, system_public_property_type;
-#line 243
+#line 246
-#line 244
+#line 247
type hal_dumpstate_config_prop, property_type, system_property_type, system_public_property_type;
-#line 244
+#line 247
-#line 245
+#line 248
type sota_prop, property_type, system_property_type, system_public_property_type;
-#line 245
+#line 248
-#line 246
+#line 249
type hwservicemanager_prop, property_type, system_property_type, system_public_property_type;
-#line 246
+#line 249
-#line 247
+#line 250
type lmkd_prop, property_type, system_property_type, system_public_property_type;
-#line 247
+#line 250
-#line 248
+#line 251
type locale_prop, property_type, system_property_type, system_public_property_type;
-#line 248
+#line 251
-#line 249
+#line 252
type logd_prop, property_type, system_property_type, system_public_property_type;
-#line 249
+#line 252
-#line 250
+#line 253
type logpersistd_logging_prop, property_type, system_property_type, system_public_property_type;
-#line 250
+#line 253
-#line 251
+#line 254
type log_prop, property_type, system_property_type, system_public_property_type;
-#line 251
+#line 254
-#line 252
+#line 255
type log_tag_prop, property_type, system_property_type, system_public_property_type;
-#line 252
+#line 255
-#line 253
+#line 256
type lowpan_prop, property_type, system_property_type, system_public_property_type;
-#line 253
+#line 256
-#line 254
+#line 257
type nfc_prop, property_type, system_property_type, system_public_property_type;
-#line 254
+#line 257
-#line 255
+#line 258
type ota_prop, property_type, system_property_type, system_public_property_type;
-#line 255
+#line 258
-#line 256
+#line 259
type permissive_mte_prop, property_type, system_property_type, system_public_property_type;
-#line 256
+#line 259
-#line 257
+#line 260
type powerctl_prop, property_type, system_property_type, system_public_property_type;
-#line 257
+#line 260
-#line 258
+#line 261
type qemu_hw_prop, property_type, system_property_type, system_public_property_type;
-#line 258
+#line 261
-#line 259
+#line 262
type qemu_sf_lcd_density_prop, property_type, system_property_type, system_public_property_type;
-#line 259
+#line 262
-#line 260
+#line 263
type radio_control_prop, property_type, system_property_type, system_public_property_type;
-#line 260
+#line 263
-#line 261
+#line 264
type radio_prop, property_type, system_property_type, system_public_property_type;
-#line 261
+#line 264
-#line 262
+#line 265
type serialno_prop, property_type, system_property_type, system_public_property_type;
-#line 262
+#line 265
-#line 263
+#line 266
type surfaceflinger_color_prop, property_type, system_property_type, system_public_property_type;
-#line 263
+#line 266
-#line 264
+#line 267
type system_prop, property_type, system_property_type, system_public_property_type;
-#line 264
+#line 267
-#line 265
+#line 268
type system_user_mode_emulation_prop, property_type, system_property_type, system_public_property_type;
-#line 265
+#line 268
-#line 266
+#line 269
type telephony_status_prop, property_type, system_property_type, system_public_property_type;
-#line 266
+#line 269
-#line 267
+#line 270
type timezone_prop, property_type, system_property_type, system_public_property_type;
-#line 267
+#line 270
-#line 268
+#line 271
type usb_control_prop, property_type, system_property_type, system_public_property_type;
-#line 268
+#line 271
-#line 269
+#line 272
type vold_post_fs_data_prop, property_type, system_property_type, system_public_property_type;
-#line 269
+#line 272
-#line 270
+#line 273
type wifi_hal_prop, property_type, system_property_type, system_public_property_type;
-#line 270
+#line 273
-#line 271
+#line 274
type wifi_log_prop, property_type, system_property_type, system_public_property_type;
-#line 271
+#line 274
-#line 272
+#line 275
type wifi_prop, property_type, system_property_type, system_public_property_type;
-#line 272
+#line 275
-#line 273
+#line 276
type zram_control_prop, property_type, system_property_type, system_public_property_type;
-#line 273
+#line 276
# Properties which don't have entries on property_contexts
-#line 276
+#line 279
-#line 276
+#line 279
type default_prop, property_type, system_property_type, system_internal_property_type;
-#line 276
+#line 279
-#line 276
+#line 279
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 276
+#line 279
-#line 276
+#line 279
neverallow { domain -coredomain } default_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 276
+#line 279
-#line 276
+#line 279
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 276
+#line 279
-#line 276
+#line 279
# Properties used in default HAL implementations
-#line 279
+#line 282
-#line 279
+#line 282
type rebootescrow_hal_prop, property_type, vendor_property_type, vendor_internal_property_type;
-#line 279
+#line 282
-#line 279
+#line 282
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 279
+#line 282
-#line 279
+#line 282
# init and dumpstate are in coredomain, but should be able to read all props.
-#line 279
+#line 282
neverallow { coredomain -init -dumpstate } rebootescrow_hal_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 279
+#line 282
-#line 279
+#line 282
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 279
+#line 282
-#line 279
+#line 282
# Properties used in the default Face HAL implementations
-#line 282
+#line 285
-#line 282
+#line 285
type virtual_face_hal_prop, property_type, vendor_property_type, vendor_internal_property_type;
-#line 282
+#line 285
-#line 282
+#line 285
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 282
+#line 285
-#line 282
+#line 285
# init and dumpstate are in coredomain, but should be able to read all props.
-#line 282
+#line 285
neverallow { coredomain -init -dumpstate } virtual_face_hal_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 282
+#line 285
-#line 282
+#line 285
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 282
-
-#line 282
-
-
-#line 283
-
-#line 283
- type virtual_face_prop, property_type, system_property_type, system_public_property_type;
-#line 283
+#line 285
#line 285
+#line 286
+
+#line 286
+ type virtual_face_prop, property_type, system_property_type, system_public_property_type;
+#line 286
+
+#line 288
+
+
# Properties used in the default Fingerprint HAL implementations
-#line 288
+#line 291
-#line 288
+#line 291
type virtual_fingerprint_hal_prop, property_type, vendor_property_type, vendor_internal_property_type;
-#line 288
+#line 291
-#line 288
+#line 291
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 288
+#line 291
-#line 288
+#line 291
# init and dumpstate are in coredomain, but should be able to read all props.
-#line 288
+#line 291
neverallow { coredomain -init -dumpstate } virtual_fingerprint_hal_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 288
+#line 291
-#line 288
+#line 291
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 288
-
-#line 288
-
-
-#line 289
-
-#line 289
- type virtual_fingerprint_prop, property_type, system_property_type, system_public_property_type;
-#line 289
+#line 291
#line 291
+#line 292
+
+#line 292
+ type virtual_fingerprint_prop, property_type, system_property_type, system_public_property_type;
+#line 292
-#line 293
+#line 294
+
+
+
+#line 296
type persist_vendor_debug_wifi_prop, property_type, vendor_property_type, vendor_public_property_type;
-#line 293
+#line 296
# Properties which are public for devices launching with Android O or earlier
# This should not be used for any new properties.
-#line 297
+#line 300
# DO NOT ADD ANY PROPERTIES HERE
-#line 297
+#line 300
-#line 297
+#line 300
type boottime_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type charger_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type cold_boot_done_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_adbd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_apexd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_bootanim_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_bugreport_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_console_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_dumpstate_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_fuse_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_gsid_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_interface_restart_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_interface_stop_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_mdnsd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_restart_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_rildaemon_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type ctl_sigstop_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type dynamic_system_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type heapprofd_enabled_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type llkd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type lpdumpd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type mmc_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type mock_ota_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type net_dns_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type overlay_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type persistent_properties_ready_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type safemode_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type system_lmk_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type system_trace_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type test_boot_reason_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type time_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type traced_enabled_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type traced_lazy_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type config_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type cppreopt_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type dalvik_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type debuggerd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type device_logging_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type dhcp_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type dumpstate_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type exported3_system_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type exported_dumpstate_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type exported_secure_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type heapprofd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type net_radio_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type pan_result_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type persist_debug_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type shell_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type test_harness_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type theme_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type use_memfd_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 297
+#line 300
-#line 297
+#line 300
type vold_prop, property_type, system_property_type, system_public_property_type;
-#line 297
+#line 300
-#line 352
+#line 355
-#line 354
+#line 357
-#line 354
+#line 357
type vendor_default_prop, property_type, vendor_property_type, vendor_public_property_type;
-#line 354
+#line 357
-#line 356
+#line 359
# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 358
+#line 361
-#line 358
+#line 361
-#line 358
+#line 361
-#line 358
+#line 361
type vendor_default_prop, property_type, vendor_property_type, vendor_internal_property_type;
-#line 358
+#line 361
-#line 358
+#line 361
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 358
+#line 361
-#line 358
+#line 361
# init and dumpstate are in coredomain, but should be able to read all props.
-#line 358
+#line 361
neverallow { coredomain -init -dumpstate } vendor_default_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 358
+#line 361
-#line 358
+#line 361
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 358
+#line 361
-#line 358
+#line 361
-#line 358
+#line 361
-#line 358
+#line 361
# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 360
+#line 363
# system/sepolicy/public is for vendor-facing type and attribute definitions.
@@ -16683,6 +16749,11 @@
type evsmanagerd_service, service_manager_type;
type fingerprintd_service, service_manager_type;
type fwk_automotive_display_service, service_manager_type;
+
+#line 21
+ type fwk_vold_service, service_manager_type;
+#line 23
+
type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;
@@ -16734,9 +16805,9 @@
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type app_binding_service, system_server_service, service_manager_type;
-#line 71
+#line 74
type app_function_service, app_api_service, system_server_service, service_manager_type;
-#line 73
+#line 76
type app_hibernation_service, app_api_service, system_api_service, system_server_service, service_manager_type;
type app_integrity_service, system_api_service, system_server_service, service_manager_type;
@@ -16827,9 +16898,9 @@
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-#line 162
+#line 165
type intrusion_detection_service, app_api_service, system_api_service, system_server_service, service_manager_type;
-#line 164
+#line 167
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type iris_service, app_api_service, system_server_service, service_manager_type;
@@ -16846,9 +16917,9 @@
type media_metrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-#line 179
+#line 182
type media_quality_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-#line 181
+#line 184
type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -16958,9 +17029,9 @@
type wifinl80211_service, service_manager_type;
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
-#line 289
+#line 292
type wifi_usd_service, app_api_service, system_server_service, service_manager_type;
-#line 291
+#line 294
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
@@ -17004,9 +17075,9 @@
type hal_light_service, protected_service, hal_service_type, service_manager_type;
type hal_macsec_service, protected_service, hal_service_type, service_manager_type;
-#line 333
+#line 336
type hal_mediaquality_service, protected_service, hal_service_type, service_manager_type;
-#line 335
+#line 338
type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;
type hal_neuralnetworks_service, hal_service_type, service_manager_type;
@@ -17045,9 +17116,9 @@
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
-#line 372
+#line 375
type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
-#line 374
+#line 377
# system/sepolicy/public is for vendor-facing type and attribute definitions.
@@ -17505,6 +17576,9 @@
#line 42
+
+#line 46
+
#line 1 "system/sepolicy/private/aconfigd.te"
# aconfigd -- manager for aconfig flags
type aconfigd, domain, coredomain, mlstrustedsubject;
@@ -18117,6 +18191,10 @@
allow adbd perfetto_traces_data_file:file { getattr open read ioctl lock map watch watch_reads };
allow adbd perfetto_traces_data_file:dir { open getattr read search ioctl lock watch watch_reads };
+# Allow to pull ProfilingManager Perfetto traces.
+allow adbd perfetto_traces_profiling_data_file:file { getattr open read ioctl lock map watch watch_reads };
+allow adbd perfetto_traces_profiling_data_file:dir { open getattr read search ioctl lock watch watch_reads };
+
# Allow to push and manage configs in /data/misc/perfetto-configs.
allow adbd perfetto_configs_data_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
allow adbd perfetto_configs_data_file:file { create rename setattr unlink { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } } };
@@ -18132,11 +18210,11 @@
# Allow pull /vendor/apex files for CTS tests
-#line 195
+#line 199
allow adbd vendor_apex_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 195
+#line 199
allow adbd vendor_apex_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 195
+#line 199
# Allow adb pull of updated apex files in /data/apex/active.
@@ -18173,6 +18251,9 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# allow adbd to check if an app is frozen
+allow adbd cgroup_v2:file read;
#line 1 "system/sepolicy/private/adbd_common.te"
### ADB daemon common rules.
### Put things here that are needed for both adbd proper and adbd in trade-in mode.
@@ -18913,6 +18994,8 @@
#line 5
-isolated_app_all
#line 5
+ -network_stack
+#line 5
-platform_app
#line 5
-priv_app
@@ -18935,6 +19018,8 @@
#line 5
-isolated_app_all
#line 5
+ -network_stack
+#line 5
-platform_app
#line 5
-priv_app
@@ -18948,115 +19033,115 @@
-untrusted_app_all
#line 5
} proc_net_type:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 15
+#line 16
# audit access for all these non-core app domains.
-#line 30
+#line 32
# Allow apps to read the Test Harness Mode property. This property is used in
# the implementation of ActivityManager.isDeviceInTestHarnessMode()
-#line 34
+#line 36
allow appdomain test_harness_prop:file { getattr open read map };
-#line 34
-
-
-
#line 36
+
+
+
+#line 38
allow appdomain boot_status_prop:file { getattr open read map };
-#line 36
+#line 38
-#line 37
+#line 39
allow appdomain dalvik_config_prop_type:file { getattr open read map };
-#line 37
+#line 39
-#line 38
+#line 40
allow appdomain media_config_prop:file { getattr open read map };
-#line 38
+#line 40
-#line 39
+#line 41
allow appdomain packagemanager_config_prop:file { getattr open read map };
-#line 39
+#line 41
-#line 40
+#line 42
allow appdomain radio_control_prop:file { getattr open read map };
-#line 40
+#line 42
-#line 41
+#line 43
allow appdomain surfaceflinger_color_prop:file { getattr open read map };
-#line 41
+#line 43
-#line 42
+#line 44
allow appdomain systemsound_config_prop:file { getattr open read map };
-#line 42
+#line 44
-#line 43
+#line 45
allow appdomain telephony_config_prop:file { getattr open read map };
-#line 43
+#line 45
-#line 44
+#line 46
allow appdomain userspace_reboot_config_prop:file { getattr open read map };
-#line 44
+#line 46
-#line 45
+#line 47
allow appdomain vold_config_prop:file { getattr open read map };
-#line 45
+#line 47
-#line 46
+#line 48
allow appdomain adbd_config_prop:file { getattr open read map };
-#line 46
+#line 48
-#line 47
+#line 49
allow appdomain dck_prop:file { getattr open read map };
-#line 47
+#line 49
-#line 48
+#line 50
allow appdomain persist_wm_debug_prop:file { getattr open read map };
-#line 48
+#line 50
-#line 49
+#line 51
allow appdomain persist_sysui_builder_extras_prop:file { getattr open read map };
-#line 49
+#line 51
-#line 50
+#line 52
allow appdomain persist_sysui_ranking_update_prop:file { getattr open read map };
-#line 50
+#line 52
# Allow the heap dump ART plugin to the count of sessions waiting for OOME
-#line 53
+#line 55
allow appdomain traced_oome_heap_session_count_prop:file { getattr open read map };
-#line 53
+#line 55
# Allow to read ro.vendor.camera.extensions.enabled
-#line 56
+#line 58
allow appdomain camera2_extensions_prop:file { getattr open read map };
-#line 56
+#line 58
# Allow to ro.camerax.extensions.enabled
-#line 59
+#line 61
allow appdomain camerax_extensions_prop:file { getattr open read map };
-#line 59
+#line 61
# Prevent apps from causing presubmit failures.
@@ -19087,30 +19172,30 @@
# Allow to read sendbug.preferred.domain
-#line 88
+#line 90
allow appdomain sendbug_config_prop:file { getattr open read map };
-#line 88
+#line 90
# Allow to read graphics related properties.
-#line 91
+#line 93
allow appdomain graphics_config_prop:file { getattr open read map };
-#line 91
+#line 93
# Allow to read persist.config.calibration_fac
-#line 94
+#line 96
allow appdomain camera_calibration_prop:file { getattr open read map };
-#line 94
+#line 96
# Allow to read db.log.detailed, db.log.slow_query_threshold*
-#line 97
+#line 99
allow appdomain sqlite_log_prop:file { getattr open read map };
-#line 97
+#line 99
# Allow to read system_user_mode_emulation_prop, which is used by UserManager.java
@@ -19138,55 +19223,55 @@
# Allow apps access to /vendor/app except for privileged
# apps which cannot be in /vendor.
-#line 123
+#line 125
allow { appdomain -ephemeral_app -sdk_sandbox_all } vendor_app_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 123
+#line 125
allow { appdomain -ephemeral_app -sdk_sandbox_all } vendor_app_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 123
+#line 125
allow { appdomain -ephemeral_app -sdk_sandbox_all } vendor_app_file:file execute;
# Allow apps to read microdroid related files in vendor partition for CTS purpose.
-#line 127
+#line 129
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } vendor_microdroid_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 127
+#line 129
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } vendor_microdroid_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 127
+#line 129
# Perform binder IPC to sdk sandbox.
-#line 130
+#line 132
# Call the server domain and optionally transfer references to it.
-#line 130
+#line 132
allow appdomain sdk_sandbox_all:binder { call transfer };
-#line 130
+#line 132
# Allow the serverdomain to transfer references to the client on the reply.
-#line 130
+#line 132
allow sdk_sandbox_all appdomain:binder transfer;
-#line 130
+#line 132
# Receive and use open files from the server.
-#line 130
+#line 132
allow appdomain sdk_sandbox_all:fd use;
-#line 130
+#line 132
# Allow apps to communicate via binder with virtual camera service.
-#line 133
+#line 135
# Call the server domain and optionally transfer references to it.
-#line 133
+#line 135
allow appdomain virtual_camera:binder { call transfer };
-#line 133
+#line 135
# Allow the serverdomain to transfer references to the client on the reply.
-#line 133
+#line 135
allow virtual_camera appdomain:binder transfer;
-#line 133
+#line 135
# Receive and use open files from the server.
-#line 133
+#line 135
allow appdomain virtual_camera:fd use;
-#line 133
+#line 135
# Allow access to external storage; we have several visible mount points under /storage
@@ -19214,19 +19299,19 @@
#logd access
-#line 159
+#line 161
# Group AID_LOG checked by filesystem & logd
-#line 159
+#line 161
# to permit control commands
-#line 159
+#line 161
-#line 159
+#line 161
allow { appdomain -ephemeral_app -sdk_sandbox_all } logd_socket:sock_file write;
-#line 159
+#line 161
allow { appdomain -ephemeral_app -sdk_sandbox_all } logd:unix_stream_socket connectto;
-#line 159
+#line 161
-#line 159
+#line 161
# application inherit logd write socket (urge is to deprecate this long term)
@@ -19235,275 +19320,275 @@
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } keystore_maintenance_service:service_manager find;
-#line 166
+#line 168
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } apc_service:service_manager find;
-#line 166
+#line 168
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } keystore_service:service_manager find;
-#line 166
+#line 168
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } legacykeystore_service:service_manager find;
-#line 166
+#line 168
-#line 166
+#line 168
# Call the server domain and optionally transfer references to it.
-#line 166
+#line 168
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } keystore:binder { call transfer };
-#line 166
+#line 168
# Allow the serverdomain to transfer references to the client on the reply.
-#line 166
+#line 168
allow keystore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:binder transfer;
-#line 166
+#line 168
# Receive and use open files from the server.
-#line 166
+#line 168
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } keystore:fd use;
-#line 166
+#line 168
-#line 166
+#line 168
-#line 166
+#line 168
# Call the server domain and optionally transfer references to it.
-#line 166
+#line 168
allow keystore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:binder { call transfer };
-#line 166
+#line 168
# Allow the serverdomain to transfer references to the client on the reply.
-#line 166
+#line 168
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } keystore:binder transfer;
-#line 166
+#line 168
# Receive and use open files from the server.
-#line 166
+#line 168
allow keystore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 166
-
-#line 166
-
-
+#line 168
#line 168
+
+
+
+#line 170
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } credstore_service:service_manager find;
-#line 168
+#line 170
-#line 168
+#line 170
# Call the server domain and optionally transfer references to it.
-#line 168
+#line 170
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } credstore:binder { call transfer };
-#line 168
+#line 170
# Allow the serverdomain to transfer references to the client on the reply.
-#line 168
+#line 170
allow credstore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:binder transfer;
-#line 168
+#line 170
# Receive and use open files from the server.
-#line 168
+#line 170
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } credstore:fd use;
-#line 168
+#line 170
-#line 168
+#line 170
-#line 168
+#line 170
# Call the server domain and optionally transfer references to it.
-#line 168
+#line 170
allow credstore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:binder { call transfer };
-#line 168
+#line 170
# Allow the serverdomain to transfer references to the client on the reply.
-#line 168
+#line 170
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } credstore:binder transfer;
-#line 168
+#line 170
# Receive and use open files from the server.
-#line 168
+#line 170
allow credstore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 168
+#line 170
-#line 168
+#line 170
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } persistent_data_block_service:service_manager find;
# For app fuse.
-#line 173
+#line 175
-#line 173
+#line 175
# Allow client to open the service endpoint file.
-#line 173
+#line 175
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_client_endpoint_dir_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 173
+#line 175
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_client_endpoint_socket_type:sock_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 173
+#line 175
# Allow the client to connect to endpoint socket.
-#line 173
+#line 175
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_client_endpoint_socket_type:unix_stream_socket { connectto read write shutdown };
-#line 173
+#line 175
-#line 173
+#line 175
-#line 173
+#line 175
# Allow the client to use the PDX channel socket.
-#line 173
+#line 175
# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
-#line 173
+#line 175
# than we need (e.g. we don"t need "bind" or "connect").
-#line 173
+#line 175
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_client_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown };
-#line 173
+#line 175
# Client needs to use an channel event fd from the server.
-#line 173
+#line 175
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_client_server_type:fd use;
-#line 173
+#line 175
# Servers may receive sync fences, gralloc buffers, etc, from clients.
-#line 173
+#line 175
# This could be tightened on a per-server basis, but keeping track of service
-#line 173
+#line 175
# clients is error prone.
-#line 173
+#line 175
allow pdx_display_client_server_type { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 173
+#line 175
-#line 173
+#line 175
-#line 174
+#line 176
-#line 174
+#line 176
# Allow client to open the service endpoint file.
-#line 174
+#line 176
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_manager_endpoint_dir_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 174
+#line 176
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_manager_endpoint_socket_type:sock_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 174
+#line 176
# Allow the client to connect to endpoint socket.
-#line 174
+#line 176
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_manager_endpoint_socket_type:unix_stream_socket { connectto read write shutdown };
-#line 174
+#line 176
-#line 174
+#line 176
-#line 174
+#line 176
# Allow the client to use the PDX channel socket.
-#line 174
+#line 176
# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
-#line 174
+#line 176
# than we need (e.g. we don"t need "bind" or "connect").
-#line 174
+#line 176
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_manager_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown };
-#line 174
+#line 176
# Client needs to use an channel event fd from the server.
-#line 174
+#line 176
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_manager_server_type:fd use;
-#line 174
+#line 176
# Servers may receive sync fences, gralloc buffers, etc, from clients.
-#line 174
+#line 176
# This could be tightened on a per-server basis, but keeping track of service
-#line 174
+#line 176
# clients is error prone.
-#line 174
+#line 176
allow pdx_display_manager_server_type { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 174
+#line 176
-#line 174
+#line 176
-#line 175
+#line 177
-#line 175
+#line 177
# Allow client to open the service endpoint file.
-#line 175
+#line 177
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_vsync_endpoint_dir_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 175
+#line 177
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_vsync_endpoint_socket_type:sock_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 175
+#line 177
# Allow the client to connect to endpoint socket.
-#line 175
+#line 177
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_vsync_endpoint_socket_type:unix_stream_socket { connectto read write shutdown };
-#line 175
+#line 177
-#line 175
+#line 177
-#line 175
+#line 177
# Allow the client to use the PDX channel socket.
-#line 175
+#line 177
# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
-#line 175
+#line 177
# than we need (e.g. we don"t need "bind" or "connect").
-#line 175
+#line 177
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_vsync_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown };
-#line 175
+#line 177
# Client needs to use an channel event fd from the server.
-#line 175
+#line 177
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_display_vsync_server_type:fd use;
-#line 175
+#line 177
# Servers may receive sync fences, gralloc buffers, etc, from clients.
-#line 175
+#line 177
# This could be tightened on a per-server basis, but keeping track of service
-#line 175
+#line 177
# clients is error prone.
-#line 175
+#line 177
allow pdx_display_vsync_server_type { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 175
+#line 177
-#line 175
+#line 177
-#line 176
+#line 178
-#line 176
+#line 178
# Allow client to open the service endpoint file.
-#line 176
+#line 178
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_performance_client_endpoint_dir_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 176
+#line 178
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_performance_client_endpoint_socket_type:sock_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 176
+#line 178
# Allow the client to connect to endpoint socket.
-#line 176
+#line 178
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_performance_client_endpoint_socket_type:unix_stream_socket { connectto read write shutdown };
-#line 176
+#line 178
-#line 176
+#line 178
-#line 176
+#line 178
# Allow the client to use the PDX channel socket.
-#line 176
+#line 178
# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
-#line 176
+#line 178
# than we need (e.g. we don"t need "bind" or "connect").
-#line 176
+#line 178
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_performance_client_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown };
-#line 176
+#line 178
# Client needs to use an channel event fd from the server.
-#line 176
+#line 178
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_performance_client_server_type:fd use;
-#line 176
+#line 178
# Servers may receive sync fences, gralloc buffers, etc, from clients.
-#line 176
+#line 178
# This could be tightened on a per-server basis, but keeping track of service
-#line 176
+#line 178
# clients is error prone.
-#line 176
+#line 178
allow pdx_performance_client_server_type { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 176
+#line 178
-#line 176
+#line 178
# Apps do not directly open the IPC socket for bufferhubd.
-#line 178
+#line 180
# Allow the client to use the PDX channel socket.
-#line 178
+#line 180
# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
-#line 178
+#line 180
# than we need (e.g. we don"t need "bind" or "connect").
-#line 178
+#line 180
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_bufferhub_client_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown };
-#line 178
+#line 180
# Client needs to use an channel event fd from the server.
-#line 178
+#line 180
allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } pdx_bufferhub_client_server_type:fd use;
-#line 178
+#line 180
# Servers may receive sync fences, gralloc buffers, etc, from clients.
-#line 178
+#line 180
# This could be tightened on a per-server basis, but keeping track of service
-#line 178
+#line 180
# clients is error prone.
-#line 178
+#line 180
allow pdx_bufferhub_client_server_type { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:fd use;
-#line 178
+#line 180
# Apps receive an open tun fd from the framework for
@@ -19544,7 +19629,7 @@
# Notify zygote of the wrapped process PID when using --invoke-with.
allow appdomain zygote:fifo_file write;
-#line 222
+#line 224
# Notify shell and adbd of death when spawned via runas for ndk-gdb.
@@ -19581,7 +19666,7 @@
}:file { create rename setattr unlink { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } } };
-#line 263
+#line 265
allowxperm { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } {
@@ -19606,22 +19691,22 @@
# Keychain and user-trusted credentials
-#line 286
+#line 288
allow appdomain keychain_data_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 286
+#line 288
allow appdomain keychain_data_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 286
+#line 288
allow appdomain misc_user_data_file:dir { open getattr read search ioctl lock watch watch_reads };
allow appdomain misc_user_data_file:file { getattr open read ioctl lock map watch watch_reads };
# TextClassifier
-#line 291
+#line 293
allow { appdomain -isolated_app_all } textclassifier_data_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 291
+#line 293
allow { appdomain -isolated_app_all } textclassifier_data_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 291
+#line 293
# Access to OEM provided data and apps
@@ -19635,44 +19720,44 @@
allow appdomain system_file:lnk_file { getattr open read };
# Renderscript specific permissions to open /system/vendor/lib64.
-#line 303
+#line 305
allow appdomain vendor_file_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 303
+#line 305
allow appdomain vendor_file_type:lnk_file { getattr open read };
-#line 306
+#line 308
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 308
+#line 310
-#line 308
+#line 310
# For looking up Renderscript vendor drivers
-#line 308
+#line 310
allow { appdomain -isolated_app_all } vendor_file:dir { open read };
-#line 308
+#line 310
-#line 308
+#line 310
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 311
+#line 313
# Allow apps access to /vendor/overlay
-#line 314
+#line 316
allow appdomain vendor_overlay_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 314
+#line 316
allow appdomain vendor_overlay_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 314
+#line 316
# Allow apps access to /vendor/framework
# for vendor provided libraries.
-#line 318
+#line 320
allow appdomain vendor_framework_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 318
+#line 320
allow appdomain vendor_framework_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 318
+#line 320
# Allow apps read / execute access to vendor public libraries.
@@ -19708,11 +19793,11 @@
# additional permissions to dumpstate pipes for other aspects of bug report
# creation).
-#line 352
+#line 354
allow appdomain tombstoned_java_trace_socket:sock_file write;
-#line 352
+#line 354
allow appdomain tombstoned:unix_stream_socket connectto;
-#line 352
+#line 354
allow appdomain tombstoned:fd use;
allow appdomain dumpstate:fifo_file append;
@@ -19730,11 +19815,11 @@
# Allow apps to send information to statsd socket.
-#line 368
+#line 370
allow appdomain statsdw_socket:sock_file write;
-#line 368
+#line 370
allow appdomain statsd:unix_dgram_socket sendto;
-#line 368
+#line 370
# Write profiles /data/misc/profiles
@@ -19747,36 +19832,36 @@
# The perfetto profiling daemon will check for the specific application's
# opt-in/opt-out.
-#line 379
+#line 381
allow appdomain traced:fd use;
-#line 379
+#line 381
allow appdomain traced_tmpfs:file { read write getattr map };
-#line 379
+#line 381
-#line 379
+#line 381
allow appdomain traced_producer_socket:sock_file write;
-#line 379
+#line 381
allow appdomain traced:unix_stream_socket connectto;
-#line 379
+#line 381
-#line 379
+#line 381
-#line 379
+#line 381
# Also allow the service to use the producer file descriptors. This is
-#line 379
+#line 381
# necessary when the producer is creating the shared memory, as it will be
-#line 379
+#line 381
# passed to the service as a file descriptor (obtained from memfd_create).
-#line 379
+#line 381
allow traced appdomain:fd use;
-#line 379
+#line 381
# Send heap dumps to system_server via an already open file descriptor
# % adb shell am set-watch-heap com.android.systemui 1048576
# % adb shell dumpsys procstats --start-testing
# debuggable builds only.
-#line 387
+#line 389
# Grant GPU access to all processes started by Zygote.
@@ -19788,83 +19873,83 @@
# Use the Binder.
-#line 397
+#line 399
# Call the servicemanager and transfer references to it.
-#line 397
+#line 399
allow appdomain servicemanager:binder { call transfer };
-#line 397
+#line 399
# Allow servicemanager to send out callbacks
-#line 397
+#line 399
allow servicemanager appdomain:binder { call transfer };
-#line 397
+#line 399
# rw access to /dev/binder and /dev/ashmem is presently granted to
-#line 397
+#line 399
# all domains in domain.te.
-#line 397
+#line 399
# Perform binder IPC to binder services.
-#line 399
+#line 401
# Call the server domain and optionally transfer references to it.
-#line 399
+#line 401
allow appdomain binderservicedomain:binder { call transfer };
-#line 399
+#line 401
# Allow the serverdomain to transfer references to the client on the reply.
-#line 399
+#line 401
allow binderservicedomain appdomain:binder transfer;
-#line 399
+#line 401
# Receive and use open files from the server.
-#line 399
+#line 401
allow appdomain binderservicedomain:fd use;
-#line 399
+#line 401
# Perform binder IPC to other apps.
-#line 401
+#line 403
# Call the server domain and optionally transfer references to it.
-#line 401
+#line 403
allow appdomain appdomain:binder { call transfer };
-#line 401
+#line 403
# Allow the serverdomain to transfer references to the client on the reply.
-#line 401
+#line 403
allow appdomain appdomain:binder transfer;
-#line 401
+#line 403
# Receive and use open files from the server.
-#line 401
+#line 403
allow appdomain appdomain:fd use;
-#line 401
+#line 403
# Perform binder IPC to ephemeral apps.
-#line 403
+#line 405
# Call the server domain and optionally transfer references to it.
-#line 403
+#line 405
allow appdomain ephemeral_app:binder { call transfer };
-#line 403
+#line 405
# Allow the serverdomain to transfer references to the client on the reply.
-#line 403
+#line 405
allow ephemeral_app appdomain:binder transfer;
-#line 403
+#line 405
# Receive and use open files from the server.
-#line 403
+#line 405
allow appdomain ephemeral_app:fd use;
-#line 403
+#line 405
# Perform binder IPC to gpuservice.
-#line 405
+#line 407
# Call the server domain and optionally transfer references to it.
-#line 405
+#line 407
allow { appdomain -isolated_app_all } gpuservice:binder { call transfer };
-#line 405
+#line 407
# Allow the serverdomain to transfer references to the client on the reply.
-#line 405
+#line 407
allow gpuservice { appdomain -isolated_app_all }:binder transfer;
-#line 405
+#line 407
# Receive and use open files from the server.
-#line 405
+#line 407
allow { appdomain -isolated_app_all } gpuservice:fd use;
-#line 405
+#line 407
# Talk with graphics composer fences
@@ -19909,17 +19994,17 @@
# logd access
-#line 448
+#line 450
allow appdomain logcat_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 448
+#line 450
-#line 448
+#line 450
allow appdomain logdr_socket:sock_file write;
-#line 448
+#line 450
allow appdomain logd:unix_stream_socket connectto;
-#line 448
+#line 450
-#line 448
+#line 450
allow appdomain zygote:unix_dgram_socket write;
@@ -19929,31 +20014,31 @@
# only allow unprivileged socket ioctl commands
allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
ioctl {
-#line 456
+#line 458
{
-#line 456
+#line 458
# Socket ioctls for gathering information about the interface
-#line 456
+#line 458
0x00008906 0x00008907
-#line 456
+#line 458
0x00008910 0x00008912 0x00008913 0x00008915 0x00008917 0x00008919
-#line 456
+#line 458
0x0000891b 0x00008921 0x00008933 0x00008938 0x00008942
-#line 456
+#line 458
# Wireless extension ioctls. Primarily get functions.
-#line 456
+#line 458
0x00008b01 0x00008b05 0x00008b07 0x00008b09 0x00008b0b 0x00008b0d
-#line 456
+#line 458
0x00008b0f 0x00008b11 0x00008b12 0x00008b13 0x00008b21 0x00008b23
-#line 456
+#line 458
0x00008b25 0x00008b27 0x00008b29 0x00008b2d
-#line 456
+#line 458
} {
-#line 456
+#line 458
0x00005411 0x00005451 0x00005450 0x00005401 0x00005402 0x00005403 0x00005404 0x00005413 0x00005414
-#line 456
+#line 458
0x0000540e 0x0000540b 0x00005410 0x0000540f
-#line 456
+#line 458
} };
allow { appdomain -isolated_app_all } ion_device:chr_file { getattr open read ioctl lock map watch watch_reads };
@@ -19992,9 +20077,9 @@
# Others are either allowed elsewhere or not desired.
-#line 493
+#line 495
allow appdomain high_barometer_quality_prop:file { getattr open read map };
-#line 493
+#line 495
# Connect to adbd and use a socket transferred from it.
@@ -20196,44 +20281,44 @@
# allow system_app to access Nfc-related system properties.
-#line 693
+#line 695
-#line 693
+#line 695
allow system_app property_socket:sock_file write;
-#line 693
+#line 695
allow system_app init:unix_stream_socket connectto;
-#line 693
+#line 695
-#line 693
+#line 695
allow system_app nfc_prop:property_service set;
-#line 693
+#line 695
-#line 693
+#line 695
allow system_app nfc_prop:file { getattr open read map };
-#line 693
+#line 695
-#line 693
+#line 695
# allow system_app to access radio_config system properties.
-#line 696
+#line 698
-#line 696
+#line 698
allow system_app property_socket:sock_file write;
-#line 696
+#line 698
allow system_app init:unix_stream_socket connectto;
-#line 696
+#line 698
-#line 696
+#line 698
allow system_app radio_control_prop:property_service set;
-#line 696
+#line 698
-#line 696
+#line 698
allow system_app radio_control_prop:file { getattr open read map };
-#line 696
+#line 698
-#line 696
+#line 698
# Apps cannot access proc_uid_time_in_state
@@ -20341,7 +20426,7 @@
neverallow appdomain system_font_fallback_file:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
neverallow { appdomain -shell } tombstone_data_file:file ~{ getattr read };
-#line 812
+#line 814
#line 1 "system/sepolicy/private/app_neverallows.te"
###
@@ -25573,7 +25658,7 @@
neverallow { domain -bpfloader } fs_bpf_loader:bpf *;
neverallow { domain -bpfloader } fs_bpf_loader:file *;
-neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
+neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
neverallow { coredomain -bpfloader -netd -netutils_wrapper } fs_bpf_vendor:file *;
@@ -27209,383 +27294,391 @@
#line 51
-traced_perf
#line 51
+
+#line 51
} vendor_app_file:dir { open read getattr search };
#line 51
#line 51
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 67
+#line 68
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 69
+#line 70
-#line 69
+#line 70
neverallow {
-#line 69
+#line 70
coredomain
-#line 69
+#line 70
-appdomain
-#line 69
+#line 70
-artd
-#line 69
+#line 70
-dex2oat
-#line 69
+#line 70
-idmap
-#line 69
+#line 70
-init
-#line 69
+#line 70
-installd
-#line 69
+#line 70
-heapprofd
-#line 69
+#line 70
-#line 69
+#line 70
-postinstall_dexopt
-#line 69
+#line 70
-profman
-#line 69
+#line 70
-rs # spawned by appdomain, so carryover the exception above
-#line 69
+#line 70
-#line 69
+#line 70
-system_server
-#line 69
+#line 70
-traced_perf
-#line 69
+#line 70
-mediaserver
-#line 69
+#line 70
+
+#line 70
} vendor_app_file:file { getattr open read ioctl lock map watch watch_reads };
-#line 69
+#line 70
-#line 69
+#line 70
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 88
+#line 90
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 90
+#line 92
-#line 90
+#line 92
# Limit access to /vendor/overlay
-#line 90
+#line 92
neverallow {
-#line 90
+#line 92
coredomain
-#line 90
+#line 92
-appdomain
-#line 90
+#line 92
-artd
-#line 90
+#line 92
-dex2oat
-#line 90
+#line 92
-idmap
-#line 90
+#line 92
-init
-#line 90
+#line 92
-installd
-#line 90
+#line 92
-postinstall_dexopt
-#line 90
+#line 92
-rs # spawned by appdomain, so carryover the exception above
-#line 90
+#line 92
-system_server
-#line 90
+#line 92
-traced_perf
-#line 90
+#line 92
-app_zygote
-#line 90
+#line 92
-webview_zygote
-#line 90
+#line 92
-zygote
-#line 90
+#line 92
-heapprofd
-#line 90
+#line 92
+
+#line 92
} vendor_overlay_file:dir { getattr open read search };
-#line 90
+#line 92
-#line 90
+#line 92
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 109
+#line 112
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 111
+#line 114
-#line 111
+#line 114
neverallow {
-#line 111
+#line 114
coredomain
-#line 111
+#line 114
-appdomain
-#line 111
+#line 114
-artd
-#line 111
+#line 114
-dex2oat
-#line 111
+#line 114
-idmap
-#line 111
+#line 114
-init
-#line 111
+#line 114
-installd
-#line 111
+#line 114
-postinstall_dexopt
-#line 111
+#line 114
-rs # spawned by appdomain, so carryover the exception above
-#line 111
+#line 114
-system_server
-#line 111
+#line 114
-traced_perf
-#line 111
+#line 114
-app_zygote
-#line 111
+#line 114
-webview_zygote
-#line 111
+#line 114
-zygote
-#line 111
+#line 114
-heapprofd
-#line 111
+#line 114
-#line 111
+#line 114
-#line 111
+#line 114
+
+#line 114
} vendor_overlay_file:file open;
-#line 111
+#line 114
-#line 111
+#line 114
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 131
+#line 135
# Core domains are not permitted to use kernel interfaces which are not
# explicitly labeled.
# TODO(b/65643247): Apply these neverallow rules to all coredomain.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 136
+#line 140
-#line 136
+#line 140
# /proc
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-init
-#line 136
+#line 140
-vold
-#line 136
+#line 140
} proc:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# /sys
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-apexd
-#line 136
+#line 140
-init
-#line 136
+#line 140
-ueventd
-#line 136
+#line 140
-vfio_handler
-#line 136
+#line 140
-vold
-#line 136
+#line 140
} sysfs:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# /dev
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-apexd
-#line 136
+#line 140
-fsck
-#line 136
+#line 140
-init
-#line 136
+#line 140
-ueventd
-#line 136
+#line 140
} device:{ blk_file file } { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# debugfs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-#line 136
+#line 140
-dumpstate
-#line 136
+#line 140
-init
-#line 136
+#line 140
-system_server
-#line 136
+#line 140
-#line 136
+#line 140
} debugfs:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# tracefs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-atrace
-#line 136
+#line 140
-dumpstate
-#line 136
+#line 140
-gpuservice
-#line 136
+#line 140
-init
-#line 136
+#line 140
-lmkd
-#line 136
+#line 140
-traced_perf
-#line 136
+#line 140
-traced_probes
-#line 136
+#line 140
-shell
-#line 136
+#line 140
-system_server
-#line 136
+#line 140
-traceur_app
-#line 136
+#line 140
-prefetch
-#line 136
+#line 140
-#line 136
+#line 140
-#line 136
+#line 140
} debugfs_tracing:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# inotifyfs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-init
-#line 136
+#line 140
} inotify:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# pstorefs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-bootstat
-#line 136
+#line 140
-charger
-#line 136
+#line 140
-dumpstate
-#line 136
+#line 140
-#line 136
+#line 140
-init
-#line 136
+#line 140
-logd
-#line 136
+#line 140
-logpersist
-#line 136
+#line 140
-recovery_persist
-#line 136
+#line 140
-recovery_refresh
-#line 136
+#line 140
-shell
-#line 136
+#line 140
-system_server
-#line 136
+#line 140
} pstorefs:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# configfs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-init
-#line 136
+#line 140
-system_server
-#line 136
+#line 140
} configfs:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# functionfs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-adbd
-#line 136
+#line 140
-adbd_tradeinmode
-#line 136
+#line 140
-init
-#line 136
+#line 140
-mediaprovider
-#line 136
+#line 140
-system_server
-#line 136
+#line 140
} functionfs:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# usbfs and binfmt_miscfs
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-init
-#line 136
+#line 140
}{ usbfs binfmt_miscfs }:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# dmabuf heaps
-#line 136
+#line 140
neverallow {
-#line 136
+#line 140
coredomain
-#line 136
+#line 140
-init
-#line 136
+#line 140
-ueventd
-#line 136
+#line 140
}{
-#line 136
+#line 140
dmabuf_heap_device_type
-#line 136
+#line 140
-dmabuf_system_heap_device
-#line 136
+#line 140
-dmabuf_system_secure_heap_device
-#line 136
+#line 140
}:chr_file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 136
+#line 140
-#line 136
+#line 140
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 246
+#line 250
# Following /dev nodes must not be directly accessed by coredomain, but should
@@ -27598,15 +27691,15 @@
# TODO(b/120243891): HAL permission to tee_device is included into coredomain
# on non-Treble devices.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 257
+#line 261
-#line 257
+#line 261
neverallow coredomain tee_device:chr_file { open read append write ioctl };
-#line 257
+#line 261
-#line 257
+#line 261
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 259
+#line 263
#line 1 "system/sepolicy/private/cppreopts.te"
# cppreopts
@@ -27874,7 +27967,10 @@
# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
# Do not allow the execution of crash_dump without a domain transition.
-neverallow domain crash_dump_exec:file execute_no_trans;
+neverallow {
+ domain
+
+} crash_dump_exec:file execute_no_trans;
# sigchld not explicitly forbidden since it's part of the
# domain-transition-on-exec macros, and is by itself not sensitive
@@ -28408,6 +28504,7 @@
-crosvm
-virtualizationmanager
-vmlauncher_app
+
-early_virtmgr
} crosvm_exec:file { execute execute_no_trans };
@@ -31065,11 +31162,6 @@
# TODO(384942085): Reduce the scope.
allow domain kernel:key search;
-# For testing purposes, allow access to keys installed with su.
-# TODO(277916185): Remove since this shouldn't be needed anymore.
-#line 539
-
-
# Allow access to linkerconfig file
allow domain linkerconfig_file:dir search;
allow domain linkerconfig_file:file { getattr open read ioctl lock map watch watch_reads };
@@ -31080,18 +31172,18 @@
# Allow all processes to read the file_logger property that liblog uses to check if file_logger
# should be used.
-#line 550
+#line 544
allow domain log_file_logger_prop:file { getattr open read map };
-#line 550
+#line 544
# Allow all processes to connect to PRNG seeder daemon.
-#line 553
+#line 547
allow domain prng_seeder_socket:sock_file write;
-#line 553
+#line 547
allow domain prng_seeder:unix_stream_socket connectto;
-#line 553
+#line 547
# Allow calls to system(3), popen(3), ...
@@ -31128,29 +31220,34 @@
# code-generated APIs, but since the libraries are executed in the context of the caller,
# all processes need access to the underlying files.
-#line 588
+#line 582
-#line 588
+#line 582
allow domain aconfig_storage_metadata_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 588
+#line 582
allow domain aconfig_storage_metadata_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 588
+#line 582
;
-#line 590
+#line 584
-#line 592
+#line 586
allow { coredomain appdomain } system_aconfig_storage_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 592
+#line 586
allow { coredomain appdomain } system_aconfig_storage_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 592
+#line 586
;
# processes needs to access storage file stored at /metadata/aconfig/boot, require search
# permission on /metadata dir
allow domain metadata_file:dir search;
+# overlayfs performs all file operations as the mounter, being overlay_remounter.
+# It thus opens files as overlay_remounter, and then uses those files in the context of
+# the caller, which is anyone accessing a file on a overlaid read-only partition
+;
+
###
### neverallow rules
###
@@ -31261,7 +31358,7 @@
# Do not allow renaming of block files or character files
# Ability to do so can lead to possible use in an exploit chain
# e.g. https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html
-neverallow * *:{ blk_file chr_file } rename;
+neverallow { domain } *:{ blk_file chr_file } rename;
# Don't allow raw read/write/open access to generic devices.
# Rather force a relabel to a more specific type.
@@ -31296,16 +31393,21 @@
domain
+
+
} {
system_file_type
vendor_file_type
exec_type
}:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { create write setattr relabelfrom append unlink link rename };
-neverallow { domain -kernel } { system_file_type vendor_file_type exec_type }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } relabelto;
+neverallow { domain -kernel } { system_file_type vendor_file_type exec_type }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } relabelto;
# Don't allow mounting on top of /system files or directories
-neverallow * exec_type:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } mounton;
+neverallow {
+ domain
+
+} exec_type:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } mounton;
# Nothing should be writing to files in the rootfs.
neverallow * rootfs:file { create write setattr relabelto append unlink link rename };
@@ -31317,9 +31419,9 @@
# Ensure that context mount types are not writable, to ensure that
# the write to /system restriction above is not bypassed via context=
# mount to another type.
-neverallow * contextmount_type:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } }
+neverallow { domain } contextmount_type:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } }
{ create setattr relabelfrom relabelto append link rename };
-neverallow { domain } contextmount_type:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { write unlink };
+neverallow { domain } contextmount_type:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { write unlink };
# Do not allow service_manager add for default service labels.
# Instead domains should use a more specific type such as
@@ -31345,39 +31447,39 @@
neverallow { domain -init -vendor_init } vndk_prop:property_service set;
# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 791
+#line 795
-#line 791
+#line 795
neverallow { domain -init } mmc_prop:property_service set;
-#line 791
+#line 795
neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
-#line 791
+#line 795
neverallow { domain -init } exported_secure_prop:property_service set;
-#line 791
+#line 795
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
-#line 791
+#line 795
neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
-#line 791
+#line 795
neverallow { domain -init -vendor_init } hw_timeout_multiplier_prop:property_service set;
-#line 791
+#line 795
-#line 791
+#line 795
# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 798
+#line 802
# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 800
+#line 804
-#line 800
+#line 804
neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set;
-#line 800
+#line 804
neverallow { domain -coredomain -vendor_init } exported_pm_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 800
+#line 804
-#line 800
+#line 804
# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 803
+#line 807
# New "pm.dexopt." sysprops should be explicitly listed as exported_pm_prop.
@@ -31458,151 +31560,151 @@
neverallow vndservicemanager hwbinder_device:chr_file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 882
+#line 886
-#line 882
+#line 886
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
-#line 882
+#line 886
# services which can change any time framework/core is updated, breakage is likely.
-#line 882
+#line 886
#
-#line 882
+#line 886
# Note, this same logic applies to untrusted apps, but neverallows for these are separate.
-#line 882
+#line 886
neverallow {
-#line 882
+#line 886
appdomain
-#line 882
+#line 886
-coredomain
-#line 882
+#line 886
} {
-#line 882
+#line 886
service_manager_type
-#line 882
+#line 886
-#line 882
+#line 886
-app_api_service
-#line 882
+#line 886
-ephemeral_app_api_service
-#line 882
+#line 886
-#line 882
+#line 886
-hal_service_type # see app_neverallows.te
-#line 882
+#line 886
-#line 882
+#line 886
-apc_service
-#line 882
+#line 886
-audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
-#line 882
+#line 886
-cameraserver_service
-#line 882
+#line 886
-drmserver_service
-#line 882
+#line 886
-credstore_service
-#line 882
+#line 886
-keystore_maintenance_service
-#line 882
+#line 886
-keystore_service
-#line 882
+#line 886
-legacykeystore_service
-#line 882
+#line 886
-mediadrmserver_service
-#line 882
+#line 886
-mediaextractor_service
-#line 882
+#line 886
-mediametrics_service
-#line 882
+#line 886
-mediaserver_service
-#line 882
+#line 886
-nfc_service
-#line 882
+#line 886
-radio_service
-#line 882
+#line 886
-virtual_touchpad_service
-#line 882
+#line 886
-vr_manager_service
-#line 882
+#line 886
-#line 882
+#line 886
}:service_manager find;
-#line 882
+#line 886
-#line 882
+#line 886
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 916
+#line 920
# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 919
+#line 923
-#line 919
+#line 923
neverallow {
-#line 919
+#line 923
coredomain
-#line 919
+#line 923
-shell
-#line 919
+#line 923
-#line 919
+#line 923
-ueventd # uevent is granted create for this device, but we still neverallow I/O below
-#line 919
+#line 923
} vndbinder_device:chr_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 919
+#line 923
-#line 919
+#line 923
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 926
+#line 930
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 927
+#line 931
-#line 927
+#line 931
neverallow ueventd vndbinder_device:chr_file { read write append ioctl };
-#line 927
+#line 931
-#line 927
+#line 931
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 929
+#line 933
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 930
+#line 934
-#line 930
+#line 934
neverallow {
-#line 930
+#line 934
coredomain
-#line 930
+#line 934
-shell
-#line 930
+#line 934
-#line 930
+#line 934
} vndservice_manager_type:service_manager *;
-#line 930
+#line 934
-#line 930
+#line 934
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 936
+#line 940
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 937
+#line 941
-#line 937
+#line 941
neverallow {
-#line 937
+#line 941
coredomain
-#line 937
+#line 941
-shell
-#line 937
+#line 941
-#line 937
+#line 941
} vndservicemanager:binder *;
-#line 937
+#line 941
-#line 937
+#line 941
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 943
+#line 947
# On full TREBLE devices, socket communications between core components and vendor components are
@@ -31615,158 +31717,158 @@
# data with its peer over that socket. The wire format in this scenario is dicatated by the API
# and thus does not break the core-vendor separation.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 954
+#line 958
-#line 954
+#line 958
-#line 954
+#line 958
neverallow {
-#line 954
+#line 958
coredomain
-#line 954
+#line 958
-init
-#line 954
+#line 958
-adbd
-#line 954
+#line 958
} {
-#line 954
+#line 958
domain
-#line 954
+#line 958
-coredomain
-#line 954
+#line 958
-socket_between_core_and_vendor_violators
-#line 954
+#line 958
}:{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket } { connect sendto };
-#line 954
+#line 958
neverallow {
-#line 954
+#line 958
coredomain
-#line 954
+#line 958
-init
-#line 954
+#line 958
-adbd
-#line 954
+#line 958
} {
-#line 954
+#line 958
domain
-#line 954
+#line 958
-coredomain
-#line 954
+#line 958
-socket_between_core_and_vendor_violators
-#line 954
+#line 958
}:unix_stream_socket connectto;
-#line 954
+#line 958
;
-#line 954
+#line 958
-#line 954
+#line 958
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 964
+#line 968
# Vendor domains are not permitted to initiate create/open sockets owned by core domains
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 967
+#line 971
-#line 967
+#line 971
neverallow {
-#line 967
+#line 971
domain
-#line 967
+#line 971
-coredomain
-#line 967
+#line 971
-appdomain # appdomain restrictions below
-#line 967
+#line 971
-data_between_core_and_vendor_violators # b/70393317
-#line 967
+#line 971
-socket_between_core_and_vendor_violators
-#line 967
+#line 971
-vendor_init
-#line 967
+#line 971
} {
-#line 967
+#line 971
coredomain_socket
-#line 967
+#line 971
core_data_file_type
-#line 967
+#line 971
unlabeled # used only by core domains
-#line 967
+#line 971
}:sock_file ~{ append getattr ioctl read write };
-#line 967
+#line 971
-#line 967
+#line 971
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 980
+#line 984
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 981
+#line 985
-#line 981
+#line 985
neverallow {
-#line 981
+#line 985
appdomain
-#line 981
+#line 985
-coredomain
-#line 981
+#line 985
} {
-#line 981
+#line 985
coredomain_socket
-#line 981
+#line 985
unlabeled # used only by core domains
-#line 981
+#line 985
core_data_file_type
-#line 981
+#line 985
-app_data_file
-#line 981
+#line 985
-privapp_data_file
-#line 981
+#line 985
-pdx_endpoint_socket_type # used by VR layer
-#line 981
+#line 985
-pdx_channel_socket_type # used by VR layer
-#line 981
+#line 985
}:sock_file ~{ append getattr ioctl read write };
-#line 981
+#line 985
-#line 981
+#line 985
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 994
+#line 998
# Core domains are not permitted to create/open sockets owned by vendor domains
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 997
+#line 1001
-#line 997
+#line 1001
neverallow {
-#line 997
+#line 1001
coredomain
-#line 997
+#line 1001
-init
-#line 997
+#line 1001
-ueventd
-#line 997
+#line 1001
-socket_between_core_and_vendor_violators
-#line 997
+#line 1001
} {
-#line 997
+#line 1001
file_type
-#line 997
+#line 1001
dev_type
-#line 997
+#line 1001
-coredomain_socket
-#line 997
+#line 1001
-core_data_file_type
-#line 997
+#line 1001
-app_data_file_type
-#line 997
+#line 1001
-unlabeled
-#line 997
+#line 1001
}:sock_file ~{ append getattr ioctl read write };
-#line 997
+#line 1001
-#line 997
+#line 1001
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1011
+#line 1015
# On TREBLE devices, vendor and system components are only allowed to share
@@ -31778,551 +31880,557 @@
# Likewise, core domains may only directly access files outside /data/vendor by
# path and files in /data/vendor by open FD.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1021
+#line 1025
-#line 1021
+#line 1025
# only coredomains may only access core_data_file_type, particularly not
-#line 1021
+#line 1025
# /data/vendor
-#line 1021
+#line 1025
neverallow {
-#line 1021
+#line 1025
coredomain
-#line 1021
+#line 1025
-appdomain # TODO(b/34980020) remove exemption for appdomain
-#line 1021
+#line 1025
-data_between_core_and_vendor_violators
-#line 1021
+#line 1025
-init
-#line 1021
+#line 1025
-vold_prepare_subdirs
-#line 1021
+#line 1025
} {
-#line 1021
+#line 1025
data_file_type
-#line 1021
+#line 1025
-core_data_file_type
-#line 1021
+#line 1025
-app_data_file_type
-#line 1021
+#line 1025
}:{ { chr_file blk_file } { file lnk_file sock_file fifo_file } } ~{ append getattr ioctl read write map };
-#line 1021
+#line 1025
-#line 1021
+#line 1025
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1035
+#line 1039
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1036
+#line 1040
-#line 1036
+#line 1040
neverallow {
-#line 1036
+#line 1040
coredomain
-#line 1036
+#line 1040
-appdomain # TODO(b/34980020) remove exemption for appdomain
-#line 1036
+#line 1040
-data_between_core_and_vendor_violators
-#line 1036
+#line 1040
-init
-#line 1036
+#line 1040
-vold_prepare_subdirs
-#line 1036
+#line 1040
} {
-#line 1036
+#line 1040
data_file_type
-#line 1036
+#line 1040
-core_data_file_type
-#line 1036
+#line 1040
-app_data_file_type
-#line 1036
+#line 1040
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
-#line 1036
+#line 1040
# neverallow. Currently only getattr and search are allowed.
-#line 1036
+#line 1040
-vendor_data_file
-#line 1036
+#line 1040
}:dir *;
-#line 1036
+#line 1040
-#line 1036
+#line 1040
-#line 1036
+#line 1040
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1052
+#line 1056
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1053
+#line 1057
-#line 1053
+#line 1057
# vendor domains may only access files in /data/vendor, never core_data_file_types
-#line 1053
+#line 1057
neverallow {
-#line 1053
+#line 1057
domain
-#line 1053
+#line 1057
-appdomain # TODO(b/34980020) remove exemption for appdomain
-#line 1053
+#line 1057
-coredomain
-#line 1053
+#line 1057
-data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
-#line 1053
+#line 1057
-vendor_init
-#line 1053
+#line 1057
} {
-#line 1053
+#line 1057
core_data_file_type
-#line 1053
+#line 1057
-#line 1053
+#line 1057
}:{ { chr_file blk_file } { file lnk_file sock_file fifo_file } } ~{ append getattr ioctl read write map };
-#line 1053
+#line 1057
neverallow {
-#line 1053
+#line 1057
vendor_init
-#line 1053
+#line 1057
-data_between_core_and_vendor_violators
-#line 1053
+#line 1057
} {
-#line 1053
+#line 1057
core_data_file_type
-#line 1053
+#line 1057
-unencrypted_data_file
-#line 1053
+#line 1057
-#line 1053
+#line 1057
}:{ { chr_file blk_file } { file lnk_file sock_file fifo_file } } ~{ append getattr ioctl read write map };
-#line 1053
+#line 1057
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
-#line 1053
+#line 1057
# The vendor init binary lives on the system partition so there is not a concern with stability.
-#line 1053
+#line 1057
neverallow vendor_init unencrypted_data_file:file ~{ getattr open read ioctl lock map watch watch_reads };
-#line 1053
+#line 1057
-#line 1053
+#line 1057
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1076
+#line 1080
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1077
+#line 1081
-#line 1077
+#line 1081
# vendor domains may only access dirs in /data/vendor, never core_data_file_types
-#line 1077
+#line 1081
neverallow {
-#line 1077
+#line 1081
domain
-#line 1077
+#line 1081
-appdomain # TODO(b/34980020) remove exemption for appdomain
-#line 1077
+#line 1081
-coredomain
-#line 1077
+#line 1081
-data_between_core_and_vendor_violators
-#line 1077
+#line 1081
-vendor_init
-#line 1077
+#line 1081
} {
-#line 1077
+#line 1081
core_data_file_type
-#line 1077
+#line 1081
-system_data_file # default label for files on /data. Covered below...
-#line 1077
+#line 1081
-system_data_root_file
-#line 1077
+#line 1081
-vendor_userdir_file
-#line 1077
+#line 1081
-vendor_data_file
-#line 1077
+#line 1081
-#line 1077
+#line 1081
}:dir *;
-#line 1077
+#line 1081
neverallow {
-#line 1077
+#line 1081
vendor_init
-#line 1077
+#line 1081
-data_between_core_and_vendor_violators
-#line 1077
+#line 1081
} {
-#line 1077
+#line 1081
core_data_file_type
-#line 1077
+#line 1081
-unencrypted_data_file
-#line 1077
+#line 1081
-system_data_file
-#line 1077
+#line 1081
-system_data_root_file
-#line 1077
+#line 1081
-vendor_userdir_file
-#line 1077
+#line 1081
-vendor_data_file
-#line 1077
+#line 1081
-#line 1077
+#line 1081
}:dir *;
-#line 1077
+#line 1081
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
-#line 1077
+#line 1081
# The vendor init binary lives on the system partition so there is not a concern with stability.
-#line 1077
+#line 1081
neverallow vendor_init unencrypted_data_file:dir ~search;
-#line 1077
+#line 1081
-#line 1077
+#line 1081
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1108
+#line 1112
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1109
+#line 1113
-#line 1109
+#line 1113
# vendor domains may only access dirs in /data/vendor, never core_data_file_types
-#line 1109
+#line 1113
neverallow {
-#line 1109
+#line 1113
domain
-#line 1109
+#line 1113
-appdomain # TODO(b/34980020) remove exemption for appdomain
-#line 1109
+#line 1113
-coredomain
-#line 1109
+#line 1113
-data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
-#line 1109
+#line 1113
} {
-#line 1109
+#line 1113
system_data_file # default label for files on /data. Covered below
-#line 1109
+#line 1113
}:dir ~{ getattr search };
-#line 1109
+#line 1113
-#line 1109
+#line 1113
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1119
+#line 1123
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1121
+#line 1125
-#line 1121
+#line 1125
# coredomains may not access dirs in /data/vendor.
-#line 1121
+#line 1125
neverallow {
-#line 1121
+#line 1125
coredomain
-#line 1121
+#line 1125
-data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
-#line 1121
+#line 1125
-init
-#line 1121
+#line 1125
-vold # vold creates per-user storage for both system and vendor
-#line 1121
+#line 1125
-vold_prepare_subdirs
-#line 1121
+#line 1125
} {
-#line 1121
+#line 1125
vendor_data_file # default label for files on /data. Covered below
-#line 1121
+#line 1125
}:dir ~{ getattr search };
-#line 1121
+#line 1125
-#line 1121
+#line 1125
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1132
+#line 1136
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1134
+#line 1138
-#line 1134
+#line 1138
# coredomains may not access dirs in /data/vendor.
-#line 1134
+#line 1138
neverallow {
-#line 1134
+#line 1138
coredomain
-#line 1134
+#line 1138
-data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
-#line 1134
+#line 1138
-init
-#line 1134
+#line 1138
} {
-#line 1134
+#line 1138
vendor_data_file # default label for files on /data/vendor{,_ce,_de}.
-#line 1134
+#line 1138
}:{ { chr_file blk_file } { file lnk_file sock_file fifo_file } } ~{ append getattr ioctl read write map };
-#line 1134
+#line 1138
-#line 1134
+#line 1138
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1143
+#line 1147
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1145
+#line 1149
-#line 1145
+#line 1149
# Non-vendor domains are not allowed to file execute shell
-#line 1145
+#line 1149
# from vendor
-#line 1145
+#line 1149
neverallow {
-#line 1145
+#line 1149
coredomain
-#line 1145
+#line 1149
-init
-#line 1145
+#line 1149
-shell
-#line 1145
+#line 1149
-ueventd
-#line 1145
- } vendor_shell_exec:file { execute execute_no_trans };
-#line 1145
-
-#line 1145
-# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1154
-
-
-# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1156
-
-#line 1156
- # Do not allow vendor components to execute files from system
-#line 1156
- # except for the ones allowed here.
-#line 1156
- neverallow {
-#line 1156
- domain
-#line 1156
- -coredomain
-#line 1156
- -appdomain
-#line 1156
- -vendor_executes_system_violators
-#line 1156
- -vendor_init
-#line 1156
- } {
-#line 1156
- system_file_type
-#line 1156
- -system_lib_file
-#line 1156
- -system_bootstrap_lib_file
-#line 1156
- -system_linker_exec
-#line 1156
- -crash_dump_exec
-#line 1156
- -netutils_wrapper_exec
-#line 1156
+#line 1149
-#line 1156
- # Vendor components still can invoke shell commands via /system/bin/sh
-#line 1156
- -shell_exec
-#line 1156
- -toolbox_exec
-#line 1156
- -virtualizationmanager_exec
-#line 1156
- -early_virtmgr_exec
-#line 1156
- }:file { entrypoint execute execute_no_trans };
-#line 1156
+#line 1149
+ } vendor_shell_exec:file { execute execute_no_trans };
+#line 1149
-#line 1156
+#line 1149
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1179
+#line 1159
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1181
+#line 1161
-#line 1181
- # Do not allow coredomain to access entrypoint for files other
-#line 1181
- # than system_file_type and postinstall_file
-#line 1181
- neverallow coredomain {
-#line 1181
- file_type
-#line 1181
- -system_file_type
-#line 1181
- -postinstall_file
-#line 1181
- }:file entrypoint;
-#line 1181
- # Do not allow domains other than coredomain to access entrypoint
-#line 1181
- # for anything but vendor_file_type and init_exec for vendor_init.
-#line 1181
- neverallow { domain -coredomain } {
-#line 1181
- file_type
-#line 1181
- -vendor_file_type
-#line 1181
- -init_exec
-#line 1181
- }:file entrypoint;
-#line 1181
-
-#line 1181
-# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1196
-
-
-# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1198
-
-#line 1198
- # Do not allow system components to execute files from vendor
-#line 1198
+#line 1161
+ # Do not allow vendor components to execute files from system
+#line 1161
# except for the ones allowed here.
-#line 1198
+#line 1161
neverallow {
-#line 1198
+#line 1161
+ domain
+#line 1161
+ -coredomain
+#line 1161
+ -appdomain
+#line 1161
+ -vendor_executes_system_violators
+#line 1161
+ -vendor_init
+#line 1161
+ } {
+#line 1161
+ system_file_type
+#line 1161
+ -system_lib_file
+#line 1161
+ -system_bootstrap_lib_file
+#line 1161
+ -system_linker_exec
+#line 1161
+ -crash_dump_exec
+#line 1161
+ -netutils_wrapper_exec
+#line 1161
+
+#line 1161
+ # Vendor components still can invoke shell commands via /system/bin/sh
+#line 1161
+ -shell_exec
+#line 1161
+ -toolbox_exec
+#line 1161
+ -virtualizationmanager_exec
+#line 1161
+ -early_virtmgr_exec
+#line 1161
+ }:file { entrypoint execute execute_no_trans };
+#line 1161
+
+#line 1161
+# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+#line 1184
+
+
+# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+#line 1186
+
+#line 1186
+ # Do not allow coredomain to access entrypoint for files other
+#line 1186
+ # than system_file_type and postinstall_file
+#line 1186
+ neverallow coredomain {
+#line 1186
+ file_type
+#line 1186
+ -system_file_type
+#line 1186
+ -postinstall_file
+#line 1186
+ }:file entrypoint;
+#line 1186
+ # Do not allow domains other than coredomain to access entrypoint
+#line 1186
+ # for anything but vendor_file_type and init_exec for vendor_init.
+#line 1186
+ neverallow { domain -coredomain } {
+#line 1186
+ file_type
+#line 1186
+ -vendor_file_type
+#line 1186
+ -init_exec
+#line 1186
+ }:file entrypoint;
+#line 1186
+
+#line 1186
+# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+#line 1201
+
+
+# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+#line 1203
+
+#line 1203
+ # Do not allow system components to execute files from vendor
+#line 1203
+ # except for the ones allowed here.
+#line 1203
+ neverallow {
+#line 1203
coredomain
-#line 1198
+#line 1203
-init
-#line 1198
+#line 1203
-shell
-#line 1198
+#line 1203
-system_executes_vendor_violators
-#line 1198
+#line 1203
-ueventd
-#line 1198
+#line 1203
+
+#line 1203
} {
-#line 1198
+#line 1203
vendor_file_type
-#line 1198
+#line 1203
-same_process_hal_file
-#line 1198
+#line 1203
-vndk_sp_file
-#line 1198
+#line 1203
-vendor_app_file
-#line 1198
+#line 1203
-vendor_public_framework_file
-#line 1198
+#line 1203
-vendor_public_lib_file
-#line 1198
+#line 1203
}:file execute;
-#line 1198
+#line 1203
-#line 1198
+#line 1203
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1215
+#line 1221
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1217
+#line 1223
-#line 1217
+#line 1223
neverallow {
-#line 1217
+#line 1223
coredomain
-#line 1217
+#line 1223
-shell
-#line 1217
+#line 1223
-system_executes_vendor_violators
-#line 1217
+#line 1223
+
+#line 1223
} {
-#line 1217
+#line 1223
vendor_file_type
-#line 1217
+#line 1223
-same_process_hal_file
-#line 1217
+#line 1223
}:file execute_no_trans;
-#line 1217
+#line 1223
-#line 1217
+#line 1223
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1226
+#line 1233
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1228
+#line 1235
-#line 1228
+#line 1235
# Do not allow vendor components access to /system files except for the
-#line 1228
+#line 1235
# ones allowed here.
-#line 1228
+#line 1235
neverallow {
-#line 1228
+#line 1235
domain
-#line 1228
+#line 1235
-appdomain
-#line 1228
+#line 1235
-coredomain
-#line 1228
+#line 1235
-vendor_executes_system_violators
-#line 1228
+#line 1235
# vendor_init needs access to init_exec for domain transition. vendor_init
-#line 1228
+#line 1235
# neverallows are covered in public/vendor_init.te
-#line 1228
+#line 1235
-vendor_init
-#line 1228
+#line 1235
} {
-#line 1228
+#line 1235
system_file_type
-#line 1228
+#line 1235
-cgroup_desc_file
-#line 1228
+#line 1235
-crash_dump_exec
-#line 1228
+#line 1235
-file_contexts_file
-#line 1228
+#line 1235
-netutils_wrapper_exec
-#line 1228
+#line 1235
-property_contexts_file
-#line 1228
+#line 1235
-system_event_log_tags_file
-#line 1228
+#line 1235
-system_group_file
-#line 1228
+#line 1235
-system_lib_file
-#line 1228
+#line 1235
-system_bootstrap_lib_file
-#line 1228
+#line 1235
-#line 1228
+#line 1235
-system_linker_exec
-#line 1228
+#line 1235
-system_linker_config_file
-#line 1228
+#line 1235
-system_passwd_file
-#line 1228
+#line 1235
-system_seccomp_policy_file
-#line 1228
+#line 1235
-system_security_cacerts_file
-#line 1228
+#line 1235
-system_zoneinfo_file
-#line 1228
+#line 1235
-task_profiles_file
-#line 1228
+#line 1235
-#line 1228
+#line 1235
# Vendor components still can invoke shell commands via /system/bin/sh
-#line 1228
+#line 1235
-shell_exec
-#line 1228
+#line 1235
-toolbox_exec
-#line 1228
+#line 1235
-virtualizationmanager_exec
-#line 1228
+#line 1235
-early_virtmgr_exec
-#line 1228
+#line 1235
}:file *;
-#line 1228
+#line 1235
-#line 1228
+#line 1235
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1265
+#line 1272
# Only system_server should be able to send commands via the zygote socket
@@ -32363,7 +32471,10 @@
# Do not mount on top of symlinks, fifos, or sockets.
# Feature parity with Chromium LSM.
-neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
+neverallow {
+ domain
+
+} { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
# Nobody should be able to execute su on user builds.
# On userdebug/eng builds, only dumpstate, shell, and
@@ -32375,7 +32486,10 @@
# The only exceptions are for NDK text relocations associated with
# https://code.google.com/p/android/issues/detail?id=23203
# which, long term, need to go away.
-neverallow * {
+neverallow {
+ domain
+
+} {
file_type
-apk_data_file
-app_data_file
@@ -32389,7 +32503,12 @@
# Do not allow the introduction of new execmod rules. Text relocations
# and modification of executable pages are unsafe.
-neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod;
+neverallow {
+ domain
+ -untrusted_app_25
+ -untrusted_app_27
+
+} file_type:file execmod;
# Ensure that all types assigned to processes are included
# in the domain attribute, so that all allow and neverallow rules
@@ -32514,6 +32633,7 @@
-installd
-profman
-artd
+
} profman_exec:file { execute execute_no_trans };
# Enforce restrictions on kernel module origin.
@@ -32560,7 +32680,7 @@
# These are only needed in permissive mode - in enforcing mode the
# directory write check fails and so these are never attempted.
-#line 1507
+#line 1526
# Platform must not have access to /mnt/vendor.
@@ -32574,21 +32694,23 @@
# Only apps are allowed access to vendor public libraries.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1519
+#line 1538
-#line 1519
+#line 1538
neverallow {
-#line 1519
+#line 1538
coredomain
-#line 1519
+#line 1538
-appdomain
-#line 1519
+#line 1538
+
+#line 1538
} {vendor_public_framework_file vendor_public_lib_file}:file { execute execute_no_trans };
-#line 1519
+#line 1538
-#line 1519
+#line 1538
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1524
+#line 1544
# Vendor domian must not have access to /mnt/product.
@@ -32599,45 +32721,45 @@
# Platform must not have access to sysfs_batteryinfo, but should do it via health HAL
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1533
+#line 1553
-#line 1533
+#line 1553
neverallow {
-#line 1533
+#line 1553
coredomain
-#line 1533
+#line 1553
-shell
-#line 1533
+#line 1553
# For access to block device information under /sys/class/block.
-#line 1533
+#line 1553
-apexd
-#line 1533
+#line 1553
# Read sysfs block device information.
-#line 1533
+#line 1553
-init
-#line 1533
+#line 1553
# Generate uevents for health info
-#line 1533
+#line 1553
-ueventd
-#line 1533
+#line 1553
# Recovery uses health HAL passthrough implementation.
-#line 1533
+#line 1553
-recovery
-#line 1533
+#line 1553
# Charger uses health HAL passthrough implementation.
-#line 1533
+#line 1553
-charger
-#line 1533
+#line 1553
# TODO(b/110891300): remove this exception
-#line 1533
+#line 1553
-incidentd
-#line 1533
+#line 1553
} sysfs_batteryinfo:file { open read };
-#line 1533
+#line 1553
-#line 1533
+#line 1553
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 1550
+#line 1570
neverallow {
@@ -32733,7 +32855,7 @@
}:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { create unlink };
-#line 1652
+#line 1672
# Only the following processes should be directly accessing private app
@@ -32756,10 +32878,10 @@
}:dir *;
-#line 1687
+#line 1707
-#line 1699
+#line 1719
# Only apps should be modifying app data. installd is exempted for
@@ -32776,7 +32898,7 @@
}:dir ~{ open getattr read search ioctl lock watch watch_reads };
-#line 1724
+#line 1744
neverallow {
@@ -32813,7 +32935,7 @@
}:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { relabelfrom relabelto };
-#line 1767
+#line 1787
# The staging directory contains APEX and APK files. It is important to ensure
@@ -32884,6 +33006,7 @@
-zygote
+
} {
file_type
-system_file_type
@@ -32959,6 +33082,7 @@
neverallow {
domain
-appdomain
+
} {
data_file_type
-apex_art_data_file
@@ -32970,52 +33094,54 @@
# Minimize dac_override and dac_read_search.
# Instead of granting them it is usually better to add the domain to
# a Unix group or change the permissions of a file.
-#line 1945
+#line 1968
neverallow ~{
-#line 1946
+#line 1969
apexd
-#line 1946
+#line 1969
artd
-#line 1946
+#line 1969
dnsmasq
-#line 1946
+#line 1969
dumpstate
-#line 1946
+#line 1969
init
-#line 1946
+#line 1969
installd
-#line 1946
+#line 1969
-#line 1946
+#line 1969
lmkd
-#line 1946
+#line 1969
migrate_legacy_obb_data
-#line 1946
+#line 1969
netd
-#line 1946
+#line 1969
postinstall_dexopt
-#line 1946
+#line 1969
recovery
-#line 1946
+#line 1969
rss_hwm_reset
-#line 1946
+#line 1969
sdcardd
-#line 1946
+#line 1969
tee
-#line 1946
+#line 1969
ueventd
-#line 1946
+#line 1969
uncrypt
-#line 1946
+#line 1969
vendor_init
-#line 1946
+#line 1969
vold
-#line 1946
+#line 1969
vold_prepare_subdirs
-#line 1946
+#line 1969
zygote
-#line 1946
+#line 1969
+
+#line 1969
} self:{ capability cap_userns } dac_override;
# Since the kernel checks dac_read_search before dac_override, domains that
# have dac_override should also have dac_read_search to eliminate spurious
@@ -33023,49 +33149,51 @@
# this list should be a superset of the one above.
neverallow ~{
{
-#line 1952
+#line 1975
apexd
-#line 1952
+#line 1975
artd
-#line 1952
+#line 1975
dnsmasq
-#line 1952
+#line 1975
dumpstate
-#line 1952
+#line 1975
init
-#line 1952
+#line 1975
installd
-#line 1952
+#line 1975
-#line 1952
+#line 1975
lmkd
-#line 1952
+#line 1975
migrate_legacy_obb_data
-#line 1952
+#line 1975
netd
-#line 1952
+#line 1975
postinstall_dexopt
-#line 1952
+#line 1975
recovery
-#line 1952
+#line 1975
rss_hwm_reset
-#line 1952
+#line 1975
sdcardd
-#line 1952
+#line 1975
tee
-#line 1952
+#line 1975
ueventd
-#line 1952
+#line 1975
uncrypt
-#line 1952
+#line 1975
vendor_init
-#line 1952
+#line 1975
vold
-#line 1952
+#line 1975
vold_prepare_subdirs
-#line 1952
+#line 1975
zygote
-#line 1952
+#line 1975
+
+#line 1975
}
traced_perf
traced_probes
@@ -33087,25 +33215,26 @@
-update_engine
-vold
-zygote
+
} { fs_type
-sdcard_type
-fusefs_type
}:filesystem { mount remount relabelfrom relabelto };
# BEGIN_LAUNCHING_WITH_S_ONLY -- this marker is used by CTS -- do not modify
-#line 1978
+#line 2002
-#line 1978
+#line 2002
neverallow {
-#line 1978
+#line 2002
domain
-#line 1978
+#line 2002
} { debugfs_type -debugfs_tracing_debug }:filesystem { mount remount relabelfrom relabelto };
-#line 1978
+#line 2002
-#line 1978
+#line 2002
# END_LAUNCHING_WITH_S_ONLY -- this marker is used by CTS -- do not modify
-#line 1982
+#line 2006
# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
@@ -33153,216 +33282,220 @@
# On TREBLE devices, most coredomains should not access vendor_files.
# TODO(b/71553434): Remove exceptions here.
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 2028
+#line 2052
-#line 2028
+#line 2052
neverallow {
-#line 2028
+#line 2052
coredomain
-#line 2028
+#line 2052
-appdomain
-#line 2028
+#line 2052
-bootanim
-#line 2028
+#line 2052
-crash_dump
-#line 2028
+#line 2052
-heapprofd
-#line 2028
+#line 2052
-#line 2028
+#line 2052
-init
-#line 2028
+#line 2052
-kernel
-#line 2028
+#line 2052
-#line 2028
+#line 2052
-traced_perf
-#line 2028
+#line 2052
-ueventd
-#line 2028
+#line 2052
+
+#line 2052
} vendor_file:file { { append create link unlink relabelfrom rename setattr write } { execute execute_no_trans } open };
-#line 2028
+#line 2052
-#line 2028
+#line 2052
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 2042
+#line 2067
# Vendor domains are not permitted to initiate communications to core domain sockets
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 2045
+#line 2070
-#line 2045
+#line 2070
-#line 2045
+#line 2070
neverallow {
-#line 2045
+#line 2070
domain
-#line 2045
+#line 2070
-coredomain
-#line 2045
+#line 2070
-appdomain
-#line 2045
+#line 2070
-socket_between_core_and_vendor_violators
-#line 2045
+#line 2070
} {
-#line 2045
+#line 2070
coredomain
-#line 2045
+#line 2070
-logd # Logging by writing to logd Unix domain socket is public API
-#line 2045
+#line 2070
-netd # netdomain needs this
-#line 2045
+#line 2070
-mdnsd # netdomain needs this
-#line 2045
+#line 2070
-prng_seeder # Any process using libcrypto needs this
-#line 2045
+#line 2070
# communications with su are permitted only on userdebug or eng builds
-#line 2045
+#line 2070
-init
-#line 2045
+#line 2070
-tombstoned # linker to tombstoned
-#line 2045
+#line 2070
-heapprofd
-#line 2045
+#line 2070
-traced
-#line 2045
+#line 2070
-traced_perf
-#line 2045
+#line 2070
}:{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket } { connect sendto };
-#line 2045
+#line 2070
neverallow {
-#line 2045
+#line 2070
domain
-#line 2045
+#line 2070
-coredomain
-#line 2045
+#line 2070
-appdomain
-#line 2045
+#line 2070
-socket_between_core_and_vendor_violators
-#line 2045
+#line 2070
} {
-#line 2045
+#line 2070
coredomain
-#line 2045
+#line 2070
-logd # Logging by writing to logd Unix domain socket is public API
-#line 2045
+#line 2070
-netd # netdomain needs this
-#line 2045
+#line 2070
-mdnsd # netdomain needs this
-#line 2045
+#line 2070
-prng_seeder # Any process using libcrypto needs this
-#line 2045
+#line 2070
# communications with su are permitted only on userdebug or eng builds
-#line 2045
+#line 2070
-init
-#line 2045
+#line 2070
-tombstoned # linker to tombstoned
-#line 2045
+#line 2070
-heapprofd
-#line 2045
+#line 2070
-traced
-#line 2045
+#line 2070
-traced_perf
-#line 2045
+#line 2070
}:unix_stream_socket connectto;
-#line 2045
+#line 2070
;
-#line 2045
+#line 2070
-#line 2045
+#line 2070
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 2064
+#line 2089
# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 2066
+#line 2091
-#line 2066
+#line 2091
# Do not allow system components access to /vendor files except for the
-#line 2066
+#line 2091
# ones allowed here.
-#line 2066
+#line 2091
neverallow {
-#line 2066
+#line 2091
coredomain
-#line 2066
+#line 2091
# TODO(b/37168747): clean up fwk access to /vendor
-#line 2066
+#line 2091
-crash_dump
-#line 2066
+#line 2091
-crosvm # loads vendor-specific disk images
-#line 2066
+#line 2091
-init # starts vendor executables
-#line 2066
+#line 2091
-kernel # loads /vendor/firmware
-#line 2066
+#line 2091
-heapprofd
-#line 2066
+#line 2091
-#line 2066
+#line 2091
-shell
-#line 2066
+#line 2091
-#line 2066
+#line 2091
-system_executes_vendor_violators
-#line 2066
+#line 2091
-traced_perf # library/binary access for symbolization
-#line 2066
+#line 2091
-ueventd # reads /vendor/ueventd.rc
-#line 2066
+#line 2091
-vold # loads incremental fs driver
-#line 2066
+#line 2091
+
+#line 2091
} {
-#line 2066
+#line 2091
vendor_file_type
-#line 2066
+#line 2091
-same_process_hal_file
-#line 2066
+#line 2091
-vendor_app_file
-#line 2066
+#line 2091
-vendor_apex_file
-#line 2066
+#line 2091
-vendor_apex_metadata_file
-#line 2066
+#line 2091
-vendor_boot_ota_file
-#line 2066
+#line 2091
-vendor_cgroup_desc_file
-#line 2066
+#line 2091
-vendor_configs_file
-#line 2066
+#line 2091
-vendor_microdroid_file
-#line 2066
+#line 2091
-vendor_service_contexts_file
-#line 2066
+#line 2091
-vendor_framework_file
-#line 2066
+#line 2091
-vendor_idc_file
-#line 2066
+#line 2091
-vendor_keychars_file
-#line 2066
+#line 2091
-vendor_keylayout_file
-#line 2066
+#line 2091
-vendor_overlay_file
-#line 2066
+#line 2091
-vendor_public_framework_file
-#line 2066
+#line 2091
-vendor_public_lib_file
-#line 2066
+#line 2091
-vendor_task_profiles_file
-#line 2066
+#line 2091
-vendor_uuid_mapping_config_file
-#line 2066
+#line 2091
-vndk_sp_file
-#line 2066
+#line 2091
-vendor_aconfig_storage_file
-#line 2066
+#line 2091
}:file *;
-#line 2066
+#line 2091
-#line 2066
+#line 2091
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 2107
+#line 2133
# mlsvendorcompat is only for compatibility support for older vendor
@@ -33373,7 +33506,16 @@
# Only init and otapreopt_chroot should be mounting filesystems on locations
# labeled system or vendor (/product and /vendor respectively).
-neverallow { domain -dexopt_chroot_setup -init -otapreopt_chroot } { system_file_type vendor_file_type }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } mounton;
+neverallow {
+ domain
+ -dexopt_chroot_setup
+ -init
+ -otapreopt_chroot
+
+} {
+ system_file_type
+ vendor_file_type
+}:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } mounton;
# Only allow init and vendor_init to read/write mm_events properties
# NOTE: dumpstate is allowed to read any system property
@@ -33408,29 +33550,29 @@
# vendor_modprobe is also exempted since the kernel modules it loads may create
# debugfs files in its context.
# BEGIN_LAUNCHING_WITH_S_ONLY -- this marker is used by CTS -- do not modify
-#line 2151
+#line 2186
-#line 2151
+#line 2186
neverallow {
-#line 2151
+#line 2186
domain
-#line 2151
+#line 2186
-vendor_modprobe
-#line 2151
+#line 2186
-#line 2151
+#line 2186
} { debugfs_type
-#line 2151
+#line 2186
-#line 2151
+#line 2186
-tracefs_type
-#line 2151
+#line 2186
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 2151
+#line 2186
-#line 2151
+#line 2186
# END_LAUNCHING_WITH_S_ONLY -- this marker is used by CTS -- do not modify
-#line 2164
+#line 2199
# Restrict write access to etm sysfs interface.
@@ -33544,8 +33686,48 @@
# ueventd needs write access to all sysfs files.
neverallow { domain -init -vendor_init -ueventd } sysfs_pgsize_migration:file { append create link unlink relabelfrom rename setattr write };
-# We need to be able to rely on vsock labels, so disallow changing them.
-neverallow domain *:vsock_socket { relabelfrom relabelto };
+# virtmanager enforces access policy for which components can connect
+# to which VMs. If you have permissions to make direct connections, you
+# can talk to anything.
+
+#line 2315
+neverallow {
+#line 2315
+ domain
+#line 2315
+
+#line 2315
+ # these are expected
+#line 2315
+ -early_virtmgr
+#line 2315
+ -virtualizationmanager
+#line 2315
+ -virtualizationservice
+#line 2315
+ -adbd_common # maybe should move to emulator/virtual device specific policy
+#line 2315
+
+#line 2315
+ # not expected, and defined outside of system/sepolicy.
+#line 2315
+ # Note: this attribute is strongly recommended to be empty if not required.
+#line 2315
+ -unconstrained_vsock_violators
+#line 2315
+
+#line 2315
+ # these are permissions that should be removed, and they are here for visibility.
+#line 2315
+ -compos_fd_server # TODO: get connections from virtmanager
+#line 2315
+ -hal_keymint_system # TODO: get connections from virtmanager
+#line 2315
+ -vmlauncher_app # TODO: get connections from virtmanager
+#line 2315
+} *:vsock_socket { connect create accept bind };
+#line 2334
+
#line 1 "system/sepolicy/private/drmserver.te"
typeattribute drmserver coredomain;
@@ -37359,6 +37541,9 @@
# /sys/firmware/acpi/tables
type sysfs_firmware_acpi_tables, fs_type, sysfs_type;
+# Type for /system/bin/pbtombstone.
+type pbtombstone_exec, system_file_type, exec_type, file_type;
+
# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate;
@@ -37402,25 +37587,25 @@
type libprocessgroup_metadata_file, file_type;
# Types added in 202504 in public/file.te
-#line 241
+#line 244
-#line 245
+#line 248
-#line 249
+#line 252
-#line 254
+#line 257
-#line 259
+#line 262
-#line 263
+#line 266
-#line 267
+#line 270
## END Types added in 202504 in public/file.te
@@ -48893,7 +49078,17 @@
allow incident incidentd:fifo_file write;
# only allow incident being called by shell or dumpstate
-neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans };
+neverallow {
+ domain
+ -su
+ -shell
+ -incident
+ -dumpstate
+
+} incident_exec:file {
+ execute
+ execute_no_trans
+};
#line 1 "system/sepolicy/private/incident_helper.te"
typeattribute incident_helper coredomain;
@@ -48942,7 +49137,16 @@
allow incident_helper incidentd:unix_stream_socket { read write };
# only allow incidentd and shell to call incident_helper
-neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
+neverallow {
+ domain
+ -incidentd
+ -incident_helper
+ -shell
+
+} incident_helper_exec:file {
+ execute
+ execute_no_trans
+};
#line 1 "system/sepolicy/private/incidentd.te"
typeattribute incidentd coredomain;
typeattribute incidentd mlstrustedsubject;
@@ -49115,6 +49319,29 @@
#line 26
+# section id 1116, allow using userfaultfd
+
+#line 29
+# Set up a type_transition to "userfaultfd" named anonymous inode object.
+#line 29
+type incidentd_userfaultfd;
+#line 29
+type_transition incidentd incidentd:anon_inode incidentd_userfaultfd "[userfaultfd]";
+#line 29
+# Allow domain to create/use userfaultfd anon_inode.
+#line 29
+allow incidentd incidentd_userfaultfd:anon_inode { create ioctl read };
+#line 29
+# Suppress errors generate during bugreport
+#line 29
+dontaudit su incidentd_userfaultfd:anon_inode *;
+#line 29
+# Other domains may not use userfaultfd anon_inodes created by this domain.
+#line 29
+neverallow { domain -incidentd } incidentd_userfaultfd:anon_inode *;
+#line 29
+
+
# section id 2001, allow reading /proc/pagetypeinfo
allow incidentd proc_pagetypeinfo:file { getattr open read ioctl lock map watch watch_reads };
@@ -49141,19 +49368,19 @@
# section id 3023, allow obtaining stats report
allow incidentd stats_service:service_manager find;
-#line 53
+#line 56
# Call the server domain and optionally transfer references to it.
-#line 53
+#line 56
allow incidentd statsd:binder { call transfer };
-#line 53
+#line 56
# Allow the serverdomain to transfer references to the client on the reply.
-#line 53
+#line 56
allow statsd incidentd:binder transfer;
-#line 53
+#line 56
# Receive and use open files from the server.
-#line 53
+#line 56
allow incidentd statsd:fd use;
-#line 53
+#line 56
# section id 3026, allow reading /data/misc/perfetto-traces.
@@ -49169,40 +49396,40 @@
# Enable incidentd to get stack traces.
-#line 67
+#line 70
# Call the servicemanager and transfer references to it.
-#line 67
+#line 70
allow incidentd servicemanager:binder { call transfer };
-#line 67
+#line 70
# Allow servicemanager to send out callbacks
-#line 67
+#line 70
allow servicemanager incidentd:binder { call transfer };
-#line 67
+#line 70
# rw access to /dev/binder and /dev/ashmem is presently granted to
-#line 67
+#line 70
# all domains in domain.te.
-#line 67
+#line 70
-#line 68
+#line 71
# Call the hwservicemanager and transfer references to it.
-#line 68
+#line 71
allow incidentd hwservicemanager:binder { call transfer };
-#line 68
+#line 71
# Allow hwservicemanager to send out callbacks
-#line 68
+#line 71
allow hwservicemanager incidentd:binder { call transfer };
-#line 68
+#line 71
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
-#line 68
+#line 71
# all domains in domain.te.
-#line 68
+#line 71
allow incidentd hwservicemanager:hwservice_manager { list };
-#line 70
+#line 73
allow incidentd hwservicemanager_prop:file { getattr open read map };
-#line 70
+#line 73
allow incidentd hidl_manager_hwservice:hwservice_manager { find };
@@ -49249,34 +49476,34 @@
# Allow incidentd to make binder calls to any binder service
-#line 115
+#line 118
# Call the server domain and optionally transfer references to it.
-#line 115
+#line 118
allow incidentd system_server:binder { call transfer };
-#line 115
+#line 118
# Allow the serverdomain to transfer references to the client on the reply.
-#line 115
+#line 118
allow system_server incidentd:binder transfer;
-#line 115
+#line 118
# Receive and use open files from the server.
-#line 115
+#line 118
allow incidentd system_server:fd use;
-#line 115
+#line 118
-#line 116
+#line 119
# Call the server domain and optionally transfer references to it.
-#line 116
+#line 119
allow incidentd appdomain:binder { call transfer };
-#line 116
+#line 119
# Allow the serverdomain to transfer references to the client on the reply.
-#line 116
+#line 119
allow appdomain incidentd:binder transfer;
-#line 116
+#line 119
# Receive and use open files from the server.
-#line 116
+#line 119
allow incidentd appdomain:fd use;
-#line 116
+#line 119
# Reading /proc/PID/maps of other processes
@@ -49292,11 +49519,11 @@
# Connect to tombstoned to intercept dumps.
-#line 130
+#line 133
allow incidentd tombstoned_intercept_socket:sock_file write;
-#line 130
+#line 133
allow incidentd tombstoned:unix_stream_socket connectto;
-#line 130
+#line 133
# Run a shell.
@@ -49307,20 +49534,20 @@
allow incidentd zygote_exec:file { { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } } };
# Access the runtime feature flag properties.
-#line 139
+#line 142
allow incidentd device_config_runtime_native_prop:file { getattr open read map };
-#line 139
+#line 142
-#line 140
+#line 143
allow incidentd device_config_runtime_native_boot_prop:file { getattr open read map };
-#line 140
+#line 143
# Access odsign verification status.
-#line 142
+#line 145
allow incidentd odsign_prop:file { getattr open read map };
-#line 142
+#line 145
# ART locks profile files.
allow incidentd system_file:file lock;
@@ -49339,11 +49566,11 @@
# Access /data/misc/logd
-#line 159
+#line 162
allow incidentd misc_logd_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 159
+#line 162
allow incidentd misc_logd_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 159
+#line 162
# Allow incidentd to find these standard groups of services.
@@ -49357,19 +49584,19 @@
# Only incidentd can publish the binder service
-#line 171
+#line 174
allow incidentd incident_service:service_manager { add find };
-#line 171
+#line 174
neverallow { domain -incidentd } incident_service:service_manager add;
-#line 171
+#line 174
-#line 171
+#line 174
# On debug builds with root, allow binder services to use binder over TCP.
-#line 171
+#line 174
# Not using rw_socket_perms_no_ioctl to avoid granting too many permissions.
-#line 171
+#line 174
-#line 171
+#line 174
# Allow pipes only from dumpstate and incident
@@ -49378,36 +49605,36 @@
# Allow incident to call back to incident with status updates.
-#line 178
+#line 181
# Call the server domain and optionally transfer references to it.
-#line 178
+#line 181
allow incidentd incident:binder { call transfer };
-#line 178
+#line 181
# Allow the serverdomain to transfer references to the client on the reply.
-#line 178
+#line 181
allow incident incidentd:binder transfer;
-#line 178
+#line 181
# Receive and use open files from the server.
-#line 178
+#line 181
allow incidentd incident:fd use;
-#line 178
+#line 181
# Read device serial number from system properties
# This is used to track reports from lab testing devices
-#line 184
+#line 187
# Read ro.boot.bootreason, persist.sys.boot.bootreason
# This is used to track reports from lab testing devices
-#line 192
+#line 195
# Allow incident to read the build properties for attestation feature
-#line 195
+#line 198
allow incidentd build_attestation_prop:file { getattr open read map };
-#line 195
+#line 198
;
###
@@ -50643,7 +50870,7 @@
# The init domain is only entered via an exec based transition from the
# kernel domain, never via setcon().
neverallow domain init:process dyntransition;
-neverallow { domain -kernel } init:process transition;
+neverallow { domain -kernel } init:process transition;
neverallow init { file_type fs_type -init_exec }:file entrypoint;
# Never read/follow symlinks created by shell or untrusted apps.
@@ -52017,6 +52244,8 @@
type_transition kernel snapuserd_exec:process snapuserd;
#line 4
+#line 7
+
# Allow the kernel to read otapreopt_chroot's file descriptors and files under
# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
@@ -52051,11 +52280,11 @@
# Root fs.
-#line 38
+#line 41
allow kernel rootfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 38
+#line 41
allow kernel rootfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 38
+#line 41
# Used to read androidboot.selinux property
@@ -52124,7 +52353,7 @@
# Allow mounting loop device in update_engine_unittests. (b/28319454)
# and for LTP kernel tests (b/73220071)
-#line 109
+#line 112
# Access to /data/media.
@@ -52147,7 +52376,7 @@
}:file read;
# Also allow the kernel to read/write /data/local/tmp files via loop device
# for ApexTestCases and fiemap_image_test.
-#line 133
+#line 136
# Allow the first-stage init (which is running in the kernel domain) to execute the
@@ -52161,12 +52390,16 @@
# The label for the dynamic linker is rootfs in the recovery partition. This is because
# the recovery partition which is rootfs does not support xattr and thus labeling can't be
# done at build-time. All files are by default labeled as rootfs upon booting.
-#line 148
+#line 151
# required by VTS lidbm unit test
allow kernel appdomain_tmpfs:file { read write };
+# Allow first stage init to copy and then launch overlay_remounter
+#line 163
+
+
dontaudit kernel metadata_file:dir search;
dontaudit kernel ota_metadata_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
dontaudit kernel sysfs:dir { open getattr read search ioctl lock watch watch_reads };
@@ -52811,6 +53044,7 @@
-init
-linkerconfig
-otapreopt_chroot
+
} linkerconfig_exec:file { execute execute_no_trans };
#line 1 "system/sepolicy/private/linux_vm_setup.te"
type linux_vm_setup, domain, coredomain;
@@ -56507,7 +56741,7 @@
#line 6
-# Set mmd.enabled_aconfig properties.
+# Set mmd.enabled_aconfig and zram backing device size.
#line 9
@@ -56518,51 +56752,56 @@
#line 9
#line 9
-allow mmd mmd_prop:property_service set;
+allow mmd mmd_status_prop:property_service set;
#line 9
#line 9
+allow mmd mmd_status_prop:file { getattr open read map };
+#line 9
+
+#line 9
+
+
+#line 10
allow mmd mmd_prop:file { getattr open read map };
-#line 9
-
-#line 9
-
-
#line 10
+
+
+#line 11
allow mmd device_config_mmd_native_prop:file { getattr open read map };
-#line 10
+#line 11
# mmd binder setup
-#line 13
+#line 14
allow mmd mmd_service:service_manager { add find };
-#line 13
+#line 14
neverallow { domain -mmd } mmd_service:service_manager add;
-#line 13
+#line 14
-#line 13
+#line 14
# On debug builds with root, allow binder services to use binder over TCP.
-#line 13
+#line 14
# Not using rw_socket_perms_no_ioctl to avoid granting too many permissions.
-#line 13
+#line 14
-#line 13
-
-
#line 14
+
+
+#line 15
# Call the servicemanager and transfer references to it.
-#line 14
+#line 15
allow mmd servicemanager:binder { call transfer };
-#line 14
+#line 15
# Allow servicemanager to send out callbacks
-#line 14
+#line 15
allow servicemanager mmd:binder { call transfer };
-#line 14
+#line 15
# rw access to /dev/binder and /dev/ashmem is presently granted to
-#line 14
+#line 15
# all domains in domain.te.
-#line 14
+#line 15
# Read /proc/swaps
@@ -56581,6 +56820,33 @@
# swapon syscall
allow mmd self:capability sys_admin;
+
+# Allow mmd to write to statsd socket.
+
+#line 35
+allow mmd statsdw_socket:sock_file write;
+#line 35
+allow mmd statsd:unix_dgram_socket sendto;
+#line 35
+
+# Allow mmd to interact with statsd binder calls for pulled atoms.
+allow mmd stats_service:service_manager find;
+allow mmd statsmanager_service:service_manager find;
+
+#line 39
+# Call the server domain and optionally transfer references to it.
+#line 39
+allow mmd statsd:binder { call transfer };
+#line 39
+# Allow the serverdomain to transfer references to the client on the reply.
+#line 39
+allow statsd mmd:binder transfer;
+#line 39
+# Receive and use open files from the server.
+#line 39
+allow mmd statsd:fd use;
+#line 39
+
#line 1 "system/sepolicy/private/modprobe.te"
typeattribute modprobe coredomain;
@@ -57460,7 +57726,7 @@
# netutils wrapper may only use the following capabilities.
neverallow netutils_wrapper self:{ capability cap_userns } ~{ net_admin net_raw };
-neverallow domain netutils_wrapper_exec:file execute_no_trans;
+neverallow { domain } netutils_wrapper_exec:file execute_no_trans;
#line 1 "system/sepolicy/private/network_stack.te"
# Networking service app
typeattribute network_stack coredomain;
@@ -57641,44 +57907,54 @@
# calls if (fd.isSocket$()) if (isLingerSocket(fd)) ...
dontaudit network_stack self:key_socket getopt;
+# Allow network_stack to open/read/getattr various /proc/net files
+# (includes /proc/net/{anycast6,igmp,psched} /proc/sys/net/ipv4/ip_default_ttl)
+
+#line 56
+allow network_stack proc_net_type:dir { open getattr read search ioctl lock watch watch_reads };
+#line 56
+allow network_stack proc_net_type:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
+#line 56
+
+
# Grant read permission of connectivity namespace system property prefix.
-#line 55
+#line 59
allow network_stack device_config_connectivity_prop:file { getattr open read map };
-#line 55
+#line 59
# Create/use netlink_tcpdiag_socket to get tcp info
allow network_stack self:netlink_tcpdiag_socket { { create { read getattr write setattr lock append bind connect getopt setopt shutdown map } } nlmsg_read nlmsg_write };
############### Tethering Service app - Tethering.apk ##############
-#line 60
+#line 64
typeattribute network_stack halclientdomain;
-#line 60
+#line 64
typeattribute network_stack hal_tetheroffload_client;
-#line 60
+#line 64
-#line 60
+#line 64
# TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 60
+#line 64
# non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 60
+#line 64
# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 60
+#line 64
-#line 60
+#line 64
typeattribute network_stack hal_tetheroffload;
-#line 60
+#line 64
# Find passthrough HAL implementations
-#line 60
+#line 64
allow hal_tetheroffload system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 60
+#line 64
allow hal_tetheroffload vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 60
+#line 64
allow hal_tetheroffload vendor_file:file { read open getattr execute map };
-#line 60
+#line 64
-#line 60
+#line 64
# Create and share netlink_netfilter_sockets for tetheroffload.
allow network_stack self:netlink_netfilter_socket { create { read getattr write setattr lock append bind connect getopt setopt shutdown map } };
@@ -57692,9 +57968,9 @@
# allow Tethering(network_stack process) to read flag value in tethering_u_or_later_native namespace
-#line 72
+#line 76
allow network_stack device_config_tethering_u_or_later_native_prop:file { getattr open read map };
-#line 72
+#line 76
# Use XFRM (IPsec) netlink sockets
@@ -58850,6 +59126,18 @@
# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions.
# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache.
allow otapreopt_slot toolbox_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
+#line 1 "system/sepolicy/private/overlay_remounter.te"
+# Domain used for overlay_remounter process
+
+# All types must be defined regardless of build variant to ensure
+# policy compilation succeeds with userdebug/user combination at boot
+type overlay_remounter, domain, coredomain;
+
+# File types must be defined for file_contexts.
+type overlay_remounter_exec, system_file_type, exec_type, file_type;
+
+#line 47
+
#line 1 "system/sepolicy/private/perfetto.te"
# Perfetto command-line client. Can be used only from the domains that are
# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
@@ -59503,7 +59791,7 @@
#line 45
-neverallow { domain -init -dumpstate } persist_wm_debug_prop:property_service set;
+neverallow { domain -init -dumpstate -system_server } persist_wm_debug_prop:property_service set;
#line 50
@@ -59749,6 +60037,15 @@
#line 145
+# Allow platform apps to read files and directories under /data/system/shutdown-checkpoints/
+
+#line 148
+allow platform_app shutdown_checkpoints_system_data_file:dir { open getattr read search ioctl lock watch watch_reads };
+#line 148
+allow platform_app shutdown_checkpoints_system_data_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
+#line 148
+
+
###
### Neverallow rules
###
@@ -61830,7 +62127,7 @@
#line 39
#line 39
- type mmd_prop, property_type, system_property_type, system_internal_property_type;
+ type mmd_status_prop, property_type, system_property_type, system_internal_property_type;
#line 39
#line 39
@@ -61838,7 +62135,7 @@
#line 39
#line 39
- neverallow { domain -coredomain } mmd_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
+ neverallow { domain -coredomain } mmd_status_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
#line 39
#line 39
@@ -62271,751 +62568,826 @@
#line 60
#line 60
+ type traced_config_prop, property_type, system_property_type, system_internal_property_type;
+#line 60
+
+#line 60
+ # BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+#line 60
+
+#line 60
+ neverallow { domain -coredomain } traced_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 60
+
+#line 60
+# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+#line 60
+
+#line 60
+
+
+#line 61
+
+#line 61
type traced_perf_enabled_prop, property_type, system_property_type, system_internal_property_type;
-#line 60
+#line 61
-#line 60
+#line 61
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 60
+#line 61
-#line 60
+#line 61
neverallow { domain -coredomain } traced_perf_enabled_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 60
+#line 61
-#line 60
+#line 61
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 60
-
-#line 60
-
+#line 61
#line 61
+
+
+#line 62
-#line 61
+#line 62
+ type traced_relay_relay_port_prop, property_type, system_property_type, system_internal_property_type;
+#line 62
+
+#line 62
+ # BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+#line 62
+
+#line 62
+ neverallow { domain -coredomain } traced_relay_relay_port_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 62
+
+#line 62
+# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+#line 62
+
+#line 62
+
+
+#line 63
+
+#line 63
type uprobestats_start_with_config_prop, property_type, system_property_type, system_internal_property_type;
-#line 61
+#line 63
-#line 61
+#line 63
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 61
+#line 63
-#line 61
+#line 63
neverallow { domain -coredomain } uprobestats_start_with_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 61
+#line 63
-#line 61
+#line 63
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 61
+#line 63
-#line 61
+#line 63
-#line 62
+#line 64
-#line 62
+#line 64
type tuner_server_ctl_prop, property_type, system_property_type, system_internal_property_type;
-#line 62
+#line 64
-#line 62
+#line 64
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 62
+#line 64
-#line 62
+#line 64
neverallow { domain -coredomain } tuner_server_ctl_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 62
+#line 64
-#line 62
+#line 64
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 62
+#line 64
-#line 62
+#line 64
-#line 63
+#line 65
-#line 63
+#line 65
type userspace_reboot_log_prop, property_type, system_property_type, system_internal_property_type;
-#line 63
+#line 65
-#line 63
+#line 65
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 63
+#line 65
-#line 63
+#line 65
neverallow { domain -coredomain } userspace_reboot_log_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 63
+#line 65
-#line 63
+#line 65
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 63
+#line 65
-#line 63
+#line 65
-#line 64
+#line 66
-#line 64
+#line 66
type userspace_reboot_test_prop, property_type, system_property_type, system_internal_property_type;
-#line 64
+#line 66
-#line 64
+#line 66
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 64
+#line 66
-#line 64
+#line 66
neverallow { domain -coredomain } userspace_reboot_test_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 64
+#line 66
-#line 64
+#line 66
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 64
+#line 66
-#line 64
+#line 66
-#line 65
+#line 67
-#line 65
+#line 67
type verity_status_prop, property_type, system_property_type, system_internal_property_type;
-#line 65
+#line 67
-#line 65
+#line 67
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 65
+#line 67
-#line 65
+#line 67
neverallow { domain -coredomain } verity_status_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 65
+#line 67
-#line 65
+#line 67
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 65
+#line 67
-#line 65
+#line 67
-#line 66
+#line 68
-#line 66
+#line 68
type zygote_wrap_prop, property_type, system_property_type, system_internal_property_type;
-#line 66
+#line 68
-#line 66
+#line 68
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 66
+#line 68
-#line 66
+#line 68
neverallow { domain -coredomain } zygote_wrap_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 66
+#line 68
-#line 66
+#line 68
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 66
+#line 68
-#line 66
+#line 68
-#line 67
+#line 69
-#line 67
+#line 69
type ctl_mediatranscoding_prop, property_type, system_property_type, system_internal_property_type;
-#line 67
+#line 69
-#line 67
+#line 69
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 67
+#line 69
-#line 67
+#line 69
neverallow { domain -coredomain } ctl_mediatranscoding_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 67
+#line 69
-#line 67
+#line 69
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 67
+#line 69
-#line 67
+#line 69
-#line 68
+#line 70
-#line 68
+#line 70
type ctl_odsign_prop, property_type, system_property_type, system_internal_property_type;
-#line 68
+#line 70
-#line 68
+#line 70
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 68
+#line 70
-#line 68
+#line 70
neverallow { domain -coredomain } ctl_odsign_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 68
+#line 70
-#line 68
+#line 70
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 68
+#line 70
-#line 68
+#line 70
-#line 69
+#line 71
-#line 69
+#line 71
type virtualizationservice_prop, property_type, system_property_type, system_internal_property_type;
-#line 69
+#line 71
-#line 69
+#line 71
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 69
+#line 71
-#line 69
+#line 71
neverallow { domain -coredomain } virtualizationservice_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 69
+#line 71
-#line 69
+#line 71
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 69
+#line 71
-#line 69
+#line 71
-#line 70
+#line 72
-#line 70
+#line 72
type ctl_apex_load_prop, property_type, system_property_type, system_internal_property_type;
-#line 70
+#line 72
-#line 70
+#line 72
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 70
+#line 72
-#line 70
+#line 72
neverallow { domain -coredomain } ctl_apex_load_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 70
+#line 72
-#line 70
+#line 72
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 70
+#line 72
-#line 70
+#line 72
-#line 71
+#line 73
-#line 71
+#line 73
type sensors_config_prop, property_type, system_property_type, system_internal_property_type;
-#line 71
+#line 73
-#line 71
+#line 73
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 71
+#line 73
-#line 71
+#line 73
neverallow { domain -coredomain } sensors_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 71
+#line 73
-#line 71
+#line 73
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 71
+#line 73
-#line 71
+#line 73
-#line 72
+#line 74
-#line 72
+#line 74
type hypervisor_pvmfw_prop, property_type, system_property_type, system_internal_property_type;
-#line 72
+#line 74
-#line 72
+#line 74
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 72
+#line 74
-#line 72
+#line 74
neverallow { domain -coredomain } hypervisor_pvmfw_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 72
+#line 74
-#line 72
+#line 74
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 72
+#line 74
-#line 72
+#line 74
-#line 73
+#line 75
-#line 73
+#line 75
type hypervisor_virtualizationmanager_prop, property_type, system_property_type, system_internal_property_type;
-#line 73
+#line 75
-#line 73
+#line 75
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 73
+#line 75
-#line 73
+#line 75
neverallow { domain -coredomain } hypervisor_virtualizationmanager_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 73
+#line 75
-#line 73
+#line 75
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 73
+#line 75
-#line 73
+#line 75
-#line 74
+#line 76
-#line 74
+#line 76
type game_manager_config_prop, property_type, system_property_type, system_internal_property_type;
-#line 74
+#line 76
-#line 74
+#line 76
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 74
+#line 76
-#line 74
+#line 76
neverallow { domain -coredomain } game_manager_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 74
+#line 76
-#line 74
+#line 76
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 74
+#line 76
-#line 74
+#line 76
-#line 75
+#line 77
-#line 75
+#line 77
type hidl_memory_prop, property_type, system_property_type, system_internal_property_type;
-#line 75
+#line 77
-#line 75
+#line 77
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 75
+#line 77
-#line 75
+#line 77
neverallow { domain -coredomain } hidl_memory_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 75
+#line 77
-#line 75
+#line 77
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 75
+#line 77
-#line 75
+#line 77
-#line 76
+#line 78
-#line 76
+#line 78
type suspend_debug_prop, property_type, system_property_type, system_internal_property_type;
-#line 76
+#line 78
-#line 76
+#line 78
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 76
+#line 78
-#line 76
+#line 78
neverallow { domain -coredomain } suspend_debug_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 76
+#line 78
-#line 76
+#line 78
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 76
+#line 78
-#line 76
+#line 78
-#line 77
+#line 79
-#line 77
+#line 79
type system_service_enable_prop, property_type, system_property_type, system_internal_property_type;
-#line 77
+#line 79
-#line 77
+#line 79
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 77
+#line 79
-#line 77
+#line 79
neverallow { domain -coredomain } system_service_enable_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 77
+#line 79
-#line 77
+#line 79
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 77
+#line 79
-#line 77
+#line 79
-#line 78
+#line 80
-#line 78
+#line 80
type ctl_artd_pre_reboot_prop, property_type, system_property_type, system_internal_property_type;
-#line 78
+#line 80
-#line 78
+#line 80
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 78
+#line 80
-#line 78
+#line 80
neverallow { domain -coredomain } ctl_artd_pre_reboot_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 78
+#line 80
-#line 78
+#line 80
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 78
+#line 80
-#line 78
+#line 80
-#line 79
+#line 81
-#line 79
+#line 81
type trusty_security_vm_sys_prop, property_type, system_property_type, system_internal_property_type;
-#line 79
+#line 81
-#line 79
+#line 81
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 79
+#line 81
-#line 79
+#line 81
neverallow { domain -coredomain } trusty_security_vm_sys_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 79
+#line 81
-#line 79
+#line 81
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 79
+#line 81
-#line 79
+#line 81
-#line 80
+#line 82
-#line 80
+#line 82
type hint_manager_config_prop, property_type, system_property_type, system_internal_property_type;
-#line 80
+#line 82
-#line 80
+#line 82
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 80
+#line 82
-#line 80
+#line 82
neverallow { domain -coredomain } hint_manager_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 80
+#line 82
-#line 80
+#line 82
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 80
+#line 82
-#line 80
+#line 82
# Properties which can't be written outside system
-#line 83
+#line 85
-#line 83
+#line 85
type bionic_linker_16kb_app_compat_prop, property_type, system_property_type, system_restricted_property_type;
-#line 83
+#line 85
-#line 83
+#line 85
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 83
+#line 85
-#line 83
+#line 85
neverallow { domain -coredomain } bionic_linker_16kb_app_compat_prop:property_service set;
-#line 83
+#line 85
-#line 83
+#line 85
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 83
+#line 85
-#line 83
+#line 85
-#line 84
+#line 86
-#line 84
+#line 86
type device_config_virtualization_framework_native_prop, property_type, system_property_type, system_restricted_property_type;
-#line 84
+#line 86
-#line 84
+#line 86
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 84
+#line 86
-#line 84
+#line 86
neverallow { domain -coredomain } device_config_virtualization_framework_native_prop:property_service set;
-#line 84
+#line 86
-#line 84
+#line 86
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 84
+#line 86
-#line 84
+#line 86
-#line 85
+#line 87
-#line 85
+#line 87
type fstype_prop, property_type, system_property_type, system_restricted_property_type;
-#line 85
+#line 87
-#line 85
+#line 87
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 85
+#line 87
-#line 85
+#line 87
neverallow { domain -coredomain } fstype_prop:property_service set;
-#line 85
+#line 87
-#line 85
+#line 87
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 85
+#line 87
-#line 85
+#line 87
-#line 86
+#line 88
-#line 86
+#line 88
type log_file_logger_prop, property_type, system_property_type, system_restricted_property_type;
-#line 86
+#line 88
-#line 86
+#line 88
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 86
+#line 88
-#line 86
+#line 88
neverallow { domain -coredomain } log_file_logger_prop:property_service set;
-#line 86
+#line 88
-#line 86
+#line 88
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 86
+#line 88
-#line 86
+#line 88
-#line 87
+#line 89
-#line 87
+#line 89
type persist_sysui_builder_extras_prop, property_type, system_property_type, system_restricted_property_type;
-#line 87
+#line 89
-#line 87
+#line 89
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 87
+#line 89
-#line 87
+#line 89
neverallow { domain -coredomain } persist_sysui_builder_extras_prop:property_service set;
-#line 87
+#line 89
-#line 87
+#line 89
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 87
+#line 89
-#line 87
+#line 89
-#line 88
+#line 90
-#line 88
+#line 90
type persist_sysui_ranking_update_prop, property_type, system_property_type, system_restricted_property_type;
-#line 88
+#line 90
-#line 88
+#line 90
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 88
+#line 90
-#line 88
+#line 90
neverallow { domain -coredomain } persist_sysui_ranking_update_prop:property_service set;
-#line 88
+#line 90
-#line 88
+#line 90
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 88
+#line 90
-#line 88
+#line 90
-#line 89
+#line 91
-#line 89
+#line 91
type page_size_prop, property_type, system_property_type, system_restricted_property_type;
-#line 89
+#line 91
-#line 89
+#line 91
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 89
+#line 91
-#line 89
+#line 91
neverallow { domain -coredomain } page_size_prop:property_service set;
-#line 89
+#line 91
-#line 89
+#line 91
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 89
+#line 91
-#line 89
+#line 91
-#line 90
+#line 92
-#line 90
+#line 92
type pm_16kb_app_compat_prop, property_type, system_property_type, system_restricted_property_type;
-#line 90
+#line 92
-#line 90
+#line 92
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 90
+#line 92
-#line 90
+#line 92
neverallow { domain -coredomain } pm_16kb_app_compat_prop:property_service set;
-#line 90
+#line 92
-#line 90
+#line 92
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 90
+#line 92
-#line 90
+#line 92
# Properties with no restrictions
-#line 98
+#line 100
# These types will be public starting at board api 202504
-#line 104
+#line 106
# These types will be public starting at board api 202504
-#line 109
+#line 111
# Properties which should only be written by vendor_init
-#line 112
+#line 114
-#line 112
+#line 114
type avf_virtualizationservice_prop, property_type, system_property_type, system_public_property_type;
-#line 112
+#line 114
-#line 112
+#line 114
-#line 112
+#line 114
-#line 112
+#line 114
allow vendor_init property_socket:sock_file write;
-#line 112
+#line 114
allow vendor_init init:unix_stream_socket connectto;
-#line 112
+#line 114
-#line 112
+#line 114
allow vendor_init avf_virtualizationservice_prop:property_service set;
-#line 112
+#line 114
-#line 112
+#line 114
allow vendor_init avf_virtualizationservice_prop:file { getattr open read map };
-#line 112
+#line 114
-#line 112
+#line 114
-#line 112
+#line 114
neverallow { domain -init -vendor_init } avf_virtualizationservice_prop:property_service set;
-#line 112
+#line 114
+
+#line 117
-#line 113
+#line 118
-#line 113
+#line 118
type high_barometer_quality_prop, property_type, system_property_type, system_public_property_type;
-#line 113
+#line 118
-#line 113
+#line 118
-#line 113
+#line 118
-#line 113
+#line 118
allow vendor_init property_socket:sock_file write;
-#line 113
+#line 118
allow vendor_init init:unix_stream_socket connectto;
-#line 113
+#line 118
-#line 113
+#line 118
allow vendor_init high_barometer_quality_prop:property_service set;
-#line 113
+#line 118
-#line 113
+#line 118
allow vendor_init high_barometer_quality_prop:file { getattr open read map };
-#line 113
+#line 118
-#line 113
+#line 118
-#line 113
+#line 118
neverallow { domain -init -vendor_init } high_barometer_quality_prop:property_service set;
-#line 113
+#line 118
-#line 114
+#line 119
-#line 114
+#line 119
+ type mmd_prop, property_type, system_property_type, system_public_property_type;
+#line 119
+
+#line 119
+
+#line 119
+
+#line 119
+allow vendor_init property_socket:sock_file write;
+#line 119
+allow vendor_init init:unix_stream_socket connectto;
+#line 119
+
+#line 119
+allow vendor_init mmd_prop:property_service set;
+#line 119
+
+#line 119
+allow vendor_init mmd_prop:file { getattr open read map };
+#line 119
+
+#line 119
+
+#line 119
+ neverallow { domain -init -vendor_init } mmd_prop:property_service set;
+#line 119
+
+
+#line 120
+
+#line 120
+ type mmd_shared_prop, property_type, system_property_type, system_public_property_type;
+#line 120
+
+#line 120
+
+#line 120
+
+#line 120
+allow vendor_init property_socket:sock_file write;
+#line 120
+allow vendor_init init:unix_stream_socket connectto;
+#line 120
+
+#line 120
+allow vendor_init mmd_shared_prop:property_service set;
+#line 120
+
+#line 120
+allow vendor_init mmd_shared_prop:file { getattr open read map };
+#line 120
+
+#line 120
+
+#line 120
+ neverallow { domain -init -vendor_init } mmd_shared_prop:property_service set;
+#line 120
+
+
+#line 121
+
+#line 121
type prefetch_boot_prop, property_type, system_property_type, system_public_property_type;
-#line 114
+#line 121
-#line 114
+#line 121
-#line 114
+#line 121
-#line 114
+#line 121
allow vendor_init property_socket:sock_file write;
-#line 114
+#line 121
allow vendor_init init:unix_stream_socket connectto;
-#line 114
+#line 121
-#line 114
+#line 121
allow vendor_init prefetch_boot_prop:property_service set;
-#line 114
+#line 121
-#line 114
+#line 121
allow vendor_init prefetch_boot_prop:file { getattr open read map };
-#line 114
+#line 121
-#line 114
+#line 121
-#line 114
+#line 121
neverallow { domain -init -vendor_init } prefetch_boot_prop:property_service set;
-#line 114
-
-
-#line 115
-
-#line 115
- type widevine_sys_vendor_prop, property_type, system_property_type, system_public_property_type;
-#line 115
-
-#line 115
-
-#line 115
-
-#line 115
-allow vendor_init property_socket:sock_file write;
-#line 115
-allow vendor_init init:unix_stream_socket connectto;
-#line 115
-
-#line 115
-allow vendor_init widevine_sys_vendor_prop:property_service set;
-#line 115
-
-#line 115
-allow vendor_init widevine_sys_vendor_prop:file { getattr open read map };
-#line 115
-
-#line 115
-
-#line 115
- neverallow { domain -init -vendor_init } widevine_sys_vendor_prop:property_service set;
-#line 115
+#line 121
typeattribute log_prop log_property_type;
@@ -63061,91 +63433,91 @@
###
# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 159
+#line 165
-#line 159
+#line 165
-#line 159
+#line 165
# BEGIN_LAUNCHING_WITH_S_ONLY -- this marker is used by CTS -- do not modify
-#line 159
+#line 165
-#line 159
+#line 165
neverallow domain {
-#line 159
+#line 165
property_type
-#line 159
+#line 165
-system_property_type
-#line 159
+#line 165
-system_property_type
-#line 159
+#line 165
-vendor_property_type
-#line 159
+#line 165
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 159
+#line 165
-#line 159
+#line 165
# END_LAUNCHING_WITH_S_ONLY -- this marker is used by CTS -- do not modify
-#line 159
+#line 165
-#line 159
+#line 165
-#line 159
+#line 165
neverallow { domain -coredomain } {
-#line 159
+#line 165
system_property_type
-#line 159
+#line 165
system_internal_property_type
-#line 159
+#line 165
-system_restricted_property_type
-#line 159
+#line 165
-system_public_property_type
-#line 159
+#line 165
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 159
+#line 165
-#line 159
+#line 165
neverallow { domain -coredomain } {
-#line 159
+#line 165
system_property_type
-#line 159
+#line 165
-system_public_property_type
-#line 159
+#line 165
}:property_service set;
-#line 159
+#line 165
-#line 159
+#line 165
# init is in coredomain, but should be able to read/write all props.
-#line 159
+#line 165
# dumpstate is also in coredomain, but should be able to read all props.
-#line 159
+#line 165
neverallow { coredomain -init -dumpstate } {
-#line 159
+#line 165
vendor_property_type
-#line 159
+#line 165
vendor_internal_property_type
-#line 159
+#line 165
-vendor_restricted_property_type
-#line 159
+#line 165
-vendor_public_property_type
-#line 159
+#line 165
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 159
+#line 165
-#line 159
+#line 165
neverallow { coredomain -init } {
-#line 159
+#line 165
vendor_property_type
-#line 159
+#line 165
-vendor_public_property_type
-#line 159
+#line 165
}:property_service set;
-#line 159
+#line 165
-#line 159
+#line 165
-#line 159
+#line 165
# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
-#line 196
+#line 202
# There is no need to perform ioctl or advisory locking operations on
@@ -63237,429 +63609,429 @@
} misctrl_prop:property_service set;
# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 286
+#line 292
-#line 286
+#line 292
# Prevent properties from being set
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
core_property_type
-#line 286
+#line 292
extended_core_property_type
-#line 286
+#line 292
exported_config_prop
-#line 286
+#line 292
exported_default_prop
-#line 286
+#line 292
exported_dumpstate_prop
-#line 286
+#line 292
exported_system_prop
-#line 286
+#line 292
exported3_system_prop
-#line 286
+#line 292
usb_control_prop
-#line 286
+#line 292
-nfc_prop
-#line 286
+#line 292
-powerctl_prop
-#line 286
+#line 292
-radio_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-hal_nfc_server
-#line 286
+#line 292
} {
-#line 286
+#line 292
nfc_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-hal_telephony_server
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
radio_control_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-hal_telephony_server
-#line 286
+#line 292
} {
-#line 286
+#line 292
radio_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-bluetooth
-#line 286
+#line 292
-hal_bluetooth_server
-#line 286
+#line 292
} {
-#line 286
+#line 292
bluetooth_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-bluetooth
-#line 286
+#line 292
-hal_bluetooth_server
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
exported_bluetooth_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-hal_camera_server
-#line 286
+#line 292
-cameraserver
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
exported_camera_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-hal_wifi_server
-#line 286
+#line 292
-wificond
-#line 286
+#line 292
} {
-#line 286
+#line 292
wifi_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-init
-#line 286
+#line 292
-dumpstate
-#line 286
+#line 292
-hal_wifi_server
-#line 286
+#line 292
-wificond
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
wifi_hal_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
# Prevent properties from being read
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
core_property_type
-#line 286
+#line 292
dalvik_config_prop_type
-#line 286
+#line 292
extended_core_property_type
-#line 286
+#line 292
exported3_system_prop
-#line 286
+#line 292
systemsound_config_prop
-#line 286
+#line 292
-debug_prop
-#line 286
+#line 292
-logd_prop
-#line 286
+#line 292
-nfc_prop
-#line 286
+#line 292
-powerctl_prop
-#line 286
+#line 292
-radio_prop
-#line 286
+#line 292
-dalvik_dynamic_config_prop
-#line 286
+#line 292
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
-hal_power_server
-#line 286
+#line 292
} dalvik_dynamic_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-hal_nfc_server
-#line 286
+#line 292
} {
-#line 286
+#line 292
nfc_prop
-#line 286
+#line 292
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-appdomain
-#line 286
+#line 292
-hal_telephony_server
-#line 286
+#line 292
} {
-#line 286
+#line 292
radio_prop
-#line 286
+#line 292
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-bluetooth
-#line 286
+#line 292
-hal_bluetooth_server
-#line 286
+#line 292
} {
-#line 286
+#line 292
bluetooth_prop
-#line 286
+#line 292
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-hal_wifi_server
-#line 286
+#line 292
-wificond
-#line 286
+#line 292
} {
-#line 286
+#line 292
wifi_prop
-#line 286
+#line 292
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-coredomain
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
suspend_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-init
-#line 286
+#line 292
} {
-#line 286
+#line 292
suspend_debug_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-init
-#line 286
+#line 292
-vendor_init
-#line 286
+#line 292
} {
-#line 286
+#line 292
high_barometer_quality_prop
-#line 286
+#line 292
}:property_service set;
-#line 286
+#line 292
-#line 286
+#line 292
neverallow {
-#line 286
+#line 292
domain
-#line 286
+#line 292
-init
-#line 286
+#line 292
-dumpstate
-#line 286
+#line 292
-#line 286
+#line 292
} {
-#line 286
+#line 292
suspend_debug_prop
-#line 286
+#line 292
}:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
-#line 286
+#line 292
-#line 286
+#line 292
# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 479
+#line 485
dontaudit system_suspend suspend_debug_prop:file { getattr open read ioctl lock map watch watch_reads };
# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 483
+#line 489
-#line 483
+#line 489
# Neverallow coredomain to set vendor properties
-#line 483
+#line 489
neverallow {
-#line 483
+#line 489
coredomain
-#line 483
+#line 489
-init
-#line 483
+#line 489
-system_writes_vendor_properties_violators
-#line 483
+#line 489
} {
-#line 483
+#line 489
property_type
-#line 483
+#line 489
-system_property_type
-#line 483
+#line 489
-extended_core_property_type
-#line 483
+#line 489
}:property_service set;
-#line 483
+#line 489
-#line 483
+#line 489
# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
-#line 494
+#line 500
neverallow {
@@ -65323,9 +65695,6 @@
allow runas_app untrusted_app_all:process { ptrace sigkill signal sigstop };
allow runas_app untrusted_app_all:unix_stream_socket connectto;
-# Allow executing system image simpleperf without a domain transition.
-allow runas_app simpleperf_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
# the same domain as their respective process, most of which this domain is not
@@ -65334,8 +65703,8 @@
# Allow runas_app to call perf_event_open for profiling debuggable app
# processes, but not the whole system.
-allow runas_app self:perf_event { open read write kernel };
-neverallow runas_app self:perf_event ~{ open read write kernel };
+allow runas_app self:perf_event { open read write };
+neverallow runas_app self:perf_event ~{ open read write };
# Suppress bionic loader denial /data/local/tests directories.
dontaudit runas_app shell_test_data_file:dir search;
@@ -66092,7 +66461,7 @@
type mmd_service, service_manager_type;
type on_device_intelligence_service, app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
type profcollectd_service, service_manager_type;
-type protolog_configuration_service, app_api_service, system_api_service, system_server_service, service_manager_type;
+type protolog_configuration_service, app_api_service, system_api_service, system_server_service, service_manager_type, ephemeral_app_api_service;
type resolver_service, system_server_service, service_manager_type;
type rkpd_registrar_service, service_manager_type;
type rkpd_refresh_service, service_manager_type;
@@ -66138,19 +66507,20 @@
type uce_service, service_manager_type;
-type fwk_vold_service, service_manager_type;
+#line 65
+
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
type wifi_mainline_supplicant_service, service_manager_type;
type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
type advanced_protection_service, app_api_service, system_server_service, service_manager_type;
-#line 69
- type ranging_service, app_api_service, system_server_service, service_manager_type;
#line 71
+ type ranging_service, app_api_service, system_server_service, service_manager_type;
+#line 73
-#line 75
+#line 77
###
@@ -66784,6 +67154,9 @@
# ... and /data/misc/perfetto-traces/bugreport/ .
allow shell perfetto_traces_bugreport_data_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
allow shell perfetto_traces_bugreport_data_file:file { { getattr open read ioctl lock map watch watch_reads } unlink };
+# ... and /data/misc/perfetto-traces/profiling/ .
+allow shell perfetto_traces_profiling_data_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
+allow shell perfetto_traces_profiling_data_file:file { { getattr open read ioctl lock map watch watch_reads } unlink };
# Allow shell to create/remove configs stored in /data/misc/perfetto-configs.
allow shell perfetto_configs_data_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
@@ -66791,50 +67164,50 @@
# Allow shell to run adb shell cmd gpu commands.
-#line 76
+#line 79
# Call the server domain and optionally transfer references to it.
-#line 76
+#line 79
allow shell gpuservice:binder { call transfer };
-#line 76
+#line 79
# Allow the serverdomain to transfer references to the client on the reply.
-#line 76
+#line 79
allow gpuservice shell:binder transfer;
-#line 76
+#line 79
# Receive and use open files from the server.
-#line 76
+#line 79
allow shell gpuservice:fd use;
-#line 76
+#line 79
;
# Allow shell to use atrace HAL
-#line 79
+#line 82
typeattribute shell halclientdomain;
-#line 79
+#line 82
typeattribute shell hal_atrace_client;
-#line 79
+#line 82
-#line 79
+#line 82
# TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 79
+#line 82
# non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 79
+#line 82
# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 79
+#line 82
-#line 79
+#line 82
typeattribute shell hal_atrace;
-#line 79
+#line 82
# Find passthrough HAL implementations
-#line 79
+#line 82
allow hal_atrace system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 79
+#line 82
allow hal_atrace vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 79
+#line 82
allow hal_atrace vendor_file:file { read open getattr execute map };
-#line 79
+#line 82
-#line 79
+#line 82
# For hostside tests such as CTS listening ports test.
@@ -66855,165 +67228,165 @@
# Allow shell to start and comminicate with lpdumpd.
-#line 98
+#line 101
-#line 98
+#line 101
allow shell property_socket:sock_file write;
-#line 98
+#line 101
allow shell init:unix_stream_socket connectto;
-#line 98
+#line 101
-#line 98
+#line 101
allow shell lpdumpd_prop:property_service set;
-#line 98
+#line 101
-#line 98
+#line 101
allow shell lpdumpd_prop:file { getattr open read map };
-#line 98
+#line 101
-#line 98
+#line 101
;
-#line 99
+#line 102
# Call the server domain and optionally transfer references to it.
-#line 99
+#line 102
allow shell lpdumpd:binder { call transfer };
-#line 99
+#line 102
# Allow the serverdomain to transfer references to the client on the reply.
-#line 99
+#line 102
allow lpdumpd shell:binder transfer;
-#line 99
+#line 102
# Receive and use open files from the server.
-#line 99
+#line 102
allow shell lpdumpd:fd use;
-#line 99
+#line 102
# Allow shell to set and read value of properties used for CTS tests of
# userspace reboot
-#line 103
+#line 106
-#line 103
+#line 106
allow shell property_socket:sock_file write;
-#line 103
+#line 106
allow shell init:unix_stream_socket connectto;
-#line 103
+#line 106
-#line 103
+#line 106
allow shell userspace_reboot_test_prop:property_service set;
-#line 103
+#line 106
-#line 103
+#line 106
allow shell userspace_reboot_test_prop:file { getattr open read map };
-#line 103
+#line 106
-#line 103
+#line 106
# Allow shell to set this property to disable charging.
-#line 106
+#line 109
-#line 106
+#line 109
allow shell property_socket:sock_file write;
-#line 106
+#line 109
allow shell init:unix_stream_socket connectto;
-#line 106
+#line 109
-#line 106
+#line 109
allow shell power_debug_prop:property_service set;
-#line 106
+#line 109
-#line 106
+#line 109
allow shell power_debug_prop:file { getattr open read map };
-#line 106
+#line 109
-#line 106
+#line 109
# Allow shell to set this property used for rollback tests
-#line 109
+#line 112
-#line 109
+#line 112
allow shell property_socket:sock_file write;
-#line 109
+#line 112
allow shell init:unix_stream_socket connectto;
-#line 109
+#line 112
-#line 109
+#line 112
allow shell rollback_test_prop:property_service set;
-#line 109
+#line 112
-#line 109
+#line 112
allow shell rollback_test_prop:file { getattr open read map };
-#line 109
+#line 112
-#line 109
+#line 112
# Allow shell to set RKP properties for testing purposes
-#line 112
+#line 115
-#line 112
+#line 115
allow shell property_socket:sock_file write;
-#line 112
+#line 115
allow shell init:unix_stream_socket connectto;
-#line 112
+#line 115
-#line 112
+#line 115
allow shell remote_prov_prop:property_service set;
-#line 112
+#line 115
-#line 112
+#line 115
allow shell remote_prov_prop:file { getattr open read map };
-#line 112
+#line 115
-#line 112
+#line 115
# Allow shell to enable 16 KB backcompat globally.
-#line 115
+#line 118
-#line 115
+#line 118
allow shell property_socket:sock_file write;
-#line 115
+#line 118
allow shell init:unix_stream_socket connectto;
-#line 115
+#line 118
-#line 115
+#line 118
allow shell bionic_linker_16kb_app_compat_prop:property_service set;
-#line 115
+#line 118
-#line 115
+#line 118
allow shell bionic_linker_16kb_app_compat_prop:file { getattr open read map };
-#line 115
+#line 118
-#line 115
+#line 118
# Allow shell to disable compat in package manager
-#line 118
+#line 121
-#line 118
+#line 121
allow shell property_socket:sock_file write;
-#line 118
+#line 121
allow shell init:unix_stream_socket connectto;
-#line 118
+#line 121
-#line 118
+#line 121
allow shell pm_16kb_app_compat_prop:property_service set;
-#line 118
+#line 121
-#line 118
+#line 121
allow shell pm_16kb_app_compat_prop:file { getattr open read map };
-#line 118
+#line 121
-#line 118
+#line 121
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
@@ -67025,7 +67398,7 @@
# Allow shell to execute simpleperf without a domain transition.
allow shell simpleperf_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 138
+#line 141
# Allow shell to run remount command.
@@ -67033,15 +67406,15 @@
# Allow shell to call perf_event_open for profiling other shell processes, but
# not the whole system.
-allow shell self:perf_event { open read write kernel };
+allow shell self:perf_event { open read write };
# Allow shell to read microdroid vendor image
-#line 148
+#line 151
allow shell vendor_microdroid_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 148
+#line 151
allow shell vendor_microdroid_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 148
+#line 151
# Allow shell to read /apex/apex-info-list.xml and the vendor apexes
@@ -67056,235 +67429,235 @@
# Set properties.
-#line 161
+#line 164
-#line 161
+#line 164
allow shell property_socket:sock_file write;
-#line 161
+#line 164
allow shell init:unix_stream_socket connectto;
-#line 161
+#line 164
-#line 161
+#line 164
allow shell shell_prop:property_service set;
-#line 161
+#line 164
-#line 161
+#line 164
allow shell shell_prop:file { getattr open read map };
-#line 161
+#line 164
-#line 161
+#line 164
-#line 162
+#line 165
-#line 162
+#line 165
allow shell property_socket:sock_file write;
-#line 162
+#line 165
allow shell init:unix_stream_socket connectto;
-#line 162
+#line 165
-#line 162
+#line 165
allow shell ctl_bugreport_prop:property_service set;
-#line 162
+#line 165
-#line 162
+#line 165
allow shell ctl_bugreport_prop:file { getattr open read map };
-#line 162
+#line 165
-#line 162
+#line 165
-#line 163
+#line 166
-#line 163
+#line 166
allow shell property_socket:sock_file write;
-#line 163
+#line 166
allow shell init:unix_stream_socket connectto;
-#line 163
+#line 166
-#line 163
+#line 166
allow shell ctl_dumpstate_prop:property_service set;
-#line 163
+#line 166
-#line 163
+#line 166
allow shell ctl_dumpstate_prop:file { getattr open read map };
-#line 163
+#line 166
-#line 163
+#line 166
-#line 164
+#line 167
-#line 164
+#line 167
allow shell property_socket:sock_file write;
-#line 164
+#line 167
allow shell init:unix_stream_socket connectto;
-#line 164
+#line 167
-#line 164
+#line 167
allow shell dumpstate_prop:property_service set;
-#line 164
+#line 167
-#line 164
+#line 167
allow shell dumpstate_prop:file { getattr open read map };
-#line 164
+#line 167
-#line 164
+#line 167
-#line 165
+#line 168
-#line 165
+#line 168
allow shell property_socket:sock_file write;
-#line 165
+#line 168
allow shell init:unix_stream_socket connectto;
-#line 165
+#line 168
-#line 165
+#line 168
allow shell exported_dumpstate_prop:property_service set;
-#line 165
+#line 168
-#line 165
+#line 168
allow shell exported_dumpstate_prop:file { getattr open read map };
-#line 165
+#line 168
-#line 165
+#line 168
-#line 166
+#line 169
-#line 166
+#line 169
allow shell property_socket:sock_file write;
-#line 166
+#line 169
allow shell init:unix_stream_socket connectto;
-#line 166
+#line 169
-#line 166
+#line 169
allow shell debug_prop:property_service set;
-#line 166
+#line 169
-#line 166
+#line 169
allow shell debug_prop:file { getattr open read map };
-#line 166
+#line 169
-#line 166
+#line 169
-#line 167
+#line 170
-#line 167
+#line 170
allow shell property_socket:sock_file write;
-#line 167
+#line 170
allow shell init:unix_stream_socket connectto;
-#line 167
+#line 170
-#line 167
+#line 170
allow shell perf_drop_caches_prop:property_service set;
-#line 167
+#line 170
-#line 167
+#line 170
allow shell perf_drop_caches_prop:file { getattr open read map };
-#line 167
+#line 170
-#line 167
+#line 170
-#line 168
+#line 171
-#line 168
+#line 171
allow shell property_socket:sock_file write;
-#line 168
+#line 171
allow shell init:unix_stream_socket connectto;
-#line 168
+#line 171
-#line 168
+#line 171
allow shell powerctl_prop:property_service set;
-#line 168
+#line 171
-#line 168
+#line 171
allow shell powerctl_prop:file { getattr open read map };
-#line 168
+#line 171
-#line 168
+#line 171
-#line 169
+#line 172
-#line 169
+#line 172
allow shell property_socket:sock_file write;
-#line 169
+#line 172
allow shell init:unix_stream_socket connectto;
-#line 169
+#line 172
-#line 169
+#line 172
allow shell log_tag_prop:property_service set;
-#line 169
+#line 172
-#line 169
+#line 172
allow shell log_tag_prop:file { getattr open read map };
-#line 169
+#line 172
-#line 169
+#line 172
-#line 170
+#line 173
-#line 170
+#line 173
allow shell property_socket:sock_file write;
-#line 170
+#line 173
allow shell init:unix_stream_socket connectto;
-#line 170
+#line 173
-#line 170
+#line 173
allow shell wifi_log_prop:property_service set;
-#line 170
+#line 173
-#line 170
+#line 173
allow shell wifi_log_prop:file { getattr open read map };
-#line 170
+#line 173
-#line 170
+#line 173
# Allow shell to start/stop traced via the persist.traced.enable
# property (which also takes care of /data/misc initialization).
-#line 173
+#line 176
-#line 173
+#line 176
allow shell property_socket:sock_file write;
-#line 173
+#line 176
allow shell init:unix_stream_socket connectto;
-#line 173
+#line 176
-#line 173
+#line 176
allow shell traced_enabled_prop:property_service set;
-#line 173
+#line 176
-#line 173
+#line 176
allow shell traced_enabled_prop:file { getattr open read map };
-#line 173
+#line 176
-#line 173
+#line 176
# adjust SELinux audit rates
-#line 175
+#line 178
-#line 175
+#line 178
allow shell property_socket:sock_file write;
-#line 175
+#line 178
allow shell init:unix_stream_socket connectto;
-#line 175
+#line 178
-#line 175
+#line 178
allow shell logd_auditrate_prop:property_service set;
-#line 175
+#line 178
-#line 175
+#line 178
allow shell logd_auditrate_prop:file { getattr open read map };
-#line 175
+#line 178
-#line 175
+#line 178
# adjust is_loggable properties
@@ -67293,245 +67666,245 @@
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
# property.
-#line 182
+#line 185
-#line 182
+#line 185
allow shell property_socket:sock_file write;
-#line 182
+#line 185
allow shell init:unix_stream_socket connectto;
-#line 182
+#line 185
-#line 182
+#line 185
allow shell heapprofd_enabled_prop:property_service set;
-#line 182
+#line 185
-#line 182
+#line 185
allow shell heapprofd_enabled_prop:file { getattr open read map };
-#line 182
+#line 185
-#line 182
+#line 185
# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
# property.
-#line 185
+#line 188
-#line 185
+#line 188
allow shell property_socket:sock_file write;
-#line 185
+#line 188
allow shell init:unix_stream_socket connectto;
-#line 185
+#line 188
-#line 185
+#line 188
allow shell traced_perf_enabled_prop:property_service set;
-#line 185
+#line 188
-#line 185
+#line 188
allow shell traced_perf_enabled_prop:file { getattr open read map };
-#line 185
+#line 188
-#line 185
+#line 188
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
-#line 187
+#line 190
-#line 187
+#line 190
allow shell property_socket:sock_file write;
-#line 187
+#line 190
allow shell init:unix_stream_socket connectto;
-#line 187
+#line 190
-#line 187
+#line 190
allow shell ctl_gsid_prop:property_service set;
-#line 187
+#line 190
-#line 187
+#line 190
allow shell ctl_gsid_prop:file { getattr open read map };
-#line 187
+#line 190
-#line 187
+#line 190
-#line 188
+#line 191
-#line 188
+#line 191
allow shell property_socket:sock_file write;
-#line 188
+#line 191
allow shell init:unix_stream_socket connectto;
-#line 188
+#line 191
-#line 188
+#line 191
allow shell ctl_snapuserd_prop:property_service set;
-#line 188
+#line 191
-#line 188
+#line 191
allow shell ctl_snapuserd_prop:file { getattr open read map };
-#line 188
+#line 191
-#line 188
+#line 191
# Allow shell to start/stop prefetch
-#line 190
+#line 193
-#line 190
+#line 193
allow shell property_socket:sock_file write;
-#line 190
+#line 193
allow shell init:unix_stream_socket connectto;
-#line 190
+#line 193
-#line 190
+#line 193
allow shell ctl_prefetch_prop:property_service set;
-#line 190
+#line 193
-#line 190
+#line 193
allow shell ctl_prefetch_prop:file { getattr open read map };
-#line 190
+#line 193
-#line 190
+#line 193
# Allow shell to enable Dynamic System Update
-#line 192
+#line 195
-#line 192
+#line 195
allow shell property_socket:sock_file write;
-#line 192
+#line 195
allow shell init:unix_stream_socket connectto;
-#line 192
+#line 195
-#line 192
+#line 195
allow shell dynamic_system_prop:property_service set;
-#line 192
+#line 195
-#line 192
+#line 195
allow shell dynamic_system_prop:file { getattr open read map };
-#line 192
+#line 195
-#line 192
+#line 195
# Allow shell to mock an OTA using persist.pm.mock-upgrade
-#line 194
+#line 197
-#line 194
+#line 197
allow shell property_socket:sock_file write;
-#line 194
+#line 197
allow shell init:unix_stream_socket connectto;
-#line 194
+#line 197
-#line 194
+#line 197
allow shell mock_ota_prop:property_service set;
-#line 194
+#line 197
-#line 194
+#line 197
allow shell mock_ota_prop:file { getattr open read map };
-#line 194
+#line 197
-#line 194
+#line 197
# Read device's serial number from system properties
-#line 197
+#line 200
allow shell serialno_prop:file { getattr open read map };
-#line 197
+#line 200
# Allow shell to read the vendor security patch level for CTS
-#line 200
+#line 203
allow shell vendor_security_patch_level_prop:file { getattr open read map };
-#line 200
+#line 203
# Read state of logging-related properties
-#line 203
+#line 206
allow shell device_logging_prop:file { getattr open read map };
-#line 203
+#line 206
# Read state of boot reason properties
-#line 206
+#line 209
allow shell bootloader_boot_reason_prop:file { getattr open read map };
-#line 206
+#line 209
-#line 207
+#line 210
allow shell last_boot_reason_prop:file { getattr open read map };
-#line 207
+#line 210
-#line 208
+#line 211
allow shell system_boot_reason_prop:file { getattr open read map };
-#line 208
+#line 211
# Allow shell to execute the remote key provisioning factory tool
-#line 211
+#line 214
# Call the server domain and optionally transfer references to it.
-#line 211
+#line 214
allow shell hal_keymint:binder { call transfer };
-#line 211
+#line 214
# Allow the serverdomain to transfer references to the client on the reply.
-#line 211
+#line 214
allow hal_keymint shell:binder transfer;
-#line 211
+#line 214
# Receive and use open files from the server.
-#line 211
+#line 214
allow shell hal_keymint:fd use;
-#line 211
+#line 214
# Allow shell to run the AVF RKP HAL during the execution of the remote key
# provisioning factory tool.
# TODO(b/351113293): Remove this once the AVF RKP HAL registration is moved to
# a separate process.
-#line 216
+#line 219
# Call the server domain and optionally transfer references to it.
-#line 216
+#line 219
allow shell virtualizationservice:binder { call transfer };
-#line 216
+#line 219
# Allow the serverdomain to transfer references to the client on the reply.
-#line 216
+#line 219
allow virtualizationservice shell:binder transfer;
-#line 216
+#line 219
# Receive and use open files from the server.
-#line 216
+#line 219
allow shell virtualizationservice:fd use;
-#line 216
+#line 219
# Allow the shell to inspect whether AVF remote attestation is supported
# through the system property.
-#line 219
+#line 222
allow shell avf_virtualizationservice_prop:file { getattr open read map };
-#line 219
+#line 222
# Allow reading the outcome of perf_event_open LSM support test for CTS.
-#line 222
+#line 225
allow shell init_perf_lsm_hooks_prop:file { getattr open read map };
-#line 222
+#line 225
# Allow shell to read boot image timestamps and fingerprints.
-#line 225
+#line 228
allow shell build_bootimage_prop:file { getattr open read map };
-#line 225
+#line 228
# Allow shell to read odsign verification properties
-#line 228
+#line 231
allow shell odsign_prop:file { getattr open read map };
-#line 228
+#line 231
@@ -67543,114 +67916,114 @@
allow shell shell_key:keystore2_key { delete rebind use get_info update };
# Allow shell to open and execute memfd files for minijail unit tests.
-#line 241
+#line 244
# Allow shell to write db.log.detailed, db.log.slow_query_threshold*
-#line 244
+#line 247
-#line 244
+#line 247
allow shell property_socket:sock_file write;
-#line 244
+#line 247
allow shell init:unix_stream_socket connectto;
-#line 244
+#line 247
-#line 244
+#line 247
allow shell sqlite_log_prop:property_service set;
-#line 244
+#line 247
-#line 244
+#line 247
allow shell sqlite_log_prop:file { getattr open read map };
-#line 244
+#line 247
-#line 244
+#line 247
# Allow shell to write MTE properties even on user builds.
-#line 247
+#line 250
-#line 247
+#line 250
allow shell property_socket:sock_file write;
-#line 247
+#line 250
allow shell init:unix_stream_socket connectto;
-#line 247
+#line 250
-#line 247
+#line 250
allow shell arm64_memtag_prop:property_service set;
-#line 247
+#line 250
-#line 247
+#line 250
allow shell arm64_memtag_prop:file { getattr open read map };
-#line 247
+#line 250
-#line 247
+#line 250
-#line 248
+#line 251
-#line 248
+#line 251
allow shell property_socket:sock_file write;
-#line 248
+#line 251
allow shell init:unix_stream_socket connectto;
-#line 248
+#line 251
-#line 248
+#line 251
allow shell permissive_mte_prop:property_service set;
-#line 248
+#line 251
-#line 248
+#line 251
allow shell permissive_mte_prop:file { getattr open read map };
-#line 248
+#line 251
-#line 248
+#line 251
# Allow shell to write kcmdline properties even on user builds.
-#line 251
+#line 254
-#line 251
+#line 254
allow shell property_socket:sock_file write;
-#line 251
+#line 254
allow shell init:unix_stream_socket connectto;
-#line 251
+#line 254
-#line 251
+#line 254
allow shell kcmdline_prop:property_service set;
-#line 251
+#line 254
-#line 251
+#line 254
allow shell kcmdline_prop:file { getattr open read map };
-#line 251
+#line 254
-#line 251
+#line 254
# Allow shell to read the dm-verity props on user builds.
-#line 254
+#line 257
allow shell verity_status_prop:file { getattr open read map };
-#line 254
+#line 257
# Allow shell to read Virtual A/B related properties
-#line 257
+#line 260
allow shell virtual_ab_prop:file { getattr open read map };
-#line 257
+#line 260
# Allow ReadDefaultFstab() for CTS.
-#line 260
+#line 263
allow shell { metadata_file gsi_metadata_file_type }:dir search;
-#line 260
+#line 263
allow shell gsi_public_metadata_file:file { getattr open read ioctl lock map watch watch_reads };
-#line 260
+#line 263
allow shell { proc_bootconfig proc_cmdline }:file { getattr open read ioctl lock map watch watch_reads };
-#line 260
+#line 263
# Allow shell read access to /apex/apex-info-list.xml for CTS.
@@ -67659,89 +68032,89 @@
# Let the shell user call virtualizationservice (and
# virtualizationservice call back to shell) for debugging.
-#line 267
+#line 270
# Transition to virtualizationmanager when the client executes it.
-#line 267
+#line 270
-#line 267
+#line 270
# Allow the necessary permissions.
-#line 267
+#line 270
-#line 267
+#line 270
# Old domain may exec the file and transition to the new domain.
-#line 267
+#line 270
allow shell virtualizationmanager_exec:file { getattr open read execute map };
-#line 267
+#line 270
allow shell virtualizationmanager:process transition;
-#line 267
+#line 270
# New domain is entered by executing the file.
-#line 267
+#line 270
allow virtualizationmanager virtualizationmanager_exec:file { entrypoint open read execute getattr map };
-#line 267
+#line 270
# New domain can send SIGCHLD to its caller.
-#line 267
+#line 270
allow virtualizationmanager shell:process sigchld;
-#line 267
+#line 270
# Enable AT_SECURE, i.e. libc secure mode.
-#line 267
+#line 270
dontaudit shell virtualizationmanager:process noatsecure;
-#line 267
+#line 270
# XXX dontaudit candidate but requires further study.
-#line 267
+#line 270
allow shell virtualizationmanager:process { siginh rlimitinh };
-#line 267
+#line 270
-#line 267
+#line 270
# Make the transition occur by default.
-#line 267
+#line 270
type_transition shell virtualizationmanager_exec:process virtualizationmanager;
-#line 267
+#line 270
-#line 267
+#line 270
# Allow virtualizationmanager to communicate over UDS with the client.
-#line 267
+#line 270
allow { virtualizationmanager crosvm } shell:unix_stream_socket { ioctl getattr read write };
-#line 267
+#line 270
# Let the client pass file descriptors to virtualizationmanager and on to crosvm.
-#line 267
+#line 270
allow { virtualizationmanager crosvm } shell:fd use;
-#line 267
+#line 270
# Let the client use file descriptors created by virtualizationmanager.
-#line 267
+#line 270
allow shell virtualizationmanager:fd use;
-#line 267
+#line 270
# Allow piping console log to the client
-#line 267
+#line 270
allow { virtualizationmanager crosvm } shell:fifo_file { ioctl getattr read write };
-#line 267
+#line 270
# Allow client to read/write vsock created by virtualizationmanager to communicate with the VM
-#line 267
+#line 270
# that it created. Notice that we do not grant permission to create a vsock;
-#line 267
+#line 270
# the client can only connect to VMs that it owns.
-#line 267
+#line 270
allow shell virtualizationmanager:vsock_socket { getattr getopt read write };
-#line 267
+#line 270
# Allow client to inspect hypervisor capabilities
-#line 267
+#line 270
-#line 267
+#line 270
allow shell hypervisor_prop:file { getattr open read map };
-#line 267
+#line 270
-#line 267
+#line 270
# Allow client to read (but not open) the crashdump provided by virtualizationmanager
-#line 267
+#line 270
allow shell virtualizationservice_data_file:file { getattr read };
-#line 267
+#line 270
# Allow virtualizationmanager to read the path of the client using /proc/{PID}/exe
-#line 267
+#line 270
allow virtualizationmanager shell:dir search;
-#line 267
+#line 270
allow virtualizationmanager shell:file read;
-#line 267
+#line 270
allow virtualizationmanager shell:lnk_file read;
-#line 267
+#line 270
# Allow shell to set persist.wm.debug properties
@@ -67749,23 +68122,23 @@
# Allow shell to write GWP-ASan properties even on user builds.
-#line 273
+#line 276
-#line 273
+#line 276
allow shell property_socket:sock_file write;
-#line 273
+#line 276
allow shell init:unix_stream_socket connectto;
-#line 273
+#line 276
-#line 273
+#line 276
allow shell gwp_asan_prop:property_service set;
-#line 273
+#line 276
-#line 273
+#line 276
allow shell gwp_asan_prop:file { getattr open read map };
-#line 273
+#line 276
-#line 273
+#line 276
# Allow shell to set persist.sysui.notification.builder_extras_override property
@@ -67775,9 +68148,9 @@
# Allow shell to read the build properties for attestation feature
-#line 281
+#line 284
allow shell build_attestation_prop:file { getattr open read map };
-#line 281
+#line 284
# Allow shell to execute oatdump.
@@ -67786,44 +68159,44 @@
# Create and use network sockets.
-#line 288
+#line 291
typeattribute shell netdomain;
-#line 288
+#line 291
# logcat
-#line 291
+#line 294
allow shell logcat_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 291
+#line 294
-#line 291
+#line 294
allow shell logdr_socket:sock_file write;
-#line 291
+#line 294
allow shell logd:unix_stream_socket connectto;
-#line 291
+#line 294
-#line 291
+#line 294
-#line 292
+#line 295
# Group AID_LOG checked by filesystem & logd
-#line 292
+#line 295
# to permit control commands
-#line 292
+#line 295
-#line 292
+#line 295
allow shell logd_socket:sock_file write;
-#line 292
+#line 295
allow shell logd:unix_stream_socket connectto;
-#line 292
+#line 295
-#line 292
+#line 295
-#line 293
+#line 296
allow shell logd_prop:file { getattr open read map };
-#line 293
+#line 296
# logcat -L (directly, or via dumpstate)
allow shell pstorefs:dir search;
@@ -67858,16 +68231,16 @@
allow shell profman_dump_data_file:file { unlink { getattr open read ioctl lock map watch watch_reads } };
# Read/execute files in /data/nativetest
-#line 330
+#line 333
# adb bugreport
-#line 333
+#line 336
allow shell dumpstate_socket:sock_file write;
-#line 333
+#line 336
allow shell dumpstate:unix_stream_socket connectto;
-#line 333
+#line 336
allow shell devpts:chr_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
@@ -67878,18 +68251,18 @@
allow shell input_device:chr_file { getattr open read ioctl lock map watch watch_reads };
-#line 342
+#line 345
allow shell system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 342
+#line 345
allow shell system_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 342
+#line 345
allow shell system_file:file { getattr execute execute_no_trans map };
allow shell toolbox_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
allow shell shell_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
allow shell zygote_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 352
+#line 355
# allow shell access to services
@@ -67921,29 +68294,29 @@
# allow shell to get information from hwservicemanager
# for instance, listing hardware services with lshal
-#line 382
+#line 385
# Call the hwservicemanager and transfer references to it.
-#line 382
+#line 385
allow shell hwservicemanager:binder { call transfer };
-#line 382
+#line 385
# Allow hwservicemanager to send out callbacks
-#line 382
+#line 385
allow hwservicemanager shell:binder { call transfer };
-#line 382
+#line 385
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
-#line 382
+#line 385
# all domains in domain.te.
-#line 382
+#line 385
allow shell hwservicemanager:hwservice_manager list;
# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat.
-#line 386
+#line 389
allow shell proc_net_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 386
+#line 389
allow shell proc_net_type:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 386
+#line 389
allow shell {
@@ -67968,20 +68341,20 @@
allow shell sysfs_net:dir { open getattr read search ioctl lock watch watch_reads };
-#line 409
+#line 412
allow shell cgroup:dir { open getattr read search ioctl lock watch watch_reads };
-#line 409
+#line 412
allow shell cgroup:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 409
+#line 412
allow shell cgroup_desc_file:file { getattr open read ioctl lock map watch watch_reads };
allow shell vendor_cgroup_desc_file:file { getattr open read ioctl lock map watch watch_reads };
-#line 412
+#line 415
allow shell cgroup_v2:dir { open getattr read search ioctl lock watch watch_reads };
-#line 412
+#line 415
allow shell cgroup_v2:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 412
+#line 415
allow shell domain:dir { search open read getattr };
allow shell domain:{ file lnk_file } { open read getattr };
@@ -68021,7 +68394,7 @@
allow shell sysfs_mem_sleep:file { getattr open read ioctl lock map watch watch_reads };
# Allow communicating with the VM terminal.
-#line 454
+#line 457
# Allow CTS to check whether AVF debug policy is installed
@@ -68057,9 +68430,9 @@
allow shell vendor_shell_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 488
+#line 491
allow shell linux_vm_setup_exec:file { entrypoint { getattr open read ioctl lock map watch watch_reads } };
-#line 490
+#line 493
allow shell tee_service_contexts_file:file { getattr open read ioctl lock map watch watch_reads };
@@ -68067,7 +68440,7 @@
# Everything is labeled as rootfs in recovery mode. Allow shell to
# execute them.
-#line 499
+#line 502
###
@@ -68093,59 +68466,59 @@
# Do not allow privileged socket ioctl commands
neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl
-#line 523
+#line 526
{
-#line 523
+#line 526
# qualcomm rmnet ioctls
-#line 523
+#line 526
0x00006900 0x00006902
-#line 523
+#line 526
# socket ioctls
-#line 523
+#line 526
0x0000890b 0x0000890c 0x0000890d 0x00008911 0x00008914 0x00008916
-#line 523
+#line 526
0x00008918 0x0000891a 0x0000891c 0x0000891d 0x0000891e 0x0000891f
-#line 523
+#line 526
0x00008920 0x00008922 0x00008923 0x00008924 0x00008925 0x00008926
-#line 523
+#line 526
0x00008927 0x00008929 0x00008930 0x00008931 0x00008932
-#line 523
+#line 526
0x00008934 0x00008935 0x00008936 0x00008937 0x00008939 0x00008940 0x00008941
-#line 523
+#line 526
0x00008943 0x00008946 0x00008947 0x00008948 0x00008949 0x0000894a
-#line 523
+#line 526
0x0000894b 0x00008953 0x00008954 0x00008955 0x00008960 0x00008961 0x00008962 0x00008970
-#line 523
+#line 526
0x00008971 0x00008980 0x00008981 0x00008982 0x00008983 0x00008990
-#line 523
+#line 526
0x00008991 0x00008992 0x00008993 0x00008994
-#line 523
+#line 526
0x00008995 0x000089a0 0x000089a1 0x000089a2 0x000089a3 0x000089b0
-#line 523
+#line 526
# device and protocol specific ioctls
-#line 523
+#line 526
0x000089f0-0x000089ff
-#line 523
+#line 526
0x000089e0-0x000089ef
-#line 523
+#line 526
# Wireless extension ioctls
-#line 523
+#line 526
0x00008b00 0x00008b02 0x00008b04 0x00008b06 0x00008b08 0x00008b0a
-#line 523
+#line 526
0x00008b0c 0x00008b0e 0x00008b10 0x00008b14 0x00008b15 0x00008b16 0x00008b17
-#line 523
+#line 526
0x00008b18 0x00008b19 0x00008b1a 0x00008b1b 0x00008b1c 0x00008b1d
-#line 523
+#line 526
0x00008b20 0x00008b22 0x00008b24 0x00008b26 0x00008b28 0x00008b2a
-#line 523
+#line 526
0x00008b2b 0x00008b2c 0x00008b30 0x00008b31 0x00008b32 0x00008b33
-#line 523
+#line 526
0x00008b34 0x00008b35 0x00008b36
-#line 523
+#line 526
# Dev private ioctl i.e. hardware specific ioctls
-#line 523
+#line 526
0x00008be0-0x00008bff
-#line 523
+#line 526
};
# limit shell access to sensitive char drivers to
@@ -68193,7 +68566,7 @@
#line 17
# Old domain may exec the file and transition to the new domain.
#line 17
-allow { {
+allow {
#line 17
ephemeral_app
#line 17
@@ -68205,9 +68578,9 @@
#line 17
untrusted_app_all
#line 17
-} -runas_app } simpleperf_exec:file { getattr open read execute map };
+} simpleperf_exec:file { getattr open read execute map };
#line 17
-allow { {
+allow {
#line 17
ephemeral_app
#line 17
@@ -68219,7 +68592,7 @@
#line 17
untrusted_app_all
#line 17
-} -runas_app } simpleperf:process transition;
+} simpleperf:process transition;
#line 17
# New domain is entered by executing the file.
#line 17
@@ -68227,7 +68600,7 @@
#line 17
# New domain can send SIGCHLD to its caller.
#line 17
-allow simpleperf { {
+allow simpleperf {
#line 17
ephemeral_app
#line 17
@@ -68239,11 +68612,11 @@
#line 17
untrusted_app_all
#line 17
-} -runas_app }:process sigchld;
+}:process sigchld;
#line 17
# Enable AT_SECURE, i.e. libc secure mode.
#line 17
-dontaudit { {
+dontaudit {
#line 17
ephemeral_app
#line 17
@@ -68255,11 +68628,11 @@
#line 17
untrusted_app_all
#line 17
-} -runas_app } simpleperf:process noatsecure;
+} simpleperf:process noatsecure;
#line 17
# XXX dontaudit candidate but requires further study.
#line 17
-allow { {
+allow {
#line 17
ephemeral_app
#line 17
@@ -68271,13 +68644,13 @@
#line 17
untrusted_app_all
#line 17
-} -runas_app } simpleperf:process { siginh rlimitinh };
+} simpleperf:process { siginh rlimitinh };
#line 17
#line 17
# Make the transition occur by default.
#line 17
-type_transition { {
+type_transition {
#line 17
ephemeral_app
#line 17
@@ -68289,7 +68662,7 @@
#line 17
untrusted_app_all
#line 17
-} -runas_app } simpleperf_exec:process simpleperf;
+} simpleperf_exec:process simpleperf;
#line 17
@@ -68353,25 +68726,20 @@
#line 23
-#line 24
-typeattribute simpleperf untrusted_app_all;
-#line 24
-
-
# Allow ptrace attach to the target app, for reading JIT debug info (using
# process_vm_readv) during unwinding and symbolization.
allow simpleperf {
-#line 28
+#line 27
ephemeral_app
-#line 28
+#line 27
isolated_app
-#line 28
+#line 27
platform_app
-#line 28
+#line 27
priv_app
-#line 28
+#line 27
untrusted_app_all
-#line 28
+#line 27
}:process ptrace;
# Allow using perf_event_open syscall for profiling the target app.
@@ -68380,52 +68748,52 @@
# Allow /proc/<pid> access for the target app (for example, when trying to
# discover it by cmdline).
-#line 35
+#line 34
allow simpleperf {
-#line 35
+#line 34
ephemeral_app
-#line 35
+#line 34
isolated_app
-#line 35
+#line 34
platform_app
-#line 35
+#line 34
priv_app
-#line 35
+#line 34
untrusted_app_all
-#line 35
+#line 34
}:dir { open getattr read search ioctl lock watch watch_reads };
-#line 35
+#line 34
allow simpleperf {
-#line 35
+#line 34
ephemeral_app
-#line 35
+#line 34
isolated_app
-#line 35
+#line 34
platform_app
-#line 35
+#line 34
priv_app
-#line 35
+#line 34
untrusted_app_all
-#line 35
+#line 34
}:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 35
+#line 34
# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
# profiler runs as when executed by the app. The signals are used to control
# the profiler (which would be profiling the app that is sending the signal).
allow {
-#line 40
+#line 39
ephemeral_app
-#line 40
+#line 39
isolated_app
-#line 40
+#line 39
platform_app
-#line 40
+#line 39
priv_app
-#line 40
+#line 39
untrusted_app_all
-#line 40
+#line 39
} simpleperf:process signal;
# Suppress denial logspam when simpleperf is trying to find a matching process
@@ -68434,10 +68802,44 @@
# not allowed to see.
dontaudit simpleperf domain:dir search;
+# Allow simpleperf to read apk files and libraries executed by the app.
+
+#line 48
+allow simpleperf privapp_data_file:dir { open getattr read search ioctl lock watch watch_reads };
+#line 48
+allow simpleperf privapp_data_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
+#line 48
+;
+
+#line 49
+allow simpleperf app_data_file:dir { open getattr read search ioctl lock watch watch_reads };
+#line 49
+allow simpleperf app_data_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
+#line 49
+;
+allow simpleperf { apk_tmp_file apk_private_tmp_file }:file { getattr read };
+allow simpleperf system_linker_exec:file { getattr open read ioctl lock map watch watch_reads };
+allow simpleperf app_exec_data_file:file { getattr open read ioctl lock map watch watch_reads };
+allow simpleperf asec_public_file:file { getattr open read ioctl lock map watch watch_reads };
+
+#line 54
+allow simpleperf vendor_app_file:dir { open getattr read search ioctl lock watch watch_reads };
+#line 54
+allow simpleperf vendor_app_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
+#line 54
+;
+
+# Allow simpleperf to read input files passed from adb shell.
+allow simpleperf shell_data_file:file { getattr open read ioctl lock map watch watch_reads };
+allow simpleperf shell_data_file:dir { open getattr read search ioctl lock watch watch_reads };
+
# Neverallows:
# Profiling must be confined to the scope of an individual app.
neverallow simpleperf self:perf_event ~{ open read write kernel };
+# Never allow other processes to ptrace simpleperf, as this could leak sensitive infomation from
+# raw samples.
+neverallow { domain -crash_dump -llkd } simpleperf:process ptrace;
#line 1 "system/sepolicy/private/simpleperf_app_runner.te"
typeattribute simpleperf_app_runner coredomain;
@@ -68479,6 +68881,7 @@
# run simpleperf_app_runner in adb shell.
allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner adbd:unix_stream_socket { read write };
allow simpleperf_app_runner shell:fd use;
allow simpleperf_app_runner devpts:chr_file { read write ioctl };
@@ -68495,19 +68898,19 @@
# simpleperf_app_runner switches to the app security context.
-#line 22
+#line 23
-#line 22
+#line 23
allow simpleperf_app_runner selinuxfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 22
+#line 23
allow simpleperf_app_runner selinuxfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 22
+#line 23
-#line 22
+#line 23
allow simpleperf_app_runner selinuxfs:file { open append write lock map };
-#line 22
+#line 23
allow simpleperf_app_runner kernel:security check_context;
-#line 22
+#line 23
# validate context
allow simpleperf_app_runner self:process setcurrent;
allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon
@@ -68518,7 +68921,7 @@
# simpleperf_app_runner passes pipe fds.
# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
-allow simpleperf_app_runner shell:fifo_file { read write };
+allow simpleperf_app_runner shell:fifo_file { getattr read write };
# simpleperf_app_runner checks shell data paths.
# simpleperf_app_runner passes shell data fds.
@@ -69588,34 +69991,52 @@
#line 99
+# Allow statsd to interact with mmd
+allow statsd mmd_service:service_manager find;
+
+#line 103
+# Call the server domain and optionally transfer references to it.
+#line 103
+allow statsd mmd:binder { call transfer };
+#line 103
+# Allow the serverdomain to transfer references to the client on the reply.
+#line 103
+allow mmd statsd:binder transfer;
+#line 103
+# Receive and use open files from the server.
+#line 103
+allow statsd mmd:fd use;
+#line 103
+
+
# Allow logd access.
-#line 102
+#line 106
allow statsd logcat_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 102
+#line 106
-#line 102
+#line 106
allow statsd logdr_socket:sock_file write;
-#line 102
+#line 106
allow statsd logd:unix_stream_socket connectto;
-#line 102
+#line 106
-#line 102
+#line 106
-#line 103
+#line 107
# Group AID_LOG checked by filesystem & logd
-#line 103
+#line 107
# to permit control commands
-#line 103
+#line 107
-#line 103
+#line 107
allow statsd logd_socket:sock_file write;
-#line 103
+#line 107
allow statsd logd:unix_stream_socket connectto;
-#line 103
+#line 107
-#line 103
+#line 107
# Grant statsd with permissions to register the services.
@@ -69635,120 +70056,120 @@
# Allow access to with hardware layer and process stats.
allow statsd proc_uid_cputime_showstat:file { getattr open read };
-#line 121
+#line 125
typeattribute statsd halclientdomain;
-#line 121
+#line 125
typeattribute statsd hal_health_client;
-#line 121
+#line 125
-#line 121
+#line 125
# TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 121
+#line 125
# non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 121
+#line 125
# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 121
+#line 125
-#line 121
+#line 125
typeattribute statsd hal_health;
-#line 121
+#line 125
# Find passthrough HAL implementations
-#line 121
+#line 125
allow hal_health system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 121
+#line 125
allow hal_health vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 121
+#line 125
allow hal_health vendor_file:file { read open getattr execute map };
-#line 121
+#line 125
-#line 121
+#line 125
-#line 122
+#line 126
typeattribute statsd halclientdomain;
-#line 122
+#line 126
typeattribute statsd hal_power_client;
-#line 122
+#line 126
-#line 122
+#line 126
# TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 122
+#line 126
# non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 122
+#line 126
# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 122
+#line 126
-#line 122
+#line 126
typeattribute statsd hal_power;
-#line 122
+#line 126
# Find passthrough HAL implementations
-#line 122
+#line 126
allow hal_power system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 122
+#line 126
allow hal_power vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 122
+#line 126
allow hal_power vendor_file:file { read open getattr execute map };
-#line 122
+#line 126
-#line 122
+#line 126
-#line 123
+#line 127
typeattribute statsd halclientdomain;
-#line 123
+#line 127
typeattribute statsd hal_power_stats_client;
-#line 123
+#line 127
-#line 123
+#line 127
# TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 123
+#line 127
# non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 123
+#line 127
# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 123
+#line 127
-#line 123
+#line 127
typeattribute statsd hal_power_stats;
-#line 123
+#line 127
# Find passthrough HAL implementations
-#line 123
+#line 127
allow hal_power_stats system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 123
+#line 127
allow hal_power_stats vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 123
+#line 127
allow hal_power_stats vendor_file:file { read open getattr execute map };
-#line 123
+#line 127
-#line 123
+#line 127
-#line 124
+#line 128
typeattribute statsd halclientdomain;
-#line 124
+#line 128
typeattribute statsd hal_thermal_client;
-#line 124
+#line 128
-#line 124
+#line 128
# TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 124
+#line 128
# non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 124
+#line 128
# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 124
+#line 128
-#line 124
+#line 128
typeattribute statsd hal_thermal;
-#line 124
+#line 128
# Find passthrough HAL implementations
-#line 124
+#line 128
allow hal_thermal system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 124
+#line 128
allow hal_thermal vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 124
+#line 128
allow hal_thermal vendor_file:file { read open getattr execute map };
-#line 124
+#line 128
-#line 124
+#line 128
# Allow 'adb shell cmd' to upload configs and download output.
@@ -69757,11 +70178,11 @@
allow statsd shell:fifo_file { getattr read write };
-#line 131
+#line 135
allow statsd statsdw_socket:sock_file write;
-#line 131
+#line 135
allow statsd statsd:unix_dgram_socket sendto;
-#line 131
+#line 135
###
@@ -73939,6 +74360,9 @@
hal_sensors_server
hal_vibrator_server
hal_vr_server
+ hal_wifi_hostapd_server
+ hal_wifi_server
+ hal_wifi_supplicant_server
system_suspend_server
}:process { signal };
@@ -73955,29 +74379,29 @@
# Write trace data to the Perfetto traced daemon. This requires connecting to
# its producer socket and obtaining a (per-process) tmpfs fd.
-#line 447
+#line 450
allow system_server traced:fd use;
-#line 447
+#line 450
allow system_server traced_tmpfs:file { read write getattr map };
-#line 447
+#line 450
-#line 447
+#line 450
allow system_server traced_producer_socket:sock_file write;
-#line 447
+#line 450
allow system_server traced:unix_stream_socket connectto;
-#line 447
+#line 450
-#line 447
+#line 450
-#line 447
+#line 450
# Also allow the service to use the producer file descriptors. This is
-#line 447
+#line 450
# necessary when the producer is creating the shared memory, as it will be
-#line 447
+#line 450
# passed to the service as a file descriptor (obtained from memfd_create).
-#line 447
+#line 450
allow traced system_server:fd use;
-#line 447
+#line 450
# Get file context
@@ -73986,64 +74410,64 @@
allow system_server mac_perms_file: file { getattr open read ioctl lock map watch watch_reads };
# Check SELinux permissions.
-#line 454
+#line 457
-#line 454
+#line 457
allow system_server selinuxfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 454
+#line 457
allow system_server selinuxfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 454
+#line 457
-#line 454
+#line 457
allow system_server selinuxfs:file { open append write lock map };
-#line 454
+#line 457
allow system_server kernel:security compute_av;
-#line 454
+#line 457
allow system_server self:netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
-#line 454
+#line 457
allow system_server sysfs_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 458
+#line 461
allow system_server sysfs_android_usb:dir { open getattr read search ioctl lock watch watch_reads };
-#line 458
+#line 461
allow system_server sysfs_android_usb:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 458
+#line 461
allow system_server sysfs_android_usb:file { open append write lock map };
-#line 461
+#line 464
allow system_server sysfs_extcon:dir { open getattr read search ioctl lock watch watch_reads };
-#line 461
+#line 464
allow system_server sysfs_extcon:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 461
+#line 464
-#line 463
+#line 466
allow system_server sysfs_ipv4:dir { open getattr read search ioctl lock watch watch_reads };
-#line 463
+#line 466
allow system_server sysfs_ipv4:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 463
+#line 466
allow system_server sysfs_ipv4:file { open append write lock map };
-#line 466
+#line 469
allow system_server sysfs_rtc:dir { open getattr read search ioctl lock watch watch_reads };
-#line 466
+#line 469
allow system_server sysfs_rtc:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 466
+#line 469
-#line 467
+#line 470
allow system_server sysfs_switch:dir { open getattr read search ioctl lock watch watch_reads };
-#line 467
+#line 470
allow system_server sysfs_switch:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 467
+#line 470
allow system_server sysfs_nfc_power_writable:file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
@@ -74115,53 +74539,53 @@
# Access input configuration files in the /vendor directory
-#line 537
+#line 540
allow system_server vendor_keylayout_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 537
+#line 540
allow system_server vendor_keylayout_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 537
+#line 540
-#line 538
+#line 541
allow system_server vendor_keychars_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 538
+#line 541
allow system_server vendor_keychars_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 538
+#line 541
-#line 539
+#line 542
allow system_server vendor_idc_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 539
+#line 542
allow system_server vendor_idc_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 539
+#line 542
-#line 540
+#line 543
allow system_server input_device_config_prop:file { getattr open read map };
-#line 540
+#line 543
# Access /vendor/{app,framework,overlay}
-#line 543
+#line 546
allow system_server vendor_app_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 543
+#line 546
allow system_server vendor_app_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 543
+#line 546
-#line 544
+#line 547
allow system_server vendor_framework_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 544
+#line 547
allow system_server vendor_framework_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 544
+#line 547
-#line 545
+#line 548
allow system_server vendor_overlay_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 545
+#line 548
allow system_server vendor_overlay_file:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 545
+#line 548
# Manage /data/app-private.
@@ -74191,17 +74615,17 @@
# order to dump its traces. Also allow the system server to write its traces to
# dumpstate during bugreport capture and incidentd during incident collection.
-#line 573
+#line 576
allow system_server tombstoned_java_trace_socket:sock_file write;
-#line 573
+#line 576
allow system_server tombstoned:unix_stream_socket connectto;
-#line 573
+#line 576
allow system_server tombstoned:fd use;
allow system_server dumpstate:fifo_file append;
allow system_server incidentd:fifo_file append;
# Write to a pipe created from `adb shell` (for debuggerd -j `pidof system_server`)
-#line 580
+#line 583
# Allow system_server to read pipes from incidentd (used to deliver incident reports
@@ -74223,39 +74647,39 @@
# Allow system_server to exec the perfetto cmdline client and pass it a trace config
-#line 600
+#line 603
# Allow the necessary permissions.
-#line 600
+#line 603
-#line 600
+#line 603
# Old domain may exec the file and transition to the new domain.
-#line 600
+#line 603
allow system_server perfetto_exec:file { getattr open read execute map };
-#line 600
+#line 603
allow system_server perfetto:process transition;
-#line 600
+#line 603
# New domain is entered by executing the file.
-#line 600
+#line 603
allow perfetto perfetto_exec:file { entrypoint open read execute getattr map };
-#line 600
+#line 603
# New domain can send SIGCHLD to its caller.
-#line 600
+#line 603
allow perfetto system_server:process sigchld;
-#line 600
+#line 603
# Enable AT_SECURE, i.e. libc secure mode.
-#line 600
+#line 603
dontaudit system_server perfetto:process noatsecure;
-#line 600
+#line 603
# XXX dontaudit candidate but requires further study.
-#line 600
+#line 603
allow system_server perfetto:process { siginh rlimitinh };
-#line 600
+#line 603
-#line 600
+#line 603
# Make the transition occur by default.
-#line 600
+#line 603
type_transition system_server perfetto_exec:process perfetto;
-#line 600
+#line 603
;
allow system_server perfetto:fifo_file { read write };
@@ -74267,39 +74691,39 @@
# Allow system server to exec the trace redactor cmdline client and kill the process for
# ProfilingService.
-#line 610
+#line 613
# Allow the necessary permissions.
-#line 610
+#line 613
-#line 610
+#line 613
# Old domain may exec the file and transition to the new domain.
-#line 610
+#line 613
allow system_server trace_redactor_exec:file { getattr open read execute map };
-#line 610
+#line 613
allow system_server trace_redactor:process transition;
-#line 610
+#line 613
# New domain is entered by executing the file.
-#line 610
+#line 613
allow trace_redactor trace_redactor_exec:file { entrypoint open read execute getattr map };
-#line 610
+#line 613
# New domain can send SIGCHLD to its caller.
-#line 610
+#line 613
allow trace_redactor system_server:process sigchld;
-#line 610
+#line 613
# Enable AT_SECURE, i.e. libc secure mode.
-#line 610
+#line 613
dontaudit system_server trace_redactor:process noatsecure;
-#line 610
+#line 613
# XXX dontaudit candidate but requires further study.
-#line 610
+#line 613
allow system_server trace_redactor:process { siginh rlimitinh };
-#line 610
+#line 613
-#line 610
+#line 613
# Make the transition occur by default.
-#line 610
+#line 613
type_transition system_server trace_redactor_exec:process trace_redactor;
-#line 610
+#line 613
;
allow system_server trace_redactor:process signal;
@@ -74439,1667 +74863,1700 @@
# Property Service write
-#line 748
+#line 751
-#line 748
+#line 751
allow system_server property_socket:sock_file write;
-#line 748
+#line 751
allow system_server init:unix_stream_socket connectto;
-#line 748
+#line 751
-#line 748
+#line 751
allow system_server system_prop:property_service set;
-#line 748
+#line 751
-#line 748
+#line 751
allow system_server system_prop:file { getattr open read map };
-#line 748
+#line 751
-#line 748
+#line 751
-#line 749
+#line 752
-#line 749
+#line 752
allow system_server property_socket:sock_file write;
-#line 749
+#line 752
allow system_server init:unix_stream_socket connectto;
-#line 749
+#line 752
-#line 749
+#line 752
allow system_server bootanim_system_prop:property_service set;
-#line 749
+#line 752
-#line 749
+#line 752
allow system_server bootanim_system_prop:file { getattr open read map };
-#line 749
+#line 752
-#line 749
+#line 752
-#line 750
+#line 753
-#line 750
+#line 753
allow system_server property_socket:sock_file write;
-#line 750
+#line 753
allow system_server init:unix_stream_socket connectto;
-#line 750
+#line 753
-#line 750
+#line 753
allow system_server bluetooth_prop:property_service set;
-#line 750
+#line 753
-#line 750
+#line 753
allow system_server bluetooth_prop:file { getattr open read map };
-#line 750
+#line 753
-#line 750
+#line 753
-#line 751
+#line 754
-#line 751
+#line 754
allow system_server property_socket:sock_file write;
-#line 751
+#line 754
allow system_server init:unix_stream_socket connectto;
-#line 751
+#line 754
-#line 751
+#line 754
allow system_server exported_system_prop:property_service set;
-#line 751
+#line 754
-#line 751
+#line 754
allow system_server exported_system_prop:file { getattr open read map };
-#line 751
+#line 754
-#line 751
+#line 754
-#line 752
+#line 755
-#line 752
+#line 755
allow system_server property_socket:sock_file write;
-#line 752
+#line 755
allow system_server init:unix_stream_socket connectto;
-#line 752
+#line 755
-#line 752
+#line 755
allow system_server exported3_system_prop:property_service set;
-#line 752
+#line 755
-#line 752
+#line 755
allow system_server exported3_system_prop:file { getattr open read map };
-#line 752
+#line 755
-#line 752
+#line 755
-#line 753
+#line 756
-#line 753
+#line 756
allow system_server property_socket:sock_file write;
-#line 753
+#line 756
allow system_server init:unix_stream_socket connectto;
-#line 753
+#line 756
-#line 753
+#line 756
allow system_server safemode_prop:property_service set;
-#line 753
+#line 756
-#line 753
+#line 756
allow system_server safemode_prop:file { getattr open read map };
-#line 753
+#line 756
-#line 753
+#line 756
-#line 754
+#line 757
-#line 754
+#line 757
allow system_server property_socket:sock_file write;
-#line 754
+#line 757
allow system_server init:unix_stream_socket connectto;
-#line 754
+#line 757
-#line 754
+#line 757
allow system_server theme_prop:property_service set;
-#line 754
+#line 757
-#line 754
+#line 757
allow system_server theme_prop:file { getattr open read map };
-#line 754
+#line 757
-#line 754
+#line 757
-#line 755
+#line 758
-#line 755
+#line 758
allow system_server property_socket:sock_file write;
-#line 755
+#line 758
allow system_server init:unix_stream_socket connectto;
-#line 755
+#line 758
-#line 755
+#line 758
allow system_server dhcp_prop:property_service set;
-#line 755
+#line 758
-#line 755
+#line 758
allow system_server dhcp_prop:file { getattr open read map };
-#line 755
+#line 758
-#line 755
+#line 758
-#line 756
+#line 759
-#line 756
+#line 759
allow system_server property_socket:sock_file write;
-#line 756
+#line 759
allow system_server init:unix_stream_socket connectto;
-#line 756
+#line 759
-#line 756
+#line 759
allow system_server net_connectivity_prop:property_service set;
-#line 756
+#line 759
-#line 756
+#line 759
allow system_server net_connectivity_prop:file { getattr open read map };
-#line 756
+#line 759
-#line 756
+#line 759
-#line 757
+#line 760
-#line 757
+#line 760
allow system_server property_socket:sock_file write;
-#line 757
+#line 760
allow system_server init:unix_stream_socket connectto;
-#line 757
+#line 760
-#line 757
+#line 760
allow system_server net_radio_prop:property_service set;
-#line 757
+#line 760
-#line 757
+#line 760
allow system_server net_radio_prop:file { getattr open read map };
-#line 757
+#line 760
-#line 757
+#line 760
-#line 758
+#line 761
-#line 758
+#line 761
allow system_server property_socket:sock_file write;
-#line 758
+#line 761
allow system_server init:unix_stream_socket connectto;
-#line 758
+#line 761
-#line 758
+#line 761
allow system_server net_dns_prop:property_service set;
-#line 758
+#line 761
-#line 758
+#line 761
allow system_server net_dns_prop:file { getattr open read map };
-#line 758
+#line 761
-#line 758
+#line 761
-#line 759
+#line 762
-#line 759
+#line 762
allow system_server property_socket:sock_file write;
-#line 759
+#line 762
allow system_server init:unix_stream_socket connectto;
-#line 759
+#line 762
-#line 759
+#line 762
allow system_server usb_control_prop:property_service set;
-#line 759
+#line 762
-#line 759
+#line 762
allow system_server usb_control_prop:file { getattr open read map };
-#line 759
+#line 762
-#line 759
+#line 762
-#line 760
+#line 763
-#line 760
+#line 763
allow system_server property_socket:sock_file write;
-#line 760
+#line 763
allow system_server init:unix_stream_socket connectto;
-#line 760
+#line 763
-#line 760
+#line 763
allow system_server usb_prop:property_service set;
-#line 760
+#line 763
-#line 760
+#line 763
allow system_server usb_prop:file { getattr open read map };
-#line 760
+#line 763
-#line 760
+#line 763
-#line 761
+#line 764
-#line 761
+#line 764
allow system_server property_socket:sock_file write;
-#line 761
+#line 764
allow system_server init:unix_stream_socket connectto;
-#line 761
+#line 764
-#line 761
+#line 764
allow system_server debug_prop:property_service set;
-#line 761
+#line 764
-#line 761
+#line 764
allow system_server debug_prop:file { getattr open read map };
-#line 761
+#line 764
-#line 761
+#line 764
-#line 762
+#line 765
-#line 762
+#line 765
allow system_server property_socket:sock_file write;
-#line 762
+#line 765
allow system_server init:unix_stream_socket connectto;
-#line 762
+#line 765
-#line 762
+#line 765
allow system_server powerctl_prop:property_service set;
-#line 762
+#line 765
-#line 762
+#line 765
allow system_server powerctl_prop:file { getattr open read map };
-#line 762
+#line 765
-#line 762
+#line 765
-#line 763
+#line 766
-#line 763
+#line 766
allow system_server property_socket:sock_file write;
-#line 763
+#line 766
allow system_server init:unix_stream_socket connectto;
-#line 763
+#line 766
-#line 763
+#line 766
allow system_server fingerprint_prop:property_service set;
-#line 763
+#line 766
-#line 763
+#line 766
allow system_server fingerprint_prop:file { getattr open read map };
-#line 763
+#line 766
-#line 763
+#line 766
-#line 764
+#line 767
-#line 764
+#line 767
allow system_server property_socket:sock_file write;
-#line 764
+#line 767
allow system_server init:unix_stream_socket connectto;
-#line 764
+#line 767
-#line 764
+#line 767
allow system_server device_logging_prop:property_service set;
-#line 764
+#line 767
-#line 764
+#line 767
allow system_server device_logging_prop:file { getattr open read map };
-#line 764
+#line 767
-#line 764
+#line 767
-#line 765
+#line 768
-#line 765
+#line 768
allow system_server property_socket:sock_file write;
-#line 765
+#line 768
allow system_server init:unix_stream_socket connectto;
-#line 765
+#line 768
-#line 765
+#line 768
allow system_server dumpstate_options_prop:property_service set;
-#line 765
+#line 768
-#line 765
+#line 768
allow system_server dumpstate_options_prop:file { getattr open read map };
-#line 765
+#line 768
-#line 765
+#line 768
-#line 766
+#line 769
-#line 766
+#line 769
allow system_server property_socket:sock_file write;
-#line 766
+#line 769
allow system_server init:unix_stream_socket connectto;
-#line 766
+#line 769
-#line 766
+#line 769
allow system_server overlay_prop:property_service set;
-#line 766
+#line 769
-#line 766
+#line 769
allow system_server overlay_prop:file { getattr open read map };
-#line 766
+#line 769
-#line 766
+#line 769
-#line 767
+#line 770
-#line 767
+#line 770
allow system_server property_socket:sock_file write;
-#line 767
+#line 770
allow system_server init:unix_stream_socket connectto;
-#line 767
+#line 770
-#line 767
+#line 770
allow system_server exported_overlay_prop:property_service set;
-#line 767
+#line 770
-#line 767
+#line 770
allow system_server exported_overlay_prop:file { getattr open read map };
-#line 767
+#line 770
-#line 767
+#line 770
-#line 768
+#line 771
-#line 768
+#line 771
allow system_server property_socket:sock_file write;
-#line 768
+#line 771
allow system_server init:unix_stream_socket connectto;
-#line 768
+#line 771
-#line 768
+#line 771
allow system_server pm_prop:property_service set;
-#line 768
+#line 771
-#line 768
+#line 771
allow system_server pm_prop:file { getattr open read map };
-#line 768
+#line 771
-#line 768
+#line 771
-#line 769
+#line 772
-#line 769
+#line 772
allow system_server property_socket:sock_file write;
-#line 769
+#line 772
allow system_server init:unix_stream_socket connectto;
-#line 769
+#line 772
-#line 769
+#line 772
allow system_server exported_pm_prop:property_service set;
-#line 769
+#line 772
-#line 769
+#line 772
allow system_server exported_pm_prop:file { getattr open read map };
-#line 769
+#line 772
-#line 769
+#line 772
-#line 770
+#line 773
-#line 770
+#line 773
allow system_server property_socket:sock_file write;
-#line 770
+#line 773
allow system_server init:unix_stream_socket connectto;
-#line 770
+#line 773
-#line 770
+#line 773
allow system_server socket_hook_prop:property_service set;
-#line 770
+#line 773
-#line 770
+#line 773
allow system_server socket_hook_prop:file { getattr open read map };
-#line 770
+#line 773
-#line 770
+#line 773
-#line 771
+#line 774
-#line 771
+#line 774
allow system_server property_socket:sock_file write;
-#line 771
+#line 774
allow system_server init:unix_stream_socket connectto;
-#line 771
+#line 774
-#line 771
+#line 774
allow system_server audio_prop:property_service set;
-#line 771
+#line 774
-#line 771
+#line 774
allow system_server audio_prop:file { getattr open read map };
-#line 771
+#line 774
-#line 771
+#line 774
-#line 772
+#line 775
-#line 772
+#line 775
allow system_server property_socket:sock_file write;
-#line 772
+#line 775
allow system_server init:unix_stream_socket connectto;
-#line 772
+#line 775
-#line 772
+#line 775
allow system_server boot_status_prop:property_service set;
-#line 772
+#line 775
-#line 772
+#line 775
allow system_server boot_status_prop:file { getattr open read map };
-#line 772
+#line 775
-#line 772
+#line 775
-#line 773
+#line 776
-#line 773
+#line 776
allow system_server property_socket:sock_file write;
-#line 773
+#line 776
allow system_server init:unix_stream_socket connectto;
-#line 773
+#line 776
-#line 773
+#line 776
allow system_server surfaceflinger_color_prop:property_service set;
-#line 773
+#line 776
-#line 773
+#line 776
allow system_server surfaceflinger_color_prop:file { getattr open read map };
-#line 773
+#line 776
-#line 773
+#line 776
-#line 774
+#line 777
-#line 774
+#line 777
allow system_server property_socket:sock_file write;
-#line 774
+#line 777
allow system_server init:unix_stream_socket connectto;
-#line 774
+#line 777
-#line 774
+#line 777
allow system_server provisioned_prop:property_service set;
-#line 774
+#line 777
-#line 774
+#line 777
allow system_server provisioned_prop:file { getattr open read map };
-#line 774
+#line 777
-#line 774
+#line 777
-#line 775
+#line 778
-#line 775
+#line 778
allow system_server property_socket:sock_file write;
-#line 775
+#line 778
allow system_server init:unix_stream_socket connectto;
-#line 775
+#line 778
-#line 775
+#line 778
allow system_server retaildemo_prop:property_service set;
-#line 775
+#line 778
-#line 775
+#line 778
allow system_server retaildemo_prop:file { getattr open read map };
-#line 775
+#line 778
-#line 775
+#line 778
-#line 776
+#line 779
-#line 776
+#line 779
allow system_server property_socket:sock_file write;
-#line 776
+#line 779
allow system_server init:unix_stream_socket connectto;
-#line 776
+#line 779
-#line 776
+#line 779
allow system_server dmesgd_start_prop:property_service set;
-#line 776
+#line 779
-#line 776
+#line 779
allow system_server dmesgd_start_prop:file { getattr open read map };
-#line 776
+#line 779
-#line 776
+#line 779
-#line 777
+#line 780
-#line 777
+#line 780
allow system_server property_socket:sock_file write;
-#line 777
+#line 780
allow system_server init:unix_stream_socket connectto;
-#line 777
+#line 780
-#line 777
+#line 780
allow system_server locale_prop:property_service set;
-#line 777
+#line 780
-#line 777
+#line 780
allow system_server locale_prop:file { getattr open read map };
-#line 777
+#line 780
-#line 777
+#line 780
-#line 778
+#line 781
-#line 778
+#line 781
allow system_server property_socket:sock_file write;
-#line 778
+#line 781
allow system_server init:unix_stream_socket connectto;
-#line 778
+#line 781
-#line 778
+#line 781
allow system_server timezone_metadata_prop:property_service set;
-#line 778
+#line 781
-#line 778
+#line 781
allow system_server timezone_metadata_prop:file { getattr open read map };
-#line 778
+#line 781
-#line 778
+#line 781
-#line 779
+#line 782
-#line 779
+#line 782
allow system_server property_socket:sock_file write;
-#line 779
+#line 782
allow system_server init:unix_stream_socket connectto;
-#line 779
+#line 782
-#line 779
+#line 782
allow system_server timezone_prop:property_service set;
-#line 779
+#line 782
-#line 779
+#line 782
allow system_server timezone_prop:file { getattr open read map };
-#line 779
+#line 782
-#line 779
+#line 782
-#line 780
+#line 783
-#line 780
+#line 783
allow system_server property_socket:sock_file write;
-#line 780
+#line 783
allow system_server init:unix_stream_socket connectto;
-#line 780
+#line 783
-#line 780
+#line 783
allow system_server crashrecovery_prop:property_service set;
-#line 780
+#line 783
-#line 780
+#line 783
allow system_server crashrecovery_prop:file { getattr open read map };
-#line 780
+#line 783
-#line 780
+#line 783
# ctl interface
-#line 785
+#line 788
-#line 785
+#line 788
allow system_server property_socket:sock_file write;
-#line 785
+#line 788
allow system_server init:unix_stream_socket connectto;
-#line 785
+#line 788
-#line 785
+#line 788
allow system_server ctl_default_prop:property_service set;
-#line 785
+#line 788
-#line 785
+#line 788
allow system_server ctl_default_prop:file { getattr open read map };
-#line 785
+#line 788
-#line 785
+#line 788
-#line 786
+#line 789
-#line 786
+#line 789
allow system_server property_socket:sock_file write;
-#line 786
+#line 789
allow system_server init:unix_stream_socket connectto;
-#line 786
+#line 789
-#line 786
+#line 789
allow system_server ctl_bugreport_prop:property_service set;
-#line 786
+#line 789
-#line 786
+#line 789
allow system_server ctl_bugreport_prop:file { getattr open read map };
-#line 786
+#line 789
-#line 786
+#line 789
-#line 787
+#line 790
-#line 787
+#line 790
allow system_server property_socket:sock_file write;
-#line 787
+#line 790
allow system_server init:unix_stream_socket connectto;
-#line 787
+#line 790
-#line 787
+#line 790
allow system_server ctl_gsid_prop:property_service set;
-#line 787
+#line 790
-#line 787
+#line 790
allow system_server ctl_gsid_prop:file { getattr open read map };
-#line 787
+#line 790
-#line 787
+#line 790
-#line 788
+#line 791
-#line 788
+#line 791
allow system_server property_socket:sock_file write;
-#line 788
+#line 791
allow system_server init:unix_stream_socket connectto;
-#line 788
+#line 791
-#line 788
+#line 791
allow system_server ctl_artd_pre_reboot_prop:property_service set;
-#line 788
+#line 791
-#line 788
+#line 791
allow system_server ctl_artd_pre_reboot_prop:file { getattr open read map };
-#line 788
+#line 791
-#line 788
+#line 791
# cppreopt property
-#line 791
+#line 794
-#line 791
+#line 794
allow system_server property_socket:sock_file write;
-#line 791
+#line 794
allow system_server init:unix_stream_socket connectto;
-#line 791
+#line 794
-#line 791
+#line 794
allow system_server cppreopt_prop:property_service set;
-#line 791
+#line 794
-#line 791
+#line 794
allow system_server cppreopt_prop:file { getattr open read map };
-#line 791
+#line 794
-#line 791
+#line 794
# server configurable flags properties
-#line 794
+#line 797
-#line 794
+#line 797
allow system_server property_socket:sock_file write;
-#line 794
+#line 797
allow system_server init:unix_stream_socket connectto;
-#line 794
+#line 797
-#line 794
+#line 797
allow system_server device_config_core_experiments_team_internal_prop:property_service set;
-#line 794
+#line 797
-#line 794
+#line 797
allow system_server device_config_core_experiments_team_internal_prop:file { getattr open read map };
-#line 794
+#line 797
-#line 794
+#line 797
-#line 795
+#line 798
-#line 795
+#line 798
allow system_server property_socket:sock_file write;
-#line 795
+#line 798
allow system_server init:unix_stream_socket connectto;
-#line 795
+#line 798
-#line 795
+#line 798
allow system_server device_config_edgetpu_native_prop:property_service set;
-#line 795
+#line 798
-#line 795
+#line 798
allow system_server device_config_edgetpu_native_prop:file { getattr open read map };
-#line 795
+#line 798
-#line 795
+#line 798
-#line 796
+#line 799
-#line 796
+#line 799
allow system_server property_socket:sock_file write;
-#line 796
+#line 799
allow system_server init:unix_stream_socket connectto;
-#line 796
+#line 799
-#line 796
+#line 799
allow system_server device_config_input_native_boot_prop:property_service set;
-#line 796
+#line 799
-#line 796
+#line 799
allow system_server device_config_input_native_boot_prop:file { getattr open read map };
-#line 796
+#line 799
-#line 796
+#line 799
-#line 797
+#line 800
-#line 797
+#line 800
allow system_server property_socket:sock_file write;
-#line 797
+#line 800
allow system_server init:unix_stream_socket connectto;
-#line 797
+#line 800
-#line 797
+#line 800
allow system_server device_config_netd_native_prop:property_service set;
-#line 797
+#line 800
-#line 797
+#line 800
allow system_server device_config_netd_native_prop:file { getattr open read map };
-#line 797
+#line 800
-#line 797
+#line 800
-#line 798
+#line 801
-#line 798
+#line 801
allow system_server property_socket:sock_file write;
-#line 798
+#line 801
allow system_server init:unix_stream_socket connectto;
-#line 798
+#line 801
-#line 798
+#line 801
allow system_server device_config_nnapi_native_prop:property_service set;
-#line 798
+#line 801
-#line 798
+#line 801
allow system_server device_config_nnapi_native_prop:file { getattr open read map };
-#line 798
+#line 801
-#line 798
+#line 801
-#line 799
+#line 802
-#line 799
+#line 802
allow system_server property_socket:sock_file write;
-#line 799
+#line 802
allow system_server init:unix_stream_socket connectto;
-#line 799
+#line 802
-#line 799
+#line 802
allow system_server device_config_activity_manager_native_boot_prop:property_service set;
-#line 799
+#line 802
-#line 799
+#line 802
allow system_server device_config_activity_manager_native_boot_prop:file { getattr open read map };
-#line 799
+#line 802
-#line 799
+#line 802
-#line 800
+#line 803
-#line 800
+#line 803
allow system_server property_socket:sock_file write;
-#line 800
+#line 803
allow system_server init:unix_stream_socket connectto;
-#line 800
+#line 803
-#line 800
+#line 803
allow system_server device_config_runtime_native_boot_prop:property_service set;
-#line 800
+#line 803
-#line 800
+#line 803
allow system_server device_config_runtime_native_boot_prop:file { getattr open read map };
-#line 800
+#line 803
-#line 800
+#line 803
-#line 801
+#line 804
-#line 801
+#line 804
allow system_server property_socket:sock_file write;
-#line 801
+#line 804
allow system_server init:unix_stream_socket connectto;
-#line 801
+#line 804
-#line 801
+#line 804
allow system_server device_config_runtime_native_prop:property_service set;
-#line 801
+#line 804
-#line 801
+#line 804
allow system_server device_config_runtime_native_prop:file { getattr open read map };
-#line 801
+#line 804
-#line 801
+#line 804
-#line 802
+#line 805
-#line 802
+#line 805
allow system_server property_socket:sock_file write;
-#line 802
+#line 805
allow system_server init:unix_stream_socket connectto;
-#line 802
+#line 805
-#line 802
+#line 805
allow system_server device_config_lmkd_native_prop:property_service set;
-#line 802
+#line 805
-#line 802
+#line 805
allow system_server device_config_lmkd_native_prop:file { getattr open read map };
-#line 802
+#line 805
-#line 802
+#line 805
-#line 803
+#line 806
-#line 803
+#line 806
allow system_server property_socket:sock_file write;
-#line 803
+#line 806
allow system_server init:unix_stream_socket connectto;
-#line 803
+#line 806
-#line 803
+#line 806
allow system_server device_config_media_native_prop:property_service set;
-#line 803
+#line 806
-#line 803
+#line 806
allow system_server device_config_media_native_prop:file { getattr open read map };
-#line 803
+#line 806
-#line 803
+#line 806
-#line 804
+#line 807
-#line 804
+#line 807
allow system_server property_socket:sock_file write;
-#line 804
+#line 807
allow system_server init:unix_stream_socket connectto;
-#line 804
+#line 807
-#line 804
+#line 807
allow system_server device_config_camera_native_prop:property_service set;
-#line 804
+#line 807
-#line 804
+#line 807
allow system_server device_config_camera_native_prop:file { getattr open read map };
-#line 804
+#line 807
-#line 804
+#line 807
-#line 805
+#line 808
-#line 805
+#line 808
allow system_server property_socket:sock_file write;
-#line 805
+#line 808
allow system_server init:unix_stream_socket connectto;
-#line 805
+#line 808
-#line 805
+#line 808
allow system_server device_config_mglru_native_prop:property_service set;
-#line 805
+#line 808
-#line 805
+#line 808
allow system_server device_config_mglru_native_prop:file { getattr open read map };
-#line 805
+#line 808
-#line 805
+#line 808
-#line 806
+#line 809
-#line 806
+#line 809
allow system_server property_socket:sock_file write;
-#line 806
+#line 809
allow system_server init:unix_stream_socket connectto;
-#line 806
+#line 809
-#line 806
+#line 809
allow system_server device_config_profcollect_native_boot_prop:property_service set;
-#line 806
+#line 809
-#line 806
+#line 809
allow system_server device_config_profcollect_native_boot_prop:file { getattr open read map };
-#line 806
+#line 809
-#line 806
+#line 809
-#line 807
+#line 810
-#line 807
+#line 810
allow system_server property_socket:sock_file write;
-#line 807
+#line 810
allow system_server init:unix_stream_socket connectto;
-#line 807
+#line 810
-#line 807
+#line 810
allow system_server device_config_statsd_native_prop:property_service set;
-#line 807
+#line 810
-#line 807
+#line 810
allow system_server device_config_statsd_native_prop:file { getattr open read map };
-#line 807
+#line 810
-#line 807
+#line 810
-#line 808
+#line 811
-#line 808
+#line 811
allow system_server property_socket:sock_file write;
-#line 808
+#line 811
allow system_server init:unix_stream_socket connectto;
-#line 808
+#line 811
-#line 808
+#line 811
allow system_server device_config_statsd_native_boot_prop:property_service set;
-#line 808
+#line 811
-#line 808
+#line 811
allow system_server device_config_statsd_native_boot_prop:file { getattr open read map };
-#line 808
+#line 811
-#line 808
+#line 811
-#line 809
+#line 812
-#line 809
+#line 812
allow system_server property_socket:sock_file write;
-#line 809
+#line 812
allow system_server init:unix_stream_socket connectto;
-#line 809
+#line 812
-#line 809
+#line 812
allow system_server device_config_storage_native_boot_prop:property_service set;
-#line 809
+#line 812
-#line 809
+#line 812
allow system_server device_config_storage_native_boot_prop:file { getattr open read map };
-#line 809
+#line 812
-#line 809
+#line 812
-#line 810
+#line 813
-#line 810
+#line 813
allow system_server property_socket:sock_file write;
-#line 810
+#line 813
allow system_server init:unix_stream_socket connectto;
-#line 810
+#line 813
-#line 810
+#line 813
allow system_server device_config_swcodec_native_prop:property_service set;
-#line 810
+#line 813
-#line 810
+#line 813
allow system_server device_config_swcodec_native_prop:file { getattr open read map };
-#line 810
+#line 813
-#line 810
+#line 813
-#line 811
+#line 814
-#line 811
+#line 814
allow system_server property_socket:sock_file write;
-#line 811
+#line 814
allow system_server init:unix_stream_socket connectto;
-#line 811
+#line 814
-#line 811
+#line 814
allow system_server device_config_sys_traced_prop:property_service set;
-#line 811
+#line 814
-#line 811
+#line 814
allow system_server device_config_sys_traced_prop:file { getattr open read map };
-#line 811
+#line 814
-#line 811
+#line 814
-#line 812
+#line 815
-#line 812
+#line 815
allow system_server property_socket:sock_file write;
-#line 812
+#line 815
allow system_server init:unix_stream_socket connectto;
-#line 812
+#line 815
-#line 812
+#line 815
allow system_server device_config_window_manager_native_boot_prop:property_service set;
-#line 812
+#line 815
-#line 812
+#line 815
allow system_server device_config_window_manager_native_boot_prop:file { getattr open read map };
-#line 812
+#line 815
-#line 812
+#line 815
-#line 813
+#line 816
-#line 813
+#line 816
allow system_server property_socket:sock_file write;
-#line 813
+#line 816
allow system_server init:unix_stream_socket connectto;
-#line 813
+#line 816
-#line 813
+#line 816
allow system_server device_config_configuration_prop:property_service set;
-#line 813
+#line 816
-#line 813
+#line 816
allow system_server device_config_configuration_prop:file { getattr open read map };
-#line 813
+#line 816
-#line 813
+#line 816
-#line 814
+#line 817
-#line 814
+#line 817
allow system_server property_socket:sock_file write;
-#line 814
+#line 817
allow system_server init:unix_stream_socket connectto;
-#line 814
+#line 817
-#line 814
+#line 817
allow system_server device_config_connectivity_prop:property_service set;
-#line 814
+#line 817
-#line 814
+#line 817
allow system_server device_config_connectivity_prop:file { getattr open read map };
-#line 814
+#line 817
-#line 814
+#line 817
-#line 815
+#line 818
-#line 815
+#line 818
allow system_server property_socket:sock_file write;
-#line 815
+#line 818
allow system_server init:unix_stream_socket connectto;
-#line 815
+#line 818
-#line 815
+#line 818
allow system_server device_config_surface_flinger_native_boot_prop:property_service set;
-#line 815
+#line 818
-#line 815
+#line 818
allow system_server device_config_surface_flinger_native_boot_prop:file { getattr open read map };
-#line 815
+#line 818
-#line 815
+#line 818
-#line 816
+#line 819
-#line 816
+#line 819
allow system_server property_socket:sock_file write;
-#line 816
+#line 819
allow system_server init:unix_stream_socket connectto;
-#line 816
+#line 819
-#line 816
+#line 819
allow system_server device_config_aconfig_flags_prop:property_service set;
-#line 816
+#line 819
-#line 816
+#line 819
allow system_server device_config_aconfig_flags_prop:file { getattr open read map };
-#line 816
+#line 819
-#line 816
+#line 819
-#line 817
+#line 820
-#line 817
+#line 820
allow system_server property_socket:sock_file write;
-#line 817
+#line 820
allow system_server init:unix_stream_socket connectto;
-#line 817
+#line 820
-#line 817
+#line 820
allow system_server device_config_vendor_system_native_prop:property_service set;
-#line 817
+#line 820
-#line 817
+#line 820
allow system_server device_config_vendor_system_native_prop:file { getattr open read map };
-#line 817
+#line 820
-#line 817
+#line 820
-#line 818
+#line 821
-#line 818
+#line 821
allow system_server property_socket:sock_file write;
-#line 818
+#line 821
allow system_server init:unix_stream_socket connectto;
-#line 818
+#line 821
-#line 818
+#line 821
allow system_server device_config_vendor_system_native_boot_prop:property_service set;
-#line 818
+#line 821
-#line 818
+#line 821
allow system_server device_config_vendor_system_native_boot_prop:file { getattr open read map };
-#line 818
+#line 821
-#line 818
+#line 821
-#line 819
+#line 822
-#line 819
+#line 822
allow system_server property_socket:sock_file write;
-#line 819
+#line 822
allow system_server init:unix_stream_socket connectto;
-#line 819
+#line 822
-#line 819
+#line 822
allow system_server device_config_virtualization_framework_native_prop:property_service set;
-#line 819
+#line 822
-#line 819
+#line 822
allow system_server device_config_virtualization_framework_native_prop:file { getattr open read map };
-#line 819
+#line 822
-#line 819
+#line 822
-#line 820
+#line 823
-#line 820
+#line 823
allow system_server property_socket:sock_file write;
-#line 820
+#line 823
allow system_server init:unix_stream_socket connectto;
-#line 820
+#line 823
-#line 820
+#line 823
allow system_server device_config_memory_safety_native_boot_prop:property_service set;
-#line 820
+#line 823
-#line 820
+#line 823
allow system_server device_config_memory_safety_native_boot_prop:file { getattr open read map };
-#line 820
+#line 823
-#line 820
+#line 823
-#line 821
+#line 824
-#line 821
+#line 824
allow system_server property_socket:sock_file write;
-#line 821
+#line 824
allow system_server init:unix_stream_socket connectto;
-#line 821
+#line 824
-#line 821
+#line 824
allow system_server device_config_memory_safety_native_prop:property_service set;
-#line 821
+#line 824
-#line 821
+#line 824
allow system_server device_config_memory_safety_native_prop:file { getattr open read map };
-#line 821
+#line 824
-#line 821
+#line 824
-#line 822
+#line 825
-#line 822
+#line 825
allow system_server property_socket:sock_file write;
-#line 822
+#line 825
allow system_server init:unix_stream_socket connectto;
-#line 822
+#line 825
-#line 822
+#line 825
allow system_server device_config_remote_key_provisioning_native_prop:property_service set;
-#line 822
+#line 825
-#line 822
+#line 825
allow system_server device_config_remote_key_provisioning_native_prop:file { getattr open read map };
-#line 822
+#line 825
-#line 822
+#line 825
-#line 823
+#line 826
-#line 823
+#line 826
allow system_server property_socket:sock_file write;
-#line 823
+#line 826
allow system_server init:unix_stream_socket connectto;
-#line 823
+#line 826
-#line 823
+#line 826
allow system_server device_config_tethering_u_or_later_native_prop:property_service set;
-#line 823
+#line 826
-#line 823
+#line 826
allow system_server device_config_tethering_u_or_later_native_prop:file { getattr open read map };
-#line 823
+#line 826
-#line 823
+#line 826
-#line 824
+#line 827
-#line 824
+#line 827
allow system_server property_socket:sock_file write;
-#line 824
+#line 827
allow system_server init:unix_stream_socket connectto;
-#line 824
+#line 827
-#line 824
+#line 827
allow system_server device_config_mmd_native_prop:property_service set;
-#line 824
+#line 827
-#line 824
+#line 827
allow system_server device_config_mmd_native_prop:file { getattr open read map };
-#line 824
+#line 827
-#line 824
+#line 827
-#line 825
+#line 828
-#line 825
+#line 828
allow system_server property_socket:sock_file write;
-#line 825
+#line 828
allow system_server init:unix_stream_socket connectto;
-#line 825
+#line 828
-#line 825
+#line 828
allow system_server smart_idle_maint_enabled_prop:property_service set;
-#line 825
+#line 828
-#line 825
+#line 828
allow system_server smart_idle_maint_enabled_prop:file { getattr open read map };
-#line 825
+#line 828
-#line 825
+#line 828
-#line 826
+#line 829
-#line 826
+#line 829
allow system_server property_socket:sock_file write;
-#line 826
+#line 829
allow system_server init:unix_stream_socket connectto;
-#line 826
+#line 829
-#line 826
+#line 829
allow system_server arm64_memtag_prop:property_service set;
-#line 826
+#line 829
-#line 826
+#line 829
allow system_server arm64_memtag_prop:file { getattr open read map };
-#line 826
+#line 829
-#line 826
+#line 829
# staged flag properties
-#line 829
+#line 832
-#line 829
+#line 832
allow system_server property_socket:sock_file write;
-#line 829
+#line 832
allow system_server init:unix_stream_socket connectto;
-#line 829
+#line 832
-#line 829
+#line 832
allow system_server next_boot_prop:property_service set;
-#line 829
+#line 832
-#line 829
+#line 832
allow system_server next_boot_prop:file { getattr open read map };
-#line 829
+#line 832
-#line 829
+#line 832
# Allow system server to read pm.16kb.app_compat.disabled
-#line 832
+#line 835
allow system_server pm_16kb_app_compat_prop:file { getattr open read map };
-#line 832
+#line 835
# Allow query ART device config properties
-#line 835
+#line 838
allow system_server device_config_runtime_native_boot_prop:file { getattr open read map };
-#line 835
+#line 838
-#line 836
+#line 839
allow system_server device_config_runtime_native_prop:file { getattr open read map };
-#line 836
+#line 839
# BootReceiver to read ro.boot.bootreason
-#line 839
+#line 842
allow system_server bootloader_boot_reason_prop:file { getattr open read map };
-#line 839
+#line 842
# PowerManager to read sys.boot.reason
-#line 841
+#line 844
allow system_server system_boot_reason_prop:file { getattr open read map };
-#line 841
+#line 844
# Collect metrics on boot time created by init
-#line 844
+#line 847
allow system_server boottime_prop:file { getattr open read map };
-#line 844
+#line 847
# Read device's serial number from system properties
-#line 847
+#line 850
allow system_server serialno_prop:file { getattr open read map };
-#line 847
+#line 850
+
+
+# Read whether uvc gadget is enabled
+
+#line 853
+allow system_server usb_uvc_enabled_prop:file { getattr open read map };
+#line 853
# Read/write the property which keeps track of whether this is the first start of system_server
-#line 850
+#line 856
-#line 850
+#line 856
allow system_server property_socket:sock_file write;
-#line 850
+#line 856
allow system_server init:unix_stream_socket connectto;
-#line 850
+#line 856
-#line 850
+#line 856
allow system_server firstboot_prop:property_service set;
-#line 850
+#line 856
-#line 850
+#line 856
allow system_server firstboot_prop:file { getattr open read map };
-#line 850
+#line 856
-#line 850
+#line 856
# Audio service in system server can read audio config properties,
# such as camera shutter enforcement
-#line 854
+#line 860
allow system_server audio_config_prop:file { getattr open read map };
-#line 854
+#line 860
# StorageManager service reads media config while checking if transcoding is supported.
-#line 857
+#line 863
allow system_server media_config_prop:file { getattr open read map };
-#line 857
+#line 863
# system server reads this property to keep track of whether server configurable flags have been
# reset during current boot.
-#line 861
+#line 867
allow system_server device_config_reset_performed_prop:file { getattr open read map };
-#line 861
+#line 867
# Read/write the property that enables Test Harness Mode
-#line 864
+#line 870
-#line 864
+#line 870
allow system_server property_socket:sock_file write;
-#line 864
+#line 870
allow system_server init:unix_stream_socket connectto;
-#line 864
+#line 870
-#line 864
+#line 870
allow system_server test_harness_prop:property_service set;
-#line 864
+#line 870
-#line 864
+#line 870
allow system_server test_harness_prop:file { getattr open read map };
-#line 864
+#line 870
-#line 864
+#line 870
# Read gsid.image_running.
-#line 867
+#line 873
allow system_server gsid_prop:file { getattr open read map };
-#line 867
+#line 873
# Read the property that mocks an OTA
-#line 870
+#line 876
allow system_server mock_ota_prop:file { getattr open read map };
-#line 870
+#line 876
# Read the property as feature flag for protecting apks with fs-verity.
-#line 873
+#line 879
allow system_server apk_verity_prop:file { getattr open read map };
-#line 873
+#line 879
# Read wifi.interface
-#line 876
+#line 882
allow system_server wifi_prop:file { getattr open read map };
-#line 876
+#line 882
# Read the vendor property that indicates if Incremental features is enabled
-#line 879
+#line 885
allow system_server incremental_prop:file { getattr open read map };
-#line 879
+#line 885
# Read ro.zram. properties
-#line 882
+#line 888
allow system_server zram_config_prop:file { getattr open read map };
-#line 882
+#line 888
# Read/write persist.sys.zram_enabled
-#line 885
+#line 891
-#line 885
+#line 891
allow system_server property_socket:sock_file write;
-#line 885
+#line 891
allow system_server init:unix_stream_socket connectto;
-#line 885
+#line 891
-#line 885
+#line 891
allow system_server zram_control_prop:property_service set;
-#line 885
+#line 891
-#line 885
+#line 891
allow system_server zram_control_prop:file { getattr open read map };
-#line 885
+#line 891
-#line 885
+#line 891
# Read/write persist.sys.dalvik.vm.lib.2
-#line 888
+#line 894
-#line 888
+#line 894
allow system_server property_socket:sock_file write;
-#line 888
+#line 894
allow system_server init:unix_stream_socket connectto;
-#line 888
+#line 894
-#line 888
+#line 894
allow system_server dalvik_runtime_prop:property_service set;
-#line 888
+#line 894
-#line 888
+#line 894
allow system_server dalvik_runtime_prop:file { getattr open read map };
-#line 888
+#line 894
-#line 888
+#line 894
# Read ro.control_privapp_permissions and ro.cp_system_other_odex
-#line 891
+#line 897
allow system_server packagemanager_config_prop:file { getattr open read map };
-#line 891
+#line 897
# Read the net.464xlat.cellular.enabled property (written by init).
-#line 894
+#line 900
allow system_server net_464xlat_fromvendor_prop:file { getattr open read map };
-#line 894
+#line 900
# Read hypervisor capabilities ro.boot.hypervisor.*
-#line 897
+#line 903
allow system_server hypervisor_prop:file { getattr open read map };
-#line 897
+#line 903
# Read persist.wm.debug. properties
-#line 900
+#line 906
allow system_server persist_wm_debug_prop:file { getattr open read map };
-#line 900
+#line 906
+
+
+#line 907
+
+#line 907
+allow system_server property_socket:sock_file write;
+#line 907
+allow system_server init:unix_stream_socket connectto;
+#line 907
+
+#line 907
+allow system_server persist_wm_debug_prop:property_service set;
+#line 907
+
+#line 907
+allow system_server persist_wm_debug_prop:file { getattr open read map };
+#line 907
+
+#line 907
# Read persist.sysui.notification.builder_extras_override property
-#line 903
+#line 910
allow system_server persist_sysui_builder_extras_prop:file { getattr open read map };
-#line 903
+#line 910
# Read persist.sysui.notification.ranking_update_ashmem property
-#line 905
+#line 912
allow system_server persist_sysui_ranking_update_prop:file { getattr open read map };
-#line 905
+#line 912
# Read ro.tuner.lazyhal
-#line 908
+#line 915
allow system_server tuner_config_prop:file { getattr open read map };
-#line 908
+#line 915
# Write tuner.server.enable
-#line 910
+#line 917
-#line 910
+#line 917
allow system_server property_socket:sock_file write;
-#line 910
+#line 917
allow system_server init:unix_stream_socket connectto;
-#line 910
+#line 917
-#line 910
+#line 917
allow system_server tuner_server_ctl_prop:property_service set;
-#line 910
+#line 917
-#line 910
+#line 917
allow system_server tuner_server_ctl_prop:file { getattr open read map };
-#line 910
+#line 917
-#line 910
+#line 917
# Allow the heap dump ART plugin to the count of sessions waiting for OOME
-#line 913
+#line 920
allow system_server traced_oome_heap_session_count_prop:file { getattr open read map };
-#line 913
+#line 920
# Allow the sensor service (running in the system service) to read sensor
# configuration properties
-#line 917
+#line 924
allow system_server sensors_config_prop:file { getattr open read map };
-#line 917
+#line 924
# Allow system server to determine if system services are enabled
-#line 920
+#line 927
allow system_server system_service_enable_prop:file { getattr open read map };
-#line 920
+#line 927
+
+
+# Allow system server to read shared mmd properties
+
+#line 930
+allow system_server mmd_shared_prop:file { getattr open read map };
+#line 930
# Create a socket for connections from debuggerd.
@@ -76141,11 +76598,11 @@
# Read and delete files under /dev/fscklogs.
-#line 960
+#line 970
allow system_server fscklogs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 960
+#line 970
allow system_server fscklogs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 960
+#line 970
allow system_server fscklogs:dir { write remove_name add_name };
allow system_server fscklogs:file rename;
@@ -76156,22 +76613,22 @@
# Read from log daemon.
-#line 969
+#line 979
allow system_server logcat_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
-#line 969
+#line 979
-#line 969
+#line 979
allow system_server logdr_socket:sock_file write;
-#line 969
+#line 979
allow system_server logd:unix_stream_socket connectto;
-#line 969
+#line 979
-#line 969
+#line 979
-#line 970
+#line 980
allow system_server runtime_event_log_tags_file:file { getattr open read ioctl lock map watch watch_reads };
-#line 970
+#line 980
# Be consistent with DAC permissions. Allow system_server to write to
@@ -76193,19 +76650,19 @@
allow system_server kernel:security read_policy;
-#line 990
+#line 1000
allow system_server system_server_service:service_manager { add find };
-#line 990
+#line 1000
neverallow { domain -system_server } system_server_service:service_manager add;
-#line 990
+#line 1000
-#line 990
+#line 1000
# On debug builds with root, allow binder services to use binder over TCP.
-#line 990
+#line 1000
# Not using rw_socket_perms_no_ioctl to avoid granting too many permissions.
-#line 990
+#line 1000
-#line 990
+#line 1000
;
allow system_server artd_service:service_manager find;
allow system_server artd_pre_reboot_service:service_manager find;
@@ -76247,31 +76704,31 @@
allow system_server update_engine_service:service_manager find;
allow system_server virtual_camera_service:service_manager find;
-#line 1030
+#line 1040
allow system_server virtualization_maintenance_service:service_manager find;
-#line 1032
+#line 1042
allow system_server vold_service:service_manager find;
allow system_server wifinl80211_service:service_manager find;
allow system_server logd_service:service_manager find;
-#line 1038
+#line 1048
allow system_server wifi_mainline_supplicant_service:service_manager find;
-#line 1041
+#line 1051
allow system_server batteryproperties_service:service_manager { add find };
-#line 1041
+#line 1051
neverallow { domain -system_server } batteryproperties_service:service_manager add;
-#line 1041
+#line 1051
-#line 1041
+#line 1051
# On debug builds with root, allow binder services to use binder over TCP.
-#line 1041
+#line 1051
# Not using rw_socket_perms_no_ioctl to avoid granting too many permissions.
-#line 1041
+#line 1051
-#line 1041
+#line 1051
allow system_server keystore:keystore2 {
@@ -76340,11 +76797,11 @@
# /oem access
-#line 1108
+#line 1118
allow system_server oemfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1108
+#line 1118
allow system_server oemfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1108
+#line 1118
# Allow resolving per-user storage symlinks
@@ -76363,7 +76820,7 @@
allow system_server fingerprintd_data_file:dir { { open getattr read search ioctl lock watch watch_reads } remove_name rmdir relabelto write };
allow system_server fingerprintd_data_file:file { getattr unlink };
-#line 1141
+#line 1151
# For AppFuse.
@@ -76383,56 +76840,59 @@
# Read service.adb.tls.port, persist.adb.wifi. properties
-#line 1159
+#line 1169
allow system_server adbd_prop:file { getattr open read map };
-#line 1159
+#line 1169
# Set persist.adb.tls_server.enable property
-#line 1162
+#line 1172
-#line 1162
+#line 1172
allow system_server property_socket:sock_file write;
-#line 1162
+#line 1172
allow system_server init:unix_stream_socket connectto;
-#line 1162
+#line 1172
-#line 1162
+#line 1172
allow system_server system_adbd_prop:property_service set;
-#line 1162
+#line 1172
-#line 1162
+#line 1172
allow system_server system_adbd_prop:file { getattr open read map };
-#line 1162
+#line 1172
-#line 1162
+#line 1172
# Set service.adbd.tradeinmode from ITradeInService.
-#line 1165
+#line 1175
-#line 1165
+#line 1175
allow system_server property_socket:sock_file write;
-#line 1165
+#line 1175
allow system_server init:unix_stream_socket connectto;
-#line 1165
+#line 1175
-#line 1165
+#line 1175
allow system_server adbd_tradeinmode_prop:property_service set;
-#line 1165
+#line 1175
-#line 1165
+#line 1175
allow system_server adbd_tradeinmode_prop:file { getattr open read map };
-#line 1165
+#line 1175
-#line 1165
+#line 1175
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
+# Allow invoking pbtombstone
+allow system_server pbtombstone_exec:file { { getattr open read ioctl lock map watch watch_reads } { getattr execute execute_no_trans map } };
+
# Allow system process to setup fs-verity
allowxperm system_server { apk_data_file apk_tmp_file system_data_file apex_system_server_data_file }:file ioctl 0x6685;
@@ -76444,19 +76904,19 @@
#
# For OTA dexopt, allow calls coming from postinstall.
-#line 1180
+#line 1193
# Call the server domain and optionally transfer references to it.
-#line 1180
+#line 1193
allow system_server postinstall:binder { call transfer };
-#line 1180
+#line 1193
# Allow the serverdomain to transfer references to the client on the reply.
-#line 1180
+#line 1193
allow postinstall system_server:binder transfer;
-#line 1180
+#line 1193
# Receive and use open files from the server.
-#line 1180
+#line 1193
allow system_server postinstall:fd use;
-#line 1180
+#line 1193
allow system_server postinstall:fifo_file write;
@@ -76470,18 +76930,18 @@
allow system_server preloads_media_file:dir { { open getattr read search ioctl lock watch watch_reads } write remove_name rmdir };
-#line 1192
+#line 1205
allow system_server cgroup:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1192
+#line 1205
allow system_server cgroup:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1192
+#line 1205
-#line 1193
+#line 1206
allow system_server cgroup_v2:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1193
+#line 1206
allow system_server cgroup_v2:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1193
+#line 1206
allow system_server ion_device:chr_file { getattr open read ioctl lock map watch watch_reads };
@@ -76491,25 +76951,25 @@
allow system_server dmabuf_system_secure_heap_device:chr_file { getattr open read ioctl lock map watch watch_reads };
-#line 1201
+#line 1214
allow system_server proc_asound:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1201
+#line 1214
allow system_server proc_asound:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1201
+#line 1214
-#line 1202
+#line 1215
allow system_server proc_net_type:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1202
+#line 1215
allow system_server proc_net_type:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1202
+#line 1215
-#line 1203
+#line 1216
allow system_server proc_qtaguid_stat:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1203
+#line 1216
allow system_server proc_qtaguid_stat:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1203
+#line 1216
allow system_server {
proc_cmdline
@@ -76532,11 +76992,11 @@
allow system_server proc_uid_cpupower:file { getattr open read ioctl lock map watch watch_reads };
-#line 1224
+#line 1237
allow system_server rootfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1224
+#line 1237
allow system_server rootfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1224
+#line 1237
# Allow WifiService to start, stop, and read wifi-specific trace events.
@@ -76553,7 +77013,7 @@
# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run
# asanwrapper.
-#line 1244
+#line 1257
# allow system_server to read the eBPF maps that stores the traffic stats information and update
@@ -76576,39 +77036,39 @@
# Allow system_server to start clatd in its own domain and kill it.
-#line 1265
+#line 1278
# Allow the necessary permissions.
-#line 1265
+#line 1278
-#line 1265
+#line 1278
# Old domain may exec the file and transition to the new domain.
-#line 1265
+#line 1278
allow system_server clatd_exec:file { getattr open read execute map };
-#line 1265
+#line 1278
allow system_server clatd:process transition;
-#line 1265
+#line 1278
# New domain is entered by executing the file.
-#line 1265
+#line 1278
allow clatd clatd_exec:file { entrypoint open read execute getattr map };
-#line 1265
+#line 1278
# New domain can send SIGCHLD to its caller.
-#line 1265
+#line 1278
allow clatd system_server:process sigchld;
-#line 1265
+#line 1278
# Enable AT_SECURE, i.e. libc secure mode.
-#line 1265
+#line 1278
dontaudit system_server clatd:process noatsecure;
-#line 1265
+#line 1278
# XXX dontaudit candidate but requires further study.
-#line 1265
+#line 1278
allow system_server clatd:process { siginh rlimitinh };
-#line 1265
+#line 1278
-#line 1265
+#line 1278
# Make the transition occur by default.
-#line 1265
+#line 1278
type_transition system_server clatd_exec:process clatd;
-#line 1265
+#line 1278
allow system_server clatd:process { sigkill signal };
@@ -76626,13 +77086,13 @@
allow system_server profman_dump_data_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
# On userdebug build we may profile system server. Allow it to write and create its own profile.
-#line 1285
+#line 1298
# Allow system server to load JVMTI agents under control of a property.
-#line 1287
+#line 1300
allow system_server system_jvmti_agent_prop:file { getattr open read map };
-#line 1287
+#line 1300
# UsbDeviceManager uses /dev/usb-ffs
@@ -76640,51 +77100,51 @@
allow system_server functionfs:file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
# To resolve arbitrary sysfs paths from /sys/class/udc/* symlinks.
-#line 1293
+#line 1306
allow system_server sysfs_type:dir search;
-#line 1293
+#line 1306
-#line 1293
+#line 1306
allow system_server sysfs_udc:dir { open getattr read search ioctl lock watch watch_reads };
-#line 1293
+#line 1306
allow system_server sysfs_udc:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 1293
+#line 1306
-#line 1296
+#line 1309
# system_server contains time / time zone detection logic so reads the associated properties.
-#line 1299
+#line 1312
allow system_server time_prop:file { getattr open read map };
-#line 1299
+#line 1312
# system_server reads this property to know it should expect the lmkd sends notification to it
# on low memory kills.
-#line 1303
+#line 1316
allow system_server system_lmk_prop:file { getattr open read map };
-#line 1303
+#line 1316
-#line 1305
+#line 1318
allow system_server wifi_config_prop:file { getattr open read map };
-#line 1305
+#line 1318
# Only system server can access BINDER_FREEZE and BINDER_GET_FROZEN_INFO
allowxperm system_server binder_device:chr_file ioctl { 0x400c620e 0xc00c620f };
# Watchdog prints debugging log to /dev/kmsg_debug.
-#line 1313
+#line 1326
# Watchdog reads sysprops framework_watchdog.fatal_* to handle watchdog timeout loop.
-#line 1315
+#line 1328
allow system_server framework_watchdog_config_prop:file { getattr open read map };
-#line 1315
+#line 1328
@@ -76696,9 +77156,9 @@
# Read qemu.hw.mainkeys property
-#line 1325
+#line 1338
allow system_server qemu_hw_prop:file { getattr open read map };
-#line 1325
+#line 1338
# Allow system server to read profcollectd reports for upload.
@@ -76706,28 +77166,28 @@
# Power controls for debugging/diagnostics
-#line 1331
+#line 1344
allow system_server power_debug_prop:file { getattr open read map };
-#line 1331
+#line 1344
-#line 1332
+#line 1345
-#line 1332
+#line 1345
allow system_server property_socket:sock_file write;
-#line 1332
+#line 1345
allow system_server init:unix_stream_socket connectto;
-#line 1332
+#line 1345
-#line 1332
+#line 1345
allow system_server power_debug_prop:property_service set;
-#line 1332
+#line 1345
-#line 1332
+#line 1345
allow system_server power_debug_prop:file { getattr open read map };
-#line 1332
+#line 1345
-#line 1332
+#line 1345
###
@@ -76758,6 +77218,7 @@
file_type
-toolbox_exec
-logcat_exec
+ -pbtombstone_exec
}:file execute_no_trans;
@@ -76847,7 +77308,7 @@
# rendering via SwiftShader, which requires JIT support. These builds are
# never shipped to users.
neverallow system_server self:process execmem;
-#line 1453
+#line 1467
neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
# TODO: deal with tmpfs_domain pub/priv split properly
@@ -76870,136 +77331,136 @@
# Allow system_server to communicate with tradeinmode.
-#line 1474
+#line 1488
# Call the server domain and optionally transfer references to it.
-#line 1474
+#line 1488
allow system_server tradeinmode:binder { call transfer };
-#line 1474
+#line 1488
# Allow the serverdomain to transfer references to the client on the reply.
-#line 1474
+#line 1488
allow tradeinmode system_server:binder transfer;
-#line 1474
+#line 1488
# Receive and use open files from the server.
-#line 1474
+#line 1488
allow system_server tradeinmode:fd use;
-#line 1474
+#line 1488
# Allow system server to communicate to system-suspend's control interface
allow system_server system_suspend_control_internal_service:service_manager find;
allow system_server system_suspend_control_service:service_manager find;
-#line 1479
+#line 1493
# Call the server domain and optionally transfer references to it.
-#line 1479
+#line 1493
allow system_server system_suspend:binder { call transfer };
-#line 1479
+#line 1493
# Allow the serverdomain to transfer references to the client on the reply.
-#line 1479
+#line 1493
allow system_suspend system_server:binder transfer;
-#line 1479
+#line 1493
# Receive and use open files from the server.
-#line 1479
+#line 1493
allow system_server system_suspend:fd use;
-#line 1479
+#line 1493
-#line 1480
+#line 1494
# Call the server domain and optionally transfer references to it.
-#line 1480
+#line 1494
allow system_suspend system_server:binder { call transfer };
-#line 1480
+#line 1494
# Allow the serverdomain to transfer references to the client on the reply.
-#line 1480
+#line 1494
allow system_server system_suspend:binder transfer;
-#line 1480
+#line 1494
# Receive and use open files from the server.
-#line 1480
+#line 1494
allow system_suspend system_server:fd use;
-#line 1480
+#line 1494
# Allow system server to communicate to system-suspend's wakelock interface
-#line 1483
+#line 1497
# TODO(b/115946999): Remove /sys/power/* permissions once CONFIG_PM_WAKELOCKS is
-#line 1483
+#line 1497
# deprecated.
-#line 1483
+#line 1497
# Access /sys/power/wake_lock and /sys/power/wake_unlock
-#line 1483
+#line 1497
allow system_server sysfs_wake_lock:file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 1483
+#line 1497
# Accessing these files requires CAP_BLOCK_SUSPEND
-#line 1483
+#line 1497
allow system_server self:{ capability2 cap2_userns } block_suspend;
-#line 1483
+#line 1497
# system_suspend permissions
-#line 1483
+#line 1497
-#line 1483
+#line 1497
# Call the server domain and optionally transfer references to it.
-#line 1483
+#line 1497
allow system_server system_suspend_server:binder { call transfer };
-#line 1483
+#line 1497
# Allow the serverdomain to transfer references to the client on the reply.
-#line 1483
+#line 1497
allow system_suspend_server system_server:binder transfer;
-#line 1483
+#line 1497
# Receive and use open files from the server.
-#line 1483
+#line 1497
allow system_server system_suspend_server:fd use;
-#line 1483
+#line 1497
-#line 1483
+#line 1497
allow system_server system_suspend_hwservice:hwservice_manager find;
-#line 1483
+#line 1497
# halclientdomain permissions
-#line 1483
+#line 1497
-#line 1483
+#line 1497
# Call the hwservicemanager and transfer references to it.
-#line 1483
+#line 1497
allow system_server hwservicemanager:binder { call transfer };
-#line 1483
+#line 1497
# Allow hwservicemanager to send out callbacks
-#line 1483
+#line 1497
allow hwservicemanager system_server:binder { call transfer };
-#line 1483
+#line 1497
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
-#line 1483
+#line 1497
# all domains in domain.te.
-#line 1483
+#line 1497
-#line 1483
+#line 1497
-#line 1483
+#line 1497
allow system_server hwservicemanager_prop:file { getattr open read map };
-#line 1483
+#line 1497
-#line 1483
+#line 1497
allow system_server hidl_manager_hwservice:hwservice_manager find;
-#line 1483
+#line 1497
# AIDL suspend hal permissions
-#line 1483
+#line 1497
allow system_server hal_system_suspend_service:service_manager find;
-#line 1483
+#line 1497
-#line 1483
+#line 1497
# Call the servicemanager and transfer references to it.
-#line 1483
+#line 1497
allow system_server servicemanager:binder { call transfer };
-#line 1483
+#line 1497
# Allow servicemanager to send out callbacks
-#line 1483
+#line 1497
allow servicemanager system_server:binder { call transfer };
-#line 1483
+#line 1497
# rw access to /dev/binder and /dev/ashmem is presently granted to
-#line 1483
+#line 1497
# all domains in domain.te.
-#line 1483
+#line 1497
-#line 1483
+#line 1497
# Allow the system server to read files under /data/apex. The system_server
@@ -77060,20 +77521,20 @@
# allow system_server write to aconfigd socket
-#line 1542
+#line 1556
allow system_server aconfigd_socket:sock_file write;
-#line 1542
+#line 1556
allow system_server aconfigd:unix_stream_socket connectto;
-#line 1542
+#line 1556
;
# allow system_server write to aconfigd_mainline socket
-#line 1545
+#line 1559
allow system_server aconfigd_mainline_socket:sock_file write;
-#line 1545
+#line 1559
allow system_server aconfigd_mainline:unix_stream_socket connectto;
-#line 1545
+#line 1559
;
allow system_server repair_mode_metadata_file:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
@@ -77091,23 +77552,23 @@
# Allow init to set sysprop used to compute stats about userspace reboot.
-#line 1561
+#line 1575
-#line 1561
+#line 1575
allow system_server property_socket:sock_file write;
-#line 1561
+#line 1575
allow system_server init:unix_stream_socket connectto;
-#line 1561
+#line 1575
-#line 1561
+#line 1575
allow system_server userspace_reboot_log_prop:property_service set;
-#line 1561
+#line 1575
-#line 1561
+#line 1575
allow system_server userspace_reboot_log_prop:file { getattr open read map };
-#line 1561
+#line 1575
-#line 1561
+#line 1575
# JVMTI agent settings are only readable from the system server.
@@ -77144,23 +77605,23 @@
# Allow systemserver to read/write the invalidation property
-#line 1596
+#line 1610
-#line 1596
+#line 1610
allow system_server property_socket:sock_file write;
-#line 1596
+#line 1610
allow system_server init:unix_stream_socket connectto;
-#line 1596
+#line 1610
-#line 1596
+#line 1610
allow system_server binder_cache_system_server_prop:property_service set;
-#line 1596
+#line 1610
-#line 1596
+#line 1610
allow system_server binder_cache_system_server_prop:file { getattr open read map };
-#line 1596
+#line 1610
-#line 1596
+#line 1610
neverallow { domain -system_server -init }
binder_cache_system_server_prop:property_service set;
@@ -77211,23 +77672,23 @@
# Allow system server to set dynamic ART properties.
-#line 1645
+#line 1659
-#line 1645
+#line 1659
allow system_server property_socket:sock_file write;
-#line 1645
+#line 1659
allow system_server init:unix_stream_socket connectto;
-#line 1645
+#line 1659
-#line 1645
+#line 1659
allow system_server dalvik_dynamic_config_prop:property_service set;
-#line 1645
+#line 1659
-#line 1645
+#line 1659
allow system_server dalvik_dynamic_config_prop:file { getattr open read map };
-#line 1645
+#line 1659
-#line 1645
+#line 1659
# Allow system server to read binderfs
@@ -77235,49 +77696,49 @@
allow system_server binderfs_logs_stats:file { getattr open read ioctl lock map watch watch_reads };
# For ANRs
-#line 1654
+#line 1668
# Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
-#line 1657
+#line 1671
-#line 1657
+#line 1671
allow system_server property_socket:sock_file write;
-#line 1657
+#line 1671
allow system_server init:unix_stream_socket connectto;
-#line 1657
+#line 1671
-#line 1657
+#line 1671
allow system_server game_manager_config_prop:property_service set;
-#line 1657
+#line 1671
-#line 1657
+#line 1671
allow system_server game_manager_config_prop:file { getattr open read map };
-#line 1657
+#line 1671
-#line 1657
+#line 1671
# Allow system server to write HintManagerService properties
-#line 1660
+#line 1674
-#line 1660
+#line 1674
allow system_server property_socket:sock_file write;
-#line 1660
+#line 1674
allow system_server init:unix_stream_socket connectto;
-#line 1660
+#line 1674
-#line 1660
+#line 1674
allow system_server hint_manager_config_prop:property_service set;
-#line 1660
+#line 1674
-#line 1660
+#line 1674
allow system_server hint_manager_config_prop:file { getattr open read map };
-#line 1660
+#line 1674
-#line 1660
+#line 1674
neverallow {
domain
@@ -77289,9 +77750,9 @@
# ThreadNetworkService reads Thread Network properties
-#line 1670
+#line 1684
allow system_server threadnetwork_config_prop:file { getattr open read map };
-#line 1670
+#line 1684
# Do not allow any domain other than init and system server to set the property
@@ -77909,101 +78370,114 @@
# Allow traced to detect if a process is frozen (b/381089063).
allow traced cgroup_v2:file { getattr open read ioctl lock map watch watch_reads };
+# Allow traced/traced_relay to read the traced config properties.
+
+#line 60
+allow traced traced_config_prop:file { getattr open read map };
+#line 60
+
+# Allow traced_relay to read the relay port being used
+
+#line 62
+allow traced traced_relay_relay_port_prop:file { getattr open read map };
+#line 62
+
+
# Allow setting debug properties which guard initialization of the Perfetto SDK
# in SurfaceFlinger and HWUI's copy of Skia.
# Required for the android.sdk_sysprop_guard data source.
# TODO(b/281329340): remove this when no longer needed.
-#line 63
+#line 68
-#line 63
+#line 68
allow traced property_socket:sock_file write;
-#line 63
+#line 68
allow traced init:unix_stream_socket connectto;
-#line 63
+#line 68
-#line 63
+#line 68
allow traced debug_prop:property_service set;
-#line 63
+#line 68
-#line 63
+#line 68
allow traced debug_prop:file { getattr open read map };
-#line 63
+#line 68
-#line 63
+#line 68
# Allow traced to notify Traceur when a trace ends by setting the
# sys.trace.trace_end_signal property.
-#line 66
+#line 71
-#line 66
+#line 71
allow traced property_socket:sock_file write;
-#line 66
+#line 71
allow traced init:unix_stream_socket connectto;
-#line 66
+#line 71
-#line 66
+#line 71
allow traced system_trace_prop:property_service set;
-#line 66
+#line 71
-#line 66
+#line 71
allow traced system_trace_prop:file { getattr open read map };
-#line 66
+#line 71
-#line 66
+#line 71
# Allow to lazily start producers.
-#line 68
+#line 73
-#line 68
+#line 73
allow traced property_socket:sock_file write;
-#line 68
+#line 73
allow traced init:unix_stream_socket connectto;
-#line 68
+#line 73
-#line 68
+#line 73
allow traced traced_lazy_prop:property_service set;
-#line 68
+#line 73
-#line 68
+#line 73
allow traced traced_lazy_prop:file { getattr open read map };
-#line 68
+#line 73
-#line 68
+#line 73
# Allow tracking the count of sessions intercepting Java OutOfMemoryError
# If there are such tracing sessions and an OutOfMemoryError is thrown by ART,
# the hprof plugin intercepts the error, lazily registers a data source to
# traced and collects a heap dump.
-#line 73
+#line 78
-#line 73
+#line 78
allow traced property_socket:sock_file write;
-#line 73
+#line 78
allow traced init:unix_stream_socket connectto;
-#line 73
+#line 78
-#line 73
+#line 78
allow traced traced_oome_heap_session_count_prop:property_service set;
-#line 73
+#line 78
-#line 73
+#line 78
allow traced traced_oome_heap_session_count_prop:file { getattr open read map };
-#line 73
+#line 78
-#line 73
+#line 78
# Allow traced to talk to statsd for logging metrics.
-#line 76
+#line 81
allow traced statsdw_socket:sock_file write;
-#line 76
+#line 81
allow traced statsd:unix_dgram_socket sendto;
-#line 76
+#line 81
###
@@ -79096,6 +79570,9 @@
#line 76
+# Allow ueventd to correctly label the symlinks it creates
+allow ueventd block_device:lnk_file relabelfrom;
+
#####
##### neverallow rules
#####
@@ -83031,12 +83508,14 @@
#line 3
-modprobe
#line 3
+
+#line 3
} vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
#line 3
#line 3
# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
-#line 11
+#line 12
#line 1 "system/sepolicy/private/vfio_handler.te"
@@ -83959,16 +84438,24 @@
# Do not allow writing vendor_microdroid_file from any process.
-neverallow { domain } vendor_microdroid_file:dir { add_name create link relabelfrom remove_name rename reparent rmdir setattr write };
-neverallow { domain } vendor_microdroid_file:file { append create link unlink relabelfrom rename setattr write };
+neverallow {
+ domain
+
+
+} vendor_microdroid_file:dir { add_name create link relabelfrom remove_name rename reparent rmdir setattr write };
+neverallow {
+ domain
+
+
+} vendor_microdroid_file:file { append create link unlink relabelfrom rename setattr write };
# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
-#line 122
+#line 130
allow virtualizationmanager crosvm:dir { open getattr read search ioctl lock watch watch_reads };
-#line 122
+#line 130
allow virtualizationmanager crosvm:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 122
+#line 130
;
# For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers
@@ -83976,35 +84463,35 @@
dontaudit virtualizationmanager apex_module_data_file:dir search;
-#line 128
+#line 136
# virtualizationmanager holds references to bound devices, returned from vfio_handler
-#line 128
+#line 136
-#line 128
+#line 136
# Call the server domain and optionally transfer references to it.
-#line 128
+#line 136
allow virtualizationmanager vfio_handler:binder { call transfer };
-#line 128
+#line 136
# Allow the serverdomain to transfer references to the client on the reply.
-#line 128
+#line 136
allow vfio_handler virtualizationmanager:binder transfer;
-#line 128
+#line 136
# Receive and use open files from the server.
-#line 128
+#line 136
allow virtualizationmanager vfio_handler:fd use;
-#line 128
+#line 136
-#line 131
+#line 139
-#line 133
+#line 141
# Allow virtualizationmanager to deal with file descriptors of TAP interfaces.
-#line 133
+#line 141
allow virtualizationmanager tun_device:chr_file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
-#line 133
+#line 141
allow virtualizationmanager vmnic:fd use;
-#line 137
+#line 145
# virtualizationmanager reads tee_service_contexts_file to determine if VM is allowed
@@ -84013,21 +84500,21 @@
# virtualizationmanager uses libselinux to check if VM is allowed to access requested
# tee services.
-#line 144
+#line 152
-#line 144
+#line 152
allow virtualizationmanager selinuxfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 144
+#line 152
allow virtualizationmanager selinuxfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 144
+#line 152
-#line 144
+#line 152
allow virtualizationmanager selinuxfs:file { open append write lock map };
-#line 144
+#line 152
allow virtualizationmanager kernel:security compute_av;
-#line 144
+#line 152
allow virtualizationmanager self:netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
-#line 144
+#line 152
#line 1 "system/sepolicy/private/virtualizationservice.te"
type virtualizationservice, domain, coredomain;
@@ -86483,7 +86970,7 @@
#line 6
-allow wifi_mainline_supplicant self:{ capability cap_userns } { setuid setgid net_admin net_raw };
+allow wifi_mainline_supplicant self:{ capability cap_userns } { net_admin net_raw };
allow wifi_mainline_supplicant proc_net:file { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } };
allow wifi_mainline_supplicant sysfs_net:dir search;
@@ -87729,6 +88216,7 @@
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/android_vendor_lmk/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
diff --git a/prebuilts/api/202504/202504_mapping.cil b/prebuilts/api/202504/202504_mapping.cil
index 19efdc7..120fca0 100644
--- a/prebuilts/api/202504/202504_mapping.cil
+++ b/prebuilts/api/202504/202504_mapping.cil
@@ -316,6 +316,9 @@
(typeattributeset config_prop_202504 (config_prop))
(expandtypeattribute (config_prop_202504) true)
(typeattribute config_prop_202504)
+(typeattributeset drm_config_prop_202504 (drm_config_prop))
+(expandtypeattribute (drm_config_prop_202504) true)
+(typeattribute drm_config_prop_202504)
(typeattributeset ffs_config_prop_202504 (ffs_config_prop))
(expandtypeattribute (ffs_config_prop_202504) true)
(typeattribute ffs_config_prop_202504)
@@ -1819,6 +1822,9 @@
(typeattributeset hal_identity_service_202504 (hal_identity_service))
(expandtypeattribute (hal_identity_service_202504) true)
(typeattribute hal_identity_service_202504)
+(typeattributeset fwk_vold_service_202504 (fwk_vold_service))
+(expandtypeattribute (fwk_vold_service_202504) true)
+(typeattribute fwk_vold_service_202504)
(typeattributeset vold_service_202504 (vold_service))
(expandtypeattribute (vold_service_202504) true)
(typeattribute vold_service_202504)
diff --git a/prebuilts/api/202504/202504_plat_sepolicy.cil b/prebuilts/api/202504/202504_plat_sepolicy.cil
index 8cd4236..18a0015 100644
--- a/prebuilts/api/202504/202504_plat_sepolicy.cil
+++ b/prebuilts/api/202504/202504_plat_sepolicy.cil
@@ -364,6 +364,7 @@
(genfscon tracefs "/events/sched/sched_wakeup/" (u object_r debugfs_tracing ((s0) (s0))))
(genfscon tracefs "/events/sched/sched_waking/" (u object_r debugfs_tracing ((s0) (s0))))
(genfscon tracefs "/events/power/clock_enable/" (u object_r debugfs_tracing ((s0) (s0))))
+(genfscon tracefs "/events/android_vendor_lmk/" (u object_r debugfs_tracing ((s0) (s0))))
(genfscon tracefs "/events/binder/binder_lock/" (u object_r debugfs_tracing ((s0) (s0))))
(genfscon tracefs "/events/kmem/ion_heap_grow/" (u object_r debugfs_tracing ((s0) (s0))))
(genfscon tracefs "/events/task/task_newtask/" (u object_r debugfs_tracing ((s0) (s0))))
@@ -695,7 +696,7 @@
(typeattribute bpffs_type)
(typeattributeset bpffs_type (fs_bpf fs_bpf_tethering fs_bpf_vendor fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_loader fs_bpf_uprobestats fs_bpf_memevents ))
(typeattribute domain)
-(typeattributeset domain (adbd aidl_lazy_test_server apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger charger_vendor crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe mtp netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall ppp priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd su surfaceflinger system_app system_server tee tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc vendor_init vendor_misc_writer vendor_modprobe vendor_shell virtual_camera virtual_touchpad virtualizationmanager vndservicemanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test vendor_boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system hidl_lazy_test_server iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic vzwomatrigger_app wait_for_keymaster wifi_mainline_supplicant ))
+(typeattributeset domain (adbd aidl_lazy_test_server apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger charger_vendor crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe mtp netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall ppp priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd su surfaceflinger system_app system_server tee tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc vendor_init vendor_misc_writer vendor_modprobe vendor_shell virtual_camera virtual_touchpad virtualizationmanager vndservicemanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test vendor_boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system hidl_lazy_test_server iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot overlay_remounter permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic vzwomatrigger_app wait_for_keymaster wifi_mainline_supplicant ))
(typeattribute fs_type)
(typeattributeset fs_type (device labeledfs pipefs sockfs rootfs proc binderfs binderfs_logs binderfs_logs_proc binderfs_logs_stats binderfs_logs_transactions binderfs_logs_transaction_history binderfs_features proc_security proc_drop_caches proc_overcommit_memory proc_min_free_order_shift proc_kpageflags proc_watermark_boost_factor proc_percpu_pagelist_high_fraction usermodehelper sysfs_usermodehelper proc_qtaguid_ctrl proc_qtaguid_stat proc_bluetooth_writable proc_abi proc_asound proc_bootconfig proc_bpf proc_buddyinfo proc_cgroups proc_cmdline proc_cpu_alignment proc_cpuinfo proc_dirty proc_diskstats proc_extra_free_kbytes proc_filesystems proc_fs_verity proc_hostname proc_hung_task proc_interrupts proc_iomem proc_kallsyms proc_keys proc_kmsg proc_loadavg proc_locks proc_lowmemorykiller proc_max_map_count proc_meminfo proc_misc proc_modules proc_mounts proc_net proc_net_tcp_udp proc_page_cluster proc_pagetypeinfo proc_panic proc_perf proc_pid_max proc_pipe_conf proc_pressure_cpu proc_pressure_io proc_pressure_mem proc_random proc_sched proc_slabinfo proc_stat proc_swaps proc_sysrq proc_timer proc_tty_drivers proc_uid_cputime_showstat proc_uid_cputime_removeuid proc_uid_io_stats proc_uid_procstat_set proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time proc_uid_cpupower proc_uptime proc_version proc_vmallocinfo proc_vmstat proc_watermark_scale_factor proc_zoneinfo proc_vendor_sched selinuxfs fusectlfs cgroup cgroup_v2 sysfs sysfs_android_usb sysfs_uio sysfs_batteryinfo sysfs_bluetooth_writable sysfs_cma sysfs_devfreq_cur sysfs_devfreq_dir sysfs_devices_block sysfs_dm sysfs_dm_verity sysfs_dma_heap sysfs_dmabuf_stats sysfs_dt_firmware_android sysfs_extcon sysfs_ion sysfs_ipv4 sysfs_kernel_notes sysfs_leds sysfs_loop sysfs_gpu sysfs_hwrandom sysfs_nfc_power_writable sysfs_wake_lock sysfs_net sysfs_power sysfs_rtc sysfs_mem_sleep sysfs_suspend_stats sysfs_switch sysfs_sync_on_suspend sysfs_transparent_hugepage sysfs_lru_gen_enabled sysfs_usb sysfs_wakeup sysfs_wakeup_reasons sysfs_fs_ext4_features sysfs_fs_f2fs sysfs_fs_fuse_bpf sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_fs_incfs_metrics sysfs_vendor_sched fs_bpf fs_bpf_tethering fs_bpf_vendor configfs sysfs_devices_cs_etm sysfs_devices_system_cpu sysfs_lowmemorykiller sysfs_wlan_fwpath sysfs_vibrator sysfs_uhid sysfs_thermal sysfs_zram sysfs_zram_uevent inotify devpts tmpfs shm mqueue fuse fuseblk sdcardfs vfat exfat debugfs debugfs_kprobes debugfs_mmc debugfs_mm_events_tracing debugfs_trace_marker debugfs_tracing debugfs_tracing_debug debugfs_tracing_instances debugfs_tracing_printk_formats debugfs_wakeup_sources debugfs_wifi_tracing securityfs pstorefs functionfs oemfs usbfs binfmt_miscfs app_fusefs debugfs_bootreceiver_tracing sysfs_udc apexd_devpts proc_allocinfo config_gz fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_loader fs_bpf_uprobestats fs_bpf_memevents debugfs_kcov sysfs_dt_avf proc_dt_avf sysfs_uprobe sysfs_pgsize_migration sysfs_firmware_acpi_tables odsign_devpts priv_app_devpts untrusted_app_all_devpts ))
(typeattribute contextmount_type)
@@ -703,9 +704,9 @@
(typeattribute fusefs_type)
(typeattributeset fusefs_type (fuse fuseblk app_fusefs ))
(typeattribute file_type)
-(typeattributeset file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec appdomain_tmpfs app_zygote_tmpfs audioserver_tmpfs bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec cameraserver_tmpfs charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec drmserver_socket dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec unlabeled system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file vendor_cgroup_desc_file task_profiles_file vendor_task_profiles_file art_apex_dir linkerconfig_file incremental_control_file bootanim_oem_file vendor_hal_file vendor_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_vm_file vendor_vm_data_file metadata_file vold_metadata_file gsi_metadata_file gsi_public_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file metadata_bootstat_file userspace_reboot_metadata_file staged_install_file watchdog_metadata_file repair_mode_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file dev_cpu_variant runtime_event_log_tags_file logcat_exec cgroup_rc_file coredump_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file vendor_apex_file vendor_apex_metadata_file shutdown_checkpoints_system_data_file mnt_media_rw_file mnt_user_file mnt_pass_through_file mnt_expand_file mnt_sdcard_file storage_file mnt_media_rw_stub_file storage_stub_file mnt_vendor_file mnt_product_file apex_mnt_dir apex_info_file postinstall_mnt_dir postinstall_file postinstall_apex_mnt_dir mirror_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file efs_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file bluetooth_efs_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file adbd_socket bluetooth_socket dnsproxyd_socket dumpstate_socket fwmarkd_socket lmkd_socket logd_socket logdr_socket logdw_socket mdns_socket mdnsd_socket misc_logd_file mtpd_socket ot_daemon_socket property_socket racoon_socket recovery_socket rild_socket rild_debug_socket snapuserd_socket snapuserd_proxy_socket statsdw_socket system_wpa_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_java_trace_socket tombstoned_intercept_socket traced_consumer_socket traced_perf_socket traced_producer_socket uncrypt_socket wpa_socket zygote_socket heapprofd_socket gps_control pdx_display_dir pdx_performance_dir pdx_bufferhub_dir pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file vendor_service_contexts_file hwservice_contexts_file vndservice_contexts_file vendor_kernel_modules system_dlkm_file audiohal_data_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hal_graphics_composer_server_tmpfs hwservicemanager_exec idmap_exec init_exec init_tmpfs inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediaextractor_tmpfs mediametrics_exec mediaserver_exec mediaserver_tmpfs mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec surfaceflinger_tmpfs system_server_tmpfs tombstoned_exec toolbox_exec traced_tmpfs ueventd_tmpfs uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec webview_zygote_tmpfs wificond_exec zygote_tmpfs zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec artd_tmpfs atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec boringssl_self_test_marker bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec crosvm_tmpfs derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexopt_chroot_setup_tmpfs dexoptanalyzer_exec dmesgd_exec dumpstate_tmpfs evsmanagerd_exec storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file system_perfetto_config_file uprobestats_configs_data_file oatdump_exec sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_uwb_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file vm_data_file environ_system_data_file bootanim_data_file fd_server_exec compos_exec compos_key_helper_exec prng_seeder_socket system_font_fallback_file aconfigd_socket aconfigd_mainline_socket system_aconfig_storage_file vendor_aconfig_storage_file connectivityblob_data_file mainline_supplicant_data_file pre_reboot_dexopt_file pre_reboot_dexopt_artd_file apk_metadata_file storage_area_app_dir storage_area_dir storage_area_content_file storage_area_key_file tradeinmode_metadata_file prefetch_metadata_file libprocessgroup_metadata_file fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec heapprofd_tmpfs hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatranscoding_tmpfs mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec perfetto_exec perfetto_tmpfs postinstall_exec postinstall_dexopt_exec postinstall_dexopt_tmpfs prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec simpleperf_boot_data_file snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_server_startup_tmpfs system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec traced_probes_tmpfs tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
+(typeattributeset file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec appdomain_tmpfs app_zygote_tmpfs audioserver_tmpfs bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec cameraserver_tmpfs charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec drmserver_socket dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec unlabeled system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file vendor_cgroup_desc_file task_profiles_file vendor_task_profiles_file art_apex_dir linkerconfig_file incremental_control_file bootanim_oem_file vendor_hal_file vendor_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_vm_file vendor_vm_data_file metadata_file vold_metadata_file gsi_metadata_file gsi_public_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file metadata_bootstat_file userspace_reboot_metadata_file staged_install_file watchdog_metadata_file repair_mode_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file dev_cpu_variant runtime_event_log_tags_file logcat_exec cgroup_rc_file coredump_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file vendor_apex_file vendor_apex_metadata_file shutdown_checkpoints_system_data_file mnt_media_rw_file mnt_user_file mnt_pass_through_file mnt_expand_file mnt_sdcard_file storage_file mnt_media_rw_stub_file storage_stub_file mnt_vendor_file mnt_product_file apex_mnt_dir apex_info_file postinstall_mnt_dir postinstall_file postinstall_apex_mnt_dir mirror_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file efs_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file bluetooth_efs_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file adbd_socket bluetooth_socket dnsproxyd_socket dumpstate_socket fwmarkd_socket lmkd_socket logd_socket logdr_socket logdw_socket mdns_socket mdnsd_socket misc_logd_file mtpd_socket ot_daemon_socket property_socket racoon_socket recovery_socket rild_socket rild_debug_socket snapuserd_socket snapuserd_proxy_socket statsdw_socket system_wpa_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_java_trace_socket tombstoned_intercept_socket traced_consumer_socket traced_perf_socket traced_producer_socket uncrypt_socket wpa_socket zygote_socket heapprofd_socket gps_control pdx_display_dir pdx_performance_dir pdx_bufferhub_dir pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file vendor_service_contexts_file hwservice_contexts_file vndservice_contexts_file vendor_kernel_modules system_dlkm_file audiohal_data_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hal_graphics_composer_server_tmpfs hwservicemanager_exec idmap_exec init_exec init_tmpfs inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediaextractor_tmpfs mediametrics_exec mediaserver_exec mediaserver_tmpfs mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec surfaceflinger_tmpfs system_server_tmpfs tombstoned_exec toolbox_exec traced_tmpfs ueventd_tmpfs uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec webview_zygote_tmpfs wificond_exec zygote_tmpfs zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec artd_tmpfs atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec boringssl_self_test_marker bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec crosvm_tmpfs derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexopt_chroot_setup_tmpfs dexoptanalyzer_exec dmesgd_exec dumpstate_tmpfs evsmanagerd_exec storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file system_perfetto_config_file uprobestats_configs_data_file oatdump_exec sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_uwb_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file vm_data_file environ_system_data_file bootanim_data_file fd_server_exec compos_exec compos_key_helper_exec prng_seeder_socket system_font_fallback_file aconfigd_socket aconfigd_mainline_socket system_aconfig_storage_file vendor_aconfig_storage_file connectivityblob_data_file mainline_supplicant_data_file pre_reboot_dexopt_file pre_reboot_dexopt_artd_file apk_metadata_file pbtombstone_exec storage_area_app_dir storage_area_dir storage_area_content_file storage_area_key_file tradeinmode_metadata_file prefetch_metadata_file libprocessgroup_metadata_file fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec heapprofd_tmpfs hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatranscoding_tmpfs mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec perfetto_tmpfs postinstall_exec postinstall_dexopt_exec postinstall_dexopt_tmpfs prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec simpleperf_boot_data_file snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_server_startup_tmpfs system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec traced_probes_tmpfs tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
(typeattribute exec_type)
-(typeattributeset exec_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec tcpdump_exec logcat_exec fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec oatdump_exec fd_server_exec compos_exec compos_key_helper_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
+(typeattributeset exec_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec tcpdump_exec logcat_exec fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec oatdump_exec fd_server_exec compos_exec compos_key_helper_exec pbtombstone_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
(typeattribute data_file_type)
(expandtypeattribute (data_file_type) false)
(typeattributeset data_file_type (incremental_control_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file shutdown_checkpoints_system_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file bluetooth_socket misc_logd_file system_wpa_socket system_ndebug_socket system_unsolzygote_socket wpa_socket audiohal_data_file storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file uprobestats_configs_data_file sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_uwb_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file environ_system_data_file bootanim_data_file connectivityblob_data_file mainline_supplicant_data_file apk_metadata_file storage_area_app_dir storage_area_dir storage_area_content_file storage_area_key_file ))
@@ -716,7 +717,7 @@
(expandtypeattribute (app_data_file_type) false)
(typeattributeset app_data_file_type (shell_data_file bluetooth_data_file nfc_data_file radio_data_file app_data_file privapp_data_file system_app_data_file sdk_sandbox_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))
(typeattribute system_file_type)
-(typeattributeset system_file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file task_profiles_file art_apex_dir bootanim_oem_file logcat_exec file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file hwservice_contexts_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec system_perfetto_config_file oatdump_exec fd_server_exec compos_exec compos_key_helper_exec system_font_fallback_file system_aconfig_storage_file fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
+(typeattributeset system_file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file task_profiles_file art_apex_dir bootanim_oem_file logcat_exec file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file hwservice_contexts_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec system_perfetto_config_file oatdump_exec fd_server_exec compos_exec compos_key_helper_exec system_font_fallback_file system_aconfig_storage_file pbtombstone_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
(typeattribute system_dlkm_file_type)
(typeattributeset system_dlkm_file_type (system_dlkm_file ))
(typeattribute vendor_file_type)
@@ -742,7 +743,7 @@
(typeattribute port_type)
(typeattributeset port_type (port ))
(typeattribute property_type)
-(typeattributeset property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop enable_16k_pages_prop profcollectd_etr_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop trusty_security_vm_sys_vendor_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_finder_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop default_prop rebootescrow_hal_prop virtual_face_hal_prop virtual_face_prop virtual_fingerprint_hal_prop virtual_fingerprint_prop persist_vendor_debug_wifi_prop vendor_default_prop adbd_prop adbd_tradeinmode_prop apexd_payload_metadata_prop ctl_snapuserd_prop ctl_prefetch_prop ctl_uprobestats_prop crashrecovery_prop debug_tracing_desktop_mode_visible_tasks_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_mmd_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop kcmdline_prop keystore_diagnostics_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop mmd_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop prefetch_service_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop remote_prov_cert_prop rollback_test_prop setupwizard_prop snapshotctl_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_perf_enabled_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop system_service_enable_prop ctl_artd_pre_reboot_prop trusty_security_vm_sys_prop hint_manager_config_prop bionic_linker_16kb_app_compat_prop device_config_virtualization_framework_native_prop fstype_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop page_size_prop pm_16kb_app_compat_prop avf_virtualizationservice_prop high_barometer_quality_prop prefetch_boot_prop widevine_sys_vendor_prop ))
+(typeattributeset property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop enable_16k_pages_prop profcollectd_etr_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_config_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop trusty_security_vm_sys_vendor_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_finder_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop default_prop rebootescrow_hal_prop virtual_face_hal_prop virtual_face_prop virtual_fingerprint_hal_prop virtual_fingerprint_prop persist_vendor_debug_wifi_prop vendor_default_prop adbd_prop adbd_tradeinmode_prop apexd_payload_metadata_prop ctl_snapuserd_prop ctl_prefetch_prop ctl_uprobestats_prop crashrecovery_prop debug_tracing_desktop_mode_visible_tasks_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_mmd_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop kcmdline_prop keystore_diagnostics_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop mmd_status_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop prefetch_service_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop remote_prov_cert_prop rollback_test_prop setupwizard_prop snapshotctl_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_config_prop traced_perf_enabled_prop traced_relay_relay_port_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop system_service_enable_prop ctl_artd_pre_reboot_prop trusty_security_vm_sys_prop hint_manager_config_prop bionic_linker_16kb_app_compat_prop device_config_virtualization_framework_native_prop fstype_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop page_size_prop pm_16kb_app_compat_prop avf_virtualizationservice_prop high_barometer_quality_prop mmd_prop mmd_shared_prop prefetch_boot_prop ))
(typeattribute core_property_type)
(typeattributeset core_property_type (restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))
(typeattribute log_property_type)
@@ -750,16 +751,16 @@
(typeattribute extended_core_property_type)
(typeattribute system_property_type)
(expandtypeattribute (system_property_type) false)
-(typeattributeset system_property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop enable_16k_pages_prop profcollectd_etr_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop trusty_security_vm_sys_vendor_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_finder_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop default_prop virtual_face_prop virtual_fingerprint_prop adbd_prop adbd_tradeinmode_prop apexd_payload_metadata_prop ctl_snapuserd_prop ctl_prefetch_prop ctl_uprobestats_prop crashrecovery_prop debug_tracing_desktop_mode_visible_tasks_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_mmd_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop kcmdline_prop keystore_diagnostics_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop mmd_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop prefetch_service_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop remote_prov_cert_prop rollback_test_prop setupwizard_prop snapshotctl_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_perf_enabled_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop system_service_enable_prop ctl_artd_pre_reboot_prop trusty_security_vm_sys_prop hint_manager_config_prop bionic_linker_16kb_app_compat_prop device_config_virtualization_framework_native_prop fstype_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop page_size_prop pm_16kb_app_compat_prop avf_virtualizationservice_prop high_barometer_quality_prop prefetch_boot_prop widevine_sys_vendor_prop ))
+(typeattributeset system_property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop enable_16k_pages_prop profcollectd_etr_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_config_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop trusty_security_vm_sys_vendor_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_finder_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop default_prop virtual_face_prop virtual_fingerprint_prop adbd_prop adbd_tradeinmode_prop apexd_payload_metadata_prop ctl_snapuserd_prop ctl_prefetch_prop ctl_uprobestats_prop crashrecovery_prop debug_tracing_desktop_mode_visible_tasks_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_mmd_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop kcmdline_prop keystore_diagnostics_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop mmd_status_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop prefetch_service_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop remote_prov_cert_prop rollback_test_prop setupwizard_prop snapshotctl_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_config_prop traced_perf_enabled_prop traced_relay_relay_port_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop system_service_enable_prop ctl_artd_pre_reboot_prop trusty_security_vm_sys_prop hint_manager_config_prop bionic_linker_16kb_app_compat_prop device_config_virtualization_framework_native_prop fstype_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop page_size_prop pm_16kb_app_compat_prop avf_virtualizationservice_prop high_barometer_quality_prop mmd_prop mmd_shared_prop prefetch_boot_prop ))
(typeattribute system_internal_property_type)
(expandtypeattribute (system_internal_property_type) false)
-(typeattributeset system_internal_property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop default_prop adbd_prop adbd_tradeinmode_prop apexd_payload_metadata_prop ctl_snapuserd_prop ctl_prefetch_prop ctl_uprobestats_prop crashrecovery_prop debug_tracing_desktop_mode_visible_tasks_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_mmd_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop kcmdline_prop keystore_diagnostics_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop mmd_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop prefetch_service_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop remote_prov_cert_prop rollback_test_prop setupwizard_prop snapshotctl_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_perf_enabled_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop system_service_enable_prop ctl_artd_pre_reboot_prop trusty_security_vm_sys_prop hint_manager_config_prop ))
+(typeattributeset system_internal_property_type (apexd_prop bootloader_boot_reason_prop device_config_activity_manager_native_boot_prop device_config_boot_count_prop device_config_input_native_boot_prop device_config_netd_native_prop device_config_reset_performed_prop firstboot_prop boottime_prop charger_prop cold_boot_done_prop ctl_adbd_prop ctl_apexd_prop ctl_bootanim_prop ctl_bugreport_prop ctl_console_prop ctl_dumpstate_prop ctl_fuse_prop ctl_gsid_prop ctl_interface_restart_prop ctl_interface_stop_prop ctl_mdnsd_prop ctl_restart_prop ctl_rildaemon_prop ctl_sigstop_prop dynamic_system_prop heapprofd_enabled_prop llkd_prop lpdumpd_prop mmc_prop mock_ota_prop net_dns_prop overlay_prop persistent_properties_ready_prop safemode_prop system_lmk_prop system_trace_prop test_boot_reason_prop time_prop traced_enabled_prop traced_lazy_prop default_prop adbd_prop adbd_tradeinmode_prop apexd_payload_metadata_prop ctl_snapuserd_prop ctl_prefetch_prop ctl_uprobestats_prop crashrecovery_prop debug_tracing_desktop_mode_visible_tasks_prop device_config_core_experiments_team_internal_prop device_config_lmkd_native_prop device_config_mglru_native_prop device_config_mmd_native_prop device_config_profcollect_native_boot_prop device_config_remote_key_provisioning_native_prop device_config_statsd_native_prop device_config_statsd_native_boot_prop device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop device_config_connectivity_prop device_config_swcodec_native_prop device_config_tethering_u_or_later_native_prop dmesgd_start_prop fastbootd_protocol_prop gsid_prop init_perf_lsm_hooks_prop init_service_status_private_prop init_storage_prop init_svc_debug_prop kcmdline_prop keystore_diagnostics_prop keystore_listen_prop last_boot_reason_prop localization_prop logd_auditrate_prop lower_kptr_restrict_prop mmd_status_prop net_464xlat_fromvendor_prop net_connectivity_prop netd_stable_secret_prop next_boot_prop odsign_prop misctrl_prop perf_drop_caches_prop pm_prop prefetch_service_prop profcollectd_node_id_prop radio_cdma_ecm_prop remote_prov_prop remote_prov_cert_prop rollback_test_prop setupwizard_prop snapshotctl_prop snapuserd_prop system_adbd_prop system_audio_config_prop timezone_metadata_prop traced_config_prop traced_perf_enabled_prop traced_relay_relay_port_prop uprobestats_start_with_config_prop tuner_server_ctl_prop userspace_reboot_log_prop userspace_reboot_test_prop verity_status_prop zygote_wrap_prop ctl_mediatranscoding_prop ctl_odsign_prop virtualizationservice_prop ctl_apex_load_prop sensors_config_prop hypervisor_pvmfw_prop hypervisor_virtualizationmanager_prop game_manager_config_prop hidl_memory_prop suspend_debug_prop system_service_enable_prop ctl_artd_pre_reboot_prop trusty_security_vm_sys_prop hint_manager_config_prop ))
(typeattribute system_restricted_property_type)
(expandtypeattribute (system_restricted_property_type) false)
(typeattributeset system_restricted_property_type (aac_drc_prop adaptive_haptics_prop apex_ready_prop arm64_memtag_prop binder_cache_bluetooth_server_prop binder_cache_system_server_prop binder_cache_telephony_server_prop boot_status_prop bootanim_system_prop bootloader_prop boottime_public_prop bq_config_prop build_bootimage_prop build_prop composd_vm_art_prop device_config_aconfig_flags_prop device_config_camera_native_prop device_config_edgetpu_native_prop device_config_media_native_prop device_config_nnapi_native_prop device_config_runtime_native_boot_prop device_config_runtime_native_prop device_config_surface_flinger_native_boot_prop device_config_vendor_system_native_prop device_config_vendor_system_native_boot_prop drm_forcel3_prop fingerprint_prop gwp_asan_prop hal_instrumentation_prop userdebug_or_eng_prop init_service_status_prop libc_debug_prop module_sdkextensions_prop nnapi_ext_deny_product_prop persist_wm_debug_prop power_debug_prop property_service_version_prop provisioned_prop restorecon_prop retaildemo_prop servicemanager_prop smart_idle_maint_enabled_prop socket_hook_prop sqlite_log_prop surfaceflinger_display_prop system_boot_reason_prop system_jvmti_agent_prop traced_oome_heap_session_count_prop ab_update_gki_prop usb_prop userspace_reboot_exported_prop vold_status_prop vts_status_prop enable_16k_pages_prop profcollectd_etr_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop device_logging_prop dhcp_prop dumpstate_prop exported3_system_prop exported_dumpstate_prop exported_secure_prop heapprofd_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop test_harness_prop theme_prop use_memfd_prop vold_prop bionic_linker_16kb_app_compat_prop device_config_virtualization_framework_native_prop fstype_prop log_file_logger_prop persist_sysui_builder_extras_prop persist_sysui_ranking_update_prop page_size_prop pm_16kb_app_compat_prop ))
(typeattribute system_public_property_type)
(expandtypeattribute (system_public_property_type) false)
-(typeattributeset system_public_property_type (apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop trusty_security_vm_sys_vendor_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_finder_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop virtual_face_prop virtual_fingerprint_prop avf_virtualizationservice_prop high_barometer_quality_prop prefetch_boot_prop widevine_sys_vendor_prop ))
+(typeattributeset system_public_property_type (apexd_config_prop apexd_select_prop aaudio_config_prop apk_verity_prop audio_config_prop bootanim_config_prop bluetooth_config_prop build_attestation_prop build_config_prop build_odm_prop build_vendor_prop camera_calibration_prop camera_config_prop camera2_extensions_prop camerax_extensions_prop charger_config_prop codec2_config_prop composd_vm_vendor_prop cpu_variant_prop debugfs_restriction_prop drm_config_prop drm_service_config_prop exported_camera_prop exported_config_prop exported_default_prop ffs_config_prop framework_watchdog_config_prop graphics_config_prop hdmi_config_prop hw_timeout_multiplier_prop hypervisor_prop hypervisor_restricted_prop incremental_prop input_device_config_prop keyguard_config_prop keystore_config_prop lmkd_config_prop media_config_prop media_variant_prop mediadrm_config_prop mm_events_config_prop oem_unlock_prop ota_build_prop packagemanager_config_prop quick_start_prop recovery_config_prop recovery_usb_config_prop sendbug_config_prop soc_prop storage_config_prop storagemanager_config_prop surfaceflinger_prop suspend_prop systemsound_config_prop telephony_config_prop threadnetwork_config_prop tombstone_config_prop usb_config_prop userspace_reboot_config_prop vehicle_hal_prop vendor_security_patch_level_prop vendor_socket_hook_prop virtual_ab_prop vndk_prop vts_config_prop vold_config_prop wifi_config_prop zram_config_prop zygote_config_prop dck_prop tuner_config_prop usb_uvc_enabled_prop setupwizard_mode_prop pm_archiving_enabled_prop trusty_security_vm_sys_vendor_prop adbd_config_prop audio_prop bluetooth_a2dp_offload_prop bluetooth_audio_hal_prop bluetooth_finder_prop bluetooth_prop bpf_progs_loaded_prop charger_status_prop ctl_default_prop ctl_interface_start_prop ctl_start_prop ctl_stop_prop dalvik_config_prop dalvik_dynamic_config_prop dalvik_runtime_prop debug_prop device_config_memory_safety_native_boot_prop device_config_memory_safety_native_prop dumpstate_options_prop exported_system_prop exported_bluetooth_prop exported_overlay_prop exported_pm_prop future_pm_prop ffs_control_prop framework_status_prop gesture_prop graphics_config_writable_prop hal_dumpstate_config_prop sota_prop hwservicemanager_prop lmkd_prop locale_prop logd_prop logpersistd_logging_prop log_prop log_tag_prop lowpan_prop nfc_prop ota_prop permissive_mte_prop powerctl_prop qemu_hw_prop qemu_sf_lcd_density_prop radio_control_prop radio_prop serialno_prop surfaceflinger_color_prop system_prop system_user_mode_emulation_prop telephony_status_prop timezone_prop usb_control_prop vold_post_fs_data_prop wifi_hal_prop wifi_log_prop wifi_prop zram_control_prop virtual_face_prop virtual_fingerprint_prop avf_virtualizationservice_prop high_barometer_quality_prop mmd_prop mmd_shared_prop prefetch_boot_prop ))
(typeattribute keystore2_key_type)
(typeattributeset keystore2_key_type (keystore wifi_key shell_key su_key vold_key odsign_key locksettings_key resume_on_reboot_key ))
(typeattribute vendor_property_type)
@@ -778,13 +779,13 @@
(typeattribute app_api_service)
(typeattributeset app_api_service (batteryproperties_service gatekeeper_service gpu_service credstore_service mediatranscoding_service profiling_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_function_service app_hibernation_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service blob_store_service bluetooth_manager_service broadcastradio_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service device_policy_service device_state_service deviceidle_service device_identifiers_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service file_integrity_service font_service devicelock_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_stats_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service lock_settings_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service notification_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service powerstats_service power_service print_service procstats_service reboot_readiness_service registry_service remote_auth_service restrictions_service role_service rollback_service rttmanager_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service speech_recognition_service tare_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifiaware_service wifi_usd_service tethering_service ambient_context_service communal_service feature_flags_service incidentcompanion_service mediatuner_service on_device_intelligence_service protolog_configuration_service safety_center_service supervision_service wearable_sensing_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
(typeattribute ephemeral_app_api_service)
-(typeattributeset ephemeral_app_api_service (batteryproperties_service gpu_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_search_service appops_service appwidget_service assetatlas_service audio_service autofill_service backup_service batterystats_service bluetooth_manager_service clipboard_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service deviceidle_service device_identifiers_service display_service font_service devicelock_service dreams_service dropbox_service platform_compat_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hint_service imms_service input_method_service input_service ipsec_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service netpolicy_service netstats_service network_management_service notification_service package_service package_native_service permission_service permissionmgr_service permission_checker_service power_service print_service procstats_service registry_service restrictions_service rttmanager_service search_service security_state_service selection_toolbar_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service statusbar_service storagestats_service speech_recognition_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service timedetector_service translation_service tv_ad_service tv_iapp_service tv_input_service uimode_service uri_grants_service usagestats_service user_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_native_service voiceinteraction_service webviewupdate_service tethering_service supervision_service ))
+(typeattributeset ephemeral_app_api_service (batteryproperties_service gpu_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_search_service appops_service appwidget_service assetatlas_service audio_service autofill_service backup_service batterystats_service bluetooth_manager_service clipboard_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service deviceidle_service device_identifiers_service display_service font_service devicelock_service dreams_service dropbox_service platform_compat_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hint_service imms_service input_method_service input_service ipsec_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service netpolicy_service netstats_service network_management_service notification_service package_service package_native_service permission_service permissionmgr_service permission_checker_service power_service print_service procstats_service registry_service restrictions_service rttmanager_service search_service security_state_service selection_toolbar_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service statusbar_service storagestats_service speech_recognition_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service timedetector_service translation_service tv_ad_service tv_iapp_service tv_input_service uimode_service uri_grants_service usagestats_service user_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_native_service voiceinteraction_service webviewupdate_service tethering_service protolog_configuration_service supervision_service ))
(typeattribute system_api_service)
(typeattributeset system_api_service (device_config_updatable_service ondevicepersonalization_system_service adb_service adservices_manager_service app_hibernation_service app_integrity_service cacheinfo_service cpuinfo_service credential_service dbinfo_service device_state_service diskstats_service color_display_service gfxinfo_service intrusion_detection_service lock_settings_service meminfo_service network_score_service oem_lock_service overlay_service persistent_data_block_service resources_manager_service serial_service system_config_service system_server_dumper_service updatelock_service window_service inputflinger_service authentication_policy_service bg_install_control_service dynamic_system_service incidentcompanion_service protolog_configuration_service safety_center_service statsmanager_service ))
(typeattribute protected_service)
(typeattributeset protected_service (hal_audio_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_confirmationui_service hal_contexthub_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_composer_service hal_health_service hal_health_storage_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_mediaquality_service hal_memtrack_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service hal_vm_capabilities_service ))
(typeattribute service_manager_type)
-(typeattributeset service_manager_type (aidl_lazy_test_service apc_service apex_service artd_service artd_pre_reboot_service audioserver_service authorization_service batteryproperties_service bluetooth_service cameraserver_service fwk_camera_service default_android_service device_config_updatable_service dexopt_chroot_setup_service dnsresolver_service drmserver_service dumpstate_service evsmanagerd_service fingerprintd_service fwk_automotive_display_service gatekeeper_service gpu_service idmap_service incident_service installd_service credstore_service keystore_compat_hal_service keystore_maintenance_service keystore_metrics_service keystore_service legacykeystore_service lpdump_service mdns_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service mediatranscoding_service netd_service nfc_service ondevicepersonalization_system_service ot_daemon_service profiling_service radio_service secure_element_service service_manager_service storaged_service surfaceflinger_service system_app_service system_net_netd_service system_suspend_control_internal_service system_suspend_control_service update_engine_service update_engine_stable_service virtualization_service virtual_camera_service virtual_touchpad_service vold_service vr_hwc_service vrflinger_vsync_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_function_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifinl80211_service wifiaware_service wifi_usd_service window_service inputflinger_service tethering_service emergency_affordance_service hal_audio_service hal_audiocontrol_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_cas_service hal_codec2_service hal_confirmationui_service hal_contexthub_service hal_drm_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_allocator_service hal_graphics_composer_service hal_graphics_mapper_service hal_health_service hal_health_storage_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_mediaquality_service hal_memtrack_service hal_neuralnetworks_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service hal_vm_capabilities_service ambient_context_service authentication_policy_service attention_service bg_install_control_service compos_service communal_service dynamic_system_service feature_flags_service fwk_devicestate_service gsi_service incidentcompanion_service logcat_service logd_service mediatuner_service mmd_service on_device_intelligence_service profcollectd_service protolog_configuration_service resolver_service rkpd_registrar_service rkpd_refresh_service rkp_cert_processor_service safety_center_service stats_service statsbootstrap_service statscompanion_service statsmanager_service supervision_service tracingproxy_service tradeinmode_service transparency_service vfio_handler_service virtualization_maintenance_service vm_tethering_service vmnic_service uce_service fwk_vold_service wearable_sensing_service wifi_mainline_supplicant_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
+(typeattributeset service_manager_type (aidl_lazy_test_service apc_service apex_service artd_service artd_pre_reboot_service audioserver_service authorization_service batteryproperties_service bluetooth_service cameraserver_service fwk_camera_service default_android_service device_config_updatable_service dexopt_chroot_setup_service dnsresolver_service drmserver_service dumpstate_service evsmanagerd_service fingerprintd_service fwk_automotive_display_service fwk_vold_service gatekeeper_service gpu_service idmap_service incident_service installd_service credstore_service keystore_compat_hal_service keystore_maintenance_service keystore_metrics_service keystore_service legacykeystore_service lpdump_service mdns_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service mediatranscoding_service netd_service nfc_service ondevicepersonalization_system_service ot_daemon_service profiling_service radio_service secure_element_service service_manager_service storaged_service surfaceflinger_service system_app_service system_net_netd_service system_suspend_control_internal_service system_suspend_control_service update_engine_service update_engine_stable_service virtualization_service virtual_camera_service virtual_touchpad_service vold_service vr_hwc_service vrflinger_vsync_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_function_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifinl80211_service wifiaware_service wifi_usd_service window_service inputflinger_service tethering_service emergency_affordance_service hal_audio_service hal_audiocontrol_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_cas_service hal_codec2_service hal_confirmationui_service hal_contexthub_service hal_drm_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_allocator_service hal_graphics_composer_service hal_graphics_mapper_service hal_health_service hal_health_storage_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_mediaquality_service hal_memtrack_service hal_neuralnetworks_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service hal_vm_capabilities_service ambient_context_service authentication_policy_service attention_service bg_install_control_service compos_service communal_service dynamic_system_service feature_flags_service fwk_devicestate_service gsi_service incidentcompanion_service logcat_service logd_service mediatuner_service mmd_service on_device_intelligence_service profcollectd_service protolog_configuration_service resolver_service rkpd_registrar_service rkpd_refresh_service rkp_cert_processor_service safety_center_service stats_service statsbootstrap_service statscompanion_service statsmanager_service supervision_service tracingproxy_service tradeinmode_service transparency_service vfio_handler_service virtualization_maintenance_service vm_tethering_service vmnic_service uce_service wearable_sensing_service wifi_mainline_supplicant_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
(typeattribute hwservice_manager_type)
(typeattributeset hwservice_manager_type (default_android_hwservice fwk_camera_hwservice fwk_display_hwservice fwk_scheduler_hwservice fwk_sensor_hwservice fwk_stats_hwservice fwk_automotive_display_hwservice hal_atrace_hwservice hal_audio_hwservice hal_audiocontrol_hwservice hal_authsecret_hwservice hal_bluetooth_hwservice hal_bootctl_hwservice hal_broadcastradio_hwservice hal_camera_hwservice hal_can_bus_hwservice hal_can_controller_hwservice hal_confirmationui_hwservice hal_contexthub_hwservice hal_dumpstate_hwservice hal_evs_hwservice hal_face_hwservice hal_fingerprint_hwservice hal_gatekeeper_hwservice hal_gnss_hwservice hal_graphics_composer_hwservice hal_health_hwservice hal_health_storage_hwservice hal_input_classifier_hwservice hal_ir_hwservice hal_keymaster_hwservice hal_light_hwservice hal_lowpan_hwservice hal_memtrack_hwservice hal_nfc_hwservice hal_oemlock_hwservice hal_power_hwservice hal_power_stats_hwservice hal_secure_element_hwservice hal_sensors_hwservice hal_telephony_hwservice hal_tetheroffload_hwservice hal_thermal_hwservice hal_tv_cec_hwservice hal_tv_input_hwservice hal_tv_tuner_hwservice hal_usb_gadget_hwservice hal_usb_hwservice hal_vehicle_hwservice hal_vibrator_hwservice hal_vr_hwservice hal_weaver_hwservice hal_wifi_hostapd_hwservice hal_wifi_hwservice hal_wifi_supplicant_hwservice system_net_netd_hwservice system_suspend_hwservice system_wifi_keystore_hwservice fwk_bufferhub_hwservice hal_cas_hwservice hal_codec2_hwservice hal_configstore_ISurfaceFlingerConfigs hal_drm_hwservice hal_graphics_allocator_hwservice hal_graphics_mapper_hwservice hal_neuralnetworks_hwservice hal_omx_hwservice hal_renderscript_hwservice hidl_allocator_hwservice hidl_base_hwservice hidl_manager_hwservice hidl_memory_hwservice hidl_token_hwservice hal_lazy_test_hwservice ))
(typeattribute same_process_hwservice)
@@ -804,7 +805,7 @@
(typeattribute appdomain)
(typeattributeset appdomain (bluetooth ephemeral_app gmscore_app isolated_app isolated_compute_app mediaprovider network_stack nfc platform_app priv_app radio rkpdapp runas_app secure_element shared_relro shell simpleperf system_app traceur_app untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 device_as_webcam mediaprovider_app permissioncontroller_app sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next vmlauncher_app vzwomatrigger_app ))
(typeattribute untrusted_app_all)
-(typeattributeset untrusted_app_all (runas_app simpleperf untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))
+(typeattributeset untrusted_app_all (runas_app untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))
(typeattribute isolated_app_all)
(typeattributeset isolated_app_all (isolated_app isolated_compute_app ))
(typeattribute isolated_compute_allowed_service)
@@ -823,7 +824,7 @@
(typeattribute update_engine_common)
(typeattributeset update_engine_common (update_engine ))
(typeattribute coredomain)
-(typeattributeset coredomain (adbd apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd surfaceflinger system_app system_server tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc virtual_camera virtual_touchpad virtualizationmanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic wait_for_keymaster wifi_mainline_supplicant ))
+(typeattributeset coredomain (adbd apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd surfaceflinger system_app system_server tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc virtual_camera virtual_touchpad virtualizationmanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot overlay_remounter permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic wait_for_keymaster wifi_mainline_supplicant ))
(typeattribute vendor_hwservice_type)
(typeattribute coredomain_socket)
(expandtypeattribute (coredomain_socket) false)
@@ -1119,6 +1120,12 @@
(typeattributeset hal_health_storage_client (vold ))
(typeattribute hal_health_storage_server)
(expandtypeattribute (hal_health_storage_server) false)
+(typeattribute hal_hwcrypto)
+(expandtypeattribute (hal_hwcrypto) true)
+(typeattribute hal_hwcrypto_client)
+(expandtypeattribute (hal_hwcrypto_client) true)
+(typeattribute hal_hwcrypto_server)
+(expandtypeattribute (hal_hwcrypto_server) false)
(typeattribute hal_identity)
(expandtypeattribute (hal_identity) true)
(typeattribute hal_identity_client)
@@ -3185,6 +3192,8 @@
(roletype object_r cpu_variant_prop)
(type debugfs_restriction_prop)
(roletype object_r debugfs_restriction_prop)
+(type drm_config_prop)
+(roletype object_r drm_config_prop)
(type drm_service_config_prop)
(roletype object_r drm_service_config_prop)
(type exported_camera_prop)
@@ -3497,6 +3506,8 @@
(roletype object_r fingerprintd_service)
(type fwk_automotive_display_service)
(roletype object_r fwk_automotive_display_service)
+(type fwk_vold_service)
+(roletype object_r fwk_vold_service)
(type gatekeeper_service)
(roletype object_r gatekeeper_service)
(type gpu_service)
@@ -4612,6 +4623,8 @@
(roletype object_r sysfs_pgsize_migration)
(type sysfs_firmware_acpi_tables)
(roletype object_r sysfs_firmware_acpi_tables)
+(type pbtombstone_exec)
+(roletype object_r pbtombstone_exec)
(type storage_area_app_dir)
(roletype object_r storage_area_app_dir)
(type storage_area_dir)
@@ -4674,6 +4687,8 @@
(roletype object_r incident_helper_exec)
(type incidentd_exec)
(roletype object_r incidentd_exec)
+(type incidentd_userfaultfd)
+(roletype object_r incidentd_userfaultfd)
(type isolated_app_userfaultfd)
(roletype object_r isolated_app_userfaultfd)
(type isolated_compute_app_userfaultfd)
@@ -4782,6 +4797,10 @@
(roletype object_r otapreopt_slot)
(type otapreopt_slot_exec)
(roletype object_r otapreopt_slot_exec)
+(type overlay_remounter)
+(roletype object_r overlay_remounter)
+(type overlay_remounter_exec)
+(roletype object_r overlay_remounter_exec)
(type perfetto_exec)
(roletype object_r perfetto_exec)
(type perfetto_tmpfs)
@@ -4896,8 +4915,8 @@
(roletype object_r logd_auditrate_prop)
(type lower_kptr_restrict_prop)
(roletype object_r lower_kptr_restrict_prop)
-(type mmd_prop)
-(roletype object_r mmd_prop)
+(type mmd_status_prop)
+(roletype object_r mmd_status_prop)
(type net_464xlat_fromvendor_prop)
(roletype object_r net_464xlat_fromvendor_prop)
(type net_connectivity_prop)
@@ -4938,8 +4957,12 @@
(roletype object_r system_audio_config_prop)
(type timezone_metadata_prop)
(roletype object_r timezone_metadata_prop)
+(type traced_config_prop)
+(roletype object_r traced_config_prop)
(type traced_perf_enabled_prop)
(roletype object_r traced_perf_enabled_prop)
+(type traced_relay_relay_port_prop)
+(roletype object_r traced_relay_relay_port_prop)
(type uprobestats_start_with_config_prop)
(roletype object_r uprobestats_start_with_config_prop)
(type tuner_server_ctl_prop)
@@ -5000,10 +5023,12 @@
(roletype object_r avf_virtualizationservice_prop)
(type high_barometer_quality_prop)
(roletype object_r high_barometer_quality_prop)
+(type mmd_prop)
+(roletype object_r mmd_prop)
+(type mmd_shared_prop)
+(roletype object_r mmd_shared_prop)
(type prefetch_boot_prop)
(roletype object_r prefetch_boot_prop)
-(type widevine_sys_vendor_prop)
-(roletype object_r widevine_sys_vendor_prop)
(type radio_userfaultfd)
(roletype object_r radio_userfaultfd)
(type remount)
@@ -5110,8 +5135,6 @@
(roletype object_r vmnic_service)
(type uce_service)
(roletype object_r uce_service)
-(type fwk_vold_service)
-(roletype object_r fwk_vold_service)
(type wearable_sensing_service)
(roletype object_r wearable_sensing_service)
(type wifi_mainline_supplicant_service)
@@ -6733,152 +6756,152 @@
(neverallow base_typeattr_90 domain (process (fork)))
;;* lme
-;;* lmx 370 system/sepolicy/public/attributes
+;;* lmx 372 system/sepolicy/public/attributes
(neverallow base_typeattr_91 domain (process (fork)))
;;* lme
-;;* lmx 370 system/sepolicy/public/attributes
+;;* lmx 372 system/sepolicy/public/attributes
(neverallow base_typeattr_92 domain (process (fork)))
;;* lme
-;;* lmx 370 system/sepolicy/public/attributes
+;;* lmx 372 system/sepolicy/public/attributes
(neverallow base_typeattr_93 domain (process (fork)))
;;* lme
-;;* lmx 371 system/sepolicy/public/attributes
+;;* lmx 373 system/sepolicy/public/attributes
(neverallow base_typeattr_94 domain (process (fork)))
;;* lme
-;;* lmx 371 system/sepolicy/public/attributes
+;;* lmx 373 system/sepolicy/public/attributes
(neverallow base_typeattr_95 domain (process (fork)))
;;* lme
-;;* lmx 371 system/sepolicy/public/attributes
+;;* lmx 373 system/sepolicy/public/attributes
(neverallow base_typeattr_96 domain (process (fork)))
;;* lme
-;;* lmx 372 system/sepolicy/public/attributes
+;;* lmx 374 system/sepolicy/public/attributes
(neverallow base_typeattr_97 domain (process (fork)))
;;* lme
-;;* lmx 372 system/sepolicy/public/attributes
+;;* lmx 374 system/sepolicy/public/attributes
(neverallow base_typeattr_98 domain (process (fork)))
;;* lme
-;;* lmx 372 system/sepolicy/public/attributes
+;;* lmx 374 system/sepolicy/public/attributes
(neverallow base_typeattr_99 domain (process (fork)))
;;* lme
-;;* lmx 373 system/sepolicy/public/attributes
+;;* lmx 375 system/sepolicy/public/attributes
(neverallow base_typeattr_100 domain (process (fork)))
;;* lme
-;;* lmx 373 system/sepolicy/public/attributes
+;;* lmx 375 system/sepolicy/public/attributes
(neverallow base_typeattr_101 domain (process (fork)))
;;* lme
-;;* lmx 373 system/sepolicy/public/attributes
+;;* lmx 375 system/sepolicy/public/attributes
(neverallow base_typeattr_102 domain (process (fork)))
;;* lme
-;;* lmx 374 system/sepolicy/public/attributes
+;;* lmx 376 system/sepolicy/public/attributes
(neverallow base_typeattr_103 domain (process (fork)))
;;* lme
-;;* lmx 374 system/sepolicy/public/attributes
+;;* lmx 376 system/sepolicy/public/attributes
(neverallow base_typeattr_104 domain (process (fork)))
;;* lme
-;;* lmx 374 system/sepolicy/public/attributes
+;;* lmx 376 system/sepolicy/public/attributes
(neverallow base_typeattr_105 domain (process (fork)))
;;* lme
-;;* lmx 375 system/sepolicy/public/attributes
+;;* lmx 377 system/sepolicy/public/attributes
(neverallow base_typeattr_106 domain (process (fork)))
;;* lme
-;;* lmx 375 system/sepolicy/public/attributes
+;;* lmx 377 system/sepolicy/public/attributes
(neverallow base_typeattr_107 domain (process (fork)))
;;* lme
-;;* lmx 375 system/sepolicy/public/attributes
+;;* lmx 377 system/sepolicy/public/attributes
(neverallow base_typeattr_108 domain (process (fork)))
;;* lme
-;;* lmx 376 system/sepolicy/public/attributes
+;;* lmx 378 system/sepolicy/public/attributes
(neverallow base_typeattr_109 domain (process (fork)))
;;* lme
-;;* lmx 376 system/sepolicy/public/attributes
+;;* lmx 378 system/sepolicy/public/attributes
(neverallow base_typeattr_110 domain (process (fork)))
;;* lme
-;;* lmx 376 system/sepolicy/public/attributes
+;;* lmx 378 system/sepolicy/public/attributes
(neverallow base_typeattr_111 domain (process (fork)))
;;* lme
-;;* lmx 377 system/sepolicy/public/attributes
+;;* lmx 379 system/sepolicy/public/attributes
(neverallow base_typeattr_112 domain (process (fork)))
;;* lme
-;;* lmx 377 system/sepolicy/public/attributes
+;;* lmx 379 system/sepolicy/public/attributes
(neverallow base_typeattr_113 domain (process (fork)))
;;* lme
-;;* lmx 377 system/sepolicy/public/attributes
+;;* lmx 379 system/sepolicy/public/attributes
(neverallow base_typeattr_114 domain (process (fork)))
;;* lme
-;;* lmx 378 system/sepolicy/public/attributes
+;;* lmx 380 system/sepolicy/public/attributes
(neverallow base_typeattr_115 domain (process (fork)))
;;* lme
-;;* lmx 378 system/sepolicy/public/attributes
+;;* lmx 380 system/sepolicy/public/attributes
(neverallow base_typeattr_116 domain (process (fork)))
;;* lme
-;;* lmx 378 system/sepolicy/public/attributes
+;;* lmx 380 system/sepolicy/public/attributes
(neverallow base_typeattr_117 domain (process (fork)))
;;* lme
-;;* lmx 379 system/sepolicy/public/attributes
+;;* lmx 381 system/sepolicy/public/attributes
(neverallow base_typeattr_118 domain (process (fork)))
;;* lme
-;;* lmx 379 system/sepolicy/public/attributes
+;;* lmx 381 system/sepolicy/public/attributes
(neverallow base_typeattr_119 domain (process (fork)))
;;* lme
-;;* lmx 379 system/sepolicy/public/attributes
+;;* lmx 381 system/sepolicy/public/attributes
(neverallow base_typeattr_120 domain (process (fork)))
;;* lme
@@ -6898,392 +6921,392 @@
(neverallow base_typeattr_123 domain (process (fork)))
;;* lme
-;;* lmx 383 system/sepolicy/public/attributes
+;;* lmx 385 system/sepolicy/public/attributes
(neverallow base_typeattr_124 domain (process (fork)))
;;* lme
-;;* lmx 383 system/sepolicy/public/attributes
+;;* lmx 385 system/sepolicy/public/attributes
(neverallow base_typeattr_125 domain (process (fork)))
;;* lme
-;;* lmx 383 system/sepolicy/public/attributes
+;;* lmx 385 system/sepolicy/public/attributes
(neverallow base_typeattr_126 domain (process (fork)))
;;* lme
-;;* lmx 384 system/sepolicy/public/attributes
+;;* lmx 386 system/sepolicy/public/attributes
(neverallow base_typeattr_127 domain (process (fork)))
;;* lme
-;;* lmx 384 system/sepolicy/public/attributes
+;;* lmx 386 system/sepolicy/public/attributes
(neverallow base_typeattr_128 domain (process (fork)))
;;* lme
-;;* lmx 384 system/sepolicy/public/attributes
+;;* lmx 386 system/sepolicy/public/attributes
(neverallow base_typeattr_129 domain (process (fork)))
;;* lme
-;;* lmx 385 system/sepolicy/public/attributes
+;;* lmx 387 system/sepolicy/public/attributes
(neverallow base_typeattr_130 domain (process (fork)))
;;* lme
-;;* lmx 385 system/sepolicy/public/attributes
+;;* lmx 387 system/sepolicy/public/attributes
(neverallow base_typeattr_131 domain (process (fork)))
;;* lme
-;;* lmx 385 system/sepolicy/public/attributes
+;;* lmx 387 system/sepolicy/public/attributes
(neverallow base_typeattr_132 domain (process (fork)))
;;* lme
-;;* lmx 386 system/sepolicy/public/attributes
+;;* lmx 388 system/sepolicy/public/attributes
(neverallow base_typeattr_133 domain (process (fork)))
;;* lme
-;;* lmx 386 system/sepolicy/public/attributes
+;;* lmx 388 system/sepolicy/public/attributes
(neverallow base_typeattr_134 domain (process (fork)))
;;* lme
-;;* lmx 386 system/sepolicy/public/attributes
+;;* lmx 388 system/sepolicy/public/attributes
(neverallow base_typeattr_135 domain (process (fork)))
;;* lme
-;;* lmx 387 system/sepolicy/public/attributes
+;;* lmx 389 system/sepolicy/public/attributes
(neverallow base_typeattr_136 domain (process (fork)))
;;* lme
-;;* lmx 387 system/sepolicy/public/attributes
+;;* lmx 389 system/sepolicy/public/attributes
(neverallow base_typeattr_137 domain (process (fork)))
;;* lme
-;;* lmx 387 system/sepolicy/public/attributes
+;;* lmx 389 system/sepolicy/public/attributes
(neverallow base_typeattr_138 domain (process (fork)))
;;* lme
-;;* lmx 388 system/sepolicy/public/attributes
+;;* lmx 390 system/sepolicy/public/attributes
(neverallow base_typeattr_139 domain (process (fork)))
;;* lme
-;;* lmx 388 system/sepolicy/public/attributes
+;;* lmx 390 system/sepolicy/public/attributes
(neverallow base_typeattr_140 domain (process (fork)))
;;* lme
-;;* lmx 388 system/sepolicy/public/attributes
+;;* lmx 390 system/sepolicy/public/attributes
(neverallow base_typeattr_141 domain (process (fork)))
;;* lme
-;;* lmx 389 system/sepolicy/public/attributes
+;;* lmx 391 system/sepolicy/public/attributes
(neverallow base_typeattr_142 domain (process (fork)))
;;* lme
-;;* lmx 389 system/sepolicy/public/attributes
+;;* lmx 391 system/sepolicy/public/attributes
(neverallow base_typeattr_143 domain (process (fork)))
;;* lme
-;;* lmx 389 system/sepolicy/public/attributes
+;;* lmx 391 system/sepolicy/public/attributes
(neverallow base_typeattr_144 domain (process (fork)))
;;* lme
-;;* lmx 390 system/sepolicy/public/attributes
+;;* lmx 392 system/sepolicy/public/attributes
(neverallow base_typeattr_145 domain (process (fork)))
;;* lme
-;;* lmx 390 system/sepolicy/public/attributes
+;;* lmx 392 system/sepolicy/public/attributes
(neverallow base_typeattr_146 domain (process (fork)))
;;* lme
-;;* lmx 390 system/sepolicy/public/attributes
+;;* lmx 392 system/sepolicy/public/attributes
(neverallow base_typeattr_147 domain (process (fork)))
;;* lme
-;;* lmx 391 system/sepolicy/public/attributes
+;;* lmx 393 system/sepolicy/public/attributes
(neverallow base_typeattr_148 domain (process (fork)))
;;* lme
-;;* lmx 391 system/sepolicy/public/attributes
+;;* lmx 393 system/sepolicy/public/attributes
(neverallow base_typeattr_149 domain (process (fork)))
;;* lme
-;;* lmx 391 system/sepolicy/public/attributes
+;;* lmx 393 system/sepolicy/public/attributes
(neverallow base_typeattr_150 domain (process (fork)))
;;* lme
-;;* lmx 392 system/sepolicy/public/attributes
+;;* lmx 394 system/sepolicy/public/attributes
(neverallow base_typeattr_151 domain (process (fork)))
;;* lme
-;;* lmx 392 system/sepolicy/public/attributes
+;;* lmx 394 system/sepolicy/public/attributes
(neverallow base_typeattr_152 domain (process (fork)))
;;* lme
-;;* lmx 392 system/sepolicy/public/attributes
+;;* lmx 394 system/sepolicy/public/attributes
(neverallow base_typeattr_153 domain (process (fork)))
;;* lme
-;;* lmx 393 system/sepolicy/public/attributes
+;;* lmx 395 system/sepolicy/public/attributes
(neverallow base_typeattr_154 domain (process (fork)))
;;* lme
-;;* lmx 393 system/sepolicy/public/attributes
+;;* lmx 395 system/sepolicy/public/attributes
(neverallow base_typeattr_155 domain (process (fork)))
;;* lme
-;;* lmx 393 system/sepolicy/public/attributes
+;;* lmx 395 system/sepolicy/public/attributes
(neverallow base_typeattr_156 domain (process (fork)))
;;* lme
-;;* lmx 394 system/sepolicy/public/attributes
+;;* lmx 396 system/sepolicy/public/attributes
(neverallow base_typeattr_157 domain (process (fork)))
;;* lme
-;;* lmx 394 system/sepolicy/public/attributes
+;;* lmx 396 system/sepolicy/public/attributes
(neverallow base_typeattr_158 domain (process (fork)))
;;* lme
-;;* lmx 394 system/sepolicy/public/attributes
+;;* lmx 396 system/sepolicy/public/attributes
(neverallow base_typeattr_159 domain (process (fork)))
;;* lme
-;;* lmx 395 system/sepolicy/public/attributes
+;;* lmx 397 system/sepolicy/public/attributes
(neverallow base_typeattr_160 domain (process (fork)))
;;* lme
-;;* lmx 395 system/sepolicy/public/attributes
+;;* lmx 397 system/sepolicy/public/attributes
(neverallow base_typeattr_161 domain (process (fork)))
;;* lme
-;;* lmx 395 system/sepolicy/public/attributes
+;;* lmx 397 system/sepolicy/public/attributes
(neverallow base_typeattr_162 domain (process (fork)))
;;* lme
-;;* lmx 396 system/sepolicy/public/attributes
+;;* lmx 398 system/sepolicy/public/attributes
(neverallow base_typeattr_163 domain (process (fork)))
;;* lme
-;;* lmx 396 system/sepolicy/public/attributes
+;;* lmx 398 system/sepolicy/public/attributes
(neverallow base_typeattr_164 domain (process (fork)))
;;* lme
-;;* lmx 396 system/sepolicy/public/attributes
+;;* lmx 398 system/sepolicy/public/attributes
(neverallow base_typeattr_165 domain (process (fork)))
;;* lme
-;;* lmx 397 system/sepolicy/public/attributes
+;;* lmx 399 system/sepolicy/public/attributes
(neverallow base_typeattr_166 domain (process (fork)))
;;* lme
-;;* lmx 397 system/sepolicy/public/attributes
+;;* lmx 399 system/sepolicy/public/attributes
(neverallow base_typeattr_167 domain (process (fork)))
;;* lme
-;;* lmx 397 system/sepolicy/public/attributes
+;;* lmx 399 system/sepolicy/public/attributes
(neverallow base_typeattr_168 domain (process (fork)))
;;* lme
-;;* lmx 398 system/sepolicy/public/attributes
+;;* lmx 400 system/sepolicy/public/attributes
(neverallow base_typeattr_169 domain (process (fork)))
;;* lme
-;;* lmx 398 system/sepolicy/public/attributes
+;;* lmx 400 system/sepolicy/public/attributes
(neverallow base_typeattr_170 domain (process (fork)))
;;* lme
-;;* lmx 398 system/sepolicy/public/attributes
+;;* lmx 400 system/sepolicy/public/attributes
(neverallow base_typeattr_171 domain (process (fork)))
;;* lme
-;;* lmx 399 system/sepolicy/public/attributes
+;;* lmx 401 system/sepolicy/public/attributes
(neverallow base_typeattr_172 domain (process (fork)))
;;* lme
-;;* lmx 399 system/sepolicy/public/attributes
+;;* lmx 401 system/sepolicy/public/attributes
(neverallow base_typeattr_173 domain (process (fork)))
;;* lme
-;;* lmx 399 system/sepolicy/public/attributes
+;;* lmx 401 system/sepolicy/public/attributes
(neverallow base_typeattr_174 domain (process (fork)))
;;* lme
-;;* lmx 400 system/sepolicy/public/attributes
+;;* lmx 402 system/sepolicy/public/attributes
(neverallow base_typeattr_175 domain (process (fork)))
;;* lme
-;;* lmx 400 system/sepolicy/public/attributes
+;;* lmx 402 system/sepolicy/public/attributes
(neverallow base_typeattr_176 domain (process (fork)))
;;* lme
-;;* lmx 400 system/sepolicy/public/attributes
+;;* lmx 402 system/sepolicy/public/attributes
(neverallow base_typeattr_177 domain (process (fork)))
;;* lme
-;;* lmx 401 system/sepolicy/public/attributes
+;;* lmx 403 system/sepolicy/public/attributes
(neverallow base_typeattr_178 domain (process (fork)))
;;* lme
-;;* lmx 401 system/sepolicy/public/attributes
+;;* lmx 403 system/sepolicy/public/attributes
(neverallow base_typeattr_179 domain (process (fork)))
;;* lme
-;;* lmx 401 system/sepolicy/public/attributes
+;;* lmx 403 system/sepolicy/public/attributes
(neverallow base_typeattr_180 domain (process (fork)))
;;* lme
-;;* lmx 402 system/sepolicy/public/attributes
+;;* lmx 404 system/sepolicy/public/attributes
(neverallow base_typeattr_181 domain (process (fork)))
;;* lme
-;;* lmx 402 system/sepolicy/public/attributes
+;;* lmx 404 system/sepolicy/public/attributes
(neverallow base_typeattr_182 domain (process (fork)))
;;* lme
-;;* lmx 402 system/sepolicy/public/attributes
+;;* lmx 404 system/sepolicy/public/attributes
(neverallow base_typeattr_183 domain (process (fork)))
;;* lme
-;;* lmx 403 system/sepolicy/public/attributes
+;;* lmx 405 system/sepolicy/public/attributes
(neverallow base_typeattr_184 domain (process (fork)))
;;* lme
-;;* lmx 403 system/sepolicy/public/attributes
+;;* lmx 405 system/sepolicy/public/attributes
(neverallow base_typeattr_185 domain (process (fork)))
;;* lme
-;;* lmx 403 system/sepolicy/public/attributes
+;;* lmx 405 system/sepolicy/public/attributes
(neverallow base_typeattr_186 domain (process (fork)))
;;* lme
-;;* lmx 404 system/sepolicy/public/attributes
+;;* lmx 406 system/sepolicy/public/attributes
(neverallow base_typeattr_187 domain (process (fork)))
;;* lme
-;;* lmx 404 system/sepolicy/public/attributes
+;;* lmx 406 system/sepolicy/public/attributes
(neverallow base_typeattr_188 domain (process (fork)))
;;* lme
-;;* lmx 404 system/sepolicy/public/attributes
+;;* lmx 406 system/sepolicy/public/attributes
(neverallow base_typeattr_189 domain (process (fork)))
;;* lme
-;;* lmx 405 system/sepolicy/public/attributes
+;;* lmx 407 system/sepolicy/public/attributes
(neverallow base_typeattr_190 domain (process (fork)))
;;* lme
-;;* lmx 405 system/sepolicy/public/attributes
+;;* lmx 407 system/sepolicy/public/attributes
(neverallow base_typeattr_191 domain (process (fork)))
;;* lme
-;;* lmx 405 system/sepolicy/public/attributes
+;;* lmx 407 system/sepolicy/public/attributes
(neverallow base_typeattr_192 domain (process (fork)))
;;* lme
-;;* lmx 406 system/sepolicy/public/attributes
+;;* lmx 408 system/sepolicy/public/attributes
(neverallow base_typeattr_193 domain (process (fork)))
;;* lme
-;;* lmx 406 system/sepolicy/public/attributes
+;;* lmx 408 system/sepolicy/public/attributes
(neverallow base_typeattr_194 domain (process (fork)))
;;* lme
-;;* lmx 406 system/sepolicy/public/attributes
+;;* lmx 408 system/sepolicy/public/attributes
(neverallow base_typeattr_195 domain (process (fork)))
;;* lme
-;;* lmx 407 system/sepolicy/public/attributes
+;;* lmx 409 system/sepolicy/public/attributes
(neverallow base_typeattr_196 domain (process (fork)))
;;* lme
-;;* lmx 407 system/sepolicy/public/attributes
+;;* lmx 409 system/sepolicy/public/attributes
(neverallow base_typeattr_197 domain (process (fork)))
;;* lme
-;;* lmx 407 system/sepolicy/public/attributes
+;;* lmx 409 system/sepolicy/public/attributes
(neverallow base_typeattr_198 domain (process (fork)))
;;* lme
-;;* lmx 408 system/sepolicy/public/attributes
+;;* lmx 410 system/sepolicy/public/attributes
(neverallow base_typeattr_199 domain (process (fork)))
;;* lme
-;;* lmx 408 system/sepolicy/public/attributes
+;;* lmx 410 system/sepolicy/public/attributes
(neverallow base_typeattr_200 domain (process (fork)))
;;* lme
-;;* lmx 408 system/sepolicy/public/attributes
+;;* lmx 410 system/sepolicy/public/attributes
(neverallow base_typeattr_201 domain (process (fork)))
;;* lme
@@ -7303,699 +7326,714 @@
(neverallow base_typeattr_204 domain (process (fork)))
;;* lme
-;;* lmx 412 system/sepolicy/public/attributes
+;;* lmx 414 system/sepolicy/public/attributes
(neverallow base_typeattr_205 domain (process (fork)))
;;* lme
-;;* lmx 412 system/sepolicy/public/attributes
+;;* lmx 414 system/sepolicy/public/attributes
(neverallow base_typeattr_206 domain (process (fork)))
;;* lme
-;;* lmx 412 system/sepolicy/public/attributes
+;;* lmx 414 system/sepolicy/public/attributes
(neverallow base_typeattr_207 domain (process (fork)))
;;* lme
-;;* lmx 413 system/sepolicy/public/attributes
+;;* lmx 415 system/sepolicy/public/attributes
(neverallow base_typeattr_208 domain (process (fork)))
;;* lme
-;;* lmx 413 system/sepolicy/public/attributes
+;;* lmx 415 system/sepolicy/public/attributes
(neverallow base_typeattr_209 domain (process (fork)))
;;* lme
-;;* lmx 413 system/sepolicy/public/attributes
+;;* lmx 415 system/sepolicy/public/attributes
(neverallow base_typeattr_210 domain (process (fork)))
;;* lme
-;;* lmx 414 system/sepolicy/public/attributes
+;;* lmx 416 system/sepolicy/public/attributes
(neverallow base_typeattr_211 domain (process (fork)))
;;* lme
-;;* lmx 414 system/sepolicy/public/attributes
+;;* lmx 416 system/sepolicy/public/attributes
(neverallow base_typeattr_212 domain (process (fork)))
;;* lme
-;;* lmx 414 system/sepolicy/public/attributes
+;;* lmx 416 system/sepolicy/public/attributes
(neverallow base_typeattr_213 domain (process (fork)))
;;* lme
-;;* lmx 415 system/sepolicy/public/attributes
+;;* lmx 417 system/sepolicy/public/attributes
(neverallow base_typeattr_214 domain (process (fork)))
;;* lme
-;;* lmx 415 system/sepolicy/public/attributes
+;;* lmx 417 system/sepolicy/public/attributes
(neverallow base_typeattr_215 domain (process (fork)))
;;* lme
-;;* lmx 415 system/sepolicy/public/attributes
+;;* lmx 417 system/sepolicy/public/attributes
(neverallow base_typeattr_216 domain (process (fork)))
;;* lme
-;;* lmx 416 system/sepolicy/public/attributes
+;;* lmx 418 system/sepolicy/public/attributes
(neverallow base_typeattr_217 domain (process (fork)))
;;* lme
-;;* lmx 416 system/sepolicy/public/attributes
+;;* lmx 418 system/sepolicy/public/attributes
(neverallow base_typeattr_218 domain (process (fork)))
;;* lme
-;;* lmx 416 system/sepolicy/public/attributes
+;;* lmx 418 system/sepolicy/public/attributes
(neverallow base_typeattr_219 domain (process (fork)))
;;* lme
-;;* lmx 417 system/sepolicy/public/attributes
+;;* lmx 419 system/sepolicy/public/attributes
(neverallow base_typeattr_220 domain (process (fork)))
;;* lme
-;;* lmx 417 system/sepolicy/public/attributes
+;;* lmx 419 system/sepolicy/public/attributes
(neverallow base_typeattr_221 domain (process (fork)))
;;* lme
-;;* lmx 417 system/sepolicy/public/attributes
+;;* lmx 419 system/sepolicy/public/attributes
(neverallow base_typeattr_222 domain (process (fork)))
;;* lme
-;;* lmx 418 system/sepolicy/public/attributes
+;;* lmx 420 system/sepolicy/public/attributes
(neverallow base_typeattr_223 domain (process (fork)))
;;* lme
-;;* lmx 418 system/sepolicy/public/attributes
+;;* lmx 420 system/sepolicy/public/attributes
(neverallow base_typeattr_224 domain (process (fork)))
;;* lme
-;;* lmx 418 system/sepolicy/public/attributes
+;;* lmx 420 system/sepolicy/public/attributes
(neverallow base_typeattr_225 domain (process (fork)))
;;* lme
-;;* lmx 472 system/sepolicy/public/attributes
+;;* lmx 421 system/sepolicy/public/attributes
(neverallow base_typeattr_226 domain (process (fork)))
;;* lme
-;;* lmx 472 system/sepolicy/public/attributes
+;;* lmx 421 system/sepolicy/public/attributes
(neverallow base_typeattr_227 domain (process (fork)))
;;* lme
-;;* lmx 472 system/sepolicy/public/attributes
+;;* lmx 421 system/sepolicy/public/attributes
(neverallow base_typeattr_228 domain (process (fork)))
;;* lme
+;;* lmx 475 system/sepolicy/public/attributes
+
+(neverallow base_typeattr_229 domain (process (fork)))
+;;* lme
+
+;;* lmx 475 system/sepolicy/public/attributes
+
+(neverallow base_typeattr_230 domain (process (fork)))
+;;* lme
+
+;;* lmx 475 system/sepolicy/public/attributes
+
+(neverallow base_typeattr_231 domain (process (fork)))
+;;* lme
+
;;* lmx 6 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 apexd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 apexd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 bootloader_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 bootloader_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 8 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_activity_manager_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_activity_manager_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 9 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_boot_count_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_boot_count_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 10 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_input_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_input_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 11 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_netd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_netd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 12 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_reset_performed_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_reset_performed_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 firstboot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 firstboot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 boottime_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 boottime_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 charger_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 charger_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 cold_boot_done_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 cold_boot_done_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_apexd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_apexd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_bootanim_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_bootanim_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_bugreport_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_bugreport_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_console_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_console_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_dumpstate_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_dumpstate_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_fuse_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_fuse_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_gsid_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_gsid_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_interface_restart_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_interface_restart_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_interface_stop_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_interface_stop_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_mdnsd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_mdnsd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_restart_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_restart_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_rildaemon_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_rildaemon_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ctl_sigstop_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_sigstop_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 dynamic_system_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 dynamic_system_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 heapprofd_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 heapprofd_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 llkd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 llkd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 lpdumpd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 lpdumpd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 mmc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 mmc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 mock_ota_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 mock_ota_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 net_dns_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 net_dns_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 overlay_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 overlay_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 persistent_properties_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 persistent_properties_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 safemode_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 safemode_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 system_lmk_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 system_lmk_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 system_trace_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 system_trace_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 test_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 test_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 time_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 time_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 traced_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 traced_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 traced_lazy_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 traced_lazy_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 53 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 aac_drc_prop (property_service (set)))
+(neverallow base_typeattr_232 aac_drc_prop (property_service (set)))
;;* lme
;;* lmx 54 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 adaptive_haptics_prop (property_service (set)))
+(neverallow base_typeattr_232 adaptive_haptics_prop (property_service (set)))
;;* lme
;;* lmx 55 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 apex_ready_prop (property_service (set)))
+(neverallow base_typeattr_232 apex_ready_prop (property_service (set)))
;;* lme
;;* lmx 56 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 arm64_memtag_prop (property_service (set)))
+(neverallow base_typeattr_232 arm64_memtag_prop (property_service (set)))
;;* lme
;;* lmx 57 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 binder_cache_bluetooth_server_prop (property_service (set)))
+(neverallow base_typeattr_232 binder_cache_bluetooth_server_prop (property_service (set)))
;;* lme
;;* lmx 58 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 binder_cache_system_server_prop (property_service (set)))
+(neverallow base_typeattr_232 binder_cache_system_server_prop (property_service (set)))
;;* lme
;;* lmx 59 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 binder_cache_telephony_server_prop (property_service (set)))
+(neverallow base_typeattr_232 binder_cache_telephony_server_prop (property_service (set)))
;;* lme
;;* lmx 60 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 boot_status_prop (property_service (set)))
+(neverallow base_typeattr_232 boot_status_prop (property_service (set)))
;;* lme
;;* lmx 61 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 bootanim_system_prop (property_service (set)))
+(neverallow base_typeattr_232 bootanim_system_prop (property_service (set)))
;;* lme
;;* lmx 62 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 bootloader_prop (property_service (set)))
+(neverallow base_typeattr_232 bootloader_prop (property_service (set)))
;;* lme
;;* lmx 63 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 boottime_public_prop (property_service (set)))
+(neverallow base_typeattr_232 boottime_public_prop (property_service (set)))
;;* lme
;;* lmx 64 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 bq_config_prop (property_service (set)))
+(neverallow base_typeattr_232 bq_config_prop (property_service (set)))
;;* lme
;;* lmx 65 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 build_bootimage_prop (property_service (set)))
+(neverallow base_typeattr_232 build_bootimage_prop (property_service (set)))
;;* lme
;;* lmx 66 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 build_prop (property_service (set)))
+(neverallow base_typeattr_232 build_prop (property_service (set)))
;;* lme
;;* lmx 67 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 composd_vm_art_prop (property_service (set)))
+(neverallow base_typeattr_232 composd_vm_art_prop (property_service (set)))
;;* lme
;;* lmx 68 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_aconfig_flags_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_aconfig_flags_prop (property_service (set)))
;;* lme
;;* lmx 69 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_camera_native_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_camera_native_prop (property_service (set)))
;;* lme
;;* lmx 70 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_edgetpu_native_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_edgetpu_native_prop (property_service (set)))
;;* lme
;;* lmx 71 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_media_native_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_media_native_prop (property_service (set)))
;;* lme
;;* lmx 72 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_nnapi_native_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_nnapi_native_prop (property_service (set)))
;;* lme
;;* lmx 73 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_runtime_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_runtime_native_boot_prop (property_service (set)))
;;* lme
;;* lmx 74 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_runtime_native_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_runtime_native_prop (property_service (set)))
;;* lme
;;* lmx 75 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_surface_flinger_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_surface_flinger_native_boot_prop (property_service (set)))
;;* lme
;;* lmx 76 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_vendor_system_native_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_vendor_system_native_prop (property_service (set)))
;;* lme
;;* lmx 77 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_config_vendor_system_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_vendor_system_native_boot_prop (property_service (set)))
;;* lme
;;* lmx 78 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 drm_forcel3_prop (property_service (set)))
+(neverallow base_typeattr_232 drm_forcel3_prop (property_service (set)))
;;* lme
;;* lmx 79 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 fingerprint_prop (property_service (set)))
+(neverallow base_typeattr_232 fingerprint_prop (property_service (set)))
;;* lme
;;* lmx 80 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 gwp_asan_prop (property_service (set)))
+(neverallow base_typeattr_232 gwp_asan_prop (property_service (set)))
;;* lme
;;* lmx 81 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 hal_instrumentation_prop (property_service (set)))
+(neverallow base_typeattr_232 hal_instrumentation_prop (property_service (set)))
;;* lme
;;* lmx 82 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 userdebug_or_eng_prop (property_service (set)))
+(neverallow base_typeattr_232 userdebug_or_eng_prop (property_service (set)))
;;* lme
;;* lmx 83 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 init_service_status_prop (property_service (set)))
+(neverallow base_typeattr_232 init_service_status_prop (property_service (set)))
;;* lme
;;* lmx 84 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 libc_debug_prop (property_service (set)))
+(neverallow base_typeattr_232 libc_debug_prop (property_service (set)))
;;* lme
;;* lmx 85 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 module_sdkextensions_prop (property_service (set)))
+(neverallow base_typeattr_232 module_sdkextensions_prop (property_service (set)))
;;* lme
;;* lmx 86 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 nnapi_ext_deny_product_prop (property_service (set)))
+(neverallow base_typeattr_232 nnapi_ext_deny_product_prop (property_service (set)))
;;* lme
;;* lmx 87 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 persist_wm_debug_prop (property_service (set)))
+(neverallow base_typeattr_232 persist_wm_debug_prop (property_service (set)))
;;* lme
;;* lmx 88 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 power_debug_prop (property_service (set)))
+(neverallow base_typeattr_232 power_debug_prop (property_service (set)))
;;* lme
;;* lmx 89 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 property_service_version_prop (property_service (set)))
+(neverallow base_typeattr_232 property_service_version_prop (property_service (set)))
;;* lme
;;* lmx 90 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 provisioned_prop (property_service (set)))
+(neverallow base_typeattr_232 provisioned_prop (property_service (set)))
;;* lme
;;* lmx 91 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 restorecon_prop (property_service (set)))
+(neverallow base_typeattr_232 restorecon_prop (property_service (set)))
;;* lme
;;* lmx 92 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 retaildemo_prop (property_service (set)))
+(neverallow base_typeattr_232 retaildemo_prop (property_service (set)))
;;* lme
;;* lmx 93 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 servicemanager_prop (property_service (set)))
+(neverallow base_typeattr_232 servicemanager_prop (property_service (set)))
;;* lme
;;* lmx 94 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 smart_idle_maint_enabled_prop (property_service (set)))
+(neverallow base_typeattr_232 smart_idle_maint_enabled_prop (property_service (set)))
;;* lme
;;* lmx 95 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 socket_hook_prop (property_service (set)))
+(neverallow base_typeattr_232 socket_hook_prop (property_service (set)))
;;* lme
;;* lmx 96 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 sqlite_log_prop (property_service (set)))
+(neverallow base_typeattr_232 sqlite_log_prop (property_service (set)))
;;* lme
;;* lmx 97 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 surfaceflinger_display_prop (property_service (set)))
+(neverallow base_typeattr_232 surfaceflinger_display_prop (property_service (set)))
;;* lme
;;* lmx 98 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 system_boot_reason_prop (property_service (set)))
+(neverallow base_typeattr_232 system_boot_reason_prop (property_service (set)))
;;* lme
;;* lmx 99 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 system_jvmti_agent_prop (property_service (set)))
+(neverallow base_typeattr_232 system_jvmti_agent_prop (property_service (set)))
;;* lme
;;* lmx 100 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 traced_oome_heap_session_count_prop (property_service (set)))
+(neverallow base_typeattr_232 traced_oome_heap_session_count_prop (property_service (set)))
;;* lme
;;* lmx 101 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 ab_update_gki_prop (property_service (set)))
+(neverallow base_typeattr_232 ab_update_gki_prop (property_service (set)))
;;* lme
;;* lmx 102 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 usb_prop (property_service (set)))
+(neverallow base_typeattr_232 usb_prop (property_service (set)))
;;* lme
;;* lmx 103 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 userspace_reboot_exported_prop (property_service (set)))
+(neverallow base_typeattr_232 userspace_reboot_exported_prop (property_service (set)))
;;* lme
;;* lmx 104 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 vold_status_prop (property_service (set)))
+(neverallow base_typeattr_232 vold_status_prop (property_service (set)))
;;* lme
;;* lmx 105 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 vts_status_prop (property_service (set)))
+(neverallow base_typeattr_232 vts_status_prop (property_service (set)))
;;* lme
;;* lmx 107 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 enable_16k_pages_prop (property_service (set)))
+(neverallow base_typeattr_232 enable_16k_pages_prop (property_service (set)))
;;* lme
;;* lmx 107 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 profcollectd_etr_prop (property_service (set)))
+(neverallow base_typeattr_232 profcollectd_etr_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 config_prop (property_service (set)))
+(neverallow base_typeattr_232 config_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 cppreopt_prop (property_service (set)))
+(neverallow base_typeattr_232 cppreopt_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 dalvik_prop (property_service (set)))
+(neverallow base_typeattr_232 dalvik_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 debuggerd_prop (property_service (set)))
+(neverallow base_typeattr_232 debuggerd_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 device_logging_prop (property_service (set)))
+(neverallow base_typeattr_232 device_logging_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 dhcp_prop (property_service (set)))
+(neverallow base_typeattr_232 dhcp_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 dumpstate_prop (property_service (set)))
+(neverallow base_typeattr_232 dumpstate_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 exported3_system_prop (property_service (set)))
+(neverallow base_typeattr_232 exported3_system_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 exported_dumpstate_prop (property_service (set)))
+(neverallow base_typeattr_232 exported_dumpstate_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 exported_secure_prop (property_service (set)))
+(neverallow base_typeattr_232 exported_secure_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 heapprofd_prop (property_service (set)))
+(neverallow base_typeattr_232 heapprofd_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 net_radio_prop (property_service (set)))
+(neverallow base_typeattr_232 net_radio_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 pan_result_prop (property_service (set)))
+(neverallow base_typeattr_232 pan_result_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 persist_debug_prop (property_service (set)))
+(neverallow base_typeattr_232 persist_debug_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 shell_prop (property_service (set)))
+(neverallow base_typeattr_232 shell_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 test_harness_prop (property_service (set)))
+(neverallow base_typeattr_232 test_harness_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 theme_prop (property_service (set)))
+(neverallow base_typeattr_232 theme_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 use_memfd_prop (property_service (set)))
+(neverallow base_typeattr_232 use_memfd_prop (property_service (set)))
;;* lme
;;* lmx 112 system/sepolicy/public/property.te
-(neverallow base_typeattr_229 vold_prop (property_service (set)))
+(neverallow base_typeattr_232 vold_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8004,7 +8042,7 @@
(allow vendor_init apexd_config_prop (file (read getattr map open)))
;;* lmx 136 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 apexd_config_prop (property_service (set)))
+(neverallow base_typeattr_233 apexd_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8013,7 +8051,7 @@
(allow vendor_init apexd_select_prop (file (read getattr map open)))
;;* lmx 137 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 apexd_select_prop (property_service (set)))
+(neverallow base_typeattr_233 apexd_select_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8022,7 +8060,7 @@
(allow vendor_init aaudio_config_prop (file (read getattr map open)))
;;* lmx 138 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 aaudio_config_prop (property_service (set)))
+(neverallow base_typeattr_233 aaudio_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8031,7 +8069,7 @@
(allow vendor_init apk_verity_prop (file (read getattr map open)))
;;* lmx 139 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 apk_verity_prop (property_service (set)))
+(neverallow base_typeattr_233 apk_verity_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8040,7 +8078,7 @@
(allow vendor_init audio_config_prop (file (read getattr map open)))
;;* lmx 140 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 audio_config_prop (property_service (set)))
+(neverallow base_typeattr_233 audio_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8049,7 +8087,7 @@
(allow vendor_init bootanim_config_prop (file (read getattr map open)))
;;* lmx 141 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 bootanim_config_prop (property_service (set)))
+(neverallow base_typeattr_233 bootanim_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8058,7 +8096,7 @@
(allow vendor_init bluetooth_config_prop (file (read getattr map open)))
;;* lmx 142 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 bluetooth_config_prop (property_service (set)))
+(neverallow base_typeattr_233 bluetooth_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8067,7 +8105,7 @@
(allow vendor_init build_attestation_prop (file (read getattr map open)))
;;* lmx 143 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 build_attestation_prop (property_service (set)))
+(neverallow base_typeattr_233 build_attestation_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8076,7 +8114,7 @@
(allow vendor_init build_config_prop (file (read getattr map open)))
;;* lmx 144 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 build_config_prop (property_service (set)))
+(neverallow base_typeattr_233 build_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8085,7 +8123,7 @@
(allow vendor_init build_odm_prop (file (read getattr map open)))
;;* lmx 145 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 build_odm_prop (property_service (set)))
+(neverallow base_typeattr_233 build_odm_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8094,7 +8132,7 @@
(allow vendor_init build_vendor_prop (file (read getattr map open)))
;;* lmx 146 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 build_vendor_prop (property_service (set)))
+(neverallow base_typeattr_233 build_vendor_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8103,7 +8141,7 @@
(allow vendor_init camera_calibration_prop (file (read getattr map open)))
;;* lmx 147 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 camera_calibration_prop (property_service (set)))
+(neverallow base_typeattr_233 camera_calibration_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8112,7 +8150,7 @@
(allow vendor_init camera_config_prop (file (read getattr map open)))
;;* lmx 148 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 camera_config_prop (property_service (set)))
+(neverallow base_typeattr_233 camera_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8121,7 +8159,7 @@
(allow vendor_init camera2_extensions_prop (file (read getattr map open)))
;;* lmx 149 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 camera2_extensions_prop (property_service (set)))
+(neverallow base_typeattr_233 camera2_extensions_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8130,7 +8168,7 @@
(allow vendor_init camerax_extensions_prop (file (read getattr map open)))
;;* lmx 150 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 camerax_extensions_prop (property_service (set)))
+(neverallow base_typeattr_233 camerax_extensions_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8139,7 +8177,7 @@
(allow vendor_init charger_config_prop (file (read getattr map open)))
;;* lmx 151 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 charger_config_prop (property_service (set)))
+(neverallow base_typeattr_233 charger_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8148,7 +8186,7 @@
(allow vendor_init codec2_config_prop (file (read getattr map open)))
;;* lmx 152 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 codec2_config_prop (property_service (set)))
+(neverallow base_typeattr_233 codec2_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8157,7 +8195,7 @@
(allow vendor_init composd_vm_vendor_prop (file (read getattr map open)))
;;* lmx 153 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 composd_vm_vendor_prop (property_service (set)))
+(neverallow base_typeattr_233 composd_vm_vendor_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8166,7 +8204,7 @@
(allow vendor_init cpu_variant_prop (file (read getattr map open)))
;;* lmx 154 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 cpu_variant_prop (property_service (set)))
+(neverallow base_typeattr_233 cpu_variant_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
@@ -8175,533 +8213,542 @@
(allow vendor_init debugfs_restriction_prop (file (read getattr map open)))
;;* lmx 155 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 debugfs_restriction_prop (property_service (set)))
+(neverallow base_typeattr_233 debugfs_restriction_prop (property_service (set)))
+;;* lme
+
+(allow vendor_init property_socket (sock_file (write)))
+(allow vendor_init init (unix_stream_socket (connectto)))
+(allow vendor_init drm_config_prop (property_service (set)))
+(allow vendor_init drm_config_prop (file (read getattr map open)))
+;;* lmx 156 system/sepolicy/public/property.te
+
+(neverallow base_typeattr_233 drm_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init drm_service_config_prop (property_service (set)))
(allow vendor_init drm_service_config_prop (file (read getattr map open)))
-;;* lmx 156 system/sepolicy/public/property.te
+;;* lmx 159 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 drm_service_config_prop (property_service (set)))
+(neverallow base_typeattr_233 drm_service_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init exported_camera_prop (property_service (set)))
(allow vendor_init exported_camera_prop (file (read getattr map open)))
-;;* lmx 157 system/sepolicy/public/property.te
+;;* lmx 160 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 exported_camera_prop (property_service (set)))
+(neverallow base_typeattr_233 exported_camera_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init exported_config_prop (property_service (set)))
(allow vendor_init exported_config_prop (file (read getattr map open)))
-;;* lmx 158 system/sepolicy/public/property.te
+;;* lmx 161 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 exported_config_prop (property_service (set)))
+(neverallow base_typeattr_233 exported_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init exported_default_prop (property_service (set)))
(allow vendor_init exported_default_prop (file (read getattr map open)))
-;;* lmx 159 system/sepolicy/public/property.te
+;;* lmx 162 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 exported_default_prop (property_service (set)))
+(neverallow base_typeattr_233 exported_default_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init ffs_config_prop (property_service (set)))
(allow vendor_init ffs_config_prop (file (read getattr map open)))
-;;* lmx 160 system/sepolicy/public/property.te
+;;* lmx 163 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 ffs_config_prop (property_service (set)))
+(neverallow base_typeattr_233 ffs_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init framework_watchdog_config_prop (property_service (set)))
(allow vendor_init framework_watchdog_config_prop (file (read getattr map open)))
-;;* lmx 161 system/sepolicy/public/property.te
+;;* lmx 164 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 framework_watchdog_config_prop (property_service (set)))
+(neverallow base_typeattr_233 framework_watchdog_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init graphics_config_prop (property_service (set)))
(allow vendor_init graphics_config_prop (file (read getattr map open)))
-;;* lmx 162 system/sepolicy/public/property.te
+;;* lmx 165 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 graphics_config_prop (property_service (set)))
+(neverallow base_typeattr_233 graphics_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init hdmi_config_prop (property_service (set)))
(allow vendor_init hdmi_config_prop (file (read getattr map open)))
-;;* lmx 163 system/sepolicy/public/property.te
+;;* lmx 166 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 hdmi_config_prop (property_service (set)))
+(neverallow base_typeattr_233 hdmi_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init hw_timeout_multiplier_prop (property_service (set)))
(allow vendor_init hw_timeout_multiplier_prop (file (read getattr map open)))
-;;* lmx 164 system/sepolicy/public/property.te
+;;* lmx 167 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 hw_timeout_multiplier_prop (property_service (set)))
+(neverallow base_typeattr_233 hw_timeout_multiplier_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init hypervisor_prop (property_service (set)))
(allow vendor_init hypervisor_prop (file (read getattr map open)))
-;;* lmx 165 system/sepolicy/public/property.te
+;;* lmx 168 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 hypervisor_prop (property_service (set)))
+(neverallow base_typeattr_233 hypervisor_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init hypervisor_restricted_prop (property_service (set)))
(allow vendor_init hypervisor_restricted_prop (file (read getattr map open)))
-;;* lmx 166 system/sepolicy/public/property.te
+;;* lmx 169 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 hypervisor_restricted_prop (property_service (set)))
+(neverallow base_typeattr_233 hypervisor_restricted_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init incremental_prop (property_service (set)))
(allow vendor_init incremental_prop (file (read getattr map open)))
-;;* lmx 167 system/sepolicy/public/property.te
+;;* lmx 170 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 incremental_prop (property_service (set)))
+(neverallow base_typeattr_233 incremental_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init input_device_config_prop (property_service (set)))
(allow vendor_init input_device_config_prop (file (read getattr map open)))
-;;* lmx 168 system/sepolicy/public/property.te
+;;* lmx 171 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 input_device_config_prop (property_service (set)))
+(neverallow base_typeattr_233 input_device_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init keyguard_config_prop (property_service (set)))
(allow vendor_init keyguard_config_prop (file (read getattr map open)))
-;;* lmx 169 system/sepolicy/public/property.te
+;;* lmx 172 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 keyguard_config_prop (property_service (set)))
+(neverallow base_typeattr_233 keyguard_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init keystore_config_prop (property_service (set)))
(allow vendor_init keystore_config_prop (file (read getattr map open)))
-;;* lmx 170 system/sepolicy/public/property.te
+;;* lmx 173 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 keystore_config_prop (property_service (set)))
+(neverallow base_typeattr_233 keystore_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init lmkd_config_prop (property_service (set)))
(allow vendor_init lmkd_config_prop (file (read getattr map open)))
-;;* lmx 171 system/sepolicy/public/property.te
+;;* lmx 174 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 lmkd_config_prop (property_service (set)))
+(neverallow base_typeattr_233 lmkd_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init media_config_prop (property_service (set)))
(allow vendor_init media_config_prop (file (read getattr map open)))
-;;* lmx 172 system/sepolicy/public/property.te
+;;* lmx 175 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 media_config_prop (property_service (set)))
+(neverallow base_typeattr_233 media_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init media_variant_prop (property_service (set)))
(allow vendor_init media_variant_prop (file (read getattr map open)))
-;;* lmx 173 system/sepolicy/public/property.te
+;;* lmx 176 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 media_variant_prop (property_service (set)))
+(neverallow base_typeattr_233 media_variant_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init mediadrm_config_prop (property_service (set)))
(allow vendor_init mediadrm_config_prop (file (read getattr map open)))
-;;* lmx 174 system/sepolicy/public/property.te
+;;* lmx 177 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 mediadrm_config_prop (property_service (set)))
+(neverallow base_typeattr_233 mediadrm_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init mm_events_config_prop (property_service (set)))
(allow vendor_init mm_events_config_prop (file (read getattr map open)))
-;;* lmx 175 system/sepolicy/public/property.te
+;;* lmx 178 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 mm_events_config_prop (property_service (set)))
+(neverallow base_typeattr_233 mm_events_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init oem_unlock_prop (property_service (set)))
(allow vendor_init oem_unlock_prop (file (read getattr map open)))
-;;* lmx 176 system/sepolicy/public/property.te
+;;* lmx 179 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 oem_unlock_prop (property_service (set)))
+(neverallow base_typeattr_233 oem_unlock_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init ota_build_prop (property_service (set)))
(allow vendor_init ota_build_prop (file (read getattr map open)))
-;;* lmx 177 system/sepolicy/public/property.te
+;;* lmx 180 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 ota_build_prop (property_service (set)))
+(neverallow base_typeattr_233 ota_build_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init packagemanager_config_prop (property_service (set)))
(allow vendor_init packagemanager_config_prop (file (read getattr map open)))
-;;* lmx 178 system/sepolicy/public/property.te
+;;* lmx 181 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 packagemanager_config_prop (property_service (set)))
+(neverallow base_typeattr_233 packagemanager_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init quick_start_prop (property_service (set)))
(allow vendor_init quick_start_prop (file (read getattr map open)))
-;;* lmx 179 system/sepolicy/public/property.te
+;;* lmx 182 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 quick_start_prop (property_service (set)))
+(neverallow base_typeattr_233 quick_start_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init recovery_config_prop (property_service (set)))
(allow vendor_init recovery_config_prop (file (read getattr map open)))
-;;* lmx 180 system/sepolicy/public/property.te
+;;* lmx 183 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 recovery_config_prop (property_service (set)))
+(neverallow base_typeattr_233 recovery_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init recovery_usb_config_prop (property_service (set)))
(allow vendor_init recovery_usb_config_prop (file (read getattr map open)))
-;;* lmx 181 system/sepolicy/public/property.te
+;;* lmx 184 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 recovery_usb_config_prop (property_service (set)))
+(neverallow base_typeattr_233 recovery_usb_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init sendbug_config_prop (property_service (set)))
(allow vendor_init sendbug_config_prop (file (read getattr map open)))
-;;* lmx 182 system/sepolicy/public/property.te
+;;* lmx 185 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 sendbug_config_prop (property_service (set)))
+(neverallow base_typeattr_233 sendbug_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init soc_prop (property_service (set)))
(allow vendor_init soc_prop (file (read getattr map open)))
-;;* lmx 183 system/sepolicy/public/property.te
+;;* lmx 186 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 soc_prop (property_service (set)))
+(neverallow base_typeattr_233 soc_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init storage_config_prop (property_service (set)))
(allow vendor_init storage_config_prop (file (read getattr map open)))
-;;* lmx 184 system/sepolicy/public/property.te
+;;* lmx 187 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 storage_config_prop (property_service (set)))
+(neverallow base_typeattr_233 storage_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init storagemanager_config_prop (property_service (set)))
(allow vendor_init storagemanager_config_prop (file (read getattr map open)))
-;;* lmx 185 system/sepolicy/public/property.te
+;;* lmx 188 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 storagemanager_config_prop (property_service (set)))
+(neverallow base_typeattr_233 storagemanager_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init surfaceflinger_prop (property_service (set)))
(allow vendor_init surfaceflinger_prop (file (read getattr map open)))
-;;* lmx 186 system/sepolicy/public/property.te
+;;* lmx 189 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 surfaceflinger_prop (property_service (set)))
+(neverallow base_typeattr_233 surfaceflinger_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init suspend_prop (property_service (set)))
(allow vendor_init suspend_prop (file (read getattr map open)))
-;;* lmx 187 system/sepolicy/public/property.te
+;;* lmx 190 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 suspend_prop (property_service (set)))
+(neverallow base_typeattr_233 suspend_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init systemsound_config_prop (property_service (set)))
(allow vendor_init systemsound_config_prop (file (read getattr map open)))
-;;* lmx 188 system/sepolicy/public/property.te
+;;* lmx 191 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 systemsound_config_prop (property_service (set)))
+(neverallow base_typeattr_233 systemsound_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init telephony_config_prop (property_service (set)))
(allow vendor_init telephony_config_prop (file (read getattr map open)))
-;;* lmx 189 system/sepolicy/public/property.te
+;;* lmx 192 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 telephony_config_prop (property_service (set)))
+(neverallow base_typeattr_233 telephony_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init threadnetwork_config_prop (property_service (set)))
(allow vendor_init threadnetwork_config_prop (file (read getattr map open)))
-;;* lmx 190 system/sepolicy/public/property.te
+;;* lmx 193 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 threadnetwork_config_prop (property_service (set)))
+(neverallow base_typeattr_233 threadnetwork_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init tombstone_config_prop (property_service (set)))
(allow vendor_init tombstone_config_prop (file (read getattr map open)))
-;;* lmx 191 system/sepolicy/public/property.te
+;;* lmx 194 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 tombstone_config_prop (property_service (set)))
+(neverallow base_typeattr_233 tombstone_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init usb_config_prop (property_service (set)))
(allow vendor_init usb_config_prop (file (read getattr map open)))
-;;* lmx 192 system/sepolicy/public/property.te
+;;* lmx 195 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 usb_config_prop (property_service (set)))
+(neverallow base_typeattr_233 usb_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init userspace_reboot_config_prop (property_service (set)))
(allow vendor_init userspace_reboot_config_prop (file (read getattr map open)))
-;;* lmx 193 system/sepolicy/public/property.te
+;;* lmx 196 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 userspace_reboot_config_prop (property_service (set)))
+(neverallow base_typeattr_233 userspace_reboot_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init vehicle_hal_prop (property_service (set)))
(allow vendor_init vehicle_hal_prop (file (read getattr map open)))
-;;* lmx 194 system/sepolicy/public/property.te
+;;* lmx 197 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 vehicle_hal_prop (property_service (set)))
+(neverallow base_typeattr_233 vehicle_hal_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init vendor_security_patch_level_prop (property_service (set)))
(allow vendor_init vendor_security_patch_level_prop (file (read getattr map open)))
-;;* lmx 195 system/sepolicy/public/property.te
+;;* lmx 198 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 vendor_security_patch_level_prop (property_service (set)))
+(neverallow base_typeattr_233 vendor_security_patch_level_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init vendor_socket_hook_prop (property_service (set)))
(allow vendor_init vendor_socket_hook_prop (file (read getattr map open)))
-;;* lmx 196 system/sepolicy/public/property.te
+;;* lmx 199 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 vendor_socket_hook_prop (property_service (set)))
+(neverallow base_typeattr_233 vendor_socket_hook_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init virtual_ab_prop (property_service (set)))
(allow vendor_init virtual_ab_prop (file (read getattr map open)))
-;;* lmx 197 system/sepolicy/public/property.te
+;;* lmx 200 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 virtual_ab_prop (property_service (set)))
+(neverallow base_typeattr_233 virtual_ab_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init vndk_prop (property_service (set)))
(allow vendor_init vndk_prop (file (read getattr map open)))
-;;* lmx 198 system/sepolicy/public/property.te
+;;* lmx 201 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 vndk_prop (property_service (set)))
+(neverallow base_typeattr_233 vndk_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init vts_config_prop (property_service (set)))
(allow vendor_init vts_config_prop (file (read getattr map open)))
-;;* lmx 199 system/sepolicy/public/property.te
+;;* lmx 202 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 vts_config_prop (property_service (set)))
+(neverallow base_typeattr_233 vts_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init vold_config_prop (property_service (set)))
(allow vendor_init vold_config_prop (file (read getattr map open)))
-;;* lmx 200 system/sepolicy/public/property.te
+;;* lmx 203 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 vold_config_prop (property_service (set)))
+(neverallow base_typeattr_233 vold_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init wifi_config_prop (property_service (set)))
(allow vendor_init wifi_config_prop (file (read getattr map open)))
-;;* lmx 201 system/sepolicy/public/property.te
+;;* lmx 204 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 wifi_config_prop (property_service (set)))
+(neverallow base_typeattr_233 wifi_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init zram_config_prop (property_service (set)))
(allow vendor_init zram_config_prop (file (read getattr map open)))
-;;* lmx 202 system/sepolicy/public/property.te
+;;* lmx 205 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 zram_config_prop (property_service (set)))
+(neverallow base_typeattr_233 zram_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init zygote_config_prop (property_service (set)))
(allow vendor_init zygote_config_prop (file (read getattr map open)))
-;;* lmx 203 system/sepolicy/public/property.te
+;;* lmx 206 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 zygote_config_prop (property_service (set)))
+(neverallow base_typeattr_233 zygote_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init dck_prop (property_service (set)))
(allow vendor_init dck_prop (file (read getattr map open)))
-;;* lmx 204 system/sepolicy/public/property.te
+;;* lmx 207 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 dck_prop (property_service (set)))
+(neverallow base_typeattr_233 dck_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init tuner_config_prop (property_service (set)))
(allow vendor_init tuner_config_prop (file (read getattr map open)))
-;;* lmx 205 system/sepolicy/public/property.te
+;;* lmx 208 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 tuner_config_prop (property_service (set)))
+(neverallow base_typeattr_233 tuner_config_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init usb_uvc_enabled_prop (property_service (set)))
(allow vendor_init usb_uvc_enabled_prop (file (read getattr map open)))
-;;* lmx 206 system/sepolicy/public/property.te
+;;* lmx 209 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 usb_uvc_enabled_prop (property_service (set)))
+(neverallow base_typeattr_233 usb_uvc_enabled_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init setupwizard_mode_prop (property_service (set)))
(allow vendor_init setupwizard_mode_prop (file (read getattr map open)))
-;;* lmx 207 system/sepolicy/public/property.te
+;;* lmx 210 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 setupwizard_mode_prop (property_service (set)))
+(neverallow base_typeattr_233 setupwizard_mode_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init pm_archiving_enabled_prop (property_service (set)))
(allow vendor_init pm_archiving_enabled_prop (file (read getattr map open)))
-;;* lmx 208 system/sepolicy/public/property.te
+;;* lmx 211 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 pm_archiving_enabled_prop (property_service (set)))
+(neverallow base_typeattr_233 pm_archiving_enabled_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init trusty_security_vm_sys_vendor_prop (property_service (set)))
(allow vendor_init trusty_security_vm_sys_vendor_prop (file (read getattr map open)))
-;;* lmx 209 system/sepolicy/public/property.te
+;;* lmx 212 system/sepolicy/public/property.te
-(neverallow base_typeattr_230 trusty_security_vm_sys_vendor_prop (property_service (set)))
-;;* lme
-
-;;* lmx 276 system/sepolicy/public/property.te
-
-(neverallow base_typeattr_229 default_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_233 trusty_security_vm_sys_vendor_prop (property_service (set)))
;;* lme
;;* lmx 279 system/sepolicy/public/property.te
-(neverallow base_typeattr_231 rebootescrow_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 default_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 282 system/sepolicy/public/property.te
-(neverallow base_typeattr_231 virtual_face_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_234 rebootescrow_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 288 system/sepolicy/public/property.te
+;;* lmx 285 system/sepolicy/public/property.te
-(neverallow base_typeattr_231 virtual_fingerprint_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_234 virtual_face_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 358 system/sepolicy/public/property.te
+;;* lmx 291 system/sepolicy/public/property.te
-(neverallow base_typeattr_231 vendor_default_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_234 virtual_fingerprint_hal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+;;* lme
+
+;;* lmx 361 system/sepolicy/public/property.te
+
+(neverallow base_typeattr_234 vendor_default_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 1 system/sepolicy/private/attributes
-(neverallow base_typeattr_232 domain (process (fork)))
+(neverallow base_typeattr_235 domain (process (fork)))
;;* lme
;;* lmx 1 system/sepolicy/private/attributes
-(neverallow base_typeattr_233 domain (process (fork)))
+(neverallow base_typeattr_236 domain (process (fork)))
;;* lme
;;* lmx 1 system/sepolicy/private/attributes
-(neverallow base_typeattr_234 domain (process (fork)))
+(neverallow base_typeattr_237 domain (process (fork)))
;;* lme
(allow init aconfigd_exec (file (read getattr map execute open)))
@@ -8723,32 +8770,32 @@
(dontaudit aconfigd apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 37 system/sepolicy/private/aconfigd.te
-(neverallow base_typeattr_235 aconfigd (process (transition)))
+(neverallow base_typeattr_238 aconfigd (process (transition)))
;;* lme
;;* lmx 38 system/sepolicy/private/aconfigd.te
-(neverallow base_typeattr_236 aconfigd (process (dyntransition)))
+(neverallow base_typeattr_239 aconfigd (process (dyntransition)))
;;* lme
;;* lmx 48 system/sepolicy/private/aconfigd.te
-(neverallow base_typeattr_237 aconfig_storage_metadata_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_240 aconfig_storage_metadata_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 54 system/sepolicy/private/aconfigd.te
-(neverallow base_typeattr_237 aconfig_storage_metadata_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_240 aconfig_storage_metadata_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 64 system/sepolicy/private/aconfigd.te
-(neverallow base_typeattr_237 aconfig_storage_flags_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_240 aconfig_storage_flags_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 70 system/sepolicy/private/aconfigd.te
-(neverallow base_typeattr_237 aconfig_storage_flags_metadata_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_240 aconfig_storage_flags_metadata_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow init aconfigd_mainline_exec (file (read getattr map execute open)))
@@ -8768,12 +8815,12 @@
(dontaudit aconfigd_mainline apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 37 system/sepolicy/private/aconfigd_mainline.te
-(neverallow base_typeattr_235 aconfigd_mainline (process (transition)))
+(neverallow base_typeattr_238 aconfigd_mainline (process (transition)))
;;* lme
;;* lmx 38 system/sepolicy/private/aconfigd_mainline.te
-(neverallow base_typeattr_236 aconfigd_mainline (process (dyntransition)))
+(neverallow base_typeattr_239 aconfigd_mainline (process (dyntransition)))
;;* lme
(allow init adbd_exec (file (read getattr map execute open)))
@@ -8888,6 +8935,8 @@
(allow adbd perfetto (process (signal)))
(allow adbd perfetto_traces_data_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow adbd perfetto_traces_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow adbd perfetto_traces_profiling_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow adbd perfetto_traces_profiling_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow adbd perfetto_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow adbd perfetto_configs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
(allow adbd shell (unix_stream_socket (read write shutdown)))
@@ -8905,26 +8954,27 @@
(allow adbd shell_test_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
(allow adbd shell_test_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
(allow adbd shell_test_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-;;* lmx 220 system/sepolicy/private/adbd.te
+;;* lmx 224 system/sepolicy/private/adbd.te
-(neverallow adbd base_typeattr_238 (process (transition)))
-;;* lme
-
-;;* lmx 226 system/sepolicy/private/adbd.te
-
-(neverallow adbd base_typeattr_239 (process (dyntransition)))
-;;* lme
-
-;;* lmx 229 system/sepolicy/private/adbd.te
-
-(neverallow base_typeattr_235 adbd (process (transition)))
+(neverallow adbd base_typeattr_241 (process (transition)))
;;* lme
;;* lmx 230 system/sepolicy/private/adbd.te
-(neverallow base_typeattr_236 adbd (process (dyntransition)))
+(neverallow adbd base_typeattr_242 (process (dyntransition)))
;;* lme
+;;* lmx 233 system/sepolicy/private/adbd.te
+
+(neverallow base_typeattr_238 adbd (process (transition)))
+;;* lme
+
+;;* lmx 234 system/sepolicy/private/adbd.te
+
+(neverallow base_typeattr_239 adbd (process (dyntransition)))
+;;* lme
+
+(allow adbd cgroup_v2 (file (read)))
(allow adbd_common mdnsd_socket (sock_file (write)))
(allow adbd_common mdnsd (unix_stream_socket (connectto)))
(dontaudit adbd_common self (socket (create)))
@@ -8972,7 +9022,7 @@
(allow apexd apex_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_240 apex_service (service_manager (add)))
+(neverallow base_typeattr_243 apex_service (service_manager (add)))
;;* lme
(allow apexd apex_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -9055,7 +9105,7 @@
(allowx apexd apexd_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
;;* lmx 146 system/sepolicy/private/apexd.te
-(neverallowx base_typeattr_236 apexd_devpts (ioctl chr_file (0x5412)))
+(neverallowx base_typeattr_239 apexd_devpts (ioctl chr_file (0x5412)))
;;* lme
(allow apexd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
@@ -9095,77 +9145,77 @@
(allow apexd system_server (fd (use)))
;;* lmx 202 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_241 apex_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_244 apex_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 203 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_241 apex_metadata_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_244 apex_metadata_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 204 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_242 apex_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_245 apex_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 205 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_242 apex_metadata_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_245 apex_metadata_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 206 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_240 apex_mnt_dir (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_243 apex_mnt_dir (lnk_file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 208 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_243 apex_module_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_246 apex_module_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 209 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_243 apex_module_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_246 apex_module_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 211 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_243 apex_rollback_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_246 apex_rollback_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 212 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_243 apex_rollback_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_246 apex_rollback_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 215 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_241 apexd_prop (property_service (set)))
+(neverallow base_typeattr_244 apexd_prop (property_service (set)))
;;* lme
;;* lmx 218 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_240 apex_info_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_243 apex_info_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 226 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_244 apex_mnt_dir (filesystem (mount unmount)))
+(neverallow base_typeattr_247 apex_mnt_dir (filesystem (mount unmount)))
;;* lme
;;* lmx 227 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_245 apex_mnt_dir (dir (mounton)))
+(neverallow base_typeattr_248 apex_mnt_dir (dir (mounton)))
;;* lme
;;* lmx 232 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_246 apex_service (service_manager (find)))
+(neverallow base_typeattr_249 apex_service (service_manager (find)))
;;* lme
;;* lmx 234 system/sepolicy/private/apexd.te
-(neverallow base_typeattr_247 apexd (binder (call)))
+(neverallow base_typeattr_250 apexd (binder (call)))
;;* lme
;;* lmx 236 system/sepolicy/private/apexd.te
@@ -9176,9 +9226,9 @@
(allow apexd_derive_classpath apexd (fd (use)))
(allow apexd_derive_classpath apex_mnt_dir (file (write open)))
(allow apexd_derive_classpath apexd_devpts (chr_file (read write)))
-(allow base_typeattr_248 proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_248 proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_248 proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_251 proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_251 proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_251 proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain test_harness_prop (file (read getattr map open)))
(allow appdomain boot_status_prop (file (read getattr map open)))
(allow appdomain dalvik_config_prop_type (file (read getattr map open)))
@@ -9201,7 +9251,7 @@
(dontaudit appdomain storage_stub_file (dir (getattr)))
(dontaudit appdomain system_data_file (dir (write)))
(dontaudit appdomain vendor_default_prop (file (read)))
-(allow base_typeattr_249 mnt_media_rw_file (dir (search)))
+(allow base_typeattr_252 mnt_media_rw_file (dir (search)))
(allow appdomain system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
(allow appdomain sendbug_config_prop (file (read getattr map open)))
(allow appdomain graphics_config_prop (file (read getattr map open)))
@@ -9213,83 +9263,83 @@
(allow appdomain apex_art_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain apex_art_data_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow appdomain tombstone_data_file (file (read getattr)))
-(allow base_typeattr_250 shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
-(allow base_typeattr_250 toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
-(allow base_typeattr_250 vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_250 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_250 vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_250 vendor_app_file (file (execute)))
-(allow base_typeattr_251 vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_251 vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_253 shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
+(allow base_typeattr_253 toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
+(allow base_typeattr_253 vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_253 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_253 vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_253 vendor_app_file (file (execute)))
+(allow base_typeattr_254 vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_254 vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain sdk_sandbox_all (binder (call transfer)))
(allow sdk_sandbox_all appdomain (binder (transfer)))
(allow appdomain sdk_sandbox_all (fd (use)))
(allow appdomain virtual_camera (binder (call transfer)))
(allow virtual_camera appdomain (binder (transfer)))
(allow appdomain virtual_camera (fd (use)))
-(allow base_typeattr_251 storage_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 storage_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_251 mnt_user_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 mnt_user_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_251 sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow base_typeattr_251 fuse (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow base_typeattr_251 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_251 fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_251 media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow base_typeattr_251 media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_251 usb_device (chr_file (ioctl read write getattr)))
-(allow base_typeattr_251 usbaccessory_device (chr_file (read write getattr)))
-(allow base_typeattr_250 logd_socket (sock_file (write)))
-(allow base_typeattr_250 logd (unix_stream_socket (connectto)))
-(allow base_typeattr_251 keystore (keystore2_key (delete get_info grant rebind update use)))
-(allow base_typeattr_251 keystore_maintenance_service (service_manager (find)))
-(allow base_typeattr_251 apc_service (service_manager (find)))
-(allow base_typeattr_251 keystore_service (service_manager (find)))
-(allow base_typeattr_251 legacykeystore_service (service_manager (find)))
-(allow base_typeattr_251 keystore (binder (call transfer)))
-(allow keystore base_typeattr_251 (binder (transfer)))
-(allow base_typeattr_251 keystore (fd (use)))
-(allow keystore base_typeattr_251 (binder (call transfer)))
-(allow base_typeattr_251 keystore (binder (transfer)))
-(allow keystore base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 credstore_service (service_manager (find)))
-(allow base_typeattr_251 credstore (binder (call transfer)))
-(allow credstore base_typeattr_251 (binder (transfer)))
-(allow base_typeattr_251 credstore (fd (use)))
-(allow credstore base_typeattr_251 (binder (call transfer)))
-(allow base_typeattr_251 credstore (binder (transfer)))
-(allow credstore base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 persistent_data_block_service (service_manager (find)))
-(allow base_typeattr_251 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_251 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
-(allow base_typeattr_251 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
-(allow base_typeattr_251 pdx_display_client_server_type (fd (use)))
-(allow pdx_display_client_server_type base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 pdx_display_manager_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 pdx_display_manager_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_251 pdx_display_manager_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
-(allow base_typeattr_251 pdx_display_manager_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
-(allow base_typeattr_251 pdx_display_manager_server_type (fd (use)))
-(allow pdx_display_manager_server_type base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 pdx_display_vsync_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 pdx_display_vsync_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_251 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
-(allow base_typeattr_251 pdx_display_vsync_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
-(allow base_typeattr_251 pdx_display_vsync_server_type (fd (use)))
-(allow pdx_display_vsync_server_type base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_251 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_251 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
-(allow base_typeattr_251 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
-(allow base_typeattr_251 pdx_performance_client_server_type (fd (use)))
-(allow pdx_performance_client_server_type base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
-(allow base_typeattr_251 pdx_bufferhub_client_server_type (fd (use)))
-(allow pdx_bufferhub_client_server_type base_typeattr_251 (fd (use)))
-(allow base_typeattr_251 tun_device (chr_file (ioctl read write getattr append)))
-(allowx base_typeattr_251 tun_device (ioctl chr_file (0x54d2)))
+(allow base_typeattr_254 storage_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 storage_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_254 mnt_user_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 mnt_user_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_254 sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(allow base_typeattr_254 fuse (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(allow base_typeattr_254 sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_254 fuse (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_254 media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(allow base_typeattr_254 media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_254 usb_device (chr_file (ioctl read write getattr)))
+(allow base_typeattr_254 usbaccessory_device (chr_file (read write getattr)))
+(allow base_typeattr_253 logd_socket (sock_file (write)))
+(allow base_typeattr_253 logd (unix_stream_socket (connectto)))
+(allow base_typeattr_254 keystore (keystore2_key (delete get_info grant rebind update use)))
+(allow base_typeattr_254 keystore_maintenance_service (service_manager (find)))
+(allow base_typeattr_254 apc_service (service_manager (find)))
+(allow base_typeattr_254 keystore_service (service_manager (find)))
+(allow base_typeattr_254 legacykeystore_service (service_manager (find)))
+(allow base_typeattr_254 keystore (binder (call transfer)))
+(allow keystore base_typeattr_254 (binder (transfer)))
+(allow base_typeattr_254 keystore (fd (use)))
+(allow keystore base_typeattr_254 (binder (call transfer)))
+(allow base_typeattr_254 keystore (binder (transfer)))
+(allow keystore base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 credstore_service (service_manager (find)))
+(allow base_typeattr_254 credstore (binder (call transfer)))
+(allow credstore base_typeattr_254 (binder (transfer)))
+(allow base_typeattr_254 credstore (fd (use)))
+(allow credstore base_typeattr_254 (binder (call transfer)))
+(allow base_typeattr_254 credstore (binder (transfer)))
+(allow credstore base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 persistent_data_block_service (service_manager (find)))
+(allow base_typeattr_254 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_254 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_254 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_254 pdx_display_client_server_type (fd (use)))
+(allow pdx_display_client_server_type base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 pdx_display_manager_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 pdx_display_manager_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_254 pdx_display_manager_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_254 pdx_display_manager_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_254 pdx_display_manager_server_type (fd (use)))
+(allow pdx_display_manager_server_type base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 pdx_display_vsync_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 pdx_display_vsync_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_254 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_254 pdx_display_vsync_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_254 pdx_display_vsync_server_type (fd (use)))
+(allow pdx_display_vsync_server_type base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_254 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_254 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow base_typeattr_254 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_254 pdx_performance_client_server_type (fd (use)))
+(allow pdx_performance_client_server_type base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow base_typeattr_254 pdx_bufferhub_client_server_type (fd (use)))
+(allow pdx_bufferhub_client_server_type base_typeattr_254 (fd (use)))
+(allow base_typeattr_254 tun_device (chr_file (ioctl read write getattr append)))
+(allowx base_typeattr_254 tun_device (ioctl chr_file (0x54d2)))
(allow appdomain self (process (execmem)))
(allow appdomain ashmem_device (chr_file (execute)))
(allow appdomain ashmem_libcutils_device (chr_file (execute)))
@@ -9299,9 +9349,9 @@
(allow appdomain zygote (process (sigchld)))
(allow appdomain dalvikcache_data_file (dir (getattr search)))
(allow appdomain dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_252 rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_252 tmpfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_249 tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_255 rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_255 tmpfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_252 tmpfs (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain zygote (fifo_file (write)))
(allow appdomain shell (process (sigchld)))
(allow appdomain adbd (process (sigchld)))
@@ -9313,15 +9363,15 @@
(allow appdomain vold (fd (use)))
(allow appdomain appdomain (fifo_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow appdomain surfaceflinger (unix_stream_socket (read write getattr getopt setopt shutdown)))
-(allow base_typeattr_253 app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow base_typeattr_253 privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow base_typeattr_253 app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_253 privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allowx base_typeattr_253 app_data_file (ioctl file (0x6686)))
-(allowx base_typeattr_253 privapp_data_file (ioctl file (0x6686)))
-(allow base_typeattr_252 app_data_file (file (read write getattr map)))
-(allow base_typeattr_252 privapp_data_file (file (read write getattr map)))
-(allow base_typeattr_252 system_app_data_file (file (read write getattr map)))
+(allow base_typeattr_256 app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(allow base_typeattr_256 privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(allow base_typeattr_256 app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_256 privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allowx base_typeattr_256 app_data_file (ioctl file (0x6686)))
+(allowx base_typeattr_256 privapp_data_file (ioctl file (0x6686)))
+(allow base_typeattr_255 app_data_file (file (read write getattr map)))
+(allow base_typeattr_255 privapp_data_file (file (read write getattr map)))
+(allow base_typeattr_255 system_app_data_file (file (read write getattr map)))
(allow appdomain sdk_sandbox_data_file (file (read getattr)))
(allow appdomain mnt_expand_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain keychain_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -9329,15 +9379,15 @@
(allow appdomain keychain_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain misc_user_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain misc_user_data_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_254 textclassifier_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_254 textclassifier_data_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_254 textclassifier_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_257 textclassifier_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_257 textclassifier_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_257 textclassifier_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain oemfs (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain oemfs (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow appdomain system_file (file (getattr map execute execute_no_trans)))
(allow appdomain system_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain system_file (lnk_file (read getattr open)))
-(allow base_typeattr_254 vendor_file (dir (read open)))
+(allow base_typeattr_257 vendor_file (dir (read open)))
(allow appdomain vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow appdomain vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -9375,9 +9425,9 @@
(allow appdomain traced_producer_socket (sock_file (write)))
(allow appdomain traced (unix_stream_socket (connectto)))
(allow traced appdomain (fd (use)))
-(allow base_typeattr_254 gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_254 gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_254 sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_257 gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_257 gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_257 sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain servicemanager (binder (call transfer)))
(allow servicemanager appdomain (binder (call transfer)))
(allow appdomain binderservicedomain (binder (call transfer)))
@@ -9389,9 +9439,9 @@
(allow appdomain ephemeral_app (binder (call transfer)))
(allow ephemeral_app appdomain (binder (transfer)))
(allow appdomain ephemeral_app (fd (use)))
-(allow base_typeattr_254 gpuservice (binder (call transfer)))
-(allow gpuservice base_typeattr_254 (binder (transfer)))
-(allow base_typeattr_254 gpuservice (fd (use)))
+(allow base_typeattr_257 gpuservice (binder (call transfer)))
+(allow gpuservice base_typeattr_257 (binder (transfer)))
+(allow base_typeattr_257 gpuservice (fd (use)))
(allow appdomain hal_graphics_composer (fd (use)))
(allow appdomain appdomain (unix_stream_socket (read write getattr getopt shutdown)))
(allow appdomain backup_data_file (file (read write getattr map)))
@@ -9399,8 +9449,8 @@
(allow appdomain cache_backup_file (dir (getattr)))
(allow appdomain system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain system_data_file (file (read getattr map)))
-(allow base_typeattr_252 media_rw_data_file (file (read getattr)))
-(allow base_typeattr_254 radio_data_file (file (read write getattr)))
+(allow base_typeattr_255 media_rw_data_file (file (read getattr)))
+(allow base_typeattr_257 radio_data_file (file (read write getattr)))
(allow appdomain dalvikcache_data_file (file (execute)))
(allow appdomain dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain shared_relro_file (dir (search)))
@@ -9414,23 +9464,23 @@
(allow appdomain logd (unix_stream_socket (connectto)))
(allow appdomain zygote (unix_dgram_socket (write)))
(allow appdomain console_device (chr_file (read write)))
-(allowx base_typeattr_255 self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
-(allowx base_typeattr_255 self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
-(allowx base_typeattr_255 self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
-(allowx base_typeattr_255 self (ioctl tcp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
-(allowx base_typeattr_255 self (ioctl udp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
-(allowx base_typeattr_255 self (ioctl rawip_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
-(allowx base_typeattr_255 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
-(allowx base_typeattr_255 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
-(allowx base_typeattr_255 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
-(allow base_typeattr_254 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_254 dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_254 dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_254 hal_audio (fd (use)))
-(allow base_typeattr_254 hal_camera (fd (use)))
-(allow base_typeattr_254 hal_tv_tuner_server (fd (use)))
-(allow base_typeattr_254 hal_power_server (fd (use)))
-(allow base_typeattr_254 hal_renderscript_hwservice (hwservice_manager (find)))
+(allowx base_typeattr_258 self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
+(allowx base_typeattr_258 self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
+(allowx base_typeattr_258 self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
+(allowx base_typeattr_258 self (ioctl tcp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx base_typeattr_258 self (ioctl udp_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx base_typeattr_258 self (ioctl rawip_socket ((range 0x8906 0x8907) 0x8910 (range 0x8912 0x8913) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx base_typeattr_258 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx base_typeattr_258 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx base_typeattr_258 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f (range 0x8b11 0x8b13) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allow base_typeattr_257 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_257 dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_257 dmabuf_system_secure_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_257 hal_audio (fd (use)))
+(allow base_typeattr_257 hal_camera (fd (use)))
+(allow base_typeattr_257 hal_tv_tuner_server (fd (use)))
+(allow base_typeattr_257 hal_power_server (fd (use)))
+(allow base_typeattr_257 hal_renderscript_hwservice (hwservice_manager (find)))
(allow appdomain same_process_hal_file (file (read getattr map execute open)))
(allow appdomain proc_meminfo (file (ioctl read getattr lock map open watch watch_reads)))
(allow appdomain app_fuse_file (file (read write getattr append map)))
@@ -9444,96 +9494,96 @@
(allow appdomain audioserver_tmpfs (file (read write getattr map)))
(allow appdomain system_server_tmpfs (file (read write getattr map)))
(allow appdomain zygote_tmpfs (file (read map)))
-;;* lmx 522 system/sepolicy/private/app.te
+;;* lmx 524 system/sepolicy/private/app.te
-(neverallow base_typeattr_256 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
-(neverallow base_typeattr_256 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon checkpoint_restore bpf)))
-(neverallow base_typeattr_256 self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
-(neverallow base_typeattr_256 self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon checkpoint_restore bpf)))
+(neverallow base_typeattr_259 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow base_typeattr_259 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon checkpoint_restore bpf)))
+(neverallow base_typeattr_259 self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow base_typeattr_259 self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon checkpoint_restore bpf)))
;;* lme
-;;* lmx 525 system/sepolicy/private/app.te
+;;* lmx 527 system/sepolicy/private/app.te
(neverallow appdomain dev_type (blk_file (read write)))
;;* lme
-;;* lmx 528 system/sepolicy/private/app.te
+;;* lmx 530 system/sepolicy/private/app.te
(neverallow isolated_app graphics_device (chr_file (read write)))
(neverallow shell graphics_device (chr_file (read write)))
(neverallow untrusted_app graphics_device (chr_file (read write)))
;;* lme
-;;* lmx 531 system/sepolicy/private/app.te
-
-(neverallow base_typeattr_257 nfc_device (chr_file (read write)))
-;;* lme
-
;;* lmx 533 system/sepolicy/private/app.te
-(neverallow base_typeattr_255 hci_attach_dev (chr_file (read write)))
+(neverallow base_typeattr_260 nfc_device (chr_file (read write)))
;;* lme
-;;* lmx 534 system/sepolicy/private/app.te
+;;* lmx 535 system/sepolicy/private/app.te
+
+(neverallow base_typeattr_258 hci_attach_dev (chr_file (read write)))
+;;* lme
+
+;;* lmx 536 system/sepolicy/private/app.te
(neverallow appdomain tee_device (chr_file (read write)))
;;* lme
-;;* lmx 544 system/sepolicy/private/app.te
+;;* lmx 546 system/sepolicy/private/app.te
-(neverallow base_typeattr_258 domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow base_typeattr_258 domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow base_typeattr_258 domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow base_typeattr_258 domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow base_typeattr_258 domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow base_typeattr_261 domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow base_typeattr_261 domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow base_typeattr_261 domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow base_typeattr_261 domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow base_typeattr_261 domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
-;;* lmx 550 system/sepolicy/private/app.te
+;;* lmx 552 system/sepolicy/private/app.te
-(neverallow base_typeattr_258 domain (netlink_kobject_uevent_socket (write append)))
+(neverallow base_typeattr_261 domain (netlink_kobject_uevent_socket (write append)))
;;* lme
-;;* lmx 553 system/sepolicy/private/app.te
+;;* lmx 555 system/sepolicy/private/app.te
(neverallow appdomain socket_device (sock_file (write)))
;;* lme
-;;* lmx 556 system/sepolicy/private/app.te
+;;* lmx 558 system/sepolicy/private/app.te
(neverallow appdomain adbd_socket (sock_file (write)))
;;* lme
-;;* lmx 557 system/sepolicy/private/app.te
+;;* lmx 559 system/sepolicy/private/app.te
-(neverallow base_typeattr_259 rild_socket (sock_file (write)))
+(neverallow base_typeattr_262 rild_socket (sock_file (write)))
;;* lme
-;;* lmx 560 system/sepolicy/private/app.te
+;;* lmx 562 system/sepolicy/private/app.te
-(neverallow appdomain base_typeattr_260 (process (ptrace)))
+(neverallow appdomain base_typeattr_263 (process (ptrace)))
;;* lme
-;;* lmx 574 system/sepolicy/private/app.te
+;;* lmx 576 system/sepolicy/private/app.te
-(neverallow base_typeattr_261 appdomain (process (ptrace)))
+(neverallow base_typeattr_264 appdomain (process (ptrace)))
;;* lme
-;;* lmx 578 system/sepolicy/private/app.te
+;;* lmx 580 system/sepolicy/private/app.te
-(neverallow appdomain base_typeattr_260 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow appdomain base_typeattr_263 (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 579 system/sepolicy/private/app.te
+;;* lmx 581 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 base_typeattr_260 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_265 base_typeattr_263 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 588 system/sepolicy/private/app.te
+;;* lmx 590 system/sepolicy/private/app.te
-(neverallow appdomain base_typeattr_263 (process (sigkill sigstop signal)))
+(neverallow appdomain base_typeattr_266 (process (sigkill sigstop signal)))
;;* lme
-;;* lmx 592 system/sepolicy/private/app.te
+;;* lmx 594 system/sepolicy/private/app.te
(neverallow appdomain rootfs (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain rootfs (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9544,7 +9594,7 @@
(neverallow appdomain rootfs (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 596 system/sepolicy/private/app.te
+;;* lmx 598 system/sepolicy/private/app.te
(neverallow appdomain system_file_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain system_file_type (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9555,12 +9605,12 @@
(neverallow appdomain system_file_type (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 600 system/sepolicy/private/app.te
+;;* lmx 602 system/sepolicy/private/app.te
(neverallow appdomain exec_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 607 system/sepolicy/private/app.te
+;;* lmx 609 system/sepolicy/private/app.te
(neverallow appdomain system_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain system_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9571,7 +9621,7 @@
(neverallow appdomain system_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 611 system/sepolicy/private/app.te
+;;* lmx 613 system/sepolicy/private/app.te
(neverallow appdomain drm_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain drm_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9582,73 +9632,73 @@
(neverallow appdomain drm_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 614 system/sepolicy/private/app.te
+;;* lmx 616 system/sepolicy/private/app.te
-(neverallow base_typeattr_264 apk_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 617 system/sepolicy/private/app.te
+;;* lmx 619 system/sepolicy/private/app.te
-(neverallow base_typeattr_264 apk_private_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 620 system/sepolicy/private/app.te
+;;* lmx 622 system/sepolicy/private/app.te
-(neverallow base_typeattr_264 apk_private_tmp_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_tmp_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_tmp_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_tmp_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_tmp_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_tmp_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_private_tmp_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_private_tmp_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 623 system/sepolicy/private/app.te
+;;* lmx 625 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 shell_data_file (file (create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_262 shell_data_file (dir (create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_262 shell_data_file (lnk_file (create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_262 shell_data_file (chr_file (create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_262 shell_data_file (blk_file (create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_262 shell_data_file (sock_file (create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_262 shell_data_file (fifo_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (dir (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (lnk_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (chr_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (blk_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (sock_file (create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_265 shell_data_file (fifo_file (create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 626 system/sepolicy/private/app.te
+;;* lmx 628 system/sepolicy/private/app.te
-(neverallow base_typeattr_255 bluetooth_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_255 bluetooth_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_255 bluetooth_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_255 bluetooth_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_255 bluetooth_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_255 bluetooth_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_255 bluetooth_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_258 bluetooth_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 627 system/sepolicy/private/app.te
+;;* lmx 629 system/sepolicy/private/app.te
-(neverallow base_typeattr_265 credstore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_265 credstore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_265 credstore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_265 credstore_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_265 credstore_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_265 credstore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_265 credstore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_268 credstore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_268 credstore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_268 credstore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_268 credstore_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_268 credstore_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_268 credstore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_268 credstore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 630 system/sepolicy/private/app.te
+;;* lmx 632 system/sepolicy/private/app.te
(neverallow appdomain keystore_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain keystore_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9659,7 +9709,7 @@
(neverallow appdomain keystore_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 633 system/sepolicy/private/app.te
+;;* lmx 635 system/sepolicy/private/app.te
(neverallow appdomain systemkeys_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain systemkeys_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9670,7 +9720,7 @@
(neverallow appdomain systemkeys_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 636 system/sepolicy/private/app.te
+;;* lmx 638 system/sepolicy/private/app.te
(neverallow appdomain wifi_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain wifi_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9681,7 +9731,7 @@
(neverallow appdomain wifi_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 639 system/sepolicy/private/app.te
+;;* lmx 641 system/sepolicy/private/app.te
(neverallow appdomain dhcp_data_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
(neverallow appdomain dhcp_data_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
@@ -9692,18 +9742,18 @@
(neverallow appdomain dhcp_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 644 system/sepolicy/private/app.te
+;;* lmx 646 system/sepolicy/private/app.te
-(neverallow base_typeattr_264 apk_tmp_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_tmp_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_tmp_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_tmp_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_tmp_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_tmp_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow base_typeattr_264 apk_tmp_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_267 apk_tmp_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
;;* lme
-;;* lmx 647 system/sepolicy/private/app.te
+;;* lmx 649 system/sepolicy/private/app.te
(neverallow appdomain efs_file (file (write)))
(neverallow appdomain efs_file (dir (write)))
@@ -9714,30 +9764,30 @@
(neverallow appdomain efs_file (fifo_file (write)))
;;* lme
-;;* lmx 648 system/sepolicy/private/app.te
+;;* lmx 650 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 efs_file (file (read)))
-(neverallow base_typeattr_262 efs_file (dir (read)))
-(neverallow base_typeattr_262 efs_file (lnk_file (read)))
-(neverallow base_typeattr_262 efs_file (chr_file (read)))
-(neverallow base_typeattr_262 efs_file (blk_file (read)))
-(neverallow base_typeattr_262 efs_file (sock_file (read)))
-(neverallow base_typeattr_262 efs_file (fifo_file (read)))
-;;* lme
-
-;;* lmx 652 system/sepolicy/private/app.te
-
-(neverallow base_typeattr_266 sysfs (file (write)))
-(neverallow base_typeattr_266 sysfs (dir (write)))
-(neverallow base_typeattr_266 sysfs (lnk_file (write)))
-(neverallow base_typeattr_266 sysfs (chr_file (write)))
-(neverallow base_typeattr_266 sysfs (blk_file (write)))
-(neverallow base_typeattr_266 sysfs (sock_file (write)))
-(neverallow base_typeattr_266 sysfs (fifo_file (write)))
+(neverallow base_typeattr_265 efs_file (file (read)))
+(neverallow base_typeattr_265 efs_file (dir (read)))
+(neverallow base_typeattr_265 efs_file (lnk_file (read)))
+(neverallow base_typeattr_265 efs_file (chr_file (read)))
+(neverallow base_typeattr_265 efs_file (blk_file (read)))
+(neverallow base_typeattr_265 efs_file (sock_file (read)))
+(neverallow base_typeattr_265 efs_file (fifo_file (read)))
;;* lme
;;* lmx 654 system/sepolicy/private/app.te
+(neverallow base_typeattr_269 sysfs (file (write)))
+(neverallow base_typeattr_269 sysfs (dir (write)))
+(neverallow base_typeattr_269 sysfs (lnk_file (write)))
+(neverallow base_typeattr_269 sysfs (chr_file (write)))
+(neverallow base_typeattr_269 sysfs (blk_file (write)))
+(neverallow base_typeattr_269 sysfs (sock_file (write)))
+(neverallow base_typeattr_269 sysfs (fifo_file (write)))
+;;* lme
+
+;;* lmx 656 system/sepolicy/private/app.te
+
(neverallow appdomain proc (file (write)))
(neverallow appdomain proc (dir (write)))
(neverallow appdomain proc (lnk_file (write)))
@@ -9747,27 +9797,27 @@
(neverallow appdomain proc (fifo_file (write)))
;;* lme
-;;* lmx 657 system/sepolicy/private/app.te
+;;* lmx 659 system/sepolicy/private/app.te
(neverallow appdomain kernel (system (syslog_read syslog_mod syslog_console)))
;;* lme
-;;* lmx 660 system/sepolicy/private/app.te
+;;* lmx 662 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 base_typeattr_236 (security (compute_av check_context)))
+(neverallow base_typeattr_265 base_typeattr_239 (security (compute_av check_context)))
;;* lme
-;;* lmx 661 system/sepolicy/private/app.te
+;;* lmx 663 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 base_typeattr_236 (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow base_typeattr_265 base_typeattr_239 (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
-;;* lmx 665 system/sepolicy/private/app.te
+;;* lmx 667 system/sepolicy/private/app.te
(neverallow appdomain fs_type (filesystem (mount remount unmount relabelfrom relabelto associate quotamod quotaget watch)))
;;* lme
-;;* lmx 676 system/sepolicy/private/app.te
+;;* lmx 678 system/sepolicy/private/app.te
(neverallow appdomain dev_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
(neverallow appdomain rootfs (lnk_file (write create setattr relabelfrom append unlink link rename)))
@@ -9778,17 +9828,17 @@
(neverallow appdomain cache_recovery_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 682 system/sepolicy/private/app.te
+;;* lmx 684 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 input_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_265 input_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 690 system/sepolicy/private/app.te
+;;* lmx 692 system/sepolicy/private/app.te
-(neverallow base_typeattr_267 bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(neverallow base_typeattr_267 bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(neverallow base_typeattr_267 bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(neverallow base_typeattr_267 exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(neverallow base_typeattr_270 bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(neverallow base_typeattr_270 bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(neverallow base_typeattr_270 bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(neverallow base_typeattr_270 exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
;;* lme
(allow system_app property_socket (sock_file (write)))
@@ -9799,53 +9849,53 @@
(allow system_app init (unix_stream_socket (connectto)))
(allow system_app radio_control_prop (property_service (set)))
(allow system_app radio_control_prop (file (read getattr map open)))
-;;* lmx 699 system/sepolicy/private/app.te
+;;* lmx 701 system/sepolicy/private/app.te
(neverallow appdomain proc_uid_time_in_state (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 702 system/sepolicy/private/app.te
+;;* lmx 704 system/sepolicy/private/app.te
(neverallow appdomain proc_uid_concurrent_active_time (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 705 system/sepolicy/private/app.te
+;;* lmx 707 system/sepolicy/private/app.te
(neverallow appdomain proc_uid_concurrent_policy_time (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 708 system/sepolicy/private/app.te
+;;* lmx 710 system/sepolicy/private/app.te
(neverallow appdomain proc_uid_cpupower (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 713 system/sepolicy/private/app.te
+;;* lmx 715 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 proc_net_tcp_udp (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-;;* lme
-
-;;* lmx 721 system/sepolicy/private/app.te
-
-(neverallow appdomain system_bootstrap_lib_file (file (read write append map execute open execute_no_trans)))
+(neverallow base_typeattr_265 proc_net_tcp_udp (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 723 system/sepolicy/private/app.te
+(neverallow appdomain system_bootstrap_lib_file (file (read write append map execute open execute_no_trans)))
+;;* lme
+
+;;* lmx 725 system/sepolicy/private/app.te
+
(neverallow appdomain system_bootstrap_lib_file (dir (read getattr open search)))
;;* lme
-;;* lmx 742 system/sepolicy/private/app.te
+;;* lmx 744 system/sepolicy/private/app.te
-(neverallow isolated_app_all base_typeattr_268 (file (execute execute_no_trans)))
-(neverallow bluetooth base_typeattr_268 (file (execute execute_no_trans)))
-(neverallow nfc base_typeattr_268 (file (execute execute_no_trans)))
-(neverallow radio base_typeattr_268 (file (execute execute_no_trans)))
-(neverallow shared_relro base_typeattr_268 (file (execute execute_no_trans)))
-(neverallow system_app base_typeattr_268 (file (execute execute_no_trans)))
-(neverallow sdk_sandbox_all base_typeattr_268 (file (execute execute_no_trans)))
+(neverallow isolated_app_all base_typeattr_271 (file (execute execute_no_trans)))
+(neverallow bluetooth base_typeattr_271 (file (execute execute_no_trans)))
+(neverallow nfc base_typeattr_271 (file (execute execute_no_trans)))
+(neverallow radio base_typeattr_271 (file (execute execute_no_trans)))
+(neverallow shared_relro base_typeattr_271 (file (execute execute_no_trans)))
+(neverallow system_app base_typeattr_271 (file (execute execute_no_trans)))
+(neverallow sdk_sandbox_all base_typeattr_271 (file (execute execute_no_trans)))
;;* lme
-;;* lmx 751 system/sepolicy/private/app.te
+;;* lmx 753 system/sepolicy/private/app.te
(neverallow appdomain audio_device (chr_file (read write)))
(neverallow appdomain camera_device (chr_file (read write)))
@@ -9854,50 +9904,50 @@
(neverallow appdomain rpmsg_device (chr_file (read write)))
;;* lme
-;;* lmx 758 system/sepolicy/private/app.te
+;;* lmx 760 system/sepolicy/private/app.te
-(neverallow base_typeattr_269 video_device (chr_file (read write)))
+(neverallow base_typeattr_272 video_device (chr_file (read write)))
;;* lme
-;;* lmx 770 system/sepolicy/private/app.te
+;;* lmx 772 system/sepolicy/private/app.te
-(neverallow base_typeattr_270 apk_data_file (dir (watch watch_reads)))
+(neverallow base_typeattr_273 apk_data_file (dir (watch watch_reads)))
;;* lme
-;;* lmx 778 system/sepolicy/private/app.te
+;;* lmx 780 system/sepolicy/private/app.te
-(neverallow base_typeattr_270 apk_data_file (file (watch watch_reads)))
+(neverallow base_typeattr_273 apk_data_file (file (watch watch_reads)))
;;* lme
-;;* lmx 782 system/sepolicy/private/app.te
+;;* lmx 784 system/sepolicy/private/app.te
(neverallow appdomain system_server (udp_socket (ioctl create setattr lock relabelfrom relabelto append bind listen accept shutdown name_bind)))
;;* lme
-;;* lmx 791 system/sepolicy/private/app.te
-
-(neverallow base_typeattr_262 base_typeattr_271 (process (transition)))
-;;* lme
-
;;* lmx 793 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 base_typeattr_260 (process (dyntransition)))
+(neverallow base_typeattr_265 base_typeattr_274 (process (transition)))
;;* lme
-;;* lmx 796 system/sepolicy/private/app.te
+;;* lmx 795 system/sepolicy/private/app.te
-(neverallow base_typeattr_272 storage_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_265 base_typeattr_263 (process (dyntransition)))
+;;* lme
+
+;;* lmx 798 system/sepolicy/private/app.te
+
+(neverallow base_typeattr_275 storage_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit appdomain system_font_fallback_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lmx 800 system/sepolicy/private/app.te
+;;* lmx 802 system/sepolicy/private/app.te
(neverallow appdomain system_font_fallback_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 802 system/sepolicy/private/app.te
+;;* lmx 804 system/sepolicy/private/app.te
-(neverallow base_typeattr_262 tombstone_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_265 tombstone_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 20 system/sepolicy/private/app_neverallows.te
@@ -9950,18 +10000,18 @@
;;* lmx 30 system/sepolicy/private/app_neverallows.te
-(neverallow untrusted_app_all base_typeattr_273 (file (read)))
-(neverallow isolated_app_all base_typeattr_273 (file (read)))
-(neverallow ephemeral_app base_typeattr_273 (file (read)))
-(neverallow isolated_app base_typeattr_273 (file (read)))
-(neverallow isolated_compute_app base_typeattr_273 (file (read)))
-(neverallow mediaprovider base_typeattr_273 (file (read)))
-(neverallow untrusted_app base_typeattr_273 (file (read)))
-(neverallow untrusted_app_30 base_typeattr_273 (file (read)))
-(neverallow untrusted_app_29 base_typeattr_273 (file (read)))
-(neverallow untrusted_app_27 base_typeattr_273 (file (read)))
-(neverallow untrusted_app_25 base_typeattr_273 (file (read)))
-(neverallow mediaprovider_app base_typeattr_273 (file (read)))
+(neverallow untrusted_app_all base_typeattr_276 (file (read)))
+(neverallow isolated_app_all base_typeattr_276 (file (read)))
+(neverallow ephemeral_app base_typeattr_276 (file (read)))
+(neverallow isolated_app base_typeattr_276 (file (read)))
+(neverallow isolated_compute_app base_typeattr_276 (file (read)))
+(neverallow mediaprovider base_typeattr_276 (file (read)))
+(neverallow untrusted_app base_typeattr_276 (file (read)))
+(neverallow untrusted_app_30 base_typeattr_276 (file (read)))
+(neverallow untrusted_app_29 base_typeattr_276 (file (read)))
+(neverallow untrusted_app_27 base_typeattr_276 (file (read)))
+(neverallow untrusted_app_25 base_typeattr_276 (file (read)))
+(neverallow mediaprovider_app base_typeattr_276 (file (read)))
;;* lme
;;* lmx 31 system/sepolicy/private/app_neverallows.te
@@ -10042,17 +10092,17 @@
;;* lmx 44 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_274 property_socket (sock_file (write)))
+(neverallow base_typeattr_277 property_socket (sock_file (write)))
;;* lme
;;* lmx 45 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_274 init (unix_stream_socket (connectto)))
+(neverallow base_typeattr_277 init (unix_stream_socket (connectto)))
;;* lme
;;* lmx 46 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_274 property_type (property_service (set)))
+(neverallow base_typeattr_277 property_type (property_service (set)))
;;* lme
;;* lmx 49 system/sepolicy/private/app_neverallows.te
@@ -10281,13 +10331,13 @@
;;* lmx 73 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_275 app_data_file (file (execute_no_trans)))
-(neverallow base_typeattr_275 privapp_data_file (file (execute_no_trans)))
+(neverallow base_typeattr_278 app_data_file (file (execute_no_trans)))
+(neverallow base_typeattr_278 privapp_data_file (file (execute_no_trans)))
;;* lme
;;* lmx 97 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_276 dex2oat_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_279 dex2oat_exec (file (execute execute_no_trans)))
;;* lme
;;* lmx 107 system/sepolicy/private/app_neverallows.te
@@ -10528,626 +10578,626 @@
;;* lmx 129 system/sepolicy/private/app_neverallows.te
-(neverallow untrusted_app_all base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow isolated_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow isolated_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow mediaprovider base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow mediaprovider base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow untrusted_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow untrusted_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_selinux_socket (ioctl)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow isolated_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow isolated_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow mediaprovider base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow mediaprovider base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow untrusted_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow untrusted_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_selinux_socket (ioctl)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
;;* lme
;;* lmx 142 system/sepolicy/private/app_neverallows.te
-(neverallow untrusted_app_all base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow untrusted_app_all base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_all base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow isolated_app_all base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow ephemeral_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow isolated_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow isolated_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow isolated_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow isolated_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow isolated_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow isolated_compute_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow mediaprovider base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow mediaprovider base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow mediaprovider base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow mediaprovider base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow mediaprovider base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow untrusted_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow untrusted_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow untrusted_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow untrusted_app_30 base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow untrusted_app_29 base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow untrusted_app_27 base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow untrusted_app_25 base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow mediaprovider_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow untrusted_app_all base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow isolated_app_all base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow ephemeral_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow isolated_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow isolated_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow isolated_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow isolated_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow isolated_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow isolated_compute_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow mediaprovider base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow mediaprovider base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow mediaprovider base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow mediaprovider base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow mediaprovider base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow untrusted_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow untrusted_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow untrusted_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow untrusted_app_30 base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow untrusted_app_29 base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow untrusted_app_27 base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow untrusted_app_25 base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow mediaprovider_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
;;* lmx 147 system/sepolicy/private/app_neverallows.te
-(neverallow untrusted_app_all base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app_all base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow ephemeral_app base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_app base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow isolated_compute_app base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_30 base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_29 base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_27 base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow untrusted_app_25 base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
-(neverallow mediaprovider_app base_typeattr_236 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_all base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app_all base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow ephemeral_app base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_app base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow isolated_compute_app base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_30 base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_29 base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_27 base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow untrusted_app_25 base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
+(neverallow mediaprovider_app base_typeattr_239 (vsock_socket (ioctl create setattr lock relabelfrom relabelto append map bind connect listen accept setopt shutdown recvfrom sendto name_bind)))
;;* lme
;;* lmx 150 system/sepolicy/private/app_neverallows.te
@@ -11173,35 +11223,35 @@
;;* lmx 160 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_277 domain (netlink_route_socket (nlmsg_getneigh)))
+(neverallow base_typeattr_280 domain (netlink_route_socket (nlmsg_getneigh)))
;;* lme
;;* lmx 163 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_274 cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_274 cache_recovery_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_277 cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_277 cache_recovery_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 164 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_274 cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_274 cache_recovery_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_277 cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_277 cache_recovery_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 187 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_274 base_typeattr_278 (file (create unlink)))
-(neverallow base_typeattr_274 base_typeattr_278 (dir (create unlink)))
-(neverallow base_typeattr_274 base_typeattr_278 (lnk_file (create unlink)))
-(neverallow base_typeattr_274 base_typeattr_278 (chr_file (create unlink)))
-(neverallow base_typeattr_274 base_typeattr_278 (blk_file (create unlink)))
-(neverallow base_typeattr_274 base_typeattr_278 (sock_file (create unlink)))
-(neverallow base_typeattr_274 base_typeattr_278 (fifo_file (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (file (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (dir (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (lnk_file (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (chr_file (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (blk_file (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (sock_file (create unlink)))
+(neverallow base_typeattr_277 base_typeattr_281 (fifo_file (create unlink)))
;;* lme
;;* lmx 190 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_279 fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_282 fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 193 system/sepolicy/private/app_neverallows.te
@@ -11458,7 +11508,7 @@
;;* lmx 224 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_279 proc_filesystems (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
+(neverallow base_typeattr_282 proc_filesystems (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
;;* lme
;;* lmx 227 system/sepolicy/private/app_neverallows.te
@@ -11511,18 +11561,18 @@
;;* lmx 238 system/sepolicy/private/app_neverallows.te
-(neverallow untrusted_app_all base_typeattr_236 (hwservice_manager (add list)))
-(neverallow isolated_app_all base_typeattr_236 (hwservice_manager (add list)))
-(neverallow ephemeral_app base_typeattr_236 (hwservice_manager (add list)))
-(neverallow isolated_app base_typeattr_236 (hwservice_manager (add list)))
-(neverallow isolated_compute_app base_typeattr_236 (hwservice_manager (add list)))
-(neverallow mediaprovider base_typeattr_236 (hwservice_manager (add list)))
-(neverallow untrusted_app base_typeattr_236 (hwservice_manager (add list)))
-(neverallow untrusted_app_30 base_typeattr_236 (hwservice_manager (add list)))
-(neverallow untrusted_app_29 base_typeattr_236 (hwservice_manager (add list)))
-(neverallow untrusted_app_27 base_typeattr_236 (hwservice_manager (add list)))
-(neverallow untrusted_app_25 base_typeattr_236 (hwservice_manager (add list)))
-(neverallow mediaprovider_app base_typeattr_236 (hwservice_manager (add list)))
+(neverallow untrusted_app_all base_typeattr_239 (hwservice_manager (add list)))
+(neverallow isolated_app_all base_typeattr_239 (hwservice_manager (add list)))
+(neverallow ephemeral_app base_typeattr_239 (hwservice_manager (add list)))
+(neverallow isolated_app base_typeattr_239 (hwservice_manager (add list)))
+(neverallow isolated_compute_app base_typeattr_239 (hwservice_manager (add list)))
+(neverallow mediaprovider base_typeattr_239 (hwservice_manager (add list)))
+(neverallow untrusted_app base_typeattr_239 (hwservice_manager (add list)))
+(neverallow untrusted_app_30 base_typeattr_239 (hwservice_manager (add list)))
+(neverallow untrusted_app_29 base_typeattr_239 (hwservice_manager (add list)))
+(neverallow untrusted_app_27 base_typeattr_239 (hwservice_manager (add list)))
+(neverallow untrusted_app_25 base_typeattr_239 (hwservice_manager (add list)))
+(neverallow mediaprovider_app base_typeattr_239 (hwservice_manager (add list)))
;;* lme
;;* lmx 253 system/sepolicy/private/app_neverallows.te
@@ -11575,7 +11625,7 @@
;;* lmx 264 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_280 proc_tty_drivers (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_283 proc_tty_drivers (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
;;* lmx 265 system/sepolicy/private/app_neverallows.te
@@ -11628,7 +11678,7 @@
;;* lmx 277 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_276 mnt_sdcard_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_279 mnt_sdcard_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 280 system/sepolicy/private/app_neverallows.te
@@ -11665,17 +11715,17 @@
;;* lmx 293 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_281 userdebug_or_eng_prop (file (read)))
+(neverallow base_typeattr_284 userdebug_or_eng_prop (file (read)))
;;* lme
;;* lmx 307 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_282 mdnsd_socket (sock_file (write)))
+(neverallow base_typeattr_285 mdnsd_socket (sock_file (write)))
;;* lme
;;* lmx 315 system/sepolicy/private/app_neverallows.te
-(neverallow base_typeattr_282 mdnsd (unix_stream_socket (connectto)))
+(neverallow base_typeattr_285 mdnsd (unix_stream_socket (connectto)))
;;* lme
;;* lmx 321 system/sepolicy/private/app_neverallows.te
@@ -11747,7 +11797,7 @@
(dontaudit su app_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 63 system/sepolicy/private/app_zygote.te
-(neverallow base_typeattr_283 app_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_286 app_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow app_zygote apex_module_data_file (dir (search)))
@@ -11772,22 +11822,22 @@
(allow app_zygote resourcecache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
;;* lmx 105 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_284 (process (dyntransition)))
+(neverallow app_zygote base_typeattr_287 (process (dyntransition)))
;;* lme
;;* lmx 108 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_285 (process (transition)))
+(neverallow app_zygote base_typeattr_288 (process (transition)))
;;* lme
;;* lmx 112 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_236 (file (execute_no_trans)))
+(neverallow app_zygote base_typeattr_239 (file (execute_no_trans)))
;;* lme
;;* lmx 116 system/sepolicy/private/app_zygote.te
-(neverallow base_typeattr_286 app_zygote (process (dyntransition)))
+(neverallow base_typeattr_289 app_zygote (process (dyntransition)))
;;* lme
;;* lmx 119 system/sepolicy/private/app_zygote.te
@@ -11807,7 +11857,7 @@
;;* lmx 129 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_287 (service_manager (find)))
+(neverallow app_zygote base_typeattr_290 (service_manager (find)))
;;* lme
;;* lmx 132 system/sepolicy/private/app_zygote.te
@@ -11884,17 +11934,17 @@
;;* lmx 163 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_288 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow app_zygote base_typeattr_291 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
;;* lmx 170 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_289 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(neverallow app_zygote base_typeattr_292 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
;;* lme
;;* lmx 173 system/sepolicy/private/app_zygote.te
-(neverallow app_zygote base_typeattr_236 (process (ptrace)))
+(neverallow app_zygote base_typeattr_239 (process (ptrace)))
;;* lme
;;* lmx 182 system/sepolicy/private/app_zygote.te
@@ -11938,13 +11988,13 @@
(allow artd artd_service (service_manager (add find)))
;;* lmx 12 system/sepolicy/private/artd.te
-(neverallow base_typeattr_290 artd_service (service_manager (add)))
+(neverallow base_typeattr_293 artd_service (service_manager (add)))
;;* lme
(allow artd artd_pre_reboot_service (service_manager (add find)))
;;* lmx 13 system/sepolicy/private/artd.te
-(neverallow base_typeattr_290 artd_pre_reboot_service (service_manager (add)))
+(neverallow base_typeattr_293 artd_pre_reboot_service (service_manager (add)))
;;* lme
(allow artd dumpstate (fifo_file (write getattr)))
@@ -11964,7 +12014,7 @@
(dontaudit su artd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 35 system/sepolicy/private/artd.te
-(neverallow base_typeattr_290 artd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_293 artd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow artd mnt_expand_file (dir (getattr search)))
@@ -12062,12 +12112,12 @@
(allow artd pre_reboot_dexopt_artd_file (dir (mounton)))
;;* lmx 189 system/sepolicy/private/artd.te
-(neverallow artd base_typeattr_291 (file (execute_no_trans)))
+(neverallow artd base_typeattr_294 (file (execute_no_trans)))
;;* lme
;;* lmx 193 system/sepolicy/private/artd.te
-(neverallow artd base_typeattr_292 (process (transition)))
+(neverallow artd base_typeattr_295 (process (transition)))
;;* lme
;;* lmx 200 system/sepolicy/private/artd.te
@@ -12077,7 +12127,7 @@
;;* lmx 201 system/sepolicy/private/artd.te
-(neverallow artd_subprocess_type base_typeattr_292 (process (transition)))
+(neverallow artd_subprocess_type base_typeattr_295 (process (transition)))
;;* lme
(allow atrace boottrace_data_file (dir (search)))
@@ -12091,7 +12141,7 @@
(allow atrace init (unix_stream_socket (connectto)))
(allow atrace debug_prop (property_service (set)))
(allow atrace debug_prop (file (read getattr map open)))
-(allow atrace base_typeattr_293 (service_manager (find)))
+(allow atrace base_typeattr_296 (service_manager (find)))
(allow atrace servicemanager (service_manager (list)))
(allow atrace servicemanager (binder (call transfer)))
(allow servicemanager atrace (binder (call transfer)))
@@ -12131,7 +12181,7 @@
(allow audioserver audioserver_service (service_manager (add find)))
;;* lmx 32 system/sepolicy/private/audioserver.te
-(neverallow base_typeattr_294 audioserver_service (service_manager (add)))
+(neverallow base_typeattr_297 audioserver_service (service_manager (add)))
;;* lme
(allow audioserver activity_service (service_manager (find)))
@@ -12225,7 +12275,7 @@
(allow automotive_display_service hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 8 system/sepolicy/private/automotive_display_service.te
-(neverallow base_typeattr_295 fwk_automotive_display_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_298 fwk_automotive_display_hwservice (hwservice_manager (add)))
;;* lme
(allow init automotive_display_service_exec (file (read getattr map execute open)))
@@ -12250,7 +12300,7 @@
(allow automotive_display_service fwk_automotive_display_service (service_manager (add find)))
;;* lmx 41 system/sepolicy/private/automotive_display_service.te
-(neverallow base_typeattr_295 fwk_automotive_display_service (service_manager (add)))
+(neverallow base_typeattr_298 fwk_automotive_display_service (service_manager (add)))
;;* lme
(allow automotive_display_service hal_evs (binder (call transfer)))
@@ -12313,17 +12363,17 @@
(allow blkid blkid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
;;* lmx 21 system/sepolicy/private/blkid.te
-(neverallow base_typeattr_296 blkid (process (transition)))
+(neverallow base_typeattr_299 blkid (process (transition)))
;;* lme
;;* lmx 22 system/sepolicy/private/blkid.te
-(neverallow base_typeattr_236 blkid (process (dyntransition)))
+(neverallow base_typeattr_239 blkid (process (dyntransition)))
;;* lme
;;* lmx 23 system/sepolicy/private/blkid.te
-(neverallow blkid base_typeattr_297 (file (entrypoint)))
+(neverallow blkid base_typeattr_300 (file (entrypoint)))
;;* lme
(allow blkid_untrusted block_device (dir (search)))
@@ -12347,17 +12397,17 @@
;;* lmx 36 system/sepolicy/private/blkid_untrusted.te
-(neverallow base_typeattr_296 blkid_untrusted (process (transition)))
+(neverallow base_typeattr_299 blkid_untrusted (process (transition)))
;;* lme
;;* lmx 37 system/sepolicy/private/blkid_untrusted.te
-(neverallow base_typeattr_236 blkid_untrusted (process (dyntransition)))
+(neverallow base_typeattr_239 blkid_untrusted (process (dyntransition)))
;;* lme
;;* lmx 38 system/sepolicy/private/blkid_untrusted.te
-(neverallow blkid_untrusted base_typeattr_297 (file (entrypoint)))
+(neverallow blkid_untrusted base_typeattr_300 (file (entrypoint)))
;;* lme
(typetransition bluetooth tmpfs file appdomain_tmpfs)
@@ -12365,23 +12415,23 @@
(dontaudit su bluetooth_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 5 system/sepolicy/private/bluetooth.te
-(neverallow base_typeattr_298 bluetooth_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_301 bluetooth_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow bluetooth appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 5 system/sepolicy/private/bluetooth.te
-(neverallow base_typeattr_299 base_typeattr_298 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_302 base_typeattr_301 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 5 system/sepolicy/private/bluetooth.te
-(neverallow base_typeattr_300 bluetooth (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_303 bluetooth (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 5 system/sepolicy/private/bluetooth.te
-(neverallow base_typeattr_301 bluetooth (process (ptrace)))
+(neverallow base_typeattr_304 bluetooth (process (ptrace)))
;;* lme
(typetransition bluetooth bluetooth_data_file sock_file bluetooth_socket)
@@ -12434,7 +12484,7 @@
(allow bluetooth binder_cache_bluetooth_server_prop (file (read getattr map open)))
;;* lmx 55 system/sepolicy/private/bluetooth.te
-(neverallow base_typeattr_302 binder_cache_bluetooth_server_prop (property_service (set)))
+(neverallow base_typeattr_305 binder_cache_bluetooth_server_prop (property_service (set)))
;;* lme
(allow bluetooth property_socket (sock_file (write)))
@@ -12565,13 +12615,13 @@
(allow bootstat statsd (unix_dgram_socket (sendto)))
;;* lmx 44 system/sepolicy/private/bootstat.te
-(neverallow base_typeattr_303 system_boot_reason_prop (property_service (set)))
+(neverallow base_typeattr_306 system_boot_reason_prop (property_service (set)))
;;* lme
;;* lmx 57 system/sepolicy/private/bootstat.te
-(neverallow base_typeattr_304 bootloader_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
-(neverallow base_typeattr_304 last_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_307 bootloader_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_307 last_boot_reason_prop (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
;;* lmx 59 system/sepolicy/private/bootstat.te
@@ -12582,8 +12632,8 @@
;;* lmx 66 system/sepolicy/private/bootstat.te
-(neverallow base_typeattr_305 bootloader_boot_reason_prop (property_service (set)))
-(neverallow base_typeattr_305 last_boot_reason_prop (property_service (set)))
+(neverallow base_typeattr_308 bootloader_boot_reason_prop (property_service (set)))
+(neverallow base_typeattr_308 last_boot_reason_prop (property_service (set)))
;;* lme
;;* lmx 68 system/sepolicy/private/bootstat.te
@@ -12611,23 +12661,23 @@
(allow vendor_boringssl_self_test kmsg_debug_device (chr_file (ioctl write getattr lock append map open)))
;;* lmx 66 system/sepolicy/private/boringssl_self_test.te
-(neverallow base_typeattr_306 boringssl_self_test_marker (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_309 boringssl_self_test_marker (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 74 system/sepolicy/private/boringssl_self_test.te
-(neverallow base_typeattr_306 boringssl_self_test_marker (dir (write)))
+(neverallow base_typeattr_309 boringssl_self_test_marker (dir (write)))
;;* lme
;;* lmx 10 system/sepolicy/private/bpfdomain.te
-(neverallow base_typeattr_307 self (capability (net_admin net_raw)))
-(neverallow base_typeattr_307 self (cap_userns (net_admin net_raw)))
+(neverallow base_typeattr_310 self (capability (net_admin net_raw)))
+(neverallow base_typeattr_310 self (cap_userns (net_admin net_raw)))
;;* lme
;;* lmx 13 system/sepolicy/private/bpfdomain.te
-(neverallow base_typeattr_308 base_typeattr_236 (bpf (map_create map_read map_write prog_load prog_run)))
+(neverallow base_typeattr_311 base_typeattr_239 (bpf (map_create map_read map_write prog_load prog_run)))
;;* lme
(allow bpfdomain fs_bpf (dir (search)))
@@ -12637,7 +12687,7 @@
(allow bpfloader bpffs_type (dir (read write create setattr open add_name remove_name search)))
(allow bpfloader bpffs_type (file (read create getattr setattr rename)))
(allow bpfloader bpffs_type (lnk_file (read create getattr)))
-(allow base_typeattr_309 fs_bpf (filesystem (associate)))
+(allow base_typeattr_312 fs_bpf (filesystem (associate)))
(allow bpfloader self (bpf (map_create map_read map_write prog_load prog_run)))
(allow bpfloader self (capability (chown net_admin sys_admin)))
(allow bpfloader sysfs_fs_fuse_bpf (file (ioctl read getattr lock map open watch watch_reads)))
@@ -12654,7 +12704,7 @@
;;* lmx 33 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 bpffs_type (dir (read write create setattr open add_name remove_name)))
+(neverallow base_typeattr_313 bpffs_type (dir (read write create setattr open add_name remove_name)))
;;* lme
;;* lmx 35 system/sepolicy/private/bpfloader.te
@@ -12664,99 +12714,99 @@
;;* lmx 36 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 bpffs_type (file (create setattr map rename open)))
+(neverallow base_typeattr_313 bpffs_type (file (create setattr map rename open)))
;;* lme
;;* lmx 37 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_311 fs_bpf (file (read getattr)))
+(neverallow base_typeattr_314 fs_bpf (file (read getattr)))
;;* lme
;;* lmx 38 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 fs_bpf_loader (file (read getattr)))
+(neverallow base_typeattr_313 fs_bpf_loader (file (read getattr)))
;;* lme
;;* lmx 39 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_312 fs_bpf_net_private (file (read getattr)))
+(neverallow base_typeattr_315 fs_bpf_net_private (file (read getattr)))
;;* lme
;;* lmx 40 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_313 fs_bpf_net_shared (file (read getattr)))
+(neverallow base_typeattr_316 fs_bpf_net_shared (file (read getattr)))
;;* lme
;;* lmx 41 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_314 fs_bpf_netd_readonly (file (read getattr)))
+(neverallow base_typeattr_317 fs_bpf_netd_readonly (file (read getattr)))
;;* lme
;;* lmx 42 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_315 fs_bpf_netd_shared (file (read getattr)))
+(neverallow base_typeattr_318 fs_bpf_netd_shared (file (read getattr)))
;;* lme
;;* lmx 43 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_312 fs_bpf_tethering (file (read getattr)))
+(neverallow base_typeattr_315 fs_bpf_tethering (file (read getattr)))
;;* lme
;;* lmx 44 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_316 fs_bpf_uprobestats (file (read getattr)))
+(neverallow base_typeattr_319 fs_bpf_uprobestats (file (read getattr)))
;;* lme
;;* lmx 45 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_317 base_typeattr_318 (file (write)))
+(neverallow base_typeattr_320 base_typeattr_321 (file (write)))
;;* lme
;;* lmx 47 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 bpffs_type (lnk_file (ioctl write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_313 bpffs_type (lnk_file (ioctl write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 48 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_308 bpffs_type (lnk_file (read)))
+(neverallow base_typeattr_311 bpffs_type (lnk_file (read)))
;;* lme
;;* lmx 50 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 base_typeattr_236 (bpf (prog_load)))
+(neverallow base_typeattr_313 base_typeattr_239 (bpf (prog_load)))
;;* lme
;;* lmx 51 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_308 base_typeattr_236 (bpf (map_create map_read map_write prog_run)))
+(neverallow base_typeattr_311 base_typeattr_239 (bpf (map_create map_read map_write prog_run)))
;;* lme
;;* lmx 54 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 fs_bpf_loader (bpf (map_create map_read map_write prog_load prog_run)))
+(neverallow base_typeattr_313 fs_bpf_loader (bpf (map_create map_read map_write prog_load prog_run)))
;;* lme
;;* lmx 55 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 fs_bpf_loader (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_313 fs_bpf_loader (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 57 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_319 bpfloader_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_322 bpfloader_exec (file (execute execute_no_trans)))
;;* lme
;;* lmx 59 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_320 fs_bpf_vendor (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_323 fs_bpf_vendor (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 61 system/sepolicy/private/bpfloader.te
-(neverallow bpfloader base_typeattr_236 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
-(neverallow bpfloader base_typeattr_236 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
-(neverallow bpfloader base_typeattr_236 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow bpfloader base_typeattr_239 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow bpfloader base_typeattr_239 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow bpfloader base_typeattr_239 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
;;* lme
;;* lmx 64 system/sepolicy/private/bpfloader.te
@@ -12766,7 +12816,7 @@
;;* lmx 66 system/sepolicy/private/bpfloader.te
-(neverallow base_typeattr_310 proc_bpf (file (write)))
+(neverallow base_typeattr_313 proc_bpf (file (write)))
;;* lme
(allow init bufferhubd_exec (file (read getattr map execute open)))
@@ -12781,7 +12831,7 @@
(allow bufferhubd pdx_bufferhub_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 8 system/sepolicy/private/bufferhubd.te
-(neverallow base_typeattr_321 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_324 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (listen accept)))
;;* lme
(allow bufferhubd pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -12798,7 +12848,7 @@
(allow camera_service_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 1 system/sepolicy/private/camera_service_server.te
-(neverallow base_typeattr_322 fwk_camera_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_325 fwk_camera_hwservice (hwservice_manager (add)))
;;* lme
(allow init cameraserver_exec (file (read getattr map execute open)))
@@ -12827,20 +12877,20 @@
(allow cameraserver cameraserver_service (service_manager (add find)))
;;* lmx 26 system/sepolicy/private/cameraserver.te
-(neverallow base_typeattr_323 cameraserver_service (service_manager (add)))
+(neverallow base_typeattr_326 cameraserver_service (service_manager (add)))
;;* lme
(allow cameraserver fwk_camera_service (service_manager (add find)))
;;* lmx 27 system/sepolicy/private/cameraserver.te
-(neverallow base_typeattr_323 fwk_camera_service (service_manager (add)))
+(neverallow base_typeattr_326 fwk_camera_service (service_manager (add)))
;;* lme
(allow cameraserver fwk_camera_hwservice (hwservice_manager (add find)))
(allow cameraserver hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 28 system/sepolicy/private/cameraserver.te
-(neverallow base_typeattr_323 fwk_camera_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_326 fwk_camera_hwservice (hwservice_manager (add)))
;;* lme
(allow cameraserver activity_service (service_manager (find)))
@@ -12910,7 +12960,7 @@
(allow charger charger_prop (file (read getattr map open)))
;;* lmx 16 system/sepolicy/private/charger.te
-(neverallow base_typeattr_324 charger_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_327 charger_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow charger_type property_socket (sock_file (write)))
@@ -12961,18 +13011,18 @@
(allow charger_type proc_sysrq (file (ioctl read write getattr lock append map open watch watch_reads)))
;;* lmx 54 system/sepolicy/private/charger_type.te
-(neverallow base_typeattr_230 charger_config_prop (property_service (set)))
+(neverallow base_typeattr_233 charger_config_prop (property_service (set)))
;;* lme
;;* lmx 64 system/sepolicy/private/charger_type.te
-(neverallow base_typeattr_325 charger_status_prop (property_service (set)))
+(neverallow base_typeattr_328 charger_status_prop (property_service (set)))
;;* lme
;;* lmx 76 system/sepolicy/private/charger_type.te
-(neverallow base_typeattr_326 charger_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_326 charger_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_329 charger_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_329 charger_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow clatd system_server (fd (use)))
@@ -12989,12 +13039,12 @@
(allow compos_fd_server self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 26 system/sepolicy/private/compos_fd_server.te
-(neverallow base_typeattr_327 compos_fd_server (process (transition)))
+(neverallow base_typeattr_330 compos_fd_server (process (transition)))
;;* lme
;;* lmx 27 system/sepolicy/private/compos_fd_server.te
-(neverallow base_typeattr_236 compos_fd_server (process (dyntransition)))
+(neverallow base_typeattr_239 compos_fd_server (process (dyntransition)))
;;* lme
(allow compos_verify servicemanager (binder (call transfer)))
@@ -13028,12 +13078,12 @@
(allow compos_verify odsign_devpts (chr_file (read write)))
;;* lmx 23 system/sepolicy/private/compos_verify.te
-(neverallow base_typeattr_328 compos_verify (process (transition)))
+(neverallow base_typeattr_331 compos_verify (process (transition)))
;;* lme
;;* lmx 24 system/sepolicy/private/compos_verify.te
-(neverallow base_typeattr_236 compos_verify (process (dyntransition)))
+(neverallow base_typeattr_239 compos_verify (process (dyntransition)))
;;* lme
(allow init composd_exec (file (read getattr map execute open)))
@@ -13047,7 +13097,7 @@
(allow composd compos_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/composd.te
-(neverallow base_typeattr_327 compos_service (service_manager (add)))
+(neverallow base_typeattr_330 compos_service (service_manager (add)))
;;* lme
(allow composd system_server (binder (call transfer)))
@@ -13100,7 +13150,7 @@
;;* lmx 45 system/sepolicy/private/composd.te
-(neverallow base_typeattr_235 composd_vm_art_prop (property_service (set)))
+(neverallow base_typeattr_238 composd_vm_art_prop (property_service (set)))
;;* lme
(allow coredomain apex_ready_prop (file (read getattr map open)))
@@ -13136,93 +13186,93 @@
(allow coredomain default_prop (file (read getattr map open)))
;;* lmx 35 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_329 sysfs_leds (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_332 sysfs_leds (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 51 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_330 vendor_app_file (dir (read getattr open search)))
+(neverallow base_typeattr_333 vendor_app_file (dir (read getattr open search)))
;;* lme
-;;* lmx 69 system/sepolicy/private/coredomain.te
+;;* lmx 70 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_331 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_334 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
-;;* lmx 90 system/sepolicy/private/coredomain.te
+;;* lmx 92 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_332 vendor_overlay_file (dir (read getattr open search)))
+(neverallow base_typeattr_335 vendor_overlay_file (dir (read getattr open search)))
;;* lme
-;;* lmx 111 system/sepolicy/private/coredomain.te
+;;* lmx 114 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_332 vendor_overlay_file (file (open)))
+(neverallow base_typeattr_335 vendor_overlay_file (file (open)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_333 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_336 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_334 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_337 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_335 device (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_335 device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_338 device (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_338 device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
(neverallow coredomain debugfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_336 debugfs_tracing (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_339 debugfs_tracing (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_337 inotify (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_340 inotify (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_338 pstorefs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_341 pstorefs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_339 configfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_342 configfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_340 functionfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_343 functionfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_337 usbfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_337 binfmt_miscfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_340 usbfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_340 binfmt_miscfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 136 system/sepolicy/private/coredomain.te
+;;* lmx 140 system/sepolicy/private/coredomain.te
-(neverallow base_typeattr_341 base_typeattr_342 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_344 base_typeattr_345 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 253 system/sepolicy/private/coredomain.te
+;;* lmx 257 system/sepolicy/private/coredomain.te
(neverallow coredomain radio_device (chr_file (ioctl read write append open)))
(neverallow coredomain iio_device (chr_file (ioctl read write append open)))
;;* lme
-;;* lmx 257 system/sepolicy/private/coredomain.te
+;;* lmx 261 system/sepolicy/private/coredomain.te
(neverallow coredomain tee_device (chr_file (ioctl read write append open)))
;;* lme
@@ -13248,7 +13298,7 @@
(dontaudit cppreopts postinstall_mnt_dir (dir (search)))
(dontaudit crash_dump dev_type (chr_file (read write)))
(dontaudit crash_dump devpts (chr_file (read write)))
-(allow crash_dump base_typeattr_343 (process (sigchld sigkill sigstop signal ptrace)))
+(allow crash_dump base_typeattr_346 (process (sigchld sigkill sigstop signal ptrace)))
(allow crash_dump apex_art_data_file (dir (getattr search)))
(allow crash_dump apex_art_data_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow crash_dump system_bootstrap_lib_file (dir (getattr search)))
@@ -13297,12 +13347,12 @@
(dontaudit crash_dump system_data_file (file (read open)))
(dontaudit crash_dump system_data_file (lnk_file (read open)))
(allow crash_dump misctrl_prop (file (read getattr map open)))
-;;* lmx 121 system/sepolicy/private/crash_dump.te
+;;* lmx 124 system/sepolicy/private/crash_dump.te
(neverallow domain crash_dump_exec (file (execute_no_trans)))
;;* lme
-;;* lmx 140 system/sepolicy/private/crash_dump.te
+;;* lmx 143 system/sepolicy/private/crash_dump.te
(neverallow crash_dump apexd (process (sigkill sigstop signal ptrace)))
(neverallow crash_dump bpfloader (process (sigkill sigstop signal ptrace)))
@@ -13316,12 +13366,12 @@
(neverallow crash_dump vold (process (sigkill sigstop signal ptrace)))
;;* lme
-;;* lmx 142 system/sepolicy/private/crash_dump.te
+;;* lmx 145 system/sepolicy/private/crash_dump.te
(neverallow crash_dump self (process (ptrace)))
;;* lme
-;;* lmx 143 system/sepolicy/private/crash_dump.te
+;;* lmx 146 system/sepolicy/private/crash_dump.te
(neverallow crash_dump gpu_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
@@ -13344,7 +13394,7 @@
(allow credstore credstore_service (service_manager (add find)))
;;* lmx 22 system/sepolicy/private/credstore.te
-(neverallow base_typeattr_344 credstore_service (service_manager (add)))
+(neverallow base_typeattr_347 credstore_service (service_manager (add)))
;;* lme
(allow credstore sec_key_att_app_id_provider_service (service_manager (find)))
@@ -13360,32 +13410,32 @@
(allow crosvm vm_manager_device_type (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
;;* lmx 40 system/sepolicy/private/credstore.te
-(neverallow base_typeattr_345 kvm_device (chr_file (getattr)))
+(neverallow base_typeattr_348 kvm_device (chr_file (getattr)))
;;* lme
;;* lmx 41 system/sepolicy/private/credstore.te
-(neverallow base_typeattr_346 kvm_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_349 kvm_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 42 system/sepolicy/private/credstore.te
-(neverallowx base_typeattr_347 kvm_device (ioctl chr_file ((range 0x0 0xadff) (range 0xaf00 0xffff))))
+(neverallowx base_typeattr_350 kvm_device (ioctl chr_file ((range 0x0 0xadff) (range 0xaf00 0xffff))))
;;* lme
;;* lmx 42 system/sepolicy/private/credstore.te
-(neverallowx base_typeattr_347 kvm_device (ioctl chr_file ((range 0xae00 0xae02) (range 0xae04 0xaeff))))
+(neverallowx base_typeattr_350 kvm_device (ioctl chr_file ((range 0xae00 0xae02) (range 0xae04 0xaeff))))
;;* lme
;;* lmx 47 system/sepolicy/private/credstore.te
-(neverallow base_typeattr_348 vm_manager_device_type (chr_file (getattr)))
+(neverallow base_typeattr_351 vm_manager_device_type (chr_file (getattr)))
;;* lme
;;* lmx 48 system/sepolicy/private/credstore.te
-(neverallow base_typeattr_349 vm_manager_device_type (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_352 vm_manager_device_type (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(typetransition crosvm tmpfs file crosvm_tmpfs)
@@ -13467,17 +13517,17 @@
;;* lmx 192 system/sepolicy/private/credstore.te
-(neverallow crosvm base_typeattr_350 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow crosvm base_typeattr_353 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 217 system/sepolicy/private/credstore.te
-(neverallow crosvm base_typeattr_351 (file (read)))
+(neverallow crosvm base_typeattr_354 (file (read)))
;;* lme
-;;* lmx 228 system/sepolicy/private/credstore.te
+;;* lmx 229 system/sepolicy/private/credstore.te
-(neverallow base_typeattr_352 crosvm_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_355 crosvm_exec (file (execute execute_no_trans)))
;;* lme
(allow init derive_classpath_exec (file (read getattr map execute open)))
@@ -13513,7 +13563,7 @@
(allow derive_sdk module_sdkextensions_prop (file (read getattr map open)))
;;* lmx 13 system/sepolicy/private/derive_sdk.te
-(neverallow base_typeattr_353 module_sdkextensions_prop (property_service (set)))
+(neverallow base_typeattr_356 module_sdkextensions_prop (property_service (set)))
;;* lme
(allow derive_sdk dumpstate (fd (use)))
@@ -13524,23 +13574,23 @@
(dontaudit su device_as_webcam_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
-(neverallow base_typeattr_354 device_as_webcam_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_357 device_as_webcam_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow device_as_webcam appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
-(neverallow base_typeattr_355 base_typeattr_354 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_358 base_typeattr_357 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
-(neverallow base_typeattr_356 device_as_webcam (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_359 device_as_webcam (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 4 system/sepolicy/private/device_as_webcam.te
-(neverallow base_typeattr_357 device_as_webcam (process (ptrace)))
+(neverallow base_typeattr_360 device_as_webcam (process (ptrace)))
;;* lme
(allow device_as_webcam system_app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -13555,7 +13605,7 @@
(dontaudit su dex2oat_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 5 system/sepolicy/private/dex2oat.te
-(neverallow base_typeattr_358 dex2oat_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_361 dex2oat_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow dex2oat apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -13626,7 +13676,7 @@
(allow dexopt_chroot_setup dexopt_chroot_setup_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/dexopt_chroot_setup.te
-(neverallow base_typeattr_359 dexopt_chroot_setup_service (service_manager (add)))
+(neverallow base_typeattr_362 dexopt_chroot_setup_service (service_manager (add)))
;;* lme
(allow dexopt_chroot_setup dumpstate (fifo_file (write getattr)))
@@ -13647,7 +13697,7 @@
(dontaudit su dexopt_chroot_setup_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 24 system/sepolicy/private/dexopt_chroot_setup.te
-(neverallow base_typeattr_359 dexopt_chroot_setup_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_362 dexopt_chroot_setup_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow dexopt_chroot_setup self (capability (sys_chroot sys_admin)))
@@ -13730,22 +13780,22 @@
(allow dexopt_chroot_setup apk_data_file (dir (getattr search)))
;;* lmx 143 system/sepolicy/private/dexopt_chroot_setup.te
-(neverallow dexopt_chroot_setup base_typeattr_291 (file (execute_no_trans)))
+(neverallow dexopt_chroot_setup base_typeattr_294 (file (execute_no_trans)))
;;* lme
;;* lmx 146 system/sepolicy/private/dexopt_chroot_setup.te
-(neverallow base_typeattr_235 dexopt_chroot_setup (process (transition)))
+(neverallow base_typeattr_238 dexopt_chroot_setup (process (transition)))
;;* lme
;;* lmx 147 system/sepolicy/private/dexopt_chroot_setup.te
-(neverallow base_typeattr_236 dexopt_chroot_setup (process (dyntransition)))
+(neverallow base_typeattr_239 dexopt_chroot_setup (process (dyntransition)))
;;* lme
;;* lmx 158 system/sepolicy/private/dexopt_chroot_setup.te
-(neverallow base_typeattr_360 pre_reboot_dexopt_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_363 pre_reboot_dexopt_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
(allow init dhcp_exec (file (read getattr map execute open)))
@@ -13788,7 +13838,7 @@
(allow display_service_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 1 system/sepolicy/private/display_service_server.te
-(neverallow base_typeattr_361 fwk_display_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_364 fwk_display_hwservice (hwservice_manager (add)))
;;* lme
(allow init dmesgd_exec (file (read getattr map execute open)))
@@ -13828,7 +13878,7 @@
(allow dnsmasq netd (udp_socket (read write)))
(allow domain init (process (sigchld)))
(allow domain self (process (fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid getcap setcap getattr setrlimit)))
-(allow base_typeattr_362 self (process (setpgid)))
+(allow base_typeattr_365 self (process (setpgid)))
(allow domain self (fd (use)))
(allow domain proc (dir (ioctl read getattr lock open watch watch_reads search)))
(allow domain proc_net_type (dir (search)))
@@ -13854,15 +13904,15 @@
(allow domain zero_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow domain ashmem_device (chr_file (ioctl read write getattr lock append map)))
(allow domain ashmem_libcutils_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_363 binder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_363 servicemanager_prop (file (read getattr map open)))
+(allow base_typeattr_366 binder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_366 servicemanager_prop (file (read getattr map open)))
(dontaudit domain hwservicemanager_exec (file (ioctl read getattr lock map open watch watch_reads)))
(allowx domain binder_device (ioctl chr_file (0x6201 0x6203 (range 0x6205 0x6209) (range 0x620b 0x620d) (range 0x6210 0x6211))))
(allow domain binderfs (dir (getattr search)))
(allow domain binderfs_logs_proc (dir (search)))
(allow domain binderfs_features (dir (search)))
(allow domain binderfs_features (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_364 hwbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_367 hwbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow domain ptmx_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow domain random_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow domain proc_random (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -13897,16 +13947,16 @@
(allow coredomain system_file (file (read getattr map execute open)))
(allow domain vendor_hal_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow domain same_process_hal_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_229 same_process_hal_file (file (read getattr map execute open)))
+(allow base_typeattr_232 same_process_hal_file (file (read getattr map execute open)))
(allow domain vndk_sp_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow domain vndk_sp_file (file (read getattr map execute open)))
(allow domain vendor_configs_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow domain vendor_configs_file (file (read getattr map open)))
(allow domain vendor_file_type (lnk_file (read getattr open)))
(allow domain vendor_file (dir (getattr search)))
-(allow base_typeattr_229 vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_229 vendor_file_type (file (read getattr map execute open)))
-(allow base_typeattr_229 vendor_file_type (lnk_file (read getattr)))
+(allow base_typeattr_232 vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_232 vendor_file_type (file (read getattr map execute open)))
+(allow base_typeattr_232 vendor_file_type (lnk_file (read getattr)))
(allow domain sysfs (lnk_file (read getattr)))
(allow domain system_zoneinfo_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow domain system_zoneinfo_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -13991,8 +14041,8 @@
(allowx domain dev_type (ioctl blk_file (0x1268 0x1272)))
(allowx domain file_type (ioctl file ((range 0xf501 0xf502) 0xf505 (range 0xf50c 0xf50e))))
(allowx domain sdcard_type (ioctl file ((range 0xf501 0xf502) 0xf505 (range 0xf50c 0xf50e))))
-(allow base_typeattr_365 hwservice_manager_type (hwservice_manager (add find)))
-(allow base_typeattr_365 vndservice_manager_type (service_manager (add find)))
+(allow base_typeattr_368 hwservice_manager_type (hwservice_manager (add find)))
+(allow base_typeattr_368 vndservice_manager_type (service_manager (add find)))
(allow domain apex_mnt_dir (dir (getattr search)))
(allow domain apex_mnt_dir (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow domain sysfs_pgsize_migration (dir (search)))
@@ -14008,20 +14058,20 @@
(typetransition domain crash_dump_exec process crash_dump)
(allow domain crash_dump (process (sigchld)))
(allow domain heapprofd_prop (file (read getattr map open)))
-(allow heapprofd base_typeattr_366 (process (signal)))
-(allow base_typeattr_366 heapprofd_socket (sock_file (write)))
-(allow base_typeattr_366 heapprofd (unix_stream_socket (connectto)))
-(allow heapprofd base_typeattr_366 (fd (use)))
-(allow base_typeattr_366 heapprofd_tmpfs (file (read write getattr map)))
-(allow base_typeattr_366 heapprofd (fd (use)))
-(allow heapprofd base_typeattr_366 (file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow heapprofd base_typeattr_366 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow traced_perf base_typeattr_367 (file (ioctl read getattr lock map open watch watch_reads)))
-(allow traced_perf base_typeattr_367 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow traced_perf base_typeattr_367 (process (signal)))
-(allow base_typeattr_367 traced_perf_socket (sock_file (write)))
-(allow base_typeattr_367 traced_perf (unix_stream_socket (connectto)))
-(allow traced_perf base_typeattr_367 (fd (use)))
+(allow heapprofd base_typeattr_369 (process (signal)))
+(allow base_typeattr_369 heapprofd_socket (sock_file (write)))
+(allow base_typeattr_369 heapprofd (unix_stream_socket (connectto)))
+(allow heapprofd base_typeattr_369 (fd (use)))
+(allow base_typeattr_369 heapprofd_tmpfs (file (read write getattr map)))
+(allow base_typeattr_369 heapprofd (fd (use)))
+(allow heapprofd base_typeattr_369 (file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow heapprofd base_typeattr_369 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow traced_perf base_typeattr_370 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow traced_perf base_typeattr_370 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow traced_perf base_typeattr_370 (process (signal)))
+(allow base_typeattr_370 traced_perf_socket (sock_file (write)))
+(allow base_typeattr_370 traced_perf (unix_stream_socket (connectto)))
+(allow traced_perf base_typeattr_370 (fd (use)))
(allow domain sysfs_fs_incfs_features (dir (ioctl read getattr lock open watch watch_reads search)))
(allow domain sysfs_fs_incfs_features (file (ioctl read getattr lock map open watch watch_reads)))
(allow domain sysfs_fs_incfs_features (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -14029,11 +14079,11 @@
(allow domain sysfs_fs_fuse_features (file (ioctl read getattr lock map open watch watch_reads)))
(allow domain sysfs_fs_fuse_features (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow domain cgroup (dir (search)))
-(allow base_typeattr_368 cgroup (dir (write lock open add_name remove_name search)))
-(allow base_typeattr_368 cgroup (file (write lock append map open)))
+(allow base_typeattr_371 cgroup (dir (write lock open add_name remove_name search)))
+(allow base_typeattr_371 cgroup (file (write lock append map open)))
(allow domain cgroup_v2 (dir (search)))
-(allow base_typeattr_368 cgroup_v2 (dir (write lock open add_name remove_name search)))
-(allow base_typeattr_368 cgroup_v2 (file (write lock append map open)))
+(allow base_typeattr_371 cgroup_v2 (dir (write lock open add_name remove_name search)))
+(allow base_typeattr_371 cgroup_v2 (file (write lock append map open)))
(allow domain cgroup_desc_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow domain cgroup_rc_file (dir (search)))
(allow domain cgroup_rc_file (file (ioctl read getattr lock map open watch watch_reads)))
@@ -14065,7 +14115,7 @@
(allow shell userspace_reboot_log_prop (file (read getattr map open)))
(allow coredomain userspace_reboot_test_prop (file (read getattr map open)))
(allow shell userspace_reboot_test_prop (file (read getattr map open)))
-(allow base_typeattr_369 vendor_default_prop (file (read getattr map open)))
+(allow base_typeattr_372 vendor_default_prop (file (read getattr map open)))
(allow domain aaudio_config_prop (file (read getattr map open)))
(allow domain apexd_select_prop (file (read getattr map open)))
(allow domain arm64_memtag_prop (file (read getattr map open)))
@@ -14096,7 +14146,7 @@
(allow domain surfaceflinger_prop (file (read getattr map open)))
(allow domain telephony_status_prop (file (read getattr map open)))
(allow domain timezone_prop (file (read getattr map open)))
-(allow base_typeattr_370 userdebug_or_eng_prop (file (read getattr map open)))
+(allow base_typeattr_373 userdebug_or_eng_prop (file (read getattr map open)))
(allow domain vendor_socket_hook_prop (file (read getattr map open)))
(allow domain vndk_prop (file (read getattr map open)))
(allow domain vold_status_prop (file (read getattr map open)))
@@ -14106,12 +14156,12 @@
(allow domain binder_cache_telephony_server_prop (file (read getattr map open)))
;;* lmx 525 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 binderfs_logs_transactions (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_233 binderfs_logs_transactions (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 529 system/sepolicy/private/domain.te
-(neverallow base_typeattr_371 binderfs_logs_transaction_history (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_374 binderfs_logs_transaction_history (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow domain kernel (key (search)))
@@ -14121,8 +14171,8 @@
(allow domain log_file_logger_prop (file (read getattr map open)))
(allow domain prng_seeder_socket (sock_file (write)))
(allow domain prng_seeder (unix_stream_socket (connectto)))
-(allow base_typeattr_372 shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
-(allow base_typeattr_372 toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
+(allow base_typeattr_375 shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
+(allow base_typeattr_375 toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow domain aconfig_storage_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow domain aconfig_storage_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow domain aconfig_storage_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -14133,74 +14183,74 @@
(allow coredomain system_aconfig_storage_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow coredomain system_aconfig_storage_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow domain metadata_file (dir (search)))
-;;* lmx 604 system/sepolicy/private/domain.te
+;;* lmx 603 system/sepolicy/private/domain.te
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl file (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl dir (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl lnk_file (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl blk_file (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl sock_file (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl fifo_file (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl tcp_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl udp_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl rawip_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl packet_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl key_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl unix_stream_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl unix_dgram_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_route_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_tcpdiag_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_nflog_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_xfrm_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_selinux_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_audit_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_dnrt_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_kobject_uevent_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl appletalk_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl tun_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_iscsi_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_fib_lookup_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_connector_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_netfilter_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_generic_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_scsitransport_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_rdma_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netlink_crypto_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl sctp_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl icmp_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl ax25_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl ipx_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl netrom_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl atmpvc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl x25_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl rose_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl decnet_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl atmsvc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl rds_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl irda_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl pppox_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl llc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl can_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl tipc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl bluetooth_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl iucv_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl rxrpc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl isdn_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl phonet_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl ieee802154_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl caif_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl alg_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl nfc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl vsock_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl kcm_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl qipcrtr_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl smc_socket (0x0)))
-(neverallowx base_typeattr_236 base_typeattr_236 (ioctl xdp_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl file (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl dir (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl lnk_file (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl blk_file (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl sock_file (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl fifo_file (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl tcp_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl udp_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl rawip_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl packet_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl key_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl unix_stream_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl unix_dgram_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_route_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_tcpdiag_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_nflog_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_xfrm_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_selinux_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_audit_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_dnrt_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_kobject_uevent_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl appletalk_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl tun_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_iscsi_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_fib_lookup_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_connector_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_netfilter_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_generic_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_scsitransport_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_rdma_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netlink_crypto_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl sctp_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl icmp_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl ax25_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl ipx_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl netrom_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl atmpvc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl x25_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl rose_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl decnet_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl atmsvc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl rds_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl irda_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl pppox_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl llc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl can_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl tipc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl bluetooth_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl iucv_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl rxrpc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl isdn_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl phonet_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl ieee802154_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl caif_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl alg_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl nfc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl vsock_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl kcm_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl qipcrtr_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl smc_socket (0x0)))
+(neverallowx base_typeattr_239 base_typeattr_239 (ioctl xdp_socket (0x0)))
;;* lme
-;;* lmx 608 system/sepolicy/private/domain.te
+;;* lmx 607 system/sepolicy/private/domain.te
(neverallowx domain domain (ioctl socket (0x8905)))
(neverallowx domain domain (ioctl tcp_socket (0x8905)))
@@ -14261,149 +14311,149 @@
(neverallowx domain domain (ioctl xdp_socket (0x8905)))
;;* lme
-;;* lmx 613 system/sepolicy/private/domain.te
+;;* lmx 612 system/sepolicy/private/domain.te
-(neverallowx base_typeattr_236 devpts (ioctl chr_file (0x5412)))
+(neverallowx base_typeattr_239 devpts (ioctl chr_file (0x5412)))
;;* lme
-;;* lmx 616 system/sepolicy/private/domain.te
+;;* lmx 615 system/sepolicy/private/domain.te
-(neverallow base_typeattr_373 unlabeled (file (create)))
-(neverallow base_typeattr_373 unlabeled (dir (create)))
-(neverallow base_typeattr_373 unlabeled (lnk_file (create)))
-(neverallow base_typeattr_373 unlabeled (chr_file (create)))
-(neverallow base_typeattr_373 unlabeled (blk_file (create)))
-(neverallow base_typeattr_373 unlabeled (sock_file (create)))
-(neverallow base_typeattr_373 unlabeled (fifo_file (create)))
+(neverallow base_typeattr_376 unlabeled (file (create)))
+(neverallow base_typeattr_376 unlabeled (dir (create)))
+(neverallow base_typeattr_376 unlabeled (lnk_file (create)))
+(neverallow base_typeattr_376 unlabeled (chr_file (create)))
+(neverallow base_typeattr_376 unlabeled (blk_file (create)))
+(neverallow base_typeattr_376 unlabeled (sock_file (create)))
+(neverallow base_typeattr_376 unlabeled (fifo_file (create)))
;;* lme
-;;* lmx 625 system/sepolicy/private/domain.te
+;;* lmx 624 system/sepolicy/private/domain.te
-(neverallow base_typeattr_374 self (capability (mknod)))
-(neverallow base_typeattr_374 self (cap_userns (mknod)))
+(neverallow base_typeattr_377 self (capability (mknod)))
+(neverallow base_typeattr_377 self (cap_userns (mknod)))
;;* lme
-;;* lmx 628 system/sepolicy/private/domain.te
+;;* lmx 627 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 self (memprotect (mmap_zero)))
+(neverallow base_typeattr_239 self (memprotect (mmap_zero)))
;;* lme
-;;* lmx 631 system/sepolicy/private/domain.te
+;;* lmx 630 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 self (capability2 (mac_override)))
-(neverallow base_typeattr_236 self (cap2_userns (mac_override)))
+(neverallow base_typeattr_239 self (capability2 (mac_override)))
+(neverallow base_typeattr_239 self (cap2_userns (mac_override)))
;;* lme
-;;* lmx 636 system/sepolicy/private/domain.te
+;;* lmx 635 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 self (capability2 (mac_admin)))
-(neverallow base_typeattr_236 self (cap2_userns (mac_admin)))
+(neverallow base_typeattr_239 self (capability2 (mac_admin)))
+(neverallow base_typeattr_239 self (cap2_userns (mac_admin)))
;;* lme
-;;* lmx 640 system/sepolicy/private/domain.te
+;;* lmx 639 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 kernel (security (load_policy)))
+(neverallow base_typeattr_239 kernel (security (load_policy)))
+;;* lme
+
+;;* lmx 645 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_239 kernel (security (setenforce)))
;;* lme
;;* lmx 646 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 kernel (security (setenforce)))
+(neverallow base_typeattr_378 kernel (security (setcheckreqprot)))
;;* lme
-;;* lmx 647 system/sepolicy/private/domain.te
+;;* lmx 649 system/sepolicy/private/domain.te
-(neverallow base_typeattr_375 kernel (security (setcheckreqprot)))
+(neverallow base_typeattr_239 kernel (security (setbool)))
;;* lme
-;;* lmx 650 system/sepolicy/private/domain.te
+;;* lmx 654 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 kernel (security (setbool)))
+(neverallow base_typeattr_238 kernel (security (setsecparam)))
;;* lme
-;;* lmx 655 system/sepolicy/private/domain.te
+;;* lmx 662 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 kernel (security (setsecparam)))
+(neverallow base_typeattr_379 hw_random_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 663 system/sepolicy/private/domain.te
+;;* lmx 668 system/sepolicy/private/domain.te
-(neverallow base_typeattr_376 hw_random_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_380 keychord_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 669 system/sepolicy/private/domain.te
+;;* lmx 671 system/sepolicy/private/domain.te
-(neverallow base_typeattr_377 keychord_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-;;* lme
-
-;;* lmx 672 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_236 base_typeattr_378 (file (entrypoint)))
+(neverallow base_typeattr_239 base_typeattr_381 (file (entrypoint)))
;;* lme
(dontaudit domain postinstall_mnt_dir (dir (audit_access)))
-;;* lmx 684 system/sepolicy/private/domain.te
+;;* lmx 683 system/sepolicy/private/domain.te
-(neverallow base_typeattr_377 port_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_380 port_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 685 system/sepolicy/private/domain.te
+;;* lmx 684 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 port_device (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_239 port_device (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+;;* lme
+
+;;* lmx 687 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_238 usermodehelper (file (write append)))
;;* lme
;;* lmx 688 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 usermodehelper (file (write append)))
+(neverallow base_typeattr_382 sysfs_usermodehelper (file (write append)))
;;* lme
;;* lmx 689 system/sepolicy/private/domain.te
-(neverallow base_typeattr_379 sysfs_usermodehelper (file (write append)))
+(neverallow base_typeattr_233 proc_security (file (read write append open)))
;;* lme
-;;* lmx 690 system/sepolicy/private/domain.te
+;;* lmx 693 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 proc_security (file (read write append open)))
+(neverallow base_typeattr_239 init (binder (impersonate call set_context_mgr transfer)))
;;* lme
;;* lmx 694 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 init (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_239 vendor_init (binder (impersonate call set_context_mgr transfer)))
;;* lme
-;;* lmx 695 system/sepolicy/private/domain.te
+;;* lmx 697 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 vendor_init (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_383 binderfs_logs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_383 binderfs_logs_proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 698 system/sepolicy/private/domain.te
-(neverallow base_typeattr_380 binderfs_logs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_380 binderfs_logs_proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_374 binderfs_logs_stats (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 699 system/sepolicy/private/domain.te
+;;* lmx 702 system/sepolicy/private/domain.te
-(neverallow base_typeattr_371 binderfs_logs_stats (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_384 block_device (blk_file (read write open)))
;;* lme
-;;* lmx 703 system/sepolicy/private/domain.te
+;;* lmx 707 system/sepolicy/private/domain.te
-(neverallow base_typeattr_381 block_device (blk_file (read write open)))
+(neverallow domain base_typeattr_239 (chr_file (rename)))
+(neverallow domain base_typeattr_239 (blk_file (rename)))
;;* lme
-;;* lmx 708 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_236 base_typeattr_236 (chr_file (rename)))
-(neverallow base_typeattr_236 base_typeattr_236 (blk_file (rename)))
-;;* lme
-
-;;* lmx 712 system/sepolicy/private/domain.te
+;;* lmx 711 system/sepolicy/private/domain.te
(neverallow domain device (chr_file (read write open)))
;;* lme
-;;* lmx 715 system/sepolicy/private/domain.te
+;;* lmx 714 system/sepolicy/private/domain.te
(neverallow domain cache_file (file (execute)))
(neverallow domain cache_backup_file (file (execute)))
@@ -14411,7 +14461,7 @@
(neverallow domain cache_recovery_file (file (execute)))
;;* lme
-;;* lmx 718 system/sepolicy/private/domain.te
+;;* lmx 717 system/sepolicy/private/domain.te
(neverallow domain nativetest_data_file (file (write create setattr relabelfrom append unlink link rename)))
(neverallow domain nativetest_data_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
@@ -14421,72 +14471,72 @@
(neverallow domain nativetest_data_file (fifo_file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 719 system/sepolicy/private/domain.te
+;;* lmx 718 system/sepolicy/private/domain.te
(neverallow domain nativetest_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 720 system/sepolicy/private/domain.te
+;;* lmx 719 system/sepolicy/private/domain.te
(neverallow domain nativetest_data_file (file (execute execute_no_trans)))
;;* lme
+;;* lmx 721 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_385 shell_test_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_385 shell_test_data_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_385 shell_test_data_file (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_385 shell_test_data_file (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_385 shell_test_data_file (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_385 shell_test_data_file (fifo_file (write create setattr relabelfrom append unlink link rename)))
+;;* lme
+
;;* lmx 722 system/sepolicy/private/domain.te
-(neverallow base_typeattr_382 shell_test_data_file (file (write create setattr relabelfrom append unlink link rename)))
-(neverallow base_typeattr_382 shell_test_data_file (lnk_file (write create setattr relabelfrom append unlink link rename)))
-(neverallow base_typeattr_382 shell_test_data_file (chr_file (write create setattr relabelfrom append unlink link rename)))
-(neverallow base_typeattr_382 shell_test_data_file (blk_file (write create setattr relabelfrom append unlink link rename)))
-(neverallow base_typeattr_382 shell_test_data_file (sock_file (write create setattr relabelfrom append unlink link rename)))
-(neverallow base_typeattr_382 shell_test_data_file (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_385 shell_test_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 723 system/sepolicy/private/domain.te
-(neverallow base_typeattr_382 shell_test_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_386 shell_test_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 724 system/sepolicy/private/domain.te
-(neverallow base_typeattr_383 shell_test_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow heapprofd shell_test_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
;;* lmx 725 system/sepolicy/private/domain.te
-(neverallow heapprofd shell_test_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_385 shell_test_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 726 system/sepolicy/private/domain.te
+;;* lmx 728 system/sepolicy/private/domain.te
-(neverallow base_typeattr_382 shell_test_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_238 property_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 729 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 property_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_238 property_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
;;* lmx 730 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 property_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_238 property_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
;;* lmx 731 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 property_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_238 properties_device (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
;;* lmx 732 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 properties_device (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_238 properties_serial (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
-;;* lmx 733 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_235 properties_serial (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
-;;* lme
-
-;;* lmx 747 system/sepolicy/private/domain.te
+;;* lmx 748 system/sepolicy/private/domain.te
(neverallow domain exec_type (file (write create setattr relabelfrom append unlink link rename)))
(neverallow domain exec_type (dir (write create setattr relabelfrom append unlink link rename)))
@@ -14511,64 +14561,64 @@
(neverallow domain vendor_file_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 749 system/sepolicy/private/domain.te
+;;* lmx 750 system/sepolicy/private/domain.te
-(neverallow base_typeattr_375 exec_type (file (relabelto)))
-(neverallow base_typeattr_375 exec_type (dir (relabelto)))
-(neverallow base_typeattr_375 exec_type (lnk_file (relabelto)))
-(neverallow base_typeattr_375 exec_type (chr_file (relabelto)))
-(neverallow base_typeattr_375 exec_type (blk_file (relabelto)))
-(neverallow base_typeattr_375 exec_type (sock_file (relabelto)))
-(neverallow base_typeattr_375 exec_type (fifo_file (relabelto)))
-(neverallow base_typeattr_375 system_file_type (file (relabelto)))
-(neverallow base_typeattr_375 system_file_type (dir (relabelto)))
-(neverallow base_typeattr_375 system_file_type (lnk_file (relabelto)))
-(neverallow base_typeattr_375 system_file_type (chr_file (relabelto)))
-(neverallow base_typeattr_375 system_file_type (blk_file (relabelto)))
-(neverallow base_typeattr_375 system_file_type (sock_file (relabelto)))
-(neverallow base_typeattr_375 system_file_type (fifo_file (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (file (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (dir (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (lnk_file (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (chr_file (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (blk_file (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (sock_file (relabelto)))
-(neverallow base_typeattr_375 vendor_file_type (fifo_file (relabelto)))
+(neverallow base_typeattr_378 exec_type (file (relabelto)))
+(neverallow base_typeattr_378 exec_type (dir (relabelto)))
+(neverallow base_typeattr_378 exec_type (lnk_file (relabelto)))
+(neverallow base_typeattr_378 exec_type (chr_file (relabelto)))
+(neverallow base_typeattr_378 exec_type (blk_file (relabelto)))
+(neverallow base_typeattr_378 exec_type (sock_file (relabelto)))
+(neverallow base_typeattr_378 exec_type (fifo_file (relabelto)))
+(neverallow base_typeattr_378 system_file_type (file (relabelto)))
+(neverallow base_typeattr_378 system_file_type (dir (relabelto)))
+(neverallow base_typeattr_378 system_file_type (lnk_file (relabelto)))
+(neverallow base_typeattr_378 system_file_type (chr_file (relabelto)))
+(neverallow base_typeattr_378 system_file_type (blk_file (relabelto)))
+(neverallow base_typeattr_378 system_file_type (sock_file (relabelto)))
+(neverallow base_typeattr_378 system_file_type (fifo_file (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (file (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (dir (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (lnk_file (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (chr_file (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (blk_file (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (sock_file (relabelto)))
+(neverallow base_typeattr_378 vendor_file_type (fifo_file (relabelto)))
;;* lme
-;;* lmx 752 system/sepolicy/private/domain.te
+;;* lmx 756 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 exec_type (file (mounton)))
-(neverallow base_typeattr_236 exec_type (dir (mounton)))
-(neverallow base_typeattr_236 exec_type (lnk_file (mounton)))
-(neverallow base_typeattr_236 exec_type (chr_file (mounton)))
-(neverallow base_typeattr_236 exec_type (blk_file (mounton)))
-(neverallow base_typeattr_236 exec_type (sock_file (mounton)))
-(neverallow base_typeattr_236 exec_type (fifo_file (mounton)))
-;;* lme
-
-;;* lmx 755 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_236 rootfs (file (write create setattr relabelto append unlink link rename)))
+(neverallow domain exec_type (file (mounton)))
+(neverallow domain exec_type (dir (mounton)))
+(neverallow domain exec_type (lnk_file (mounton)))
+(neverallow domain exec_type (chr_file (mounton)))
+(neverallow domain exec_type (blk_file (mounton)))
+(neverallow domain exec_type (sock_file (mounton)))
+(neverallow domain exec_type (fifo_file (mounton)))
;;* lme
;;* lmx 759 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 base_typeattr_384 (filesystem (relabelto)))
+(neverallow base_typeattr_239 rootfs (file (write create setattr relabelto append unlink link rename)))
;;* lme
-;;* lmx 765 system/sepolicy/private/domain.te
+;;* lmx 763 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 contextmount_type (file (create setattr relabelfrom relabelto append link rename)))
-(neverallow base_typeattr_236 contextmount_type (dir (create setattr relabelfrom relabelto append link rename)))
-(neverallow base_typeattr_236 contextmount_type (lnk_file (create setattr relabelfrom relabelto append link rename)))
-(neverallow base_typeattr_236 contextmount_type (chr_file (create setattr relabelfrom relabelto append link rename)))
-(neverallow base_typeattr_236 contextmount_type (blk_file (create setattr relabelfrom relabelto append link rename)))
-(neverallow base_typeattr_236 contextmount_type (sock_file (create setattr relabelfrom relabelto append link rename)))
-(neverallow base_typeattr_236 contextmount_type (fifo_file (create setattr relabelfrom relabelto append link rename)))
+(neverallow base_typeattr_239 base_typeattr_387 (filesystem (relabelto)))
;;* lme
-;;* lmx 766 system/sepolicy/private/domain.te
+;;* lmx 769 system/sepolicy/private/domain.te
+
+(neverallow domain contextmount_type (file (create setattr relabelfrom relabelto append link rename)))
+(neverallow domain contextmount_type (dir (create setattr relabelfrom relabelto append link rename)))
+(neverallow domain contextmount_type (lnk_file (create setattr relabelfrom relabelto append link rename)))
+(neverallow domain contextmount_type (chr_file (create setattr relabelfrom relabelto append link rename)))
+(neverallow domain contextmount_type (blk_file (create setattr relabelfrom relabelto append link rename)))
+(neverallow domain contextmount_type (sock_file (create setattr relabelfrom relabelto append link rename)))
+(neverallow domain contextmount_type (fifo_file (create setattr relabelfrom relabelto append link rename)))
+;;* lme
+
+;;* lmx 770 system/sepolicy/private/domain.te
(neverallow domain contextmount_type (file (write unlink)))
(neverallow domain contextmount_type (dir (write unlink)))
@@ -14579,571 +14629,571 @@
(neverallow domain contextmount_type (fifo_file (write unlink)))
;;* lme
-;;* lmx 773 system/sepolicy/private/domain.te
+;;* lmx 777 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 default_android_service (service_manager (add find list)))
+(neverallow base_typeattr_239 default_android_service (service_manager (add find list)))
;;* lme
-;;* lmx 774 system/sepolicy/private/domain.te
+;;* lmx 778 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 default_android_vndservice (service_manager (add find list)))
+(neverallow base_typeattr_239 default_android_vndservice (service_manager (add find list)))
;;* lme
-;;* lmx 775 system/sepolicy/private/domain.te
+;;* lmx 779 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 default_android_hwservice (hwservice_manager (add find list)))
-;;* lme
-
-;;* lmx 784 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_236 hidl_base_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_239 default_android_hwservice (hwservice_manager (add find list)))
;;* lme
;;* lmx 788 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 mmc_prop (property_service (set)))
+(neverallow base_typeattr_239 hidl_base_hwservice (hwservice_manager (find)))
;;* lme
-;;* lmx 789 system/sepolicy/private/domain.te
+;;* lmx 792 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 vndk_prop (property_service (set)))
+(neverallow base_typeattr_233 mmc_prop (property_service (set)))
;;* lme
-;;* lmx 791 system/sepolicy/private/domain.te
+;;* lmx 793 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 mmc_prop (property_service (set)))
+(neverallow base_typeattr_233 vndk_prop (property_service (set)))
;;* lme
-;;* lmx 791 system/sepolicy/private/domain.te
+;;* lmx 795 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 exported_default_prop (property_service (set)))
+(neverallow base_typeattr_238 mmc_prop (property_service (set)))
;;* lme
-;;* lmx 791 system/sepolicy/private/domain.te
+;;* lmx 795 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 exported_secure_prop (property_service (set)))
+(neverallow base_typeattr_233 exported_default_prop (property_service (set)))
;;* lme
-;;* lmx 791 system/sepolicy/private/domain.te
+;;* lmx 795 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 vendor_default_prop (property_service (set)))
+(neverallow base_typeattr_238 exported_secure_prop (property_service (set)))
;;* lme
-;;* lmx 791 system/sepolicy/private/domain.te
+;;* lmx 795 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 storage_config_prop (property_service (set)))
+(neverallow base_typeattr_233 vendor_default_prop (property_service (set)))
;;* lme
-;;* lmx 791 system/sepolicy/private/domain.te
+;;* lmx 795 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 hw_timeout_multiplier_prop (property_service (set)))
+(neverallow base_typeattr_233 storage_config_prop (property_service (set)))
;;* lme
-;;* lmx 800 system/sepolicy/private/domain.te
+;;* lmx 795 system/sepolicy/private/domain.te
-(neverallow base_typeattr_385 exported_pm_prop (property_service (set)))
+(neverallow base_typeattr_233 hw_timeout_multiplier_prop (property_service (set)))
;;* lme
-;;* lmx 800 system/sepolicy/private/domain.te
+;;* lmx 804 system/sepolicy/private/domain.te
-(neverallow base_typeattr_386 exported_pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_388 exported_pm_prop (property_service (set)))
;;* lme
-;;* lmx 806 system/sepolicy/private/domain.te
+;;* lmx 804 system/sepolicy/private/domain.te
-(neverallow base_typeattr_380 future_pm_prop (property_service (set)))
+(neverallow base_typeattr_389 exported_pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 807 system/sepolicy/private/domain.te
+;;* lmx 810 system/sepolicy/private/domain.te
-(neverallow base_typeattr_380 future_pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_383 future_pm_prop (property_service (set)))
+;;* lme
+
+;;* lmx 811 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_383 future_pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit domain future_pm_prop (file (read)))
-;;* lmx 813 system/sepolicy/private/domain.te
+;;* lmx 817 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 aac_drc_prop (property_service (set)))
+(neverallow base_typeattr_238 aac_drc_prop (property_service (set)))
;;* lme
-;;* lmx 814 system/sepolicy/private/domain.te
+;;* lmx 818 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 build_prop (property_service (set)))
+(neverallow base_typeattr_238 build_prop (property_service (set)))
;;* lme
-;;* lmx 815 system/sepolicy/private/domain.te
+;;* lmx 819 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 userdebug_or_eng_prop (property_service (set)))
+(neverallow base_typeattr_238 userdebug_or_eng_prop (property_service (set)))
;;* lme
-;;* lmx 837 system/sepolicy/private/domain.te
+;;* lmx 841 system/sepolicy/private/domain.te
-(neverallow base_typeattr_387 serialno_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_390 serialno_prop (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
-;;* lmx 845 system/sepolicy/private/domain.te
+;;* lmx 849 system/sepolicy/private/domain.te
-(neverallow base_typeattr_388 frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_391 frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 859 system/sepolicy/private/domain.te
+;;* lmx 863 system/sepolicy/private/domain.te
-(neverallow base_typeattr_389 metadata_block_device (blk_file (ioctl read write lock append link rename open)))
+(neverallow base_typeattr_392 metadata_block_device (blk_file (ioctl read write lock append link rename open)))
;;* lme
-;;* lmx 870 system/sepolicy/private/domain.te
+;;* lmx 874 system/sepolicy/private/domain.te
-(neverallow base_typeattr_390 system_block_device (blk_file (write append)))
-;;* lme
-
-;;* lmx 873 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_391 base_typeattr_236 (binder (set_context_mgr)))
-;;* lme
-
-;;* lmx 875 system/sepolicy/private/domain.te
-
-(neverallow servicemanager hwbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lme
-
-;;* lmx 876 system/sepolicy/private/domain.te
-
-(neverallow servicemanager vndbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_393 system_block_device (blk_file (write append)))
;;* lme
;;* lmx 877 system/sepolicy/private/domain.te
-(neverallow hwservicemanager binder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lme
-
-;;* lmx 878 system/sepolicy/private/domain.te
-
-(neverallow hwservicemanager vndbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_394 base_typeattr_239 (binder (set_context_mgr)))
;;* lme
;;* lmx 879 system/sepolicy/private/domain.te
-(neverallow vndservicemanager binder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow servicemanager hwbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 880 system/sepolicy/private/domain.te
-(neverallow vndservicemanager hwbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow servicemanager vndbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+;;* lme
+
+;;* lmx 881 system/sepolicy/private/domain.te
+
+(neverallow hwservicemanager binder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 882 system/sepolicy/private/domain.te
-(neverallow base_typeattr_392 base_typeattr_393 (service_manager (find)))
+(neverallow hwservicemanager vndbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 919 system/sepolicy/private/domain.te
+;;* lmx 883 system/sepolicy/private/domain.te
-(neverallow base_typeattr_394 vndbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+(neverallow vndservicemanager binder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 927 system/sepolicy/private/domain.te
+;;* lmx 884 system/sepolicy/private/domain.te
+
+(neverallow vndservicemanager hwbinder_device (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+;;* lme
+
+;;* lmx 886 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_395 base_typeattr_396 (service_manager (find)))
+;;* lme
+
+;;* lmx 923 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_397 vndbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+;;* lme
+
+;;* lmx 931 system/sepolicy/private/domain.te
(neverallow ueventd vndbinder_device (chr_file (ioctl read write append)))
;;* lme
-;;* lmx 930 system/sepolicy/private/domain.te
+;;* lmx 934 system/sepolicy/private/domain.te
-(neverallow base_typeattr_395 vndservice_manager_type (service_manager (add find list)))
+(neverallow base_typeattr_398 vndservice_manager_type (service_manager (add find list)))
;;* lme
-;;* lmx 937 system/sepolicy/private/domain.te
+;;* lmx 941 system/sepolicy/private/domain.te
-(neverallow base_typeattr_395 vndservicemanager (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_398 vndservicemanager (binder (impersonate call set_context_mgr transfer)))
;;* lme
-;;* lmx 954 system/sepolicy/private/domain.te
+;;* lmx 958 system/sepolicy/private/domain.te
-(neverallow base_typeattr_396 base_typeattr_397 (socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (tcp_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (udp_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (rawip_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (packet_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (key_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (unix_stream_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (unix_dgram_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_route_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_tcpdiag_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_nflog_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_xfrm_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_selinux_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_audit_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_dnrt_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_kobject_uevent_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (appletalk_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (tun_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_iscsi_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_fib_lookup_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_connector_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_netfilter_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_generic_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_scsitransport_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_rdma_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netlink_crypto_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (sctp_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (icmp_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (ax25_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (ipx_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (netrom_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (atmpvc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (x25_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (rose_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (decnet_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (atmsvc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (rds_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (irda_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (pppox_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (llc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (can_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (tipc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (bluetooth_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (iucv_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (rxrpc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (isdn_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (phonet_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (ieee802154_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (caif_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (alg_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (nfc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (vsock_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (kcm_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (qipcrtr_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (smc_socket (connect sendto)))
-(neverallow base_typeattr_396 base_typeattr_397 (xdp_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (udp_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (packet_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (key_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (tun_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (x25_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (rose_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (rds_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (irda_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (llc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (can_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (caif_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (alg_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (smc_socket (connect sendto)))
+(neverallow base_typeattr_399 base_typeattr_400 (xdp_socket (connect sendto)))
;;* lme
-;;* lmx 954 system/sepolicy/private/domain.te
+;;* lmx 958 system/sepolicy/private/domain.te
-(neverallow base_typeattr_396 base_typeattr_397 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_399 base_typeattr_400 (unix_stream_socket (connectto)))
;;* lme
-;;* lmx 967 system/sepolicy/private/domain.te
+;;* lmx 971 system/sepolicy/private/domain.te
-(neverallow base_typeattr_398 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_398 coredomain_socket (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_398 unlabeled (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_401 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_401 coredomain_socket (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_401 unlabeled (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 981 system/sepolicy/private/domain.te
+;;* lmx 985 system/sepolicy/private/domain.te
-(neverallow base_typeattr_392 base_typeattr_399 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_395 base_typeattr_402 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 997 system/sepolicy/private/domain.te
+;;* lmx 1001 system/sepolicy/private/domain.te
-(neverallow base_typeattr_400 base_typeattr_401 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_403 base_typeattr_404 (sock_file (create setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1021 system/sepolicy/private/domain.te
+;;* lmx 1025 system/sepolicy/private/domain.te
-(neverallow base_typeattr_402 base_typeattr_403 (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_402 base_typeattr_403 (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_402 base_typeattr_403 (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_402 base_typeattr_403 (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_402 base_typeattr_403 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_402 base_typeattr_403 (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_405 base_typeattr_406 (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_405 base_typeattr_406 (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_405 base_typeattr_406 (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_405 base_typeattr_406 (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_405 base_typeattr_406 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_405 base_typeattr_406 (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1036 system/sepolicy/private/domain.te
+;;* lmx 1040 system/sepolicy/private/domain.te
-(neverallow base_typeattr_402 base_typeattr_404 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_405 base_typeattr_407 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1053 system/sepolicy/private/domain.te
+;;* lmx 1057 system/sepolicy/private/domain.te
-(neverallow base_typeattr_405 core_data_file_type (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_405 core_data_file_type (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_405 core_data_file_type (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_405 core_data_file_type (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_405 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_405 core_data_file_type (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_408 core_data_file_type (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_408 core_data_file_type (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_408 core_data_file_type (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_408 core_data_file_type (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_408 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_408 core_data_file_type (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1053 system/sepolicy/private/domain.te
+;;* lmx 1057 system/sepolicy/private/domain.te
-(neverallow base_typeattr_406 base_typeattr_407 (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_406 base_typeattr_407 (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_406 base_typeattr_407 (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_406 base_typeattr_407 (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_406 base_typeattr_407 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_406 base_typeattr_407 (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_409 base_typeattr_410 (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_409 base_typeattr_410 (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_409 base_typeattr_410 (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_409 base_typeattr_410 (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_409 base_typeattr_410 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_409 base_typeattr_410 (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1053 system/sepolicy/private/domain.te
+;;* lmx 1057 system/sepolicy/private/domain.te
(neverallow vendor_init unencrypted_data_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1077 system/sepolicy/private/domain.te
+;;* lmx 1081 system/sepolicy/private/domain.te
-(neverallow base_typeattr_405 base_typeattr_408 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_408 base_typeattr_411 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1077 system/sepolicy/private/domain.te
+;;* lmx 1081 system/sepolicy/private/domain.te
-(neverallow base_typeattr_406 base_typeattr_409 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_409 base_typeattr_412 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1077 system/sepolicy/private/domain.te
+;;* lmx 1081 system/sepolicy/private/domain.te
(neverallow vendor_init unencrypted_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1109 system/sepolicy/private/domain.te
+;;* lmx 1113 system/sepolicy/private/domain.te
-(neverallow base_typeattr_410 system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_413 system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1121 system/sepolicy/private/domain.te
+;;* lmx 1125 system/sepolicy/private/domain.te
-(neverallow base_typeattr_411 vendor_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_414 vendor_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1134 system/sepolicy/private/domain.te
+;;* lmx 1138 system/sepolicy/private/domain.te
-(neverallow base_typeattr_412 vendor_data_file (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_412 vendor_data_file (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_412 vendor_data_file (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_412 vendor_data_file (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_412 vendor_data_file (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_412 vendor_data_file (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_415 vendor_data_file (file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_415 vendor_data_file (lnk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_415 vendor_data_file (chr_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_415 vendor_data_file (blk_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_415 vendor_data_file (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_415 vendor_data_file (fifo_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1145 system/sepolicy/private/domain.te
+;;* lmx 1149 system/sepolicy/private/domain.te
-(neverallow base_typeattr_413 vendor_shell_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_416 vendor_shell_exec (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1156 system/sepolicy/private/domain.te
+;;* lmx 1161 system/sepolicy/private/domain.te
-(neverallow base_typeattr_414 base_typeattr_415 (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_417 base_typeattr_418 (file (execute execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1181 system/sepolicy/private/domain.te
+;;* lmx 1186 system/sepolicy/private/domain.te
-(neverallow coredomain base_typeattr_416 (file (entrypoint)))
+(neverallow coredomain base_typeattr_419 (file (entrypoint)))
;;* lme
-;;* lmx 1181 system/sepolicy/private/domain.te
+;;* lmx 1186 system/sepolicy/private/domain.te
-(neverallow base_typeattr_229 base_typeattr_417 (file (entrypoint)))
+(neverallow base_typeattr_232 base_typeattr_420 (file (entrypoint)))
;;* lme
-;;* lmx 1198 system/sepolicy/private/domain.te
+;;* lmx 1203 system/sepolicy/private/domain.te
-(neverallow base_typeattr_418 base_typeattr_419 (file (execute)))
+(neverallow base_typeattr_421 base_typeattr_422 (file (execute)))
;;* lme
-;;* lmx 1217 system/sepolicy/private/domain.te
+;;* lmx 1223 system/sepolicy/private/domain.te
-(neverallow base_typeattr_420 base_typeattr_421 (file (execute_no_trans)))
+(neverallow base_typeattr_423 base_typeattr_424 (file (execute_no_trans)))
;;* lme
-;;* lmx 1228 system/sepolicy/private/domain.te
+;;* lmx 1235 system/sepolicy/private/domain.te
-(neverallow base_typeattr_414 base_typeattr_422 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-;;* lme
-
-;;* lmx 1268 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_423 zygote (unix_stream_socket (connectto)))
-;;* lme
-
-;;* lmx 1269 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_424 zygote_socket (sock_file (write)))
-;;* lme
-
-;;* lmx 1271 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_425 webview_zygote (unix_stream_socket (connectto)))
-;;* lme
-
-;;* lmx 1272 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_424 webview_zygote (sock_file (write)))
-;;* lme
-
-;;* lmx 1273 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_424 app_zygote (sock_file (write)))
+(neverallow base_typeattr_417 base_typeattr_425 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 1275 system/sepolicy/private/domain.te
-(neverallow domain tombstoned_crash_socket (unix_stream_socket (connectto)))
+(neverallow base_typeattr_426 zygote (unix_stream_socket (connectto)))
+;;* lme
+
+;;* lmx 1276 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_427 zygote_socket (sock_file (write)))
+;;* lme
+
+;;* lmx 1278 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_428 webview_zygote (unix_stream_socket (connectto)))
;;* lme
;;* lmx 1279 system/sepolicy/private/domain.te
-(neverallow base_typeattr_426 tombstoned_intercept_socket (sock_file (write)))
+(neverallow base_typeattr_427 webview_zygote (sock_file (write)))
;;* lme
;;* lmx 1280 system/sepolicy/private/domain.te
-(neverallow base_typeattr_426 tombstoned_intercept_socket (unix_stream_socket (connectto)))
+(neverallow base_typeattr_427 app_zygote (sock_file (write)))
;;* lme
-;;* lmx 1283 system/sepolicy/private/domain.te
+;;* lmx 1282 system/sepolicy/private/domain.te
-(neverallow base_typeattr_427 heapdump_data_file (file (read)))
+(neverallow domain tombstoned_crash_socket (unix_stream_socket (connectto)))
;;* lme
-;;* lmx 1301 system/sepolicy/private/domain.te
+;;* lmx 1286 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 base_typeattr_236 (sem (create destroy getattr setattr read write associate unix_read unix_write)))
-(neverallow base_typeattr_236 base_typeattr_236 (msg (send receive)))
-(neverallow base_typeattr_236 base_typeattr_236 (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
-(neverallow base_typeattr_236 base_typeattr_236 (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
+(neverallow base_typeattr_429 tombstoned_intercept_socket (sock_file (write)))
;;* lme
-;;* lmx 1305 system/sepolicy/private/domain.te
+;;* lmx 1287 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 dev_type (lnk_file (mounton)))
-(neverallow base_typeattr_236 dev_type (sock_file (mounton)))
-(neverallow base_typeattr_236 dev_type (fifo_file (mounton)))
-(neverallow base_typeattr_236 fs_type (lnk_file (mounton)))
-(neverallow base_typeattr_236 fs_type (sock_file (mounton)))
-(neverallow base_typeattr_236 fs_type (fifo_file (mounton)))
-(neverallow base_typeattr_236 file_type (lnk_file (mounton)))
-(neverallow base_typeattr_236 file_type (sock_file (mounton)))
-(neverallow base_typeattr_236 file_type (fifo_file (mounton)))
+(neverallow base_typeattr_429 tombstoned_intercept_socket (unix_stream_socket (connectto)))
;;* lme
-;;* lmx 1310 system/sepolicy/private/domain.te
+;;* lmx 1290 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_430 heapdump_data_file (file (read)))
+;;* lme
+
+;;* lmx 1308 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_239 base_typeattr_239 (sem (create destroy getattr setattr read write associate unix_read unix_write)))
+(neverallow base_typeattr_239 base_typeattr_239 (msg (send receive)))
+(neverallow base_typeattr_239 base_typeattr_239 (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
+(neverallow base_typeattr_239 base_typeattr_239 (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
+;;* lme
+
+;;* lmx 1315 system/sepolicy/private/domain.te
+
+(neverallow domain dev_type (lnk_file (mounton)))
+(neverallow domain dev_type (sock_file (mounton)))
+(neverallow domain dev_type (fifo_file (mounton)))
+(neverallow domain fs_type (lnk_file (mounton)))
+(neverallow domain fs_type (sock_file (mounton)))
+(neverallow domain fs_type (fifo_file (mounton)))
+(neverallow domain file_type (lnk_file (mounton)))
+(neverallow domain file_type (sock_file (mounton)))
+(neverallow domain file_type (fifo_file (mounton)))
+;;* lme
+
+;;* lmx 1320 system/sepolicy/private/domain.te
(neverallow domain su_exec (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1322 system/sepolicy/private/domain.te
+;;* lmx 1335 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 base_typeattr_428 (file (execmod)))
+(neverallow domain base_typeattr_431 (file (execmod)))
;;* lme
-;;* lmx 1327 system/sepolicy/private/domain.te
+;;* lmx 1340 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 self (process (execstack execheap)))
+(neverallow base_typeattr_239 self (process (execstack execheap)))
;;* lme
-;;* lmx 1331 system/sepolicy/private/domain.te
+;;* lmx 1349 system/sepolicy/private/domain.te
-(neverallow base_typeattr_429 file_type (file (execmod)))
+(neverallow base_typeattr_432 file_type (file (execmod)))
;;* lme
-;;* lmx 1339 system/sepolicy/private/domain.te
+;;* lmx 1357 system/sepolicy/private/domain.te
-(neverallow base_typeattr_430 domain (process (transition dyntransition)))
+(neverallow base_typeattr_433 domain (process (transition dyntransition)))
;;* lme
-;;* lmx 1358 system/sepolicy/private/domain.te
+;;* lmx 1376 system/sepolicy/private/domain.te
-(neverallow base_typeattr_431 system_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_434 system_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1361 system/sepolicy/private/domain.te
+;;* lmx 1379 system/sepolicy/private/domain.te
(neverallow installd system_data_file (file (write create setattr relabelto append link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1374 system/sepolicy/private/domain.te
+;;* lmx 1392 system/sepolicy/private/domain.te
-(neverallow base_typeattr_432 shell (process (transition dyntransition)))
+(neverallow base_typeattr_435 shell (process (transition dyntransition)))
;;* lme
-;;* lmx 1388 system/sepolicy/private/domain.te
+;;* lmx 1406 system/sepolicy/private/domain.te
-(neverallow base_typeattr_433 base_typeattr_434 (process (transition dyntransition)))
+(neverallow base_typeattr_436 base_typeattr_437 (process (transition dyntransition)))
;;* lme
-;;* lmx 1397 system/sepolicy/private/domain.te
+;;* lmx 1415 system/sepolicy/private/domain.te
-(neverallow base_typeattr_435 app_data_file (lnk_file (read)))
-(neverallow base_typeattr_435 privapp_data_file (lnk_file (read)))
+(neverallow base_typeattr_438 app_data_file (lnk_file (read)))
+(neverallow base_typeattr_438 privapp_data_file (lnk_file (read)))
;;* lme
-;;* lmx 1404 system/sepolicy/private/domain.te
+;;* lmx 1422 system/sepolicy/private/domain.te
-(neverallow base_typeattr_436 shell_data_file (lnk_file (read)))
+(neverallow base_typeattr_439 shell_data_file (lnk_file (read)))
;;* lme
-;;* lmx 1411 system/sepolicy/private/domain.te
+;;* lmx 1429 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 base_typeattr_437 (service_manager (list)))
+(neverallow base_typeattr_239 base_typeattr_440 (service_manager (list)))
;;* lme
-;;* lmx 1416 system/sepolicy/private/domain.te
+;;* lmx 1434 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 base_typeattr_438 (hwservice_manager (list)))
+(neverallow base_typeattr_239 base_typeattr_441 (hwservice_manager (list)))
;;* lme
-;;* lmx 1435 system/sepolicy/private/domain.te
+;;* lmx 1453 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 domain (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_239 domain (file (execute execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1441 system/sepolicy/private/domain.te
+;;* lmx 1459 system/sepolicy/private/domain.te
-(neverallow base_typeattr_380 debugfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_380 debugfs (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lme
-
-;;* lmx 1444 system/sepolicy/private/domain.te
-
-(neverallow domain debugfs_type (file (execute execute_no_trans)))
-;;* lme
-
-;;* lmx 1447 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_439 fusectlfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lme
-
-;;* lmx 1456 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_440 profman_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_383 debugfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_383 debugfs (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 1462 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 base_typeattr_441 (system (module_load)))
+(neverallow domain debugfs_type (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1466 system/sepolicy/private/domain.te
+;;* lmx 1465 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 self (capability (setfcap)))
-(neverallow base_typeattr_236 self (cap_userns (setfcap)))
+(neverallow base_typeattr_442 fusectlfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1469 system/sepolicy/private/domain.te
+;;* lmx 1475 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_443 profman_exec (file (execute execute_no_trans)))
+;;* lme
+
+;;* lmx 1481 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_239 base_typeattr_444 (system (module_load)))
+;;* lme
+
+;;* lmx 1485 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_239 self (capability (setfcap)))
+(neverallow base_typeattr_239 self (cap_userns (setfcap)))
+;;* lme
+
+;;* lmx 1488 system/sepolicy/private/domain.te
(neverallow domain crash_dump (process (noatsecure)))
;;* lme
-;;* lmx 1473 system/sepolicy/private/domain.te
+;;* lmx 1492 system/sepolicy/private/domain.te
-(neverallow base_typeattr_442 coredomain_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_445 coredomain_hwservice (hwservice_manager (add)))
;;* lme
-;;* lmx 1478 system/sepolicy/private/domain.te
+;;* lmx 1497 system/sepolicy/private/domain.te
-(neverallow base_typeattr_236 same_process_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_239 same_process_hwservice (hwservice_manager (add)))
;;* lme
-;;* lmx 1489 system/sepolicy/private/domain.te
+;;* lmx 1508 system/sepolicy/private/domain.te
(neverallow domain proc_type (dir (write create link rename add_name remove_name reparent rmdir)))
(neverallow domain sysfs_type (dir (write create link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1492 system/sepolicy/private/domain.te
+;;* lmx 1511 system/sepolicy/private/domain.te
(neverallow domain cgroup (file (create)))
;;* lme
-;;* lmx 1493 system/sepolicy/private/domain.te
+;;* lmx 1512 system/sepolicy/private/domain.te
(neverallow domain cgroup_v2 (file (create)))
;;* lme
@@ -15152,454 +15202,454 @@
(dontaudit domain sysfs_type (dir (write)))
(dontaudit domain cgroup (file (create)))
(dontaudit domain cgroup_v2 (file (create)))
-;;* lmx 1516 system/sepolicy/private/domain.te
+;;* lmx 1535 system/sepolicy/private/domain.te
-(neverallow base_typeattr_443 mnt_vendor_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_446 mnt_vendor_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1519 system/sepolicy/private/domain.te
+;;* lmx 1538 system/sepolicy/private/domain.te
-(neverallow base_typeattr_444 vendor_public_lib_file (file (execute execute_no_trans)))
-(neverallow base_typeattr_444 vendor_public_framework_file (file (execute execute_no_trans)))
+(neverallow base_typeattr_447 vendor_public_lib_file (file (execute execute_no_trans)))
+(neverallow base_typeattr_447 vendor_public_framework_file (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1530 system/sepolicy/private/domain.te
+;;* lmx 1550 system/sepolicy/private/domain.te
-(neverallow base_typeattr_229 mnt_product_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_232 mnt_product_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1533 system/sepolicy/private/domain.te
+;;* lmx 1553 system/sepolicy/private/domain.te
-(neverallow base_typeattr_445 sysfs_batteryinfo (file (read open)))
+(neverallow base_typeattr_448 sysfs_batteryinfo (file (read open)))
;;* lme
-;;* lmx 1556 system/sepolicy/private/domain.te
+;;* lmx 1576 system/sepolicy/private/domain.te
-(neverallow base_typeattr_446 hal_codec2_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_449 hal_codec2_hwservice (hwservice_manager (add)))
;;* lme
-;;* lmx 1565 system/sepolicy/private/domain.te
+;;* lmx 1585 system/sepolicy/private/domain.te
-(neverallow base_typeattr_447 ashmem_device (chr_file (open)))
+(neverallow base_typeattr_450 ashmem_device (chr_file (open)))
;;* lme
-;;* lmx 1567 system/sepolicy/private/domain.te
+;;* lmx 1587 system/sepolicy/private/domain.te
-(neverallow base_typeattr_448 debugfs_tracing_printk_formats (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_451 debugfs_tracing_printk_formats (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1589 system/sepolicy/private/domain.te
+;;* lmx 1609 system/sepolicy/private/domain.te
-(neverallow base_typeattr_449 misc_block_device (blk_file (ioctl read write lock relabelfrom append link rename open)))
+(neverallow base_typeattr_452 misc_block_device (blk_file (ioctl read write lock relabelfrom append link rename open)))
;;* lme
-;;* lmx 1603 system/sepolicy/private/domain.te
+;;* lmx 1623 system/sepolicy/private/domain.te
-(neverallow base_typeattr_450 self (capability (sys_ptrace)))
-(neverallow base_typeattr_450 self (cap_userns (sys_ptrace)))
+(neverallow base_typeattr_453 self (capability (sys_ptrace)))
+(neverallow base_typeattr_453 self (cap_userns (sys_ptrace)))
;;* lme
-;;* lmx 1606 system/sepolicy/private/domain.te
+;;* lmx 1626 system/sepolicy/private/domain.te
-(neverallow base_typeattr_451 base_typeattr_236 (keystore2_key (gen_unique_id)))
+(neverallow base_typeattr_454 base_typeattr_239 (keystore2_key (gen_unique_id)))
;;* lme
-;;* lmx 1607 system/sepolicy/private/domain.te
+;;* lmx 1627 system/sepolicy/private/domain.te
-(neverallow base_typeattr_424 base_typeattr_236 (keystore2_key (use_dev_id)))
+(neverallow base_typeattr_427 base_typeattr_239 (keystore2_key (use_dev_id)))
;;* lme
-;;* lmx 1608 system/sepolicy/private/domain.te
+;;* lmx 1628 system/sepolicy/private/domain.te
-(neverallow base_typeattr_424 keystore (keystore2 (clear_ns lock reset unlock)))
+(neverallow base_typeattr_427 keystore (keystore2 (clear_ns lock reset unlock)))
;;* lme
-;;* lmx 1615 system/sepolicy/private/domain.te
+;;* lmx 1635 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 debugfs_tracing_debug (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_233 debugfs_tracing_debug (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1624 system/sepolicy/private/domain.te
+;;* lmx 1644 system/sepolicy/private/domain.te
-(neverallow base_typeattr_427 dropbox_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_430 dropbox_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1630 system/sepolicy/private/domain.te
+;;* lmx 1650 system/sepolicy/private/domain.te
-(neverallow base_typeattr_427 dropbox_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_430 dropbox_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1643 system/sepolicy/private/domain.te
+;;* lmx 1663 system/sepolicy/private/domain.te
-(neverallow base_typeattr_435 app_data_file (file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (dir (create unlink)))
-(neverallow base_typeattr_435 app_data_file (lnk_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (chr_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (blk_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (sock_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (fifo_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (dir (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (lnk_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (chr_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (blk_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (sock_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (fifo_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (dir (create unlink)))
+(neverallow base_typeattr_438 app_data_file (lnk_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (chr_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (blk_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (sock_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (fifo_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (dir (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (lnk_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (chr_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (blk_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (sock_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (fifo_file (create unlink)))
;;* lme
-;;* lmx 1672 system/sepolicy/private/domain.te
+;;* lmx 1692 system/sepolicy/private/domain.te
-(neverallow base_typeattr_452 app_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_452 privapp_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_455 app_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_455 privapp_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1713 system/sepolicy/private/domain.te
+;;* lmx 1733 system/sepolicy/private/domain.te
-(neverallow base_typeattr_453 app_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_453 privapp_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_456 app_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_456 privapp_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1737 system/sepolicy/private/domain.te
+;;* lmx 1757 system/sepolicy/private/domain.te
-(neverallow base_typeattr_454 app_data_file (file (open)))
-(neverallow base_typeattr_454 app_data_file (lnk_file (open)))
-(neverallow base_typeattr_454 app_data_file (chr_file (open)))
-(neverallow base_typeattr_454 app_data_file (blk_file (open)))
-(neverallow base_typeattr_454 app_data_file (sock_file (open)))
-(neverallow base_typeattr_454 app_data_file (fifo_file (open)))
-(neverallow base_typeattr_454 privapp_data_file (file (open)))
-(neverallow base_typeattr_454 privapp_data_file (lnk_file (open)))
-(neverallow base_typeattr_454 privapp_data_file (chr_file (open)))
-(neverallow base_typeattr_454 privapp_data_file (blk_file (open)))
-(neverallow base_typeattr_454 privapp_data_file (sock_file (open)))
-(neverallow base_typeattr_454 privapp_data_file (fifo_file (open)))
+(neverallow base_typeattr_457 app_data_file (file (open)))
+(neverallow base_typeattr_457 app_data_file (lnk_file (open)))
+(neverallow base_typeattr_457 app_data_file (chr_file (open)))
+(neverallow base_typeattr_457 app_data_file (blk_file (open)))
+(neverallow base_typeattr_457 app_data_file (sock_file (open)))
+(neverallow base_typeattr_457 app_data_file (fifo_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (file (open)))
+(neverallow base_typeattr_457 privapp_data_file (lnk_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (chr_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (blk_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (sock_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (fifo_file (open)))
;;* lme
-;;* lmx 1748 system/sepolicy/private/domain.te
+;;* lmx 1768 system/sepolicy/private/domain.te
-(neverallow base_typeattr_435 app_data_file (file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (dir (create unlink)))
-(neverallow base_typeattr_435 app_data_file (lnk_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (chr_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (blk_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (sock_file (create unlink)))
-(neverallow base_typeattr_435 app_data_file (fifo_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (dir (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (lnk_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (chr_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (blk_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (sock_file (create unlink)))
-(neverallow base_typeattr_435 privapp_data_file (fifo_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (dir (create unlink)))
+(neverallow base_typeattr_438 app_data_file (lnk_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (chr_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (blk_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (sock_file (create unlink)))
+(neverallow base_typeattr_438 app_data_file (fifo_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (dir (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (lnk_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (chr_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (blk_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (sock_file (create unlink)))
+(neverallow base_typeattr_438 privapp_data_file (fifo_file (create unlink)))
;;* lme
-;;* lmx 1758 system/sepolicy/private/domain.te
+;;* lmx 1778 system/sepolicy/private/domain.te
-(neverallow base_typeattr_455 app_data_file (file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 app_data_file (dir (relabelfrom relabelto)))
-(neverallow base_typeattr_455 app_data_file (lnk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 app_data_file (chr_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 app_data_file (blk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 app_data_file (sock_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 app_data_file (fifo_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (dir (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (lnk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (chr_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (blk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (sock_file (relabelfrom relabelto)))
-(neverallow base_typeattr_455 privapp_data_file (fifo_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (dir (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (lnk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (chr_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (blk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (sock_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (fifo_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (dir (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (lnk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (chr_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (blk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (sock_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (fifo_file (relabelfrom relabelto)))
;;* lme
-;;* lmx 1783 system/sepolicy/private/domain.te
+;;* lmx 1803 system/sepolicy/private/domain.te
-(neverallow base_typeattr_456 staging_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_459 staging_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1798 system/sepolicy/private/domain.te
+;;* lmx 1818 system/sepolicy/private/domain.te
-(neverallow base_typeattr_457 staging_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_460 staging_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 1800 system/sepolicy/private/domain.te
+;;* lmx 1820 system/sepolicy/private/domain.te
-(neverallow base_typeattr_458 staging_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_461 staging_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1805 system/sepolicy/private/domain.te
+;;* lmx 1825 system/sepolicy/private/domain.te
-(neverallow base_typeattr_459 staging_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_462 staging_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
-;;* lmx 1809 system/sepolicy/private/domain.te
+;;* lmx 1829 system/sepolicy/private/domain.te
(neverallow apexd staging_data_file (file (write create setattr relabelfrom append execute execute_no_trans)))
;;* lme
-;;* lmx 1816 system/sepolicy/private/domain.te
+;;* lmx 1836 system/sepolicy/private/domain.te
-(neverallow base_typeattr_460 base_typeattr_461 (file (execute)))
+(neverallow base_typeattr_463 base_typeattr_464 (file (execute)))
;;* lme
-;;* lmx 1846 system/sepolicy/private/domain.te
+;;* lmx 1867 system/sepolicy/private/domain.te
-(neverallow base_typeattr_462 base_typeattr_463 (file (execute)))
+(neverallow base_typeattr_465 base_typeattr_466 (file (execute)))
;;* lme
-;;* lmx 1853 system/sepolicy/private/domain.te
+;;* lmx 1874 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 cgroup_rc_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_233 cgroup_rc_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1866 system/sepolicy/private/domain.te
+;;* lmx 1887 system/sepolicy/private/domain.te
-(neverallow base_typeattr_464 dalvikcache_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_467 dalvikcache_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1878 system/sepolicy/private/domain.te
+;;* lmx 1899 system/sepolicy/private/domain.te
-(neverallow base_typeattr_464 dalvikcache_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_467 dalvikcache_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1893 system/sepolicy/private/domain.te
+;;* lmx 1914 system/sepolicy/private/domain.te
-(neverallow base_typeattr_465 apex_art_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_468 apex_art_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1906 system/sepolicy/private/domain.te
+;;* lmx 1927 system/sepolicy/private/domain.te
-(neverallow base_typeattr_465 apex_art_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_468 apex_art_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1918 system/sepolicy/private/domain.te
+;;* lmx 1940 system/sepolicy/private/domain.te
-(neverallow base_typeattr_260 base_typeattr_268 (file (execute execute_no_trans)))
+(neverallow base_typeattr_263 base_typeattr_271 (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1946 system/sepolicy/private/domain.te
+;;* lmx 1969 system/sepolicy/private/domain.te
-(neverallow base_typeattr_466 self (capability (dac_override)))
-(neverallow base_typeattr_466 self (cap_userns (dac_override)))
+(neverallow base_typeattr_469 self (capability (dac_override)))
+(neverallow base_typeattr_469 self (cap_userns (dac_override)))
;;* lme
-;;* lmx 1956 system/sepolicy/private/domain.te
+;;* lmx 1979 system/sepolicy/private/domain.te
-(neverallow base_typeattr_467 self (capability (dac_read_search)))
-(neverallow base_typeattr_467 self (cap_userns (dac_read_search)))
+(neverallow base_typeattr_470 self (capability (dac_read_search)))
+(neverallow base_typeattr_470 self (cap_userns (dac_read_search)))
;;* lme
-;;* lmx 1976 system/sepolicy/private/domain.te
+;;* lmx 2000 system/sepolicy/private/domain.te
-(neverallow base_typeattr_468 base_typeattr_469 (filesystem (mount remount relabelfrom relabelto)))
+(neverallow base_typeattr_471 base_typeattr_472 (filesystem (mount remount relabelfrom relabelto)))
;;* lme
-;;* lmx 1978 system/sepolicy/private/domain.te
+;;* lmx 2002 system/sepolicy/private/domain.te
-(neverallow domain base_typeattr_470 (filesystem (mount remount relabelfrom relabelto)))
-;;* lme
-
-;;* lmx 1997 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_471 self (capability (sys_rawio)))
-(neverallow base_typeattr_471 self (cap_userns (sys_rawio)))
-;;* lme
-
-;;* lmx 2006 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_472 mirror_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-;;* lme
-
-;;* lmx 2009 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_385 net_dns_prop (property_service (set)))
-;;* lme
-
-;;* lmx 2010 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_371 net_dns_prop (file (read)))
-;;* lme
-
-;;* lmx 2013 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_427 pm_prop (property_service (set)))
-;;* lme
-
-;;* lmx 2014 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_229 pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lme
-
-;;* lmx 2017 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_473 firstboot_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow domain base_typeattr_473 (filesystem (mount remount relabelfrom relabelto)))
;;* lme
;;* lmx 2021 system/sepolicy/private/domain.te
-(neverallow base_typeattr_474 dalvik_config_prop (property_service (set)))
+(neverallow base_typeattr_474 self (capability (sys_rawio)))
+(neverallow base_typeattr_474 self (cap_userns (sys_rawio)))
;;* lme
-;;* lmx 2024 system/sepolicy/private/domain.te
+;;* lmx 2030 system/sepolicy/private/domain.te
-(neverallow base_typeattr_230 debugfs_kprobes (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_475 mirror_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 2028 system/sepolicy/private/domain.te
+;;* lmx 2033 system/sepolicy/private/domain.te
-(neverallow base_typeattr_475 vendor_file (file (write create setattr relabelfrom append unlink link rename execute open execute_no_trans)))
+(neverallow base_typeattr_388 net_dns_prop (property_service (set)))
+;;* lme
+
+;;* lmx 2034 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_374 net_dns_prop (file (read)))
+;;* lme
+
+;;* lmx 2037 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_430 pm_prop (property_service (set)))
+;;* lme
+
+;;* lmx 2038 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_232 pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+;;* lme
+
+;;* lmx 2041 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_476 firstboot_prop (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
;;* lmx 2045 system/sepolicy/private/domain.te
-(neverallow base_typeattr_476 base_typeattr_477 (socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (tcp_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (udp_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (rawip_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (packet_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (key_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (unix_stream_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (unix_dgram_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_route_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_tcpdiag_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_nflog_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_xfrm_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_selinux_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_audit_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_dnrt_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_kobject_uevent_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (appletalk_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (tun_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_iscsi_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_fib_lookup_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_connector_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_netfilter_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_generic_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_scsitransport_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_rdma_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netlink_crypto_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (sctp_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (icmp_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (ax25_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (ipx_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (netrom_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (atmpvc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (x25_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (rose_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (decnet_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (atmsvc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (rds_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (irda_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (pppox_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (llc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (can_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (tipc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (bluetooth_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (iucv_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (rxrpc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (isdn_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (phonet_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (ieee802154_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (caif_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (alg_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (nfc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (vsock_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (kcm_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (qipcrtr_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (smc_socket (connect sendto)))
-(neverallow base_typeattr_476 base_typeattr_477 (xdp_socket (connect sendto)))
+(neverallow base_typeattr_477 dalvik_config_prop (property_service (set)))
;;* lme
-;;* lmx 2045 system/sepolicy/private/domain.te
+;;* lmx 2048 system/sepolicy/private/domain.te
-(neverallow base_typeattr_476 base_typeattr_477 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_233 debugfs_kprobes (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 2066 system/sepolicy/private/domain.te
+;;* lmx 2052 system/sepolicy/private/domain.te
-(neverallow base_typeattr_478 base_typeattr_479 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_478 vendor_file (file (write create setattr relabelfrom append unlink link rename execute open execute_no_trans)))
;;* lme
-;;* lmx 2113 system/sepolicy/private/domain.te
+;;* lmx 2070 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_479 base_typeattr_480 (socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (udp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (packet_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (key_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (tun_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (x25_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rose_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rds_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (irda_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (llc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (can_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (caif_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (alg_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (smc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (xdp_socket (connect sendto)))
+;;* lme
+
+;;* lmx 2070 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_479 base_typeattr_480 (unix_stream_socket (connectto)))
+;;* lme
+
+;;* lmx 2091 system/sepolicy/private/domain.te
+
+(neverallow base_typeattr_481 base_typeattr_482 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+;;* lme
+
+;;* lmx 2139 system/sepolicy/private/domain.te
(neverallow domain mlsvendorcompat (process (fork)))
;;* lme
-;;* lmx 2117 system/sepolicy/private/domain.te
+;;* lmx 2152 system/sepolicy/private/domain.te
-(neverallow base_typeattr_480 system_file_type (file (mounton)))
-(neverallow base_typeattr_480 system_file_type (dir (mounton)))
-(neverallow base_typeattr_480 system_file_type (lnk_file (mounton)))
-(neverallow base_typeattr_480 system_file_type (chr_file (mounton)))
-(neverallow base_typeattr_480 system_file_type (blk_file (mounton)))
-(neverallow base_typeattr_480 system_file_type (sock_file (mounton)))
-(neverallow base_typeattr_480 system_file_type (fifo_file (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (file (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (dir (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (lnk_file (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (chr_file (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (blk_file (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (sock_file (mounton)))
-(neverallow base_typeattr_480 vendor_file_type (fifo_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (file (mounton)))
+(neverallow base_typeattr_483 system_file_type (dir (mounton)))
+(neverallow base_typeattr_483 system_file_type (lnk_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (chr_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (blk_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (sock_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (fifo_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (dir (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (lnk_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (chr_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (blk_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (sock_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (fifo_file (mounton)))
;;* lme
-;;* lmx 2126 system/sepolicy/private/domain.te
+;;* lmx 2161 system/sepolicy/private/domain.te
-(neverallow base_typeattr_380 mm_events_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_383 mm_events_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 2145 system/sepolicy/private/domain.te
+;;* lmx 2180 system/sepolicy/private/domain.te
-(neverallow base_typeattr_481 proc_kallsyms (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_484 proc_kallsyms (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 2151 system/sepolicy/private/domain.te
+;;* lmx 2186 system/sepolicy/private/domain.te
-(neverallow base_typeattr_482 base_typeattr_483 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_485 base_typeattr_486 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 2167 system/sepolicy/private/domain.te
+;;* lmx 2202 system/sepolicy/private/domain.te
-(neverallow base_typeattr_484 sysfs_devices_cs_etm (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_487 sysfs_devices_cs_etm (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 2177 system/sepolicy/private/domain.te
+;;* lmx 2212 system/sepolicy/private/domain.te
-(neverallow base_typeattr_485 self (capability2 (perfmon)))
+(neverallow base_typeattr_488 self (capability2 (perfmon)))
;;* lme
-;;* lmx 2197 system/sepolicy/private/domain.te
+;;* lmx 2232 system/sepolicy/private/domain.te
-(neverallow base_typeattr_486 shell_data_file (file (open)))
+(neverallow base_typeattr_489 shell_data_file (file (open)))
;;* lme
-;;* lmx 2215 system/sepolicy/private/domain.te
+;;* lmx 2250 system/sepolicy/private/domain.te
-(neverallow base_typeattr_487 shell_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_490 shell_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 2228 system/sepolicy/private/domain.te
+;;* lmx 2263 system/sepolicy/private/domain.te
-(neverallow base_typeattr_488 shell_data_file (dir (open)))
+(neverallow base_typeattr_491 shell_data_file (dir (open)))
;;* lme
-;;* lmx 2243 system/sepolicy/private/domain.te
+;;* lmx 2278 system/sepolicy/private/domain.te
-(neverallow base_typeattr_488 shell_data_file (dir (search)))
+(neverallow base_typeattr_491 shell_data_file (dir (search)))
;;* lme
-;;* lmx 2255 system/sepolicy/private/domain.te
+;;* lmx 2290 system/sepolicy/private/domain.te
-(neverallow base_typeattr_489 system_app_data_file (file (create unlink open)))
-(neverallow base_typeattr_489 system_app_data_file (dir (create unlink open)))
-(neverallow base_typeattr_489 system_app_data_file (lnk_file (create unlink open)))
-(neverallow base_typeattr_489 system_app_data_file (chr_file (create unlink open)))
-(neverallow base_typeattr_489 system_app_data_file (blk_file (create unlink open)))
-(neverallow base_typeattr_489 system_app_data_file (sock_file (create unlink open)))
-(neverallow base_typeattr_489 system_app_data_file (fifo_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (dir (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (lnk_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (chr_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (blk_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (sock_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (fifo_file (create unlink open)))
;;* lme
-;;* lmx 2262 system/sepolicy/private/domain.te
+;;* lmx 2297 system/sepolicy/private/domain.te
(neverallow untrusted_app_all system_app_data_file (file (create unlink open)))
(neverallow untrusted_app_all system_app_data_file (dir (create unlink open)))
@@ -15638,42 +15688,42 @@
(neverallow sdk_sandbox_all system_app_data_file (fifo_file (create unlink open)))
;;* lme
-;;* lmx 2264 system/sepolicy/private/domain.te
+;;* lmx 2299 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 mtectrl (process (transition dyntransition)))
+(neverallow base_typeattr_238 mtectrl (process (transition dyntransition)))
;;* lme
-;;* lmx 2265 system/sepolicy/private/domain.te
+;;* lmx 2300 system/sepolicy/private/domain.te
-(neverallow base_typeattr_235 kcmdlinectrl (process (transition dyntransition)))
+(neverallow base_typeattr_238 kcmdlinectrl (process (transition dyntransition)))
;;* lme
-;;* lmx 2268 system/sepolicy/private/domain.te
+;;* lmx 2303 system/sepolicy/private/domain.te
-(neverallow base_typeattr_490 checkin_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_490 checkin_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_493 checkin_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_493 checkin_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 2270 system/sepolicy/private/domain.te
+;;* lmx 2305 system/sepolicy/private/domain.te
-(neverallow base_typeattr_491 proc (file (mounton)))
-(neverallow base_typeattr_491 proc (dir (mounton)))
+(neverallow base_typeattr_494 proc (file (mounton)))
+(neverallow base_typeattr_494 proc (dir (mounton)))
;;* lme
-;;* lmx 2271 system/sepolicy/private/domain.te
+;;* lmx 2306 system/sepolicy/private/domain.te
-(neverallow base_typeattr_492 proc_type (file (mounton)))
-(neverallow base_typeattr_492 proc_type (dir (mounton)))
+(neverallow base_typeattr_495 proc_type (file (mounton)))
+(neverallow base_typeattr_495 proc_type (dir (mounton)))
;;* lme
-;;* lmx 2275 system/sepolicy/private/domain.te
+;;* lmx 2310 system/sepolicy/private/domain.te
-(neverallow base_typeattr_493 sysfs_pgsize_migration (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_496 sysfs_pgsize_migration (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 2278 system/sepolicy/private/domain.te
+;;* lmx 2315 system/sepolicy/private/domain.te
-(neverallow domain base_typeattr_236 (vsock_socket (relabelfrom relabelto)))
+(neverallow base_typeattr_497 base_typeattr_239 (vsock_socket (create bind connect accept)))
;;* lme
(allow init drmserver_exec (file (read getattr map execute open)))
@@ -15728,7 +15778,7 @@
(allow drmserver drmserver_service (service_manager (add find)))
;;* lmx 61 system/sepolicy/private/drmserver.te
-(neverallow base_typeattr_494 drmserver_service (service_manager (add)))
+(neverallow base_typeattr_498 drmserver_service (service_manager (add)))
;;* lme
(allow drmserver permission_service (service_manager (find)))
@@ -16120,14 +16170,14 @@
(allow dumpstate prereboot_data_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow dumpstate app_fuse_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow dumpstate overlayfs_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow dumpstate base_typeattr_495 (service_manager (find)))
+(allow dumpstate base_typeattr_499 (service_manager (find)))
(dontaudit dumpstate hal_service_type (service_manager (find)))
(dontaudit dumpstate apex_service (service_manager (find)))
(dontaudit dumpstate dumpstate_service (service_manager (find)))
+(dontaudit dumpstate fwk_vold_service (service_manager (find)))
(dontaudit dumpstate gatekeeper_service (service_manager (find)))
(dontaudit dumpstate virtual_touchpad_service (service_manager (find)))
(dontaudit dumpstate vold_service (service_manager (find)))
-(dontaudit dumpstate fwk_vold_service (service_manager (find)))
(dontaudit dumpstate hwservice_manager_type (hwservice_manager (find)))
(allow dumpstate servicemanager (service_manager (list)))
(allow dumpstate hwservicemanager (hwservice_manager (list)))
@@ -16139,7 +16189,7 @@
(allow dumpstate dumpstate_service (service_manager (add find)))
;;* lmx 499 system/sepolicy/private/dumpstate.te
-(neverallow base_typeattr_496 dumpstate_service (service_manager (add)))
+(neverallow base_typeattr_500 dumpstate_service (service_manager (add)))
;;* lme
(allow dumpstate ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
@@ -16357,22 +16407,22 @@
(allow dumpstate shutdown_checkpoints_system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 577 system/sepolicy/private/dumpstate.te
-(neverallow dumpstate base_typeattr_236 (process (ptrace)))
+(neverallow dumpstate base_typeattr_239 (process (ptrace)))
;;* lme
;;* lmx 586 system/sepolicy/private/dumpstate.te
-(neverallow base_typeattr_497 dumpstate_service (service_manager (find)))
+(neverallow base_typeattr_501 dumpstate_service (service_manager (find)))
;;* lme
;;* lmx 596 system/sepolicy/private/dumpstate.te
-(neverallow base_typeattr_498 apex_uwb_data_file (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_502 apex_uwb_data_file (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 604 system/sepolicy/private/dumpstate.te
-(neverallow base_typeattr_498 apex_uwb_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_502 apex_uwb_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow e2fs devpts (chr_file (ioctl read write getattr)))
@@ -16435,17 +16485,17 @@
(allow early_virtmgr kmsg_debug_device (chr_file (write lock append map open)))
;;* lmx 1 system/sepolicy/private/early_virtmgr.te
-(neverallow base_typeattr_499 vm_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_503 vm_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 1 system/sepolicy/private/early_virtmgr.te
-(neverallow base_typeattr_500 vm_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_504 vm_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 1 system/sepolicy/private/early_virtmgr.te
-(neverallow base_typeattr_501 early_virtmgr (vsock_socket (create bind connect listen accept)))
+(neverallow base_typeattr_505 early_virtmgr (vsock_socket (create bind connect listen accept)))
;;* lme
(typetransition ephemeral_app tmpfs file appdomain_tmpfs)
@@ -16453,23 +16503,23 @@
(dontaudit su ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
-(neverallow base_typeattr_502 ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_506 ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow ephemeral_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
-(neverallow base_typeattr_503 base_typeattr_502 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_507 base_typeattr_506 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
-(neverallow base_typeattr_504 ephemeral_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_508 ephemeral_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 17 system/sepolicy/private/ephemeral_app.te
-(neverallow base_typeattr_505 ephemeral_app (process (ptrace)))
+(neverallow base_typeattr_509 ephemeral_app (process (ptrace)))
;;* lme
(allow ephemeral_app sdcard_type (file (ioctl read write getattr lock append)))
@@ -16560,7 +16610,7 @@
(allow evsmanagerd evsmanagerd_service (service_manager (add find)))
;;* lmx 13 system/sepolicy/private/evsmanagerd.te
-(neverallow base_typeattr_506 evsmanagerd_service (service_manager (add)))
+(neverallow base_typeattr_510 evsmanagerd_service (service_manager (add)))
;;* lme
(allow evsmanagerd servicemanager (binder (call transfer)))
@@ -16598,7 +16648,7 @@
(allow fastbootd self (io_uring (sqpoll)))
;;* lmx 170 system/sepolicy/private/fastbootd.te
-(neverallow base_typeattr_507 fastbootd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_511 fastbootd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit fastbootd self (capability (ipc_lock)))
@@ -16623,7 +16673,7 @@
(allow app_fuse_file app_fusefs (filesystem (associate)))
(allow postinstall_file self (filesystem (associate)))
(allow proc_net proc (filesystem (associate)))
-;;* lmx 218 system/sepolicy/private/file.te
+;;* lmx 221 system/sepolicy/private/file.te
(neverallow fs_type file_type (filesystem (associate)))
;;* lme
@@ -16640,7 +16690,7 @@
(allow fingerprintd fingerprintd_service (service_manager (add find)))
;;* lmx 11 system/sepolicy/private/fingerprintd.te
-(neverallow base_typeattr_508 fingerprintd_service (service_manager (add)))
+(neverallow base_typeattr_512 fingerprintd_service (service_manager (add)))
;;* lme
(allow fingerprintd fingerprintd_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
@@ -16806,17 +16856,17 @@
(allow flags_health_check server_configurable_flags_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
;;* lmx 50 system/sepolicy/private/flags_health_check.te
-(neverallow base_typeattr_509 server_configurable_flags_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_513 server_configurable_flags_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 56 system/sepolicy/private/flags_health_check.te
-(neverallow base_typeattr_509 device_config_boot_count_prop (property_service (set)))
+(neverallow base_typeattr_513 device_config_boot_count_prop (property_service (set)))
;;* lme
;;* lmx 61 system/sepolicy/private/flags_health_check.te
-(neverallow base_typeattr_509 device_config_reset_performed_prop (property_service (set)))
+(neverallow base_typeattr_513 device_config_reset_performed_prop (property_service (set)))
;;* lme
(allow init fsck_exec (file (read getattr map execute open)))
@@ -16859,17 +16909,17 @@
;;* lmx 80 system/sepolicy/private/fsck.te
-(neverallow base_typeattr_510 fsck (process (transition)))
+(neverallow base_typeattr_514 fsck (process (transition)))
;;* lme
;;* lmx 81 system/sepolicy/private/fsck.te
-(neverallow base_typeattr_236 fsck (process (dyntransition)))
+(neverallow base_typeattr_239 fsck (process (dyntransition)))
;;* lme
;;* lmx 82 system/sepolicy/private/fsck.te
-(neverallow fsck base_typeattr_511 (file (entrypoint)))
+(neverallow fsck base_typeattr_515 (file (entrypoint)))
;;* lme
(allow fsck system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -16897,17 +16947,17 @@
;;* lmx 48 system/sepolicy/private/fsck_untrusted.te
-(neverallow base_typeattr_296 fsck_untrusted (process (transition)))
+(neverallow base_typeattr_299 fsck_untrusted (process (transition)))
;;* lme
;;* lmx 49 system/sepolicy/private/fsck_untrusted.te
-(neverallow base_typeattr_236 fsck_untrusted (process (dyntransition)))
+(neverallow base_typeattr_239 fsck_untrusted (process (dyntransition)))
;;* lme
;;* lmx 50 system/sepolicy/private/fsck_untrusted.te
-(neverallow fsck_untrusted base_typeattr_511 (file (entrypoint)))
+(neverallow fsck_untrusted base_typeattr_515 (file (entrypoint)))
;;* lme
;;* lmx 55 system/sepolicy/private/fsck_untrusted.te
@@ -16930,17 +16980,17 @@
(allow fuseblkd mnt_media_rw_stub_file (dir (mounton)))
;;* lmx 30 system/sepolicy/private/fuseblkd.te
-(neverallow base_typeattr_512 fuseblkd (process (transition)))
+(neverallow base_typeattr_516 fuseblkd (process (transition)))
;;* lme
;;* lmx 31 system/sepolicy/private/fuseblkd.te
-(neverallow base_typeattr_236 fuseblkd (process (dyntransition)))
+(neverallow base_typeattr_239 fuseblkd (process (dyntransition)))
;;* lme
;;* lmx 32 system/sepolicy/private/fuseblkd.te
-(neverallow fuseblkd base_typeattr_513 (file (entrypoint)))
+(neverallow fuseblkd base_typeattr_517 (file (entrypoint)))
;;* lme
(allow fuseblkd_untrusted fuseblkd_exec (file (read getattr map execute open)))
@@ -16979,17 +17029,17 @@
;;* lmx 68 system/sepolicy/private/fuseblkd_untrusted.te
-(neverallow base_typeattr_296 fuseblkd_untrusted (process (transition)))
+(neverallow base_typeattr_299 fuseblkd_untrusted (process (transition)))
;;* lme
;;* lmx 69 system/sepolicy/private/fuseblkd_untrusted.te
-(neverallow base_typeattr_236 fuseblkd_untrusted (process (dyntransition)))
+(neverallow base_typeattr_239 fuseblkd_untrusted (process (dyntransition)))
;;* lme
;;* lmx 70 system/sepolicy/private/fuseblkd_untrusted.te
-(neverallow fuseblkd_untrusted base_typeattr_514 (file (entrypoint)))
+(neverallow fuseblkd_untrusted base_typeattr_518 (file (entrypoint)))
;;* lme
;;* lmx 77 system/sepolicy/private/fuseblkd_untrusted.te
@@ -17029,7 +17079,7 @@
(allow gatekeeperd gatekeeper_service (service_manager (add find)))
;;* lmx 25 system/sepolicy/private/gatekeeperd.te
-(neverallow base_typeattr_515 gatekeeper_service (service_manager (add)))
+(neverallow base_typeattr_519 gatekeeper_service (service_manager (add)))
;;* lme
(allow gatekeeperd apc_service (service_manager (find)))
@@ -17069,23 +17119,23 @@
(dontaudit su gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 6 system/sepolicy/private/gmscore_app.te
-(neverallow base_typeattr_516 gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_520 gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow gmscore_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 6 system/sepolicy/private/gmscore_app.te
-(neverallow base_typeattr_517 base_typeattr_516 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_521 base_typeattr_520 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/gmscore_app.te
-(neverallow base_typeattr_518 gmscore_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_522 gmscore_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/gmscore_app.te
-(neverallow base_typeattr_519 gmscore_app (process (ptrace)))
+(neverallow base_typeattr_523 gmscore_app (process (ptrace)))
;;* lme
(allow gmscore_app sysfs_type (dir (search)))
@@ -17182,7 +17232,7 @@
(allow gmscore_app quick_start_prop (file (read getattr map open)))
;;* lmx 159 system/sepolicy/private/gmscore_app.te
-(neverallow base_typeattr_520 quick_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_524 quick_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow gmscore_app bluetooth_finder_prop (file (read getattr map open)))
@@ -17217,60 +17267,60 @@
;;* lmx 170 system/sepolicy/private/gmscore_app.te
-(neverallow gmscore_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow gmscore_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
+(neverallow gmscore_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow gmscore_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
;;* lme
;;* lmx 183 system/sepolicy/private/gmscore_app.te
-(neverallow gmscore_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow gmscore_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow gmscore_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow gmscore_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow gmscore_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow gmscore_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow gmscore_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow gmscore_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow gmscore_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow gmscore_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow gmscore_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow gmscore_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow gmscore_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
(allow init gpuservice_exec (file (read getattr map execute open)))
@@ -17326,7 +17376,7 @@
(allow gpuservice gpu_service (service_manager (add find)))
;;* lmx 61 system/sepolicy/private/gpuservice.te
-(neverallow base_typeattr_521 gpu_service (service_manager (add)))
+(neverallow base_typeattr_525 gpu_service (service_manager (add)))
;;* lme
(allow gpuservice property_socket (sock_file (write)))
@@ -17335,7 +17385,7 @@
(allow gpuservice graphics_config_writable_prop (file (read getattr map open)))
;;* lmx 66 system/sepolicy/private/gpuservice.te
-(neverallow base_typeattr_522 graphics_config_writable_prop (property_service (set)))
+(neverallow base_typeattr_526 graphics_config_writable_prop (property_service (set)))
;;* lme
(allow gpuservice permission_service (service_manager (find)))
@@ -17350,7 +17400,7 @@
(allow gsid gsi_service (service_manager (add find)))
;;* lmx 11 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_523 gsi_service (service_manager (add)))
+(neverallow base_typeattr_527 gsi_service (service_manager (add)))
;;* lme
(allow gsid vold_service (service_manager (find)))
@@ -17398,7 +17448,7 @@
(allow gsid self (cap_userns (sys_rawio)))
;;* lmx 104 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_524 gsid_prop (property_service (set)))
+(neverallow base_typeattr_528 gsid_prop (property_service (set)))
;;* lme
(allow gsid userdata_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -17419,59 +17469,59 @@
(allow gsid system_server (binder (call)))
;;* lmx 176 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_525 gsi_metadata_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_529 gsi_metadata_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 183 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_525 base_typeattr_526 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_525 base_typeattr_526 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_525 base_typeattr_526 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_525 base_typeattr_526 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_525 base_typeattr_526 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_525 base_typeattr_526 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 base_typeattr_530 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 base_typeattr_530 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 190 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_525 gsi_public_metadata_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
-(neverallow base_typeattr_525 gsi_public_metadata_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
-(neverallow base_typeattr_525 gsi_public_metadata_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
-(neverallow base_typeattr_525 gsi_public_metadata_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
-(neverallow base_typeattr_525 gsi_public_metadata_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
-(neverallow base_typeattr_525 gsi_public_metadata_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
;;* lme
;;* lmx 196 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_262 gsi_metadata_file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_262 gsi_metadata_file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_262 gsi_metadata_file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_262 gsi_metadata_file_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_262 gsi_metadata_file_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_262 gsi_metadata_file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_262 gsi_metadata_file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_265 gsi_metadata_file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 202 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_527 gsi_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_527 gsi_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_527 gsi_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_527 gsi_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_527 gsi_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_527 gsi_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_527 gsi_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_531 gsi_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_531 gsi_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_531 gsi_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 207 system/sepolicy/private/gsid.te
-(neverallow base_typeattr_523 gsi_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_523 gsi_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_523 gsi_data_file (chr_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_523 gsi_data_file (blk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_523 gsi_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_523 gsi_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_527 gsi_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (chr_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_527 gsi_data_file (blk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow hal_allocator_client hal_allocator_server (binder (call transfer)))
@@ -17482,12 +17532,12 @@
(allow hal_allocator_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_allocator.te
-(neverallow base_typeattr_528 hidl_allocator_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_532 hidl_allocator_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_allocator.te
-(neverallow base_typeattr_529 hidl_allocator_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_533 hidl_allocator_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_allocator_client hidl_memory_hwservice (hwservice_manager (find)))
@@ -17510,12 +17560,12 @@
(allow hal_atrace_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_atrace.te
-(neverallow base_typeattr_530 hal_atrace_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_534 hal_atrace_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_atrace.te
-(neverallow base_typeattr_531 hal_atrace_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_535 hal_atrace_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_audio_client hal_audio_server (binder (call transfer)))
@@ -17529,24 +17579,24 @@
(allow hal_audio_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_audio.te
-(neverallow base_typeattr_532 hal_audio_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_536 hal_audio_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_audio.te
-(neverallow base_typeattr_533 hal_audio_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_537 hal_audio_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_audio_client hal_audio_service (service_manager (find)))
(allow hal_audio_server hal_audio_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_audio.te
-(neverallow base_typeattr_532 hal_audio_service (service_manager (add)))
+(neverallow base_typeattr_536 hal_audio_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_audio.te
-(neverallow base_typeattr_534 hal_audio_service (service_manager (find)))
+(neverallow base_typeattr_538 hal_audio_service (service_manager (find)))
;;* lme
(allow hal_audio ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
@@ -17579,7 +17629,7 @@
;;* lmx 42 system/sepolicy/private/hal_audio.te
-(neverallow base_typeattr_535 audio_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_539 audio_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(allow hal_audio audio_config_prop (file (read getattr map open)))
@@ -17596,24 +17646,24 @@
(allow hal_audiocontrol_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_audiocontrol.te
-(neverallow base_typeattr_536 hal_audiocontrol_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_540 hal_audiocontrol_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_audiocontrol.te
-(neverallow base_typeattr_537 hal_audiocontrol_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_541 hal_audiocontrol_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_audiocontrol_client hal_audiocontrol_service (service_manager (find)))
(allow hal_audiocontrol_server hal_audiocontrol_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_audiocontrol.te
-(neverallow base_typeattr_536 hal_audiocontrol_service (service_manager (add)))
+(neverallow base_typeattr_540 hal_audiocontrol_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_audiocontrol.te
-(neverallow base_typeattr_538 hal_audiocontrol_service (service_manager (find)))
+(neverallow base_typeattr_542 hal_audiocontrol_service (service_manager (find)))
;;* lme
(allow hal_audiocontrol_server servicemanager (binder (call transfer)))
@@ -17626,12 +17676,12 @@
(allow hal_authgraph_server hal_authgraph_service (service_manager (add find)))
;;* lmx 3 system/sepolicy/private/hal_authgraph.te
-(neverallow base_typeattr_539 hal_authgraph_service (service_manager (add)))
+(neverallow base_typeattr_543 hal_authgraph_service (service_manager (add)))
;;* lme
;;* lmx 3 system/sepolicy/private/hal_authgraph.te
-(neverallow base_typeattr_540 hal_authgraph_service (service_manager (find)))
+(neverallow base_typeattr_544 hal_authgraph_service (service_manager (find)))
;;* lme
(allow hal_authgraph_server servicemanager (binder (call transfer)))
@@ -17647,24 +17697,24 @@
(allow hal_authsecret_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_authsecret.te
-(neverallow base_typeattr_541 hal_authsecret_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_545 hal_authsecret_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_authsecret.te
-(neverallow base_typeattr_542 hal_authsecret_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_546 hal_authsecret_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_authsecret_client hal_authsecret_service (service_manager (find)))
(allow hal_authsecret_server hal_authsecret_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_authsecret.te
-(neverallow base_typeattr_541 hal_authsecret_service (service_manager (add)))
+(neverallow base_typeattr_545 hal_authsecret_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_authsecret.te
-(neverallow base_typeattr_543 hal_authsecret_service (service_manager (find)))
+(neverallow base_typeattr_547 hal_authsecret_service (service_manager (find)))
;;* lme
(allow hal_authsecret_server servicemanager (binder (call transfer)))
@@ -17684,24 +17734,24 @@
(allow hal_bluetooth_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/hal_bluetooth.te
-(neverallow base_typeattr_544 hal_bluetooth_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_548 hal_bluetooth_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_bluetooth.te
-(neverallow base_typeattr_545 hal_bluetooth_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_549 hal_bluetooth_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_bluetooth_client hal_bluetooth_service (service_manager (find)))
(allow hal_bluetooth_server hal_bluetooth_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_bluetooth.te
-(neverallow base_typeattr_544 hal_bluetooth_service (service_manager (add)))
+(neverallow base_typeattr_548 hal_bluetooth_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_bluetooth.te
-(neverallow base_typeattr_546 hal_bluetooth_service (service_manager (find)))
+(neverallow base_typeattr_550 hal_bluetooth_service (service_manager (find)))
;;* lme
(allow hal_bluetooth sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -17767,12 +17817,12 @@
(allow hal_bootctl_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/hal_bootctl.te
-(neverallow base_typeattr_547 hal_bootctl_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_551 hal_bootctl_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_bootctl.te
-(neverallow base_typeattr_548 hal_bootctl_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_552 hal_bootctl_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_bootctl_server proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
@@ -17780,12 +17830,12 @@
(allow hal_bootctl_server hal_bootctl_service (service_manager (add find)))
;;* lmx 10 system/sepolicy/private/hal_bootctl.te
-(neverallow base_typeattr_547 hal_bootctl_service (service_manager (add)))
+(neverallow base_typeattr_551 hal_bootctl_service (service_manager (add)))
;;* lme
;;* lmx 10 system/sepolicy/private/hal_bootctl.te
-(neverallow base_typeattr_549 hal_bootctl_service (service_manager (find)))
+(neverallow base_typeattr_553 hal_bootctl_service (service_manager (find)))
;;* lme
(allow hal_broadcastradio_client hal_broadcastradio_server (binder (call transfer)))
@@ -17799,24 +17849,24 @@
(allow hal_broadcastradio_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_broadcastradio.te
-(neverallow base_typeattr_550 hal_broadcastradio_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_554 hal_broadcastradio_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_broadcastradio.te
-(neverallow base_typeattr_551 hal_broadcastradio_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_555 hal_broadcastradio_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_broadcastradio_client hal_broadcastradio_service (service_manager (find)))
(allow hal_broadcastradio_server hal_broadcastradio_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_broadcastradio.te
-(neverallow base_typeattr_550 hal_broadcastradio_service (service_manager (add)))
+(neverallow base_typeattr_554 hal_broadcastradio_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_broadcastradio.te
-(neverallow base_typeattr_552 hal_broadcastradio_service (service_manager (find)))
+(neverallow base_typeattr_556 hal_broadcastradio_service (service_manager (find)))
;;* lme
(allow hal_broadcastradio_server servicemanager (binder (call transfer)))
@@ -17835,24 +17885,24 @@
(allow hal_camera_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 8 system/sepolicy/private/hal_camera.te
-(neverallow base_typeattr_553 hal_camera_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_557 hal_camera_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_camera.te
-(neverallow base_typeattr_554 hal_camera_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_558 hal_camera_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_camera_client hal_camera_service (service_manager (find)))
(allow hal_camera_server hal_camera_service (service_manager (add find)))
;;* lmx 9 system/sepolicy/private/hal_camera.te
-(neverallow base_typeattr_553 hal_camera_service (service_manager (add)))
+(neverallow base_typeattr_557 hal_camera_service (service_manager (add)))
;;* lme
;;* lmx 9 system/sepolicy/private/hal_camera.te
-(neverallow base_typeattr_555 hal_camera_service (service_manager (find)))
+(neverallow base_typeattr_559 hal_camera_service (service_manager (find)))
;;* lme
(allow hal_camera device (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -17863,7 +17913,7 @@
(allow hal_camera dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
(allow hal_camera_client hal_graphics_allocator (fd (use)))
(allow hal_camera_server hal_graphics_allocator (fd (use)))
-(allow hal_camera base_typeattr_556 (fd (use)))
+(allow hal_camera base_typeattr_560 (fd (use)))
(allow hal_camera surfaceflinger (fd (use)))
(allow hal_camera hal_allocator_server (fd (use)))
(allow hal_camera shell (fd (use)))
@@ -17883,7 +17933,7 @@
;;* lmx 42 system/sepolicy/private/hal_camera.te
-(neverallow base_typeattr_557 camera_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_561 camera_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(allow hal_can_controller_client hal_can_controller_server (binder (call transfer)))
@@ -17897,12 +17947,12 @@
(allow hal_can_controller_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_can.te
-(neverallow base_typeattr_558 hal_can_controller_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_562 hal_can_controller_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_can.te
-(neverallow base_typeattr_559 hal_can_controller_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_563 hal_can_controller_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_can_bus_client hal_can_bus_server (binder (call transfer)))
@@ -17916,24 +17966,24 @@
(allow hal_can_bus_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 9 system/sepolicy/private/hal_can.te
-(neverallow base_typeattr_560 hal_can_bus_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_564 hal_can_bus_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 9 system/sepolicy/private/hal_can.te
-(neverallow base_typeattr_561 hal_can_bus_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_565 hal_can_bus_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_can_controller_client hal_can_controller_service (service_manager (find)))
(allow hal_can_controller_server hal_can_controller_service (service_manager (add find)))
;;* lmx 12 system/sepolicy/private/hal_can.te
-(neverallow base_typeattr_558 hal_can_controller_service (service_manager (add)))
+(neverallow base_typeattr_562 hal_can_controller_service (service_manager (add)))
;;* lme
;;* lmx 12 system/sepolicy/private/hal_can.te
-(neverallow base_typeattr_562 hal_can_controller_service (service_manager (find)))
+(neverallow base_typeattr_566 hal_can_controller_service (service_manager (find)))
;;* lme
(allow hal_can_controller servicemanager (binder (call transfer)))
@@ -17949,12 +17999,12 @@
(allow hal_cas_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_cas.te
-(neverallow base_typeattr_563 hal_cas_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_567 hal_cas_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_cas.te
-(neverallow base_typeattr_564 hal_cas_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_568 hal_cas_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_cas_server hidl_memory_hwservice (hwservice_manager (find)))
@@ -17962,12 +18012,12 @@
(allow hal_cas_server hal_cas_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/hal_cas.te
-(neverallow base_typeattr_563 hal_cas_service (service_manager (add)))
+(neverallow base_typeattr_567 hal_cas_service (service_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_cas.te
-(neverallow base_typeattr_565 hal_cas_service (service_manager (find)))
+(neverallow base_typeattr_569 hal_cas_service (service_manager (find)))
;;* lme
(allow hal_cas_server servicemanager (binder (call transfer)))
@@ -18033,24 +18083,24 @@
(allow hal_codec2_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 9 system/sepolicy/private/hal_codec2.te
-(neverallow base_typeattr_566 hal_codec2_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_570 hal_codec2_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 9 system/sepolicy/private/hal_codec2.te
-(neverallow base_typeattr_567 hal_codec2_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_571 hal_codec2_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_codec2_client hal_codec2_service (service_manager (find)))
(allow hal_codec2_server hal_codec2_service (service_manager (add find)))
;;* lmx 10 system/sepolicy/private/hal_codec2.te
-(neverallow base_typeattr_566 hal_codec2_service (service_manager (add)))
+(neverallow base_typeattr_570 hal_codec2_service (service_manager (add)))
;;* lme
;;* lmx 10 system/sepolicy/private/hal_codec2.te
-(neverallow base_typeattr_568 hal_codec2_service (service_manager (find)))
+(neverallow base_typeattr_572 hal_codec2_service (service_manager (find)))
;;* lme
(allow hal_codec2_server hal_graphics_composer (fd (use)))
@@ -18058,10 +18108,10 @@
(allow hal_codec2_server hal_camera (fd (use)))
(allow hal_codec2_server bufferhubd (fd (use)))
(allow hal_codec2_client ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_569 surfaceflinger_service (service_manager (find)))
+(allow base_typeattr_573 surfaceflinger_service (service_manager (find)))
(allow hal_codec2_server su (fifo_file (read)))
(allow hal_codec2_server hal_codec2_client (fifo_file (read)))
-(allow hal_codec2_server base_typeattr_254 (fifo_file (read)))
+(allow hal_codec2_server base_typeattr_257 (fifo_file (read)))
(allow hal_configstore_client hal_configstore_server (binder (call transfer)))
(allow hal_configstore_server hal_configstore_client (binder (transfer)))
(allow hal_configstore_client hal_configstore_server (fd (use)))
@@ -18070,12 +18120,12 @@
(allow hal_configstore_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_configstore.te
-(neverallow base_typeattr_570 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (add)))
+(neverallow base_typeattr_574 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_configstore.te
-(neverallow base_typeattr_571 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (find)))
+(neverallow base_typeattr_575 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (find)))
;;* lme
(allow hal_configstore_server anr_data_file (file (append)))
@@ -18125,15 +18175,15 @@
;;* lmx 37 system/sepolicy/private/hal_configstore.te
-(neverallow hal_configstore_server base_typeattr_572 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
-(neverallow hal_configstore_server base_typeattr_572 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server base_typeattr_576 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(neverallow hal_configstore_server base_typeattr_576 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
;;* lmx 45 system/sepolicy/private/hal_configstore.te
-(neverallow hal_configstore_server base_typeattr_573 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow hal_configstore_server base_typeattr_573 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow hal_configstore_server base_typeattr_573 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow hal_configstore_server base_typeattr_577 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow hal_configstore_server base_typeattr_577 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow hal_configstore_server base_typeattr_577 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 51 system/sepolicy/private/hal_configstore.te
@@ -18158,7 +18208,7 @@
;;* lmx 58 system/sepolicy/private/hal_configstore.te
-(neverallow hal_configstore_server base_typeattr_236 (service_manager (add find list)))
+(neverallow hal_configstore_server base_typeattr_239 (service_manager (add find list)))
;;* lme
;;* lmx 61 system/sepolicy/private/hal_configstore.te
@@ -18171,18 +18221,18 @@
;;* lmx 64 system/sepolicy/private/hal_configstore.te
-(neverallow hal_configstore_server base_typeattr_236 (process (ptrace)))
+(neverallow hal_configstore_server base_typeattr_239 (process (ptrace)))
;;* lme
;;* lmx 67 system/sepolicy/private/hal_configstore.te
-(neverallow hal_configstore_server base_typeattr_236 (file (relabelfrom relabelto)))
-(neverallow hal_configstore_server base_typeattr_236 (dir (relabelfrom relabelto)))
-(neverallow hal_configstore_server base_typeattr_236 (lnk_file (relabelfrom relabelto)))
-(neverallow hal_configstore_server base_typeattr_236 (chr_file (relabelfrom relabelto)))
-(neverallow hal_configstore_server base_typeattr_236 (blk_file (relabelfrom relabelto)))
-(neverallow hal_configstore_server base_typeattr_236 (sock_file (relabelfrom relabelto)))
-(neverallow hal_configstore_server base_typeattr_236 (fifo_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (dir (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (lnk_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (chr_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (blk_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (sock_file (relabelfrom relabelto)))
+(neverallow hal_configstore_server base_typeattr_239 (fifo_file (relabelfrom relabelto)))
;;* lme
(allow hal_confirmationui_client hal_confirmationui_server (binder (call transfer)))
@@ -18193,24 +18243,24 @@
(allow hal_confirmationui_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_confirmationui.te
-(neverallow base_typeattr_574 hal_confirmationui_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_578 hal_confirmationui_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_confirmationui.te
-(neverallow base_typeattr_575 hal_confirmationui_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_579 hal_confirmationui_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_confirmationui_client hal_confirmationui_service (service_manager (find)))
(allow hal_confirmationui_server hal_confirmationui_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_confirmationui.te
-(neverallow base_typeattr_574 hal_confirmationui_service (service_manager (add)))
+(neverallow base_typeattr_578 hal_confirmationui_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_confirmationui.te
-(neverallow base_typeattr_576 hal_confirmationui_service (service_manager (find)))
+(neverallow base_typeattr_580 hal_confirmationui_service (service_manager (find)))
;;* lme
(allow hal_confirmationui_server servicemanager (binder (call transfer)))
@@ -18225,7 +18275,7 @@
(allow hal_contexthub_server hal_contexthub_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_contexthub.te
-(neverallow base_typeattr_577 hal_contexthub_service (service_manager (add)))
+(neverallow base_typeattr_581 hal_contexthub_service (service_manager (add)))
;;* lme
(allow hal_contexthub_server servicemanager (binder (call transfer)))
@@ -18237,12 +18287,12 @@
(allow hal_contexthub_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 10 system/sepolicy/private/hal_contexthub.te
-(neverallow base_typeattr_577 hal_contexthub_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_581 hal_contexthub_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 10 system/sepolicy/private/hal_contexthub.te
-(neverallow base_typeattr_578 hal_contexthub_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_582 hal_contexthub_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_drm_server servicemanager (binder (call transfer)))
@@ -18258,24 +18308,24 @@
(allow hal_drm_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/hal_drm.te
-(neverallow base_typeattr_579 hal_drm_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_583 hal_drm_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_drm.te
-(neverallow base_typeattr_580 hal_drm_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_584 hal_drm_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_drm_client hal_drm_service (service_manager (find)))
(allow hal_drm_server hal_drm_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_drm.te
-(neverallow base_typeattr_579 hal_drm_service (service_manager (add)))
+(neverallow base_typeattr_583 hal_drm_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_drm.te
-(neverallow base_typeattr_581 hal_drm_service (service_manager (find)))
+(neverallow base_typeattr_585 hal_drm_service (service_manager (find)))
;;* lme
(allow hal_drm hidl_memory_hwservice (hwservice_manager (find)))
@@ -18301,7 +18351,7 @@
(allow hal_drm mediaserver (fd (use)))
(allow hal_drm sysfs (file (ioctl read getattr lock map open watch watch_reads)))
(allow hal_drm tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow hal_drm_server base_typeattr_556 (fd (use)))
+(allow hal_drm_server base_typeattr_560 (fd (use)))
(allowx hal_drm self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
(allowx hal_drm self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
(allowx hal_drm self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
@@ -18353,24 +18403,24 @@
(allow hal_dumpstate_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 7 system/sepolicy/private/hal_dumpstate.te
-(neverallow base_typeattr_582 hal_dumpstate_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_586 hal_dumpstate_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_dumpstate.te
-(neverallow base_typeattr_583 hal_dumpstate_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_587 hal_dumpstate_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_dumpstate_client hal_dumpstate_service (service_manager (find)))
(allow hal_dumpstate_server hal_dumpstate_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/hal_dumpstate.te
-(neverallow base_typeattr_582 hal_dumpstate_service (service_manager (add)))
+(neverallow base_typeattr_586 hal_dumpstate_service (service_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_dumpstate.te
-(neverallow base_typeattr_584 hal_dumpstate_service (service_manager (find)))
+(neverallow base_typeattr_588 hal_dumpstate_service (service_manager (find)))
;;* lme
(allow hal_dumpstate_server servicemanager (binder (call transfer)))
@@ -18398,19 +18448,19 @@
(allow hal_evs_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 12 system/sepolicy/private/hal_evs.te
-(neverallow base_typeattr_585 hal_evs_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_589 hal_evs_hwservice (hwservice_manager (add)))
;;* lme
(allow hal_evs_client hal_evs_service (service_manager (find)))
(allow hal_evs_server hal_evs_service (service_manager (add find)))
;;* lmx 15 system/sepolicy/private/hal_evs.te
-(neverallow base_typeattr_586 hal_evs_service (service_manager (add)))
+(neverallow base_typeattr_590 hal_evs_service (service_manager (add)))
;;* lme
;;* lmx 15 system/sepolicy/private/hal_evs.te
-(neverallow base_typeattr_587 hal_evs_service (service_manager (find)))
+(neverallow base_typeattr_591 hal_evs_service (service_manager (find)))
;;* lme
(allow hal_face_client hal_face_server (binder (call transfer)))
@@ -18424,31 +18474,31 @@
(allow hal_face_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_face.te
-(neverallow base_typeattr_588 hal_face_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_592 hal_face_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_face.te
-(neverallow base_typeattr_589 hal_face_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_593 hal_face_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_face_client hal_face_service (service_manager (find)))
(allow hal_face_server hal_face_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_face.te
-(neverallow base_typeattr_588 hal_face_service (service_manager (add)))
+(neverallow base_typeattr_592 hal_face_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_face.te
-(neverallow base_typeattr_590 hal_face_service (service_manager (find)))
+(neverallow base_typeattr_594 hal_face_service (service_manager (find)))
;;* lme
(allow hal_face_server servicemanager (binder (call transfer)))
(allow servicemanager hal_face_server (binder (call transfer)))
(allow hal_face ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_591 face_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_591 face_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(allow base_typeattr_595 face_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_595 face_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow hal_fastboot_client hal_fastboot_server (binder (call transfer)))
(allow hal_fastboot_server hal_fastboot_client (binder (transfer)))
(allow hal_fastboot_client hal_fastboot_server (fd (use)))
@@ -18456,12 +18506,12 @@
(allow hal_fastboot_server hal_fastboot_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_fastboot.te
-(neverallow base_typeattr_592 hal_fastboot_service (service_manager (add)))
+(neverallow base_typeattr_596 hal_fastboot_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_fastboot.te
-(neverallow base_typeattr_593 hal_fastboot_service (service_manager (find)))
+(neverallow base_typeattr_597 hal_fastboot_service (service_manager (find)))
;;* lme
(allow hal_fastboot_server servicemanager (binder (call transfer)))
@@ -18478,40 +18528,40 @@
(allow hal_fingerprint_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_fingerprint.te
-(neverallow base_typeattr_594 hal_fingerprint_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_598 hal_fingerprint_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_fingerprint.te
-(neverallow base_typeattr_595 hal_fingerprint_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_599 hal_fingerprint_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_fingerprint_client hal_fingerprint_service (service_manager (find)))
(allow hal_fingerprint_server hal_fingerprint_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_fingerprint.te
-(neverallow base_typeattr_594 hal_fingerprint_service (service_manager (add)))
+(neverallow base_typeattr_598 hal_fingerprint_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_fingerprint.te
-(neverallow base_typeattr_596 hal_fingerprint_service (service_manager (find)))
+(neverallow base_typeattr_600 hal_fingerprint_service (service_manager (find)))
;;* lme
(allow hal_fingerprint_server servicemanager (binder (call transfer)))
(allow servicemanager hal_fingerprint_server (binder (call transfer)))
(allow hal_fingerprint ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_597 fingerprint_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_597 fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(allow base_typeattr_601 fingerprint_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_601 fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow hal_fingerprint cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
(allow hal_fingerprint cgroup (file (ioctl read getattr lock map open watch watch_reads)))
(allow hal_fingerprint cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow hal_fingerprint cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
(allow hal_fingerprint cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
(allow hal_fingerprint cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_597 sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_597 sysfs (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_597 sysfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_601 sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_601 sysfs (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_601 sysfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow hal_gatekeeper_client hal_gatekeeper_server (binder (call transfer)))
(allow hal_gatekeeper_server hal_gatekeeper_client (binder (transfer)))
(allow hal_gatekeeper_client hal_gatekeeper_server (fd (use)))
@@ -18520,24 +18570,24 @@
(allow hal_gatekeeper_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 3 system/sepolicy/private/hal_gatekeeper.te
-(neverallow base_typeattr_598 hal_gatekeeper_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_602 hal_gatekeeper_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 3 system/sepolicy/private/hal_gatekeeper.te
-(neverallow base_typeattr_599 hal_gatekeeper_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_603 hal_gatekeeper_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_gatekeeper_client hal_gatekeeper_service (service_manager (find)))
(allow hal_gatekeeper_server hal_gatekeeper_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_gatekeeper.te
-(neverallow base_typeattr_598 hal_gatekeeper_service (service_manager (add)))
+(neverallow base_typeattr_602 hal_gatekeeper_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_gatekeeper.te
-(neverallow base_typeattr_600 hal_gatekeeper_service (service_manager (find)))
+(neverallow base_typeattr_604 hal_gatekeeper_service (service_manager (find)))
;;* lme
(allow hal_gatekeeper_server servicemanager (binder (call transfer)))
@@ -18556,24 +18606,24 @@
(allow hal_gnss_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_gnss.te
-(neverallow base_typeattr_601 hal_gnss_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_605 hal_gnss_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_gnss.te
-(neverallow base_typeattr_602 hal_gnss_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_606 hal_gnss_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_gnss_client hal_gnss_service (service_manager (find)))
(allow hal_gnss_server hal_gnss_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_gnss.te
-(neverallow base_typeattr_601 hal_gnss_service (service_manager (add)))
+(neverallow base_typeattr_605 hal_gnss_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_gnss.te
-(neverallow base_typeattr_603 hal_gnss_service (service_manager (find)))
+(neverallow base_typeattr_607 hal_gnss_service (service_manager (find)))
;;* lme
(allow hal_gnss_server servicemanager (binder (call transfer)))
@@ -18588,12 +18638,12 @@
(allow hal_graphics_allocator_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_graphics_allocator.te
-(neverallow base_typeattr_604 hal_graphics_allocator_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_608 hal_graphics_allocator_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_graphics_allocator.te
-(neverallow base_typeattr_605 hal_graphics_allocator_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_609 hal_graphics_allocator_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_graphics_allocator_client hal_graphics_mapper_hwservice (hwservice_manager (find)))
@@ -18610,12 +18660,12 @@
(allow hal_graphics_allocator_server hal_graphics_allocator_service (service_manager (add find)))
;;* lmx 22 system/sepolicy/private/hal_graphics_allocator.te
-(neverallow base_typeattr_604 hal_graphics_allocator_service (service_manager (add)))
+(neverallow base_typeattr_608 hal_graphics_allocator_service (service_manager (add)))
;;* lme
;;* lmx 22 system/sepolicy/private/hal_graphics_allocator.te
-(neverallow base_typeattr_606 hal_graphics_allocator_service (service_manager (find)))
+(neverallow base_typeattr_610 hal_graphics_allocator_service (service_manager (find)))
;;* lme
(allow hal_graphics_allocator_server servicemanager (binder (call transfer)))
@@ -18637,12 +18687,12 @@
(allow hal_graphics_composer_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 7 system/sepolicy/private/hal_graphics_composer.te
-(neverallow base_typeattr_607 hal_graphics_composer_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_611 hal_graphics_composer_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_graphics_composer.te
-(neverallow base_typeattr_608 hal_graphics_composer_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_612 hal_graphics_composer_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_graphics_composer_server hal_graphics_mapper_hwservice (hwservice_manager (find)))
@@ -18669,12 +18719,12 @@
(allow hal_graphics_composer_server hal_graphics_composer_service (service_manager (add find)))
;;* lmx 38 system/sepolicy/private/hal_graphics_composer.te
-(neverallow base_typeattr_607 hal_graphics_composer_service (service_manager (add)))
+(neverallow base_typeattr_611 hal_graphics_composer_service (service_manager (add)))
;;* lme
;;* lmx 38 system/sepolicy/private/hal_graphics_composer.te
-(neverallow base_typeattr_609 hal_graphics_composer_service (service_manager (find)))
+(neverallow base_typeattr_613 hal_graphics_composer_service (service_manager (find)))
;;* lme
(allow hal_health_client hal_health_server (binder (call transfer)))
@@ -18688,24 +18738,24 @@
(allow hal_health_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_health.te
-(neverallow base_typeattr_610 hal_health_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_614 hal_health_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_health.te
-(neverallow base_typeattr_611 hal_health_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_615 hal_health_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_health_client hal_health_service (service_manager (find)))
(allow hal_health_server hal_health_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_health.te
-(neverallow base_typeattr_610 hal_health_service (service_manager (add)))
+(neverallow base_typeattr_614 hal_health_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_health.te
-(neverallow base_typeattr_612 hal_health_service (service_manager (find)))
+(neverallow base_typeattr_616 hal_health_service (service_manager (find)))
;;* lme
(allow hal_health_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -18745,24 +18795,24 @@
(allow hal_health_storage_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 7 system/sepolicy/private/hal_health_storage.te
-(neverallow base_typeattr_613 hal_health_storage_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_617 hal_health_storage_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_health_storage.te
-(neverallow base_typeattr_614 hal_health_storage_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_618 hal_health_storage_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_health_storage_client hal_health_storage_service (service_manager (find)))
(allow hal_health_storage_server hal_health_storage_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/hal_health_storage.te
-(neverallow base_typeattr_613 hal_health_storage_service (service_manager (add)))
+(neverallow base_typeattr_617 hal_health_storage_service (service_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_health_storage.te
-(neverallow base_typeattr_615 hal_health_storage_service (service_manager (find)))
+(neverallow base_typeattr_619 hal_health_storage_service (service_manager (find)))
;;* lme
(allow hal_health_storage_server gsi_metadata_file_type (dir (search)))
@@ -18777,12 +18827,12 @@
(allow hal_identity_server hal_identity_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_identity.te
-(neverallow base_typeattr_616 hal_identity_service (service_manager (add)))
+(neverallow base_typeattr_620 hal_identity_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_identity.te
-(neverallow base_typeattr_617 hal_identity_service (service_manager (find)))
+(neverallow base_typeattr_621 hal_identity_service (service_manager (find)))
;;* lme
(allow hal_identity_server servicemanager (binder (call transfer)))
@@ -18796,12 +18846,12 @@
(allow hal_input_classifier_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_input_classifier.te
-(neverallow base_typeattr_618 hal_input_classifier_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_622 hal_input_classifier_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_input_classifier.te
-(neverallow base_typeattr_619 hal_input_classifier_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_623 hal_input_classifier_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_input_processor_client hal_input_processor_server (binder (call transfer)))
@@ -18814,12 +18864,12 @@
(allow hal_input_processor_server hal_input_processor_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_input_processor.te
-(neverallow base_typeattr_620 hal_input_processor_service (service_manager (add)))
+(neverallow base_typeattr_624 hal_input_processor_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_input_processor.te
-(neverallow base_typeattr_621 hal_input_processor_service (service_manager (find)))
+(neverallow base_typeattr_625 hal_input_processor_service (service_manager (find)))
;;* lme
(allow hal_input_processor_server dumpstate (fifo_file (write)))
@@ -18833,12 +18883,12 @@
(allow hal_ir_server hal_ir_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_ir.te
-(neverallow base_typeattr_622 hal_ir_service (service_manager (add)))
+(neverallow base_typeattr_626 hal_ir_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_ir.te
-(neverallow base_typeattr_623 hal_ir_service (service_manager (find)))
+(neverallow base_typeattr_627 hal_ir_service (service_manager (find)))
;;* lme
(allow hal_ir_server servicemanager (binder (call transfer)))
@@ -18849,12 +18899,12 @@
(allow hal_ir_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 8 system/sepolicy/private/hal_ir.te
-(neverallow base_typeattr_622 hal_ir_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_626 hal_ir_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_ir.te
-(neverallow base_typeattr_624 hal_ir_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_628 hal_ir_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_ivn_client hal_ivn_server (binder (call transfer)))
@@ -18864,12 +18914,12 @@
(allow hal_ivn_server hal_ivn_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_ivn.te
-(neverallow base_typeattr_625 hal_ivn_service (service_manager (add)))
+(neverallow base_typeattr_629 hal_ivn_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_ivn.te
-(neverallow base_typeattr_626 hal_ivn_service (service_manager (find)))
+(neverallow base_typeattr_630 hal_ivn_service (service_manager (find)))
;;* lme
(allow hal_keymaster_client hal_keymaster_server (binder (call transfer)))
@@ -18880,12 +18930,12 @@
(allow hal_keymaster_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_keymaster.te
-(neverallow base_typeattr_627 hal_keymaster_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_631 hal_keymaster_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_keymaster.te
-(neverallow base_typeattr_628 hal_keymaster_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_632 hal_keymaster_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_keymaster tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -18897,31 +18947,31 @@
(allow hal_keymint_server hal_keymint_service (service_manager (add find)))
;;* lmx 3 system/sepolicy/private/hal_keymint.te
-(neverallow base_typeattr_629 hal_keymint_service (service_manager (add)))
+(neverallow base_typeattr_633 hal_keymint_service (service_manager (add)))
;;* lme
;;* lmx 3 system/sepolicy/private/hal_keymint.te
-(neverallow base_typeattr_630 hal_keymint_service (service_manager (find)))
+(neverallow base_typeattr_634 hal_keymint_service (service_manager (find)))
;;* lme
(allow hal_keymint_client hal_remotelyprovisionedcomponent_service (service_manager (find)))
(allow hal_keymint_server hal_remotelyprovisionedcomponent_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_keymint.te
-(neverallow base_typeattr_629 hal_remotelyprovisionedcomponent_service (service_manager (add)))
+(neverallow base_typeattr_633 hal_remotelyprovisionedcomponent_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_keymint.te
-(neverallow base_typeattr_630 hal_remotelyprovisionedcomponent_service (service_manager (find)))
+(neverallow base_typeattr_634 hal_remotelyprovisionedcomponent_service (service_manager (find)))
;;* lme
(allow hal_keymint_server servicemanager (binder (call transfer)))
(allow servicemanager hal_keymint_server (binder (transfer)))
(allow hal_keymint_server servicemanager (fd (use)))
-(allow base_typeattr_631 tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_631 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_635 tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_635 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
(allow init hal_keymint_system_exec (file (read getattr map execute open)))
(allow init hal_keymint_system (process (transition)))
(allow hal_keymint_system hal_keymint_system_exec (file (read getattr map execute open entrypoint)))
@@ -18940,24 +18990,24 @@
(allow hal_light_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_light.te
-(neverallow base_typeattr_632 hal_light_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_636 hal_light_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_light.te
-(neverallow base_typeattr_633 hal_light_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_637 hal_light_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_light_client hal_light_service (service_manager (find)))
(allow hal_light_server hal_light_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_light.te
-(neverallow base_typeattr_632 hal_light_service (service_manager (add)))
+(neverallow base_typeattr_636 hal_light_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_light.te
-(neverallow base_typeattr_634 hal_light_service (service_manager (find)))
+(neverallow base_typeattr_638 hal_light_service (service_manager (find)))
;;* lme
(allow hal_light_server servicemanager (binder (call transfer)))
@@ -18980,12 +19030,12 @@
(allow hal_lowpan_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 7 system/sepolicy/private/hal_lowpan.te
-(neverallow base_typeattr_635 hal_lowpan_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_639 hal_lowpan_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_lowpan.te
-(neverallow base_typeattr_636 hal_lowpan_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_640 hal_lowpan_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_lowpan_server property_socket (sock_file (write)))
@@ -18995,7 +19045,7 @@
(allow hal_lowpan_server lowpan_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
;;* lmx 20 system/sepolicy/private/hal_lowpan.te
-(neverallow base_typeattr_637 lowpan_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_641 lowpan_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(allow hal_macsec_client hal_macsec_server (binder (call transfer)))
@@ -19008,12 +19058,12 @@
(allow hal_macsec_server hal_macsec_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_macsec.te
-(neverallow base_typeattr_638 hal_macsec_service (service_manager (add)))
+(neverallow base_typeattr_642 hal_macsec_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_macsec.te
-(neverallow base_typeattr_639 hal_macsec_service (service_manager (find)))
+(neverallow base_typeattr_643 hal_macsec_service (service_manager (find)))
;;* lme
(allow hal_macsec_server servicemanager (binder (call transfer)))
@@ -19028,12 +19078,12 @@
(allow hal_mediaquality_server hal_mediaquality_service (service_manager (add find)))
;;* lmx 1 system/sepolicy/private/hal_mediaquality.te
-(neverallow base_typeattr_640 hal_mediaquality_service (service_manager (add)))
+(neverallow base_typeattr_644 hal_mediaquality_service (service_manager (add)))
;;* lme
;;* lmx 1 system/sepolicy/private/hal_mediaquality.te
-(neverallow base_typeattr_641 hal_mediaquality_service (service_manager (find)))
+(neverallow base_typeattr_645 hal_mediaquality_service (service_manager (find)))
;;* lme
(allow hal_mediaquality_server servicemanager (binder (call transfer)))
@@ -19050,24 +19100,24 @@
(allow hal_memtrack_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_memtrack.te
-(neverallow base_typeattr_642 hal_memtrack_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_646 hal_memtrack_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_memtrack.te
-(neverallow base_typeattr_643 hal_memtrack_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_647 hal_memtrack_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_memtrack_client hal_memtrack_service (service_manager (find)))
(allow hal_memtrack_server hal_memtrack_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_memtrack.te
-(neverallow base_typeattr_642 hal_memtrack_service (service_manager (add)))
+(neverallow base_typeattr_646 hal_memtrack_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_memtrack.te
-(neverallow base_typeattr_644 hal_memtrack_service (service_manager (find)))
+(neverallow base_typeattr_648 hal_memtrack_service (service_manager (find)))
;;* lme
(allow hal_memtrack_server servicemanager (binder (call transfer)))
@@ -19084,12 +19134,12 @@
(allow hal_neuralnetworks_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_neuralnetworks.te
-(neverallow base_typeattr_645 hal_neuralnetworks_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_649 hal_neuralnetworks_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_neuralnetworks.te
-(neverallow base_typeattr_646 hal_neuralnetworks_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_650 hal_neuralnetworks_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_neuralnetworks hidl_memory_hwservice (hwservice_manager (find)))
@@ -19108,19 +19158,19 @@
(allow hal_neuralnetworks_client device_config_nnapi_native_prop (file (read getattr map open)))
;;* lmx 39 system/sepolicy/private/hal_neuralnetworks.te
-(neverallow base_typeattr_235 nnapi_ext_deny_product_prop (property_service (set)))
+(neverallow base_typeattr_238 nnapi_ext_deny_product_prop (property_service (set)))
;;* lme
(allow hal_neuralnetworks_client hal_neuralnetworks_service (service_manager (find)))
(allow hal_neuralnetworks_server hal_neuralnetworks_service (service_manager (add find)))
;;* lmx 42 system/sepolicy/private/hal_neuralnetworks.te
-(neverallow base_typeattr_645 hal_neuralnetworks_service (service_manager (add)))
+(neverallow base_typeattr_649 hal_neuralnetworks_service (service_manager (add)))
;;* lme
;;* lmx 42 system/sepolicy/private/hal_neuralnetworks.te
-(neverallow base_typeattr_647 hal_neuralnetworks_service (service_manager (find)))
+(neverallow base_typeattr_651 hal_neuralnetworks_service (service_manager (find)))
;;* lme
(allow hal_neuralnetworks_server servicemanager (binder (call transfer)))
@@ -19131,19 +19181,19 @@
(allow hal_neuralnetworks_server dumpstate (fifo_file (write)))
;;* lmx 17 system/sepolicy/private/hal_neverallows.te
-(neverallow base_typeattr_648 self (capability (net_admin net_raw)))
-(neverallow base_typeattr_648 self (cap_userns (net_admin net_raw)))
+(neverallow base_typeattr_652 self (capability (net_admin net_raw)))
+(neverallow base_typeattr_652 self (cap_userns (net_admin net_raw)))
;;* lme
;;* lmx 40 system/sepolicy/private/hal_neverallows.te
-(neverallow base_typeattr_649 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
-(neverallow base_typeattr_649 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_653 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_653 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
;;* lme
;;* lmx 57 system/sepolicy/private/hal_neverallows.te
-(neverallow base_typeattr_650 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow base_typeattr_654 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
;;* lme
;;* lmx 61 system/sepolicy/private/hal_neverallows.te
@@ -19181,17 +19231,17 @@
;;* lmx 98 system/sepolicy/private/hal_neverallows.te
-(neverallow base_typeattr_651 base_typeattr_652 (file (execute_no_trans)))
+(neverallow base_typeattr_655 base_typeattr_656 (file (execute_no_trans)))
;;* lme
;;* lmx 100 system/sepolicy/private/hal_neverallows.te
-(neverallow base_typeattr_235 halserverdomain (process (transition)))
+(neverallow base_typeattr_238 halserverdomain (process (transition)))
;;* lme
;;* lmx 104 system/sepolicy/private/hal_neverallows.te
-(neverallow base_typeattr_236 halserverdomain (process (dyntransition)))
+(neverallow base_typeattr_239 halserverdomain (process (dyntransition)))
;;* lme
(allow hal_nfc_client hal_nfc_server (binder (call transfer)))
@@ -19208,24 +19258,24 @@
(allow hal_nfc_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/hal_nfc.te
-(neverallow base_typeattr_653 hal_nfc_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_657 hal_nfc_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_nfc.te
-(neverallow base_typeattr_654 hal_nfc_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_658 hal_nfc_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_nfc_client hal_nfc_service (service_manager (find)))
(allow hal_nfc_server hal_nfc_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_nfc.te
-(neverallow base_typeattr_653 hal_nfc_service (service_manager (add)))
+(neverallow base_typeattr_657 hal_nfc_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_nfc.te
-(neverallow base_typeattr_655 hal_nfc_service (service_manager (find)))
+(neverallow base_typeattr_659 hal_nfc_service (service_manager (find)))
;;* lme
(allow hal_nfc property_socket (sock_file (write)))
@@ -19240,12 +19290,12 @@
(allow hal_nlinterceptor_server hal_nlinterceptor_service (service_manager (add find)))
;;* lmx 3 system/sepolicy/private/hal_nlinterceptor.te
-(neverallow base_typeattr_656 hal_nlinterceptor_service (service_manager (add)))
+(neverallow base_typeattr_660 hal_nlinterceptor_service (service_manager (add)))
;;* lme
;;* lmx 3 system/sepolicy/private/hal_nlinterceptor.te
-(neverallow base_typeattr_657 hal_nlinterceptor_service (service_manager (find)))
+(neverallow base_typeattr_661 hal_nlinterceptor_service (service_manager (find)))
;;* lme
(allow hal_nlinterceptor servicemanager (binder (call transfer)))
@@ -19263,24 +19313,24 @@
(allow hal_oemlock_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_oemlock.te
-(neverallow base_typeattr_658 hal_oemlock_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_662 hal_oemlock_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_oemlock.te
-(neverallow base_typeattr_659 hal_oemlock_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_663 hal_oemlock_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_oemlock_client hal_oemlock_service (service_manager (find)))
(allow hal_oemlock_server hal_oemlock_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_oemlock.te
-(neverallow base_typeattr_658 hal_oemlock_service (service_manager (add)))
+(neverallow base_typeattr_662 hal_oemlock_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_oemlock.te
-(neverallow base_typeattr_660 hal_oemlock_service (service_manager (find)))
+(neverallow base_typeattr_664 hal_oemlock_service (service_manager (find)))
;;* lme
(allow hal_oemlock_server servicemanager (binder (call transfer)))
@@ -19289,9 +19339,9 @@
(allow hal_omx_server binderservicedomain (binder (call transfer)))
(allow binderservicedomain hal_omx_server (binder (transfer)))
(allow hal_omx_server binderservicedomain (fd (use)))
-(allow hal_omx_server base_typeattr_556 (binder (call transfer)))
-(allow base_typeattr_556 hal_omx_server (binder (transfer)))
-(allow hal_omx_server base_typeattr_556 (fd (use)))
+(allow hal_omx_server base_typeattr_560 (binder (call transfer)))
+(allow base_typeattr_560 hal_omx_server (binder (transfer)))
+(allow hal_omx_server base_typeattr_560 (fd (use)))
(allow hal_omx_server hal_graphics_composer (fd (use)))
(allow hal_omx_server ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow hal_omx_server hal_camera (fd (use)))
@@ -19311,12 +19361,12 @@
(allow hal_omx_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 21 system/sepolicy/private/hal_omx.te
-(neverallow base_typeattr_661 hal_omx_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_665 hal_omx_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 21 system/sepolicy/private/hal_omx.te
-(neverallow base_typeattr_662 hal_omx_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_666 hal_omx_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_omx_client hidl_token_hwservice (hwservice_manager (find)))
@@ -19356,24 +19406,24 @@
(allow hal_power_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_power.te
-(neverallow base_typeattr_663 hal_power_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_667 hal_power_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_power.te
-(neverallow base_typeattr_664 hal_power_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_668 hal_power_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_power_client hal_power_service (service_manager (find)))
(allow hal_power_server hal_power_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_power.te
-(neverallow base_typeattr_663 hal_power_service (service_manager (add)))
+(neverallow base_typeattr_667 hal_power_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_power.te
-(neverallow base_typeattr_665 hal_power_service (service_manager (find)))
+(neverallow base_typeattr_669 hal_power_service (service_manager (find)))
;;* lme
(allow hal_power_server servicemanager (binder (call transfer)))
@@ -19397,24 +19447,24 @@
(allow hal_power_stats_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_power_stats.te
-(neverallow base_typeattr_666 hal_power_stats_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_670 hal_power_stats_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_power_stats.te
-(neverallow base_typeattr_667 hal_power_stats_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_671 hal_power_stats_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_power_stats_client hal_power_stats_service (service_manager (find)))
(allow hal_power_stats_server hal_power_stats_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_power_stats.te
-(neverallow base_typeattr_666 hal_power_stats_service (service_manager (add)))
+(neverallow base_typeattr_670 hal_power_stats_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_power_stats.te
-(neverallow base_typeattr_668 hal_power_stats_service (service_manager (find)))
+(neverallow base_typeattr_672 hal_power_stats_service (service_manager (find)))
;;* lme
(allow hal_power_stats_server servicemanager (binder (call transfer)))
@@ -19430,12 +19480,12 @@
(allow hal_rebootescrow_server hal_rebootescrow_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_rebootescrow.te
-(neverallow base_typeattr_669 hal_rebootescrow_service (service_manager (add)))
+(neverallow base_typeattr_673 hal_rebootescrow_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_rebootescrow.te
-(neverallow base_typeattr_670 hal_rebootescrow_service (service_manager (find)))
+(neverallow base_typeattr_674 hal_rebootescrow_service (service_manager (find)))
;;* lme
(allow hal_rebootescrow_server servicemanager (binder (call transfer)))
@@ -19450,12 +19500,12 @@
(allow hal_remoteaccess_server hal_remoteaccess_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_remoteaccess.te
-(neverallow base_typeattr_671 hal_remoteaccess_service (service_manager (add)))
+(neverallow base_typeattr_675 hal_remoteaccess_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_remoteaccess.te
-(neverallow base_typeattr_672 hal_remoteaccess_service (service_manager (find)))
+(neverallow base_typeattr_676 hal_remoteaccess_service (service_manager (find)))
;;* lme
(allow hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server (binder (call transfer)))
@@ -19465,12 +19515,12 @@
(allow hal_remotelyprovisionedcomponent_avf_server hal_remotelyprovisionedcomponent_avf_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_remotelyprovisionedcomponent_avf.te
-(neverallow base_typeattr_673 hal_remotelyprovisionedcomponent_avf_service (service_manager (add)))
+(neverallow base_typeattr_677 hal_remotelyprovisionedcomponent_avf_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_remotelyprovisionedcomponent_avf.te
-(neverallow base_typeattr_674 hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
+(neverallow base_typeattr_678 hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
;;* lme
(allow hal_remotelyprovisionedcomponent_avf_server servicemanager (binder (call transfer)))
@@ -19482,12 +19532,12 @@
(allow hal_secretkeeper_server hal_secretkeeper_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_secretkeeper.te
-(neverallow base_typeattr_675 hal_secretkeeper_service (service_manager (add)))
+(neverallow base_typeattr_679 hal_secretkeeper_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_secretkeeper.te
-(neverallow base_typeattr_676 hal_secretkeeper_service (service_manager (find)))
+(neverallow base_typeattr_680 hal_secretkeeper_service (service_manager (find)))
;;* lme
(allow hal_secretkeeper_server servicemanager (binder (call transfer)))
@@ -19506,24 +19556,24 @@
(allow hal_secure_element_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_secure_element.te
-(neverallow base_typeattr_677 hal_secure_element_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_681 hal_secure_element_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_secure_element.te
-(neverallow base_typeattr_678 hal_secure_element_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_682 hal_secure_element_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_secure_element_client hal_secure_element_service (service_manager (find)))
(allow hal_secure_element_server hal_secure_element_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_secure_element.te
-(neverallow base_typeattr_677 hal_secure_element_service (service_manager (add)))
+(neverallow base_typeattr_681 hal_secure_element_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_secure_element.te
-(neverallow base_typeattr_679 hal_secure_element_service (service_manager (find)))
+(neverallow base_typeattr_683 hal_secure_element_service (service_manager (find)))
;;* lme
(allow hal_secure_element_server servicemanager (binder (call transfer)))
@@ -19537,22 +19587,22 @@
(allow hal_sensors_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_sensors.te
-(neverallow base_typeattr_680 hal_sensors_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_684 hal_sensors_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_sensors.te
-(neverallow base_typeattr_681 hal_sensors_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_685 hal_sensors_hwservice (hwservice_manager (find)))
;;* lme
-(allow hal_sensors base_typeattr_556 (fd (use)))
+(allow hal_sensors base_typeattr_560 (fd (use)))
(allow hal_sensors hal_allocator (fd (use)))
(allow hal_sensors self (capability (sys_nice)))
(allow hal_sensors self (cap_userns (sys_nice)))
(allow hal_sensors_server hal_sensors_service (service_manager (add find)))
;;* lmx 16 system/sepolicy/private/hal_sensors.te
-(neverallow base_typeattr_680 hal_sensors_service (service_manager (add)))
+(neverallow base_typeattr_684 hal_sensors_service (service_manager (add)))
;;* lme
(allow hal_sensors_server servicemanager (binder (call transfer)))
@@ -19570,24 +19620,24 @@
(allow hal_telephony_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_telephony.te
-(neverallow base_typeattr_682 hal_telephony_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_686 hal_telephony_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_telephony.te
-(neverallow base_typeattr_683 hal_telephony_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_687 hal_telephony_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_telephony_client hal_radio_service (service_manager (find)))
(allow hal_telephony_server hal_radio_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_telephony.te
-(neverallow base_typeattr_682 hal_radio_service (service_manager (add)))
+(neverallow base_typeattr_686 hal_radio_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_telephony.te
-(neverallow base_typeattr_684 hal_radio_service (service_manager (find)))
+(neverallow base_typeattr_688 hal_radio_service (service_manager (find)))
;;* lme
(allowx hal_telephony_server self (ioctl udp_socket (0x6900 0x6902)))
@@ -19661,24 +19711,24 @@
(allow hal_tetheroffload_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_tetheroffload.te
-(neverallow base_typeattr_685 hal_tetheroffload_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_689 hal_tetheroffload_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_tetheroffload.te
-(neverallow base_typeattr_686 hal_tetheroffload_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_690 hal_tetheroffload_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_tetheroffload_client hal_tetheroffload_service (service_manager (find)))
(allow hal_tetheroffload_server hal_tetheroffload_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_tetheroffload.te
-(neverallow base_typeattr_685 hal_tetheroffload_service (service_manager (add)))
+(neverallow base_typeattr_689 hal_tetheroffload_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_tetheroffload.te
-(neverallow base_typeattr_687 hal_tetheroffload_service (service_manager (find)))
+(neverallow base_typeattr_691 hal_tetheroffload_service (service_manager (find)))
;;* lme
(allow hal_tetheroffload_server servicemanager (binder (call transfer)))
@@ -19695,30 +19745,30 @@
(allow hal_thermal_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_thermal.te
-(neverallow base_typeattr_688 hal_thermal_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_692 hal_thermal_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_thermal.te
-(neverallow base_typeattr_689 hal_thermal_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_693 hal_thermal_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_thermal_client hal_thermal_service (service_manager (find)))
(allow hal_thermal_server hal_thermal_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_thermal.te
-(neverallow base_typeattr_688 hal_thermal_service (service_manager (add)))
+(neverallow base_typeattr_692 hal_thermal_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_thermal.te
-(neverallow base_typeattr_690 hal_thermal_service (service_manager (find)))
+(neverallow base_typeattr_694 hal_thermal_service (service_manager (find)))
;;* lme
(allow hal_thermal_server hal_thermal_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/hal_thermal.te
-(neverallow base_typeattr_688 hal_thermal_service (service_manager (add)))
+(neverallow base_typeattr_692 hal_thermal_service (service_manager (add)))
;;* lme
(allow hal_thermal_server servicemanager (binder (call transfer)))
@@ -19737,12 +19787,12 @@
(allow hal_threadnetwork_server hal_threadnetwork_service (service_manager (add find)))
;;* lmx 4 system/sepolicy/private/hal_threadnetwork.te
-(neverallow base_typeattr_691 hal_threadnetwork_service (service_manager (add)))
+(neverallow base_typeattr_695 hal_threadnetwork_service (service_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_threadnetwork.te
-(neverallow base_typeattr_692 hal_threadnetwork_service (service_manager (find)))
+(neverallow base_typeattr_696 hal_threadnetwork_service (service_manager (find)))
;;* lme
(allow hal_threadnetwork_server servicemanager (binder (call transfer)))
@@ -19762,12 +19812,12 @@
(allow hal_tv_cec_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_tv_cec.te
-(neverallow base_typeattr_693 hal_tv_cec_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_697 hal_tv_cec_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_tv_cec.te
-(neverallow base_typeattr_694 hal_tv_cec_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_698 hal_tv_cec_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server (binder (call transfer)))
@@ -19784,12 +19834,12 @@
(allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_cec.te
-(neverallow base_typeattr_695 hal_tv_hdmi_cec_service (service_manager (add)))
+(neverallow base_typeattr_699 hal_tv_hdmi_cec_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_cec.te
-(neverallow base_typeattr_696 hal_tv_hdmi_cec_service (service_manager (find)))
+(neverallow base_typeattr_700 hal_tv_hdmi_cec_service (service_manager (find)))
;;* lme
(allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server (binder (call transfer)))
@@ -19806,12 +19856,12 @@
(allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_connection.te
-(neverallow base_typeattr_697 hal_tv_hdmi_connection_service (service_manager (add)))
+(neverallow base_typeattr_701 hal_tv_hdmi_connection_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_connection.te
-(neverallow base_typeattr_698 hal_tv_hdmi_connection_service (service_manager (find)))
+(neverallow base_typeattr_702 hal_tv_hdmi_connection_service (service_manager (find)))
;;* lme
(allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server (binder (call transfer)))
@@ -19828,12 +19878,12 @@
(allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_earc.te
-(neverallow base_typeattr_699 hal_tv_hdmi_earc_service (service_manager (add)))
+(neverallow base_typeattr_703 hal_tv_hdmi_earc_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_earc.te
-(neverallow base_typeattr_700 hal_tv_hdmi_earc_service (service_manager (find)))
+(neverallow base_typeattr_704 hal_tv_hdmi_earc_service (service_manager (find)))
;;* lme
(allow hal_tv_input_client hal_tv_input_server (binder (call transfer)))
@@ -19847,24 +19897,24 @@
(allow hal_tv_input_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_tv_input.te
-(neverallow base_typeattr_701 hal_tv_input_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_705 hal_tv_input_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_tv_input.te
-(neverallow base_typeattr_702 hal_tv_input_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_706 hal_tv_input_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_tv_input_client hal_tv_input_service (service_manager (find)))
(allow hal_tv_input_server hal_tv_input_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_tv_input.te
-(neverallow base_typeattr_701 hal_tv_input_service (service_manager (add)))
+(neverallow base_typeattr_705 hal_tv_input_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_tv_input.te
-(neverallow base_typeattr_703 hal_tv_input_service (service_manager (find)))
+(neverallow base_typeattr_707 hal_tv_input_service (service_manager (find)))
;;* lme
(allow hal_tv_input_server servicemanager (binder (call transfer)))
@@ -19884,24 +19934,24 @@
(allow hal_tv_tuner_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_tv_tuner.te
-(neverallow base_typeattr_704 hal_tv_tuner_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_708 hal_tv_tuner_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_tv_tuner.te
-(neverallow base_typeattr_705 hal_tv_tuner_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_709 hal_tv_tuner_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_tv_tuner_client hal_tv_tuner_service (service_manager (find)))
(allow hal_tv_tuner_server hal_tv_tuner_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_tv_tuner.te
-(neverallow base_typeattr_704 hal_tv_tuner_service (service_manager (add)))
+(neverallow base_typeattr_708 hal_tv_tuner_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_tv_tuner.te
-(neverallow base_typeattr_706 hal_tv_tuner_service (service_manager (find)))
+(neverallow base_typeattr_710 hal_tv_tuner_service (service_manager (find)))
;;* lme
(allow hal_tv_tuner_server servicemanager (binder (call transfer)))
@@ -19920,12 +19970,12 @@
(allow hal_usb_server hal_usb_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_usb.te
-(neverallow base_typeattr_707 hal_usb_service (service_manager (add)))
+(neverallow base_typeattr_711 hal_usb_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_usb.te
-(neverallow base_typeattr_708 hal_usb_service (service_manager (find)))
+(neverallow base_typeattr_712 hal_usb_service (service_manager (find)))
;;* lme
(allow hal_usb_server servicemanager (binder (call transfer)))
@@ -19936,12 +19986,12 @@
(allow hal_usb_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 8 system/sepolicy/private/hal_usb.te
-(neverallow base_typeattr_707 hal_usb_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_711 hal_usb_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_usb.te
-(neverallow base_typeattr_709 hal_usb_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_713 hal_usb_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_usb self (netlink_kobject_uevent_socket (create)))
@@ -19965,12 +20015,12 @@
(allow hal_usb_gadget_server hal_usb_gadget_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_usb_gadget.te
-(neverallow base_typeattr_710 hal_usb_gadget_service (service_manager (add)))
+(neverallow base_typeattr_714 hal_usb_gadget_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_usb_gadget.te
-(neverallow base_typeattr_711 hal_usb_gadget_service (service_manager (find)))
+(neverallow base_typeattr_715 hal_usb_gadget_service (service_manager (find)))
;;* lme
(allow hal_usb_gadget_server servicemanager (binder (call transfer)))
@@ -19981,12 +20031,12 @@
(allow hal_usb_gadget_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 8 system/sepolicy/private/hal_usb_gadget.te
-(neverallow base_typeattr_710 hal_usb_gadget_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_714 hal_usb_gadget_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 8 system/sepolicy/private/hal_usb_gadget.te
-(neverallow base_typeattr_712 hal_usb_gadget_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_716 hal_usb_gadget_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_usb_gadget_server configfs (lnk_file (read create unlink)))
@@ -20006,12 +20056,12 @@
(allow hal_uwb_server hal_uwb_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_uwb.te
-(neverallow base_typeattr_713 hal_uwb_service (service_manager (add)))
+(neverallow base_typeattr_717 hal_uwb_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_uwb.te
-(neverallow base_typeattr_714 hal_uwb_service (service_manager (find)))
+(neverallow base_typeattr_718 hal_uwb_service (service_manager (find)))
;;* lme
(allow hal_uwb_server servicemanager (binder (call transfer)))
@@ -20031,24 +20081,24 @@
(allow hal_vehicle_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/hal_vehicle.te
-(neverallow base_typeattr_715 hal_vehicle_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_719 hal_vehicle_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_vehicle.te
-(neverallow base_typeattr_716 hal_vehicle_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_720 hal_vehicle_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_vehicle_client hal_vehicle_service (service_manager (find)))
(allow hal_vehicle_server hal_vehicle_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/hal_vehicle.te
-(neverallow base_typeattr_715 hal_vehicle_service (service_manager (add)))
+(neverallow base_typeattr_719 hal_vehicle_service (service_manager (add)))
;;* lme
;;* lmx 7 system/sepolicy/private/hal_vehicle.te
-(neverallow base_typeattr_717 hal_vehicle_service (service_manager (find)))
+(neverallow base_typeattr_721 hal_vehicle_service (service_manager (find)))
;;* lme
(allow hal_vibrator_client hal_vibrator_server (binder (call transfer)))
@@ -20062,24 +20112,24 @@
(allow hal_vibrator_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_vibrator.te
-(neverallow base_typeattr_718 hal_vibrator_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_722 hal_vibrator_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_vibrator.te
-(neverallow base_typeattr_719 hal_vibrator_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_723 hal_vibrator_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_vibrator_client hal_vibrator_service (service_manager (find)))
(allow hal_vibrator_server hal_vibrator_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_vibrator.te
-(neverallow base_typeattr_718 hal_vibrator_service (service_manager (add)))
+(neverallow base_typeattr_722 hal_vibrator_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_vibrator.te
-(neverallow base_typeattr_720 hal_vibrator_service (service_manager (find)))
+(neverallow base_typeattr_724 hal_vibrator_service (service_manager (find)))
;;* lme
(allow hal_vibrator_server servicemanager (binder (call transfer)))
@@ -20096,12 +20146,12 @@
(allow hal_vm_capabilities_server hal_vm_capabilities_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_vm_capabilities.te
-(neverallow base_typeattr_721 hal_vm_capabilities_service (service_manager (add)))
+(neverallow base_typeattr_725 hal_vm_capabilities_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_vm_capabilities.te
-(neverallow base_typeattr_722 hal_vm_capabilities_service (service_manager (find)))
+(neverallow base_typeattr_726 hal_vm_capabilities_service (service_manager (find)))
;;* lme
(allow hal_vm_capabilities_client servicemanager (binder (call transfer)))
@@ -20119,12 +20169,12 @@
(allow hal_vr_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_vr.te
-(neverallow base_typeattr_723 hal_vr_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_727 hal_vr_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_vr.te
-(neverallow base_typeattr_724 hal_vr_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_728 hal_vr_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_weaver_client hal_weaver_server (binder (call transfer)))
@@ -20135,24 +20185,24 @@
(allow hal_weaver_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 4 system/sepolicy/private/hal_weaver.te
-(neverallow base_typeattr_725 hal_weaver_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_729 hal_weaver_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 4 system/sepolicy/private/hal_weaver.te
-(neverallow base_typeattr_726 hal_weaver_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_730 hal_weaver_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_weaver_client hal_weaver_service (service_manager (find)))
(allow hal_weaver_server hal_weaver_service (service_manager (add find)))
;;* lmx 5 system/sepolicy/private/hal_weaver.te
-(neverallow base_typeattr_725 hal_weaver_service (service_manager (add)))
+(neverallow base_typeattr_729 hal_weaver_service (service_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_weaver.te
-(neverallow base_typeattr_727 hal_weaver_service (service_manager (find)))
+(neverallow base_typeattr_731 hal_weaver_service (service_manager (find)))
;;* lme
(allow hal_weaver_server servicemanager (binder (call transfer)))
@@ -20169,24 +20219,24 @@
(allow hal_wifi_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_wifi.te
-(neverallow base_typeattr_728 hal_wifi_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_732 hal_wifi_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_wifi.te
-(neverallow base_typeattr_729 hal_wifi_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_733 hal_wifi_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_wifi_client hal_wifi_service (service_manager (find)))
(allow hal_wifi_server hal_wifi_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_wifi.te
-(neverallow base_typeattr_728 hal_wifi_service (service_manager (add)))
+(neverallow base_typeattr_732 hal_wifi_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_wifi.te
-(neverallow base_typeattr_730 hal_wifi_service (service_manager (find)))
+(neverallow base_typeattr_734 hal_wifi_service (service_manager (find)))
;;* lme
(allow hal_wifi_server servicemanager (binder (call transfer)))
@@ -20227,24 +20277,24 @@
(allow hal_wifi_hostapd_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_wifi_hostapd.te
-(neverallow base_typeattr_731 hal_wifi_hostapd_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_735 hal_wifi_hostapd_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_wifi_hostapd.te
-(neverallow base_typeattr_732 hal_wifi_hostapd_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_736 hal_wifi_hostapd_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_wifi_hostapd_client hal_wifi_hostapd_service (service_manager (find)))
(allow hal_wifi_hostapd_server hal_wifi_hostapd_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_wifi_hostapd.te
-(neverallow base_typeattr_731 hal_wifi_hostapd_service (service_manager (add)))
+(neverallow base_typeattr_735 hal_wifi_hostapd_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_wifi_hostapd.te
-(neverallow base_typeattr_733 hal_wifi_hostapd_service (service_manager (find)))
+(neverallow base_typeattr_737 hal_wifi_hostapd_service (service_manager (find)))
;;* lme
(allow hal_wifi_hostapd_server servicemanager (binder (call transfer)))
@@ -20284,24 +20334,24 @@
(allow hal_wifi_supplicant_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hal_wifi_supplicant.te
-(neverallow base_typeattr_734 hal_wifi_supplicant_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_738 hal_wifi_supplicant_hwservice (hwservice_manager (add)))
;;* lme
;;* lmx 5 system/sepolicy/private/hal_wifi_supplicant.te
-(neverallow base_typeattr_735 hal_wifi_supplicant_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_739 hal_wifi_supplicant_hwservice (hwservice_manager (find)))
;;* lme
(allow hal_wifi_supplicant_client hal_wifi_supplicant_service (service_manager (find)))
(allow hal_wifi_supplicant_server hal_wifi_supplicant_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/hal_wifi_supplicant.te
-(neverallow base_typeattr_734 hal_wifi_supplicant_service (service_manager (add)))
+(neverallow base_typeattr_738 hal_wifi_supplicant_service (service_manager (add)))
;;* lme
;;* lmx 6 system/sepolicy/private/hal_wifi_supplicant.te
-(neverallow base_typeattr_736 hal_wifi_supplicant_service (service_manager (find)))
+(neverallow base_typeattr_740 hal_wifi_supplicant_service (service_manager (find)))
;;* lme
(allowx hal_wifi_supplicant self (ioctl udp_socket (0x6900 0x6902)))
@@ -20452,12 +20502,12 @@
;;* lmx 72 system/sepolicy/private/heapprofd.te
-(neverallow heapprofd base_typeattr_737 (file (execute execute_no_trans)))
+(neverallow heapprofd base_typeattr_741 (file (execute execute_no_trans)))
;;* lme
;;* lmx 11 system/sepolicy/private/hwservice.te
-(neverallow domain base_typeattr_738 (hwservice_manager (add find)))
+(neverallow domain base_typeattr_742 (hwservice_manager (add find)))
;;* lme
(allow init hwservicemanager_exec (file (read getattr map execute open)))
@@ -20470,14 +20520,14 @@
(allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 5 system/sepolicy/private/hwservicemanager.te
-(neverallow base_typeattr_739 hidl_manager_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_743 hidl_manager_hwservice (hwservice_manager (add)))
;;* lme
(allow hwservicemanager hidl_token_hwservice (hwservice_manager (add find)))
(allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/hwservicemanager.te
-(neverallow base_typeattr_739 hidl_token_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_743 hidl_token_hwservice (hwservice_manager (add)))
;;* lme
(allow hwservicemanager property_socket (sock_file (write)))
@@ -20529,7 +20579,7 @@
(allow idmap idmap_service (service_manager (add find)))
;;* lmx 26 system/sepolicy/private/idmap.te
-(neverallow base_typeattr_740 idmap_service (service_manager (add)))
+(neverallow base_typeattr_744 idmap_service (service_manager (add)))
;;* lme
(allow shell incident_exec (file (read getattr map execute open)))
@@ -20561,9 +20611,9 @@
(allow incidentd incident (binder (transfer)))
(allow incident incidentd (fd (use)))
(allow incident incidentd (fifo_file (write)))
-;;* lmx 37 system/sepolicy/private/incident.te
+;;* lmx 47 system/sepolicy/private/incident.te
-(neverallow base_typeattr_741 incident_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_745 incident_exec (file (execute execute_no_trans)))
;;* lme
(allow incidentd incident_helper_exec (file (read getattr map execute open)))
@@ -20582,9 +20632,9 @@
(allow incident_helper incidentd (fifo_file (read write getattr)))
(allow incident_helper shell (fifo_file (read write getattr)))
(allow incident_helper incidentd (unix_stream_socket (read write)))
-;;* lmx 14 system/sepolicy/private/incident_helper.te
+;;* lmx 23 system/sepolicy/private/incident_helper.te
-(neverallow base_typeattr_742 incident_helper_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_746 incident_helper_exec (file (execute execute_no_trans)))
;;* lme
(allow init incidentd_exec (file (read getattr map execute open)))
@@ -20618,6 +20668,13 @@
(allow incidentd proc_version (file (ioctl read getattr lock map open watch watch_reads)))
(allow incidentd statsdw_socket (sock_file (write)))
(allow incidentd statsd (unix_dgram_socket (sendto)))
+(allow incidentd incidentd_userfaultfd (anon_inode (ioctl read create)))
+(dontaudit su incidentd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+;;* lmx 29 system/sepolicy/private/incidentd.te
+
+(neverallow base_typeattr_747 incidentd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+;;* lme
+
(allow incidentd proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
(allow incidentd proc_meminfo (file (read open)))
(allow incidentd sysfs_devices_system_cpu (file (ioctl read getattr lock map open watch watch_reads)))
@@ -20675,9 +20732,9 @@
(allow incidentd appdomain (binder (call transfer)))
(allow appdomain incidentd (binder (transfer)))
(allow incidentd appdomain (fd (use)))
-;;* lmx 122 system/sepolicy/private/incidentd.te
+;;* lmx 125 system/sepolicy/private/incidentd.te
-(neverallow incidentd base_typeattr_236 (process (ptrace)))
+(neverallow incidentd base_typeattr_239 (process (ptrace)))
;;* lme
(allow incidentd self (capability (kill)))
@@ -20698,11 +20755,11 @@
(allow incidentd misc_logd_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow incidentd misc_logd_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow incidentd misc_logd_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow incidentd base_typeattr_743 (service_manager (find)))
+(allow incidentd base_typeattr_748 (service_manager (find)))
(allow incidentd incident_service (service_manager (add find)))
-;;* lmx 171 system/sepolicy/private/incidentd.te
+;;* lmx 174 system/sepolicy/private/incidentd.te
-(neverallow base_typeattr_744 incident_service (service_manager (add)))
+(neverallow base_typeattr_747 incident_service (service_manager (add)))
;;* lme
(allow incidentd dumpstate (fd (use)))
@@ -20713,19 +20770,19 @@
(allow incident incidentd (binder (transfer)))
(allow incidentd incident (fd (use)))
(allow incidentd build_attestation_prop (file (read getattr map open)))
-;;* lmx 212 system/sepolicy/private/incidentd.te
+;;* lmx 215 system/sepolicy/private/incidentd.te
-(neverallow base_typeattr_745 incident_data_file (file (write create getattr setattr lock append map unlink rename execute open execute_no_trans)))
+(neverallow base_typeattr_749 incident_data_file (file (write create getattr setattr lock append map unlink rename execute open execute_no_trans)))
;;* lme
-;;* lmx 214 system/sepolicy/private/incidentd.te
+;;* lmx 217 system/sepolicy/private/incidentd.te
-(neverallow base_typeattr_746 incident_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_750 incident_data_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
-;;* lmx 216 system/sepolicy/private/incidentd.te
+;;* lmx 219 system/sepolicy/private/incidentd.te
-(neverallow base_typeattr_745 incident_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_749 incident_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
;;* lme
(typetransition init tmpfs file init_tmpfs)
@@ -20821,7 +20878,7 @@
(allow init debugfs_bootreceiver_tracing (file (write lock append map open)))
(allow init prng_seeder (unix_stream_socket (create bind listen)))
(dontaudit init debugfs_tracing_debug (dir (write add_name)))
-(allow init base_typeattr_747 (chr_file (setattr)))
+(allow init base_typeattr_751 (chr_file (setattr)))
(allow init tmpfs (chr_file (ioctl read write create getattr setattr lock append map unlink open watch watch_reads)))
(allow init tmpfs (chr_file (relabelfrom)))
(allow init kmsg_device (chr_file (write getattr relabelto)))
@@ -20923,7 +20980,7 @@
(allow init dev_type (blk_file (ioctl read getattr lock map open watch watch_reads)))
(allowx init dev_type (ioctl blk_file (0x125d)))
(allowx init system_data_root_file (ioctl dir (0x587d)))
-(allow init base_typeattr_748 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
+(allow init base_typeattr_752 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
(allow init debugfs_tracing_debug (filesystem (mount)))
(allow init unlabeled (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
(allow init contextmount_type (filesystem (relabelto)))
@@ -20936,22 +20993,22 @@
(allow init rootfs (dir (relabelfrom)))
(allow init self (capability (chown fowner fsetid)))
(allow init self (cap_userns (chown fowner fsetid)))
-(allow init base_typeattr_749 (dir (ioctl read create getattr setattr open search)))
-(allow init base_typeattr_750 (dir (write relabelfrom add_name remove_name rmdir)))
-(allow init base_typeattr_751 (file (read write create getattr setattr relabelfrom map unlink open)))
+(allow init base_typeattr_753 (dir (ioctl read create getattr setattr open search)))
+(allow init base_typeattr_754 (dir (write relabelfrom add_name remove_name rmdir)))
+(allow init base_typeattr_755 (file (read write create getattr setattr relabelfrom map unlink open)))
(allow init tracefs_type (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
(allow init apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow init base_typeattr_752 (sock_file (read create getattr setattr relabelfrom unlink open)))
-(allow init base_typeattr_752 (fifo_file (read create getattr setattr relabelfrom unlink open)))
-(allow init base_typeattr_753 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow init base_typeattr_756 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow init base_typeattr_756 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow init base_typeattr_757 (lnk_file (create getattr setattr relabelfrom unlink)))
(allow init cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow init base_typeattr_754 (file (relabelto)))
-(allow init base_typeattr_754 (dir (relabelto)))
-(allow init base_typeattr_754 (lnk_file (relabelto)))
-(allow init base_typeattr_754 (chr_file (relabelto)))
-(allow init base_typeattr_754 (blk_file (relabelto)))
-(allow init base_typeattr_754 (sock_file (relabelto)))
-(allow init base_typeattr_754 (fifo_file (relabelto)))
+(allow init base_typeattr_758 (file (relabelto)))
+(allow init base_typeattr_758 (dir (relabelto)))
+(allow init base_typeattr_758 (lnk_file (relabelto)))
+(allow init base_typeattr_758 (chr_file (relabelto)))
+(allow init base_typeattr_758 (blk_file (relabelto)))
+(allow init base_typeattr_758 (sock_file (relabelto)))
+(allow init base_typeattr_758 (fifo_file (relabelto)))
(allow init sysfs (file (getattr relabelfrom)))
(allow init sysfs (dir (getattr relabelfrom)))
(allow init sysfs (lnk_file (getattr relabelfrom)))
@@ -20974,8 +21031,8 @@
(allow init debugfs_tracing_instances (file (write lock append map open)))
(allow init debugfs_wifi_tracing (file (write lock append map open)))
(allow init debugfs_wifi_tracing (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow init base_typeattr_755 (file (read setattr open)))
-(allow init base_typeattr_756 (dir (read setattr open search)))
+(allow init base_typeattr_759 (file (read setattr open)))
+(allow init base_typeattr_760 (dir (read setattr open search)))
(allow init binder_device (chr_file (read open)))
(allow init hwbinder_device (chr_file (read open)))
(allow init dm_device (chr_file (read open)))
@@ -21159,12 +21216,12 @@
;;* lmx 817 system/sepolicy/private/init.te
-(neverallow base_typeattr_375 init (process (transition)))
+(neverallow base_typeattr_378 init (process (transition)))
;;* lme
;;* lmx 818 system/sepolicy/private/init.te
-(neverallow init base_typeattr_757 (file (entrypoint)))
+(neverallow init base_typeattr_761 (file (entrypoint)))
;;* lme
;;* lmx 821 system/sepolicy/private/init.te
@@ -21185,7 +21242,7 @@
;;* lmx 834 system/sepolicy/private/init.te
-(neverallow init base_typeattr_236 (process (noatsecure)))
+(neverallow init base_typeattr_239 (process (noatsecure)))
;;* lme
;;* lmx 837 system/sepolicy/private/init.te
@@ -21210,17 +21267,17 @@
;;* lmx 848 system/sepolicy/private/init.te
-(neverallow base_typeattr_236 init (process (ptrace)))
+(neverallow base_typeattr_239 init (process (ptrace)))
;;* lme
;;* lmx 853 system/sepolicy/private/init.te
-(neverallow base_typeattr_758 system_data_root_file (dir (write add_name remove_name)))
+(neverallow base_typeattr_762 system_data_root_file (dir (write add_name remove_name)))
;;* lme
;;* lmx 856 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 userspace_reboot_exported_prop (property_service (set)))
+(neverallow base_typeattr_238 userspace_reboot_exported_prop (property_service (set)))
;;* lme
;;* lmx 858 system/sepolicy/private/init.te
@@ -21231,32 +21288,32 @@
(dontaudit init self (perf_event (kernel tracepoint read write)))
;;* lmx 863 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 init_perf_lsm_hooks_prop (property_service (set)))
+(neverallow base_typeattr_238 init_perf_lsm_hooks_prop (property_service (set)))
;;* lme
;;* lmx 866 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 vts_status_prop (property_service (set)))
+(neverallow base_typeattr_238 vts_status_prop (property_service (set)))
;;* lme
;;* lmx 869 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 bootloader_prop (property_service (set)))
+(neverallow base_typeattr_238 bootloader_prop (property_service (set)))
;;* lme
;;* lmx 872 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 hal_instrumentation_prop (property_service (set)))
+(neverallow base_typeattr_238 hal_instrumentation_prop (property_service (set)))
;;* lme
;;* lmx 875 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 property_service_version_prop (property_service (set)))
+(neverallow base_typeattr_238 property_service_version_prop (property_service (set)))
;;* lme
;;* lmx 878 system/sepolicy/private/init.te
-(neverallow base_typeattr_235 keystore_listen_prop (property_service (set)))
+(neverallow base_typeattr_238 keystore_listen_prop (property_service (set)))
;;* lme
(allow init inputflinger_exec (file (read getattr map execute open)))
@@ -21451,7 +21508,7 @@
(allow installd installd_service (service_manager (add find)))
;;* lmx 192 system/sepolicy/private/installd.te
-(neverallow base_typeattr_759 installd_service (service_manager (add)))
+(neverallow base_typeattr_763 installd_service (service_manager (add)))
;;* lme
(allow installd dumpstate (fifo_file (write getattr)))
@@ -21471,17 +21528,17 @@
(allow installd virtualizationservice_data_file (file (unlink)))
;;* lmx 241 system/sepolicy/private/installd.te
-(neverallow base_typeattr_760 installd_service (service_manager (find)))
+(neverallow base_typeattr_764 installd_service (service_manager (find)))
;;* lme
;;* lmx 242 system/sepolicy/private/installd.te
-(neverallow base_typeattr_761 installd (binder (call)))
+(neverallow base_typeattr_765 installd (binder (call)))
;;* lme
;;* lmx 248 system/sepolicy/private/installd.te
-(neverallow installd base_typeattr_762 (binder (call)))
+(neverallow installd base_typeattr_766 (binder (call)))
;;* lme
(typetransition isolated_app tmpfs file appdomain_tmpfs)
@@ -21489,23 +21546,23 @@
(dontaudit su isolated_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 10 system/sepolicy/private/isolated_app.te
-(neverallow base_typeattr_284 isolated_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_287 isolated_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow isolated_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 10 system/sepolicy/private/isolated_app.te
-(neverallow base_typeattr_763 base_typeattr_284 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_767 base_typeattr_287 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 10 system/sepolicy/private/isolated_app.te
-(neverallow base_typeattr_764 isolated_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_768 isolated_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 10 system/sepolicy/private/isolated_app.te
-(neverallow base_typeattr_765 isolated_app (process (ptrace)))
+(neverallow base_typeattr_769 isolated_app (process (ptrace)))
;;* lme
(allow isolated_app webviewupdate_service (service_manager (find)))
@@ -21551,12 +21608,12 @@
;;* lmx 53 system/sepolicy/private/isolated_app_all.te
-(neverallow base_typeattr_766 hwbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_770 hwbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 54 system/sepolicy/private/isolated_app_all.te
-(neverallow base_typeattr_766 base_typeattr_236 (hwservice_manager (add find list)))
+(neverallow base_typeattr_770 base_typeattr_239 (hwservice_manager (add find list)))
;;* lme
;;* lmx 57 system/sepolicy/private/isolated_app_all.te
@@ -21566,17 +21623,17 @@
;;* lmx 61 system/sepolicy/private/isolated_app_all.te
-(neverallow base_typeattr_766 base_typeattr_236 (service_manager (add list)))
+(neverallow base_typeattr_770 base_typeattr_239 (service_manager (add list)))
;;* lme
;;* lmx 71 system/sepolicy/private/isolated_app_all.te
-(neverallow base_typeattr_766 base_typeattr_767 (service_manager (find)))
+(neverallow base_typeattr_770 base_typeattr_771 (service_manager (find)))
;;* lme
;;* lmx 74 system/sepolicy/private/isolated_app_all.te
-(neverallow base_typeattr_766 gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads)))
+(neverallow base_typeattr_770 gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads)))
;;* lme
;;* lmx 77 system/sepolicy/private/isolated_app_all.te
@@ -21646,7 +21703,7 @@
;;* lmx 105 system/sepolicy/private/isolated_app_all.te
-(neverallow base_typeattr_766 base_typeattr_768 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_770 base_typeattr_772 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 126 system/sepolicy/private/isolated_app_all.te
@@ -21933,23 +21990,23 @@
(dontaudit su isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
-(neverallow base_typeattr_769 isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_773 isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow isolated_compute_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
-(neverallow base_typeattr_770 base_typeattr_769 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_774 base_typeattr_773 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
-(neverallow base_typeattr_771 isolated_compute_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_775 isolated_compute_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
-(neverallow base_typeattr_772 isolated_compute_app (process (ptrace)))
+(neverallow base_typeattr_776 isolated_compute_app (process (ptrace)))
;;* lme
(allow isolated_compute_app isolated_compute_allowed_service (service_manager (find)))
@@ -22076,25 +22133,25 @@
(dontaudit kernel dm_user_device (chr_file (create setattr)))
(dontaudit kernel tmpfs (lnk_file (read)))
(dontaudit kernel tmpfs (blk_file (read open)))
-;;* lmx 172 system/sepolicy/private/kernel.te
+;;* lmx 184 system/sepolicy/private/kernel.te
-(neverallow base_typeattr_236 kernel (process (transition dyntransition)))
+(neverallow base_typeattr_239 kernel (process (transition dyntransition)))
;;* lme
-;;* lmx 182 system/sepolicy/private/kernel.te
+;;* lmx 194 system/sepolicy/private/kernel.te
-(neverallow kernel base_typeattr_236 (file (execute_no_trans entrypoint)))
+(neverallow kernel base_typeattr_239 (file (execute_no_trans entrypoint)))
;;* lme
-;;* lmx 187 system/sepolicy/private/kernel.te
+;;* lmx 199 system/sepolicy/private/kernel.te
(neverallow kernel self (capability (dac_override dac_read_search)))
(neverallow kernel self (cap_userns (dac_override dac_read_search)))
;;* lme
-;;* lmx 190 system/sepolicy/private/kernel.te
+;;* lmx 202 system/sepolicy/private/kernel.te
-(neverallow base_typeattr_236 kernel (process (ptrace)))
+(neverallow base_typeattr_239 kernel (process (ptrace)))
;;* lme
(allow init keystore_exec (file (read getattr map execute open)))
@@ -22146,7 +22203,7 @@
(allow keystore keystore_service (service_manager (add find)))
;;* lmx 62 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 keystore_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_service (service_manager (add)))
;;* lme
(allow keystore sec_key_att_app_id_provider_service (service_manager (find)))
@@ -22157,37 +22214,37 @@
(allow keystore apc_service (service_manager (add find)))
;;* lmx 71 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 apc_service (service_manager (add)))
+(neverallow base_typeattr_777 apc_service (service_manager (add)))
;;* lme
(allow keystore keystore_compat_hal_service (service_manager (add find)))
;;* lmx 72 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 keystore_compat_hal_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_compat_hal_service (service_manager (add)))
;;* lme
(allow keystore authorization_service (service_manager (add find)))
;;* lmx 73 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 authorization_service (service_manager (add)))
+(neverallow base_typeattr_777 authorization_service (service_manager (add)))
;;* lme
(allow keystore keystore_maintenance_service (service_manager (add find)))
;;* lmx 74 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 keystore_maintenance_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_maintenance_service (service_manager (add)))
;;* lme
(allow keystore keystore_metrics_service (service_manager (add find)))
;;* lmx 75 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 keystore_metrics_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_metrics_service (service_manager (add)))
;;* lme
(allow keystore legacykeystore_service (service_manager (add find)))
;;* lmx 76 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 legacykeystore_service (service_manager (add)))
+(neverallow base_typeattr_777 legacykeystore_service (service_manager (add)))
;;* lme
(allow keystore selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -22206,38 +22263,38 @@
(allow keystore keystore_config_prop (file (read getattr map open)))
;;* lmx 97 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 keystore_data_file (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_777 keystore_data_file (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 98 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_773 keystore_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_773 keystore_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_773 keystore_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_773 keystore_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_777 keystore_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_777 keystore_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_777 keystore_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_777 keystore_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 100 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_774 keystore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_778 keystore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 101 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_774 keystore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_774 keystore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_774 keystore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_774 keystore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_778 keystore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_778 keystore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_778 keystore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_778 keystore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 103 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_236 keystore (process (ptrace)))
+(neverallow base_typeattr_239 keystore (process (ptrace)))
;;* lme
;;* lmx 107 system/sepolicy/private/keystore.te
-(neverallow base_typeattr_774 keystore_diagnostics_prop (property_service (set)))
+(neverallow base_typeattr_778 keystore_diagnostics_prop (property_service (set)))
;;* lme
(allow init linkerconfig_exec (file (read getattr map execute open)))
@@ -22259,9 +22316,9 @@
(allow linkerconfig postinstall_apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
(allow linkerconfig postinstall_apex_mnt_dir (file (ioctl read getattr lock map open watch watch_reads)))
(allow linkerconfig dexopt_chroot_setup (fd (use)))
-;;* lmx 39 system/sepolicy/private/linkerconfig.te
+;;* lmx 40 system/sepolicy/private/linkerconfig.te
-(neverallow base_typeattr_775 linkerconfig_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_779 linkerconfig_exec (file (execute execute_no_trans)))
;;* lme
(allow init linux_vm_setup_exec (file (read getattr map execute open)))
@@ -22290,7 +22347,7 @@
(allow llkd kmsg_device (chr_file (write lock append map open)))
;;* lmx 49 system/sepolicy/private/llkd.te
-(neverallow base_typeattr_235 llkd (process (transition dyntransition)))
+(neverallow base_typeattr_238 llkd (process (transition dyntransition)))
;;* lme
;;* lmx 50 system/sepolicy/private/llkd.te
@@ -22300,7 +22357,7 @@
;;* lmx 53 system/sepolicy/private/llkd.te
-(neverallow base_typeattr_236 llkd (process (noatsecure)))
+(neverallow base_typeattr_239 llkd (process (noatsecure)))
;;* lme
(allow init lmkd_exec (file (read getattr map execute open)))
@@ -22359,7 +22416,7 @@
(allow lmkd statsd (unix_dgram_socket (sendto)))
;;* lmx 92 system/sepolicy/private/lmkd.te
-(neverallow base_typeattr_236 lmkd (process (noatsecure)))
+(neverallow base_typeattr_239 lmkd (process (noatsecure)))
;;* lme
;;* lmx 93 system/sepolicy/private/lmkd.te
@@ -22370,7 +22427,7 @@
;;* lmx 94 system/sepolicy/private/lmkd.te
-(neverallow base_typeattr_776 lmkd_prop (property_service (set)))
+(neverallow base_typeattr_780 lmkd_prop (property_service (set)))
;;* lme
;;* lmx 95 system/sepolicy/private/lmkd.te
@@ -22387,17 +22444,17 @@
(allow logd device_logging_prop (file (read getattr map open)))
;;* lmx 17 system/sepolicy/private/logd.te
-(neverallow logd base_typeattr_777 (file (write create append)))
+(neverallow logd base_typeattr_781 (file (write create append)))
;;* lme
;;* lmx 32 system/sepolicy/private/logd.te
-(neverallow base_typeattr_778 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_782 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 43 system/sepolicy/private/logd.te
-(neverallow base_typeattr_779 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_783 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow logd servicemanager (binder (call transfer)))
@@ -22408,7 +22465,7 @@
(allow logd logd_service (service_manager (add find)))
;;* lmx 50 system/sepolicy/private/logd.te
-(neverallow base_typeattr_780 logd_service (service_manager (add)))
+(neverallow base_typeattr_784 logd_service (service_manager (add)))
;;* lme
(allow logd logcat_service (service_manager (find)))
@@ -22478,28 +22535,28 @@
;;* lmx 116 system/sepolicy/private/logd.te
-(neverallow logd base_typeattr_781 (file (write)))
-(neverallow logd base_typeattr_781 (dir (write)))
-(neverallow logd base_typeattr_781 (lnk_file (write)))
-(neverallow logd base_typeattr_781 (chr_file (write)))
-(neverallow logd base_typeattr_781 (blk_file (write)))
-(neverallow logd base_typeattr_781 (sock_file (write)))
-(neverallow logd base_typeattr_781 (fifo_file (write)))
+(neverallow logd base_typeattr_785 (file (write)))
+(neverallow logd base_typeattr_785 (dir (write)))
+(neverallow logd base_typeattr_785 (lnk_file (write)))
+(neverallow logd base_typeattr_785 (chr_file (write)))
+(neverallow logd base_typeattr_785 (blk_file (write)))
+(neverallow logd base_typeattr_785 (sock_file (write)))
+(neverallow logd base_typeattr_785 (fifo_file (write)))
;;* lme
;;* lmx 119 system/sepolicy/private/logd.te
-(neverallow base_typeattr_235 logd (process (transition)))
+(neverallow base_typeattr_238 logd (process (transition)))
;;* lme
;;* lmx 120 system/sepolicy/private/logd.te
-(neverallow base_typeattr_236 logd (process (dyntransition)))
+(neverallow base_typeattr_239 logd (process (dyntransition)))
;;* lme
;;* lmx 127 system/sepolicy/private/logd.te
-(neverallow base_typeattr_782 runtime_event_log_tags_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_786 runtime_event_log_tags_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
(allow logpersist shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
@@ -22536,7 +22593,7 @@
;;* lmx 54 system/sepolicy/private/logpersist.te
-(neverallow base_typeattr_236 logpersist (process (dyntransition)))
+(neverallow base_typeattr_239 logpersist (process (dyntransition)))
;;* lme
;;* lmx 61 system/sepolicy/private/logpersist.te
@@ -22546,17 +22603,17 @@
;;* lmx 62 system/sepolicy/private/logpersist.te
-(neverallow base_typeattr_783 misc_logd_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_787 misc_logd_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 63 system/sepolicy/private/logpersist.te
-(neverallow base_typeattr_235 misc_logd_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_238 misc_logd_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
;;* lmx 64 system/sepolicy/private/logpersist.te
-(neverallow base_typeattr_235 misc_logd_file (dir (write relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_238 misc_logd_file (dir (write relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
(allow init lpdumpd_exec (file (read getattr map execute open)))
@@ -22570,7 +22627,7 @@
(allow lpdumpd lpdump_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/lpdumpd.te
-(neverallow base_typeattr_784 lpdump_service (service_manager (add)))
+(neverallow base_typeattr_788 lpdump_service (service_manager (add)))
;;* lme
(allow lpdumpd block_device (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -22592,12 +22649,12 @@
(allow lpdumpd ota_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 39 system/sepolicy/private/lpdumpd.te
-(neverallow base_typeattr_785 lpdump_service (service_manager (find)))
+(neverallow base_typeattr_789 lpdump_service (service_manager (find)))
;;* lme
;;* lmx 47 system/sepolicy/private/lpdumpd.te
-(neverallow base_typeattr_786 lpdumpd (binder (call)))
+(neverallow base_typeattr_790 lpdumpd (binder (call)))
;;* lme
(allow init mdnsd_exec (file (read getattr map execute open)))
@@ -22627,7 +22684,7 @@
(allow mediadrmserver mediadrmserver_service (service_manager (add find)))
;;* lmx 18 system/sepolicy/private/mediadrmserver.te
-(neverallow base_typeattr_787 mediadrmserver_service (service_manager (add)))
+(neverallow base_typeattr_791 mediadrmserver_service (service_manager (add)))
;;* lme
(allow mediadrmserver mediaserver_service (service_manager (find)))
@@ -22689,7 +22746,7 @@
(allow mediaextractor mediaextractor_service (service_manager (add find)))
;;* lmx 19 system/sepolicy/private/mediaextractor.te
-(neverallow base_typeattr_788 mediaextractor_service (service_manager (add)))
+(neverallow base_typeattr_792 mediaextractor_service (service_manager (add)))
;;* lme
(allow mediaextractor mediametrics_service (service_manager (find)))
@@ -22763,7 +22820,7 @@
(allow mediametrics mediametrics_service (service_manager (add find)))
;;* lmx 14 system/sepolicy/private/mediametrics.te
-(neverallow base_typeattr_789 mediametrics_service (service_manager (add)))
+(neverallow base_typeattr_793 mediametrics_service (service_manager (add)))
;;* lme
(allow mediametrics system_server (fd (use)))
@@ -22801,23 +22858,23 @@
(dontaudit su mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 7 system/sepolicy/private/mediaprovider.te
-(neverallow base_typeattr_790 mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_794 mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow mediaprovider appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 7 system/sepolicy/private/mediaprovider.te
-(neverallow base_typeattr_791 base_typeattr_790 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_795 base_typeattr_794 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/mediaprovider.te
-(neverallow base_typeattr_792 mediaprovider (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_796 mediaprovider (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/mediaprovider.te
-(neverallow base_typeattr_793 mediaprovider (process (ptrace)))
+(neverallow base_typeattr_797 mediaprovider (process (ptrace)))
;;* lme
(allow mediaprovider cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -22849,23 +22906,23 @@
(dontaudit su mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
-(neverallow base_typeattr_794 mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_798 mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow mediaprovider_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
-(neverallow base_typeattr_795 base_typeattr_794 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_799 base_typeattr_798 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
-(neverallow base_typeattr_796 mediaprovider_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_800 mediaprovider_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
-(neverallow base_typeattr_797 mediaprovider_app (process (ptrace)))
+(neverallow base_typeattr_801 mediaprovider_app (process (ptrace)))
;;* lme
(allow mediaprovider_app mnt_pass_through_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -22986,7 +23043,7 @@
(allow mediaserver mediaserver_service (service_manager (add find)))
;;* lmx 103 system/sepolicy/private/mediaserver.te
-(neverallow base_typeattr_798 mediaserver_service (service_manager (add)))
+(neverallow base_typeattr_802 mediaserver_service (service_manager (add)))
;;* lme
(allow mediaserver activity_service (service_manager (find)))
@@ -23121,7 +23178,7 @@
(allow mediatranscoding mediatranscoding_service (service_manager (add find)))
;;* lmx 15 system/sepolicy/private/mediatranscoding.te
-(neverallow base_typeattr_799 mediatranscoding_service (service_manager (add)))
+(neverallow base_typeattr_803 mediatranscoding_service (service_manager (add)))
;;* lme
(allow mediatranscoding mediaserver_service (service_manager (find)))
@@ -23173,7 +23230,7 @@
(allow mediatuner mediatuner_service (service_manager (add find)))
;;* lmx 14 system/sepolicy/private/mediatuner.te
-(neverallow base_typeattr_800 mediatuner_service (service_manager (add)))
+(neverallow base_typeattr_804 mediatuner_service (service_manager (add)))
;;* lme
(allow mediatuner system_server (fd (use)))
@@ -23263,20 +23320,20 @@
(dontaudit misctrl vendor_property_type (file (read)))
;;* lmx 16 system/sepolicy/private/mlstrustedsubject.te
-(neverallow base_typeattr_801 app_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_801 privapp_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_805 app_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_805 privapp_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 26 system/sepolicy/private/mlstrustedsubject.te
-(neverallow base_typeattr_801 app_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_801 privapp_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_805 app_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_805 privapp_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 49 system/sepolicy/private/mlstrustedsubject.te
-(neverallow base_typeattr_802 app_data_file (dir (read getattr search)))
-(neverallow base_typeattr_802 privapp_data_file (dir (read getattr search)))
+(neverallow base_typeattr_806 app_data_file (dir (read getattr search)))
+(neverallow base_typeattr_806 privapp_data_file (dir (read getattr search)))
;;* lme
(allow init mm_events_exec (file (read getattr map execute open)))
@@ -23303,13 +23360,14 @@
(typetransition init mmd_exec process mmd)
(allow mmd property_socket (sock_file (write)))
(allow mmd init (unix_stream_socket (connectto)))
-(allow mmd mmd_prop (property_service (set)))
+(allow mmd mmd_status_prop (property_service (set)))
+(allow mmd mmd_status_prop (file (read getattr map open)))
(allow mmd mmd_prop (file (read getattr map open)))
(allow mmd device_config_mmd_native_prop (file (read getattr map open)))
(allow mmd mmd_service (service_manager (add find)))
-;;* lmx 13 system/sepolicy/private/mmd.te
+;;* lmx 14 system/sepolicy/private/mmd.te
-(neverallow base_typeattr_803 mmd_service (service_manager (add)))
+(neverallow base_typeattr_807 mmd_service (service_manager (add)))
;;* lme
(allow mmd servicemanager (binder (call transfer)))
@@ -23321,6 +23379,13 @@
(allow mmd block_device (dir (search)))
(allow mmd swap_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow mmd self (capability (sys_admin)))
+(allow mmd statsdw_socket (sock_file (write)))
+(allow mmd statsd (unix_dgram_socket (sendto)))
+(allow mmd stats_service (service_manager (find)))
+(allow mmd statsmanager_service (service_manager (find)))
+(allow mmd statsd (binder (call transfer)))
+(allow statsd mmd (binder (transfer)))
+(allow mmd statsd (fd (use)))
(allow modprobe proc_modules (file (ioctl read getattr lock map open watch watch_reads)))
(allow modprobe proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
(allow modprobe self (capability (sys_module)))
@@ -23348,13 +23413,13 @@
(allow mtectrl proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
(dontaudit mtectrl sysfs_dt_firmware_android (dir (search)))
(dontaudit mtectrl vendor_property_type (file (read)))
-(allow base_typeattr_804 node_type (tcp_socket (node_bind)))
-(allow base_typeattr_804 node_type (udp_socket (node_bind)))
-(allow base_typeattr_804 node_type (rawip_socket (node_bind)))
-(allow base_typeattr_804 node_type (icmp_socket (node_bind)))
-(allow base_typeattr_804 port_type (udp_socket (name_bind)))
-(allow base_typeattr_804 port_type (tcp_socket (name_bind)))
-(allow base_typeattr_805 self (netlink_route_socket (bind nlmsg_readpriv nlmsg_getneigh)))
+(allow base_typeattr_808 node_type (tcp_socket (node_bind)))
+(allow base_typeattr_808 node_type (udp_socket (node_bind)))
+(allow base_typeattr_808 node_type (rawip_socket (node_bind)))
+(allow base_typeattr_808 node_type (icmp_socket (node_bind)))
+(allow base_typeattr_808 port_type (udp_socket (name_bind)))
+(allow base_typeattr_808 port_type (tcp_socket (name_bind)))
+(allow base_typeattr_809 self (netlink_route_socket (bind nlmsg_readpriv nlmsg_getneigh)))
(allow netdomain self (tcp_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
(allow netdomain self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
(allow netdomain self (rawip_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -23467,19 +23532,19 @@
(allow netd netd_service (service_manager (add find)))
;;* lmx 116 system/sepolicy/private/netd.te
-(neverallow base_typeattr_806 netd_service (service_manager (add)))
+(neverallow base_typeattr_810 netd_service (service_manager (add)))
;;* lme
(allow netd dnsresolver_service (service_manager (add find)))
;;* lmx 117 system/sepolicy/private/netd.te
-(neverallow base_typeattr_806 dnsresolver_service (service_manager (add)))
+(neverallow base_typeattr_810 dnsresolver_service (service_manager (add)))
;;* lme
(allow netd mdns_service (service_manager (add find)))
;;* lmx 118 system/sepolicy/private/netd.te
-(neverallow base_typeattr_806 mdns_service (service_manager (add)))
+(neverallow base_typeattr_810 mdns_service (service_manager (add)))
;;* lme
(allow netd dumpstate (fifo_file (write getattr)))
@@ -23497,7 +23562,7 @@
(allow netd hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 142 system/sepolicy/private/netd.te
-(neverallow base_typeattr_806 system_net_netd_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_810 system_net_netd_hwservice (hwservice_manager (add)))
;;* lme
(allow netd hwservicemanager (binder (call transfer)))
@@ -23508,7 +23573,7 @@
(allow netd system_net_netd_service (service_manager (add find)))
;;* lmx 147 system/sepolicy/private/netd.te
-(neverallow base_typeattr_806 system_net_netd_service (service_manager (add)))
+(neverallow base_typeattr_810 system_net_netd_service (service_manager (add)))
;;* lme
;;* lmx 155 system/sepolicy/private/netd.te
@@ -23552,27 +23617,27 @@
;;* lmx 174 system/sepolicy/private/netd.te
-(neverallow base_typeattr_807 netd_service (service_manager (find)))
+(neverallow base_typeattr_811 netd_service (service_manager (find)))
;;* lme
;;* lmx 184 system/sepolicy/private/netd.te
-(neverallow base_typeattr_807 dnsresolver_service (service_manager (find)))
+(neverallow base_typeattr_811 dnsresolver_service (service_manager (find)))
;;* lme
;;* lmx 194 system/sepolicy/private/netd.te
-(neverallow base_typeattr_807 mdns_service (service_manager (find)))
+(neverallow base_typeattr_811 mdns_service (service_manager (find)))
;;* lme
;;* lmx 197 system/sepolicy/private/netd.te
-(neverallow base_typeattr_258 netd (binder (call)))
+(neverallow base_typeattr_261 netd (binder (call)))
;;* lme
;;* lmx 198 system/sepolicy/private/netd.te
-(neverallow netd base_typeattr_258 (binder (call)))
+(neverallow netd base_typeattr_261 (binder (call)))
;;* lme
;;* lmx 203 system/sepolicy/private/netd.te
@@ -23597,12 +23662,12 @@
(dontaudit netd appdomain (unix_stream_socket (read write)))
;;* lmx 221 system/sepolicy/private/netd.te
-(neverallow base_typeattr_808 netd_stable_secret_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_812 netd_stable_secret_prop (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
;;* lmx 225 system/sepolicy/private/netd.te
-(neverallow base_typeattr_809 netd_stable_secret_prop (property_service (set)))
+(neverallow base_typeattr_813 netd_stable_secret_prop (property_service (set)))
;;* lme
(allow netutils_wrapper system_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -23637,13 +23702,13 @@
(allow netutils_wrapper net_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow netutils_wrapper net_data_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow netutils_wrapper net_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_369 netutils_wrapper_exec (file (read getattr map execute open)))
-(allow base_typeattr_369 netutils_wrapper (process (transition)))
+(allow base_typeattr_372 netutils_wrapper_exec (file (read getattr map execute open)))
+(allow base_typeattr_372 netutils_wrapper (process (transition)))
(allow netutils_wrapper netutils_wrapper_exec (file (read getattr map execute open entrypoint)))
-(allow netutils_wrapper base_typeattr_369 (process (sigchld)))
-(dontaudit base_typeattr_369 netutils_wrapper (process (noatsecure)))
-(allow base_typeattr_369 netutils_wrapper (process (siginh rlimitinh)))
-(typetransition base_typeattr_369 netutils_wrapper_exec process netutils_wrapper)
+(allow netutils_wrapper base_typeattr_372 (process (sigchld)))
+(dontaudit base_typeattr_372 netutils_wrapper (process (noatsecure)))
+(allow base_typeattr_372 netutils_wrapper (process (siginh rlimitinh)))
+(typetransition base_typeattr_372 netutils_wrapper_exec process netutils_wrapper)
(dontaudit netutils_wrapper self (capability (sys_resource)))
(dontaudit netutils_wrapper self (cap_userns (sys_resource)))
(dontaudit netutils_wrapper sysfs_type (file (read)))
@@ -23663,23 +23728,23 @@
(dontaudit su network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 6 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_810 network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_814 network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow network_stack appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 6 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_811 base_typeattr_810 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_815 base_typeattr_814 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_812 network_stack (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_816 network_stack (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_813 network_stack (process (ptrace)))
+(neverallow base_typeattr_817 network_stack (process (ptrace)))
;;* lme
(allow network_stack self (capability (net_bind_service net_broadcast net_admin net_raw)))
@@ -23709,6 +23774,9 @@
(allow network_stack netd (fd (use)))
(allow network_stack self (key_socket (create)))
(dontaudit network_stack self (key_socket (getopt)))
+(allow network_stack proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow network_stack proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
+(allow network_stack proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow network_stack device_config_connectivity_prop (file (read getattr map open)))
(allow network_stack self (netlink_tcpdiag_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
(allow network_stack self (netlink_netfilter_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -23733,64 +23801,64 @@
(allow network_stack self (netlink_xfrm_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
(allow network_stack tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allowx network_stack tun_device (ioctl chr_file (0x54ca 0x54cd 0x54d2 0x54e2)))
-;;* lmx 87 system/sepolicy/private/network_stack.te
-
-(neverallow base_typeattr_312 fs_bpf_net_private (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-;;* lme
-
-;;* lmx 88 system/sepolicy/private/network_stack.te
-
-(neverallow base_typeattr_312 fs_bpf_net_private (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-;;* lme
-
;;* lmx 91 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_313 fs_bpf_net_shared (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_315 fs_bpf_net_private (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 92 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_313 fs_bpf_net_shared (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_315 fs_bpf_net_private (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+;;* lme
+
+;;* lmx 95 system/sepolicy/private/network_stack.te
+
+(neverallow base_typeattr_316 fs_bpf_net_shared (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 96 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_314 fs_bpf_netd_readonly (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_316 fs_bpf_net_shared (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 97 system/sepolicy/private/network_stack.te
+;;* lmx 100 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_314 fs_bpf_netd_readonly (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_317 fs_bpf_netd_readonly (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 98 system/sepolicy/private/network_stack.te
+;;* lmx 101 system/sepolicy/private/network_stack.te
-(neverallow netd fs_bpf_netd_readonly (file (write)))
+(neverallow base_typeattr_317 fs_bpf_netd_readonly (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 102 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_315 fs_bpf_netd_shared (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow netd fs_bpf_netd_readonly (file (write)))
;;* lme
-;;* lmx 103 system/sepolicy/private/network_stack.te
+;;* lmx 106 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_315 fs_bpf_netd_shared (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-;;* lme
-
-;;* lmx 104 system/sepolicy/private/network_stack.te
-
-(neverallow netutils_wrapper fs_bpf_netd_shared (file (write)))
+(neverallow base_typeattr_318 fs_bpf_netd_shared (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 107 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_312 fs_bpf_tethering (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_318 fs_bpf_netd_shared (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 108 system/sepolicy/private/network_stack.te
-(neverallow base_typeattr_312 fs_bpf_tethering (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow netutils_wrapper fs_bpf_netd_shared (file (write)))
+;;* lme
+
+;;* lmx 111 system/sepolicy/private/network_stack.te
+
+(neverallow base_typeattr_315 fs_bpf_tethering (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+;;* lme
+
+;;* lmx 112 system/sepolicy/private/network_stack.te
+
+(neverallow base_typeattr_315 fs_bpf_tethering (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(typetransition nfc tmpfs file appdomain_tmpfs)
@@ -23798,29 +23866,29 @@
(dontaudit su nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 3 system/sepolicy/private/nfc.te
-(neverallow base_typeattr_814 nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_818 nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow nfc appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 3 system/sepolicy/private/nfc.te
-(neverallow base_typeattr_815 base_typeattr_814 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_819 base_typeattr_818 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/nfc.te
-(neverallow base_typeattr_816 nfc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_820 nfc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/nfc.te
-(neverallow base_typeattr_817 nfc (process (ptrace)))
+(neverallow base_typeattr_821 nfc (process (ptrace)))
;;* lme
(allow nfc nfc_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/nfc.te
-(neverallow base_typeattr_814 nfc_service (service_manager (add)))
+(neverallow base_typeattr_818 nfc_service (service_manager (add)))
;;* lme
(allow nfc nfc_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -23855,7 +23923,7 @@
(dontaudit su odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 14 system/sepolicy/private/odrefresh.te
-(neverallow base_typeattr_818 odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_822 odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow odrefresh apex_art_staging_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -23892,17 +23960,17 @@
(allow odrefresh artd (fd (use)))
;;* lmx 65 system/sepolicy/private/odrefresh.te
-(neverallow base_typeattr_819 apex_art_staging_data_file (file (open)))
+(neverallow base_typeattr_823 apex_art_staging_data_file (file (open)))
;;* lme
;;* lmx 71 system/sepolicy/private/odrefresh.te
-(neverallow base_typeattr_820 odrefresh_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_824 odrefresh_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 72 system/sepolicy/private/odrefresh.te
-(neverallow base_typeattr_821 odrefresh_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_825 odrefresh_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(allow init odsign_exec (file (read getattr map execute open)))
@@ -23920,7 +23988,7 @@
(allowx odsign odsign_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
;;* lmx 21 system/sepolicy/private/odsign.te
-(neverallowx base_typeattr_236 odsign_devpts (ioctl chr_file (0x5412)))
+(neverallowx base_typeattr_239 odsign_devpts (ioctl chr_file (0x5412)))
;;* lme
(allowx odsign apex_art_data_file (ioctl file (0x6601 (range 0x6685 0x6686))))
@@ -23959,7 +24027,7 @@
(allow odsign odsign_prop (file (read getattr map open)))
;;* lmx 59 system/sepolicy/private/odsign.te
-(neverallow base_typeattr_822 odsign_prop (property_service (set)))
+(neverallow base_typeattr_826 odsign_prop (property_service (set)))
;;* lme
(allow odsign property_socket (sock_file (write)))
@@ -23968,12 +24036,12 @@
(allow odsign ctl_odsign_prop (file (read getattr map open)))
;;* lmx 65 system/sepolicy/private/odsign.te
-(neverallow base_typeattr_822 odsign_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_826 odsign_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 66 system/sepolicy/private/odsign.te
-(neverallow base_typeattr_822 odsign_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_826 odsign_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(allow init ot_daemon_exec (file (read getattr map execute open)))
@@ -23993,7 +24061,7 @@
(allow ot_daemon ot_daemon_service (service_manager (add find)))
;;* lmx 36 system/sepolicy/private/ot_daemon.te
-(neverallow base_typeattr_823 ot_daemon_service (service_manager (add)))
+(neverallow base_typeattr_827 ot_daemon_service (service_manager (add)))
;;* lme
(allow ot_daemon system_server (binder (call transfer)))
@@ -24005,7 +24073,7 @@
(allow ot_daemon dumpstate (fifo_file (write)))
;;* lmx 53 system/sepolicy/private/ot_daemon.te
-(neverallow base_typeattr_824 ot_daemon_socket (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_828 ot_daemon_socket (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow otapreopt_chroot postinstall_file (dir (mounton search)))
@@ -24141,12 +24209,12 @@
(dontauditx perfetto shell (ioctl fifo_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
;;* lmx 99 system/sepolicy/private/perfetto.te
-(neverallow base_typeattr_825 perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_829 perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 109 system/sepolicy/private/perfetto.te
-(neverallow base_typeattr_826 perfetto_traces_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_830 perfetto_traces_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 115 system/sepolicy/private/perfetto.te
@@ -24166,17 +24234,17 @@
;;* lmx 139 system/sepolicy/private/perfetto.te
-(neverallow perfetto base_typeattr_827 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow perfetto base_typeattr_831 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 144 system/sepolicy/private/perfetto.te
-(neverallow perfetto base_typeattr_828 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow perfetto base_typeattr_832 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 152 system/sepolicy/private/perfetto.te
-(neverallow perfetto base_typeattr_829 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow perfetto base_typeattr_833 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
(allow init performanced_exec (file (read getattr map execute open)))
@@ -24197,7 +24265,7 @@
(allow performanced pdx_performance_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 10 system/sepolicy/private/performanced.te
-(neverallow base_typeattr_830 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_834 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
;;* lme
(allow performanced self (capability (setgid setuid sys_nice)))
@@ -24230,23 +24298,23 @@
(dontaudit su permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
-(neverallow base_typeattr_831 permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_835 permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow permissioncontroller_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
-(neverallow base_typeattr_832 base_typeattr_831 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_836 base_typeattr_835 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
-(neverallow base_typeattr_833 permissioncontroller_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_837 permissioncontroller_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
-(neverallow base_typeattr_834 permissioncontroller_app (process (ptrace)))
+(neverallow base_typeattr_838 permissioncontroller_app (process (ptrace)))
;;* lme
(allow permissioncontroller_app app_api_service (service_manager (find)))
@@ -24266,23 +24334,23 @@
(dontaudit su platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 7 system/sepolicy/private/platform_app.te
-(neverallow base_typeattr_835 platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_839 platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow platform_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 7 system/sepolicy/private/platform_app.te
-(neverallow base_typeattr_836 base_typeattr_835 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_840 base_typeattr_839 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/platform_app.te
-(neverallow base_typeattr_837 platform_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_841 platform_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/platform_app.te
-(neverallow base_typeattr_838 platform_app (process (ptrace)))
+(neverallow base_typeattr_842 platform_app (process (ptrace)))
;;* lme
(allow platform_app shell_data_file (dir (search)))
@@ -24306,7 +24374,7 @@
(allow platform_app radio_cdma_ecm_prop (file (read getattr map open)))
;;* lmx 46 system/sepolicy/private/platform_app.te
-(neverallow base_typeattr_839 persist_wm_debug_prop (property_service (set)))
+(neverallow base_typeattr_476 persist_wm_debug_prop (property_service (set)))
;;* lme
(allow platform_app property_socket (sock_file (write)))
@@ -24370,12 +24438,15 @@
(allow virtualizationmanager platform_app (dir (search)))
(allow virtualizationmanager platform_app (file (read)))
(allow virtualizationmanager platform_app (lnk_file (read)))
-;;* lmx 151 system/sepolicy/private/platform_app.te
+(allow platform_app shutdown_checkpoints_system_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow platform_app shutdown_checkpoints_system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow platform_app shutdown_checkpoints_system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+;;* lmx 154 system/sepolicy/private/platform_app.te
-(neverallow base_typeattr_235 persist_sysui_builder_extras_prop (property_service (set)))
+(neverallow base_typeattr_238 persist_sysui_builder_extras_prop (property_service (set)))
;;* lme
-;;* lmx 154 system/sepolicy/private/platform_app.te
+;;* lmx 157 system/sepolicy/private/platform_app.te
(neverallow platform_app fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
@@ -24407,7 +24478,7 @@
(allow postinstall sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
;;* lmx 53 system/sepolicy/private/postinstall.te
-(neverallow base_typeattr_840 postinstall (process (transition dyntransition)))
+(neverallow base_typeattr_843 postinstall (process (transition dyntransition)))
;;* lme
(allow postinstall_dexopt dex2oat_exec (file (read getattr map execute open)))
@@ -24501,7 +24572,7 @@
(allow prefetch prefetch_service_prop (file (read getattr map open)))
;;* lmx 24 system/sepolicy/private/prefetch.te
-(neverallow base_typeattr_841 ctl_prefetch_prop (property_service (set)))
+(neverallow base_typeattr_844 ctl_prefetch_prop (property_service (set)))
;;* lme
(allow init preloads_copy_exec (file (read getattr map execute open)))
@@ -24526,23 +24597,23 @@
(dontaudit su priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 6 system/sepolicy/private/priv_app.te
-(neverallow base_typeattr_842 priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_845 priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow priv_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 6 system/sepolicy/private/priv_app.te
-(neverallow base_typeattr_843 base_typeattr_842 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_846 base_typeattr_845 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/priv_app.te
-(neverallow base_typeattr_844 priv_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_847 priv_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/priv_app.te
-(neverallow base_typeattr_845 priv_app (process (ptrace)))
+(neverallow base_typeattr_848 priv_app (process (ptrace)))
;;* lme
(typetransition priv_app devpts chr_file priv_app_devpts)
@@ -24550,7 +24621,7 @@
(allowx priv_app priv_app_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
;;* lmx 15 system/sepolicy/private/priv_app.te
-(neverallowx base_typeattr_236 priv_app_devpts (ioctl chr_file (0x5412)))
+(neverallowx base_typeattr_239 priv_app_devpts (ioctl chr_file (0x5412)))
;;* lme
(allow priv_app privapp_data_file (file (execute)))
@@ -24752,12 +24823,12 @@
;;* lmx 275 system/sepolicy/private/priv_app.te
-(neverallow priv_app base_typeattr_846 (file (execute execute_no_trans)))
+(neverallow priv_app base_typeattr_849 (file (execute execute_no_trans)))
;;* lme
;;* lmx 278 system/sepolicy/private/priv_app.te
-(neverallow priv_app base_typeattr_846 (lnk_file (read getattr open)))
+(neverallow priv_app base_typeattr_849 (lnk_file (read getattr open)))
;;* lme
;;* lmx 281 system/sepolicy/private/priv_app.te
@@ -24791,60 +24862,60 @@
;;* lmx 286 system/sepolicy/private/priv_app.te
-(neverallow priv_app base_typeattr_236 (netlink_route_socket (ioctl)))
-(neverallow priv_app base_typeattr_236 (netlink_selinux_socket (ioctl)))
+(neverallow priv_app base_typeattr_239 (netlink_route_socket (ioctl)))
+(neverallow priv_app base_typeattr_239 (netlink_selinux_socket (ioctl)))
;;* lme
;;* lmx 299 system/sepolicy/private/priv_app.te
-(neverallow priv_app base_typeattr_236 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow priv_app base_typeattr_236 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
-(neverallow priv_app base_typeattr_236 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
-(neverallow priv_app base_typeattr_236 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
-(neverallow priv_app base_typeattr_236 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
-(neverallow priv_app base_typeattr_236 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
-(neverallow priv_app base_typeattr_236 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow priv_app base_typeattr_239 (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(neverallow priv_app base_typeattr_239 (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(neverallow priv_app base_typeattr_239 (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(neverallow priv_app base_typeattr_239 (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
+(neverallow priv_app base_typeattr_239 (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow priv_app base_typeattr_239 (xdp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
(allow init prng_seeder_exec (file (read getattr map execute open)))
@@ -24887,514 +24958,533 @@
;;* lmx 2 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 adbd_tradeinmode_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 adbd_tradeinmode_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 4 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 apexd_payload_metadata_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 apexd_payload_metadata_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 5 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_snapuserd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_snapuserd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_prefetch_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_prefetch_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_uprobestats_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_uprobestats_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 8 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 9 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 debug_tracing_desktop_mode_visible_tasks_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 debug_tracing_desktop_mode_visible_tasks_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 10 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_core_experiments_team_internal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_core_experiments_team_internal_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 11 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_lmkd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_lmkd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 12 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_mglru_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_mglru_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_mmd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_mmd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 14 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_profcollect_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_profcollect_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_remote_key_provisioning_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_remote_key_provisioning_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 16 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_statsd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_statsd_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 17 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_statsd_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_statsd_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 18 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_storage_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_storage_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 19 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_sys_traced_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_sys_traced_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 20 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_window_manager_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_window_manager_native_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 21 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_configuration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_configuration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 22 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_connectivity_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_connectivity_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 23 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_swcodec_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_swcodec_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 24 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_tethering_u_or_later_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 device_config_tethering_u_or_later_native_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 25 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 dmesgd_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 dmesgd_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 26 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 fastbootd_protocol_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 fastbootd_protocol_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 27 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 gsid_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 gsid_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 28 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 init_perf_lsm_hooks_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 init_perf_lsm_hooks_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 29 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 init_service_status_private_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 init_service_status_private_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 30 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 init_storage_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 init_storage_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 31 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 32 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 kcmdline_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 kcmdline_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 33 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 keystore_diagnostics_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 keystore_diagnostics_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 34 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 keystore_listen_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 keystore_listen_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 35 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 last_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 last_boot_reason_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 36 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 localization_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 localization_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 37 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 logd_auditrate_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 logd_auditrate_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 38 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 lower_kptr_restrict_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 lower_kptr_restrict_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 39 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 mmd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 mmd_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 40 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 net_464xlat_fromvendor_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 net_464xlat_fromvendor_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 41 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 net_connectivity_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 net_connectivity_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 42 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 netd_stable_secret_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 netd_stable_secret_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 43 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 next_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 next_boot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 44 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 odsign_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 odsign_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 45 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 46 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 perf_drop_caches_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 perf_drop_caches_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 47 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 pm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 48 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 prefetch_service_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 prefetch_service_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 49 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 profcollectd_node_id_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 profcollectd_node_id_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 50 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 radio_cdma_ecm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 radio_cdma_ecm_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 51 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 remote_prov_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 remote_prov_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 52 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 remote_prov_cert_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 remote_prov_cert_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 53 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 rollback_test_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 rollback_test_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 54 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 setupwizard_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 setupwizard_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 55 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 snapshotctl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 snapshotctl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 56 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 snapuserd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 snapuserd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 57 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 system_adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 system_adbd_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 58 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 system_audio_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 system_audio_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 59 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 timezone_metadata_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 timezone_metadata_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 60 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 traced_perf_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 traced_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 61 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 uprobestats_start_with_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 traced_perf_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 62 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 tuner_server_ctl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 traced_relay_relay_port_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 63 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 userspace_reboot_log_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 uprobestats_start_with_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 64 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 userspace_reboot_test_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 tuner_server_ctl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 65 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 verity_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 userspace_reboot_log_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 66 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 zygote_wrap_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 userspace_reboot_test_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 67 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_mediatranscoding_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 verity_status_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 68 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_odsign_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 zygote_wrap_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 69 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 virtualizationservice_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_mediatranscoding_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 70 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_odsign_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 71 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 sensors_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 virtualizationservice_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 72 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 73 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 sensors_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 74 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 game_manager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 75 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 hidl_memory_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 76 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 game_manager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 77 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 system_service_enable_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 hidl_memory_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 78 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 ctl_artd_pre_reboot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 79 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 trusty_security_vm_sys_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 system_service_enable_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 80 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 hint_manager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 ctl_artd_pre_reboot_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 83 system/sepolicy/private/property.te
+;;* lmx 81 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 bionic_linker_16kb_app_compat_prop (property_service (set)))
+(neverallow base_typeattr_232 trusty_security_vm_sys_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 84 system/sepolicy/private/property.te
+;;* lmx 82 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 device_config_virtualization_framework_native_prop (property_service (set)))
+(neverallow base_typeattr_232 hint_manager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 85 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 fstype_prop (property_service (set)))
+(neverallow base_typeattr_232 bionic_linker_16kb_app_compat_prop (property_service (set)))
;;* lme
;;* lmx 86 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 log_file_logger_prop (property_service (set)))
+(neverallow base_typeattr_232 device_config_virtualization_framework_native_prop (property_service (set)))
;;* lme
;;* lmx 87 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 persist_sysui_builder_extras_prop (property_service (set)))
+(neverallow base_typeattr_232 fstype_prop (property_service (set)))
;;* lme
;;* lmx 88 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 persist_sysui_ranking_update_prop (property_service (set)))
+(neverallow base_typeattr_232 log_file_logger_prop (property_service (set)))
;;* lme
;;* lmx 89 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 page_size_prop (property_service (set)))
+(neverallow base_typeattr_232 persist_sysui_builder_extras_prop (property_service (set)))
;;* lme
;;* lmx 90 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 pm_16kb_app_compat_prop (property_service (set)))
+(neverallow base_typeattr_232 persist_sysui_ranking_update_prop (property_service (set)))
+;;* lme
+
+;;* lmx 91 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_232 page_size_prop (property_service (set)))
+;;* lme
+
+;;* lmx 92 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_232 pm_16kb_app_compat_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init avf_virtualizationservice_prop (property_service (set)))
(allow vendor_init avf_virtualizationservice_prop (file (read getattr map open)))
-;;* lmx 112 system/sepolicy/private/property.te
+;;* lmx 114 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 avf_virtualizationservice_prop (property_service (set)))
+(neverallow base_typeattr_233 avf_virtualizationservice_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init high_barometer_quality_prop (property_service (set)))
(allow vendor_init high_barometer_quality_prop (file (read getattr map open)))
-;;* lmx 113 system/sepolicy/private/property.te
+;;* lmx 118 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 high_barometer_quality_prop (property_service (set)))
+(neverallow base_typeattr_233 high_barometer_quality_prop (property_service (set)))
+;;* lme
+
+(allow vendor_init property_socket (sock_file (write)))
+(allow vendor_init init (unix_stream_socket (connectto)))
+(allow vendor_init mmd_prop (property_service (set)))
+(allow vendor_init mmd_prop (file (read getattr map open)))
+;;* lmx 119 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_233 mmd_prop (property_service (set)))
+;;* lme
+
+(allow vendor_init property_socket (sock_file (write)))
+(allow vendor_init init (unix_stream_socket (connectto)))
+(allow vendor_init mmd_shared_prop (property_service (set)))
+(allow vendor_init mmd_shared_prop (file (read getattr map open)))
+;;* lmx 120 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_233 mmd_shared_prop (property_service (set)))
;;* lme
(allow vendor_init property_socket (sock_file (write)))
(allow vendor_init init (unix_stream_socket (connectto)))
(allow vendor_init prefetch_boot_prop (property_service (set)))
(allow vendor_init prefetch_boot_prop (file (read getattr map open)))
-;;* lmx 114 system/sepolicy/private/property.te
+;;* lmx 121 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 prefetch_boot_prop (property_service (set)))
-;;* lme
-
-(allow vendor_init property_socket (sock_file (write)))
-(allow vendor_init init (unix_stream_socket (connectto)))
-(allow vendor_init widevine_sys_vendor_prop (property_service (set)))
-(allow vendor_init widevine_sys_vendor_prop (file (read getattr map open)))
-;;* lmx 115 system/sepolicy/private/property.te
-
-(neverallow base_typeattr_230 widevine_sys_vendor_prop (property_service (set)))
+(neverallow base_typeattr_233 prefetch_boot_prop (property_service (set)))
;;* lme
(allow property_type tmpfs (filesystem (associate)))
-;;* lmx 159 system/sepolicy/private/property.te
+;;* lmx 165 system/sepolicy/private/property.te
-(neverallow domain base_typeattr_847 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow domain base_typeattr_850 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 159 system/sepolicy/private/property.te
+;;* lmx 165 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 base_typeattr_848 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 base_typeattr_851 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 159 system/sepolicy/private/property.te
+;;* lmx 165 system/sepolicy/private/property.te
-(neverallow base_typeattr_229 base_typeattr_849 (property_service (set)))
+(neverallow base_typeattr_232 base_typeattr_852 (property_service (set)))
;;* lme
-;;* lmx 159 system/sepolicy/private/property.te
+;;* lmx 165 system/sepolicy/private/property.te
-(neverallow base_typeattr_231 base_typeattr_850 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_234 base_typeattr_853 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 159 system/sepolicy/private/property.te
+;;* lmx 165 system/sepolicy/private/property.te
-(neverallow base_typeattr_337 base_typeattr_851 (property_service (set)))
+(neverallow base_typeattr_340 base_typeattr_854 (property_service (set)))
;;* lme
-;;* lmx 202 system/sepolicy/private/property.te
+;;* lmx 208 system/sepolicy/private/property.te
(neverallow domain property_type (file (ioctl lock)))
;;* lme
-;;* lmx 228 system/sepolicy/private/property.te
+;;* lmx 234 system/sepolicy/private/property.te
-(neverallow base_typeattr_236 base_typeattr_852 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_239 base_typeattr_855 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 236 system/sepolicy/private/property.te
+;;* lmx 242 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 ctl_sigstop_prop (property_service (set)))
+(neverallow base_typeattr_233 ctl_sigstop_prop (property_service (set)))
;;* lme
(dontaudit domain ctl_bootanim_prop (property_service (set)))
@@ -25405,397 +25495,397 @@
(dontaudit domain ctl_mdnsd_prop (property_service (set)))
(dontaudit domain ctl_rildaemon_prop (property_service (set)))
(dontaudit domain ctl_default_prop (property_service (set)))
-;;* lmx 255 system/sepolicy/private/property.te
+;;* lmx 261 system/sepolicy/private/property.te
-(neverallow base_typeattr_853 init_storage_prop (property_service (set)))
+(neverallow base_typeattr_856 init_storage_prop (property_service (set)))
;;* lme
-;;* lmx 260 system/sepolicy/private/property.te
+;;* lmx 266 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 init_svc_debug_prop (property_service (set)))
+(neverallow base_typeattr_238 init_svc_debug_prop (property_service (set)))
;;* lme
-;;* lmx 267 system/sepolicy/private/property.te
+;;* lmx 273 system/sepolicy/private/property.te
-(neverallow base_typeattr_839 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-;;* lme
-
-;;* lmx 278 system/sepolicy/private/property.te
-
-(neverallow base_typeattr_854 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_857 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 284 system/sepolicy/private/property.te
-(neverallow base_typeattr_855 misctrl_prop (property_service (set)))
+(neverallow base_typeattr_858 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 290 system/sepolicy/private/property.te
-(neverallow base_typeattr_856 base_typeattr_857 (property_service (set)))
+(neverallow base_typeattr_859 misctrl_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_858 nfc_prop (property_service (set)))
+(neverallow base_typeattr_860 base_typeattr_861 (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_859 radio_control_prop (property_service (set)))
+(neverallow base_typeattr_862 nfc_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_860 radio_prop (property_service (set)))
+(neverallow base_typeattr_863 radio_control_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_861 bluetooth_prop (property_service (set)))
+(neverallow base_typeattr_864 radio_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_862 exported_bluetooth_prop (property_service (set)))
+(neverallow base_typeattr_865 bluetooth_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_863 exported_camera_prop (property_service (set)))
+(neverallow base_typeattr_866 exported_bluetooth_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_864 wifi_prop (property_service (set)))
+(neverallow base_typeattr_867 exported_camera_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_865 wifi_hal_prop (property_service (set)))
+(neverallow base_typeattr_868 wifi_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_856 base_typeattr_866 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_869 wifi_hal_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_867 dalvik_dynamic_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_860 base_typeattr_870 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_858 nfc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_871 dalvik_dynamic_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_860 radio_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_862 nfc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_861 bluetooth_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_864 radio_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_864 wifi_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_865 bluetooth_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_386 suspend_prop (property_service (set)))
+(neverallow base_typeattr_868 wifi_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 suspend_debug_prop (property_service (set)))
+(neverallow base_typeattr_389 suspend_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 high_barometer_quality_prop (property_service (set)))
+(neverallow base_typeattr_238 suspend_debug_prop (property_service (set)))
;;* lme
-;;* lmx 286 system/sepolicy/private/property.te
+;;* lmx 292 system/sepolicy/private/property.te
-(neverallow base_typeattr_839 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_233 high_barometer_quality_prop (property_service (set)))
+;;* lme
+
+;;* lmx 292 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_857 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit system_suspend suspend_debug_prop (file (ioctl read getattr lock map open watch watch_reads)))
-;;* lmx 483 system/sepolicy/private/property.te
+;;* lmx 489 system/sepolicy/private/property.te
-(neverallow base_typeattr_868 base_typeattr_869 (property_service (set)))
+(neverallow base_typeattr_872 base_typeattr_873 (property_service (set)))
;;* lme
-;;* lmx 503 system/sepolicy/private/property.te
+;;* lmx 509 system/sepolicy/private/property.te
-(neverallow base_typeattr_386 ffs_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_386 ffs_control_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_389 ffs_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_389 ffs_control_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 511 system/sepolicy/private/property.te
+;;* lmx 517 system/sepolicy/private/property.te
-(neverallow base_typeattr_427 userspace_reboot_log_prop (property_service (set)))
+(neverallow base_typeattr_430 userspace_reboot_log_prop (property_service (set)))
;;* lme
-;;* lmx 520 system/sepolicy/private/property.te
+;;* lmx 526 system/sepolicy/private/property.te
-(neverallow base_typeattr_427 system_adbd_prop (property_service (set)))
+(neverallow base_typeattr_430 system_adbd_prop (property_service (set)))
;;* lme
-;;* lmx 532 system/sepolicy/private/property.te
+;;* lmx 538 system/sepolicy/private/property.te
-(neverallow base_typeattr_870 adbd_config_prop (property_service (set)))
+(neverallow base_typeattr_874 adbd_config_prop (property_service (set)))
;;* lme
-;;* lmx 542 system/sepolicy/private/property.te
+;;* lmx 548 system/sepolicy/private/property.te
-(neverallow base_typeattr_871 adbd_prop (property_service (set)))
+(neverallow base_typeattr_875 adbd_prop (property_service (set)))
;;* lme
-;;* lmx 550 system/sepolicy/private/property.te
+;;* lmx 556 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 apexd_payload_metadata_prop (property_service (set)))
+(neverallow base_typeattr_238 apexd_payload_metadata_prop (property_service (set)))
;;* lme
-;;* lmx 560 system/sepolicy/private/property.te
+;;* lmx 566 system/sepolicy/private/property.te
-(neverallow base_typeattr_841 userspace_reboot_test_prop (property_service (set)))
+(neverallow base_typeattr_844 userspace_reboot_test_prop (property_service (set)))
;;* lme
-;;* lmx 569 system/sepolicy/private/property.te
+;;* lmx 575 system/sepolicy/private/property.te
-(neverallow base_typeattr_385 surfaceflinger_color_prop (property_service (set)))
+(neverallow base_typeattr_388 surfaceflinger_color_prop (property_service (set)))
;;* lme
-;;* lmx 576 system/sepolicy/private/property.te
+;;* lmx 582 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 libc_debug_prop (property_service (set)))
+(neverallow base_typeattr_238 libc_debug_prop (property_service (set)))
;;* lme
-;;* lmx 591 system/sepolicy/private/property.te
+;;* lmx 597 system/sepolicy/private/property.te
-(neverallow base_typeattr_872 arm64_memtag_prop (property_service (set)))
-(neverallow base_typeattr_872 gwp_asan_prop (property_service (set)))
+(neverallow base_typeattr_876 arm64_memtag_prop (property_service (set)))
+(neverallow base_typeattr_876 gwp_asan_prop (property_service (set)))
;;* lme
-;;* lmx 600 system/sepolicy/private/property.te
+;;* lmx 606 system/sepolicy/private/property.te
-(neverallow base_typeattr_873 kcmdline_prop (property_service (set)))
+(neverallow base_typeattr_877 kcmdline_prop (property_service (set)))
;;* lme
-;;* lmx 607 system/sepolicy/private/property.te
+;;* lmx 613 system/sepolicy/private/property.te
-(neverallow base_typeattr_385 zram_control_prop (property_service (set)))
+(neverallow base_typeattr_388 zram_control_prop (property_service (set)))
;;* lme
-;;* lmx 614 system/sepolicy/private/property.te
+;;* lmx 620 system/sepolicy/private/property.te
-(neverallow base_typeattr_385 dalvik_runtime_prop (property_service (set)))
+(neverallow base_typeattr_388 dalvik_runtime_prop (property_service (set)))
;;* lme
-;;* lmx 623 system/sepolicy/private/property.te
+;;* lmx 629 system/sepolicy/private/property.te
-(neverallow base_typeattr_386 usb_config_prop (property_service (set)))
-(neverallow base_typeattr_386 usb_control_prop (property_service (set)))
+(neverallow base_typeattr_389 usb_config_prop (property_service (set)))
+(neverallow base_typeattr_389 usb_control_prop (property_service (set)))
;;* lme
-;;* lmx 632 system/sepolicy/private/property.te
+;;* lmx 638 system/sepolicy/private/property.te
-(neverallow base_typeattr_427 provisioned_prop (property_service (set)))
-(neverallow base_typeattr_427 retaildemo_prop (property_service (set)))
+(neverallow base_typeattr_430 provisioned_prop (property_service (set)))
+(neverallow base_typeattr_430 retaildemo_prop (property_service (set)))
;;* lme
-;;* lmx 641 system/sepolicy/private/property.te
+;;* lmx 647 system/sepolicy/private/property.te
-(neverallow base_typeattr_386 provisioned_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_386 retaildemo_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_389 provisioned_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_389 retaildemo_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 649 system/sepolicy/private/property.te
+;;* lmx 655 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 init_service_status_prop (property_service (set)))
-(neverallow base_typeattr_235 init_service_status_private_prop (property_service (set)))
+(neverallow base_typeattr_238 init_service_status_prop (property_service (set)))
+(neverallow base_typeattr_238 init_service_status_private_prop (property_service (set)))
;;* lme
-;;* lmx 658 system/sepolicy/private/property.te
+;;* lmx 664 system/sepolicy/private/property.te
-(neverallow base_typeattr_874 telephony_status_prop (property_service (set)))
+(neverallow base_typeattr_878 telephony_status_prop (property_service (set)))
;;* lme
-;;* lmx 666 system/sepolicy/private/property.te
+;;* lmx 672 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 graphics_config_prop (property_service (set)))
+(neverallow base_typeattr_233 graphics_config_prop (property_service (set)))
;;* lme
-;;* lmx 674 system/sepolicy/private/property.te
+;;* lmx 680 system/sepolicy/private/property.te
-(neverallow base_typeattr_875 surfaceflinger_display_prop (property_service (set)))
-;;* lme
-
-;;* lmx 681 system/sepolicy/private/property.te
-
-(neverallow base_typeattr_856 packagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_879 surfaceflinger_display_prop (property_service (set)))
;;* lme
;;* lmx 687 system/sepolicy/private/property.te
-(neverallow base_typeattr_386 keyguard_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_860 packagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 694 system/sepolicy/private/property.te
+;;* lmx 693 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 localization_prop (property_service (set)))
+(neverallow base_typeattr_389 keyguard_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 702 system/sepolicy/private/property.te
+;;* lmx 700 system/sepolicy/private/property.te
-(neverallow base_typeattr_876 oem_unlock_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_238 localization_prop (property_service (set)))
;;* lme
;;* lmx 708 system/sepolicy/private/property.te
-(neverallow base_typeattr_386 storagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_880 oem_unlock_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 716 system/sepolicy/private/property.te
+;;* lmx 714 system/sepolicy/private/property.te
-(neverallow base_typeattr_877 sendbug_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_389 storagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 724 system/sepolicy/private/property.te
+;;* lmx 722 system/sepolicy/private/property.te
-(neverallow base_typeattr_877 camera_calibration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_881 sendbug_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 732 system/sepolicy/private/property.te
+;;* lmx 730 system/sepolicy/private/property.te
-(neverallow base_typeattr_878 hal_dumpstate_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_881 camera_calibration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 743 system/sepolicy/private/property.te
+;;* lmx 738 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 lower_kptr_restrict_prop (property_service (set)))
+(neverallow base_typeattr_882 hal_dumpstate_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 748 system/sepolicy/private/property.te
+;;* lmx 749 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 zygote_wrap_prop (property_service (set)))
+(neverallow base_typeattr_238 lower_kptr_restrict_prop (property_service (set)))
;;* lme
-;;* lmx 753 system/sepolicy/private/property.te
+;;* lmx 754 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 verity_status_prop (property_service (set)))
+(neverallow base_typeattr_238 zygote_wrap_prop (property_service (set)))
;;* lme
;;* lmx 759 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 setupwizard_mode_prop (property_service (set)))
+(neverallow base_typeattr_238 verity_status_prop (property_service (set)))
;;* lme
-;;* lmx 764 system/sepolicy/private/property.te
+;;* lmx 765 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 setupwizard_prop (property_service (set)))
+(neverallow base_typeattr_233 setupwizard_mode_prop (property_service (set)))
;;* lme
-;;* lmx 773 system/sepolicy/private/property.te
+;;* lmx 770 system/sepolicy/private/property.te
-(neverallow base_typeattr_380 build_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_238 setupwizard_prop (property_service (set)))
;;* lme
;;* lmx 779 system/sepolicy/private/property.te
-(neverallow base_typeattr_841 sqlite_log_prop (property_service (set)))
+(neverallow base_typeattr_383 build_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 785 system/sepolicy/private/property.te
-(neverallow base_typeattr_369 sqlite_log_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_844 sqlite_log_prop (property_service (set)))
;;* lme
-;;* lmx 790 system/sepolicy/private/property.te
+;;* lmx 791 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 default_prop (property_service (set)))
+(neverallow base_typeattr_372 sqlite_log_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 794 system/sepolicy/private/property.te
+;;* lmx 796 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_238 default_prop (property_service (set)))
+;;* lme
+
+;;* lmx 800 system/sepolicy/private/property.te
(neverallow domain system_and_vendor_property_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
(neverallow domain system_and_vendor_property_type (property_service (set)))
;;* lme
-;;* lmx 803 system/sepolicy/private/property.te
+;;* lmx 809 system/sepolicy/private/property.te
-(neverallow base_typeattr_879 remote_prov_prop (property_service (set)))
+(neverallow base_typeattr_883 remote_prov_prop (property_service (set)))
;;* lme
-;;* lmx 808 system/sepolicy/private/property.te
+;;* lmx 814 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 remote_prov_cert_prop (property_service (set)))
-;;* lme
-
-;;* lmx 815 system/sepolicy/private/property.te
-
-(neverallow base_typeattr_841 rollback_test_prop (property_service (set)))
+(neverallow base_typeattr_238 remote_prov_cert_prop (property_service (set)))
;;* lme
;;* lmx 821 system/sepolicy/private/property.te
-(neverallow base_typeattr_241 ctl_apex_load_prop (property_service (set)))
+(neverallow base_typeattr_844 rollback_test_prop (property_service (set)))
;;* lme
-;;* lmx 829 system/sepolicy/private/property.te
+;;* lmx 827 system/sepolicy/private/property.te
-(neverallow base_typeattr_880 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_244 ctl_apex_load_prop (property_service (set)))
;;* lme
;;* lmx 835 system/sepolicy/private/property.te
-(neverallow base_typeattr_241 apex_ready_prop (property_service (set)))
+(neverallow base_typeattr_884 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 843 system/sepolicy/private/property.te
+;;* lmx 841 system/sepolicy/private/property.te
-(neverallow base_typeattr_881 apex_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_244 apex_ready_prop (property_service (set)))
;;* lme
-;;* lmx 851 system/sepolicy/private/property.te
+;;* lmx 849 system/sepolicy/private/property.te
-(neverallow base_typeattr_882 profcollectd_node_id_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_885 apex_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 856 system/sepolicy/private/property.te
+;;* lmx 857 system/sepolicy/private/property.te
-(neverallow base_typeattr_235 log_file_logger_prop (property_service (set)))
+(neverallow base_typeattr_886 profcollectd_node_id_prop (file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
;;* lmx 862 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 usb_uvc_enabled_prop (property_service (set)))
+(neverallow base_typeattr_238 log_file_logger_prop (property_service (set)))
;;* lme
-;;* lmx 869 system/sepolicy/private/property.te
+;;* lmx 868 system/sepolicy/private/property.te
-(neverallow base_typeattr_883 usb_uvc_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_233 usb_uvc_enabled_prop (property_service (set)))
;;* lme
;;* lmx 875 system/sepolicy/private/property.te
-(neverallow base_typeattr_230 pm_archiving_enabled_prop (property_service (set)))
+(neverallow base_typeattr_887 usb_uvc_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 882 system/sepolicy/private/property.te
+;;* lmx 881 system/sepolicy/private/property.te
-(neverallow base_typeattr_841 bionic_linker_16kb_app_compat_prop (property_service (set)))
+(neverallow base_typeattr_233 pm_archiving_enabled_prop (property_service (set)))
;;* lme
-;;* lmx 889 system/sepolicy/private/property.te
+;;* lmx 888 system/sepolicy/private/property.te
-(neverallow base_typeattr_841 pm_16kb_app_compat_prop (property_service (set)))
+(neverallow base_typeattr_844 bionic_linker_16kb_app_compat_prop (property_service (set)))
+;;* lme
+
+;;* lmx 895 system/sepolicy/private/property.te
+
+(neverallow base_typeattr_844 pm_16kb_app_compat_prop (property_service (set)))
;;* lme
(typetransition radio tmpfs file appdomain_tmpfs)
@@ -25803,23 +25893,23 @@
(dontaudit su radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 3 system/sepolicy/private/radio.te
-(neverallow base_typeattr_884 radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_888 radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow radio appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 3 system/sepolicy/private/radio.te
-(neverallow base_typeattr_885 base_typeattr_884 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_889 base_typeattr_888 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/radio.te
-(neverallow base_typeattr_886 radio (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_890 radio (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/radio.te
-(neverallow base_typeattr_887 radio (process (ptrace)))
+(neverallow base_typeattr_891 radio (process (ptrace)))
;;* lme
(allow radio runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
@@ -25871,7 +25961,7 @@
(allow radio radio_service (service_manager (add find)))
;;* lmx 51 system/sepolicy/private/radio.te
-(neverallow base_typeattr_884 radio_service (service_manager (add)))
+(neverallow base_typeattr_888 radio_service (service_manager (add)))
;;* lme
(allow radio audioserver_service (service_manager (find)))
@@ -25888,17 +25978,17 @@
(allow radio proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 74 system/sepolicy/private/radio.te
-(neverallow base_typeattr_888 binder_cache_telephony_server_prop (property_service (set)))
+(neverallow base_typeattr_892 binder_cache_telephony_server_prop (property_service (set)))
;;* lme
;;* lmx 206 system/sepolicy/private/recovery.te
-(neverallow recovery base_typeattr_889 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow recovery base_typeattr_893 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
;;* lme
;;* lmx 212 system/sepolicy/private/recovery.te
-(neverallow recovery base_typeattr_889 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow recovery base_typeattr_893 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
(allow init recovery_persist_exec (file (read getattr map execute open)))
@@ -25956,7 +26046,7 @@
;;* lmx 39 system/sepolicy/private/recovery_persist.te
-(neverallow recovery_persist base_typeattr_890 (file (write)))
+(neverallow recovery_persist base_typeattr_894 (file (write)))
;;* lme
(allow init recovery_refresh_exec (file (read getattr map execute open)))
@@ -26014,7 +26104,7 @@
(allow remote_provisioning_service_server remote_provisioning_service (service_manager (add find)))
;;* lmx 3 system/sepolicy/private/remote_provisioning_service_server.te
-(neverallow base_typeattr_891 remote_provisioning_service (service_manager (add)))
+(neverallow base_typeattr_895 remote_provisioning_service (service_manager (add)))
;;* lme
(allow remote_provisioning_service_server servicemanager (binder (call transfer)))
@@ -26033,7 +26123,7 @@
(allow rkp_cert_processor rkp_cert_processor_service (service_manager (add find)))
;;* lmx 11 system/sepolicy/private/rkp_cert_processor.te
-(neverallow base_typeattr_892 rkp_cert_processor_service (service_manager (add)))
+(neverallow base_typeattr_896 rkp_cert_processor_service (service_manager (add)))
;;* lme
(allow rkp_cert_processor system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -26050,13 +26140,13 @@
(allow rkpd rkpd_registrar_service (service_manager (add find)))
;;* lmx 12 system/sepolicy/private/rkpd.te
-(neverallow base_typeattr_893 rkpd_registrar_service (service_manager (add)))
+(neverallow base_typeattr_897 rkpd_registrar_service (service_manager (add)))
;;* lme
(allow rkpd rkpd_refresh_service (service_manager (add find)))
;;* lmx 13 system/sepolicy/private/rkpd.te
-(neverallow base_typeattr_893 rkpd_refresh_service (service_manager (add)))
+(neverallow base_typeattr_897 rkpd_refresh_service (service_manager (add)))
;;* lme
(allow rkpd device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
@@ -26065,23 +26155,23 @@
(dontaudit su rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 7 system/sepolicy/private/rkpd_app.te
-(neverallow base_typeattr_894 rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_898 rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow rkpdapp appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 7 system/sepolicy/private/rkpd_app.te
-(neverallow base_typeattr_895 base_typeattr_894 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_899 base_typeattr_898 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/rkpd_app.te
-(neverallow base_typeattr_896 rkpdapp (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_900 rkpdapp (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 7 system/sepolicy/private/rkpd_app.te
-(neverallow base_typeattr_897 rkpdapp (process (ptrace)))
+(neverallow base_typeattr_901 rkpdapp (process (ptrace)))
;;* lme
(allow rkpdapp device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
@@ -26138,12 +26228,12 @@
;;* lmx 42 system/sepolicy/private/rs.te
-(neverallow base_typeattr_260 rs (process (transition dyntransition)))
+(neverallow base_typeattr_263 rs (process (transition dyntransition)))
;;* lme
;;* lmx 43 system/sepolicy/private/rs.te
-(neverallow rs base_typeattr_285 (process (transition dyntransition)))
+(neverallow rs base_typeattr_288 (process (transition dyntransition)))
;;* lme
;;* lmx 44 system/sepolicy/private/rs.te
@@ -26158,10 +26248,10 @@
;;* lmx 46 system/sepolicy/private/rs.te
-(neverallow rs base_typeattr_236 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
-(neverallow rs base_typeattr_236 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
-(neverallow rs base_typeattr_236 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
-(neverallow rs base_typeattr_236 (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow rs base_typeattr_239 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow rs base_typeattr_239 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow rs base_typeattr_239 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow rs base_typeattr_239 (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
;;* lme
(allow init rss_hwm_reset_exec (file (read getattr map execute open)))
@@ -26204,7 +26294,7 @@
(allow runas selinuxfs (file (write lock append map open)))
(allow runas kernel (security (check_context)))
(allow runas self (process (setcurrent)))
-(allow runas base_typeattr_898 (process (dyntransition)))
+(allow runas base_typeattr_902 (process (dyntransition)))
(allow runas seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 44 system/sepolicy/private/runas.te
@@ -26223,23 +26313,23 @@
(dontaudit su runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 3 system/sepolicy/private/runas_app.te
-(neverallow base_typeattr_899 runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_903 runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow runas_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 3 system/sepolicy/private/runas_app.te
-(neverallow base_typeattr_900 base_typeattr_899 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_904 base_typeattr_903 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/runas_app.te
-(neverallow base_typeattr_901 runas_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_905 runas_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/runas_app.te
-(neverallow base_typeattr_902 runas_app (process (ptrace)))
+(neverallow base_typeattr_906 runas_app (process (ptrace)))
;;* lme
(allow runas_app app_data_file (file (execute_no_trans)))
@@ -26248,12 +26338,11 @@
(allow runas_app untrusted_app_all (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow runas_app untrusted_app_all (process (sigkill sigstop signal ptrace)))
(allow runas_app untrusted_app_all (unix_stream_socket (connectto)))
-(allow runas_app simpleperf_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(dontaudit runas_app domain (dir (search)))
-(allow runas_app self (perf_event (open kernel read write)))
-;;* lmx 32 system/sepolicy/private/runas_app.te
+(allow runas_app self (perf_event (open read write)))
+;;* lmx 29 system/sepolicy/private/runas_app.te
-(neverallow runas_app self (perf_event (cpu tracepoint)))
+(neverallow runas_app self (perf_event (cpu kernel tracepoint)))
;;* lme
(dontaudit runas_app shell_test_data_file (dir (search)))
@@ -26261,7 +26350,7 @@
(allow scheduler_service_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 1 system/sepolicy/private/scheduler_service_server.te
-(neverallow base_typeattr_903 fwk_scheduler_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_907 fwk_scheduler_hwservice (hwservice_manager (add)))
;;* lme
(typetransition sdcardd system_data_file dir media_rw_data_file)
@@ -26308,23 +26397,23 @@
(dontaudit su sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
-(neverallow base_typeattr_904 sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_908 sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow sdk_sandbox_34 appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
-(neverallow base_typeattr_905 base_typeattr_904 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_909 base_typeattr_908 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
-(neverallow base_typeattr_906 sdk_sandbox_34 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_910 sdk_sandbox_34 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
-(neverallow base_typeattr_907 sdk_sandbox_34 (process (ptrace)))
+(neverallow base_typeattr_911 sdk_sandbox_34 (process (ptrace)))
;;* lme
(allow sdk_sandbox_all system_linker_exec (file (execute_no_trans)))
@@ -26390,12 +26479,12 @@
;;* lmx 71 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow sdk_sandbox_all base_typeattr_908 (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow sdk_sandbox_all base_typeattr_912 (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 72 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow sdk_sandbox_all base_typeattr_908 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow sdk_sandbox_all base_typeattr_912 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 75 system/sepolicy/private/sdk_sandbox_all.te
@@ -26420,22 +26509,22 @@
;;* lmx 90 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow base_typeattr_909 sdk_sandbox_system_data_file (dir (relabelfrom)))
+(neverallow base_typeattr_913 sdk_sandbox_system_data_file (dir (relabelfrom)))
;;* lme
;;* lmx 100 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow base_typeattr_910 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_914 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 110 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow base_typeattr_909 sdk_sandbox_system_data_file (dir (relabelfrom)))
+(neverallow base_typeattr_913 sdk_sandbox_system_data_file (dir (relabelfrom)))
;;* lme
;;* lmx 120 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow base_typeattr_910 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_914 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 123 system/sepolicy/private/sdk_sandbox_all.te
@@ -26445,17 +26534,17 @@
;;* lmx 126 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow base_typeattr_235 sdk_sandbox_system_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_238 sdk_sandbox_system_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 144 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow sdk_sandbox_all base_typeattr_911 (unix_stream_socket (connectto)))
+(neverallow sdk_sandbox_all base_typeattr_915 (unix_stream_socket (connectto)))
;;* lme
;;* lmx 149 system/sepolicy/private/sdk_sandbox_all.te
-(neverallow base_typeattr_912 sdk_sandbox_all (unix_stream_socket (connectto)))
+(neverallow base_typeattr_916 sdk_sandbox_all (unix_stream_socket (connectto)))
;;* lme
(typetransition sdk_sandbox_audit tmpfs file appdomain_tmpfs)
@@ -26463,31 +26552,31 @@
(dontaudit su sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
-(neverallow base_typeattr_913 sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_917 sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow sdk_sandbox_audit appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
-(neverallow base_typeattr_914 base_typeattr_913 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_918 base_typeattr_917 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
-(neverallow base_typeattr_915 sdk_sandbox_audit (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_919 sdk_sandbox_audit (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
-(neverallow base_typeattr_916 sdk_sandbox_audit (process (ptrace)))
+(neverallow base_typeattr_920 sdk_sandbox_audit (process (ptrace)))
;;* lme
(auditallow sdk_sandbox_audit ephemeral_app_api_service (service_manager (find)))
(auditallow sdk_sandbox_audit cameraserver_service (service_manager (find)))
(auditallow sdk_sandbox_audit mediadrmserver_service (service_manager (find)))
(auditallow sdk_sandbox_audit radio_service (service_manager (find)))
-(auditallow sdk_sandbox_audit base_typeattr_917 (file (ioctl read write getattr lock append map open watch watch_reads)))
-(auditallow sdk_sandbox_audit base_typeattr_917 (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(auditallow sdk_sandbox_audit base_typeattr_921 (file (ioctl read write getattr lock append map open watch watch_reads)))
+(auditallow sdk_sandbox_audit base_typeattr_921 (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow sdk_sandbox_current ephemeral_app_api_service (service_manager (find)))
(allow sdk_sandbox_current audioserver_service (service_manager (find)))
(allow sdk_sandbox_current batteryproperties_service (service_manager (find)))
@@ -26569,23 +26658,23 @@
(dontaudit su sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
-(neverallow base_typeattr_918 sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_922 sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow sdk_sandbox_next appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
-(neverallow base_typeattr_919 base_typeattr_918 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_923 base_typeattr_922 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
-(neverallow base_typeattr_920 sdk_sandbox_next (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_924 sdk_sandbox_next (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
-(neverallow base_typeattr_921 sdk_sandbox_next (process (ptrace)))
+(neverallow base_typeattr_925 sdk_sandbox_next (process (ptrace)))
;;* lme
(allow sdk_sandbox_next audioserver_service (service_manager (find)))
@@ -26665,29 +26754,29 @@
(dontaudit su secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 3 system/sepolicy/private/secure_element.te
-(neverallow base_typeattr_922 secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_926 secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow secure_element appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 3 system/sepolicy/private/secure_element.te
-(neverallow base_typeattr_923 base_typeattr_922 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_927 base_typeattr_926 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/secure_element.te
-(neverallow base_typeattr_924 secure_element (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_928 secure_element (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/secure_element.te
-(neverallow base_typeattr_925 secure_element (process (ptrace)))
+(neverallow base_typeattr_929 secure_element (process (ptrace)))
;;* lme
(allow secure_element secure_element_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/secure_element.te
-(neverallow base_typeattr_922 secure_element_service (service_manager (add)))
+(neverallow base_typeattr_926 secure_element_service (service_manager (add)))
;;* lme
(allow secure_element app_api_service (service_manager (find)))
@@ -26697,12 +26786,12 @@
(allow sensor_service_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 1 system/sepolicy/private/sensor_service_server.te
-(neverallow base_typeattr_926 fwk_sensor_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_930 fwk_sensor_hwservice (hwservice_manager (add)))
;;* lme
-;;* lmx 84 system/sepolicy/private/service.te
+;;* lmx 86 system/sepolicy/private/service.te
-(neverallow domain base_typeattr_927 (service_manager (add find)))
+(neverallow domain base_typeattr_931 (service_manager (add find)))
;;* lme
(allow init servicemanager_exec (file (read getattr map execute open)))
@@ -26728,13 +26817,13 @@
(allow servicemanager vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow servicemanager vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow servicemanager self (binder (set_context_mgr)))
-(allow servicemanager base_typeattr_928 (binder (transfer)))
+(allow servicemanager base_typeattr_932 (binder (transfer)))
(allow servicemanager service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow servicemanager vendor_service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow servicemanager service_manager_service (service_manager (add find)))
;;* lmx 38 system/sepolicy/private/servicemanager.te
-(neverallow base_typeattr_929 service_manager_service (service_manager (add)))
+(neverallow base_typeattr_933 service_manager_service (service_manager (add)))
;;* lme
(allow servicemanager dumpstate (fd (use)))
@@ -26764,17 +26853,17 @@
(allow sgdisk self (cap_userns (sys_admin)))
;;* lmx 37 system/sepolicy/private/sgdisk.te
-(neverallow base_typeattr_296 sgdisk (process (transition)))
+(neverallow base_typeattr_299 sgdisk (process (transition)))
;;* lme
;;* lmx 38 system/sepolicy/private/sgdisk.te
-(neverallow base_typeattr_236 sgdisk (process (dyntransition)))
+(neverallow base_typeattr_239 sgdisk (process (dyntransition)))
;;* lme
;;* lmx 39 system/sepolicy/private/sgdisk.te
-(neverallow sgdisk base_typeattr_930 (file (entrypoint)))
+(neverallow sgdisk base_typeattr_934 (file (entrypoint)))
;;* lme
(typetransition shared_relro tmpfs file appdomain_tmpfs)
@@ -26782,23 +26871,23 @@
(dontaudit su shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 5 system/sepolicy/private/shared_relro.te
-(neverallow base_typeattr_931 shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_935 shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow shared_relro appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 5 system/sepolicy/private/shared_relro.te
-(neverallow base_typeattr_932 base_typeattr_931 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_936 base_typeattr_935 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 5 system/sepolicy/private/shared_relro.te
-(neverallow base_typeattr_933 shared_relro (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_937 shared_relro (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 5 system/sepolicy/private/shared_relro.te
-(neverallow base_typeattr_934 shared_relro (process (ptrace)))
+(neverallow base_typeattr_938 shared_relro (process (ptrace)))
;;* lme
(allow shared_relro shared_relro_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
@@ -26821,23 +26910,23 @@
(dontaudit su shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 26 system/sepolicy/private/shell.te
-(neverallow base_typeattr_935 shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_939 shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow shell appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 26 system/sepolicy/private/shell.te
-(neverallow base_typeattr_936 base_typeattr_935 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_940 base_typeattr_939 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 26 system/sepolicy/private/shell.te
-(neverallow base_typeattr_901 shell (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_905 shell (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 26 system/sepolicy/private/shell.te
-(neverallow base_typeattr_937 shell (process (ptrace)))
+(neverallow base_typeattr_941 shell (process (ptrace)))
;;* lme
(allow shell storaged (binder (call transfer)))
@@ -26890,6 +26979,8 @@
(allow shell perfetto_traces_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
(allow shell perfetto_traces_bugreport_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow shell perfetto_traces_bugreport_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
+(allow shell perfetto_traces_profiling_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(allow shell perfetto_traces_profiling_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
(allow shell perfetto_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow shell perfetto_configs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
(allow shell gpuservice (binder (call transfer)))
@@ -26934,7 +27025,7 @@
(allowx shell shell_data_file (ioctl dir ((range 0x6615 0x6616))))
(allow shell simpleperf_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow shell remount_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
-(allow shell self (perf_event (open kernel read write)))
+(allow shell self (perf_event (open read write)))
(allow shell vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow shell vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow shell vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -27127,7 +27218,7 @@
(allow shell shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow shell zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow shell servicemanager (service_manager (list)))
-(allow shell base_typeattr_938 (service_manager (find)))
+(allow shell base_typeattr_942 (service_manager (find)))
(allow shell dumpstate (binder (call)))
(allow shell hwservicemanager (binder (call transfer)))
(allow hwservicemanager shell (binder (call transfer)))
@@ -27192,7 +27283,7 @@
(allow shell linux_vm_setup_exec (file (ioctl read getattr lock map open watch watch_reads entrypoint)))
(allow shell tee_service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow shell test_pkvm_tee_service (tee_service (use)))
-;;* lmx 512 system/sepolicy/private/shell.te
+;;* lmx 515 system/sepolicy/private/shell.te
(neverallow shell virtualization_service (service_manager (find)))
(neverallow shell hal_keymint_service (service_manager (find)))
@@ -27200,93 +27291,117 @@
(neverallow shell hal_sharedsecret_service (service_manager (find)))
;;* lme
-;;* lmx 520 system/sepolicy/private/shell.te
+;;* lmx 523 system/sepolicy/private/shell.te
(neverallow shell file_type (file (link)))
;;* lme
-;;* lmx 523 system/sepolicy/private/shell.te
+;;* lmx 526 system/sepolicy/private/shell.te
(neverallowx shell domain (ioctl tcp_socket (0x6900 0x6902)))
(neverallowx shell domain (ioctl udp_socket (0x6900 0x6902)))
(neverallowx shell domain (ioctl rawip_socket (0x6900 0x6902)))
;;* lme
-;;* lmx 523 system/sepolicy/private/shell.te
+;;* lmx 526 system/sepolicy/private/shell.te
(neverallowx shell domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
(neverallowx shell domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
(neverallowx shell domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
;;* lme
-;;* lmx 523 system/sepolicy/private/shell.te
+;;* lmx 526 system/sepolicy/private/shell.te
(neverallowx shell domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
(neverallowx shell domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
(neverallowx shell domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
;;* lme
-;;* lmx 531 system/sepolicy/private/shell.te
+;;* lmx 534 system/sepolicy/private/shell.te
(neverallow shell hw_random_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
(neverallow shell port_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
(neverallow shell fuse_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 534 system/sepolicy/private/shell.te
+;;* lmx 537 system/sepolicy/private/shell.te
(neverallow shell dev_type (blk_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 543 system/sepolicy/private/shell.te
+;;* lmx 546 system/sepolicy/private/shell.te
(neverallow shell input_device (chr_file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 545 system/sepolicy/private/shell.te
+;;* lmx 548 system/sepolicy/private/shell.te
(neverallow shell self (perf_event (cpu tracepoint)))
;;* lme
-;;* lmx 548 system/sepolicy/private/shell.te
+;;* lmx 551 system/sepolicy/private/shell.te
-(neverallow base_typeattr_841 perf_drop_caches_prop (property_service (set)))
+(neverallow base_typeattr_844 perf_drop_caches_prop (property_service (set)))
;;* lme
-;;* lmx 549 system/sepolicy/private/shell.te
+;;* lmx 552 system/sepolicy/private/shell.te
-(neverallow base_typeattr_939 perf_drop_caches_prop (file (read)))
+(neverallow base_typeattr_943 perf_drop_caches_prop (file (read)))
;;* lme
-(allow base_typeattr_940 simpleperf_exec (file (read getattr map execute open)))
-(allow base_typeattr_940 simpleperf (process (transition)))
+(allow untrusted_app_all simpleperf_exec (file (read getattr map execute open)))
+(allow ephemeral_app simpleperf_exec (file (read getattr map execute open)))
+(allow isolated_app simpleperf_exec (file (read getattr map execute open)))
+(allow platform_app simpleperf_exec (file (read getattr map execute open)))
+(allow priv_app simpleperf_exec (file (read getattr map execute open)))
+(allow untrusted_app_all simpleperf (process (transition)))
+(allow ephemeral_app simpleperf (process (transition)))
+(allow isolated_app simpleperf (process (transition)))
+(allow platform_app simpleperf (process (transition)))
+(allow priv_app simpleperf (process (transition)))
(allow simpleperf simpleperf_exec (file (read getattr map execute open entrypoint)))
-(allow simpleperf base_typeattr_940 (process (sigchld)))
-(dontaudit base_typeattr_940 simpleperf (process (noatsecure)))
-(allow base_typeattr_940 simpleperf (process (siginh rlimitinh)))
-(typetransition base_typeattr_940 simpleperf_exec process simpleperf)
+(allow simpleperf untrusted_app_all (process (sigchld)))
+(allow simpleperf ephemeral_app (process (sigchld)))
+(allow simpleperf isolated_app (process (sigchld)))
+(allow simpleperf platform_app (process (sigchld)))
+(allow simpleperf priv_app (process (sigchld)))
+(dontaudit untrusted_app_all simpleperf (process (noatsecure)))
+(dontaudit ephemeral_app simpleperf (process (noatsecure)))
+(dontaudit isolated_app simpleperf (process (noatsecure)))
+(dontaudit platform_app simpleperf (process (noatsecure)))
+(dontaudit priv_app simpleperf (process (noatsecure)))
+(allow untrusted_app_all simpleperf (process (siginh rlimitinh)))
+(allow ephemeral_app simpleperf (process (siginh rlimitinh)))
+(allow isolated_app simpleperf (process (siginh rlimitinh)))
+(allow platform_app simpleperf (process (siginh rlimitinh)))
+(allow priv_app simpleperf (process (siginh rlimitinh)))
+(typetransition untrusted_app_all simpleperf_exec process simpleperf)
+(typetransition ephemeral_app simpleperf_exec process simpleperf)
+(typetransition isolated_app simpleperf_exec process simpleperf)
+(typetransition platform_app simpleperf_exec process simpleperf)
+(typetransition priv_app simpleperf_exec process simpleperf)
(typetransition simpleperf tmpfs file appdomain_tmpfs)
(allow simpleperf simpleperf_userfaultfd (anon_inode (ioctl read create)))
(dontaudit su simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 23 system/sepolicy/private/simpleperf.te
-(neverallow base_typeattr_941 simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_944 simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow simpleperf appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 23 system/sepolicy/private/simpleperf.te
-(neverallow base_typeattr_942 base_typeattr_941 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_945 base_typeattr_944 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 23 system/sepolicy/private/simpleperf.te
-(neverallow base_typeattr_901 simpleperf (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_905 simpleperf (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 23 system/sepolicy/private/simpleperf.te
-(neverallow base_typeattr_902 simpleperf (process (ptrace)))
+(neverallow base_typeattr_906 simpleperf (process (ptrace)))
;;* lme
(allow simpleperf untrusted_app_all (process (ptrace)))
@@ -27316,11 +27431,32 @@
(allow platform_app simpleperf (process (signal)))
(allow priv_app simpleperf (process (signal)))
(dontaudit simpleperf domain (dir (search)))
-;;* lmx 51 system/sepolicy/private/simpleperf.te
+(allow simpleperf privapp_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow simpleperf privapp_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf privapp_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf app_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow simpleperf app_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf app_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf apk_tmp_file (file (read getattr)))
+(allow simpleperf apk_private_tmp_file (file (read getattr)))
+(allow simpleperf system_linker_exec (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf app_exec_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf asec_public_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow simpleperf vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(allow simpleperf shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
+;;* lmx 63 system/sepolicy/private/simpleperf.te
(neverallow simpleperf self (perf_event (cpu tracepoint)))
;;* lme
+;;* lmx 66 system/sepolicy/private/simpleperf.te
+
+(neverallow base_typeattr_946 simpleperf (process (ptrace)))
+;;* lme
+
(allow shell simpleperf_app_runner_exec (file (read getattr map execute open)))
(allow shell simpleperf_app_runner (process (transition)))
(allow simpleperf_app_runner simpleperf_app_runner_exec (file (read getattr map execute open entrypoint)))
@@ -27329,6 +27465,7 @@
(allow shell simpleperf_app_runner (process (siginh rlimitinh)))
(typetransition shell simpleperf_app_runner_exec process simpleperf_app_runner)
(allow simpleperf_app_runner adbd (fd (use)))
+(allow simpleperf_app_runner adbd (unix_stream_socket (read write)))
(allow simpleperf_app_runner shell (fd (use)))
(allow simpleperf_app_runner devpts (chr_file (ioctl read write)))
(allow simpleperf_app_runner system_data_file (file (ioctl read getattr lock map open watch watch_reads)))
@@ -27349,16 +27486,16 @@
(allow simpleperf_app_runner platform_app (process (dyntransition)))
(allow simpleperf_app_runner priv_app (process (dyntransition)))
(allow simpleperf_app_runner seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow simpleperf_app_runner shell (fifo_file (read write)))
+(allow simpleperf_app_runner shell (fifo_file (read write getattr)))
(allow simpleperf_app_runner shell_data_file (dir (getattr search)))
(allow simpleperf_app_runner shell_data_file (file (write getattr)))
-;;* lmx 44 system/sepolicy/private/simpleperf_app_runner.te
+;;* lmx 45 system/sepolicy/private/simpleperf_app_runner.te
(neverallow simpleperf_app_runner self (capability (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
(neverallow simpleperf_app_runner self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
;;* lme
-;;* lmx 45 system/sepolicy/private/simpleperf_app_runner.te
+;;* lmx 46 system/sepolicy/private/simpleperf_app_runner.te
(neverallow simpleperf_app_runner self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon checkpoint_restore bpf)))
(neverallow simpleperf_app_runner self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon checkpoint_restore bpf)))
@@ -27458,7 +27595,7 @@
(allow snapuserd tmpfs (dir (read watch)))
;;* lmx 56 system/sepolicy/private/snapuserd.te
-(neverallow base_typeattr_943 snapuserd_prop (property_service (set)))
+(neverallow base_typeattr_947 snapuserd_prop (property_service (set)))
;;* lme
(allow snapuserd metadata_file (dir (search)))
@@ -27472,14 +27609,14 @@
(allow snapuserd self (io_uring (sqpoll)))
;;* lmx 73 system/sepolicy/private/snapuserd.te
-(neverallow base_typeattr_944 snapuserd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_948 snapuserd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit snapuserd self (capability (ipc_lock)))
(dontaudit snapuserd self (cap_userns (ipc_lock)))
;;* lmx 84 system/sepolicy/private/snapuserd.te
-(neverallow base_typeattr_945 ctl_snapuserd_prop (property_service (set)))
+(neverallow base_typeattr_949 ctl_snapuserd_prop (property_service (set)))
;;* lme
(allow shell stats_exec (file (read getattr map execute open)))
@@ -27503,7 +27640,7 @@
(allow statsd stats_service (service_manager (add find)))
;;* lmx 27 system/sepolicy/private/stats.te
-(neverallow base_typeattr_946 stats_service (service_manager (add)))
+(neverallow base_typeattr_950 stats_service (service_manager (add)))
;;* lme
(allow statsd stats (fd (use)))
@@ -27515,13 +27652,13 @@
(allow stats_service_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 1 system/sepolicy/private/stats_service_server.te
-(neverallow base_typeattr_947 fwk_stats_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_951 fwk_stats_hwservice (hwservice_manager (add)))
;;* lme
(allow stats_service_server fwk_stats_service (service_manager (add find)))
;;* lmx 2 system/sepolicy/private/stats_service_server.te
-(neverallow base_typeattr_947 fwk_stats_service (service_manager (add)))
+(neverallow base_typeattr_951 fwk_stats_service (service_manager (add)))
;;* lme
(allow stats_service_server servicemanager (binder (call transfer)))
@@ -27560,7 +27697,7 @@
(allow statsd self (io_uring (sqpoll)))
;;* lmx 46 system/sepolicy/private/statsd.te
-(neverallow base_typeattr_946 statsd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_950 statsd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit statsd self (capability (ipc_lock)))
@@ -27610,6 +27747,10 @@
(allow statsd mediaserver (binder (call transfer)))
(allow mediaserver statsd (binder (transfer)))
(allow statsd mediaserver (fd (use)))
+(allow statsd mmd_service (service_manager (find)))
+(allow statsd mmd (binder (call transfer)))
+(allow mmd statsd (binder (transfer)))
+(allow statsd mmd (fd (use)))
(allow statsd logcat_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allow statsd logdr_socket (sock_file (write)))
(allow statsd logd (unix_stream_socket (connectto)))
@@ -27627,24 +27768,24 @@
(allow statsd shell (fifo_file (read write getattr)))
(allow statsd statsdw_socket (sock_file (write)))
(allow statsd statsd (unix_dgram_socket (sendto)))
-;;* lmx 140 system/sepolicy/private/statsd.te
+;;* lmx 144 system/sepolicy/private/statsd.te
-(neverallow base_typeattr_948 stats_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-;;* lme
-
-;;* lmx 141 system/sepolicy/private/statsd.te
-
-(neverallow base_typeattr_949 stats_config_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_952 stats_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 145 system/sepolicy/private/statsd.te
-(neverallow base_typeattr_948 stats_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_953 stats_config_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 146 system/sepolicy/private/statsd.te
+;;* lmx 149 system/sepolicy/private/statsd.te
-(neverallow base_typeattr_949 stats_config_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_952 stats_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+;;* lme
+
+;;* lmx 150 system/sepolicy/private/statsd.te
+
+(neverallow base_typeattr_953 stats_config_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
(allow init storaged_exec (file (read getattr map execute open)))
@@ -27671,7 +27812,7 @@
(allow storaged storaged_service (service_manager (add find)))
;;* lmx 45 system/sepolicy/private/storaged.te
-(neverallow base_typeattr_950 storaged_service (service_manager (add)))
+(neverallow base_typeattr_954 storaged_service (service_manager (add)))
;;* lme
(allow storaged servicemanager (binder (call transfer)))
@@ -27782,7 +27923,7 @@
(allow surfaceflinger traced (unix_stream_socket (connectto)))
(allow traced surfaceflinger (fd (use)))
(allow surfaceflinger adbd (unix_stream_socket (read write getattr)))
-(allow surfaceflinger base_typeattr_251 (unix_stream_socket (read write)))
+(allow surfaceflinger base_typeattr_254 (unix_stream_socket (read write)))
(allow surfaceflinger bootanim (unix_stream_socket (read write)))
(allow surfaceflinger automotive_display_service (unix_stream_socket (read write)))
(allow surfaceflinger dumpstate (binder (call transfer)))
@@ -27824,7 +27965,7 @@
(allow surfaceflinger pdx_display_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 130 system/sepolicy/private/surfaceflinger.te
-(neverallow base_typeattr_951 pdx_display_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_client_endpoint_socket_type (unix_stream_socket (listen accept)))
;;* lme
(allow init pdx_display_manager_endpoint_socket_type (unix_stream_socket (create bind)))
@@ -27833,7 +27974,7 @@
(allow surfaceflinger pdx_display_manager_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 131 system/sepolicy/private/surfaceflinger.te
-(neverallow base_typeattr_951 pdx_display_manager_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_manager_endpoint_socket_type (unix_stream_socket (listen accept)))
;;* lme
(allow init pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (create bind)))
@@ -27842,7 +27983,7 @@
(allow surfaceflinger pdx_display_screenshot_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 132 system/sepolicy/private/surfaceflinger.te
-(neverallow base_typeattr_951 pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (listen accept)))
;;* lme
(allow init pdx_display_vsync_endpoint_socket_type (unix_stream_socket (create bind)))
@@ -27851,7 +27992,7 @@
(allow surfaceflinger pdx_display_vsync_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 133 system/sepolicy/private/surfaceflinger.te
-(neverallow base_typeattr_951 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (listen accept)))
;;* lme
(allow surfaceflinger pdx_bufferhub_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -27887,23 +28028,23 @@
(dontaudit su system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 9 system/sepolicy/private/system_app.te
-(neverallow base_typeattr_952 system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_956 system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow system_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 9 system/sepolicy/private/system_app.te
-(neverallow base_typeattr_953 base_typeattr_952 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_957 base_typeattr_956 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 9 system/sepolicy/private/system_app.te
-(neverallow base_typeattr_954 system_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_958 system_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 9 system/sepolicy/private/system_app.te
-(neverallow base_typeattr_955 system_app (process (ptrace)))
+(neverallow base_typeattr_959 system_app (process (ptrace)))
;;* lme
(allow system_app rootfs (dir (getattr)))
@@ -28026,7 +28167,7 @@
(allow update_engine system_app (binder (transfer)))
(allow system_app update_engine (fd (use)))
(allow system_app servicemanager (service_manager (list)))
-(allow system_app base_typeattr_956 (service_manager (find)))
+(allow system_app base_typeattr_960 (service_manager (find)))
(dontaudit system_app dnsresolver_service (service_manager (find)))
(dontaudit system_app dumpstate_service (service_manager (find)))
(dontaudit system_app installd_service (service_manager (find)))
@@ -28070,12 +28211,12 @@
;;* lmx 199 system/sepolicy/private/system_app.te
-(neverallow base_typeattr_957 adaptive_haptics_prop (property_service (set)))
+(neverallow base_typeattr_961 adaptive_haptics_prop (property_service (set)))
;;* lme
;;* lmx 201 system/sepolicy/private/system_app.te
-(neverallow base_typeattr_957 drm_forcel3_prop (property_service (set)))
+(neverallow base_typeattr_961 drm_forcel3_prop (property_service (set)))
;;* lme
(allow system_app vendor_boot_ota_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -28088,7 +28229,7 @@
(dontaudit su system_server_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 17 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_424 system_server_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_427 system_server_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow system_server zygote_tmpfs (file (read map)))
@@ -28293,6 +28434,9 @@
(allow system_server hal_sensors_server (process (signal)))
(allow system_server hal_vibrator_server (process (signal)))
(allow system_server hal_vr_server (process (signal)))
+(allow system_server hal_wifi_server (process (signal)))
+(allow system_server hal_wifi_hostapd_server (process (signal)))
+(allow system_server hal_wifi_supplicant_server (process (signal)))
(allow system_server system_suspend_server (process (signal)))
(allow system_server artd (process (signal)))
(allow system_server audioserver (process (signal)))
@@ -28821,6 +28965,7 @@
(allow system_server system_boot_reason_prop (file (read getattr map open)))
(allow system_server boottime_prop (file (read getattr map open)))
(allow system_server serialno_prop (file (read getattr map open)))
+(allow system_server usb_uvc_enabled_prop (file (read getattr map open)))
(allow system_server property_socket (sock_file (write)))
(allow system_server init (unix_stream_socket (connectto)))
(allow system_server firstboot_prop (property_service (set)))
@@ -28850,6 +28995,10 @@
(allow system_server net_464xlat_fromvendor_prop (file (read getattr map open)))
(allow system_server hypervisor_prop (file (read getattr map open)))
(allow system_server persist_wm_debug_prop (file (read getattr map open)))
+(allow system_server property_socket (sock_file (write)))
+(allow system_server init (unix_stream_socket (connectto)))
+(allow system_server persist_wm_debug_prop (property_service (set)))
+(allow system_server persist_wm_debug_prop (file (read getattr map open)))
(allow system_server persist_sysui_builder_extras_prop (file (read getattr map open)))
(allow system_server persist_sysui_ranking_update_prop (file (read getattr map open)))
(allow system_server tuner_config_prop (file (read getattr map open)))
@@ -28860,6 +29009,7 @@
(allow system_server traced_oome_heap_session_count_prop (file (read getattr map open)))
(allow system_server sensors_config_prop (file (read getattr map open)))
(allow system_server system_service_enable_prop (file (read getattr map open)))
+(allow system_server mmd_shared_prop (file (read getattr map open)))
(allow system_server system_ndebug_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
(allow system_server system_unsolzygote_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
(allow system_server cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -28900,9 +29050,9 @@
(allow system_server sysfs_zram (file (ioctl read write getattr lock append map open watch watch_reads)))
(allow system_server kernel (security (read_policy)))
(allow system_server system_server_service (service_manager (add find)))
-;;* lmx 990 system/sepolicy/private/system_server.te
+;;* lmx 1000 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_424 system_server_service (service_manager (add)))
+(neverallow base_typeattr_427 system_server_service (service_manager (add)))
;;* lme
(allow system_server artd_service (service_manager (find)))
@@ -28950,9 +29100,9 @@
(allow system_server logd_service (service_manager (find)))
(allow system_server wifi_mainline_supplicant_service (service_manager (find)))
(allow system_server batteryproperties_service (service_manager (add find)))
-;;* lmx 1041 system/sepolicy/private/system_server.te
+;;* lmx 1051 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_424 batteryproperties_service (service_manager (add)))
+(neverallow base_typeattr_427 batteryproperties_service (service_manager (add)))
;;* lme
(allow system_server keystore (keystore2 (add_auth change_password change_user clear_ns clear_uid delete_all_keys get_last_auth_time lock pull_metrics reset unlock)))
@@ -28997,6 +29147,7 @@
(allow system_server adbd_tradeinmode_prop (property_service (set)))
(allow system_server adbd_tradeinmode_prop (file (read getattr map open)))
(allow system_server toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
+(allow system_server pbtombstone_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
(allowx system_server system_data_file (ioctl file (0x6685)))
(allowx system_server apk_data_file (ioctl file (0x6685)))
(allowx system_server apk_tmp_file (ioctl file (0x6685)))
@@ -29109,116 +29260,116 @@
(allow system_server init (unix_stream_socket (connectto)))
(allow system_server power_debug_prop (property_service (set)))
(allow system_server power_debug_prop (file (read getattr map open)))
-;;* lmx 1341 system/sepolicy/private/system_server.te
+;;* lmx 1354 system/sepolicy/private/system_server.te
(neverallow system_server sdcard_type (dir (read write open)))
(neverallow system_server fuse (dir (read write open)))
;;* lme
-;;* lmx 1342 system/sepolicy/private/system_server.te
+;;* lmx 1355 system/sepolicy/private/system_server.te
(neverallow system_server sdcard_type (file (ioctl read write getattr lock append map open watch watch_reads)))
(neverallow system_server fuse (file (ioctl read write getattr lock append map open watch watch_reads)))
;;* lme
-;;* lmx 1352 system/sepolicy/private/system_server.te
+;;* lmx 1365 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_958 (file (create unlink link open)))
+(neverallow system_server base_typeattr_962 (file (create unlink link open)))
;;* lme
-;;* lmx 1363 system/sepolicy/private/system_server.te
+;;* lmx 1377 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_959 (file (execute_no_trans)))
+(neverallow system_server base_typeattr_963 (file (execute_no_trans)))
;;* lme
-;;* lmx 1368 system/sepolicy/private/system_server.te
+;;* lmx 1382 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_960 (process (transition)))
+(neverallow system_server base_typeattr_964 (process (transition)))
;;* lme
-;;* lmx 1369 system/sepolicy/private/system_server.te
+;;* lmx 1383 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_236 (process (dyntransition)))
+(neverallow system_server base_typeattr_239 (process (dyntransition)))
;;* lme
-;;* lmx 1372 system/sepolicy/private/system_server.te
+;;* lmx 1386 system/sepolicy/private/system_server.te
(neverallow system_server perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 1375 system/sepolicy/private/system_server.te
+;;* lmx 1389 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_961 system_ndebug_socket (sock_file (write open)))
+(neverallow base_typeattr_965 system_ndebug_socket (sock_file (write open)))
;;* lme
-;;* lmx 1385 system/sepolicy/private/system_server.te
+;;* lmx 1399 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_962 system_unsolzygote_socket (sock_file (write open)))
+(neverallow base_typeattr_966 system_unsolzygote_socket (sock_file (write open)))
;;* lme
-;;* lmx 1416 system/sepolicy/private/system_server.te
+;;* lmx 1430 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_963 device_config_activity_manager_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_input_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_netd_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_aconfig_flags_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_edgetpu_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_media_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_nnapi_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_runtime_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_runtime_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_surface_flinger_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_core_experiments_team_internal_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_lmkd_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_mglru_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_mmd_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_remote_key_provisioning_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_storage_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_sys_traced_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_window_manager_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_connectivity_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_swcodec_native_prop (property_service (set)))
-(neverallow base_typeattr_963 device_config_tethering_u_or_later_native_prop (property_service (set)))
-(neverallow base_typeattr_963 next_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_activity_manager_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_input_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_netd_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_aconfig_flags_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_edgetpu_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_media_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_nnapi_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_runtime_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_runtime_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_surface_flinger_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_core_experiments_team_internal_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_lmkd_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_mglru_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_mmd_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_remote_key_provisioning_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_storage_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_sys_traced_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_window_manager_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_connectivity_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_swcodec_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_tethering_u_or_later_native_prop (property_service (set)))
+(neverallow base_typeattr_967 next_boot_prop (property_service (set)))
;;* lme
-;;* lmx 1423 system/sepolicy/private/system_server.te
+;;* lmx 1437 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 tuner_server_ctl_prop (property_service (set)))
+(neverallow base_typeattr_430 tuner_server_ctl_prop (property_service (set)))
;;* lme
-;;* lmx 1429 system/sepolicy/private/system_server.te
+;;* lmx 1443 system/sepolicy/private/system_server.te
(neverallow system_server dex2oat_exec (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1434 system/sepolicy/private/system_server.te
+;;* lmx 1448 system/sepolicy/private/system_server.te
(neverallow system_server data_file_type (file (execute execute_no_trans)))
;;* lme
-;;* lmx 1441 system/sepolicy/private/system_server.te
+;;* lmx 1455 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_964 (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow system_server base_typeattr_968 (blk_file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1442 system/sepolicy/private/system_server.te
+;;* lmx 1456 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_965 (blk_file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow system_server base_typeattr_969 (blk_file (ioctl read getattr lock map open watch watch_reads)))
;;* lme
-;;* lmx 1450 system/sepolicy/private/system_server.te
+;;* lmx 1464 system/sepolicy/private/system_server.te
(neverallow system_server self (process (execmem)))
;;* lme
-;;* lmx 1453 system/sepolicy/private/system_server.te
+;;* lmx 1467 system/sepolicy/private/system_server.te
(neverallow system_server ashmem_device (chr_file (execute)))
(neverallow system_server ashmem_libcutils_device (chr_file (execute)))
;;* lme
-;;* lmx 1456 system/sepolicy/private/system_server.te
+;;* lmx 1470 system/sepolicy/private/system_server.te
(neverallow system_server system_server_tmpfs (file (execute)))
;;* lme
@@ -29300,96 +29451,96 @@
(allow system_server init (unix_stream_socket (connectto)))
(allow system_server userspace_reboot_log_prop (property_service (set)))
(allow system_server userspace_reboot_log_prop (file (read getattr map open)))
-;;* lmx 1572 system/sepolicy/private/system_server.te
+;;* lmx 1586 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_371 system_jvmti_agent_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_374 system_jvmti_agent_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow system_server proc_pressure_mem (file (ioctl read write getattr lock append map open watch watch_reads)))
(allow system_server proc_pressure_cpu (file (ioctl read getattr lock map open watch watch_reads)))
(allow system_server proc_pressure_io (file (ioctl read getattr lock map open watch watch_reads)))
-;;* lmx 1580 system/sepolicy/private/system_server.te
+;;* lmx 1594 system/sepolicy/private/system_server.te
-(neverallow system_server base_typeattr_424 (process (ptrace)))
+(neverallow system_server base_typeattr_427 (process (ptrace)))
;;* lme
-;;* lmx 1584 system/sepolicy/private/system_server.te
+;;* lmx 1598 system/sepolicy/private/system_server.te
(neverallow system_server system_server (capability (sys_resource)))
(neverallow system_server system_server (cap_userns (sys_resource)))
;;* lme
-;;* lmx 1587 system/sepolicy/private/system_server.te
+;;* lmx 1601 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 password_slot_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_430 password_slot_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 1592 system/sepolicy/private/system_server.te
+;;* lmx 1606 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 password_slot_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_427 password_slot_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_427 password_slot_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_427 password_slot_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 password_slot_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_430 password_slot_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 password_slot_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 password_slot_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1593 system/sepolicy/private/system_server.te
+;;* lmx 1607 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 password_slot_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_427 password_slot_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_427 password_slot_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_427 password_slot_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 password_slot_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_430 password_slot_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 password_slot_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 password_slot_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow system_server property_socket (sock_file (write)))
(allow system_server init (unix_stream_socket (connectto)))
(allow system_server binder_cache_system_server_prop (property_service (set)))
(allow system_server binder_cache_system_server_prop (file (read getattr map open)))
-;;* lmx 1598 system/sepolicy/private/system_server.te
+;;* lmx 1612 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 binder_cache_system_server_prop (property_service (set)))
+(neverallow base_typeattr_430 binder_cache_system_server_prop (property_service (set)))
;;* lme
(allow system_server self (perf_event (open cpu kernel write)))
-;;* lmx 1603 system/sepolicy/private/system_server.te
+;;* lmx 1617 system/sepolicy/private/system_server.te
(neverallow system_server self (perf_event (tracepoint read)))
;;* lme
(allow system_server shutdown_checkpoints_system_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
(allow system_server shutdown_checkpoints_system_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-;;* lmx 1610 system/sepolicy/private/system_server.te
+;;* lmx 1624 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 socket_hook_prop (property_service (set)))
+(neverallow base_typeattr_430 socket_hook_prop (property_service (set)))
;;* lme
-;;* lmx 1612 system/sepolicy/private/system_server.te
+;;* lmx 1626 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 boot_status_prop (property_service (set)))
+(neverallow base_typeattr_430 boot_status_prop (property_service (set)))
;;* lme
-;;* lmx 1620 system/sepolicy/private/system_server.te
+;;* lmx 1634 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_371 wifi_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_374 wifi_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1629 system/sepolicy/private/system_server.te
+;;* lmx 1643 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_966 sysfs_uhid (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_970 sysfs_uhid (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1635 system/sepolicy/private/system_server.te
+;;* lmx 1649 system/sepolicy/private/system_server.te
-(neverallowx base_typeattr_424 binder_device (ioctl chr_file ((range 0x620e 0x620f))))
+(neverallowx base_typeattr_427 binder_device (ioctl chr_file ((range 0x620e 0x620f))))
;;* lme
-;;* lmx 1638 system/sepolicy/private/system_server.te
+;;* lmx 1652 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 font_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_430 font_data_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
-;;* lmx 1639 system/sepolicy/private/system_server.te
+;;* lmx 1653 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 font_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_430 font_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
(allow system_server system_font_fallback_file (file (ioctl read getattr lock map open watch watch_reads)))
@@ -29407,15 +29558,15 @@
(allow system_server init (unix_stream_socket (connectto)))
(allow system_server hint_manager_config_prop (property_service (set)))
(allow system_server hint_manager_config_prop (file (read getattr map open)))
-;;* lmx 1667 system/sepolicy/private/system_server.te
+;;* lmx 1681 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_385 hint_manager_config_prop (property_service (set)))
+(neverallow base_typeattr_388 hint_manager_config_prop (property_service (set)))
;;* lme
(allow system_server threadnetwork_config_prop (file (read getattr map open)))
-;;* lmx 1679 system/sepolicy/private/system_server.te
+;;* lmx 1693 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_371 threadnetwork_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_374 threadnetwork_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow system_server pre_reboot_dexopt_file (dir (getattr search)))
@@ -29426,24 +29577,24 @@
(allow system_server derive_classpath (process (sigkill)))
(allow system_server dex2oat (process (sigkill)))
(allow system_server odrefresh (process (sigkill)))
-;;* lmx 1705 system/sepolicy/private/system_server.te
+;;* lmx 1719 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 crashrecovery_prop (property_service (set)))
+(neverallow base_typeattr_430 crashrecovery_prop (property_service (set)))
;;* lme
-;;* lmx 1706 system/sepolicy/private/system_server.te
+;;* lmx 1720 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_473 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_476 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1709 system/sepolicy/private/system_server.te
+;;* lmx 1723 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_427 tradeinmode_metadata_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_430 tradeinmode_metadata_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 1717 system/sepolicy/private/system_server.te
+;;* lmx 1731 system/sepolicy/private/system_server.te
-(neverallow base_typeattr_967 power_debug_prop (property_service (set)))
+(neverallow base_typeattr_971 power_debug_prop (property_service (set)))
;;* lme
(typetransition system_server_startup tmpfs file system_server_startup_tmpfs)
@@ -29468,13 +29619,13 @@
(allow system_suspend system_suspend_control_service (service_manager (add find)))
;;* lmx 8 system/sepolicy/private/system_suspend.te
-(neverallow base_typeattr_968 system_suspend_control_service (service_manager (add)))
+(neverallow base_typeattr_972 system_suspend_control_service (service_manager (add)))
;;* lme
(allow system_suspend hal_system_suspend_service (service_manager (add find)))
;;* lmx 10 system/sepolicy/private/system_suspend.te
-(neverallow base_typeattr_968 hal_system_suspend_service (service_manager (add)))
+(neverallow base_typeattr_972 hal_system_suspend_service (service_manager (add)))
;;* lme
(allow system_suspend sysfs_power (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -29501,18 +29652,18 @@
(allow init sysfs_sync_on_suspend (file (write lock append map open)))
;;* lmx 56 system/sepolicy/private/system_suspend.te
-(neverallow base_typeattr_969 system_suspend_control_service (service_manager (find)))
+(neverallow base_typeattr_973 system_suspend_control_service (service_manager (find)))
;;* lme
(allow system_suspend_internal_server system_suspend_control_internal_service (service_manager (add find)))
;;* lmx 2 system/sepolicy/private/system_suspend_internal_server.te
-(neverallow base_typeattr_970 system_suspend_control_internal_service (service_manager (add)))
+(neverallow base_typeattr_974 system_suspend_control_internal_service (service_manager (add)))
;;* lme
;;* lmx 12 system/sepolicy/private/system_suspend_internal_server.te
-(neverallow base_typeattr_971 system_suspend_control_internal_service (service_manager (find)))
+(neverallow base_typeattr_975 system_suspend_control_internal_service (service_manager (find)))
;;* lme
(allow system_suspend_server hwservicemanager (binder (call transfer)))
@@ -29522,7 +29673,7 @@
(allow system_suspend_server hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 6 system/sepolicy/private/system_suspend_server.te
-(neverallow base_typeattr_972 system_suspend_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_976 system_suspend_hwservice (hwservice_manager (add)))
;;* lme
(allow tee fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
@@ -29544,7 +29695,7 @@
(allow tombstoned anr_data_file (file (create getattr append unlink link open)))
;;* lmx 31 system/sepolicy/private/tombstoned.te
-(neverallow base_typeattr_973 tombstone_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_977 tombstone_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow init toolbox_exec (file (read getattr map execute open)))
@@ -29567,17 +29718,17 @@
(allowx toolbox media_userdir_file (ioctl dir ((range 0x6601 0x6602))))
;;* lmx 42 system/sepolicy/private/toolbox.te
-(neverallow base_typeattr_235 toolbox (process (transition)))
+(neverallow base_typeattr_238 toolbox (process (transition)))
;;* lme
;;* lmx 43 system/sepolicy/private/toolbox.te
-(neverallow base_typeattr_236 toolbox (process (dyntransition)))
+(neverallow base_typeattr_239 toolbox (process (dyntransition)))
;;* lme
;;* lmx 44 system/sepolicy/private/toolbox.te
-(neverallow toolbox base_typeattr_974 (file (entrypoint)))
+(neverallow toolbox base_typeattr_978 (file (entrypoint)))
;;* lme
(allow trace_redactor system_server (fd (use)))
@@ -29615,6 +29766,8 @@
(allow traced heapprofd_tmpfs (file (read write getattr map)))
(allow traced traced_probes_tmpfs (file (read write getattr map)))
(allow traced cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow traced traced_config_prop (file (read getattr map open)))
+(allow traced traced_relay_relay_port_prop (file (read getattr map open)))
(allow traced property_socket (sock_file (write)))
(allow traced init (unix_stream_socket (connectto)))
(allow traced debug_prop (property_service (set)))
@@ -29633,49 +29786,49 @@
(allow traced traced_oome_heap_session_count_prop (file (read getattr map open)))
(allow traced statsdw_socket (sock_file (write)))
(allow traced statsd (unix_dgram_socket (sendto)))
-;;* lmx 85 system/sepolicy/private/traced.te
+;;* lmx 90 system/sepolicy/private/traced.te
(neverallow traced self (process (execmem)))
;;* lme
-;;* lmx 88 system/sepolicy/private/traced.te
+;;* lmx 93 system/sepolicy/private/traced.te
(neverallow traced dev_type (blk_file (read write)))
;;* lme
-;;* lmx 91 system/sepolicy/private/traced.te
+;;* lmx 96 system/sepolicy/private/traced.te
(neverallow traced domain (process (ptrace)))
;;* lme
-;;* lmx 107 system/sepolicy/private/traced.te
+;;* lmx 112 system/sepolicy/private/traced.te
-(neverallow traced base_typeattr_975 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow traced base_typeattr_979 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
-;;* lmx 108 system/sepolicy/private/traced.te
+;;* lmx 113 system/sepolicy/private/traced.te
(neverallow traced system_data_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 114 system/sepolicy/private/traced.te
+;;* lmx 119 system/sepolicy/private/traced.te
-(neverallow traced base_typeattr_976 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow traced base_typeattr_980 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 117 system/sepolicy/private/traced.te
+;;* lmx 122 system/sepolicy/private/traced.te
-(neverallow base_typeattr_235 traced (process (transition)))
+(neverallow base_typeattr_238 traced (process (transition)))
;;* lme
-;;* lmx 118 system/sepolicy/private/traced.te
+;;* lmx 123 system/sepolicy/private/traced.te
-(neverallow base_typeattr_236 traced (process (dyntransition)))
+(neverallow base_typeattr_239 traced (process (dyntransition)))
;;* lme
-;;* lmx 130 system/sepolicy/private/traced.te
+;;* lmx 135 system/sepolicy/private/traced.te
-(neverallow base_typeattr_977 tracingproxy_service (service_manager (find)))
+(neverallow base_typeattr_981 tracingproxy_service (service_manager (find)))
;;* lme
(allow init traced_perf_exec (file (read getattr map execute open)))
@@ -29844,7 +29997,7 @@
;;* lmx 163 system/sepolicy/private/traced_probes.te
-(neverallow traced_probes base_typeattr_978 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow traced_probes base_typeattr_982 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 164 system/sepolicy/private/traced_probes.te
@@ -29854,17 +30007,17 @@
;;* lmx 170 system/sepolicy/private/traced_probes.te
-(neverallow traced_probes base_typeattr_979 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow traced_probes base_typeattr_983 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
;;* lmx 173 system/sepolicy/private/traced_probes.te
-(neverallow base_typeattr_235 traced_probes (process (transition)))
+(neverallow base_typeattr_238 traced_probes (process (transition)))
;;* lme
;;* lmx 174 system/sepolicy/private/traced_probes.te
-(neverallow base_typeattr_236 traced_probes (process (dyntransition)))
+(neverallow base_typeattr_239 traced_probes (process (dyntransition)))
;;* lme
(typetransition traceur_app tmpfs file appdomain_tmpfs)
@@ -29872,23 +30025,23 @@
(dontaudit su traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 3 system/sepolicy/private/traceur_app.te
-(neverallow base_typeattr_980 traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_984 traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow traceur_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 3 system/sepolicy/private/traceur_app.te
-(neverallow base_typeattr_981 base_typeattr_980 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_985 base_typeattr_984 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/traceur_app.te
-(neverallow base_typeattr_982 traceur_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_986 traceur_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 3 system/sepolicy/private/traceur_app.te
-(neverallow base_typeattr_983 traceur_app (process (ptrace)))
+(neverallow base_typeattr_987 traceur_app (process (ptrace)))
;;* lme
(allow traceur_app debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -29908,7 +30061,7 @@
(allow traceur_app debug_prop (file (read getattr map open)))
(allow traceur_app servicemanager (service_manager (list)))
(allow traceur_app hwservicemanager (hwservice_manager (list)))
-(allow traceur_app base_typeattr_984 (service_manager (find)))
+(allow traceur_app base_typeattr_988 (service_manager (find)))
(dontaudit traceur_app service_manager_type (service_manager (find)))
(dontaudit traceur_app hwservice_manager_type (hwservice_manager (find)))
(dontaudit traceur_app domain (binder (call)))
@@ -29973,9 +30126,9 @@
(allow ueventd selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
(allow ueventd selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
(allow ueventd selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow ueventd base_typeattr_985 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow ueventd base_typeattr_985 (file (ioctl read getattr lock map open watch watch_reads)))
-(allow ueventd base_typeattr_985 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow ueventd base_typeattr_989 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow ueventd base_typeattr_989 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow ueventd base_typeattr_989 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow ueventd apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
(allow ueventd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow ueventd self (process (setfscreate)))
@@ -29992,22 +30145,23 @@
(allow ueventd dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow ueventd self (capability (sys_admin)))
(allow ueventd apexd_prop (file (read getattr map open)))
-;;* lmx 83 system/sepolicy/private/ueventd.te
+(allow ueventd block_device (lnk_file (relabelfrom)))
+;;* lmx 86 system/sepolicy/private/ueventd.te
(neverallow ueventd dev_type (blk_file (ioctl read write lock append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
-;;* lmx 86 system/sepolicy/private/ueventd.te
+;;* lmx 89 system/sepolicy/private/ueventd.te
(neverallow ueventd port_device (chr_file (ioctl read write lock relabelfrom append map link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
;;* lme
-;;* lmx 89 system/sepolicy/private/ueventd.te
+;;* lmx 92 system/sepolicy/private/ueventd.te
-(neverallow base_typeattr_236 ueventd (process (ptrace)))
+(neverallow base_typeattr_239 ueventd (process (ptrace)))
;;* lme
-;;* lmx 92 system/sepolicy/private/ueventd.te
+;;* lmx 95 system/sepolicy/private/ueventd.te
(neverallow ueventd fs_type (file (execute_no_trans)))
(neverallow ueventd file_type (file (execute_no_trans)))
@@ -30055,23 +30209,23 @@
(dontaudit su untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 13 system/sepolicy/private/untrusted_app.te
-(neverallow base_typeattr_986 untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_990 untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow untrusted_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 13 system/sepolicy/private/untrusted_app.te
-(neverallow base_typeattr_987 base_typeattr_986 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_991 base_typeattr_990 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app.te
-(neverallow base_typeattr_988 untrusted_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_992 untrusted_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app.te
-(neverallow base_typeattr_989 untrusted_app (process (ptrace)))
+(neverallow base_typeattr_993 untrusted_app (process (ptrace)))
;;* lme
(allow untrusted_app sdk_sandbox_data_file (fd (use)))
@@ -30086,23 +30240,23 @@
(dontaudit su untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
-(neverallow base_typeattr_990 untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_994 untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow untrusted_app_25 appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
-(neverallow base_typeattr_991 base_typeattr_990 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_995 base_typeattr_994 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
-(neverallow base_typeattr_992 untrusted_app_25 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_996 untrusted_app_25 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
-(neverallow base_typeattr_993 untrusted_app_25 (process (ptrace)))
+(neverallow base_typeattr_997 untrusted_app_25 (process (ptrace)))
;;* lme
(allow untrusted_app_25 proc_misc (file (ioctl read getattr lock map open watch watch_reads)))
@@ -30127,23 +30281,23 @@
(dontaudit su untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
-(neverallow base_typeattr_994 untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_998 untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow untrusted_app_27 appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
-(neverallow base_typeattr_995 base_typeattr_994 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_999 base_typeattr_998 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
-(neverallow base_typeattr_996 untrusted_app_27 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1000 untrusted_app_27 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
-(neverallow base_typeattr_997 untrusted_app_27 (process (ptrace)))
+(neverallow base_typeattr_1001 untrusted_app_27 (process (ptrace)))
;;* lme
(allow untrusted_app_27 apk_data_file (file (execmod)))
@@ -30166,23 +30320,23 @@
(dontaudit su untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
-(neverallow base_typeattr_998 untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1002 untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow untrusted_app_29 appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
-(neverallow base_typeattr_999 base_typeattr_998 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1003 base_typeattr_1002 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
-(neverallow base_typeattr_1000 untrusted_app_29 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1004 untrusted_app_29 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
-(neverallow base_typeattr_1001 untrusted_app_29 (process (ptrace)))
+(neverallow base_typeattr_1005 untrusted_app_29 (process (ptrace)))
;;* lme
(allow untrusted_app_29 self (netlink_route_socket (nlmsg_getneigh)))
@@ -30196,23 +30350,23 @@
(dontaudit su untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
-(neverallow base_typeattr_1002 untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1006 untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow untrusted_app_30 appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
-(neverallow base_typeattr_1003 base_typeattr_1002 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1007 base_typeattr_1006 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
-(neverallow base_typeattr_1004 untrusted_app_30 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1008 untrusted_app_30 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
-(neverallow base_typeattr_1005 untrusted_app_30 (process (ptrace)))
+(neverallow base_typeattr_1009 untrusted_app_30 (process (ptrace)))
;;* lme
(allow untrusted_app_30 self (netlink_route_socket (nlmsg_getneigh)))
@@ -30226,23 +30380,23 @@
(dontaudit su untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
-(neverallow base_typeattr_1006 untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1010 untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow untrusted_app_32 appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
-(neverallow base_typeattr_1007 base_typeattr_1006 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1011 base_typeattr_1010 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
-(neverallow base_typeattr_1008 untrusted_app_32 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1012 untrusted_app_32 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
-(neverallow base_typeattr_1009 untrusted_app_32 (process (ptrace)))
+(neverallow base_typeattr_1013 untrusted_app_32 (process (ptrace)))
;;* lme
(allow untrusted_app_32 sdk_sandbox_data_file (fd (use)))
@@ -30333,7 +30487,7 @@
(allowx untrusted_app_all untrusted_app_all_devpts (ioctl chr_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
;;* lmx 157 system/sepolicy/private/untrusted_app_all.te
-(neverallowx base_typeattr_236 untrusted_app_all_devpts (ioctl chr_file (0x5412)))
+(neverallowx base_typeattr_239 untrusted_app_all_devpts (ioctl chr_file (0x5412)))
;;* lme
(allow untrusted_app_all virtualizationmanager_exec (file (read getattr map execute open)))
@@ -30428,13 +30582,13 @@
(allow update_engine update_engine_service (service_manager (add find)))
;;* lmx 72 system/sepolicy/private/update_engine.te
-(neverallow base_typeattr_1010 update_engine_service (service_manager (add)))
+(neverallow base_typeattr_1014 update_engine_service (service_manager (add)))
;;* lme
(allow update_engine update_engine_stable_service (service_manager (add find)))
;;* lmx 73 system/sepolicy/private/update_engine.te
-(neverallow base_typeattr_1010 update_engine_stable_service (service_manager (add)))
+(neverallow base_typeattr_1014 update_engine_stable_service (service_manager (add)))
;;* lme
(allow update_engine priv_app (binder (call transfer)))
@@ -30570,9 +30724,9 @@
(allow system_server uprobestats (binder (transfer)))
(allow uprobestats system_server (fd (use)))
(allow uprobestats package_native_service (service_manager (find)))
-(allow uprobestats base_typeattr_260 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow uprobestats base_typeattr_260 (file (ioctl read getattr lock map open watch watch_reads)))
-(allow uprobestats base_typeattr_260 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow uprobestats base_typeattr_263 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow uprobestats base_typeattr_263 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow uprobestats base_typeattr_263 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow uprobestats uprobestats_configs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
(allow uprobestats uprobestats_configs_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
(allow init usbd_exec (file (read getattr map execute open)))
@@ -30637,7 +30791,7 @@
(allow vendor_init device_config_virtualization_framework_native_prop (file (read getattr map open)))
(allow vendor_init apex_ready_prop (file (read getattr map open)))
(allow vendor_init fstype_prop (file (read getattr map open)))
-(allow vendor_init base_typeattr_1011 (chr_file (setattr)))
+(allow vendor_init base_typeattr_1015 (chr_file (setattr)))
(allow vendor_init init (unix_stream_socket (read write)))
(allow vendor_init kmsg_device (chr_file (write getattr open)))
(allow vendor_init device (dir (mounton)))
@@ -30658,29 +30812,29 @@
(allow vendor_init unencrypted_data_file (file (ioctl read getattr lock map open watch watch_reads)))
(allowx vendor_init data_file_type (ioctl dir (0x6613 0x6615)))
(allow vendor_init system_data_file (dir (getattr)))
-(allow vendor_init base_typeattr_1012 (dir (ioctl read write create getattr setattr relabelfrom open add_name remove_name search rmdir)))
+(allow vendor_init base_typeattr_1016 (dir (ioctl read write create getattr setattr relabelfrom open add_name remove_name search rmdir)))
(allow vendor_init unlabeled (file (getattr relabelfrom)))
(allow vendor_init unlabeled (dir (getattr relabelfrom)))
(allow vendor_init unlabeled (lnk_file (getattr relabelfrom)))
(allow vendor_init unlabeled (sock_file (getattr relabelfrom)))
(allow vendor_init unlabeled (fifo_file (getattr relabelfrom)))
-(allow vendor_init base_typeattr_1013 (file (read write create getattr setattr relabelfrom map unlink open)))
-(allow vendor_init base_typeattr_1014 (sock_file (read create getattr setattr relabelfrom unlink open)))
-(allow vendor_init base_typeattr_1014 (fifo_file (read create getattr setattr relabelfrom unlink open)))
-(allow vendor_init base_typeattr_1015 (lnk_file (create getattr setattr relabelfrom unlink)))
-(allow vendor_init base_typeattr_1016 (file (relabelto)))
-(allow vendor_init base_typeattr_1016 (dir (relabelto)))
-(allow vendor_init base_typeattr_1016 (lnk_file (relabelto)))
-(allow vendor_init base_typeattr_1016 (chr_file (relabelto)))
-(allow vendor_init base_typeattr_1016 (blk_file (relabelto)))
-(allow vendor_init base_typeattr_1016 (sock_file (relabelto)))
-(allow vendor_init base_typeattr_1016 (fifo_file (relabelto)))
+(allow vendor_init base_typeattr_1017 (file (read write create getattr setattr relabelfrom map unlink open)))
+(allow vendor_init base_typeattr_1018 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow vendor_init base_typeattr_1018 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow vendor_init base_typeattr_1019 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow vendor_init base_typeattr_1020 (file (relabelto)))
+(allow vendor_init base_typeattr_1020 (dir (relabelto)))
+(allow vendor_init base_typeattr_1020 (lnk_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (chr_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (blk_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (sock_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (fifo_file (relabelto)))
(allow vendor_init dev_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
(allow vendor_init dev_type (lnk_file (create)))
(allow vendor_init debugfs_tracing (file (write lock append map open)))
-(allow vendor_init base_typeattr_1017 (file (read setattr map open)))
+(allow vendor_init base_typeattr_1021 (file (read setattr map open)))
(allow vendor_init tracefs_type (file (read setattr map open)))
-(allow vendor_init base_typeattr_1018 (dir (read setattr open search)))
+(allow vendor_init base_typeattr_1022 (dir (read setattr open search)))
(allow vendor_init dev_type (blk_file (getattr)))
(allow vendor_init proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
(allow vendor_init proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
@@ -30691,7 +30845,7 @@
(allow vendor_init proc_page_cluster (file (write lock append map open)))
(allow vendor_init sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
(allow vendor_init sysfs_type (lnk_file (read)))
-(allow vendor_init base_typeattr_1019 (file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow vendor_init base_typeattr_1023 (file (ioctl read write getattr lock append map open watch watch_reads)))
(allow vendor_init self (process (setfscreate)))
(allow vendor_init vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
(allow vendor_init vendor_file_type (file (ioctl read getattr lock map open watch watch_reads)))
@@ -30898,68 +31052,68 @@
(allow vendor_init device_config_vendor_system_native_boot_prop (file (read getattr map open)))
;;* lmx 341 system/sepolicy/private/vendor_init.te
-(neverallow vendor_init base_typeattr_1020 (socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (tcp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (udp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (rawip_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (packet_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (key_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (unix_stream_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (unix_dgram_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_route_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_tcpdiag_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_nflog_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_xfrm_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_selinux_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_audit_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_dnrt_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_kobject_uevent_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (appletalk_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (tun_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_iscsi_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_fib_lookup_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_connector_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_netfilter_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_generic_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_scsitransport_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_rdma_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netlink_crypto_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (sctp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (icmp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (ax25_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (ipx_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (netrom_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (atmpvc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (x25_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (rose_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (decnet_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (atmsvc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (rds_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (irda_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (pppox_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (llc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (can_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (tipc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (bluetooth_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (iucv_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (rxrpc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (isdn_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (phonet_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (ieee802154_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (caif_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (alg_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (nfc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (vsock_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (kcm_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (qipcrtr_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (smc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1020 (xdp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (tcp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (udp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rawip_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (packet_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (key_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (unix_stream_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (unix_dgram_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_route_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_nflog_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_xfrm_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_selinux_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_audit_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_dnrt_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (appletalk_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (tun_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_iscsi_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_connector_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_netfilter_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_generic_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_scsitransport_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_rdma_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_crypto_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (sctp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (icmp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (ax25_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (ipx_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netrom_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (atmpvc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (x25_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rose_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (decnet_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (atmsvc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rds_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (irda_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (pppox_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (llc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (can_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (tipc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (bluetooth_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (iucv_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rxrpc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (isdn_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (phonet_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (ieee802154_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (caif_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (alg_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (nfc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (vsock_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (kcm_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (qipcrtr_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (smc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (xdp_socket (connect sendto)))
;;* lme
;;* lmx 341 system/sepolicy/private/vendor_init.te
-(neverallow vendor_init base_typeattr_1020 (unix_stream_socket (connectto)))
+(neverallow vendor_init base_typeattr_1024 (unix_stream_socket (connectto)))
;;* lme
;;* lmx 346 system/sepolicy/private/vendor_init.te
@@ -30969,12 +31123,12 @@
;;* lmx 347 system/sepolicy/private/vendor_init.te
-(neverallow base_typeattr_235 vendor_init (process (transition)))
+(neverallow base_typeattr_238 vendor_init (process (transition)))
;;* lme
;;* lmx 348 system/sepolicy/private/vendor_init.te
-(neverallow vendor_init base_typeattr_757 (file (entrypoint)))
+(neverallow vendor_init base_typeattr_761 (file (entrypoint)))
;;* lme
;;* lmx 351 system/sepolicy/private/vendor_init.te
@@ -31010,7 +31164,7 @@
;;* lmx 364 system/sepolicy/private/vendor_init.te
-(neverallow base_typeattr_236 vendor_init (process (ptrace)))
+(neverallow base_typeattr_239 vendor_init (process (ptrace)))
;;* lme
(allow vendor_misc_writer misc_block_device (blk_file (write lock append map open)))
@@ -31036,7 +31190,7 @@
(allow vendor_shell input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
;;* lmx 3 system/sepolicy/private/vendor_toolbox.te
-(neverallow base_typeattr_1021 vendor_toolbox_exec (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_1025 vendor_toolbox_exec (file (execute execute_no_trans entrypoint)))
;;* lme
(allow init vfio_handler_exec (file (read getattr map execute open)))
@@ -31048,7 +31202,7 @@
(allow vfio_handler vfio_handler_service (service_manager (add find)))
;;* lmx 1 system/sepolicy/private/vfio_handler.te
-(neverallow base_typeattr_1022 vfio_handler_service (service_manager (add)))
+(neverallow base_typeattr_1026 vfio_handler_service (service_manager (add)))
;;* lme
(allow vfio_handler servicemanager (binder (call transfer)))
@@ -31086,14 +31240,14 @@
(allow virtual_camera appdomain (binder (call transfer)))
(allow appdomain virtual_camera (binder (transfer)))
(allow virtual_camera appdomain (fd (use)))
-(allow virtual_camera base_typeattr_556 (fd (use)))
+(allow virtual_camera base_typeattr_560 (fd (use)))
(allow virtual_camera surfaceflinger (binder (call transfer)))
(allow surfaceflinger virtual_camera (binder (transfer)))
(allow virtual_camera surfaceflinger (fd (use)))
(allow virtual_camera virtual_camera_service (service_manager (add find)))
;;* lmx 37 system/sepolicy/private/virtual_camera.te
-(neverallow base_typeattr_1023 virtual_camera_service (service_manager (add)))
+(neverallow base_typeattr_1027 virtual_camera_service (service_manager (add)))
;;* lme
(allow virtual_camera gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -31142,7 +31296,7 @@
(allow virtual_touchpad virtual_touchpad_service (service_manager (add find)))
;;* lmx 7 system/sepolicy/private/virtual_touchpad.te
-(neverallow base_typeattr_1024 virtual_touchpad_service (service_manager (add)))
+(neverallow base_typeattr_1028 virtual_touchpad_service (service_manager (add)))
;;* lme
(allow virtual_touchpad system_server (binder (call transfer)))
@@ -31191,7 +31345,7 @@
(allow virtualizationmanager self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
;;* lmx 64 system/sepolicy/private/virtual_touchpad.te
-(neverallow base_typeattr_1025 virtualizationmanager (vsock_socket (create bind connect listen accept)))
+(neverallow base_typeattr_1029 virtualizationmanager (vsock_socket (create bind connect listen accept)))
;;* lme
(allow virtualizationmanager hypervisor_prop (file (read getattr map open)))
@@ -31199,13 +31353,13 @@
(dontaudit virtualizationmanager hypervisor_pvmfw_prop (file (read)))
;;* lmx 79 system/sepolicy/private/virtual_touchpad.te
-(neverallow base_typeattr_1026 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1030 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop (file (read)))
;;* lmx 90 system/sepolicy/private/virtual_touchpad.te
-(neverallow base_typeattr_1026 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1030 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow virtualizationmanager tombstoned_crash_socket (sock_file (write)))
@@ -31221,12 +31375,12 @@
(allow virtualizationmanager vendor_microdroid_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow virtualizationmanager vendor_microdroid_file (file (ioctl read getattr lock map open watch watch_reads)))
(allow virtualizationmanager vendor_microdroid_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-;;* lmx 118 system/sepolicy/private/virtual_touchpad.te
+;;* lmx 122 system/sepolicy/private/virtual_touchpad.te
(neverallow domain vendor_microdroid_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
;;* lme
-;;* lmx 119 system/sepolicy/private/virtual_touchpad.te
+;;* lmx 127 system/sepolicy/private/virtual_touchpad.te
(neverallow domain vendor_microdroid_file (file (write create setattr relabelfrom append unlink link rename)))
;;* lme
@@ -31258,13 +31412,13 @@
(allow virtualizationservice virtualization_service (service_manager (add find)))
;;* lmx 16 system/sepolicy/private/virtualizationservice.te
-(neverallow base_typeattr_1027 virtualization_service (service_manager (add)))
+(neverallow base_typeattr_1031 virtualization_service (service_manager (add)))
;;* lme
(allow virtualizationservice virtualization_maintenance_service (service_manager (add find)))
;;* lmx 17 system/sepolicy/private/virtualizationservice.te
-(neverallow base_typeattr_1027 virtualization_maintenance_service (service_manager (add)))
+(neverallow base_typeattr_1031 virtualization_maintenance_service (service_manager (add)))
;;* lme
(allow virtualizationservice vfio_handler_service (service_manager (find)))
@@ -31320,7 +31474,7 @@
(allow virtualizationservice self (vsock_socket (read write create getattr setattr lock append map bind listen accept getopt setopt shutdown)))
;;* lmx 91 system/sepolicy/private/virtualizationservice.te
-(neverallow base_typeattr_1028 virtualizationservice (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow base_typeattr_1032 virtualizationservice (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
;;* lme
(allow virtualizationservice property_socket (sock_file (write)))
@@ -31341,24 +31495,24 @@
(allow virtualizationservice vendor_configs_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 120 system/sepolicy/private/virtualizationservice.te
-(neverallow base_typeattr_1029 virtualizationservice_prop (property_service (set)))
+(neverallow base_typeattr_1033 virtualizationservice_prop (property_service (set)))
;;* lme
;;* lmx 127 system/sepolicy/private/virtualizationservice.te
-(neverallow base_typeattr_1030 virtualizationservice_data_file (file (create open)))
+(neverallow base_typeattr_1034 virtualizationservice_data_file (file (create open)))
;;* lme
;;* lmx 135 system/sepolicy/private/virtualizationservice.te
-(neverallow virtualizationservice base_typeattr_1031 (process (setrlimit)))
+(neverallow virtualizationservice base_typeattr_1035 (process (setrlimit)))
;;* lme
(allow virtualizationservice tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
(allow virtualizationservice vmnic (fd (use)))
;;* lmx 143 system/sepolicy/private/virtualizationservice.te
-(neverallow base_typeattr_1032 vfio_handler (binder (call)))
+(neverallow base_typeattr_1036 vfio_handler (binder (call)))
;;* lme
(typetransition vmlauncher_app tmpfs file appdomain_tmpfs)
@@ -31366,23 +31520,23 @@
(dontaudit su vmlauncher_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
-(neverallow base_typeattr_1033 vmlauncher_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1037 vmlauncher_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow vmlauncher_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
-(neverallow base_typeattr_1034 base_typeattr_1033 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1038 base_typeattr_1037 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
-(neverallow base_typeattr_1035 vmlauncher_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1039 vmlauncher_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
-(neverallow base_typeattr_1036 vmlauncher_app (process (ptrace)))
+(neverallow base_typeattr_1040 vmlauncher_app (process (ptrace)))
;;* lme
(allow vmlauncher_app app_api_service (service_manager (find)))
@@ -31431,7 +31585,7 @@
(allow vmnic vmnic_service (service_manager (add find)))
;;* lmx 1 system/sepolicy/private/vmnic.te
-(neverallow base_typeattr_1037 vmnic_service (service_manager (add)))
+(neverallow base_typeattr_1041 vmnic_service (service_manager (add)))
;;* lme
(allow vmnic servicemanager (binder (call transfer)))
@@ -31445,7 +31599,7 @@
(allowx vmnic self (ioctl udp_socket (0x8914)))
;;* lmx 1 system/sepolicy/private/vmnic.te
-(neverallow base_typeattr_1038 vmnic (binder (call)))
+(neverallow base_typeattr_1042 vmnic (binder (call)))
;;* lme
(allow init vold_exec (file (read getattr map execute open)))
@@ -31556,9 +31710,9 @@
(allow vold cache_file (dir (ioctl read getattr lock open watch watch_reads search)))
(allow vold cache_file (file (read getattr)))
(allow vold cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow vold base_typeattr_1039 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow vold base_typeattr_1039 (file (ioctl read getattr lock map open watch watch_reads)))
-(allow vold base_typeattr_1039 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow vold base_typeattr_1043 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow vold base_typeattr_1043 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow vold base_typeattr_1043 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
(allow vold sysfs (file (write lock append map open)))
(allow vold sysfs_devices_block (file (write lock append map open)))
(allow vold sysfs_dm (file (write lock append map open)))
@@ -31691,13 +31845,13 @@
(allow vold vold_service (service_manager (add find)))
;;* lmx 296 system/sepolicy/private/vold.te
-(neverallow base_typeattr_296 vold_service (service_manager (add)))
+(neverallow base_typeattr_299 vold_service (service_manager (add)))
;;* lme
(allow vold fwk_vold_service (service_manager (add find)))
;;* lmx 297 system/sepolicy/private/vold.te
-(neverallow base_typeattr_296 fwk_vold_service (service_manager (add)))
+(neverallow base_typeattr_299 fwk_vold_service (service_manager (add)))
;;* lme
(allow vold system_server (binder (call transfer)))
@@ -31745,77 +31899,77 @@
(allow vold vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 388 system/sepolicy/private/vold.te
-(neverallow base_typeattr_1040 vold_service (service_manager (find)))
+(neverallow base_typeattr_1044 vold_service (service_manager (find)))
;;* lme
;;* lmx 405 system/sepolicy/private/vold.te
-(neverallow base_typeattr_296 system_userdir_file (dir (write add_name remove_name)))
-(neverallow base_typeattr_296 vendor_userdir_file (dir (write add_name remove_name)))
-(neverallow base_typeattr_296 media_userdir_file (dir (write add_name remove_name)))
+(neverallow base_typeattr_299 system_userdir_file (dir (write add_name remove_name)))
+(neverallow base_typeattr_299 vendor_userdir_file (dir (write add_name remove_name)))
+(neverallow base_typeattr_299 media_userdir_file (dir (write add_name remove_name)))
;;* lme
;;* lmx 414 system/sepolicy/private/vold.te
-(neverallowx base_typeattr_439 data_file_type (ioctl dir (0x6613)))
+(neverallowx base_typeattr_442 data_file_type (ioctl dir (0x6613)))
;;* lme
;;* lmx 420 system/sepolicy/private/vold.te
-(neverallowx base_typeattr_296 data_file_type (ioctl dir ((range 0x6617 0x6618) 0x661a)))
+(neverallowx base_typeattr_299 data_file_type (ioctl dir ((range 0x6617 0x6618) 0x661a)))
;;* lme
;;* lmx 426 system/sepolicy/private/vold.te
-(neverallow base_typeattr_1041 vold_data_file (dir (write lock append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_1045 vold_data_file (dir (write lock append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
;;* lme
;;* lmx 433 system/sepolicy/private/vold.te
-(neverallow base_typeattr_1042 vold_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_1046 vold_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 439 system/sepolicy/private/vold.te
-(neverallow base_typeattr_510 vold_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_514 vold_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
;;* lme
;;* lmx 446 system/sepolicy/private/vold.te
-(neverallow base_typeattr_1043 vold_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1043 vold_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1043 vold_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1043 vold_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1047 vold_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1047 vold_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1047 vold_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1047 vold_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 453 system/sepolicy/private/vold.te
-(neverallow base_typeattr_1042 vold_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1042 vold_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1042 vold_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1042 vold_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1046 vold_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1046 vold_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1046 vold_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1046 vold_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 461 system/sepolicy/private/vold.te
-(neverallow base_typeattr_1044 vold_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1044 vold_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1044 vold_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1044 vold_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1044 vold_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1044 vold_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1044 vold_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1044 vold_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1048 vold_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1048 vold_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 463 system/sepolicy/private/vold.te
-(neverallow base_typeattr_510 restorecon_prop (property_service (set)))
+(neverallow base_typeattr_514 restorecon_prop (property_service (set)))
;;* lme
;;* lmx 476 system/sepolicy/private/vold.te
-(neverallow vold base_typeattr_1045 (binder (call)))
+(neverallow vold base_typeattr_1049 (binder (call)))
;;* lme
;;* lmx 478 system/sepolicy/private/vold.te
@@ -31825,17 +31979,17 @@
;;* lmx 479 system/sepolicy/private/vold.te
-(neverallow base_typeattr_235 vold (process (transition dyntransition)))
+(neverallow base_typeattr_238 vold (process (transition dyntransition)))
;;* lme
;;* lmx 480 system/sepolicy/private/vold.te
-(neverallow vold base_typeattr_236 (process (ptrace)))
+(neverallow vold base_typeattr_239 (process (ptrace)))
;;* lme
;;* lmx 481 system/sepolicy/private/vold.te
-(neverallow vold base_typeattr_236 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow vold base_typeattr_239 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
;;* lme
(allow vold vold_prepare_subdirs_exec (file (read getattr map execute open)))
@@ -31904,23 +32058,23 @@
(dontaudit su vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
-(neverallow base_typeattr_1046 vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1050 vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow vzwomatrigger_app appdomain_tmpfs (file (read write getattr map execute)))
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
-(neverallow base_typeattr_1047 base_typeattr_1046 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1051 base_typeattr_1050 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
-(neverallow base_typeattr_1048 vzwomatrigger_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1052 vzwomatrigger_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
-(neverallow base_typeattr_1049 vzwomatrigger_app (process (ptrace)))
+(neverallow base_typeattr_1053 vzwomatrigger_app (process (ptrace)))
;;* lme
(allow init watchdogd_exec (file (read getattr map execute open)))
@@ -31937,7 +32091,7 @@
(dontaudit su webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 13 system/sepolicy/private/webview_zygote.te
-(neverallow base_typeattr_1050 webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1054 webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow webview_zygote apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -31993,22 +32147,22 @@
(allow webview_zygote resourcecache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
;;* lmx 105 system/sepolicy/private/webview_zygote.te
-(neverallow webview_zygote base_typeattr_284 (process (dyntransition)))
+(neverallow webview_zygote base_typeattr_287 (process (dyntransition)))
;;* lme
;;* lmx 108 system/sepolicy/private/webview_zygote.te
-(neverallow webview_zygote base_typeattr_285 (process (transition)))
+(neverallow webview_zygote base_typeattr_288 (process (transition)))
;;* lme
;;* lmx 112 system/sepolicy/private/webview_zygote.te
-(neverallow webview_zygote base_typeattr_236 (file (execute_no_trans)))
+(neverallow webview_zygote base_typeattr_239 (file (execute_no_trans)))
;;* lme
;;* lmx 116 system/sepolicy/private/webview_zygote.te
-(neverallow base_typeattr_286 webview_zygote (process (dyntransition)))
+(neverallow base_typeattr_289 webview_zygote (process (dyntransition)))
;;* lme
;;* lmx 119 system/sepolicy/private/webview_zygote.te
@@ -32028,7 +32182,7 @@
;;* lmx 129 system/sepolicy/private/webview_zygote.te
-(neverallow webview_zygote base_typeattr_287 (service_manager (find)))
+(neverallow webview_zygote base_typeattr_290 (service_manager (find)))
;;* lme
;;* lmx 132 system/sepolicy/private/webview_zygote.te
@@ -32123,11 +32277,11 @@
(allow wifi_mainline_supplicant wifi_mainline_supplicant_service (service_manager (add find)))
;;* lmx 6 system/sepolicy/private/wifi_mainline_supplicant.te
-(neverallow base_typeattr_1051 wifi_mainline_supplicant_service (service_manager (add)))
+(neverallow base_typeattr_1055 wifi_mainline_supplicant_service (service_manager (add)))
;;* lme
-(allow wifi_mainline_supplicant self (capability (setgid setuid net_admin net_raw)))
-(allow wifi_mainline_supplicant self (cap_userns (setgid setuid net_admin net_raw)))
+(allow wifi_mainline_supplicant self (capability (net_admin net_raw)))
+(allow wifi_mainline_supplicant self (cap_userns (net_admin net_raw)))
(allow wifi_mainline_supplicant proc_net (file (ioctl read write getattr lock append map open watch watch_reads)))
(allow wifi_mainline_supplicant sysfs_net (dir (search)))
(allow wifi_mainline_supplicant wifi_data_file (dir (getattr search)))
@@ -32177,7 +32331,7 @@
(allow wificond wifinl80211_service (service_manager (add find)))
;;* lmx 17 system/sepolicy/private/wificond.te
-(neverallow base_typeattr_1052 wifinl80211_service (service_manager (add)))
+(neverallow base_typeattr_1056 wifinl80211_service (service_manager (add)))
;;* lme
(allow wificond self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -32198,7 +32352,7 @@
(allow wificond hidl_base_hwservice (hwservice_manager (add)))
;;* lmx 42 system/sepolicy/private/wificond.te
-(neverallow base_typeattr_1052 system_wifi_keystore_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_1056 system_wifi_keystore_hwservice (hwservice_manager (add)))
;;* lme
(allow wificond keystore_service (service_manager (find)))
@@ -32227,7 +32381,7 @@
(dontaudit su zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lmx 27 system/sepolicy/private/zygote.te
-(neverallow base_typeattr_286 zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_289 zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
;;* lme
(allow zygote system_server (process (getpgid setpgid)))
@@ -32352,12 +32506,12 @@
(allow zygote system_font_fallback_file (file (ioctl read getattr lock map open watch watch_reads)))
;;* lmx 289 system/sepolicy/private/zygote.te
-(neverallow zygote base_typeattr_1053 (process (dyntransition)))
+(neverallow zygote base_typeattr_1057 (process (dyntransition)))
;;* lme
;;* lmx 298 system/sepolicy/private/zygote.te
-(neverallow zygote base_typeattr_1054 (file (execute execute_no_trans)))
+(neverallow zygote base_typeattr_1058 (file (execute execute_no_trans)))
;;* lme
;;* lmx 306 system/sepolicy/private/zygote.te
@@ -32410,6 +32564,7 @@
(typetransition mediaprovider mediaprovider anon_inode "[userfaultfd]" mediaprovider_userfaultfd)
(typetransition isolated_compute_app isolated_compute_app anon_inode "[userfaultfd]" isolated_compute_app_userfaultfd)
(typetransition isolated_app isolated_app anon_inode "[userfaultfd]" isolated_app_userfaultfd)
+(typetransition incidentd incidentd anon_inode "[userfaultfd]" incidentd_userfaultfd)
(typetransition gmscore_app gmscore_app anon_inode "[userfaultfd]" gmscore_app_userfaultfd)
(typetransition fastbootd fastbootd anon_inode "[io_uring]" fastbootd_iouring)
(typetransition ephemeral_app ephemeral_app anon_inode "[userfaultfd]" ephemeral_app_userfaultfd)
@@ -32419,1940 +32574,1948 @@
(typetransition bluetooth bluetooth anon_inode "[userfaultfd]" bluetooth_userfaultfd)
(typetransition artd artd anon_inode "[userfaultfd]" artd_userfaultfd)
(typetransition app_zygote app_zygote anon_inode "[userfaultfd]" app_zygote_userfaultfd)
+(typeattribute base_typeattr_1058)
+(typeattributeset base_typeattr_1058 (and (data_file_type ) (not (dalvikcache_data_file apex_art_data_file ))))
+(typeattribute base_typeattr_1057)
+(typeattributeset base_typeattr_1057 (not (appdomain app_zygote webview_zygote system_server_startup ) ))
+(typeattribute base_typeattr_1056)
+(typeattributeset base_typeattr_1056 (and (domain ) (not (wificond ))))
+(typeattribute base_typeattr_1055)
+(typeattributeset base_typeattr_1055 (and (domain ) (not (wifi_mainline_supplicant ))))
(typeattribute base_typeattr_1054)
-(typeattributeset base_typeattr_1054 (and (data_file_type ) (not (dalvikcache_data_file apex_art_data_file ))))
+(typeattributeset base_typeattr_1054 (and (domain ) (not (webview_zygote ))))
(typeattribute base_typeattr_1053)
-(typeattributeset base_typeattr_1053 (not (appdomain app_zygote webview_zygote system_server_startup ) ))
+(typeattributeset base_typeattr_1053 (and (domain ) (not (crash_dump runas_app simpleperf vzwomatrigger_app ))))
(typeattribute base_typeattr_1052)
-(typeattributeset base_typeattr_1052 (and (domain ) (not (wificond ))))
+(typeattributeset base_typeattr_1052 (and (appdomain ) (not (runas_app shell simpleperf vzwomatrigger_app ))))
(typeattribute base_typeattr_1051)
-(typeattributeset base_typeattr_1051 (and (domain ) (not (wifi_mainline_supplicant ))))
+(typeattributeset base_typeattr_1051 (and (vzwomatrigger_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_1050)
-(typeattributeset base_typeattr_1050 (and (domain ) (not (webview_zygote ))))
+(typeattributeset base_typeattr_1050 (and (domain ) (not (vzwomatrigger_app ))))
(typeattribute base_typeattr_1049)
-(typeattributeset base_typeattr_1049 (and (domain ) (not (crash_dump runas_app simpleperf vzwomatrigger_app ))))
+(typeattributeset base_typeattr_1049 (and (domain ) (not (hal_bootctl_server hal_health_storage_server hal_keymaster_server system_suspend_server hwservicemanager keystore servicemanager system_server ))))
(typeattribute base_typeattr_1048)
-(typeattributeset base_typeattr_1048 (and (appdomain ) (not (runas_app shell simpleperf vzwomatrigger_app ))))
+(typeattributeset base_typeattr_1048 (and (domain ) (not (init kernel vold vold_prepare_subdirs ))))
(typeattribute base_typeattr_1047)
-(typeattributeset base_typeattr_1047 (and (vzwomatrigger_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1047 (and (domain ) (not (kernel vold vold_prepare_subdirs ))))
(typeattribute base_typeattr_1046)
-(typeattributeset base_typeattr_1046 (and (domain ) (not (vzwomatrigger_app ))))
+(typeattributeset base_typeattr_1046 (and (domain ) (not (init vold vold_prepare_subdirs ))))
(typeattribute base_typeattr_1045)
-(typeattributeset base_typeattr_1045 (and (domain ) (not (hal_bootctl_server hal_health_storage_server hal_keymaster_server system_suspend_server hwservicemanager keystore servicemanager system_server ))))
+(typeattributeset base_typeattr_1045 (and (domain ) (not (vold vold_prepare_subdirs ))))
(typeattribute base_typeattr_1044)
-(typeattributeset base_typeattr_1044 (and (domain ) (not (init kernel vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1044 (and (domain ) (not (apexd system_server update_verifier vdc vold gsid ))))
(typeattribute base_typeattr_1043)
-(typeattributeset base_typeattr_1043 (and (domain ) (not (kernel vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1043 (and (sysfs_type ) (not (sysfs_batteryinfo ))))
(typeattribute base_typeattr_1042)
-(typeattributeset base_typeattr_1042 (and (domain ) (not (init vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1042 (and (domain ) (not (servicemanager virtualizationservice ))))
(typeattribute base_typeattr_1041)
-(typeattributeset base_typeattr_1041 (and (domain ) (not (vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1041 (and (domain ) (not (vmnic ))))
(typeattribute base_typeattr_1040)
-(typeattributeset base_typeattr_1040 (and (domain ) (not (apexd system_server update_verifier vdc vold gsid ))))
+(typeattributeset base_typeattr_1040 (and (domain ) (not (crash_dump runas_app simpleperf vmlauncher_app ))))
(typeattribute base_typeattr_1039)
-(typeattributeset base_typeattr_1039 (and (sysfs_type ) (not (sysfs_batteryinfo ))))
+(typeattributeset base_typeattr_1039 (and (appdomain ) (not (runas_app shell simpleperf vmlauncher_app ))))
(typeattribute base_typeattr_1038)
-(typeattributeset base_typeattr_1038 (and (domain ) (not (servicemanager virtualizationservice ))))
+(typeattributeset base_typeattr_1038 (and (vmlauncher_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_1037)
-(typeattributeset base_typeattr_1037 (and (domain ) (not (vmnic ))))
+(typeattributeset base_typeattr_1037 (and (domain ) (not (vmlauncher_app ))))
(typeattribute base_typeattr_1036)
-(typeattributeset base_typeattr_1036 (and (domain ) (not (crash_dump runas_app simpleperf vmlauncher_app ))))
+(typeattributeset base_typeattr_1036 (and (domain ) (not (servicemanager virtualizationmanager virtualizationservice ))))
(typeattribute base_typeattr_1035)
-(typeattributeset base_typeattr_1035 (and (appdomain ) (not (runas_app shell simpleperf vmlauncher_app ))))
+(typeattributeset base_typeattr_1035 (and (domain ) (not (crosvm virtualizationmanager virtualizationservice ))))
(typeattribute base_typeattr_1034)
-(typeattributeset base_typeattr_1034 (and (vmlauncher_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1034 (and (domain ) (not (init virtualizationmanager virtualizationservice ))))
(typeattribute base_typeattr_1033)
-(typeattributeset base_typeattr_1033 (and (domain ) (not (vmlauncher_app ))))
+(typeattributeset base_typeattr_1033 (and (domain ) (not (init virtualizationservice ))))
(typeattribute base_typeattr_1032)
-(typeattributeset base_typeattr_1032 (and (domain ) (not (servicemanager virtualizationmanager virtualizationservice ))))
+(typeattributeset base_typeattr_1032 (and (domain ) (not (dumpstate virtualizationservice ))))
(typeattribute base_typeattr_1031)
-(typeattributeset base_typeattr_1031 (and (domain ) (not (crosvm virtualizationmanager virtualizationservice ))))
+(typeattributeset base_typeattr_1031 (and (domain ) (not (virtualizationservice ))))
(typeattribute base_typeattr_1030)
-(typeattributeset base_typeattr_1030 (and (domain ) (not (init virtualizationmanager virtualizationservice ))))
+(typeattributeset base_typeattr_1030 (and (domain ) (not (dumpstate early_virtmgr init ))))
(typeattribute base_typeattr_1029)
-(typeattributeset base_typeattr_1029 (and (domain ) (not (init virtualizationservice ))))
+(typeattributeset base_typeattr_1029 (and (domain ) (not (virtualizationmanager ))))
(typeattribute base_typeattr_1028)
-(typeattributeset base_typeattr_1028 (and (domain ) (not (dumpstate virtualizationservice ))))
+(typeattributeset base_typeattr_1028 (and (domain ) (not (virtual_touchpad ))))
(typeattribute base_typeattr_1027)
-(typeattributeset base_typeattr_1027 (and (domain ) (not (virtualizationservice ))))
+(typeattributeset base_typeattr_1027 (and (domain ) (not (virtual_camera ))))
(typeattribute base_typeattr_1026)
-(typeattributeset base_typeattr_1026 (and (domain ) (not (dumpstate early_virtmgr init ))))
+(typeattributeset base_typeattr_1026 (and (domain ) (not (vfio_handler ))))
(typeattribute base_typeattr_1025)
-(typeattributeset base_typeattr_1025 (and (domain ) (not (virtualizationmanager ))))
+(typeattributeset base_typeattr_1025 (and (coredomain ) (not (init modprobe ))))
(typeattribute base_typeattr_1024)
-(typeattributeset base_typeattr_1024 (and (domain ) (not (virtual_touchpad ))))
+(typeattributeset base_typeattr_1024 (and (domain ) (not (init logd prng_seeder su vendor_init ))))
(typeattribute base_typeattr_1023)
-(typeattributeset base_typeattr_1023 (and (domain ) (not (virtual_camera ))))
+(typeattributeset base_typeattr_1023 (and (sysfs_type ) (not (sysfs_usermodehelper ))))
(typeattribute base_typeattr_1022)
-(typeattributeset base_typeattr_1022 (and (domain ) (not (vfio_handler ))))
+(typeattributeset base_typeattr_1022 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
(typeattribute base_typeattr_1021)
-(typeattributeset base_typeattr_1021 (and (coredomain ) (not (init modprobe ))))
+(typeattributeset base_typeattr_1021 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type debugfs_type sdcard_type keychord_device rootfs proc_kallsyms proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
(typeattribute base_typeattr_1020)
-(typeattributeset base_typeattr_1020 (and (domain ) (not (init logd prng_seeder su vendor_init ))))
+(typeattributeset base_typeattr_1020 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
(typeattribute base_typeattr_1019)
-(typeattributeset base_typeattr_1019 (and (sysfs_type ) (not (sysfs_usermodehelper ))))
+(typeattributeset base_typeattr_1019 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file apex_mnt_dir ))))
(typeattribute base_typeattr_1018)
-(typeattributeset base_typeattr_1018 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
+(typeattributeset base_typeattr_1018 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file ))))
(typeattribute base_typeattr_1017)
-(typeattributeset base_typeattr_1017 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type debugfs_type sdcard_type keychord_device rootfs proc_kallsyms proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
+(typeattributeset base_typeattr_1017 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type gsi_metadata_file_type proc_kallsyms unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file runtime_event_log_tags_file apex_info_file tradeinmode_metadata_file ))))
(typeattribute base_typeattr_1016)
-(typeattributeset base_typeattr_1016 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
+(typeattributeset base_typeattr_1016 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
(typeattribute base_typeattr_1015)
-(typeattributeset base_typeattr_1015 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file apex_mnt_dir ))))
+(typeattributeset base_typeattr_1015 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device lowpan_device ))))
(typeattribute base_typeattr_1014)
-(typeattributeset base_typeattr_1014 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file ))))
+(typeattributeset base_typeattr_1014 (and (domain ) (not (update_engine ))))
(typeattribute base_typeattr_1013)
-(typeattributeset base_typeattr_1013 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type gsi_metadata_file_type proc_kallsyms unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file runtime_event_log_tags_file apex_info_file tradeinmode_metadata_file ))))
+(typeattributeset base_typeattr_1013 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_32 ))))
(typeattribute base_typeattr_1012)
-(typeattributeset base_typeattr_1012 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
+(typeattributeset base_typeattr_1012 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_32 ))))
(typeattribute base_typeattr_1011)
-(typeattributeset base_typeattr_1011 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device lowpan_device ))))
+(typeattributeset base_typeattr_1011 (and (untrusted_app_32 ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_1010)
-(typeattributeset base_typeattr_1010 (and (domain ) (not (update_engine ))))
+(typeattributeset base_typeattr_1010 (and (domain ) (not (untrusted_app_32 ))))
(typeattribute base_typeattr_1009)
-(typeattributeset base_typeattr_1009 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_32 ))))
+(typeattributeset base_typeattr_1009 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_30 ))))
(typeattribute base_typeattr_1008)
-(typeattributeset base_typeattr_1008 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_32 ))))
+(typeattributeset base_typeattr_1008 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_30 ))))
(typeattribute base_typeattr_1007)
-(typeattributeset base_typeattr_1007 (and (untrusted_app_32 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1007 (and (untrusted_app_30 ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_1006)
-(typeattributeset base_typeattr_1006 (and (domain ) (not (untrusted_app_32 ))))
+(typeattributeset base_typeattr_1006 (and (domain ) (not (untrusted_app_30 ))))
(typeattribute base_typeattr_1005)
-(typeattributeset base_typeattr_1005 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_30 ))))
+(typeattributeset base_typeattr_1005 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_29 ))))
(typeattribute base_typeattr_1004)
-(typeattributeset base_typeattr_1004 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_30 ))))
+(typeattributeset base_typeattr_1004 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_29 ))))
(typeattribute base_typeattr_1003)
-(typeattributeset base_typeattr_1003 (and (untrusted_app_30 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1003 (and (untrusted_app_29 ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_1002)
-(typeattributeset base_typeattr_1002 (and (domain ) (not (untrusted_app_30 ))))
+(typeattributeset base_typeattr_1002 (and (domain ) (not (untrusted_app_29 ))))
(typeattribute base_typeattr_1001)
-(typeattributeset base_typeattr_1001 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_29 ))))
+(typeattributeset base_typeattr_1001 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_27 ))))
(typeattribute base_typeattr_1000)
-(typeattributeset base_typeattr_1000 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_29 ))))
+(typeattributeset base_typeattr_1000 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_27 ))))
(typeattribute base_typeattr_999)
-(typeattributeset base_typeattr_999 (and (untrusted_app_29 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_999 (and (untrusted_app_27 ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_998)
-(typeattributeset base_typeattr_998 (and (domain ) (not (untrusted_app_29 ))))
+(typeattributeset base_typeattr_998 (and (domain ) (not (untrusted_app_27 ))))
(typeattribute base_typeattr_997)
-(typeattributeset base_typeattr_997 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_27 ))))
+(typeattributeset base_typeattr_997 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_25 ))))
(typeattribute base_typeattr_996)
-(typeattributeset base_typeattr_996 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_27 ))))
+(typeattributeset base_typeattr_996 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_25 ))))
(typeattribute base_typeattr_995)
-(typeattributeset base_typeattr_995 (and (untrusted_app_27 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_995 (and (untrusted_app_25 ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_994)
-(typeattributeset base_typeattr_994 (and (domain ) (not (untrusted_app_27 ))))
+(typeattributeset base_typeattr_994 (and (domain ) (not (untrusted_app_25 ))))
(typeattribute base_typeattr_993)
-(typeattributeset base_typeattr_993 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_25 ))))
+(typeattributeset base_typeattr_993 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app ))))
(typeattribute base_typeattr_992)
-(typeattributeset base_typeattr_992 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_25 ))))
+(typeattributeset base_typeattr_992 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app ))))
(typeattribute base_typeattr_991)
-(typeattributeset base_typeattr_991 (and (untrusted_app_25 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_991 (and (untrusted_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_990)
-(typeattributeset base_typeattr_990 (and (domain ) (not (untrusted_app_25 ))))
+(typeattributeset base_typeattr_990 (and (domain ) (not (untrusted_app ))))
(typeattribute base_typeattr_989)
-(typeattributeset base_typeattr_989 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app ))))
+(typeattributeset base_typeattr_989 (and (vendor_file_type ) (not (vendor_app_file vendor_overlay_file ))))
(typeattribute base_typeattr_988)
-(typeattributeset base_typeattr_988 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app ))))
+(typeattributeset base_typeattr_988 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service lpdump_service mdns_service netd_service virtual_touchpad_service vold_service ))))
(typeattribute base_typeattr_987)
-(typeattributeset base_typeattr_987 (and (untrusted_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_987 (and (domain ) (not (crash_dump runas_app simpleperf traceur_app ))))
(typeattribute base_typeattr_986)
-(typeattributeset base_typeattr_986 (and (domain ) (not (untrusted_app ))))
+(typeattributeset base_typeattr_986 (and (appdomain ) (not (runas_app shell simpleperf traceur_app ))))
(typeattribute base_typeattr_985)
-(typeattributeset base_typeattr_985 (and (vendor_file_type ) (not (vendor_app_file vendor_overlay_file ))))
+(typeattributeset base_typeattr_985 (and (traceur_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_984)
-(typeattributeset base_typeattr_984 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service lpdump_service mdns_service netd_service virtual_touchpad_service vold_service ))))
+(typeattributeset base_typeattr_984 (and (domain ) (not (traceur_app ))))
(typeattribute base_typeattr_983)
-(typeattributeset base_typeattr_983 (and (domain ) (not (crash_dump runas_app simpleperf traceur_app ))))
+(typeattributeset base_typeattr_983 (and (data_file_type ) (not (packages_list_file game_mode_intervention_list_file ))))
(typeattribute base_typeattr_982)
-(typeattributeset base_typeattr_982 (and (appdomain ) (not (runas_app shell simpleperf traceur_app ))))
+(typeattributeset base_typeattr_982 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file apk_data_file dalvikcache_data_file user_profile_root_file user_profile_data_file apex_module_data_file bootstat_data_file media_userdir_file update_engine_data_file update_engine_log_data_file system_app_data_file backup_data_file apex_art_data_file ))))
(typeattribute base_typeattr_981)
-(typeattributeset base_typeattr_981 (and (traceur_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_981 (and (domain ) (not (dumpstate perfetto platform_app shell system_server traced traceur_app ))))
(typeattribute base_typeattr_980)
-(typeattributeset base_typeattr_980 (and (domain ) (not (traceur_app ))))
+(typeattributeset base_typeattr_980 (and (data_file_type ) (not (trace_data_file perfetto_traces_data_file ))))
(typeattribute base_typeattr_979)
-(typeattributeset base_typeattr_979 (and (data_file_type ) (not (packages_list_file game_mode_intervention_list_file ))))
+(typeattributeset base_typeattr_979 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file ))))
(typeattribute base_typeattr_978)
-(typeattributeset base_typeattr_978 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file apk_data_file dalvikcache_data_file user_profile_root_file user_profile_data_file apex_module_data_file bootstat_data_file media_userdir_file update_engine_data_file update_engine_log_data_file system_app_data_file backup_data_file apex_art_data_file ))))
+(typeattributeset base_typeattr_978 (and (fs_type file_type ) (not (toolbox_exec ))))
(typeattribute base_typeattr_977)
-(typeattributeset base_typeattr_977 (and (domain ) (not (dumpstate perfetto platform_app shell system_server traced traceur_app ))))
+(typeattributeset base_typeattr_977 (and (domain ) (not (dumpstate init tombstoned vendor_init ))))
(typeattribute base_typeattr_976)
-(typeattributeset base_typeattr_976 (and (data_file_type ) (not (trace_data_file perfetto_traces_data_file ))))
+(typeattributeset base_typeattr_976 (and (domain ) (not (system_suspend_server ))))
(typeattribute base_typeattr_975)
-(typeattributeset base_typeattr_975 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file ))))
+(typeattributeset base_typeattr_975 (and (domain ) (not (system_suspend_internal_server atrace dumpstate system_server traced_probes traceur_app ))))
(typeattribute base_typeattr_974)
-(typeattributeset base_typeattr_974 (and (fs_type file_type ) (not (toolbox_exec ))))
+(typeattributeset base_typeattr_974 (and (domain ) (not (system_suspend_internal_server ))))
(typeattribute base_typeattr_973)
-(typeattributeset base_typeattr_973 (and (domain ) (not (dumpstate init tombstoned vendor_init ))))
+(typeattributeset base_typeattr_973 (and (domain ) (not (atrace bluetooth dumpstate system_server traceur_app system_suspend ))))
(typeattribute base_typeattr_972)
-(typeattributeset base_typeattr_972 (and (domain ) (not (system_suspend_server ))))
+(typeattributeset base_typeattr_972 (and (domain ) (not (system_suspend ))))
(typeattribute base_typeattr_971)
-(typeattributeset base_typeattr_971 (and (domain ) (not (system_suspend_internal_server atrace dumpstate system_server traced_probes traceur_app ))))
+(typeattributeset base_typeattr_971 (and (domain ) (not (init shell system_server vendor_init ))))
(typeattribute base_typeattr_970)
-(typeattributeset base_typeattr_970 (and (domain ) (not (system_suspend_internal_server ))))
+(typeattributeset base_typeattr_970 (and (domain ) (not (init system_server ueventd vendor_init ))))
(typeattribute base_typeattr_969)
-(typeattributeset base_typeattr_969 (and (domain ) (not (atrace bluetooth dumpstate system_server traceur_app system_suspend ))))
+(typeattributeset base_typeattr_969 (and (dev_type ) (not (vd_device frp_block_device ))))
(typeattribute base_typeattr_968)
-(typeattributeset base_typeattr_968 (and (domain ) (not (system_suspend ))))
+(typeattributeset base_typeattr_968 (and (dev_type ) (not (frp_block_device ))))
(typeattribute base_typeattr_967)
-(typeattributeset base_typeattr_967 (and (domain ) (not (init shell system_server vendor_init ))))
+(typeattributeset base_typeattr_967 (and (domain ) (not (flags_health_check init system_server ))))
(typeattribute base_typeattr_966)
-(typeattributeset base_typeattr_966 (and (domain ) (not (init system_server ueventd vendor_init ))))
+(typeattributeset base_typeattr_966 (and (domain ) (not (app_zygote init system_server webview_zygote zygote ))))
(typeattribute base_typeattr_965)
-(typeattributeset base_typeattr_965 (and (dev_type ) (not (vd_device frp_block_device ))))
+(typeattributeset base_typeattr_965 (and (domain ) (not (crash_dump init system_server ))))
(typeattribute base_typeattr_964)
-(typeattributeset base_typeattr_964 (and (dev_type ) (not (frp_block_device ))))
+(typeattributeset base_typeattr_964 (and (domain ) (not (crash_dump perfetto clatd trace_redactor ))))
(typeattribute base_typeattr_963)
-(typeattributeset base_typeattr_963 (and (domain ) (not (flags_health_check init system_server ))))
+(typeattributeset base_typeattr_963 (and (file_type ) (not (logcat_exec toolbox_exec pbtombstone_exec ))))
(typeattribute base_typeattr_962)
-(typeattributeset base_typeattr_962 (and (domain ) (not (app_zygote init system_server webview_zygote zygote ))))
+(typeattributeset base_typeattr_962 (and (app_data_file_type ) (not (radio_data_file system_app_data_file ))))
(typeattribute base_typeattr_961)
-(typeattributeset base_typeattr_961 (and (domain ) (not (crash_dump init system_server ))))
+(typeattributeset base_typeattr_961 (and (domain ) (not (init system_app ))))
(typeattribute base_typeattr_960)
-(typeattributeset base_typeattr_960 (and (domain ) (not (crash_dump perfetto clatd trace_redactor ))))
+(typeattributeset base_typeattr_960 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service installd_service lpdump_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtual_touchpad_service vold_service tracingproxy_service ))))
(typeattribute base_typeattr_959)
-(typeattributeset base_typeattr_959 (and (file_type ) (not (logcat_exec toolbox_exec ))))
+(typeattributeset base_typeattr_959 (and (domain ) (not (crash_dump runas_app simpleperf system_app ))))
(typeattribute base_typeattr_958)
-(typeattributeset base_typeattr_958 (and (app_data_file_type ) (not (radio_data_file system_app_data_file ))))
+(typeattributeset base_typeattr_958 (and (appdomain ) (not (runas_app shell simpleperf system_app ))))
(typeattribute base_typeattr_957)
-(typeattributeset base_typeattr_957 (and (domain ) (not (init system_app ))))
+(typeattributeset base_typeattr_957 (and (system_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_956)
-(typeattributeset base_typeattr_956 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service installd_service lpdump_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtual_touchpad_service vold_service tracingproxy_service ))))
+(typeattributeset base_typeattr_956 (and (domain ) (not (system_app ))))
(typeattribute base_typeattr_955)
-(typeattributeset base_typeattr_955 (and (domain ) (not (crash_dump runas_app simpleperf system_app ))))
+(typeattributeset base_typeattr_955 (and (domain ) (not (surfaceflinger ))))
(typeattribute base_typeattr_954)
-(typeattributeset base_typeattr_954 (and (appdomain ) (not (runas_app shell simpleperf system_app ))))
+(typeattributeset base_typeattr_954 (and (domain ) (not (storaged ))))
(typeattribute base_typeattr_953)
-(typeattributeset base_typeattr_953 (and (system_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_953 (and (domain ) (not (init statsd system_server vold ))))
(typeattribute base_typeattr_952)
-(typeattributeset base_typeattr_952 (and (domain ) (not (system_app ))))
+(typeattributeset base_typeattr_952 (and (domain ) (not (init statsd vold ))))
(typeattribute base_typeattr_951)
-(typeattributeset base_typeattr_951 (and (domain ) (not (surfaceflinger ))))
+(typeattributeset base_typeattr_951 (and (domain ) (not (stats_service_server ))))
(typeattribute base_typeattr_950)
-(typeattributeset base_typeattr_950 (and (domain ) (not (storaged ))))
+(typeattributeset base_typeattr_950 (and (domain ) (not (statsd ))))
(typeattribute base_typeattr_949)
-(typeattributeset base_typeattr_949 (and (domain ) (not (init statsd system_server vold ))))
+(typeattributeset base_typeattr_949 (and (domain ) (not (fastbootd init recovery shell update_engine snapshotctl ))))
(typeattribute base_typeattr_948)
-(typeattributeset base_typeattr_948 (and (domain ) (not (init statsd vold ))))
+(typeattributeset base_typeattr_948 (and (domain ) (not (snapuserd ))))
(typeattribute base_typeattr_947)
-(typeattributeset base_typeattr_947 (and (domain ) (not (stats_service_server ))))
+(typeattributeset base_typeattr_947 (and (domain ) (not (init snapuserd ))))
(typeattribute base_typeattr_946)
-(typeattributeset base_typeattr_946 (and (domain ) (not (statsd ))))
+(typeattributeset base_typeattr_946 (and (domain ) (not (crash_dump llkd ))))
(typeattribute base_typeattr_945)
-(typeattributeset base_typeattr_945 (and (domain ) (not (fastbootd init recovery shell update_engine snapshotctl ))))
+(typeattributeset base_typeattr_945 (and (simpleperf ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_944)
-(typeattributeset base_typeattr_944 (and (domain ) (not (snapuserd ))))
+(typeattributeset base_typeattr_944 (and (domain ) (not (simpleperf ))))
(typeattribute base_typeattr_943)
-(typeattributeset base_typeattr_943 (and (domain ) (not (init snapuserd ))))
+(typeattributeset base_typeattr_943 (and (domain ) (not (dumpstate init shell ))))
(typeattribute base_typeattr_942)
-(typeattributeset base_typeattr_942 (and (simpleperf ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_942 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtualization_service virtual_touchpad_service vold_service hal_keymint_service hal_secureclock_service hal_sharedsecret_service ))))
(typeattribute base_typeattr_941)
-(typeattributeset base_typeattr_941 (and (domain ) (not (simpleperf ))))
+(typeattributeset base_typeattr_941 (and (domain ) (not (crash_dump runas_app shell simpleperf ))))
(typeattribute base_typeattr_940)
-(typeattributeset base_typeattr_940 (and (untrusted_app_all ephemeral_app isolated_app platform_app priv_app ) (not (runas_app ))))
+(typeattributeset base_typeattr_940 (and (shell ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_939)
-(typeattributeset base_typeattr_939 (and (domain ) (not (dumpstate init shell ))))
+(typeattributeset base_typeattr_939 (and (domain ) (not (shell ))))
(typeattribute base_typeattr_938)
-(typeattributeset base_typeattr_938 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtualization_service virtual_touchpad_service vold_service hal_keymint_service hal_secureclock_service hal_sharedsecret_service ))))
+(typeattributeset base_typeattr_938 (and (domain ) (not (crash_dump runas_app shared_relro simpleperf ))))
(typeattribute base_typeattr_937)
-(typeattributeset base_typeattr_937 (and (domain ) (not (crash_dump runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_937 (and (appdomain ) (not (runas_app shared_relro shell simpleperf ))))
(typeattribute base_typeattr_936)
-(typeattributeset base_typeattr_936 (and (shell ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_936 (and (shared_relro ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_935)
-(typeattributeset base_typeattr_935 (and (domain ) (not (shell ))))
+(typeattributeset base_typeattr_935 (and (domain ) (not (shared_relro ))))
(typeattribute base_typeattr_934)
-(typeattributeset base_typeattr_934 (and (domain ) (not (crash_dump runas_app shared_relro simpleperf ))))
+(typeattributeset base_typeattr_934 (and (fs_type file_type ) (not (sgdisk_exec ))))
(typeattribute base_typeattr_933)
-(typeattributeset base_typeattr_933 (and (appdomain ) (not (runas_app shared_relro shell simpleperf ))))
+(typeattributeset base_typeattr_933 (and (domain ) (not (servicemanager ))))
(typeattribute base_typeattr_932)
-(typeattributeset base_typeattr_932 (and (shared_relro ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_932 (and (domain ) (not (hwservicemanager init vendor_init vndservicemanager ))))
(typeattribute base_typeattr_931)
-(typeattributeset base_typeattr_931 (and (domain ) (not (shared_relro ))))
+(typeattributeset base_typeattr_931 (not (service_manager_type vndservice_manager_type ) ))
(typeattribute base_typeattr_930)
-(typeattributeset base_typeattr_930 (and (fs_type file_type ) (not (sgdisk_exec ))))
+(typeattributeset base_typeattr_930 (and (domain ) (not (sensor_service_server ))))
(typeattribute base_typeattr_929)
-(typeattributeset base_typeattr_929 (and (domain ) (not (servicemanager ))))
+(typeattributeset base_typeattr_929 (and (domain ) (not (crash_dump runas_app secure_element simpleperf ))))
(typeattribute base_typeattr_928)
-(typeattributeset base_typeattr_928 (and (domain ) (not (hwservicemanager init vendor_init vndservicemanager ))))
+(typeattributeset base_typeattr_928 (and (appdomain ) (not (runas_app secure_element shell simpleperf ))))
(typeattribute base_typeattr_927)
-(typeattributeset base_typeattr_927 (not (service_manager_type vndservice_manager_type ) ))
+(typeattributeset base_typeattr_927 (and (secure_element ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_926)
-(typeattributeset base_typeattr_926 (and (domain ) (not (sensor_service_server ))))
+(typeattributeset base_typeattr_926 (and (domain ) (not (secure_element ))))
(typeattribute base_typeattr_925)
-(typeattributeset base_typeattr_925 (and (domain ) (not (crash_dump runas_app secure_element simpleperf ))))
+(typeattributeset base_typeattr_925 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_next ))))
(typeattribute base_typeattr_924)
-(typeattributeset base_typeattr_924 (and (appdomain ) (not (runas_app secure_element shell simpleperf ))))
+(typeattributeset base_typeattr_924 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_next ))))
(typeattribute base_typeattr_923)
-(typeattributeset base_typeattr_923 (and (secure_element ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_923 (and (sdk_sandbox_next ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_922)
-(typeattributeset base_typeattr_922 (and (domain ) (not (secure_element ))))
+(typeattributeset base_typeattr_922 (and (domain ) (not (sdk_sandbox_next ))))
(typeattribute base_typeattr_921)
-(typeattributeset base_typeattr_921 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_next ))))
+(typeattributeset base_typeattr_921 (and (property_type ) (not (system_property_type ))))
(typeattribute base_typeattr_920)
-(typeattributeset base_typeattr_920 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_next ))))
+(typeattributeset base_typeattr_920 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_audit ))))
(typeattribute base_typeattr_919)
-(typeattributeset base_typeattr_919 (and (sdk_sandbox_next ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_919 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_audit ))))
(typeattribute base_typeattr_918)
-(typeattributeset base_typeattr_918 (and (domain ) (not (sdk_sandbox_next ))))
+(typeattributeset base_typeattr_918 (and (sdk_sandbox_audit ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_917)
-(typeattributeset base_typeattr_917 (and (property_type ) (not (system_property_type ))))
+(typeattributeset base_typeattr_917 (and (domain ) (not (sdk_sandbox_audit ))))
(typeattribute base_typeattr_916)
-(typeattributeset base_typeattr_916 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_audit ))))
+(typeattributeset base_typeattr_916 (and (domain ) (not (adbd sdk_sandbox_all ))))
(typeattribute base_typeattr_915)
-(typeattributeset base_typeattr_915 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_audit ))))
+(typeattributeset base_typeattr_915 (and (domain ) (not (adbd heapprofd logd netd prng_seeder tombstoned traced traced_perf sdk_sandbox_all ))))
(typeattribute base_typeattr_914)
-(typeattributeset base_typeattr_914 (and (sdk_sandbox_audit ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_914 (and (domain ) (not (init installd system_server vold_prepare_subdirs zygote sdk_sandbox_all ))))
(typeattribute base_typeattr_913)
-(typeattributeset base_typeattr_913 (and (domain ) (not (sdk_sandbox_audit ))))
+(typeattributeset base_typeattr_913 (and (domain ) (not (init installd system_server vold_prepare_subdirs ))))
(typeattribute base_typeattr_912)
-(typeattributeset base_typeattr_912 (and (domain ) (not (adbd sdk_sandbox_all ))))
+(typeattributeset base_typeattr_912 (and (app_data_file_type ) (not (shell_data_file radio_data_file sdk_sandbox_data_file ))))
(typeattribute base_typeattr_911)
-(typeattributeset base_typeattr_911 (and (domain ) (not (adbd heapprofd logd netd prng_seeder tombstoned traced traced_perf sdk_sandbox_all ))))
+(typeattributeset base_typeattr_911 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_34 ))))
(typeattribute base_typeattr_910)
-(typeattributeset base_typeattr_910 (and (domain ) (not (init installd system_server vold_prepare_subdirs zygote sdk_sandbox_all ))))
+(typeattributeset base_typeattr_910 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_34 ))))
(typeattribute base_typeattr_909)
-(typeattributeset base_typeattr_909 (and (domain ) (not (init installd system_server vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_909 (and (sdk_sandbox_34 ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_908)
-(typeattributeset base_typeattr_908 (and (app_data_file_type ) (not (shell_data_file radio_data_file sdk_sandbox_data_file ))))
+(typeattributeset base_typeattr_908 (and (domain ) (not (sdk_sandbox_34 ))))
(typeattribute base_typeattr_907)
-(typeattributeset base_typeattr_907 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_34 ))))
+(typeattributeset base_typeattr_907 (and (domain ) (not (scheduler_service_server ))))
(typeattribute base_typeattr_906)
-(typeattributeset base_typeattr_906 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_34 ))))
+(typeattributeset base_typeattr_906 (and (domain ) (not (crash_dump runas_app simpleperf ))))
(typeattribute base_typeattr_905)
-(typeattributeset base_typeattr_905 (and (sdk_sandbox_34 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_905 (and (appdomain ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_904)
-(typeattributeset base_typeattr_904 (and (domain ) (not (sdk_sandbox_34 ))))
+(typeattributeset base_typeattr_904 (and (runas_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_903)
-(typeattributeset base_typeattr_903 (and (domain ) (not (scheduler_service_server ))))
+(typeattributeset base_typeattr_903 (and (domain ) (not (runas_app ))))
(typeattribute base_typeattr_902)
-(typeattributeset base_typeattr_902 (and (domain ) (not (crash_dump runas_app simpleperf ))))
+(typeattributeset base_typeattr_902 (and (appdomain ) (not (system_app ))))
(typeattribute base_typeattr_901)
-(typeattributeset base_typeattr_901 (and (appdomain ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_901 (and (domain ) (not (crash_dump rkpdapp runas_app simpleperf ))))
(typeattribute base_typeattr_900)
-(typeattributeset base_typeattr_900 (and (runas_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_900 (and (appdomain ) (not (rkpdapp runas_app shell simpleperf ))))
(typeattribute base_typeattr_899)
-(typeattributeset base_typeattr_899 (and (domain ) (not (runas_app ))))
+(typeattributeset base_typeattr_899 (and (rkpdapp ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_898)
-(typeattributeset base_typeattr_898 (and (appdomain ) (not (system_app ))))
+(typeattributeset base_typeattr_898 (and (domain ) (not (rkpdapp ))))
(typeattribute base_typeattr_897)
-(typeattributeset base_typeattr_897 (and (domain ) (not (crash_dump rkpdapp runas_app simpleperf ))))
+(typeattributeset base_typeattr_897 (and (domain ) (not (rkpd ))))
(typeattribute base_typeattr_896)
-(typeattributeset base_typeattr_896 (and (appdomain ) (not (rkpdapp runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_896 (and (domain ) (not (rkp_cert_processor ))))
(typeattribute base_typeattr_895)
-(typeattributeset base_typeattr_895 (and (rkpdapp ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_895 (and (domain ) (not (remote_provisioning_service_server ))))
(typeattribute base_typeattr_894)
-(typeattributeset base_typeattr_894 (and (domain ) (not (rkpdapp ))))
+(typeattributeset base_typeattr_894 (and (file_type ) (not (recovery_data_file ))))
(typeattribute base_typeattr_893)
-(typeattributeset base_typeattr_893 (and (domain ) (not (rkpd ))))
+(typeattributeset base_typeattr_893 (and (data_file_type ) (not (cache_file cache_recovery_file ))))
(typeattribute base_typeattr_892)
-(typeattributeset base_typeattr_892 (and (domain ) (not (rkp_cert_processor ))))
+(typeattributeset base_typeattr_892 (and (domain ) (not (init radio ))))
(typeattribute base_typeattr_891)
-(typeattributeset base_typeattr_891 (and (domain ) (not (remote_provisioning_service_server ))))
+(typeattributeset base_typeattr_891 (and (domain ) (not (crash_dump radio runas_app simpleperf ))))
(typeattribute base_typeattr_890)
-(typeattributeset base_typeattr_890 (and (file_type ) (not (recovery_data_file ))))
+(typeattributeset base_typeattr_890 (and (appdomain ) (not (radio runas_app shell simpleperf ))))
(typeattribute base_typeattr_889)
-(typeattributeset base_typeattr_889 (and (data_file_type ) (not (cache_file cache_recovery_file ))))
+(typeattributeset base_typeattr_889 (and (radio ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_888)
-(typeattributeset base_typeattr_888 (and (domain ) (not (init radio ))))
+(typeattributeset base_typeattr_888 (and (domain ) (not (radio ))))
(typeattribute base_typeattr_887)
-(typeattributeset base_typeattr_887 (and (domain ) (not (crash_dump radio runas_app simpleperf ))))
+(typeattributeset base_typeattr_887 (and (appdomain ) (not (system_app device_as_webcam ))))
(typeattribute base_typeattr_886)
-(typeattributeset base_typeattr_886 (and (appdomain ) (not (radio runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_886 (and (domain ) (not (dumpstate init profcollectd ))))
(typeattribute base_typeattr_885)
-(typeattributeset base_typeattr_885 (and (radio ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_885 (and (domain ) (not (coredomain apexd dumpstate vendor_init ))))
(typeattribute base_typeattr_884)
-(typeattributeset base_typeattr_884 (and (domain ) (not (radio ))))
+(typeattributeset base_typeattr_884 (and (domain ) (not (coredomain apexd dumpstate init ))))
(typeattribute base_typeattr_883)
-(typeattributeset base_typeattr_883 (and (appdomain ) (not (system_app device_as_webcam ))))
+(typeattributeset base_typeattr_883 (and (domain ) (not (init keystore rkpdapp shell system_server ))))
(typeattribute base_typeattr_882)
-(typeattributeset base_typeattr_882 (and (domain ) (not (dumpstate init profcollectd ))))
+(typeattributeset base_typeattr_882 (and (domain ) (not (hal_dumpstate_server dumpstate init ))))
(typeattribute base_typeattr_881)
-(typeattributeset base_typeattr_881 (and (domain ) (not (coredomain apexd dumpstate vendor_init ))))
+(typeattributeset base_typeattr_881 (and (domain ) (not (appdomain dumpstate init vendor_init ))))
(typeattribute base_typeattr_880)
-(typeattributeset base_typeattr_880 (and (domain ) (not (coredomain apexd dumpstate init ))))
+(typeattributeset base_typeattr_880 (and (domain ) (not (dumpstate init system_app vendor_init ))))
(typeattribute base_typeattr_879)
-(typeattributeset base_typeattr_879 (and (domain ) (not (init keystore rkpdapp shell system_server ))))
+(typeattributeset base_typeattr_879 (and (domain ) (not (init surfaceflinger ))))
(typeattribute base_typeattr_878)
-(typeattributeset base_typeattr_878 (and (domain ) (not (hal_dumpstate_server dumpstate init ))))
+(typeattributeset base_typeattr_878 (and (domain ) (not (appdomain hal_telephony_server init radio ))))
(typeattribute base_typeattr_877)
-(typeattributeset base_typeattr_877 (and (domain ) (not (appdomain dumpstate init vendor_init ))))
+(typeattributeset base_typeattr_877 (and (domain ) (not (init shell kcmdlinectrl ))))
(typeattribute base_typeattr_876)
-(typeattributeset base_typeattr_876 (and (domain ) (not (dumpstate init system_app vendor_init ))))
+(typeattributeset base_typeattr_876 (and (domain ) (not (init shell system_app system_server mtectrl ))))
(typeattribute base_typeattr_875)
-(typeattributeset base_typeattr_875 (and (domain ) (not (init surfaceflinger ))))
+(typeattributeset base_typeattr_875 (and (domain ) (not (adbd init adbd_tradeinmode ))))
(typeattribute base_typeattr_874)
-(typeattributeset base_typeattr_874 (and (domain ) (not (appdomain hal_telephony_server init radio ))))
+(typeattributeset base_typeattr_874 (and (domain ) (not (adbd init system_server vendor_init adbd_tradeinmode ))))
(typeattribute base_typeattr_873)
-(typeattributeset base_typeattr_873 (and (domain ) (not (init shell kcmdlinectrl ))))
+(typeattributeset base_typeattr_873 (and (property_type ) (not (extended_core_property_type system_property_type ))))
(typeattribute base_typeattr_872)
-(typeattributeset base_typeattr_872 (and (domain ) (not (init shell system_app system_server mtectrl ))))
+(typeattributeset base_typeattr_872 (and (coredomain ) (not (system_writes_vendor_properties_violators init ))))
(typeattribute base_typeattr_871)
-(typeattributeset base_typeattr_871 (and (domain ) (not (adbd init adbd_tradeinmode ))))
+(typeattributeset base_typeattr_871 (and (domain ) (not (appdomain coredomain hal_power_server vendor_init ))))
(typeattribute base_typeattr_870)
-(typeattributeset base_typeattr_870 (and (domain ) (not (adbd init system_server vendor_init adbd_tradeinmode ))))
+(typeattributeset base_typeattr_870 (and (core_property_type extended_core_property_type dalvik_config_prop_type exported3_system_prop systemsound_config_prop ) (not (dalvik_dynamic_config_prop debug_prop logd_prop nfc_prop powerctl_prop radio_prop ))))
(typeattribute base_typeattr_869)
-(typeattributeset base_typeattr_869 (and (property_type ) (not (extended_core_property_type system_property_type ))))
+(typeattributeset base_typeattr_869 (and (domain ) (not (hal_wifi_server dumpstate init vendor_init wificond ))))
(typeattribute base_typeattr_868)
-(typeattributeset base_typeattr_868 (and (coredomain ) (not (system_writes_vendor_properties_violators init ))))
+(typeattributeset base_typeattr_868 (and (domain ) (not (coredomain hal_wifi_server wificond ))))
(typeattribute base_typeattr_867)
-(typeattributeset base_typeattr_867 (and (domain ) (not (appdomain coredomain hal_power_server vendor_init ))))
+(typeattributeset base_typeattr_867 (and (domain ) (not (coredomain hal_camera_server cameraserver vendor_init ))))
(typeattribute base_typeattr_866)
-(typeattributeset base_typeattr_866 (and (core_property_type extended_core_property_type dalvik_config_prop_type exported3_system_prop systemsound_config_prop ) (not (dalvik_dynamic_config_prop debug_prop logd_prop nfc_prop powerctl_prop radio_prop ))))
+(typeattributeset base_typeattr_866 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth vendor_init ))))
(typeattribute base_typeattr_865)
-(typeattributeset base_typeattr_865 (and (domain ) (not (hal_wifi_server dumpstate init vendor_init wificond ))))
+(typeattributeset base_typeattr_865 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth ))))
(typeattribute base_typeattr_864)
-(typeattributeset base_typeattr_864 (and (domain ) (not (coredomain hal_wifi_server wificond ))))
+(typeattributeset base_typeattr_864 (and (domain ) (not (appdomain coredomain hal_telephony_server ))))
(typeattribute base_typeattr_863)
-(typeattributeset base_typeattr_863 (and (domain ) (not (coredomain hal_camera_server cameraserver vendor_init ))))
+(typeattributeset base_typeattr_863 (and (domain ) (not (appdomain coredomain hal_telephony_server vendor_init ))))
(typeattribute base_typeattr_862)
-(typeattributeset base_typeattr_862 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth vendor_init ))))
+(typeattributeset base_typeattr_862 (and (domain ) (not (appdomain coredomain hal_nfc_server ))))
(typeattribute base_typeattr_861)
-(typeattributeset base_typeattr_861 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth ))))
+(typeattributeset base_typeattr_861 (and (core_property_type extended_core_property_type exported3_system_prop exported_dumpstate_prop exported_config_prop exported_default_prop exported_system_prop usb_control_prop ) (not (nfc_prop powerctl_prop radio_prop ))))
(typeattribute base_typeattr_860)
-(typeattributeset base_typeattr_860 (and (domain ) (not (appdomain coredomain hal_telephony_server ))))
+(typeattributeset base_typeattr_860 (and (domain ) (not (appdomain coredomain vendor_init ))))
(typeattribute base_typeattr_859)
-(typeattributeset base_typeattr_859 (and (domain ) (not (appdomain coredomain hal_telephony_server vendor_init ))))
+(typeattributeset base_typeattr_859 (and (domain ) (not (init misctrl ))))
(typeattribute base_typeattr_858)
-(typeattributeset base_typeattr_858 (and (domain ) (not (appdomain coredomain hal_nfc_server ))))
+(typeattributeset base_typeattr_858 (and (domain ) (not (crash_dump dumpstate init statsd misctrl ))))
(typeattribute base_typeattr_857)
-(typeattributeset base_typeattr_857 (and (core_property_type extended_core_property_type exported3_system_prop exported_dumpstate_prop exported_config_prop exported_default_prop exported_system_prop usb_control_prop ) (not (nfc_prop powerctl_prop radio_prop ))))
+(typeattributeset base_typeattr_857 (and (domain ) (not (dumpstate init ))))
(typeattribute base_typeattr_856)
-(typeattributeset base_typeattr_856 (and (domain ) (not (appdomain coredomain vendor_init ))))
+(typeattributeset base_typeattr_856 (and (domain ) (not (extra_free_kbytes init ))))
(typeattribute base_typeattr_855)
-(typeattributeset base_typeattr_855 (and (domain ) (not (init misctrl ))))
+(typeattributeset base_typeattr_855 (and (core_property_type ) (not (fingerprint_prop restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))))
(typeattribute base_typeattr_854)
-(typeattributeset base_typeattr_854 (and (domain ) (not (crash_dump dumpstate init statsd misctrl ))))
+(typeattributeset base_typeattr_854 (and (vendor_property_type ) (not (vendor_public_property_type ))))
(typeattribute base_typeattr_853)
-(typeattributeset base_typeattr_853 (and (domain ) (not (extra_free_kbytes init ))))
+(typeattributeset base_typeattr_853 (and (vendor_property_type vendor_internal_property_type ) (not (vendor_restricted_property_type vendor_public_property_type ))))
(typeattribute base_typeattr_852)
-(typeattributeset base_typeattr_852 (and (core_property_type ) (not (fingerprint_prop restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))))
+(typeattributeset base_typeattr_852 (and (system_property_type ) (not (system_public_property_type ))))
(typeattribute base_typeattr_851)
-(typeattributeset base_typeattr_851 (and (vendor_property_type ) (not (vendor_public_property_type ))))
+(typeattributeset base_typeattr_851 (and (system_property_type system_internal_property_type ) (not (system_restricted_property_type system_public_property_type ))))
(typeattribute base_typeattr_850)
-(typeattributeset base_typeattr_850 (and (vendor_property_type vendor_internal_property_type ) (not (vendor_restricted_property_type vendor_public_property_type ))))
+(typeattributeset base_typeattr_850 (and (property_type ) (not (system_property_type vendor_property_type ))))
(typeattribute base_typeattr_849)
-(typeattributeset base_typeattr_849 (and (system_property_type ) (not (system_public_property_type ))))
+(typeattributeset base_typeattr_849 (and (app_data_file_type ) (not (privapp_data_file ))))
(typeattribute base_typeattr_848)
-(typeattributeset base_typeattr_848 (and (system_property_type system_internal_property_type ) (not (system_restricted_property_type system_public_property_type ))))
+(typeattributeset base_typeattr_848 (and (domain ) (not (crash_dump priv_app runas_app simpleperf ))))
(typeattribute base_typeattr_847)
-(typeattributeset base_typeattr_847 (and (property_type ) (not (system_property_type vendor_property_type ))))
+(typeattributeset base_typeattr_847 (and (appdomain ) (not (priv_app runas_app shell simpleperf ))))
(typeattribute base_typeattr_846)
-(typeattributeset base_typeattr_846 (and (app_data_file_type ) (not (privapp_data_file ))))
+(typeattributeset base_typeattr_846 (and (priv_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_845)
-(typeattributeset base_typeattr_845 (and (domain ) (not (crash_dump priv_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_845 (and (domain ) (not (priv_app ))))
(typeattribute base_typeattr_844)
-(typeattributeset base_typeattr_844 (and (appdomain ) (not (priv_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_844 (and (domain ) (not (init shell ))))
(typeattribute base_typeattr_843)
-(typeattributeset base_typeattr_843 (and (priv_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_843 (and (domain ) (not (recovery update_engine ))))
(typeattribute base_typeattr_842)
-(typeattributeset base_typeattr_842 (and (domain ) (not (priv_app ))))
+(typeattributeset base_typeattr_842 (and (domain ) (not (crash_dump platform_app runas_app simpleperf ))))
(typeattribute base_typeattr_841)
-(typeattributeset base_typeattr_841 (and (domain ) (not (init shell ))))
+(typeattributeset base_typeattr_841 (and (appdomain ) (not (platform_app runas_app shell simpleperf ))))
(typeattribute base_typeattr_840)
-(typeattributeset base_typeattr_840 (and (domain ) (not (recovery update_engine ))))
+(typeattributeset base_typeattr_840 (and (platform_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_839)
-(typeattributeset base_typeattr_839 (and (domain ) (not (dumpstate init ))))
+(typeattributeset base_typeattr_839 (and (domain ) (not (platform_app ))))
(typeattribute base_typeattr_838)
-(typeattributeset base_typeattr_838 (and (domain ) (not (crash_dump platform_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_838 (and (domain ) (not (crash_dump runas_app simpleperf permissioncontroller_app ))))
(typeattribute base_typeattr_837)
-(typeattributeset base_typeattr_837 (and (appdomain ) (not (platform_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_837 (and (appdomain ) (not (runas_app shell simpleperf permissioncontroller_app ))))
(typeattribute base_typeattr_836)
-(typeattributeset base_typeattr_836 (and (platform_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_836 (and (permissioncontroller_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_835)
-(typeattributeset base_typeattr_835 (and (domain ) (not (platform_app ))))
+(typeattributeset base_typeattr_835 (and (domain ) (not (permissioncontroller_app ))))
(typeattribute base_typeattr_834)
-(typeattributeset base_typeattr_834 (and (domain ) (not (crash_dump runas_app simpleperf permissioncontroller_app ))))
+(typeattributeset base_typeattr_834 (and (domain ) (not (performanced ))))
(typeattribute base_typeattr_833)
-(typeattributeset base_typeattr_833 (and (appdomain ) (not (runas_app shell simpleperf permissioncontroller_app ))))
+(typeattributeset base_typeattr_833 (and (data_file_type ) (not (perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
(typeattribute base_typeattr_832)
-(typeattributeset base_typeattr_832 (and (permissioncontroller_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_832 (and (system_data_file ) (not (perfetto_traces_data_file perfetto_traces_profiling_data_file ))))
(typeattribute base_typeattr_831)
-(typeattributeset base_typeattr_831 (and (domain ) (not (permissioncontroller_app ))))
+(typeattributeset base_typeattr_831 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
(typeattribute base_typeattr_830)
-(typeattributeset base_typeattr_830 (and (domain ) (not (performanced ))))
+(typeattributeset base_typeattr_830 (and (domain ) (not (adbd incidentd init perfetto shell traced trace_redactor ))))
(typeattribute base_typeattr_829)
-(typeattributeset base_typeattr_829 (and (data_file_type ) (not (perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
+(typeattributeset base_typeattr_829 (and (domain ) (not (adbd dumpstate incidentd init perfetto priv_app shell system_server traced trace_redactor ))))
(typeattribute base_typeattr_828)
-(typeattributeset base_typeattr_828 (and (system_data_file ) (not (perfetto_traces_data_file perfetto_traces_profiling_data_file ))))
+(typeattributeset base_typeattr_828 (and (domain ) (not (init vendor_init ot_daemon ))))
(typeattribute base_typeattr_827)
-(typeattributeset base_typeattr_827 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
+(typeattributeset base_typeattr_827 (and (domain ) (not (ot_daemon ))))
(typeattribute base_typeattr_826)
-(typeattributeset base_typeattr_826 (and (domain ) (not (adbd incidentd init perfetto shell traced trace_redactor ))))
+(typeattributeset base_typeattr_826 (and (domain ) (not (init odsign ))))
(typeattribute base_typeattr_825)
-(typeattributeset base_typeattr_825 (and (domain ) (not (adbd dumpstate incidentd init perfetto priv_app shell system_server traced trace_redactor ))))
+(typeattributeset base_typeattr_825 (and (domain ) (not (init system_server odrefresh ))))
(typeattribute base_typeattr_824)
-(typeattributeset base_typeattr_824 (and (domain ) (not (init vendor_init ot_daemon ))))
+(typeattributeset base_typeattr_824 (and (domain ) (not (artd init system_server odrefresh ))))
(typeattribute base_typeattr_823)
-(typeattributeset base_typeattr_823 (and (domain ) (not (ot_daemon ))))
+(typeattributeset base_typeattr_823 (and (domain ) (not (init compos_fd_server odrefresh ))))
(typeattribute base_typeattr_822)
-(typeattributeset base_typeattr_822 (and (domain ) (not (init odsign ))))
+(typeattributeset base_typeattr_822 (and (domain ) (not (odrefresh ))))
(typeattribute base_typeattr_821)
-(typeattributeset base_typeattr_821 (and (domain ) (not (init system_server odrefresh ))))
+(typeattributeset base_typeattr_821 (and (domain ) (not (crash_dump nfc runas_app simpleperf ))))
(typeattribute base_typeattr_820)
-(typeattributeset base_typeattr_820 (and (domain ) (not (artd init system_server odrefresh ))))
+(typeattributeset base_typeattr_820 (and (appdomain ) (not (nfc runas_app shell simpleperf ))))
(typeattribute base_typeattr_819)
-(typeattributeset base_typeattr_819 (and (domain ) (not (init compos_fd_server odrefresh ))))
+(typeattributeset base_typeattr_819 (and (nfc ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_818)
-(typeattributeset base_typeattr_818 (and (domain ) (not (odrefresh ))))
+(typeattributeset base_typeattr_818 (and (domain ) (not (nfc ))))
(typeattribute base_typeattr_817)
-(typeattributeset base_typeattr_817 (and (domain ) (not (crash_dump nfc runas_app simpleperf ))))
+(typeattributeset base_typeattr_817 (and (domain ) (not (crash_dump network_stack runas_app simpleperf ))))
(typeattribute base_typeattr_816)
-(typeattributeset base_typeattr_816 (and (appdomain ) (not (nfc runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_816 (and (appdomain ) (not (network_stack runas_app shell simpleperf ))))
(typeattribute base_typeattr_815)
-(typeattributeset base_typeattr_815 (and (nfc ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_815 (and (network_stack ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_814)
-(typeattributeset base_typeattr_814 (and (domain ) (not (nfc ))))
+(typeattributeset base_typeattr_814 (and (domain ) (not (network_stack ))))
(typeattribute base_typeattr_813)
-(typeattributeset base_typeattr_813 (and (domain ) (not (crash_dump network_stack runas_app simpleperf ))))
+(typeattributeset base_typeattr_813 (and (domain ) (not (init netd ))))
(typeattribute base_typeattr_812)
-(typeattributeset base_typeattr_812 (and (appdomain ) (not (network_stack runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_812 (and (domain ) (not (dumpstate init netd ))))
(typeattribute base_typeattr_811)
-(typeattributeset base_typeattr_811 (and (network_stack ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_811 (and (domain ) (not (dumpstate netd netutils_wrapper network_stack system_server ))))
(typeattribute base_typeattr_810)
-(typeattributeset base_typeattr_810 (and (domain ) (not (network_stack ))))
+(typeattributeset base_typeattr_810 (and (domain ) (not (netd ))))
(typeattribute base_typeattr_809)
-(typeattributeset base_typeattr_809 (and (domain ) (not (init netd ))))
+(typeattributeset base_typeattr_809 (and (netdomain ) (not (untrusted_app_all ephemeral_app mediaprovider priv_app sdk_sandbox_all ))))
(typeattribute base_typeattr_808)
-(typeattributeset base_typeattr_808 (and (domain ) (not (dumpstate init netd ))))
+(typeattributeset base_typeattr_808 (and (netdomain ) (not (ephemeral_app sdk_sandbox_all ))))
(typeattribute base_typeattr_807)
-(typeattributeset base_typeattr_807 (and (domain ) (not (dumpstate netd netutils_wrapper network_stack system_server ))))
+(typeattributeset base_typeattr_807 (and (domain ) (not (mmd ))))
(typeattribute base_typeattr_806)
-(typeattributeset base_typeattr_806 (and (domain ) (not (netd ))))
+(typeattributeset base_typeattr_806 (and (mlstrustedsubject ) (not (adbd artd installd runas system_server zygote ))))
(typeattribute base_typeattr_805)
-(typeattributeset base_typeattr_805 (and (netdomain ) (not (untrusted_app_all ephemeral_app mediaprovider priv_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_805 (and (mlstrustedsubject ) (not (artd installd ))))
(typeattribute base_typeattr_804)
-(typeattributeset base_typeattr_804 (and (netdomain ) (not (ephemeral_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_804 (and (domain ) (not (mediatuner ))))
(typeattribute base_typeattr_803)
-(typeattributeset base_typeattr_803 (and (domain ) (not (mmd ))))
+(typeattributeset base_typeattr_803 (and (domain ) (not (mediatranscoding ))))
(typeattribute base_typeattr_802)
-(typeattributeset base_typeattr_802 (and (mlstrustedsubject ) (not (adbd artd installd runas system_server zygote ))))
+(typeattributeset base_typeattr_802 (and (domain ) (not (mediaserver ))))
(typeattribute base_typeattr_801)
-(typeattributeset base_typeattr_801 (and (mlstrustedsubject ) (not (artd installd ))))
+(typeattributeset base_typeattr_801 (and (domain ) (not (crash_dump runas_app simpleperf mediaprovider_app ))))
(typeattribute base_typeattr_800)
-(typeattributeset base_typeattr_800 (and (domain ) (not (mediatuner ))))
+(typeattributeset base_typeattr_800 (and (appdomain ) (not (runas_app shell simpleperf mediaprovider_app ))))
(typeattribute base_typeattr_799)
-(typeattributeset base_typeattr_799 (and (domain ) (not (mediatranscoding ))))
+(typeattributeset base_typeattr_799 (and (mediaprovider_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_798)
-(typeattributeset base_typeattr_798 (and (domain ) (not (mediaserver ))))
+(typeattributeset base_typeattr_798 (and (domain ) (not (mediaprovider_app ))))
(typeattribute base_typeattr_797)
-(typeattributeset base_typeattr_797 (and (domain ) (not (crash_dump runas_app simpleperf mediaprovider_app ))))
+(typeattributeset base_typeattr_797 (and (domain ) (not (crash_dump mediaprovider runas_app simpleperf ))))
(typeattribute base_typeattr_796)
-(typeattributeset base_typeattr_796 (and (appdomain ) (not (runas_app shell simpleperf mediaprovider_app ))))
+(typeattributeset base_typeattr_796 (and (appdomain ) (not (mediaprovider runas_app shell simpleperf ))))
(typeattribute base_typeattr_795)
-(typeattributeset base_typeattr_795 (and (mediaprovider_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_795 (and (mediaprovider ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_794)
-(typeattributeset base_typeattr_794 (and (domain ) (not (mediaprovider_app ))))
+(typeattributeset base_typeattr_794 (and (domain ) (not (mediaprovider ))))
(typeattribute base_typeattr_793)
-(typeattributeset base_typeattr_793 (and (domain ) (not (crash_dump mediaprovider runas_app simpleperf ))))
+(typeattributeset base_typeattr_793 (and (domain ) (not (mediametrics ))))
(typeattribute base_typeattr_792)
-(typeattributeset base_typeattr_792 (and (appdomain ) (not (mediaprovider runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_792 (and (domain ) (not (mediaextractor ))))
(typeattribute base_typeattr_791)
-(typeattributeset base_typeattr_791 (and (mediaprovider ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_791 (and (domain ) (not (mediadrmserver ))))
(typeattribute base_typeattr_790)
-(typeattributeset base_typeattr_790 (and (domain ) (not (mediaprovider ))))
+(typeattributeset base_typeattr_790 (and (domain ) (not (dumpstate servicemanager shell lpdumpd ))))
(typeattribute base_typeattr_789)
-(typeattributeset base_typeattr_789 (and (domain ) (not (mediametrics ))))
+(typeattributeset base_typeattr_789 (and (domain ) (not (dumpstate shell lpdumpd ))))
(typeattribute base_typeattr_788)
-(typeattributeset base_typeattr_788 (and (domain ) (not (mediaextractor ))))
+(typeattributeset base_typeattr_788 (and (domain ) (not (lpdumpd ))))
(typeattribute base_typeattr_787)
-(typeattributeset base_typeattr_787 (and (domain ) (not (mediadrmserver ))))
+(typeattributeset base_typeattr_787 (and (domain ) (not (dumpstate incidentd init ))))
(typeattribute base_typeattr_786)
-(typeattributeset base_typeattr_786 (and (domain ) (not (dumpstate servicemanager shell lpdumpd ))))
+(typeattributeset base_typeattr_786 (and (domain ) (not (init logd ))))
(typeattribute base_typeattr_785)
-(typeattributeset base_typeattr_785 (and (domain ) (not (dumpstate shell lpdumpd ))))
+(typeattributeset base_typeattr_785 (and (app_data_file_type system_data_file packages_list_file ) (not (shell_data_file ))))
(typeattribute base_typeattr_784)
-(typeattributeset base_typeattr_784 (and (domain ) (not (lpdumpd ))))
+(typeattributeset base_typeattr_784 (and (domain ) (not (logd ))))
(typeattribute base_typeattr_783)
-(typeattributeset base_typeattr_783 (and (domain ) (not (dumpstate incidentd init ))))
+(typeattributeset base_typeattr_783 (and (appdomain ) (not (bluetooth platform_app priv_app radio shell system_app ))))
(typeattribute base_typeattr_782)
-(typeattributeset base_typeattr_782 (and (domain ) (not (init logd ))))
+(typeattributeset base_typeattr_782 (and (domain ) (not (appdomain bootstat dumpstate init logd servicemanager surfaceflinger system_server zygote ))))
(typeattribute base_typeattr_781)
-(typeattributeset base_typeattr_781 (and (app_data_file_type system_data_file packages_list_file ) (not (shell_data_file ))))
+(typeattributeset base_typeattr_781 (and (file_type ) (not (runtime_event_log_tags_file shell_data_file ))))
(typeattribute base_typeattr_780)
-(typeattributeset base_typeattr_780 (and (domain ) (not (logd ))))
+(typeattributeset base_typeattr_780 (and (domain ) (not (init lmkd vendor_init ))))
(typeattribute base_typeattr_779)
-(typeattributeset base_typeattr_779 (and (appdomain ) (not (bluetooth platform_app priv_app radio shell system_app ))))
+(typeattributeset base_typeattr_779 (and (domain ) (not (init dexopt_chroot_setup linkerconfig otapreopt_chroot ))))
(typeattribute base_typeattr_778)
-(typeattributeset base_typeattr_778 (and (domain ) (not (appdomain bootstat dumpstate init logd servicemanager surfaceflinger system_server zygote ))))
+(typeattributeset base_typeattr_778 (and (domain ) (not (init keystore ))))
(typeattribute base_typeattr_777)
-(typeattributeset base_typeattr_777 (and (file_type ) (not (runtime_event_log_tags_file shell_data_file ))))
+(typeattributeset base_typeattr_777 (and (domain ) (not (keystore ))))
(typeattribute base_typeattr_776)
-(typeattributeset base_typeattr_776 (and (domain ) (not (init lmkd vendor_init ))))
+(typeattributeset base_typeattr_776 (and (domain ) (not (crash_dump isolated_compute_app runas_app simpleperf ))))
(typeattribute base_typeattr_775)
-(typeattributeset base_typeattr_775 (and (domain ) (not (init dexopt_chroot_setup linkerconfig otapreopt_chroot ))))
+(typeattributeset base_typeattr_775 (and (appdomain ) (not (isolated_compute_app runas_app shell simpleperf ))))
(typeattribute base_typeattr_774)
-(typeattributeset base_typeattr_774 (and (domain ) (not (init keystore ))))
+(typeattributeset base_typeattr_774 (and (isolated_compute_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_773)
-(typeattributeset base_typeattr_773 (and (domain ) (not (keystore ))))
+(typeattributeset base_typeattr_773 (and (domain ) (not (isolated_compute_app ))))
(typeattribute base_typeattr_772)
-(typeattributeset base_typeattr_772 (and (domain ) (not (crash_dump isolated_compute_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_772 (and (sysfs_type ) (not (sysfs_transparent_hugepage sysfs_usb sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_devices_system_cpu sysfs_pgsize_migration ))))
(typeattribute base_typeattr_771)
-(typeattributeset base_typeattr_771 (and (appdomain ) (not (isolated_compute_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_771 (and (service_manager_type ) (not (activity_service display_service webviewupdate_service ))))
(typeattribute base_typeattr_770)
-(typeattributeset base_typeattr_770 (and (isolated_compute_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_770 (and (isolated_app_all ) (not (isolated_compute_app ))))
(typeattribute base_typeattr_769)
-(typeattributeset base_typeattr_769 (and (domain ) (not (isolated_compute_app ))))
+(typeattributeset base_typeattr_769 (and (domain ) (not (crash_dump isolated_app runas_app simpleperf ))))
(typeattribute base_typeattr_768)
-(typeattributeset base_typeattr_768 (and (sysfs_type ) (not (sysfs_transparent_hugepage sysfs_usb sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_devices_system_cpu sysfs_pgsize_migration ))))
+(typeattributeset base_typeattr_768 (and (appdomain ) (not (isolated_app runas_app shell simpleperf ))))
(typeattribute base_typeattr_767)
-(typeattributeset base_typeattr_767 (and (service_manager_type ) (not (activity_service display_service webviewupdate_service ))))
+(typeattributeset base_typeattr_767 (and (isolated_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_766)
-(typeattributeset base_typeattr_766 (and (isolated_app_all ) (not (isolated_compute_app ))))
+(typeattributeset base_typeattr_766 (and (domain ) (not (servicemanager system_server ))))
(typeattribute base_typeattr_765)
-(typeattributeset base_typeattr_765 (and (domain ) (not (crash_dump isolated_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_765 (and (domain ) (not (dumpstate servicemanager system_server ))))
(typeattribute base_typeattr_764)
-(typeattributeset base_typeattr_764 (and (appdomain ) (not (isolated_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_764 (and (domain ) (not (dumpstate installd system_server ))))
(typeattribute base_typeattr_763)
-(typeattributeset base_typeattr_763 (and (isolated_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_763 (and (domain ) (not (installd ))))
(typeattribute base_typeattr_762)
-(typeattributeset base_typeattr_762 (and (domain ) (not (servicemanager system_server ))))
+(typeattributeset base_typeattr_762 (and (domain ) (not (init toolbox vendor_init vold ))))
(typeattribute base_typeattr_761)
-(typeattributeset base_typeattr_761 (and (domain ) (not (dumpstate servicemanager system_server ))))
+(typeattributeset base_typeattr_761 (and (fs_type file_type ) (not (init_exec ))))
(typeattribute base_typeattr_760)
-(typeattributeset base_typeattr_760 (and (domain ) (not (dumpstate installd system_server ))))
+(typeattributeset base_typeattr_760 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs ))))
(typeattribute base_typeattr_759)
-(typeattributeset base_typeattr_759 (and (domain ) (not (installd ))))
+(typeattributeset base_typeattr_759 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type proc_type sysfs_type debugfs_type sdcard_type keychord_device rootfs ))))
(typeattribute base_typeattr_758)
-(typeattributeset base_typeattr_758 (and (domain ) (not (init toolbox vendor_init vold ))))
+(typeattributeset base_typeattr_758 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type app_data_file privapp_data_file vm_data_file ))))
(typeattribute base_typeattr_757)
-(typeattributeset base_typeattr_757 (and (fs_type file_type ) (not (init_exec ))))
+(typeattributeset base_typeattr_757 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file apex_mnt_dir credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
(typeattribute base_typeattr_756)
-(typeattributeset base_typeattr_756 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs ))))
+(typeattributeset base_typeattr_756 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
(typeattribute base_typeattr_755)
-(typeattributeset base_typeattr_755 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type proc_type sysfs_type debugfs_type sdcard_type keychord_device rootfs ))))
+(typeattributeset base_typeattr_755 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type runtime_event_log_tags_file shell_data_file nativetest_data_file apex_info_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
(typeattribute base_typeattr_754)
-(typeattributeset base_typeattr_754 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type app_data_file privapp_data_file vm_data_file ))))
+(typeattributeset base_typeattr_754 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type system_userdir_file vendor_userdir_file shell_data_file nativetest_data_file credstore_data_file keystore_data_file media_userdir_file vold_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
(typeattribute base_typeattr_753)
-(typeattributeset base_typeattr_753 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file apex_mnt_dir credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
+(typeattributeset base_typeattr_753 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type nativetest_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
(typeattribute base_typeattr_752)
-(typeattributeset base_typeattr_752 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
+(typeattributeset base_typeattr_752 (and (fs_type ) (not (debugfs_type ))))
(typeattribute base_typeattr_751)
-(typeattributeset base_typeattr_751 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type runtime_event_log_tags_file shell_data_file nativetest_data_file apex_info_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
+(typeattributeset base_typeattr_751 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device ))))
(typeattribute base_typeattr_750)
-(typeattributeset base_typeattr_750 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type system_userdir_file vendor_userdir_file shell_data_file nativetest_data_file credstore_data_file keystore_data_file media_userdir_file vold_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
+(typeattributeset base_typeattr_750 (and (domain ) (not (incidentd init system_server vold ))))
(typeattribute base_typeattr_749)
-(typeattributeset base_typeattr_749 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type nativetest_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
+(typeattributeset base_typeattr_749 (and (domain ) (not (incidentd init vold ))))
(typeattribute base_typeattr_748)
-(typeattributeset base_typeattr_748 (and (fs_type ) (not (debugfs_type ))))
+(typeattributeset base_typeattr_748 (and (system_server_service app_api_service system_api_service ) (not (tracingproxy_service ))))
(typeattribute base_typeattr_747)
-(typeattributeset base_typeattr_747 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device ))))
+(typeattributeset base_typeattr_747 (and (domain ) (not (incidentd ))))
(typeattribute base_typeattr_746)
-(typeattributeset base_typeattr_746 (and (domain ) (not (incidentd init system_server vold ))))
+(typeattributeset base_typeattr_746 (and (domain ) (not (incident_helper incidentd shell ))))
(typeattribute base_typeattr_745)
-(typeattributeset base_typeattr_745 (and (domain ) (not (incidentd init vold ))))
+(typeattributeset base_typeattr_745 (and (domain ) (not (dumpstate incident shell su ))))
(typeattribute base_typeattr_744)
-(typeattributeset base_typeattr_744 (and (domain ) (not (incidentd ))))
+(typeattributeset base_typeattr_744 (and (domain ) (not (idmap ))))
(typeattribute base_typeattr_743)
-(typeattributeset base_typeattr_743 (and (system_server_service app_api_service system_api_service ) (not (tracingproxy_service ))))
+(typeattributeset base_typeattr_743 (and (domain ) (not (hwservicemanager ))))
(typeattribute base_typeattr_742)
-(typeattributeset base_typeattr_742 (and (domain ) (not (incident_helper incidentd shell ))))
+(typeattributeset base_typeattr_742 (not (hwservice_manager_type ) ))
(typeattribute base_typeattr_741)
-(typeattributeset base_typeattr_741 (and (domain ) (not (dumpstate incident shell su ))))
+(typeattributeset base_typeattr_741 (and (vendor_file_type ) (not (vndk_sp_file ))))
(typeattribute base_typeattr_740)
-(typeattributeset base_typeattr_740 (and (domain ) (not (idmap ))))
+(typeattributeset base_typeattr_740 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_739)
-(typeattributeset base_typeattr_739 (and (domain ) (not (hwservicemanager ))))
+(typeattributeset base_typeattr_739 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server ))))
(typeattribute base_typeattr_738)
-(typeattributeset base_typeattr_738 (not (hwservice_manager_type ) ))
+(typeattributeset base_typeattr_738 (and (domain ) (not (hal_wifi_supplicant_server ))))
(typeattribute base_typeattr_737)
-(typeattributeset base_typeattr_737 (and (vendor_file_type ) (not (vndk_sp_file ))))
+(typeattributeset base_typeattr_737 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_736)
-(typeattributeset base_typeattr_736 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_736 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server ))))
(typeattribute base_typeattr_735)
-(typeattributeset base_typeattr_735 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_735 (and (domain ) (not (hal_wifi_hostapd_server ))))
(typeattribute base_typeattr_734)
-(typeattributeset base_typeattr_734 (and (domain ) (not (hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_734 (and (domain ) (not (hal_wifi_client hal_wifi_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_733)
-(typeattributeset base_typeattr_733 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_733 (and (domain ) (not (hal_wifi_client hal_wifi_server ))))
(typeattribute base_typeattr_732)
-(typeattributeset base_typeattr_732 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server ))))
+(typeattributeset base_typeattr_732 (and (domain ) (not (hal_wifi_server ))))
(typeattribute base_typeattr_731)
-(typeattributeset base_typeattr_731 (and (domain ) (not (hal_wifi_hostapd_server ))))
+(typeattributeset base_typeattr_731 (and (domain ) (not (hal_weaver_client hal_weaver_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_730)
-(typeattributeset base_typeattr_730 (and (domain ) (not (hal_wifi_client hal_wifi_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_730 (and (domain ) (not (hal_weaver_client hal_weaver_server ))))
(typeattribute base_typeattr_729)
-(typeattributeset base_typeattr_729 (and (domain ) (not (hal_wifi_client hal_wifi_server ))))
+(typeattributeset base_typeattr_729 (and (domain ) (not (hal_weaver_server ))))
(typeattribute base_typeattr_728)
-(typeattributeset base_typeattr_728 (and (domain ) (not (hal_wifi_server ))))
+(typeattributeset base_typeattr_728 (and (domain ) (not (hal_vr_client hal_vr_server ))))
(typeattribute base_typeattr_727)
-(typeattributeset base_typeattr_727 (and (domain ) (not (hal_weaver_client hal_weaver_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_727 (and (domain ) (not (hal_vr_server ))))
(typeattribute base_typeattr_726)
-(typeattributeset base_typeattr_726 (and (domain ) (not (hal_weaver_client hal_weaver_server ))))
+(typeattributeset base_typeattr_726 (and (domain ) (not (hal_vm_capabilities_client hal_vm_capabilities_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_725)
-(typeattributeset base_typeattr_725 (and (domain ) (not (hal_weaver_server ))))
+(typeattributeset base_typeattr_725 (and (domain ) (not (hal_vm_capabilities_server ))))
(typeattribute base_typeattr_724)
-(typeattributeset base_typeattr_724 (and (domain ) (not (hal_vr_client hal_vr_server ))))
+(typeattributeset base_typeattr_724 (and (domain ) (not (hal_vibrator_client hal_vibrator_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_723)
-(typeattributeset base_typeattr_723 (and (domain ) (not (hal_vr_server ))))
+(typeattributeset base_typeattr_723 (and (domain ) (not (hal_vibrator_client hal_vibrator_server ))))
(typeattribute base_typeattr_722)
-(typeattributeset base_typeattr_722 (and (domain ) (not (hal_vm_capabilities_client hal_vm_capabilities_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_722 (and (domain ) (not (hal_vibrator_server ))))
(typeattribute base_typeattr_721)
-(typeattributeset base_typeattr_721 (and (domain ) (not (hal_vm_capabilities_server ))))
+(typeattributeset base_typeattr_721 (and (domain ) (not (hal_vehicle_client hal_vehicle_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_720)
-(typeattributeset base_typeattr_720 (and (domain ) (not (hal_vibrator_client hal_vibrator_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_720 (and (domain ) (not (hal_vehicle_client hal_vehicle_server ))))
(typeattribute base_typeattr_719)
-(typeattributeset base_typeattr_719 (and (domain ) (not (hal_vibrator_client hal_vibrator_server ))))
+(typeattributeset base_typeattr_719 (and (domain ) (not (hal_vehicle_server ))))
(typeattribute base_typeattr_718)
-(typeattributeset base_typeattr_718 (and (domain ) (not (hal_vibrator_server ))))
+(typeattributeset base_typeattr_718 (and (domain ) (not (hal_uwb_client hal_uwb_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_717)
-(typeattributeset base_typeattr_717 (and (domain ) (not (hal_vehicle_client hal_vehicle_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_717 (and (domain ) (not (hal_uwb_server ))))
(typeattribute base_typeattr_716)
-(typeattributeset base_typeattr_716 (and (domain ) (not (hal_vehicle_client hal_vehicle_server ))))
+(typeattributeset base_typeattr_716 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server ))))
(typeattribute base_typeattr_715)
-(typeattributeset base_typeattr_715 (and (domain ) (not (hal_vehicle_server ))))
+(typeattributeset base_typeattr_715 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_714)
-(typeattributeset base_typeattr_714 (and (domain ) (not (hal_uwb_client hal_uwb_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_714 (and (domain ) (not (hal_usb_gadget_server ))))
(typeattribute base_typeattr_713)
-(typeattributeset base_typeattr_713 (and (domain ) (not (hal_uwb_server ))))
+(typeattributeset base_typeattr_713 (and (domain ) (not (hal_usb_client hal_usb_server ))))
(typeattribute base_typeattr_712)
-(typeattributeset base_typeattr_712 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server ))))
+(typeattributeset base_typeattr_712 (and (domain ) (not (hal_usb_client hal_usb_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_711)
-(typeattributeset base_typeattr_711 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_711 (and (domain ) (not (hal_usb_server ))))
(typeattribute base_typeattr_710)
-(typeattributeset base_typeattr_710 (and (domain ) (not (hal_usb_gadget_server ))))
+(typeattributeset base_typeattr_710 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_709)
-(typeattributeset base_typeattr_709 (and (domain ) (not (hal_usb_client hal_usb_server ))))
+(typeattributeset base_typeattr_709 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server ))))
(typeattribute base_typeattr_708)
-(typeattributeset base_typeattr_708 (and (domain ) (not (hal_usb_client hal_usb_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_708 (and (domain ) (not (hal_tv_tuner_server ))))
(typeattribute base_typeattr_707)
-(typeattributeset base_typeattr_707 (and (domain ) (not (hal_usb_server ))))
+(typeattributeset base_typeattr_707 (and (domain ) (not (hal_tv_input_client hal_tv_input_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_706)
-(typeattributeset base_typeattr_706 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_706 (and (domain ) (not (hal_tv_input_client hal_tv_input_server ))))
(typeattribute base_typeattr_705)
-(typeattributeset base_typeattr_705 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server ))))
+(typeattributeset base_typeattr_705 (and (domain ) (not (hal_tv_input_server ))))
(typeattribute base_typeattr_704)
-(typeattributeset base_typeattr_704 (and (domain ) (not (hal_tv_tuner_server ))))
+(typeattributeset base_typeattr_704 (and (domain ) (not (hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_703)
-(typeattributeset base_typeattr_703 (and (domain ) (not (hal_tv_input_client hal_tv_input_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_703 (and (domain ) (not (hal_tv_hdmi_earc_server ))))
(typeattribute base_typeattr_702)
-(typeattributeset base_typeattr_702 (and (domain ) (not (hal_tv_input_client hal_tv_input_server ))))
+(typeattributeset base_typeattr_702 (and (domain ) (not (hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_701)
-(typeattributeset base_typeattr_701 (and (domain ) (not (hal_tv_input_server ))))
+(typeattributeset base_typeattr_701 (and (domain ) (not (hal_tv_hdmi_connection_server ))))
(typeattribute base_typeattr_700)
-(typeattributeset base_typeattr_700 (and (domain ) (not (hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_700 (and (domain ) (not (hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_699)
-(typeattributeset base_typeattr_699 (and (domain ) (not (hal_tv_hdmi_earc_server ))))
+(typeattributeset base_typeattr_699 (and (domain ) (not (hal_tv_hdmi_cec_server ))))
(typeattribute base_typeattr_698)
-(typeattributeset base_typeattr_698 (and (domain ) (not (hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_698 (and (domain ) (not (hal_tv_cec_client hal_tv_cec_server ))))
(typeattribute base_typeattr_697)
-(typeattributeset base_typeattr_697 (and (domain ) (not (hal_tv_hdmi_connection_server ))))
+(typeattributeset base_typeattr_697 (and (domain ) (not (hal_tv_cec_server ))))
(typeattribute base_typeattr_696)
-(typeattributeset base_typeattr_696 (and (domain ) (not (hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_696 (and (domain ) (not (hal_threadnetwork_client hal_threadnetwork_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_695)
-(typeattributeset base_typeattr_695 (and (domain ) (not (hal_tv_hdmi_cec_server ))))
+(typeattributeset base_typeattr_695 (and (domain ) (not (hal_threadnetwork_server ))))
(typeattribute base_typeattr_694)
-(typeattributeset base_typeattr_694 (and (domain ) (not (hal_tv_cec_client hal_tv_cec_server ))))
+(typeattributeset base_typeattr_694 (and (domain ) (not (hal_thermal_client hal_thermal_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_693)
-(typeattributeset base_typeattr_693 (and (domain ) (not (hal_tv_cec_server ))))
+(typeattributeset base_typeattr_693 (and (domain ) (not (hal_thermal_client hal_thermal_server ))))
(typeattribute base_typeattr_692)
-(typeattributeset base_typeattr_692 (and (domain ) (not (hal_threadnetwork_client hal_threadnetwork_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_692 (and (domain ) (not (hal_thermal_server ))))
(typeattribute base_typeattr_691)
-(typeattributeset base_typeattr_691 (and (domain ) (not (hal_threadnetwork_server ))))
+(typeattributeset base_typeattr_691 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_690)
-(typeattributeset base_typeattr_690 (and (domain ) (not (hal_thermal_client hal_thermal_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_690 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server ))))
(typeattribute base_typeattr_689)
-(typeattributeset base_typeattr_689 (and (domain ) (not (hal_thermal_client hal_thermal_server ))))
+(typeattributeset base_typeattr_689 (and (domain ) (not (hal_tetheroffload_server ))))
(typeattribute base_typeattr_688)
-(typeattributeset base_typeattr_688 (and (domain ) (not (hal_thermal_server ))))
+(typeattributeset base_typeattr_688 (and (domain ) (not (hal_telephony_client hal_telephony_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_687)
-(typeattributeset base_typeattr_687 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_687 (and (domain ) (not (hal_telephony_client hal_telephony_server ))))
(typeattribute base_typeattr_686)
-(typeattributeset base_typeattr_686 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server ))))
+(typeattributeset base_typeattr_686 (and (domain ) (not (hal_telephony_server ))))
(typeattribute base_typeattr_685)
-(typeattributeset base_typeattr_685 (and (domain ) (not (hal_tetheroffload_server ))))
+(typeattributeset base_typeattr_685 (and (domain ) (not (hal_sensors_client hal_sensors_server ))))
(typeattribute base_typeattr_684)
-(typeattributeset base_typeattr_684 (and (domain ) (not (hal_telephony_client hal_telephony_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_684 (and (domain ) (not (hal_sensors_server ))))
(typeattribute base_typeattr_683)
-(typeattributeset base_typeattr_683 (and (domain ) (not (hal_telephony_client hal_telephony_server ))))
+(typeattributeset base_typeattr_683 (and (domain ) (not (hal_secure_element_client hal_secure_element_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_682)
-(typeattributeset base_typeattr_682 (and (domain ) (not (hal_telephony_server ))))
+(typeattributeset base_typeattr_682 (and (domain ) (not (hal_secure_element_client hal_secure_element_server ))))
(typeattribute base_typeattr_681)
-(typeattributeset base_typeattr_681 (and (domain ) (not (hal_sensors_client hal_sensors_server ))))
+(typeattributeset base_typeattr_681 (and (domain ) (not (hal_secure_element_server ))))
(typeattribute base_typeattr_680)
-(typeattributeset base_typeattr_680 (and (domain ) (not (hal_sensors_server ))))
+(typeattributeset base_typeattr_680 (and (domain ) (not (hal_secretkeeper_client hal_secretkeeper_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_679)
-(typeattributeset base_typeattr_679 (and (domain ) (not (hal_secure_element_client hal_secure_element_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_679 (and (domain ) (not (hal_secretkeeper_server ))))
(typeattribute base_typeattr_678)
-(typeattributeset base_typeattr_678 (and (domain ) (not (hal_secure_element_client hal_secure_element_server ))))
+(typeattributeset base_typeattr_678 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_677)
-(typeattributeset base_typeattr_677 (and (domain ) (not (hal_secure_element_server ))))
+(typeattributeset base_typeattr_677 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_server ))))
(typeattribute base_typeattr_676)
-(typeattributeset base_typeattr_676 (and (domain ) (not (hal_secretkeeper_client hal_secretkeeper_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_676 (and (domain ) (not (hal_remoteaccess_client hal_remoteaccess_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_675)
-(typeattributeset base_typeattr_675 (and (domain ) (not (hal_secretkeeper_server ))))
+(typeattributeset base_typeattr_675 (and (domain ) (not (hal_remoteaccess_server ))))
(typeattribute base_typeattr_674)
-(typeattributeset base_typeattr_674 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_674 (and (domain ) (not (hal_rebootescrow_client hal_rebootescrow_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_673)
-(typeattributeset base_typeattr_673 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_server ))))
+(typeattributeset base_typeattr_673 (and (domain ) (not (hal_rebootescrow_server ))))
(typeattribute base_typeattr_672)
-(typeattributeset base_typeattr_672 (and (domain ) (not (hal_remoteaccess_client hal_remoteaccess_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_672 (and (domain ) (not (hal_power_stats_client hal_power_stats_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_671)
-(typeattributeset base_typeattr_671 (and (domain ) (not (hal_remoteaccess_server ))))
+(typeattributeset base_typeattr_671 (and (domain ) (not (hal_power_stats_client hal_power_stats_server ))))
(typeattribute base_typeattr_670)
-(typeattributeset base_typeattr_670 (and (domain ) (not (hal_rebootescrow_client hal_rebootescrow_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_670 (and (domain ) (not (hal_power_stats_server ))))
(typeattribute base_typeattr_669)
-(typeattributeset base_typeattr_669 (and (domain ) (not (hal_rebootescrow_server ))))
+(typeattributeset base_typeattr_669 (and (domain ) (not (hal_power_client hal_power_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_668)
-(typeattributeset base_typeattr_668 (and (domain ) (not (hal_power_stats_client hal_power_stats_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_668 (and (domain ) (not (hal_power_client hal_power_server ))))
(typeattribute base_typeattr_667)
-(typeattributeset base_typeattr_667 (and (domain ) (not (hal_power_stats_client hal_power_stats_server ))))
+(typeattributeset base_typeattr_667 (and (domain ) (not (hal_power_server ))))
(typeattribute base_typeattr_666)
-(typeattributeset base_typeattr_666 (and (domain ) (not (hal_power_stats_server ))))
+(typeattributeset base_typeattr_666 (and (domain ) (not (hal_omx_client hal_omx_server ))))
(typeattribute base_typeattr_665)
-(typeattributeset base_typeattr_665 (and (domain ) (not (hal_power_client hal_power_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_665 (and (domain ) (not (hal_omx_server ))))
(typeattribute base_typeattr_664)
-(typeattributeset base_typeattr_664 (and (domain ) (not (hal_power_client hal_power_server ))))
+(typeattributeset base_typeattr_664 (and (domain ) (not (hal_oemlock_client hal_oemlock_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_663)
-(typeattributeset base_typeattr_663 (and (domain ) (not (hal_power_server ))))
+(typeattributeset base_typeattr_663 (and (domain ) (not (hal_oemlock_client hal_oemlock_server ))))
(typeattribute base_typeattr_662)
-(typeattributeset base_typeattr_662 (and (domain ) (not (hal_omx_client hal_omx_server ))))
+(typeattributeset base_typeattr_662 (and (domain ) (not (hal_oemlock_server ))))
(typeattribute base_typeattr_661)
-(typeattributeset base_typeattr_661 (and (domain ) (not (hal_omx_server ))))
+(typeattributeset base_typeattr_661 (and (domain ) (not (hal_nlinterceptor_client hal_nlinterceptor_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_660)
-(typeattributeset base_typeattr_660 (and (domain ) (not (hal_oemlock_client hal_oemlock_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_660 (and (domain ) (not (hal_nlinterceptor_server ))))
(typeattribute base_typeattr_659)
-(typeattributeset base_typeattr_659 (and (domain ) (not (hal_oemlock_client hal_oemlock_server ))))
+(typeattributeset base_typeattr_659 (and (domain ) (not (hal_nfc_client hal_nfc_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_658)
-(typeattributeset base_typeattr_658 (and (domain ) (not (hal_oemlock_server ))))
+(typeattributeset base_typeattr_658 (and (domain ) (not (hal_nfc_client hal_nfc_server ))))
(typeattribute base_typeattr_657)
-(typeattributeset base_typeattr_657 (and (domain ) (not (hal_nlinterceptor_client hal_nlinterceptor_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_657 (and (domain ) (not (hal_nfc_server ))))
(typeattribute base_typeattr_656)
-(typeattributeset base_typeattr_656 (and (domain ) (not (hal_nlinterceptor_server ))))
+(typeattributeset base_typeattr_656 (and (fs_type file_type ) (not (shell_exec toolbox_exec ))))
(typeattribute base_typeattr_655)
-(typeattributeset base_typeattr_655 (and (domain ) (not (hal_nfc_client hal_nfc_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_655 (and (halserverdomain ) (not (hal_dumpstate_server hal_telephony_server ))))
(typeattribute base_typeattr_654)
-(typeattributeset base_typeattr_654 (and (domain ) (not (hal_nfc_client hal_nfc_server ))))
+(typeattributeset base_typeattr_654 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
(typeattribute base_typeattr_653)
-(typeattributeset base_typeattr_653 (and (domain ) (not (hal_nfc_server ))))
+(typeattributeset base_typeattr_653 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
(typeattribute base_typeattr_652)
-(typeattributeset base_typeattr_652 (and (fs_type file_type ) (not (shell_exec toolbox_exec ))))
+(typeattributeset base_typeattr_652 (and (halserverdomain ) (not (hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
(typeattribute base_typeattr_651)
-(typeattributeset base_typeattr_651 (and (halserverdomain ) (not (hal_dumpstate_server hal_telephony_server ))))
+(typeattributeset base_typeattr_651 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_650)
-(typeattributeset base_typeattr_650 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_650 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server ))))
(typeattribute base_typeattr_649)
-(typeattributeset base_typeattr_649 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_649 (and (domain ) (not (hal_neuralnetworks_server ))))
(typeattribute base_typeattr_648)
-(typeattributeset base_typeattr_648 (and (halserverdomain ) (not (hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_648 (and (domain ) (not (hal_memtrack_client hal_memtrack_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_647)
-(typeattributeset base_typeattr_647 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_647 (and (domain ) (not (hal_memtrack_client hal_memtrack_server ))))
(typeattribute base_typeattr_646)
-(typeattributeset base_typeattr_646 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server ))))
+(typeattributeset base_typeattr_646 (and (domain ) (not (hal_memtrack_server ))))
(typeattribute base_typeattr_645)
-(typeattributeset base_typeattr_645 (and (domain ) (not (hal_neuralnetworks_server ))))
+(typeattributeset base_typeattr_645 (and (domain ) (not (hal_mediaquality_client hal_mediaquality_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_644)
-(typeattributeset base_typeattr_644 (and (domain ) (not (hal_memtrack_client hal_memtrack_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_644 (and (domain ) (not (hal_mediaquality_server ))))
(typeattribute base_typeattr_643)
-(typeattributeset base_typeattr_643 (and (domain ) (not (hal_memtrack_client hal_memtrack_server ))))
+(typeattributeset base_typeattr_643 (and (domain ) (not (hal_macsec_client hal_macsec_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_642)
-(typeattributeset base_typeattr_642 (and (domain ) (not (hal_memtrack_server ))))
+(typeattributeset base_typeattr_642 (and (domain ) (not (hal_macsec_server ))))
(typeattribute base_typeattr_641)
-(typeattributeset base_typeattr_641 (and (domain ) (not (hal_mediaquality_client hal_mediaquality_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_641 (and (domain ) (not (hal_lowpan_server init ueventd ))))
(typeattribute base_typeattr_640)
-(typeattributeset base_typeattr_640 (and (domain ) (not (hal_mediaquality_server ))))
+(typeattributeset base_typeattr_640 (and (domain ) (not (hal_lowpan_client hal_lowpan_server ))))
(typeattribute base_typeattr_639)
-(typeattributeset base_typeattr_639 (and (domain ) (not (hal_macsec_client hal_macsec_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_639 (and (domain ) (not (hal_lowpan_server ))))
(typeattribute base_typeattr_638)
-(typeattributeset base_typeattr_638 (and (domain ) (not (hal_macsec_server ))))
+(typeattributeset base_typeattr_638 (and (domain ) (not (hal_light_client hal_light_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_637)
-(typeattributeset base_typeattr_637 (and (domain ) (not (hal_lowpan_server init ueventd ))))
+(typeattributeset base_typeattr_637 (and (domain ) (not (hal_light_client hal_light_server ))))
(typeattribute base_typeattr_636)
-(typeattributeset base_typeattr_636 (and (domain ) (not (hal_lowpan_client hal_lowpan_server ))))
+(typeattributeset base_typeattr_636 (and (domain ) (not (hal_light_server ))))
(typeattribute base_typeattr_635)
-(typeattributeset base_typeattr_635 (and (domain ) (not (hal_lowpan_server ))))
+(typeattributeset base_typeattr_635 (and (hal_keymint_server ) (not (coredomain ))))
(typeattribute base_typeattr_634)
-(typeattributeset base_typeattr_634 (and (domain ) (not (hal_light_client hal_light_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_634 (and (domain ) (not (hal_keymint_client hal_keymint_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_633)
-(typeattributeset base_typeattr_633 (and (domain ) (not (hal_light_client hal_light_server ))))
+(typeattributeset base_typeattr_633 (and (domain ) (not (hal_keymint_server ))))
(typeattribute base_typeattr_632)
-(typeattributeset base_typeattr_632 (and (domain ) (not (hal_light_server ))))
+(typeattributeset base_typeattr_632 (and (domain ) (not (hal_keymaster_client hal_keymaster_server ))))
(typeattribute base_typeattr_631)
-(typeattributeset base_typeattr_631 (and (hal_keymint_server ) (not (coredomain ))))
+(typeattributeset base_typeattr_631 (and (domain ) (not (hal_keymaster_server ))))
(typeattribute base_typeattr_630)
-(typeattributeset base_typeattr_630 (and (domain ) (not (hal_keymint_client hal_keymint_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_630 (and (domain ) (not (hal_ivn_client hal_ivn_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_629)
-(typeattributeset base_typeattr_629 (and (domain ) (not (hal_keymint_server ))))
+(typeattributeset base_typeattr_629 (and (domain ) (not (hal_ivn_server ))))
(typeattribute base_typeattr_628)
-(typeattributeset base_typeattr_628 (and (domain ) (not (hal_keymaster_client hal_keymaster_server ))))
+(typeattributeset base_typeattr_628 (and (domain ) (not (hal_ir_client hal_ir_server ))))
(typeattribute base_typeattr_627)
-(typeattributeset base_typeattr_627 (and (domain ) (not (hal_keymaster_server ))))
+(typeattributeset base_typeattr_627 (and (domain ) (not (hal_ir_client hal_ir_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_626)
-(typeattributeset base_typeattr_626 (and (domain ) (not (hal_ivn_client hal_ivn_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_626 (and (domain ) (not (hal_ir_server ))))
(typeattribute base_typeattr_625)
-(typeattributeset base_typeattr_625 (and (domain ) (not (hal_ivn_server ))))
+(typeattributeset base_typeattr_625 (and (domain ) (not (hal_input_processor_client hal_input_processor_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_624)
-(typeattributeset base_typeattr_624 (and (domain ) (not (hal_ir_client hal_ir_server ))))
+(typeattributeset base_typeattr_624 (and (domain ) (not (hal_input_processor_server ))))
(typeattribute base_typeattr_623)
-(typeattributeset base_typeattr_623 (and (domain ) (not (hal_ir_client hal_ir_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_623 (and (domain ) (not (hal_input_classifier_client hal_input_classifier_server ))))
(typeattribute base_typeattr_622)
-(typeattributeset base_typeattr_622 (and (domain ) (not (hal_ir_server ))))
+(typeattributeset base_typeattr_622 (and (domain ) (not (hal_input_classifier_server ))))
(typeattribute base_typeattr_621)
-(typeattributeset base_typeattr_621 (and (domain ) (not (hal_input_processor_client hal_input_processor_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_621 (and (domain ) (not (hal_identity_client hal_identity_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_620)
-(typeattributeset base_typeattr_620 (and (domain ) (not (hal_input_processor_server ))))
+(typeattributeset base_typeattr_620 (and (domain ) (not (hal_identity_server ))))
(typeattribute base_typeattr_619)
-(typeattributeset base_typeattr_619 (and (domain ) (not (hal_input_classifier_client hal_input_classifier_server ))))
+(typeattributeset base_typeattr_619 (and (domain ) (not (hal_health_storage_client hal_health_storage_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_618)
-(typeattributeset base_typeattr_618 (and (domain ) (not (hal_input_classifier_server ))))
+(typeattributeset base_typeattr_618 (and (domain ) (not (hal_health_storage_client hal_health_storage_server ))))
(typeattribute base_typeattr_617)
-(typeattributeset base_typeattr_617 (and (domain ) (not (hal_identity_client hal_identity_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_617 (and (domain ) (not (hal_health_storage_server ))))
(typeattribute base_typeattr_616)
-(typeattributeset base_typeattr_616 (and (domain ) (not (hal_identity_server ))))
+(typeattributeset base_typeattr_616 (and (domain ) (not (hal_health_client hal_health_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_615)
-(typeattributeset base_typeattr_615 (and (domain ) (not (hal_health_storage_client hal_health_storage_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_615 (and (domain ) (not (hal_health_client hal_health_server ))))
(typeattribute base_typeattr_614)
-(typeattributeset base_typeattr_614 (and (domain ) (not (hal_health_storage_client hal_health_storage_server ))))
+(typeattributeset base_typeattr_614 (and (domain ) (not (hal_health_server ))))
(typeattribute base_typeattr_613)
-(typeattributeset base_typeattr_613 (and (domain ) (not (hal_health_storage_server ))))
+(typeattributeset base_typeattr_613 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_612)
-(typeattributeset base_typeattr_612 (and (domain ) (not (hal_health_client hal_health_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_612 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server ))))
(typeattribute base_typeattr_611)
-(typeattributeset base_typeattr_611 (and (domain ) (not (hal_health_client hal_health_server ))))
+(typeattributeset base_typeattr_611 (and (domain ) (not (hal_graphics_composer_server ))))
(typeattribute base_typeattr_610)
-(typeattributeset base_typeattr_610 (and (domain ) (not (hal_health_server ))))
+(typeattributeset base_typeattr_610 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_609)
-(typeattributeset base_typeattr_609 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_609 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server ))))
(typeattribute base_typeattr_608)
-(typeattributeset base_typeattr_608 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server ))))
+(typeattributeset base_typeattr_608 (and (domain ) (not (hal_graphics_allocator_server ))))
(typeattribute base_typeattr_607)
-(typeattributeset base_typeattr_607 (and (domain ) (not (hal_graphics_composer_server ))))
+(typeattributeset base_typeattr_607 (and (domain ) (not (hal_gnss_client hal_gnss_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_606)
-(typeattributeset base_typeattr_606 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_606 (and (domain ) (not (hal_gnss_client hal_gnss_server ))))
(typeattribute base_typeattr_605)
-(typeattributeset base_typeattr_605 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server ))))
+(typeattributeset base_typeattr_605 (and (domain ) (not (hal_gnss_server ))))
(typeattribute base_typeattr_604)
-(typeattributeset base_typeattr_604 (and (domain ) (not (hal_graphics_allocator_server ))))
+(typeattributeset base_typeattr_604 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_603)
-(typeattributeset base_typeattr_603 (and (domain ) (not (hal_gnss_client hal_gnss_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_603 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server ))))
(typeattribute base_typeattr_602)
-(typeattributeset base_typeattr_602 (and (domain ) (not (hal_gnss_client hal_gnss_server ))))
+(typeattributeset base_typeattr_602 (and (domain ) (not (hal_gatekeeper_server ))))
(typeattribute base_typeattr_601)
-(typeattributeset base_typeattr_601 (and (domain ) (not (hal_gnss_server ))))
+(typeattributeset base_typeattr_601 (and (hal_fingerprint ) (not (coredomain ))))
(typeattribute base_typeattr_600)
-(typeattributeset base_typeattr_600 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_600 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_599)
-(typeattributeset base_typeattr_599 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server ))))
+(typeattributeset base_typeattr_599 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server ))))
(typeattribute base_typeattr_598)
-(typeattributeset base_typeattr_598 (and (domain ) (not (hal_gatekeeper_server ))))
+(typeattributeset base_typeattr_598 (and (domain ) (not (hal_fingerprint_server ))))
(typeattribute base_typeattr_597)
-(typeattributeset base_typeattr_597 (and (hal_fingerprint ) (not (coredomain ))))
+(typeattributeset base_typeattr_597 (and (domain ) (not (hal_fastboot_client hal_fastboot_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_596)
-(typeattributeset base_typeattr_596 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_596 (and (domain ) (not (hal_fastboot_server ))))
(typeattribute base_typeattr_595)
-(typeattributeset base_typeattr_595 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server ))))
+(typeattributeset base_typeattr_595 (and (hal_face ) (not (coredomain ))))
(typeattribute base_typeattr_594)
-(typeattributeset base_typeattr_594 (and (domain ) (not (hal_fingerprint_server ))))
+(typeattributeset base_typeattr_594 (and (domain ) (not (hal_face_client hal_face_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_593)
-(typeattributeset base_typeattr_593 (and (domain ) (not (hal_fastboot_client hal_fastboot_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_593 (and (domain ) (not (hal_face_client hal_face_server ))))
(typeattribute base_typeattr_592)
-(typeattributeset base_typeattr_592 (and (domain ) (not (hal_fastboot_server ))))
+(typeattributeset base_typeattr_592 (and (domain ) (not (hal_face_server ))))
(typeattribute base_typeattr_591)
-(typeattributeset base_typeattr_591 (and (hal_face ) (not (coredomain ))))
+(typeattributeset base_typeattr_591 (and (domain ) (not (hal_evs_client hal_evs_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_590)
-(typeattributeset base_typeattr_590 (and (domain ) (not (hal_face_client hal_face_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_590 (and (domain ) (not (hal_evs_server ))))
(typeattribute base_typeattr_589)
-(typeattributeset base_typeattr_589 (and (domain ) (not (hal_face_client hal_face_server ))))
+(typeattributeset base_typeattr_589 (and (domain ) (not (hal_evs_server evsmanagerd ))))
(typeattribute base_typeattr_588)
-(typeattributeset base_typeattr_588 (and (domain ) (not (hal_face_server ))))
+(typeattributeset base_typeattr_588 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_587)
-(typeattributeset base_typeattr_587 (and (domain ) (not (hal_evs_client hal_evs_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_587 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server ))))
(typeattribute base_typeattr_586)
-(typeattributeset base_typeattr_586 (and (domain ) (not (hal_evs_server ))))
+(typeattributeset base_typeattr_586 (and (domain ) (not (hal_dumpstate_server ))))
(typeattribute base_typeattr_585)
-(typeattributeset base_typeattr_585 (and (domain ) (not (hal_evs_server evsmanagerd ))))
+(typeattributeset base_typeattr_585 (and (domain ) (not (hal_drm_client hal_drm_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_584)
-(typeattributeset base_typeattr_584 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_584 (and (domain ) (not (hal_drm_client hal_drm_server ))))
(typeattribute base_typeattr_583)
-(typeattributeset base_typeattr_583 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server ))))
+(typeattributeset base_typeattr_583 (and (domain ) (not (hal_drm_server ))))
(typeattribute base_typeattr_582)
-(typeattributeset base_typeattr_582 (and (domain ) (not (hal_dumpstate_server ))))
+(typeattributeset base_typeattr_582 (and (domain ) (not (hal_contexthub_client hal_contexthub_server ))))
(typeattribute base_typeattr_581)
-(typeattributeset base_typeattr_581 (and (domain ) (not (hal_drm_client hal_drm_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_581 (and (domain ) (not (hal_contexthub_server ))))
(typeattribute base_typeattr_580)
-(typeattributeset base_typeattr_580 (and (domain ) (not (hal_drm_client hal_drm_server ))))
+(typeattributeset base_typeattr_580 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_579)
-(typeattributeset base_typeattr_579 (and (domain ) (not (hal_drm_server ))))
+(typeattributeset base_typeattr_579 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server ))))
(typeattribute base_typeattr_578)
-(typeattributeset base_typeattr_578 (and (domain ) (not (hal_contexthub_client hal_contexthub_server ))))
+(typeattributeset base_typeattr_578 (and (domain ) (not (hal_confirmationui_server ))))
(typeattribute base_typeattr_577)
-(typeattributeset base_typeattr_577 (and (domain ) (not (hal_contexthub_server ))))
+(typeattributeset base_typeattr_577 (and (data_file_type ) (not (anr_data_file tombstone_data_file ))))
(typeattribute base_typeattr_576)
-(typeattributeset base_typeattr_576 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_576 (and (domain ) (not (hal_configstore_server logd prng_seeder tombstoned ))))
(typeattribute base_typeattr_575)
-(typeattributeset base_typeattr_575 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server ))))
+(typeattributeset base_typeattr_575 (and (domain ) (not (hal_configstore_client hal_configstore_server ))))
(typeattribute base_typeattr_574)
-(typeattributeset base_typeattr_574 (and (domain ) (not (hal_confirmationui_server ))))
+(typeattributeset base_typeattr_574 (and (domain ) (not (hal_configstore_server ))))
(typeattribute base_typeattr_573)
-(typeattributeset base_typeattr_573 (and (data_file_type ) (not (anr_data_file tombstone_data_file ))))
+(typeattributeset base_typeattr_573 (and (hal_codec2_client ) (not (isolated_app_all ))))
(typeattribute base_typeattr_572)
-(typeattributeset base_typeattr_572 (and (domain ) (not (hal_configstore_server logd prng_seeder tombstoned ))))
+(typeattributeset base_typeattr_572 (and (domain ) (not (hal_codec2_client hal_codec2_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_571)
-(typeattributeset base_typeattr_571 (and (domain ) (not (hal_configstore_client hal_configstore_server ))))
+(typeattributeset base_typeattr_571 (and (domain ) (not (hal_codec2_client hal_codec2_server ))))
(typeattribute base_typeattr_570)
-(typeattributeset base_typeattr_570 (and (domain ) (not (hal_configstore_server ))))
+(typeattributeset base_typeattr_570 (and (domain ) (not (hal_codec2_server ))))
(typeattribute base_typeattr_569)
-(typeattributeset base_typeattr_569 (and (hal_codec2_client ) (not (isolated_app_all ))))
+(typeattributeset base_typeattr_569 (and (domain ) (not (hal_cas_client hal_cas_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_568)
-(typeattributeset base_typeattr_568 (and (domain ) (not (hal_codec2_client hal_codec2_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_568 (and (domain ) (not (hal_cas_client hal_cas_server ))))
(typeattribute base_typeattr_567)
-(typeattributeset base_typeattr_567 (and (domain ) (not (hal_codec2_client hal_codec2_server ))))
+(typeattributeset base_typeattr_567 (and (domain ) (not (hal_cas_server ))))
(typeattribute base_typeattr_566)
-(typeattributeset base_typeattr_566 (and (domain ) (not (hal_codec2_server ))))
+(typeattributeset base_typeattr_566 (and (domain ) (not (hal_can_controller_client hal_can_controller_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_565)
-(typeattributeset base_typeattr_565 (and (domain ) (not (hal_cas_client hal_cas_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_565 (and (domain ) (not (hal_can_bus_client hal_can_bus_server ))))
(typeattribute base_typeattr_564)
-(typeattributeset base_typeattr_564 (and (domain ) (not (hal_cas_client hal_cas_server ))))
+(typeattributeset base_typeattr_564 (and (domain ) (not (hal_can_bus_server ))))
(typeattribute base_typeattr_563)
-(typeattributeset base_typeattr_563 (and (domain ) (not (hal_cas_server ))))
+(typeattributeset base_typeattr_563 (and (domain ) (not (hal_can_controller_client hal_can_controller_server ))))
(typeattribute base_typeattr_562)
-(typeattributeset base_typeattr_562 (and (domain ) (not (hal_can_controller_client hal_can_controller_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_562 (and (domain ) (not (hal_can_controller_server ))))
(typeattribute base_typeattr_561)
-(typeattributeset base_typeattr_561 (and (domain ) (not (hal_can_bus_client hal_can_bus_server ))))
+(typeattributeset base_typeattr_561 (and (halserverdomain ) (not (hal_camera_server ))))
(typeattribute base_typeattr_560)
-(typeattributeset base_typeattr_560 (and (domain ) (not (hal_can_bus_server ))))
+(typeattributeset base_typeattr_560 (and (appdomain ) (not (isolated_app ))))
(typeattribute base_typeattr_559)
-(typeattributeset base_typeattr_559 (and (domain ) (not (hal_can_controller_client hal_can_controller_server ))))
+(typeattributeset base_typeattr_559 (and (domain ) (not (hal_camera_client hal_camera_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_558)
-(typeattributeset base_typeattr_558 (and (domain ) (not (hal_can_controller_server ))))
+(typeattributeset base_typeattr_558 (and (domain ) (not (hal_camera_client hal_camera_server ))))
(typeattribute base_typeattr_557)
-(typeattributeset base_typeattr_557 (and (halserverdomain ) (not (hal_camera_server ))))
+(typeattributeset base_typeattr_557 (and (domain ) (not (hal_camera_server ))))
(typeattribute base_typeattr_556)
-(typeattributeset base_typeattr_556 (and (appdomain ) (not (isolated_app ))))
+(typeattributeset base_typeattr_556 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_555)
-(typeattributeset base_typeattr_555 (and (domain ) (not (hal_camera_client hal_camera_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_555 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server ))))
(typeattribute base_typeattr_554)
-(typeattributeset base_typeattr_554 (and (domain ) (not (hal_camera_client hal_camera_server ))))
+(typeattributeset base_typeattr_554 (and (domain ) (not (hal_broadcastradio_server ))))
(typeattribute base_typeattr_553)
-(typeattributeset base_typeattr_553 (and (domain ) (not (hal_camera_server ))))
+(typeattributeset base_typeattr_553 (and (domain ) (not (hal_bootctl_client hal_bootctl_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_552)
-(typeattributeset base_typeattr_552 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_552 (and (domain ) (not (hal_bootctl_client hal_bootctl_server ))))
(typeattribute base_typeattr_551)
-(typeattributeset base_typeattr_551 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server ))))
+(typeattributeset base_typeattr_551 (and (domain ) (not (hal_bootctl_server ))))
(typeattribute base_typeattr_550)
-(typeattributeset base_typeattr_550 (and (domain ) (not (hal_broadcastradio_server ))))
+(typeattributeset base_typeattr_550 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_549)
-(typeattributeset base_typeattr_549 (and (domain ) (not (hal_bootctl_client hal_bootctl_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_549 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server ))))
(typeattribute base_typeattr_548)
-(typeattributeset base_typeattr_548 (and (domain ) (not (hal_bootctl_client hal_bootctl_server ))))
+(typeattributeset base_typeattr_548 (and (domain ) (not (hal_bluetooth_server ))))
(typeattribute base_typeattr_547)
-(typeattributeset base_typeattr_547 (and (domain ) (not (hal_bootctl_server ))))
+(typeattributeset base_typeattr_547 (and (domain ) (not (hal_authsecret_client hal_authsecret_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_546)
-(typeattributeset base_typeattr_546 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_546 (and (domain ) (not (hal_authsecret_client hal_authsecret_server ))))
(typeattribute base_typeattr_545)
-(typeattributeset base_typeattr_545 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server ))))
+(typeattributeset base_typeattr_545 (and (domain ) (not (hal_authsecret_server ))))
(typeattribute base_typeattr_544)
-(typeattributeset base_typeattr_544 (and (domain ) (not (hal_bluetooth_server ))))
+(typeattributeset base_typeattr_544 (and (domain ) (not (hal_authgraph_client hal_authgraph_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_543)
-(typeattributeset base_typeattr_543 (and (domain ) (not (hal_authsecret_client hal_authsecret_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_543 (and (domain ) (not (hal_authgraph_server ))))
(typeattribute base_typeattr_542)
-(typeattributeset base_typeattr_542 (and (domain ) (not (hal_authsecret_client hal_authsecret_server ))))
+(typeattributeset base_typeattr_542 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_541)
-(typeattributeset base_typeattr_541 (and (domain ) (not (hal_authsecret_server ))))
+(typeattributeset base_typeattr_541 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server ))))
(typeattribute base_typeattr_540)
-(typeattributeset base_typeattr_540 (and (domain ) (not (hal_authgraph_client hal_authgraph_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_540 (and (domain ) (not (hal_audiocontrol_server ))))
(typeattribute base_typeattr_539)
-(typeattributeset base_typeattr_539 (and (domain ) (not (hal_authgraph_server ))))
+(typeattributeset base_typeattr_539 (and (halserverdomain ) (not (hal_audio_server hal_omx_server ))))
(typeattribute base_typeattr_538)
-(typeattributeset base_typeattr_538 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_538 (and (domain ) (not (hal_audio_client hal_audio_server atrace shell system_app traceur_app ))))
(typeattribute base_typeattr_537)
-(typeattributeset base_typeattr_537 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server ))))
+(typeattributeset base_typeattr_537 (and (domain ) (not (hal_audio_client hal_audio_server ))))
(typeattribute base_typeattr_536)
-(typeattributeset base_typeattr_536 (and (domain ) (not (hal_audiocontrol_server ))))
+(typeattributeset base_typeattr_536 (and (domain ) (not (hal_audio_server ))))
(typeattribute base_typeattr_535)
-(typeattributeset base_typeattr_535 (and (halserverdomain ) (not (hal_audio_server hal_omx_server ))))
+(typeattributeset base_typeattr_535 (and (domain ) (not (hal_atrace_client hal_atrace_server ))))
(typeattribute base_typeattr_534)
-(typeattributeset base_typeattr_534 (and (domain ) (not (hal_audio_client hal_audio_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_534 (and (domain ) (not (hal_atrace_server ))))
(typeattribute base_typeattr_533)
-(typeattributeset base_typeattr_533 (and (domain ) (not (hal_audio_client hal_audio_server ))))
+(typeattributeset base_typeattr_533 (and (domain ) (not (hal_allocator_client hal_allocator_server ))))
(typeattribute base_typeattr_532)
-(typeattributeset base_typeattr_532 (and (domain ) (not (hal_audio_server ))))
+(typeattributeset base_typeattr_532 (and (domain ) (not (hal_allocator_server ))))
(typeattribute base_typeattr_531)
-(typeattributeset base_typeattr_531 (and (domain ) (not (hal_atrace_client hal_atrace_server ))))
+(typeattributeset base_typeattr_531 (and (domain ) (not (init gsid ))))
(typeattribute base_typeattr_530)
-(typeattributeset base_typeattr_530 (and (domain ) (not (hal_atrace_server ))))
+(typeattributeset base_typeattr_530 (and (gsi_metadata_file_type ) (not (gsi_public_metadata_file ))))
(typeattribute base_typeattr_529)
-(typeattributeset base_typeattr_529 (and (domain ) (not (hal_allocator_client hal_allocator_server ))))
+(typeattributeset base_typeattr_529 (and (domain ) (not (fastbootd init gsid ))))
(typeattribute base_typeattr_528)
-(typeattributeset base_typeattr_528 (and (domain ) (not (hal_allocator_server ))))
+(typeattributeset base_typeattr_528 (and (domain ) (not (update_engine_common fastbootd init recovery gsid ))))
(typeattribute base_typeattr_527)
-(typeattributeset base_typeattr_527 (and (domain ) (not (init gsid ))))
+(typeattributeset base_typeattr_527 (and (domain ) (not (gsid ))))
(typeattribute base_typeattr_526)
-(typeattributeset base_typeattr_526 (and (gsi_metadata_file_type ) (not (gsi_public_metadata_file ))))
+(typeattributeset base_typeattr_526 (and (domain ) (not (gpuservice init vendor_init ))))
(typeattribute base_typeattr_525)
-(typeattributeset base_typeattr_525 (and (domain ) (not (fastbootd init gsid ))))
+(typeattributeset base_typeattr_525 (and (domain ) (not (gpuservice ))))
(typeattribute base_typeattr_524)
-(typeattributeset base_typeattr_524 (and (domain ) (not (update_engine_common fastbootd init recovery gsid ))))
+(typeattributeset base_typeattr_524 (and (domain ) (not (dumpstate gmscore_app init vendor_init ))))
(typeattribute base_typeattr_523)
-(typeattributeset base_typeattr_523 (and (domain ) (not (gsid ))))
+(typeattributeset base_typeattr_523 (and (domain ) (not (crash_dump gmscore_app runas_app simpleperf ))))
(typeattribute base_typeattr_522)
-(typeattributeset base_typeattr_522 (and (domain ) (not (gpuservice init vendor_init ))))
+(typeattributeset base_typeattr_522 (and (appdomain ) (not (gmscore_app runas_app shell simpleperf ))))
(typeattribute base_typeattr_521)
-(typeattributeset base_typeattr_521 (and (domain ) (not (gpuservice ))))
+(typeattributeset base_typeattr_521 (and (gmscore_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_520)
-(typeattributeset base_typeattr_520 (and (domain ) (not (dumpstate gmscore_app init vendor_init ))))
+(typeattributeset base_typeattr_520 (and (domain ) (not (gmscore_app ))))
(typeattribute base_typeattr_519)
-(typeattributeset base_typeattr_519 (and (domain ) (not (crash_dump gmscore_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_519 (and (domain ) (not (gatekeeperd ))))
(typeattribute base_typeattr_518)
-(typeattributeset base_typeattr_518 (and (appdomain ) (not (gmscore_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_518 (and (fs_type file_type ) (not (fuseblkd_untrusted_exec ))))
(typeattribute base_typeattr_517)
-(typeattributeset base_typeattr_517 (and (gmscore_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_517 (and (fs_type file_type ) (not (fuseblkd_exec ))))
(typeattribute base_typeattr_516)
-(typeattributeset base_typeattr_516 (and (domain ) (not (gmscore_app ))))
+(typeattributeset base_typeattr_516 (and (domain ) (not (fuseblkd_untrusted ))))
(typeattribute base_typeattr_515)
-(typeattributeset base_typeattr_515 (and (domain ) (not (gatekeeperd ))))
+(typeattributeset base_typeattr_515 (and (fs_type file_type ) (not (fsck_exec ))))
(typeattribute base_typeattr_514)
-(typeattributeset base_typeattr_514 (and (fs_type file_type ) (not (fuseblkd_untrusted_exec ))))
+(typeattributeset base_typeattr_514 (and (domain ) (not (init vold ))))
(typeattribute base_typeattr_513)
-(typeattributeset base_typeattr_513 (and (fs_type file_type ) (not (fuseblkd_exec ))))
+(typeattributeset base_typeattr_513 (and (domain ) (not (flags_health_check init ))))
(typeattribute base_typeattr_512)
-(typeattributeset base_typeattr_512 (and (domain ) (not (fuseblkd_untrusted ))))
+(typeattributeset base_typeattr_512 (and (domain ) (not (fingerprintd ))))
(typeattribute base_typeattr_511)
-(typeattributeset base_typeattr_511 (and (fs_type file_type ) (not (fsck_exec ))))
+(typeattributeset base_typeattr_511 (and (domain ) (not (fastbootd ))))
(typeattribute base_typeattr_510)
-(typeattributeset base_typeattr_510 (and (domain ) (not (init vold ))))
+(typeattributeset base_typeattr_510 (and (domain ) (not (evsmanagerd ))))
(typeattribute base_typeattr_509)
-(typeattributeset base_typeattr_509 (and (domain ) (not (flags_health_check init ))))
+(typeattributeset base_typeattr_509 (and (domain ) (not (crash_dump ephemeral_app runas_app simpleperf ))))
(typeattribute base_typeattr_508)
-(typeattributeset base_typeattr_508 (and (domain ) (not (fingerprintd ))))
+(typeattributeset base_typeattr_508 (and (appdomain ) (not (ephemeral_app runas_app shell simpleperf ))))
(typeattribute base_typeattr_507)
-(typeattributeset base_typeattr_507 (and (domain ) (not (fastbootd ))))
+(typeattributeset base_typeattr_507 (and (ephemeral_app ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_506)
-(typeattributeset base_typeattr_506 (and (domain ) (not (evsmanagerd ))))
+(typeattributeset base_typeattr_506 (and (domain ) (not (ephemeral_app ))))
(typeattribute base_typeattr_505)
-(typeattributeset base_typeattr_505 (and (domain ) (not (crash_dump ephemeral_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_505 (and (domain ) (not (early_virtmgr ))))
(typeattribute base_typeattr_504)
-(typeattributeset base_typeattr_504 (and (appdomain ) (not (ephemeral_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_504 (and (domain ) (not (crosvm early_virtmgr ))))
(typeattribute base_typeattr_503)
-(typeattributeset base_typeattr_503 (and (ephemeral_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_503 (and (domain ) (not (crosvm early_virtmgr init ))))
(typeattribute base_typeattr_502)
-(typeattributeset base_typeattr_502 (and (domain ) (not (ephemeral_app ))))
+(typeattributeset base_typeattr_502 (and (domain ) (not (apexd dumpstate init system_server vold_prepare_subdirs ))))
(typeattribute base_typeattr_501)
-(typeattributeset base_typeattr_501 (and (domain ) (not (early_virtmgr ))))
+(typeattributeset base_typeattr_501 (and (domain ) (not (dumpstate shell system_server traceur_app ))))
(typeattribute base_typeattr_500)
-(typeattributeset base_typeattr_500 (and (domain ) (not (crosvm early_virtmgr ))))
+(typeattributeset base_typeattr_500 (and (domain ) (not (dumpstate ))))
(typeattribute base_typeattr_499)
-(typeattributeset base_typeattr_499 (and (domain ) (not (crosvm early_virtmgr init ))))
+(typeattributeset base_typeattr_499 (and (service_manager_type ) (not (hal_service_type apex_service default_android_service dumpstate_service fwk_vold_service gatekeeper_service virtual_touchpad_service vold_service ))))
(typeattribute base_typeattr_498)
-(typeattributeset base_typeattr_498 (and (domain ) (not (apexd dumpstate init system_server vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_498 (and (domain ) (not (drmserver ))))
(typeattribute base_typeattr_497)
-(typeattributeset base_typeattr_497 (and (domain ) (not (dumpstate shell system_server traceur_app ))))
+(typeattributeset base_typeattr_497 (and (domain ) (not (unconstrained_vsock_violators early_virtmgr virtualizationmanager adbd_common compos_fd_server hal_keymint_system virtualizationservice vmlauncher_app ))))
(typeattribute base_typeattr_496)
-(typeattributeset base_typeattr_496 (and (domain ) (not (dumpstate ))))
+(typeattributeset base_typeattr_496 (and (domain ) (not (init ueventd vendor_init ))))
(typeattribute base_typeattr_495)
-(typeattributeset base_typeattr_495 (and (service_manager_type ) (not (hal_service_type apex_service default_android_service dumpstate_service gatekeeper_service virtual_touchpad_service vold_service fwk_vold_service ))))
+(typeattributeset base_typeattr_495 (and (domain ) (not (init zygote dexopt_chroot_setup ))))
(typeattribute base_typeattr_494)
-(typeattributeset base_typeattr_494 (and (domain ) (not (drmserver ))))
+(typeattributeset base_typeattr_494 (and (domain ) (not (init dexopt_chroot_setup ))))
(typeattribute base_typeattr_493)
-(typeattributeset base_typeattr_493 (and (domain ) (not (init ueventd vendor_init ))))
+(typeattributeset base_typeattr_493 (and (domain ) (not (gmscore_app init vold_prepare_subdirs ))))
(typeattribute base_typeattr_492)
-(typeattributeset base_typeattr_492 (and (domain ) (not (init zygote dexopt_chroot_setup ))))
+(typeattributeset base_typeattr_492 (and (domain ) (not (appdomain artd installd system_server traced_probes ))))
(typeattribute base_typeattr_491)
-(typeattributeset base_typeattr_491 (and (domain ) (not (init dexopt_chroot_setup ))))
+(typeattributeset base_typeattr_491 (and (domain ) (not (appdomain adbd artd dumpstate init installd simpleperf_app_runner system_server ))))
(typeattribute base_typeattr_490)
-(typeattributeset base_typeattr_490 (and (domain ) (not (gmscore_app init vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_490 (and (domain ) (not (adbd artd dumpstate init installd shell vold ))))
(typeattribute base_typeattr_489)
-(typeattributeset base_typeattr_489 (and (domain ) (not (appdomain artd installd system_server traced_probes ))))
+(typeattributeset base_typeattr_489 (and (domain ) (not (appdomain adbd artd dumpstate installd ))))
(typeattribute base_typeattr_488)
-(typeattributeset base_typeattr_488 (and (domain ) (not (appdomain adbd artd dumpstate init installd simpleperf_app_runner system_server ))))
+(typeattributeset base_typeattr_488 (and (domain ) (not (init kernel vendor_modprobe uprobestats ))))
(typeattribute base_typeattr_487)
-(typeattributeset base_typeattr_487 (and (domain ) (not (adbd artd dumpstate init installd shell vold ))))
+(typeattributeset base_typeattr_487 (and (domain ) (not (ueventd vendor_init ))))
(typeattribute base_typeattr_486)
-(typeattributeset base_typeattr_486 (and (domain ) (not (appdomain adbd artd dumpstate installd ))))
+(typeattributeset base_typeattr_486 (and (debugfs_type ) (not (tracefs_type ))))
(typeattribute base_typeattr_485)
-(typeattributeset base_typeattr_485 (and (domain ) (not (init kernel vendor_modprobe uprobestats ))))
+(typeattributeset base_typeattr_485 (and (domain ) (not (vendor_modprobe ))))
(typeattribute base_typeattr_484)
-(typeattributeset base_typeattr_484 (and (domain ) (not (ueventd vendor_init ))))
+(typeattributeset base_typeattr_484 (and (domain ) (not (init traced_perf traced_probes ))))
(typeattribute base_typeattr_483)
-(typeattributeset base_typeattr_483 (and (debugfs_type ) (not (tracefs_type ))))
+(typeattributeset base_typeattr_483 (and (domain ) (not (init dexopt_chroot_setup otapreopt_chroot ))))
(typeattribute base_typeattr_482)
-(typeattributeset base_typeattr_482 (and (domain ) (not (vendor_modprobe ))))
+(typeattributeset base_typeattr_482 (and (vendor_file_type ) (not (vendor_cgroup_desc_file vendor_task_profiles_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_apex_file vendor_apex_metadata_file vendor_service_contexts_file vendor_aconfig_storage_file ))))
(typeattribute base_typeattr_481)
-(typeattributeset base_typeattr_481 (and (domain ) (not (init traced_perf traced_probes ))))
+(typeattributeset base_typeattr_481 (and (coredomain ) (not (system_executes_vendor_violators crash_dump crosvm heapprofd init kernel shell traced_perf ueventd vold ))))
(typeattribute base_typeattr_480)
-(typeattributeset base_typeattr_480 (and (domain ) (not (init dexopt_chroot_setup otapreopt_chroot ))))
+(typeattributeset base_typeattr_480 (and (coredomain ) (not (heapprofd init logd mdnsd netd prng_seeder tombstoned traced traced_perf ))))
(typeattribute base_typeattr_479)
-(typeattributeset base_typeattr_479 (and (vendor_file_type ) (not (vendor_cgroup_desc_file vendor_task_profiles_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_apex_file vendor_apex_metadata_file vendor_service_contexts_file vendor_aconfig_storage_file ))))
+(typeattributeset base_typeattr_479 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators ))))
(typeattribute base_typeattr_478)
-(typeattributeset base_typeattr_478 (and (coredomain ) (not (system_executes_vendor_violators crash_dump crosvm heapprofd init kernel shell traced_perf ueventd vold ))))
+(typeattributeset base_typeattr_478 (and (coredomain ) (not (appdomain bootanim crash_dump heapprofd init kernel traced_perf ueventd ))))
(typeattribute base_typeattr_477)
-(typeattributeset base_typeattr_477 (and (coredomain ) (not (heapprofd init logd mdnsd netd prng_seeder tombstoned traced traced_perf ))))
+(typeattributeset base_typeattr_477 (and (domain ) (not (init vendor_init art_boot ))))
(typeattribute base_typeattr_476)
-(typeattributeset base_typeattr_476 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators ))))
+(typeattributeset base_typeattr_476 (and (domain ) (not (dumpstate init system_server ))))
(typeattribute base_typeattr_475)
-(typeattributeset base_typeattr_475 (and (coredomain ) (not (appdomain bootanim crash_dump heapprofd init kernel traced_perf ueventd ))))
+(typeattributeset base_typeattr_475 (and (domain ) (not (fsck init installd zygote ))))
(typeattribute base_typeattr_474)
-(typeattributeset base_typeattr_474 (and (domain ) (not (init vendor_init art_boot ))))
+(typeattributeset base_typeattr_474 (and (domain ) (not (hal_bootctl_server fastbootd init kernel recovery tee ueventd uncrypt gsid ))))
(typeattribute base_typeattr_473)
-(typeattributeset base_typeattr_473 (and (domain ) (not (dumpstate init system_server ))))
+(typeattributeset base_typeattr_473 (and (debugfs_type ) (not (debugfs_tracing_debug ))))
(typeattribute base_typeattr_472)
-(typeattributeset base_typeattr_472 (and (domain ) (not (fsck init installd zygote ))))
+(typeattributeset base_typeattr_472 (and (fs_type ) (not (fusefs_type sdcard_type ))))
(typeattribute base_typeattr_471)
-(typeattributeset base_typeattr_471 (and (domain ) (not (hal_bootctl_server fastbootd init kernel recovery tee ueventd uncrypt gsid ))))
+(typeattributeset base_typeattr_471 (and (domain ) (not (apexd init kernel recovery update_engine vold zygote dexopt_chroot_setup otapreopt_chroot ))))
(typeattribute base_typeattr_470)
-(typeattributeset base_typeattr_470 (and (debugfs_type ) (not (debugfs_tracing_debug ))))
+(typeattributeset base_typeattr_470 (not (apexd artd dnsmasq dumpstate heapprofd init installd lmkd netd recovery rss_hwm_reset sdcardd tee traced_perf traced_probes ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
(typeattribute base_typeattr_469)
-(typeattributeset base_typeattr_469 (and (fs_type ) (not (fusefs_type sdcard_type ))))
+(typeattributeset base_typeattr_469 (not (apexd artd dnsmasq dumpstate init installd lmkd netd recovery rss_hwm_reset sdcardd tee ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
(typeattribute base_typeattr_468)
-(typeattributeset base_typeattr_468 (and (domain ) (not (apexd init kernel recovery update_engine vold zygote dexopt_chroot_setup otapreopt_chroot ))))
+(typeattributeset base_typeattr_468 (and (domain ) (not (apexd init vold_prepare_subdirs compos_fd_server composd odrefresh odsign ))))
(typeattribute base_typeattr_467)
-(typeattributeset base_typeattr_467 (not (apexd artd dnsmasq dumpstate heapprofd init installd lmkd netd recovery rss_hwm_reset sdcardd tee traced_perf traced_probes ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
+(typeattributeset base_typeattr_467 (and (domain ) (not (artd init installd zygote cppreopts dex2oat otapreopt_slot postinstall_dexopt ))))
(typeattribute base_typeattr_466)
-(typeattributeset base_typeattr_466 (not (apexd artd dnsmasq dumpstate init installd lmkd netd recovery rss_hwm_reset sdcardd tee ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
+(typeattributeset base_typeattr_466 (and (file_type ) (not (exec_type system_file_type vendor_file_type system_lib_file system_bootstrap_lib_file system_linker_exec postinstall_file ))))
(typeattribute base_typeattr_465)
-(typeattributeset base_typeattr_465 (and (domain ) (not (apexd init vold_prepare_subdirs compos_fd_server composd odrefresh odsign ))))
+(typeattributeset base_typeattr_465 (and (domain ) (not (appdomain app_zygote shell webview_zygote zygote system_server_startup ))))
(typeattribute base_typeattr_464)
-(typeattributeset base_typeattr_464 (and (domain ) (not (artd init installd zygote cppreopts dex2oat otapreopt_slot postinstall_dexopt ))))
+(typeattributeset base_typeattr_464 (and (fs_type ) (not (rootfs ))))
(typeattribute base_typeattr_463)
-(typeattributeset base_typeattr_463 (and (file_type ) (not (exec_type system_file_type vendor_file_type system_lib_file system_bootstrap_lib_file system_linker_exec postinstall_file ))))
+(typeattributeset base_typeattr_463 (and (domain ) (not (appdomain bootanim recovery ))))
(typeattribute base_typeattr_462)
-(typeattributeset base_typeattr_462 (and (domain ) (not (appdomain app_zygote shell webview_zygote zygote system_server_startup ))))
+(typeattributeset base_typeattr_462 (and (domain ) (not (apexd init installd system_server update_provider ))))
(typeattribute base_typeattr_461)
-(typeattributeset base_typeattr_461 (and (fs_type ) (not (rootfs ))))
+(typeattributeset base_typeattr_461 (and (domain ) (not (init installd system_server update_provider ))))
(typeattribute base_typeattr_460)
-(typeattributeset base_typeattr_460 (and (domain ) (not (appdomain bootanim recovery ))))
+(typeattributeset base_typeattr_460 (and (domain ) (not (adbd apexd crosvm init installd kernel priv_app shell system_app system_server virtualizationmanager update_provider ))))
(typeattribute base_typeattr_459)
-(typeattributeset base_typeattr_459 (and (domain ) (not (apexd init installd system_server update_provider ))))
+(typeattributeset base_typeattr_459 (and (domain ) (not (apexd init installd priv_app system_server virtualizationmanager update_provider ))))
(typeattribute base_typeattr_458)
-(typeattributeset base_typeattr_458 (and (domain ) (not (init installd system_server update_provider ))))
+(typeattributeset base_typeattr_458 (and (domain ) (not (artd installd ))))
(typeattribute base_typeattr_457)
-(typeattributeset base_typeattr_457 (and (domain ) (not (adbd apexd crosvm init installd kernel priv_app shell system_app system_server virtualizationmanager update_provider ))))
+(typeattributeset base_typeattr_457 (and (domain ) (not (appdomain app_zygote artd installd rs ))))
(typeattribute base_typeattr_456)
-(typeattributeset base_typeattr_456 (and (domain ) (not (apexd init installd priv_app system_server virtualizationmanager update_provider ))))
+(typeattributeset base_typeattr_456 (and (domain ) (not (appdomain artd installd rs ))))
(typeattribute base_typeattr_455)
-(typeattributeset base_typeattr_455 (and (domain ) (not (artd installd ))))
+(typeattributeset base_typeattr_455 (and (domain ) (not (appdomain adbd app_zygote artd installd profman rs runas system_server zygote ))))
(typeattribute base_typeattr_454)
-(typeattributeset base_typeattr_454 (and (domain ) (not (appdomain app_zygote artd installd rs ))))
+(typeattributeset base_typeattr_454 (and (domain ) (not (gmscore_app priv_app ))))
(typeattribute base_typeattr_453)
-(typeattributeset base_typeattr_453 (and (domain ) (not (appdomain artd installd rs ))))
+(typeattributeset base_typeattr_453 (and (domain ) (not (dumpstate system_server vold storaged ))))
(typeattribute base_typeattr_452)
-(typeattributeset base_typeattr_452 (and (domain ) (not (appdomain adbd app_zygote artd installd profman rs runas system_server zygote ))))
+(typeattributeset base_typeattr_452 (and (domain ) (not (hal_bootctl_server fastbootd init recovery ueventd uncrypt update_engine vendor_init vendor_misc_writer vold kcmdlinectrl misctrl mtectrl ))))
(typeattribute base_typeattr_451)
-(typeattributeset base_typeattr_451 (and (domain ) (not (gmscore_app priv_app ))))
+(typeattributeset base_typeattr_451 (and (domain ) (not (init traced_probes vendor_init ))))
(typeattribute base_typeattr_450)
-(typeattributeset base_typeattr_450 (and (domain ) (not (dumpstate system_server vold storaged ))))
+(typeattributeset base_typeattr_450 (and (domain ) (not (ephemeral_app untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_449)
-(typeattributeset base_typeattr_449 (and (domain ) (not (hal_bootctl_server fastbootd init recovery ueventd uncrypt update_engine vendor_init vendor_misc_writer vold kcmdlinectrl misctrl mtectrl ))))
+(typeattributeset base_typeattr_449 (and (domain ) (not (hal_codec2_server hal_omx_server ))))
(typeattribute base_typeattr_448)
-(typeattributeset base_typeattr_448 (and (domain ) (not (init traced_probes vendor_init ))))
+(typeattributeset base_typeattr_448 (and (coredomain ) (not (apexd charger incidentd init recovery shell ueventd ))))
(typeattribute base_typeattr_447)
-(typeattributeset base_typeattr_447 (and (domain ) (not (ephemeral_app untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_447 (and (coredomain ) (not (appdomain ))))
(typeattribute base_typeattr_446)
-(typeattributeset base_typeattr_446 (and (domain ) (not (hal_codec2_server hal_omx_server ))))
+(typeattributeset base_typeattr_446 (and (coredomain ) (not (system_writes_mnt_vendor_violators init ueventd vold ))))
(typeattribute base_typeattr_445)
-(typeattributeset base_typeattr_445 (and (coredomain ) (not (apexd charger incidentd init recovery shell ueventd ))))
+(typeattributeset base_typeattr_445 (not (coredomain ) ))
(typeattribute base_typeattr_444)
-(typeattributeset base_typeattr_444 (and (coredomain ) (not (appdomain ))))
+(typeattributeset base_typeattr_444 (not (system_file_type system_dlkm_file_type vendor_file_type rootfs ) ))
(typeattribute base_typeattr_443)
-(typeattributeset base_typeattr_443 (and (coredomain ) (not (system_writes_mnt_vendor_violators init ueventd vold ))))
+(typeattributeset base_typeattr_443 (and (domain ) (not (artd installd profman ))))
(typeattribute base_typeattr_442)
-(typeattributeset base_typeattr_442 (not (coredomain ) ))
+(typeattributeset base_typeattr_442 (and (domain ) (not (init vendor_init vold ))))
(typeattribute base_typeattr_441)
-(typeattributeset base_typeattr_441 (not (system_file_type system_dlkm_file_type vendor_file_type rootfs ) ))
+(typeattributeset base_typeattr_441 (not (hwservicemanager ) ))
(typeattribute base_typeattr_440)
-(typeattributeset base_typeattr_440 (and (domain ) (not (artd installd profman ))))
+(typeattributeset base_typeattr_440 (not (servicemanager vndservicemanager ) ))
(typeattribute base_typeattr_439)
-(typeattributeset base_typeattr_439 (and (domain ) (not (init vendor_init vold ))))
+(typeattributeset base_typeattr_439 (and (domain ) (not (installd shell ))))
(typeattribute base_typeattr_438)
-(typeattributeset base_typeattr_438 (not (hwservicemanager ) ))
+(typeattributeset base_typeattr_438 (and (domain ) (not (appdomain artd installd ))))
(typeattribute base_typeattr_437)
-(typeattributeset base_typeattr_437 (not (servicemanager vndservicemanager ) ))
+(typeattributeset base_typeattr_437 (and (appdomain ) (not (shell simpleperf tradeinmode ))))
(typeattribute base_typeattr_436)
-(typeattributeset base_typeattr_436 (and (domain ) (not (installd shell ))))
+(typeattributeset base_typeattr_436 (and (domain ) (not (app_zygote runas simpleperf_app_runner webview_zygote zygote ))))
(typeattribute base_typeattr_435)
-(typeattributeset base_typeattr_435 (and (domain ) (not (appdomain artd installd ))))
+(typeattributeset base_typeattr_435 (and (domain ) (not (adbd init runas zygote ))))
(typeattribute base_typeattr_434)
-(typeattributeset base_typeattr_434 (and (appdomain ) (not (shell simpleperf tradeinmode ))))
+(typeattributeset base_typeattr_434 (and (domain ) (not (init installd system_app system_server toolbox vold_prepare_subdirs ))))
(typeattribute base_typeattr_433)
-(typeattributeset base_typeattr_433 (and (domain ) (not (app_zygote runas simpleperf_app_runner webview_zygote zygote ))))
+(typeattributeset base_typeattr_433 (not (domain ) ))
(typeattribute base_typeattr_432)
-(typeattributeset base_typeattr_432 (and (domain ) (not (adbd init runas zygote ))))
+(typeattributeset base_typeattr_432 (and (domain ) (not (untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_431)
-(typeattributeset base_typeattr_431 (and (domain ) (not (init installd system_app system_server toolbox vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_431 (and (file_type ) (not (apk_data_file app_data_file asec_public_file ))))
(typeattribute base_typeattr_430)
-(typeattributeset base_typeattr_430 (not (domain ) ))
+(typeattributeset base_typeattr_430 (and (domain ) (not (init system_server ))))
(typeattribute base_typeattr_429)
-(typeattributeset base_typeattr_429 (and (domain ) (not (untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_429 (and (domain ) (not (dumpstate incidentd system_server ))))
(typeattribute base_typeattr_428)
-(typeattributeset base_typeattr_428 (and (file_type ) (not (apk_data_file app_data_file asec_public_file ))))
+(typeattributeset base_typeattr_428 (and (domain ) (not (app_zygote system_server webview_zygote ))))
(typeattribute base_typeattr_427)
-(typeattributeset base_typeattr_427 (and (domain ) (not (init system_server ))))
+(typeattributeset base_typeattr_427 (and (domain ) (not (system_server ))))
(typeattribute base_typeattr_426)
-(typeattributeset base_typeattr_426 (and (domain ) (not (dumpstate incidentd system_server ))))
+(typeattributeset base_typeattr_426 (and (domain ) (not (system_server zygote ))))
(typeattribute base_typeattr_425)
-(typeattributeset base_typeattr_425 (and (domain ) (not (app_zygote system_server webview_zygote ))))
+(typeattributeset base_typeattr_425 (and (system_file_type ) (not (crash_dump_exec early_virtmgr_exec system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file system_zoneinfo_file cgroup_desc_file task_profiles_file file_contexts_file property_contexts_file netutils_wrapper_exec shell_exec toolbox_exec virtualizationmanager_exec ))))
(typeattribute base_typeattr_424)
-(typeattributeset base_typeattr_424 (and (domain ) (not (system_server ))))
+(typeattributeset base_typeattr_424 (and (vendor_file_type ) (not (same_process_hal_file ))))
(typeattribute base_typeattr_423)
-(typeattributeset base_typeattr_423 (and (domain ) (not (system_server zygote ))))
+(typeattributeset base_typeattr_423 (and (coredomain ) (not (system_executes_vendor_violators shell ))))
(typeattribute base_typeattr_422)
-(typeattributeset base_typeattr_422 (and (system_file_type ) (not (crash_dump_exec early_virtmgr_exec system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file system_zoneinfo_file cgroup_desc_file task_profiles_file file_contexts_file property_contexts_file netutils_wrapper_exec shell_exec toolbox_exec virtualizationmanager_exec ))))
+(typeattributeset base_typeattr_422 (and (vendor_file_type ) (not (vendor_app_file same_process_hal_file vndk_sp_file vendor_public_lib_file vendor_public_framework_file ))))
(typeattribute base_typeattr_421)
-(typeattributeset base_typeattr_421 (and (vendor_file_type ) (not (same_process_hal_file ))))
+(typeattributeset base_typeattr_421 (and (coredomain ) (not (system_executes_vendor_violators init shell ueventd ))))
(typeattribute base_typeattr_420)
-(typeattributeset base_typeattr_420 (and (coredomain ) (not (system_executes_vendor_violators shell ))))
+(typeattributeset base_typeattr_420 (and (file_type ) (not (vendor_file_type init_exec ))))
(typeattribute base_typeattr_419)
-(typeattributeset base_typeattr_419 (and (vendor_file_type ) (not (vendor_app_file same_process_hal_file vndk_sp_file vendor_public_lib_file vendor_public_framework_file ))))
+(typeattributeset base_typeattr_419 (and (file_type ) (not (system_file_type postinstall_file ))))
(typeattribute base_typeattr_418)
-(typeattributeset base_typeattr_418 (and (coredomain ) (not (system_executes_vendor_violators init shell ueventd ))))
+(typeattributeset base_typeattr_418 (and (system_file_type ) (not (crash_dump_exec early_virtmgr_exec system_lib_file system_bootstrap_lib_file system_linker_exec netutils_wrapper_exec shell_exec toolbox_exec virtualizationmanager_exec ))))
(typeattribute base_typeattr_417)
-(typeattributeset base_typeattr_417 (and (file_type ) (not (vendor_file_type init_exec ))))
+(typeattributeset base_typeattr_417 (and (domain ) (not (appdomain coredomain vendor_executes_system_violators vendor_init ))))
(typeattribute base_typeattr_416)
-(typeattributeset base_typeattr_416 (and (file_type ) (not (system_file_type postinstall_file ))))
+(typeattributeset base_typeattr_416 (and (coredomain ) (not (init shell ueventd ))))
(typeattribute base_typeattr_415)
-(typeattributeset base_typeattr_415 (and (system_file_type ) (not (crash_dump_exec early_virtmgr_exec system_lib_file system_bootstrap_lib_file system_linker_exec netutils_wrapper_exec shell_exec toolbox_exec virtualizationmanager_exec ))))
+(typeattributeset base_typeattr_415 (and (coredomain ) (not (data_between_core_and_vendor_violators init ))))
(typeattribute base_typeattr_414)
-(typeattributeset base_typeattr_414 (and (domain ) (not (appdomain coredomain vendor_executes_system_violators vendor_init ))))
+(typeattributeset base_typeattr_414 (and (coredomain ) (not (data_between_core_and_vendor_violators init vold vold_prepare_subdirs ))))
(typeattribute base_typeattr_413)
-(typeattributeset base_typeattr_413 (and (coredomain ) (not (init shell ueventd ))))
+(typeattributeset base_typeattr_413 (and (domain ) (not (appdomain coredomain data_between_core_and_vendor_violators ))))
(typeattribute base_typeattr_412)
-(typeattributeset base_typeattr_412 (and (coredomain ) (not (data_between_core_and_vendor_violators init ))))
+(typeattributeset base_typeattr_412 (and (core_data_file_type ) (not (system_data_root_file system_data_file vendor_data_file vendor_userdir_file unencrypted_data_file ))))
(typeattribute base_typeattr_411)
-(typeattributeset base_typeattr_411 (and (coredomain ) (not (data_between_core_and_vendor_violators init vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_411 (and (core_data_file_type ) (not (system_data_root_file system_data_file vendor_data_file vendor_userdir_file ))))
(typeattribute base_typeattr_410)
-(typeattributeset base_typeattr_410 (and (domain ) (not (appdomain coredomain data_between_core_and_vendor_violators ))))
+(typeattributeset base_typeattr_410 (and (core_data_file_type ) (not (unencrypted_data_file ))))
(typeattribute base_typeattr_409)
-(typeattributeset base_typeattr_409 (and (core_data_file_type ) (not (system_data_root_file system_data_file vendor_data_file vendor_userdir_file unencrypted_data_file ))))
+(typeattributeset base_typeattr_409 (and (vendor_init ) (not (data_between_core_and_vendor_violators ))))
(typeattribute base_typeattr_408)
-(typeattributeset base_typeattr_408 (and (core_data_file_type ) (not (system_data_root_file system_data_file vendor_data_file vendor_userdir_file ))))
+(typeattributeset base_typeattr_408 (and (domain ) (not (appdomain coredomain data_between_core_and_vendor_violators vendor_init ))))
(typeattribute base_typeattr_407)
-(typeattributeset base_typeattr_407 (and (core_data_file_type ) (not (unencrypted_data_file ))))
+(typeattributeset base_typeattr_407 (and (data_file_type ) (not (core_data_file_type app_data_file_type vendor_data_file ))))
(typeattribute base_typeattr_406)
-(typeattributeset base_typeattr_406 (and (vendor_init ) (not (data_between_core_and_vendor_violators ))))
+(typeattributeset base_typeattr_406 (and (data_file_type ) (not (core_data_file_type app_data_file_type ))))
(typeattribute base_typeattr_405)
-(typeattributeset base_typeattr_405 (and (domain ) (not (appdomain coredomain data_between_core_and_vendor_violators vendor_init ))))
+(typeattributeset base_typeattr_405 (and (coredomain ) (not (appdomain data_between_core_and_vendor_violators init vold_prepare_subdirs ))))
(typeattribute base_typeattr_404)
-(typeattributeset base_typeattr_404 (and (data_file_type ) (not (core_data_file_type app_data_file_type vendor_data_file ))))
+(typeattributeset base_typeattr_404 (and (dev_type file_type ) (not (core_data_file_type app_data_file_type coredomain_socket unlabeled ))))
(typeattribute base_typeattr_403)
-(typeattributeset base_typeattr_403 (and (data_file_type ) (not (core_data_file_type app_data_file_type ))))
+(typeattributeset base_typeattr_403 (and (coredomain ) (not (socket_between_core_and_vendor_violators init ueventd ))))
(typeattribute base_typeattr_402)
-(typeattributeset base_typeattr_402 (and (coredomain ) (not (appdomain data_between_core_and_vendor_violators init vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_402 (and (core_data_file_type coredomain_socket unlabeled ) (not (pdx_endpoint_socket_type pdx_channel_socket_type app_data_file privapp_data_file ))))
(typeattribute base_typeattr_401)
-(typeattributeset base_typeattr_401 (and (dev_type file_type ) (not (core_data_file_type app_data_file_type coredomain_socket unlabeled ))))
+(typeattributeset base_typeattr_401 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators data_between_core_and_vendor_violators vendor_init ))))
(typeattribute base_typeattr_400)
-(typeattributeset base_typeattr_400 (and (coredomain ) (not (socket_between_core_and_vendor_violators init ueventd ))))
+(typeattributeset base_typeattr_400 (and (domain ) (not (coredomain socket_between_core_and_vendor_violators ))))
(typeattribute base_typeattr_399)
-(typeattributeset base_typeattr_399 (and (core_data_file_type coredomain_socket unlabeled ) (not (pdx_endpoint_socket_type pdx_channel_socket_type app_data_file privapp_data_file ))))
+(typeattributeset base_typeattr_399 (and (coredomain ) (not (adbd init ))))
(typeattribute base_typeattr_398)
-(typeattributeset base_typeattr_398 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators data_between_core_and_vendor_violators vendor_init ))))
+(typeattributeset base_typeattr_398 (and (coredomain ) (not (shell ))))
(typeattribute base_typeattr_397)
-(typeattributeset base_typeattr_397 (and (domain ) (not (coredomain socket_between_core_and_vendor_violators ))))
+(typeattributeset base_typeattr_397 (and (coredomain ) (not (shell ueventd ))))
(typeattribute base_typeattr_396)
-(typeattributeset base_typeattr_396 (and (coredomain ) (not (adbd init ))))
+(typeattributeset base_typeattr_396 (and (service_manager_type ) (not (app_api_service ephemeral_app_api_service hal_service_type apc_service audioserver_service cameraserver_service drmserver_service credstore_service keystore_maintenance_service keystore_service legacykeystore_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service nfc_service radio_service virtual_touchpad_service vr_manager_service ))))
(typeattribute base_typeattr_395)
-(typeattributeset base_typeattr_395 (and (coredomain ) (not (shell ))))
+(typeattributeset base_typeattr_395 (and (appdomain ) (not (coredomain ))))
(typeattribute base_typeattr_394)
-(typeattributeset base_typeattr_394 (and (coredomain ) (not (shell ueventd ))))
+(typeattributeset base_typeattr_394 (and (domain ) (not (hwservicemanager servicemanager vndservicemanager ))))
(typeattribute base_typeattr_393)
-(typeattributeset base_typeattr_393 (and (service_manager_type ) (not (app_api_service ephemeral_app_api_service hal_service_type apc_service audioserver_service cameraserver_service drmserver_service credstore_service keystore_maintenance_service keystore_service legacykeystore_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service nfc_service radio_service virtual_touchpad_service vr_manager_service ))))
+(typeattributeset base_typeattr_393 (and (domain ) (not (fastbootd recovery update_engine ))))
(typeattribute base_typeattr_392)
-(typeattributeset base_typeattr_392 (and (appdomain ) (not (coredomain ))))
+(typeattributeset base_typeattr_392 (and (domain ) (not (hal_fastboot_server e2fs fastbootd fsck init recovery vold ))))
(typeattribute base_typeattr_391)
-(typeattributeset base_typeattr_391 (and (domain ) (not (hwservicemanager servicemanager vndservicemanager ))))
+(typeattributeset base_typeattr_391 (and (domain ) (not (init recovery system_server ueventd ))))
(typeattribute base_typeattr_390)
-(typeattributeset base_typeattr_390 (and (domain ) (not (fastbootd recovery update_engine ))))
+(typeattributeset base_typeattr_390 (and (domain ) (not (hal_camera_server hal_cas_server hal_drm_server hal_keymint_server adbd dumpstate fastbootd init mediadrmserver mediaserver recovery shell system_server vendor_init adbd_tradeinmode ))))
(typeattribute base_typeattr_389)
-(typeattributeset base_typeattr_389 (and (domain ) (not (hal_fastboot_server e2fs fastbootd fsck init recovery vold ))))
+(typeattributeset base_typeattr_389 (and (domain ) (not (coredomain vendor_init ))))
(typeattribute base_typeattr_388)
-(typeattributeset base_typeattr_388 (and (domain ) (not (init recovery system_server ueventd ))))
+(typeattributeset base_typeattr_388 (and (domain ) (not (init system_server vendor_init ))))
(typeattribute base_typeattr_387)
-(typeattributeset base_typeattr_387 (and (domain ) (not (hal_camera_server hal_cas_server hal_drm_server hal_keymint_server adbd dumpstate fastbootd init mediadrmserver mediaserver recovery shell system_server vendor_init adbd_tradeinmode ))))
+(typeattributeset base_typeattr_387 (and (fs_type ) (not (contextmount_type ))))
(typeattribute base_typeattr_386)
-(typeattributeset base_typeattr_386 (and (domain ) (not (coredomain vendor_init ))))
+(typeattributeset base_typeattr_386 (and (domain ) (not (adbd crash_dump heapprofd init shell ))))
(typeattribute base_typeattr_385)
-(typeattributeset base_typeattr_385 (and (domain ) (not (init system_server vendor_init ))))
+(typeattributeset base_typeattr_385 (and (domain ) (not (adbd init shell ))))
(typeattribute base_typeattr_384)
-(typeattributeset base_typeattr_384 (and (fs_type ) (not (contextmount_type ))))
+(typeattributeset base_typeattr_384 (and (domain ) (not (init kernel recovery ))))
(typeattribute base_typeattr_383)
-(typeattributeset base_typeattr_383 (and (domain ) (not (adbd crash_dump heapprofd init shell ))))
+(typeattributeset base_typeattr_383 (and (domain ) (not (dumpstate init vendor_init ))))
(typeattribute base_typeattr_382)
-(typeattributeset base_typeattr_382 (and (domain ) (not (adbd init shell ))))
+(typeattributeset base_typeattr_382 (and (domain ) (not (init ueventd ))))
(typeattribute base_typeattr_381)
-(typeattributeset base_typeattr_381 (and (domain ) (not (init kernel recovery ))))
+(typeattributeset base_typeattr_381 (and (file_type ) (not (exec_type postinstall_file ))))
(typeattribute base_typeattr_380)
-(typeattributeset base_typeattr_380 (and (domain ) (not (dumpstate init vendor_init ))))
+(typeattributeset base_typeattr_380 (and (domain ) (not (shell ueventd ))))
(typeattribute base_typeattr_379)
-(typeattributeset base_typeattr_379 (and (domain ) (not (init ueventd ))))
+(typeattributeset base_typeattr_379 (and (domain ) (not (prng_seeder shell ueventd ))))
(typeattribute base_typeattr_378)
-(typeattributeset base_typeattr_378 (and (file_type ) (not (exec_type postinstall_file ))))
+(typeattributeset base_typeattr_378 (and (domain ) (not (kernel ))))
(typeattribute base_typeattr_377)
-(typeattributeset base_typeattr_377 (and (domain ) (not (shell ueventd ))))
+(typeattributeset base_typeattr_377 (and (domain ) (not (init kernel ueventd vold ))))
(typeattribute base_typeattr_376)
-(typeattributeset base_typeattr_376 (and (domain ) (not (prng_seeder shell ueventd ))))
+(typeattributeset base_typeattr_376 (and (domain ) (not (init recovery ))))
(typeattribute base_typeattr_375)
-(typeattributeset base_typeattr_375 (and (domain ) (not (kernel ))))
+(typeattributeset base_typeattr_375 (and (domain ) (not (hal_audio_server hal_camera_server hal_cas_server hal_codec2_server hal_configstore_server hal_drm_server hal_omx_server app_zygote artd audioserver cameraserver init kernel mediadrmserver mediaextractor mediametrics mediaserver mediatranscoding system_server ueventd vendor_init webview_zygote dexopt_chroot_setup mediatuner ))))
(typeattribute base_typeattr_374)
-(typeattributeset base_typeattr_374 (and (domain ) (not (init kernel ueventd vold ))))
+(typeattributeset base_typeattr_374 (and (domain ) (not (dumpstate init system_server vendor_init ))))
(typeattribute base_typeattr_373)
-(typeattributeset base_typeattr_373 (and (domain ) (not (init recovery ))))
+(typeattributeset base_typeattr_373 (and (domain ) (not (untrusted_app_all isolated_app_all app_zygote ephemeral_app ))))
(typeattribute base_typeattr_372)
-(typeattributeset base_typeattr_372 (and (domain ) (not (hal_audio_server hal_camera_server hal_cas_server hal_codec2_server hal_configstore_server hal_drm_server hal_omx_server app_zygote artd audioserver cameraserver init kernel mediadrmserver mediaextractor mediametrics mediaserver mediatranscoding system_server ueventd vendor_init webview_zygote dexopt_chroot_setup mediatuner ))))
+(typeattributeset base_typeattr_372 (and (domain ) (not (appdomain coredomain ))))
(typeattribute base_typeattr_371)
-(typeattributeset base_typeattr_371 (and (domain ) (not (dumpstate init system_server vendor_init ))))
+(typeattributeset base_typeattr_371 (and (domain ) (not (appdomain rs ))))
(typeattribute base_typeattr_370)
-(typeattributeset base_typeattr_370 (and (domain ) (not (untrusted_app_all isolated_app_all app_zygote ephemeral_app ))))
+(typeattributeset base_typeattr_370 (and (domain ) (not (hal_configstore_server apexd app_zygote bpfloader crash_dump crosvm init kernel keystore llkd logd ueventd vendor_init vold webview_zygote zygote ))))
(typeattribute base_typeattr_369)
-(typeattributeset base_typeattr_369 (and (domain ) (not (appdomain coredomain ))))
+(typeattributeset base_typeattr_369 (and (domain ) (not (hal_configstore_server apexd app_zygote bpfloader crash_dump crosvm init kernel keystore llkd logd logpersist recovery recovery_persist recovery_refresh ueventd vendor_init vold webview_zygote zygote ))))
(typeattribute base_typeattr_368)
-(typeattributeset base_typeattr_368 (and (domain ) (not (appdomain rs ))))
+(typeattributeset base_typeattr_368 (and (domain ) (not (domain ))))
(typeattribute base_typeattr_367)
-(typeattributeset base_typeattr_367 (and (domain ) (not (hal_configstore_server apexd app_zygote bpfloader crash_dump crosvm init kernel keystore llkd logd ueventd vendor_init vold webview_zygote zygote ))))
+(typeattributeset base_typeattr_367 (and (domain ) (not (isolated_app servicemanager vndservicemanager ))))
(typeattribute base_typeattr_366)
-(typeattributeset base_typeattr_366 (and (domain ) (not (hal_configstore_server apexd app_zygote bpfloader crash_dump crosvm init kernel keystore llkd logd logpersist recovery recovery_persist recovery_refresh ueventd vendor_init vold webview_zygote zygote ))))
+(typeattributeset base_typeattr_366 (and (domain ) (not (hwservicemanager vndservicemanager ))))
(typeattribute base_typeattr_365)
-(typeattributeset base_typeattr_365 (and (domain ) (not (domain ))))
+(typeattributeset base_typeattr_365 (and (domain ) (not (artd_subprocess_type ))))
(typeattribute base_typeattr_364)
-(typeattributeset base_typeattr_364 (and (domain ) (not (isolated_app servicemanager vndservicemanager ))))
+(typeattributeset base_typeattr_364 (and (domain ) (not (display_service_server ))))
(typeattribute base_typeattr_363)
-(typeattributeset base_typeattr_363 (and (domain ) (not (hwservicemanager vndservicemanager ))))
+(typeattributeset base_typeattr_363 (and (domain ) (not (artd init system_server vendor_init art_exec dexopt_chroot_setup ))))
(typeattribute base_typeattr_362)
-(typeattributeset base_typeattr_362 (and (domain ) (not (artd_subprocess_type ))))
+(typeattributeset base_typeattr_362 (and (domain ) (not (dexopt_chroot_setup ))))
(typeattribute base_typeattr_361)
-(typeattributeset base_typeattr_361 (and (domain ) (not (display_service_server ))))
+(typeattributeset base_typeattr_361 (and (domain ) (not (dex2oat ))))
(typeattribute base_typeattr_360)
-(typeattributeset base_typeattr_360 (and (domain ) (not (artd init system_server vendor_init art_exec dexopt_chroot_setup ))))
+(typeattributeset base_typeattr_360 (and (domain ) (not (crash_dump runas_app simpleperf device_as_webcam ))))
(typeattribute base_typeattr_359)
-(typeattributeset base_typeattr_359 (and (domain ) (not (dexopt_chroot_setup ))))
+(typeattributeset base_typeattr_359 (and (appdomain ) (not (runas_app shell simpleperf device_as_webcam ))))
(typeattribute base_typeattr_358)
-(typeattributeset base_typeattr_358 (and (domain ) (not (dex2oat ))))
+(typeattributeset base_typeattr_358 (and (device_as_webcam ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_357)
-(typeattributeset base_typeattr_357 (and (domain ) (not (crash_dump runas_app simpleperf device_as_webcam ))))
+(typeattributeset base_typeattr_357 (and (domain ) (not (device_as_webcam ))))
(typeattribute base_typeattr_356)
-(typeattributeset base_typeattr_356 (and (appdomain ) (not (runas_app shell simpleperf device_as_webcam ))))
+(typeattributeset base_typeattr_356 (and (domain ) (not (init derive_sdk ))))
(typeattribute base_typeattr_355)
-(typeattributeset base_typeattr_355 (and (device_as_webcam ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_355 (and (domain ) (not (crosvm early_virtmgr virtualizationmanager vmlauncher_app ))))
(typeattribute base_typeattr_354)
-(typeattributeset base_typeattr_354 (and (domain ) (not (device_as_webcam ))))
+(typeattributeset base_typeattr_354 (and (app_data_file_type ) (not (shell_data_file app_data_file privapp_data_file ))))
(typeattribute base_typeattr_353)
-(typeattributeset base_typeattr_353 (and (domain ) (not (init derive_sdk ))))
+(typeattributeset base_typeattr_353 (and (vendor_file_type ) (not (vendor_cgroup_desc_file vendor_task_profiles_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_microdroid_file vendor_vm_file vendor_vm_data_file ))))
(typeattribute base_typeattr_352)
-(typeattributeset base_typeattr_352 (and (domain ) (not (crosvm early_virtmgr virtualizationmanager vmlauncher_app ))))
+(typeattributeset base_typeattr_352 (and (appdomain coredomain ) (not (crosvm ueventd ))))
(typeattribute base_typeattr_351)
-(typeattributeset base_typeattr_351 (and (app_data_file_type ) (not (shell_data_file app_data_file privapp_data_file ))))
+(typeattributeset base_typeattr_351 (and (appdomain coredomain ) (not (crosvm shell ueventd ))))
(typeattribute base_typeattr_350)
-(typeattributeset base_typeattr_350 (and (vendor_file_type ) (not (vendor_cgroup_desc_file vendor_task_profiles_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_microdroid_file vendor_vm_file vendor_vm_data_file ))))
+(typeattributeset base_typeattr_350 (and (domain ) (not (crosvm ))))
(typeattribute base_typeattr_349)
-(typeattributeset base_typeattr_349 (and (appdomain coredomain ) (not (crosvm ueventd ))))
+(typeattributeset base_typeattr_349 (and (domain ) (not (crosvm ueventd ))))
(typeattribute base_typeattr_348)
-(typeattributeset base_typeattr_348 (and (appdomain coredomain ) (not (crosvm shell ueventd ))))
+(typeattributeset base_typeattr_348 (and (domain ) (not (crosvm shell ueventd ))))
(typeattribute base_typeattr_347)
-(typeattributeset base_typeattr_347 (and (domain ) (not (crosvm ))))
+(typeattributeset base_typeattr_347 (and (domain ) (not (credstore ))))
(typeattribute base_typeattr_346)
-(typeattributeset base_typeattr_346 (and (domain ) (not (crosvm ueventd ))))
+(typeattributeset base_typeattr_346 (and (domain ) (not (apexd bpfloader crash_dump init kernel keystore llkd logd ueventd vendor_init vold ))))
(typeattribute base_typeattr_345)
-(typeattributeset base_typeattr_345 (and (domain ) (not (crosvm shell ueventd ))))
+(typeattributeset base_typeattr_345 (and (dmabuf_heap_device_type ) (not (dmabuf_system_heap_device dmabuf_system_secure_heap_device ))))
(typeattribute base_typeattr_344)
-(typeattributeset base_typeattr_344 (and (domain ) (not (credstore ))))
+(typeattributeset base_typeattr_344 (and (coredomain ) (not (init ueventd ))))
(typeattribute base_typeattr_343)
-(typeattributeset base_typeattr_343 (and (domain ) (not (apexd bpfloader crash_dump init kernel keystore llkd logd ueventd vendor_init vold ))))
+(typeattributeset base_typeattr_343 (and (coredomain ) (not (adbd init mediaprovider system_server adbd_tradeinmode ))))
(typeattribute base_typeattr_342)
-(typeattributeset base_typeattr_342 (and (dmabuf_heap_device_type ) (not (dmabuf_system_heap_device dmabuf_system_secure_heap_device ))))
+(typeattributeset base_typeattr_342 (and (coredomain ) (not (init system_server ))))
(typeattribute base_typeattr_341)
-(typeattributeset base_typeattr_341 (and (coredomain ) (not (init ueventd ))))
+(typeattributeset base_typeattr_341 (and (coredomain ) (not (bootstat charger dumpstate init logd logpersist recovery_persist recovery_refresh shell system_server ))))
(typeattribute base_typeattr_340)
-(typeattributeset base_typeattr_340 (and (coredomain ) (not (adbd init mediaprovider system_server adbd_tradeinmode ))))
+(typeattributeset base_typeattr_340 (and (coredomain ) (not (init ))))
(typeattribute base_typeattr_339)
-(typeattributeset base_typeattr_339 (and (coredomain ) (not (init system_server ))))
+(typeattributeset base_typeattr_339 (and (coredomain ) (not (atrace dumpstate gpuservice init lmkd shell system_server traced_perf traced_probes traceur_app prefetch ))))
(typeattribute base_typeattr_338)
-(typeattributeset base_typeattr_338 (and (coredomain ) (not (bootstat charger dumpstate init logd logpersist recovery_persist recovery_refresh shell system_server ))))
+(typeattributeset base_typeattr_338 (and (coredomain ) (not (apexd fsck init ueventd ))))
(typeattribute base_typeattr_337)
-(typeattributeset base_typeattr_337 (and (coredomain ) (not (init ))))
+(typeattributeset base_typeattr_337 (and (coredomain ) (not (apexd init ueventd vold vfio_handler ))))
(typeattribute base_typeattr_336)
-(typeattributeset base_typeattr_336 (and (coredomain ) (not (atrace dumpstate gpuservice init lmkd shell system_server traced_perf traced_probes traceur_app prefetch ))))
+(typeattributeset base_typeattr_336 (and (coredomain ) (not (init vold ))))
(typeattribute base_typeattr_335)
-(typeattributeset base_typeattr_335 (and (coredomain ) (not (apexd fsck init ueventd ))))
+(typeattributeset base_typeattr_335 (and (coredomain ) (not (appdomain app_zygote artd heapprofd idmap init installd rs system_server traced_perf webview_zygote zygote dex2oat postinstall_dexopt ))))
(typeattribute base_typeattr_334)
-(typeattributeset base_typeattr_334 (and (coredomain ) (not (apexd init ueventd vold vfio_handler ))))
+(typeattributeset base_typeattr_334 (and (coredomain ) (not (appdomain artd heapprofd idmap init installd mediaserver profman rs system_server traced_perf dex2oat postinstall_dexopt ))))
(typeattribute base_typeattr_333)
-(typeattributeset base_typeattr_333 (and (coredomain ) (not (init vold ))))
+(typeattributeset base_typeattr_333 (and (coredomain ) (not (appdomain artd heapprofd idmap init installd rs system_server traced_perf dex2oat postinstall_dexopt ))))
(typeattribute base_typeattr_332)
-(typeattributeset base_typeattr_332 (and (coredomain ) (not (appdomain app_zygote artd heapprofd idmap init installd rs system_server traced_perf webview_zygote zygote dex2oat postinstall_dexopt ))))
+(typeattributeset base_typeattr_332 (and (coredomain ) (not (apexd init ueventd vold ))))
(typeattribute base_typeattr_331)
-(typeattributeset base_typeattr_331 (and (coredomain ) (not (appdomain artd heapprofd idmap init installd mediaserver profman rs system_server traced_perf dex2oat postinstall_dexopt ))))
+(typeattributeset base_typeattr_331 (and (domain ) (not (odsign ))))
(typeattribute base_typeattr_330)
-(typeattributeset base_typeattr_330 (and (coredomain ) (not (appdomain artd heapprofd idmap init installd rs system_server traced_perf dex2oat postinstall_dexopt ))))
+(typeattributeset base_typeattr_330 (and (domain ) (not (composd ))))
(typeattribute base_typeattr_329)
-(typeattributeset base_typeattr_329 (and (coredomain ) (not (apexd init ueventd vold ))))
+(typeattributeset base_typeattr_329 (and (domain ) (not (charger charger_vendor dumpstate init vendor_init ))))
(typeattribute base_typeattr_328)
-(typeattributeset base_typeattr_328 (and (domain ) (not (odsign ))))
+(typeattributeset base_typeattr_328 (and (domain ) (not (charger charger_vendor init vendor_init ))))
(typeattribute base_typeattr_327)
-(typeattributeset base_typeattr_327 (and (domain ) (not (composd ))))
+(typeattributeset base_typeattr_327 (and (domain ) (not (charger dumpstate init ))))
(typeattribute base_typeattr_326)
-(typeattributeset base_typeattr_326 (and (domain ) (not (charger charger_vendor dumpstate init vendor_init ))))
+(typeattributeset base_typeattr_326 (and (domain ) (not (cameraserver ))))
(typeattribute base_typeattr_325)
-(typeattributeset base_typeattr_325 (and (domain ) (not (charger charger_vendor init vendor_init ))))
+(typeattributeset base_typeattr_325 (and (domain ) (not (camera_service_server ))))
(typeattribute base_typeattr_324)
-(typeattributeset base_typeattr_324 (and (domain ) (not (charger dumpstate init ))))
+(typeattributeset base_typeattr_324 (and (domain ) (not (bufferhubd ))))
(typeattribute base_typeattr_323)
-(typeattributeset base_typeattr_323 (and (domain ) (not (cameraserver ))))
+(typeattributeset base_typeattr_323 (and (coredomain ) (not (bpfloader netd netutils_wrapper ))))
(typeattribute base_typeattr_322)
-(typeattributeset base_typeattr_322 (and (domain ) (not (camera_service_server ))))
+(typeattributeset base_typeattr_322 (and (domain ) (not (bpfloader init ))))
(typeattribute base_typeattr_321)
-(typeattributeset base_typeattr_321 (and (domain ) (not (bufferhubd ))))
+(typeattributeset base_typeattr_321 (and (bpffs_type ) (not (fs_bpf_vendor ))))
(typeattribute base_typeattr_320)
-(typeattributeset base_typeattr_320 (and (coredomain ) (not (bpfloader netd netutils_wrapper ))))
+(typeattributeset base_typeattr_320 (and (domain ) (not (bpfloader gpuservice lmkd netd netutils_wrapper network_stack system_server uprobestats ))))
(typeattribute base_typeattr_319)
-(typeattributeset base_typeattr_319 (and (domain ) (not (bpfloader init ))))
+(typeattributeset base_typeattr_319 (and (domain ) (not (bpfloader uprobestats ))))
(typeattribute base_typeattr_318)
-(typeattributeset base_typeattr_318 (and (bpffs_type ) (not (fs_bpf_vendor ))))
+(typeattributeset base_typeattr_318 (and (domain ) (not (bpfloader netd netutils_wrapper network_stack system_server ))))
(typeattribute base_typeattr_317)
-(typeattributeset base_typeattr_317 (and (domain ) (not (bpfloader gpuservice lmkd netd netutils_wrapper network_stack system_server uprobestats ))))
+(typeattributeset base_typeattr_317 (and (domain ) (not (bpfloader netd network_stack system_server ))))
(typeattribute base_typeattr_316)
-(typeattributeset base_typeattr_316 (and (domain ) (not (bpfloader uprobestats ))))
+(typeattributeset base_typeattr_316 (and (domain ) (not (bpfloader network_stack system_server ))))
(typeattribute base_typeattr_315)
-(typeattributeset base_typeattr_315 (and (domain ) (not (bpfloader netd netutils_wrapper network_stack system_server ))))
+(typeattributeset base_typeattr_315 (and (domain ) (not (bpfloader network_stack ))))
(typeattribute base_typeattr_314)
-(typeattributeset base_typeattr_314 (and (domain ) (not (bpfloader netd network_stack system_server ))))
+(typeattributeset base_typeattr_314 (and (domain ) (not (bpfloader gpuservice lmkd netd netutils_wrapper system_server mediaprovider_app ))))
(typeattribute base_typeattr_313)
-(typeattributeset base_typeattr_313 (and (domain ) (not (bpfloader network_stack system_server ))))
+(typeattributeset base_typeattr_313 (and (domain ) (not (bpfloader ))))
(typeattribute base_typeattr_312)
-(typeattributeset base_typeattr_312 (and (domain ) (not (bpfloader network_stack ))))
+(typeattributeset base_typeattr_312 (and (bpffs_type ) (not (fs_bpf ))))
(typeattribute base_typeattr_311)
-(typeattributeset base_typeattr_311 (and (domain ) (not (bpfloader gpuservice lmkd netd netutils_wrapper system_server mediaprovider_app ))))
+(typeattributeset base_typeattr_311 (and (domain ) (not (bpfdomain ))))
(typeattribute base_typeattr_310)
-(typeattributeset base_typeattr_310 (and (domain ) (not (bpfloader ))))
+(typeattributeset base_typeattr_310 (and (bpfdomain ) (not (bpfloader netd netutils_wrapper network_stack system_server ))))
(typeattribute base_typeattr_309)
-(typeattributeset base_typeattr_309 (and (bpffs_type ) (not (fs_bpf ))))
+(typeattributeset base_typeattr_309 (and (domain ) (not (init vendor_init boringssl_self_test vendor_boringssl_self_test ))))
(typeattribute base_typeattr_308)
-(typeattributeset base_typeattr_308 (and (domain ) (not (bpfdomain ))))
+(typeattributeset base_typeattr_308 (and (domain ) (not (bootstat init system_server ))))
(typeattribute base_typeattr_307)
-(typeattributeset base_typeattr_307 (and (bpfdomain ) (not (bpfloader netd netutils_wrapper network_stack system_server ))))
+(typeattributeset base_typeattr_307 (and (domain ) (not (bootanim bootstat dumpstate init platform_app recovery shell system_server ))))
(typeattribute base_typeattr_306)
-(typeattributeset base_typeattr_306 (and (domain ) (not (init vendor_init boringssl_self_test vendor_boringssl_self_test ))))
+(typeattributeset base_typeattr_306 (and (domain ) (not (bootstat init ))))
(typeattribute base_typeattr_305)
-(typeattributeset base_typeattr_305 (and (domain ) (not (bootstat init system_server ))))
+(typeattributeset base_typeattr_305 (and (domain ) (not (bluetooth init ))))
(typeattribute base_typeattr_304)
-(typeattributeset base_typeattr_304 (and (domain ) (not (bootanim bootstat dumpstate init platform_app recovery shell system_server ))))
+(typeattributeset base_typeattr_304 (and (domain ) (not (bluetooth crash_dump runas_app simpleperf ))))
(typeattribute base_typeattr_303)
-(typeattributeset base_typeattr_303 (and (domain ) (not (bootstat init ))))
+(typeattributeset base_typeattr_303 (and (appdomain ) (not (bluetooth runas_app shell simpleperf ))))
(typeattribute base_typeattr_302)
-(typeattributeset base_typeattr_302 (and (domain ) (not (bluetooth init ))))
+(typeattributeset base_typeattr_302 (and (bluetooth ) (not (runas_app shell simpleperf ))))
(typeattribute base_typeattr_301)
-(typeattributeset base_typeattr_301 (and (domain ) (not (bluetooth crash_dump runas_app simpleperf ))))
+(typeattributeset base_typeattr_301 (and (domain ) (not (bluetooth ))))
(typeattribute base_typeattr_300)
-(typeattributeset base_typeattr_300 (and (appdomain ) (not (bluetooth runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_300 (and (fs_type file_type ) (not (shell_exec blkid_exec ))))
(typeattribute base_typeattr_299)
-(typeattributeset base_typeattr_299 (and (bluetooth ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_299 (and (domain ) (not (vold ))))
(typeattribute base_typeattr_298)
-(typeattributeset base_typeattr_298 (and (domain ) (not (bluetooth ))))
+(typeattributeset base_typeattr_298 (and (domain ) (not (automotive_display_service ))))
(typeattribute base_typeattr_297)
-(typeattributeset base_typeattr_297 (and (fs_type file_type ) (not (shell_exec blkid_exec ))))
+(typeattributeset base_typeattr_297 (and (domain ) (not (audioserver ))))
(typeattribute base_typeattr_296)
-(typeattributeset base_typeattr_296 (and (domain ) (not (vold ))))
+(typeattributeset base_typeattr_296 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service incident_service installd_service lpdump_service mdns_service netd_service vold_service stats_service tracingproxy_service ))))
(typeattribute base_typeattr_295)
-(typeattributeset base_typeattr_295 (and (domain ) (not (automotive_display_service ))))
+(typeattributeset base_typeattr_295 (not (crash_dump artd_subprocess_type ) ))
(typeattribute base_typeattr_294)
-(typeattributeset base_typeattr_294 (and (domain ) (not (audioserver ))))
+(typeattributeset base_typeattr_294 (not (art_exec_exec ) ))
(typeattribute base_typeattr_293)
-(typeattributeset base_typeattr_293 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service incident_service installd_service lpdump_service mdns_service netd_service vold_service stats_service tracingproxy_service ))))
+(typeattributeset base_typeattr_293 (and (domain ) (not (artd ))))
(typeattribute base_typeattr_292)
-(typeattributeset base_typeattr_292 (not (crash_dump artd_subprocess_type ) ))
+(typeattributeset base_typeattr_292 (and (domain ) (not (app_zygote prng_seeder ))))
(typeattribute base_typeattr_291)
-(typeattributeset base_typeattr_291 (not (art_exec_exec ) ))
+(typeattributeset base_typeattr_291 (and (domain ) (not (app_zygote logd system_server ))))
(typeattribute base_typeattr_290)
-(typeattributeset base_typeattr_290 (and (domain ) (not (artd ))))
+(typeattributeset base_typeattr_290 (and (service_manager_type ) (not (activity_service webviewupdate_service ))))
(typeattribute base_typeattr_289)
-(typeattributeset base_typeattr_289 (and (domain ) (not (app_zygote prng_seeder ))))
+(typeattributeset base_typeattr_289 (and (domain ) (not (zygote ))))
(typeattribute base_typeattr_288)
-(typeattributeset base_typeattr_288 (and (domain ) (not (app_zygote logd system_server ))))
+(typeattributeset base_typeattr_288 (and (domain ) (not (crash_dump ))))
(typeattribute base_typeattr_287)
-(typeattributeset base_typeattr_287 (and (service_manager_type ) (not (activity_service webviewupdate_service ))))
+(typeattributeset base_typeattr_287 (and (domain ) (not (isolated_app ))))
(typeattribute base_typeattr_286)
-(typeattributeset base_typeattr_286 (and (domain ) (not (zygote ))))
+(typeattributeset base_typeattr_286 (and (domain ) (not (app_zygote ))))
(typeattribute base_typeattr_285)
-(typeattributeset base_typeattr_285 (and (domain ) (not (crash_dump ))))
+(typeattributeset base_typeattr_285 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_284)
-(typeattributeset base_typeattr_284 (and (domain ) (not (isolated_app ))))
+(typeattributeset base_typeattr_284 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider mediaprovider_app ))))
(typeattribute base_typeattr_283)
-(typeattributeset base_typeattr_283 (and (domain ) (not (app_zygote ))))
+(typeattributeset base_typeattr_283 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_25 ))))
(typeattribute base_typeattr_282)
-(typeattributeset base_typeattr_282 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_282 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider_app ))))
(typeattribute base_typeattr_281)
-(typeattributeset base_typeattr_281 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider mediaprovider_app ))))
+(typeattributeset base_typeattr_281 (and (fs_type file_type ) (not (sdcard_type fuse user_profile_data_file media_rw_data_file app_data_file privapp_data_file app_exec_data_file ))))
(typeattribute base_typeattr_280)
-(typeattributeset base_typeattr_280 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_25 ))))
+(typeattributeset base_typeattr_280 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_279)
-(typeattributeset base_typeattr_279 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider_app ))))
+(typeattributeset base_typeattr_279 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_278)
-(typeattributeset base_typeattr_278 (and (fs_type file_type ) (not (sdcard_type fuse user_profile_data_file media_rw_data_file app_data_file privapp_data_file app_exec_data_file ))))
+(typeattributeset base_typeattr_278 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (runas_app untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_277)
-(typeattributeset base_typeattr_277 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_277 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider ))))
(typeattribute base_typeattr_276)
-(typeattributeset base_typeattr_276 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_276 (and (debugfs_type ) (not (debugfs_kcov ))))
(typeattribute base_typeattr_275)
-(typeattributeset base_typeattr_275 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (runas_app untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_275 (and (appdomain ) (not (mediaprovider_app ))))
(typeattribute base_typeattr_274)
-(typeattributeset base_typeattr_274 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider ))))
+(typeattributeset base_typeattr_274 (and (domain ) (not (appdomain crash_dump rs virtualizationmanager ))))
(typeattribute base_typeattr_273)
-(typeattributeset base_typeattr_273 (and (debugfs_type ) (not (debugfs_kcov ))))
+(typeattributeset base_typeattr_273 (and (appdomain ) (not (untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
(typeattribute base_typeattr_272)
-(typeattributeset base_typeattr_272 (and (appdomain ) (not (mediaprovider_app ))))
+(typeattributeset base_typeattr_272 (and (appdomain ) (not (device_as_webcam ))))
(typeattribute base_typeattr_271)
-(typeattributeset base_typeattr_271 (and (domain ) (not (appdomain crash_dump rs virtualizationmanager ))))
+(typeattributeset base_typeattr_271 (and (data_file_type ) (not (system_data_file apk_data_file dalvikcache_data_file apex_art_data_file ))))
(typeattribute base_typeattr_270)
-(typeattributeset base_typeattr_270 (and (appdomain ) (not (untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
+(typeattributeset base_typeattr_270 (and (appdomain ) (not (bluetooth system_app ))))
(typeattribute base_typeattr_269)
-(typeattributeset base_typeattr_269 (and (appdomain ) (not (device_as_webcam ))))
+(typeattributeset base_typeattr_269 (and (appdomain ) (not (bluetooth nfc ))))
(typeattribute base_typeattr_268)
-(typeattributeset base_typeattr_268 (and (data_file_type ) (not (system_data_file apk_data_file dalvikcache_data_file apex_art_data_file ))))
+(typeattributeset base_typeattr_268 (and (domain ) (not (credstore init ))))
(typeattribute base_typeattr_267)
-(typeattributeset base_typeattr_267 (and (appdomain ) (not (bluetooth system_app ))))
+(typeattributeset base_typeattr_267 (and (appdomain ) (not (platform_app ))))
(typeattribute base_typeattr_266)
-(typeattributeset base_typeattr_266 (and (appdomain ) (not (bluetooth nfc ))))
+(typeattributeset base_typeattr_266 (and (domain ) (not (appdomain perfetto ))))
(typeattribute base_typeattr_265)
-(typeattributeset base_typeattr_265 (and (domain ) (not (credstore init ))))
+(typeattributeset base_typeattr_265 (and (appdomain ) (not (shell ))))
(typeattribute base_typeattr_264)
-(typeattributeset base_typeattr_264 (and (appdomain ) (not (platform_app ))))
+(typeattributeset base_typeattr_264 (and (domain ) (not (appdomain crash_dump ))))
(typeattribute base_typeattr_263)
-(typeattributeset base_typeattr_263 (and (domain ) (not (appdomain perfetto ))))
+(typeattributeset base_typeattr_263 (and (domain ) (not (appdomain ))))
(typeattribute base_typeattr_262)
-(typeattributeset base_typeattr_262 (and (appdomain ) (not (shell ))))
+(typeattributeset base_typeattr_262 (and (appdomain ) (not (radio ))))
(typeattribute base_typeattr_261)
-(typeattributeset base_typeattr_261 (and (domain ) (not (appdomain crash_dump ))))
+(typeattributeset base_typeattr_261 (and (appdomain ) (not (network_stack ))))
(typeattribute base_typeattr_260)
-(typeattributeset base_typeattr_260 (and (domain ) (not (appdomain ))))
+(typeattributeset base_typeattr_260 (and (appdomain ) (not (nfc ))))
(typeattribute base_typeattr_259)
-(typeattributeset base_typeattr_259 (and (appdomain ) (not (radio ))))
+(typeattributeset base_typeattr_259 (and (appdomain ) (not (bluetooth network_stack ))))
(typeattribute base_typeattr_258)
-(typeattributeset base_typeattr_258 (and (appdomain ) (not (network_stack ))))
+(typeattributeset base_typeattr_258 (and (appdomain ) (not (bluetooth ))))
(typeattribute base_typeattr_257)
-(typeattributeset base_typeattr_257 (and (appdomain ) (not (nfc ))))
+(typeattributeset base_typeattr_257 (and (appdomain ) (not (isolated_app_all ))))
(typeattribute base_typeattr_256)
-(typeattributeset base_typeattr_256 (and (appdomain ) (not (bluetooth network_stack ))))
+(typeattributeset base_typeattr_256 (and (appdomain ) (not (mlstrustedsubject isolated_app_all sdk_sandbox_all ))))
(typeattribute base_typeattr_255)
-(typeattributeset base_typeattr_255 (and (appdomain ) (not (bluetooth ))))
+(typeattributeset base_typeattr_255 (and (appdomain ) (not (isolated_app_all sdk_sandbox_all ))))
(typeattribute base_typeattr_254)
-(typeattributeset base_typeattr_254 (and (appdomain ) (not (isolated_app_all ))))
+(typeattributeset base_typeattr_254 (and (appdomain ) (not (isolated_app_all ephemeral_app sdk_sandbox_all ))))
(typeattribute base_typeattr_253)
-(typeattributeset base_typeattr_253 (and (appdomain ) (not (mlstrustedsubject isolated_app_all sdk_sandbox_all ))))
+(typeattributeset base_typeattr_253 (and (appdomain ) (not (ephemeral_app sdk_sandbox_all ))))
(typeattribute base_typeattr_252)
-(typeattributeset base_typeattr_252 (and (appdomain ) (not (isolated_app_all sdk_sandbox_all ))))
+(typeattributeset base_typeattr_252 (and (appdomain ) (not (sdk_sandbox_all ))))
(typeattribute base_typeattr_251)
-(typeattributeset base_typeattr_251 (and (appdomain ) (not (isolated_app_all ephemeral_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_251 (and (appdomain ) (not (untrusted_app_all isolated_app_all ephemeral_app network_stack platform_app priv_app shell system_app sdk_sandbox_all ))))
(typeattribute base_typeattr_250)
-(typeattributeset base_typeattr_250 (and (appdomain ) (not (ephemeral_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_250 (and (domain ) (not (apexd init keystore servicemanager system_server update_engine update_provider ))))
(typeattribute base_typeattr_249)
-(typeattributeset base_typeattr_249 (and (appdomain ) (not (sdk_sandbox_all ))))
+(typeattributeset base_typeattr_249 (and (domain ) (not (apexd init keystore system_server update_engine update_provider ))))
(typeattribute base_typeattr_248)
-(typeattributeset base_typeattr_248 (and (appdomain ) (not (untrusted_app_all isolated_app_all ephemeral_app platform_app priv_app shell system_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_248 (and (domain ) (not (apexd init dexopt_chroot_setup otapreopt_chroot ))))
(typeattribute base_typeattr_247)
-(typeattributeset base_typeattr_247 (and (domain ) (not (apexd init keystore servicemanager system_server update_engine update_provider ))))
+(typeattributeset base_typeattr_247 (and (domain ) (not (apexd init otapreopt_chroot ))))
(typeattribute base_typeattr_246)
-(typeattributeset base_typeattr_246 (and (domain ) (not (apexd init keystore system_server update_engine update_provider ))))
+(typeattributeset base_typeattr_246 (and (domain ) (not (apexd init vold_prepare_subdirs ))))
(typeattribute base_typeattr_245)
-(typeattributeset base_typeattr_245 (and (domain ) (not (apexd init dexopt_chroot_setup otapreopt_chroot ))))
+(typeattributeset base_typeattr_245 (and (domain ) (not (apexd init kernel ))))
(typeattribute base_typeattr_244)
-(typeattributeset base_typeattr_244 (and (domain ) (not (apexd init otapreopt_chroot ))))
+(typeattributeset base_typeattr_244 (and (domain ) (not (apexd init ))))
(typeattribute base_typeattr_243)
-(typeattributeset base_typeattr_243 (and (domain ) (not (apexd init vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_243 (and (domain ) (not (apexd ))))
(typeattribute base_typeattr_242)
-(typeattributeset base_typeattr_242 (and (domain ) (not (apexd init kernel ))))
+(typeattributeset base_typeattr_242 (and (domain ) (not (adbd_tradeinmode ))))
(typeattribute base_typeattr_241)
-(typeattributeset base_typeattr_241 (and (domain ) (not (apexd init ))))
+(typeattributeset base_typeattr_241 (and (domain ) (not (crash_dump shell adbd_tradeinmode ))))
(typeattribute base_typeattr_240)
-(typeattributeset base_typeattr_240 (and (domain ) (not (apexd ))))
+(typeattributeset base_typeattr_240 (and (domain ) (not (init aconfigd aconfigd_mainline ))))
(typeattribute base_typeattr_239)
-(typeattributeset base_typeattr_239 (and (domain ) (not (adbd_tradeinmode ))))
+(typeattributeset base_typeattr_239 (all))
(typeattribute base_typeattr_238)
-(typeattributeset base_typeattr_238 (and (domain ) (not (crash_dump shell adbd_tradeinmode ))))
+(typeattributeset base_typeattr_238 (and (domain ) (not (init ))))
(typeattribute base_typeattr_237)
-(typeattributeset base_typeattr_237 (and (domain ) (not (init aconfigd aconfigd_mainline ))))
+(typeattributeset base_typeattr_237 (and (hal_lazy_test_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_236)
-(typeattributeset base_typeattr_236 (all))
+(typeattributeset base_typeattr_236 (and (hal_lazy_test_server ) (not (hal_lazy_test ))))
(typeattribute base_typeattr_235)
-(typeattributeset base_typeattr_235 (and (domain ) (not (init ))))
+(typeattributeset base_typeattr_235 (and (hal_lazy_test_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_234)
-(typeattributeset base_typeattr_234 (and (hal_lazy_test_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_234 (and (coredomain ) (not (dumpstate init ))))
(typeattribute base_typeattr_233)
-(typeattributeset base_typeattr_233 (and (hal_lazy_test_server ) (not (hal_lazy_test ))))
+(typeattributeset base_typeattr_233 (and (domain ) (not (init vendor_init ))))
(typeattribute base_typeattr_232)
-(typeattributeset base_typeattr_232 (and (hal_lazy_test_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_232 (and (domain ) (not (coredomain ))))
(typeattribute base_typeattr_231)
-(typeattributeset base_typeattr_231 (and (coredomain ) (not (dumpstate init ))))
+(typeattributeset base_typeattr_231 (and (hal_vm_capabilities_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_230)
-(typeattributeset base_typeattr_230 (and (domain ) (not (init vendor_init ))))
+(typeattributeset base_typeattr_230 (and (hal_vm_capabilities_server ) (not (hal_vm_capabilities ))))
(typeattribute base_typeattr_229)
-(typeattributeset base_typeattr_229 (and (domain ) (not (coredomain ))))
+(typeattributeset base_typeattr_229 (and (hal_vm_capabilities_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_228)
-(typeattributeset base_typeattr_228 (and (hal_vm_capabilities_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_228 (and (hal_wifi_supplicant_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_227)
-(typeattributeset base_typeattr_227 (and (hal_vm_capabilities_server ) (not (hal_vm_capabilities ))))
+(typeattributeset base_typeattr_227 (and (hal_wifi_supplicant_server ) (not (hal_wifi_supplicant ))))
(typeattribute base_typeattr_226)
-(typeattributeset base_typeattr_226 (and (hal_vm_capabilities_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_226 (and (hal_wifi_supplicant_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_225)
-(typeattributeset base_typeattr_225 (and (hal_wifi_supplicant_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_225 (and (hal_wifi_hostapd_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_224)
-(typeattributeset base_typeattr_224 (and (hal_wifi_supplicant_server ) (not (hal_wifi_supplicant ))))
+(typeattributeset base_typeattr_224 (and (hal_wifi_hostapd_server ) (not (hal_wifi_hostapd ))))
(typeattribute base_typeattr_223)
-(typeattributeset base_typeattr_223 (and (hal_wifi_supplicant_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_223 (and (hal_wifi_hostapd_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_222)
-(typeattributeset base_typeattr_222 (and (hal_wifi_hostapd_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_222 (and (hal_wifi_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_221)
-(typeattributeset base_typeattr_221 (and (hal_wifi_hostapd_server ) (not (hal_wifi_hostapd ))))
+(typeattributeset base_typeattr_221 (and (hal_wifi_server ) (not (hal_wifi ))))
(typeattribute base_typeattr_220)
-(typeattributeset base_typeattr_220 (and (hal_wifi_hostapd_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_220 (and (hal_wifi_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_219)
-(typeattributeset base_typeattr_219 (and (hal_wifi_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_219 (and (hal_weaver_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_218)
-(typeattributeset base_typeattr_218 (and (hal_wifi_server ) (not (hal_wifi ))))
+(typeattributeset base_typeattr_218 (and (hal_weaver_server ) (not (hal_weaver ))))
(typeattribute base_typeattr_217)
-(typeattributeset base_typeattr_217 (and (hal_wifi_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_217 (and (hal_weaver_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_216)
-(typeattributeset base_typeattr_216 (and (hal_weaver_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_216 (and (hal_vr_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_215)
-(typeattributeset base_typeattr_215 (and (hal_weaver_server ) (not (hal_weaver ))))
+(typeattributeset base_typeattr_215 (and (hal_vr_server ) (not (hal_vr ))))
(typeattribute base_typeattr_214)
-(typeattributeset base_typeattr_214 (and (hal_weaver_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_214 (and (hal_vr_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_213)
-(typeattributeset base_typeattr_213 (and (hal_vr_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_213 (and (hal_vibrator_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_212)
-(typeattributeset base_typeattr_212 (and (hal_vr_server ) (not (hal_vr ))))
+(typeattributeset base_typeattr_212 (and (hal_vibrator_server ) (not (hal_vibrator ))))
(typeattribute base_typeattr_211)
-(typeattributeset base_typeattr_211 (and (hal_vr_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_211 (and (hal_vibrator_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_210)
-(typeattributeset base_typeattr_210 (and (hal_vibrator_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_210 (and (hal_vehicle_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_209)
-(typeattributeset base_typeattr_209 (and (hal_vibrator_server ) (not (hal_vibrator ))))
+(typeattributeset base_typeattr_209 (and (hal_vehicle_server ) (not (hal_vehicle ))))
(typeattribute base_typeattr_208)
-(typeattributeset base_typeattr_208 (and (hal_vibrator_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_208 (and (hal_vehicle_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_207)
-(typeattributeset base_typeattr_207 (and (hal_vehicle_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_207 (and (hal_uwb_vendor_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_206)
-(typeattributeset base_typeattr_206 (and (hal_vehicle_server ) (not (hal_vehicle ))))
+(typeattributeset base_typeattr_206 (and (hal_uwb_vendor_server ) (not (hal_uwb_vendor ))))
(typeattribute base_typeattr_205)
-(typeattributeset base_typeattr_205 (and (hal_vehicle_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_205 (and (hal_uwb_vendor_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_204)
-(typeattributeset base_typeattr_204 (and (hal_uwb_vendor_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_204 (and (hal_uwb_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_203)
-(typeattributeset base_typeattr_203 (and (hal_uwb_vendor_server ) (not (hal_uwb_vendor ))))
+(typeattributeset base_typeattr_203 (and (hal_uwb_server ) (not (hal_uwb ))))
(typeattribute base_typeattr_202)
-(typeattributeset base_typeattr_202 (and (hal_uwb_vendor_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_202 (and (hal_uwb_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_201)
-(typeattributeset base_typeattr_201 (and (hal_uwb_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_201 (and (hal_usb_gadget_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_200)
-(typeattributeset base_typeattr_200 (and (hal_uwb_server ) (not (hal_uwb ))))
+(typeattributeset base_typeattr_200 (and (hal_usb_gadget_server ) (not (hal_usb_gadget ))))
(typeattribute base_typeattr_199)
-(typeattributeset base_typeattr_199 (and (hal_uwb_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_199 (and (hal_usb_gadget_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_198)
-(typeattributeset base_typeattr_198 (and (hal_usb_gadget_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_198 (and (hal_usb_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_197)
-(typeattributeset base_typeattr_197 (and (hal_usb_gadget_server ) (not (hal_usb_gadget ))))
+(typeattributeset base_typeattr_197 (and (hal_usb_server ) (not (hal_usb ))))
(typeattribute base_typeattr_196)
-(typeattributeset base_typeattr_196 (and (hal_usb_gadget_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_196 (and (hal_usb_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_195)
-(typeattributeset base_typeattr_195 (and (hal_usb_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_195 (and (hal_tv_tuner_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_194)
-(typeattributeset base_typeattr_194 (and (hal_usb_server ) (not (hal_usb ))))
+(typeattributeset base_typeattr_194 (and (hal_tv_tuner_server ) (not (hal_tv_tuner ))))
(typeattribute base_typeattr_193)
-(typeattributeset base_typeattr_193 (and (hal_usb_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_193 (and (hal_tv_tuner_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_192)
-(typeattributeset base_typeattr_192 (and (hal_tv_tuner_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_192 (and (hal_tv_input_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_191)
-(typeattributeset base_typeattr_191 (and (hal_tv_tuner_server ) (not (hal_tv_tuner ))))
+(typeattributeset base_typeattr_191 (and (hal_tv_input_server ) (not (hal_tv_input ))))
(typeattribute base_typeattr_190)
-(typeattributeset base_typeattr_190 (and (hal_tv_tuner_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_190 (and (hal_tv_input_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_189)
-(typeattributeset base_typeattr_189 (and (hal_tv_input_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_189 (and (hal_tv_hdmi_earc_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_188)
-(typeattributeset base_typeattr_188 (and (hal_tv_input_server ) (not (hal_tv_input ))))
+(typeattributeset base_typeattr_188 (and (hal_tv_hdmi_earc_server ) (not (hal_tv_hdmi_earc ))))
(typeattribute base_typeattr_187)
-(typeattributeset base_typeattr_187 (and (hal_tv_input_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_187 (and (hal_tv_hdmi_earc_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_186)
-(typeattributeset base_typeattr_186 (and (hal_tv_hdmi_earc_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_186 (and (hal_tv_hdmi_connection_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_185)
-(typeattributeset base_typeattr_185 (and (hal_tv_hdmi_earc_server ) (not (hal_tv_hdmi_earc ))))
+(typeattributeset base_typeattr_185 (and (hal_tv_hdmi_connection_server ) (not (hal_tv_hdmi_connection ))))
(typeattribute base_typeattr_184)
-(typeattributeset base_typeattr_184 (and (hal_tv_hdmi_earc_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_184 (and (hal_tv_hdmi_connection_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_183)
-(typeattributeset base_typeattr_183 (and (hal_tv_hdmi_connection_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_183 (and (hal_tv_hdmi_cec_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_182)
-(typeattributeset base_typeattr_182 (and (hal_tv_hdmi_connection_server ) (not (hal_tv_hdmi_connection ))))
+(typeattributeset base_typeattr_182 (and (hal_tv_hdmi_cec_server ) (not (hal_tv_hdmi_cec ))))
(typeattribute base_typeattr_181)
-(typeattributeset base_typeattr_181 (and (hal_tv_hdmi_connection_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_181 (and (hal_tv_hdmi_cec_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_180)
-(typeattributeset base_typeattr_180 (and (hal_tv_hdmi_cec_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_180 (and (hal_tv_cec_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_179)
-(typeattributeset base_typeattr_179 (and (hal_tv_hdmi_cec_server ) (not (hal_tv_hdmi_cec ))))
+(typeattributeset base_typeattr_179 (and (hal_tv_cec_server ) (not (hal_tv_cec ))))
(typeattribute base_typeattr_178)
-(typeattributeset base_typeattr_178 (and (hal_tv_hdmi_cec_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_178 (and (hal_tv_cec_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_177)
-(typeattributeset base_typeattr_177 (and (hal_tv_cec_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_177 (and (hal_threadnetwork_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_176)
-(typeattributeset base_typeattr_176 (and (hal_tv_cec_server ) (not (hal_tv_cec ))))
+(typeattributeset base_typeattr_176 (and (hal_threadnetwork_server ) (not (hal_threadnetwork ))))
(typeattribute base_typeattr_175)
-(typeattributeset base_typeattr_175 (and (hal_tv_cec_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_175 (and (hal_threadnetwork_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_174)
-(typeattributeset base_typeattr_174 (and (hal_threadnetwork_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_174 (and (hal_thermal_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_173)
-(typeattributeset base_typeattr_173 (and (hal_threadnetwork_server ) (not (hal_threadnetwork ))))
+(typeattributeset base_typeattr_173 (and (hal_thermal_server ) (not (hal_thermal ))))
(typeattribute base_typeattr_172)
-(typeattributeset base_typeattr_172 (and (hal_threadnetwork_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_172 (and (hal_thermal_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_171)
-(typeattributeset base_typeattr_171 (and (hal_thermal_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_171 (and (hal_tetheroffload_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_170)
-(typeattributeset base_typeattr_170 (and (hal_thermal_server ) (not (hal_thermal ))))
+(typeattributeset base_typeattr_170 (and (hal_tetheroffload_server ) (not (hal_tetheroffload ))))
(typeattribute base_typeattr_169)
-(typeattributeset base_typeattr_169 (and (hal_thermal_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_169 (and (hal_tetheroffload_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_168)
-(typeattributeset base_typeattr_168 (and (hal_tetheroffload_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_168 (and (hal_telephony_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_167)
-(typeattributeset base_typeattr_167 (and (hal_tetheroffload_server ) (not (hal_tetheroffload ))))
+(typeattributeset base_typeattr_167 (and (hal_telephony_server ) (not (hal_telephony ))))
(typeattribute base_typeattr_166)
-(typeattributeset base_typeattr_166 (and (hal_tetheroffload_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_166 (and (hal_telephony_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_165)
-(typeattributeset base_typeattr_165 (and (hal_telephony_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_165 (and (hal_sensors_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_164)
-(typeattributeset base_typeattr_164 (and (hal_telephony_server ) (not (hal_telephony ))))
+(typeattributeset base_typeattr_164 (and (hal_sensors_server ) (not (hal_sensors ))))
(typeattribute base_typeattr_163)
-(typeattributeset base_typeattr_163 (and (hal_telephony_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_163 (and (hal_sensors_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_162)
-(typeattributeset base_typeattr_162 (and (hal_sensors_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_162 (and (hal_secure_element_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_161)
-(typeattributeset base_typeattr_161 (and (hal_sensors_server ) (not (hal_sensors ))))
+(typeattributeset base_typeattr_161 (and (hal_secure_element_server ) (not (hal_secure_element ))))
(typeattribute base_typeattr_160)
-(typeattributeset base_typeattr_160 (and (hal_sensors_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_160 (and (hal_secure_element_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_159)
-(typeattributeset base_typeattr_159 (and (hal_secure_element_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_159 (and (hal_remotelyprovisionedcomponent_avf_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_158)
-(typeattributeset base_typeattr_158 (and (hal_secure_element_server ) (not (hal_secure_element ))))
+(typeattributeset base_typeattr_158 (and (hal_remotelyprovisionedcomponent_avf_server ) (not (hal_remotelyprovisionedcomponent_avf ))))
(typeattribute base_typeattr_157)
-(typeattributeset base_typeattr_157 (and (hal_secure_element_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_157 (and (hal_remotelyprovisionedcomponent_avf_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_156)
-(typeattributeset base_typeattr_156 (and (hal_remotelyprovisionedcomponent_avf_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_156 (and (hal_secretkeeper_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_155)
-(typeattributeset base_typeattr_155 (and (hal_remotelyprovisionedcomponent_avf_server ) (not (hal_remotelyprovisionedcomponent_avf ))))
+(typeattributeset base_typeattr_155 (and (hal_secretkeeper_server ) (not (hal_secretkeeper ))))
(typeattribute base_typeattr_154)
-(typeattributeset base_typeattr_154 (and (hal_remotelyprovisionedcomponent_avf_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_154 (and (hal_secretkeeper_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_153)
-(typeattributeset base_typeattr_153 (and (hal_secretkeeper_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_153 (and (hal_remoteaccess_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_152)
-(typeattributeset base_typeattr_152 (and (hal_secretkeeper_server ) (not (hal_secretkeeper ))))
+(typeattributeset base_typeattr_152 (and (hal_remoteaccess_server ) (not (hal_remoteaccess ))))
(typeattribute base_typeattr_151)
-(typeattributeset base_typeattr_151 (and (hal_secretkeeper_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_151 (and (hal_remoteaccess_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_150)
-(typeattributeset base_typeattr_150 (and (hal_remoteaccess_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_150 (and (hal_rebootescrow_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_149)
-(typeattributeset base_typeattr_149 (and (hal_remoteaccess_server ) (not (hal_remoteaccess ))))
+(typeattributeset base_typeattr_149 (and (hal_rebootescrow_server ) (not (hal_rebootescrow ))))
(typeattribute base_typeattr_148)
-(typeattributeset base_typeattr_148 (and (hal_remoteaccess_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_148 (and (hal_rebootescrow_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_147)
-(typeattributeset base_typeattr_147 (and (hal_rebootescrow_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_147 (and (hal_power_stats_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_146)
-(typeattributeset base_typeattr_146 (and (hal_rebootescrow_server ) (not (hal_rebootescrow ))))
+(typeattributeset base_typeattr_146 (and (hal_power_stats_server ) (not (hal_power_stats ))))
(typeattribute base_typeattr_145)
-(typeattributeset base_typeattr_145 (and (hal_rebootescrow_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_145 (and (hal_power_stats_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_144)
-(typeattributeset base_typeattr_144 (and (hal_power_stats_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_144 (and (hal_power_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_143)
-(typeattributeset base_typeattr_143 (and (hal_power_stats_server ) (not (hal_power_stats ))))
+(typeattributeset base_typeattr_143 (and (hal_power_server ) (not (hal_power ))))
(typeattribute base_typeattr_142)
-(typeattributeset base_typeattr_142 (and (hal_power_stats_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_142 (and (hal_power_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_141)
-(typeattributeset base_typeattr_141 (and (hal_power_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_141 (and (hal_omx_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_140)
-(typeattributeset base_typeattr_140 (and (hal_power_server ) (not (hal_power ))))
+(typeattributeset base_typeattr_140 (and (hal_omx_server ) (not (hal_omx ))))
(typeattribute base_typeattr_139)
-(typeattributeset base_typeattr_139 (and (hal_power_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_139 (and (hal_omx_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_138)
-(typeattributeset base_typeattr_138 (and (hal_omx_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_138 (and (hal_oemlock_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_137)
-(typeattributeset base_typeattr_137 (and (hal_omx_server ) (not (hal_omx ))))
+(typeattributeset base_typeattr_137 (and (hal_oemlock_server ) (not (hal_oemlock ))))
(typeattribute base_typeattr_136)
-(typeattributeset base_typeattr_136 (and (hal_omx_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_136 (and (hal_oemlock_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_135)
-(typeattributeset base_typeattr_135 (and (hal_oemlock_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_135 (and (hal_nlinterceptor_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_134)
-(typeattributeset base_typeattr_134 (and (hal_oemlock_server ) (not (hal_oemlock ))))
+(typeattributeset base_typeattr_134 (and (hal_nlinterceptor_server ) (not (hal_nlinterceptor ))))
(typeattribute base_typeattr_133)
-(typeattributeset base_typeattr_133 (and (hal_oemlock_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_133 (and (hal_nlinterceptor_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_132)
-(typeattributeset base_typeattr_132 (and (hal_nlinterceptor_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_132 (and (hal_nfc_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_131)
-(typeattributeset base_typeattr_131 (and (hal_nlinterceptor_server ) (not (hal_nlinterceptor ))))
+(typeattributeset base_typeattr_131 (and (hal_nfc_server ) (not (hal_nfc ))))
(typeattribute base_typeattr_130)
-(typeattributeset base_typeattr_130 (and (hal_nlinterceptor_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_130 (and (hal_nfc_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_129)
-(typeattributeset base_typeattr_129 (and (hal_nfc_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_129 (and (hal_neuralnetworks_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_128)
-(typeattributeset base_typeattr_128 (and (hal_nfc_server ) (not (hal_nfc ))))
+(typeattributeset base_typeattr_128 (and (hal_neuralnetworks_server ) (not (hal_neuralnetworks ))))
(typeattribute base_typeattr_127)
-(typeattributeset base_typeattr_127 (and (hal_nfc_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_127 (and (hal_neuralnetworks_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_126)
-(typeattributeset base_typeattr_126 (and (hal_neuralnetworks_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_126 (and (hal_memtrack_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_125)
-(typeattributeset base_typeattr_125 (and (hal_neuralnetworks_server ) (not (hal_neuralnetworks ))))
+(typeattributeset base_typeattr_125 (and (hal_memtrack_server ) (not (hal_memtrack ))))
(typeattribute base_typeattr_124)
-(typeattributeset base_typeattr_124 (and (hal_neuralnetworks_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_124 (and (hal_memtrack_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_123)
-(typeattributeset base_typeattr_123 (and (hal_memtrack_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_123 (and (hal_mediaquality_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_122)
-(typeattributeset base_typeattr_122 (and (hal_memtrack_server ) (not (hal_memtrack ))))
+(typeattributeset base_typeattr_122 (and (hal_mediaquality_server ) (not (hal_mediaquality ))))
(typeattribute base_typeattr_121)
-(typeattributeset base_typeattr_121 (and (hal_memtrack_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_121 (and (hal_mediaquality_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_120)
-(typeattributeset base_typeattr_120 (and (hal_mediaquality_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_120 (and (hal_macsec_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_119)
-(typeattributeset base_typeattr_119 (and (hal_mediaquality_server ) (not (hal_mediaquality ))))
+(typeattributeset base_typeattr_119 (and (hal_macsec_server ) (not (hal_macsec ))))
(typeattribute base_typeattr_118)
-(typeattributeset base_typeattr_118 (and (hal_mediaquality_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_118 (and (hal_macsec_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_117)
-(typeattributeset base_typeattr_117 (and (hal_macsec_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_117 (and (hal_lowpan_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_116)
-(typeattributeset base_typeattr_116 (and (hal_macsec_server ) (not (hal_macsec ))))
+(typeattributeset base_typeattr_116 (and (hal_lowpan_server ) (not (hal_lowpan ))))
(typeattribute base_typeattr_115)
-(typeattributeset base_typeattr_115 (and (hal_macsec_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_115 (and (hal_lowpan_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_114)
-(typeattributeset base_typeattr_114 (and (hal_lowpan_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_114 (and (hal_light_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_113)
-(typeattributeset base_typeattr_113 (and (hal_lowpan_server ) (not (hal_lowpan ))))
+(typeattributeset base_typeattr_113 (and (hal_light_server ) (not (hal_light ))))
(typeattribute base_typeattr_112)
-(typeattributeset base_typeattr_112 (and (hal_lowpan_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_112 (and (hal_light_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_111)
-(typeattributeset base_typeattr_111 (and (hal_light_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_111 (and (hal_keymint_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_110)
-(typeattributeset base_typeattr_110 (and (hal_light_server ) (not (hal_light ))))
+(typeattributeset base_typeattr_110 (and (hal_keymint_server ) (not (hal_keymint ))))
(typeattribute base_typeattr_109)
-(typeattributeset base_typeattr_109 (and (hal_light_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_109 (and (hal_keymint_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_108)
-(typeattributeset base_typeattr_108 (and (hal_keymint_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_108 (and (hal_keymaster_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_107)
-(typeattributeset base_typeattr_107 (and (hal_keymint_server ) (not (hal_keymint ))))
+(typeattributeset base_typeattr_107 (and (hal_keymaster_server ) (not (hal_keymaster ))))
(typeattribute base_typeattr_106)
-(typeattributeset base_typeattr_106 (and (hal_keymint_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_106 (and (hal_keymaster_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_105)
-(typeattributeset base_typeattr_105 (and (hal_keymaster_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_105 (and (hal_ivn_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_104)
-(typeattributeset base_typeattr_104 (and (hal_keymaster_server ) (not (hal_keymaster ))))
+(typeattributeset base_typeattr_104 (and (hal_ivn_server ) (not (hal_ivn ))))
(typeattribute base_typeattr_103)
-(typeattributeset base_typeattr_103 (and (hal_keymaster_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_103 (and (hal_ivn_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_102)
-(typeattributeset base_typeattr_102 (and (hal_ivn_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_102 (and (hal_ir_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_101)
-(typeattributeset base_typeattr_101 (and (hal_ivn_server ) (not (hal_ivn ))))
+(typeattributeset base_typeattr_101 (and (hal_ir_server ) (not (hal_ir ))))
(typeattribute base_typeattr_100)
-(typeattributeset base_typeattr_100 (and (hal_ivn_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_100 (and (hal_ir_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_99)
-(typeattributeset base_typeattr_99 (and (hal_ir_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_99 (and (hal_input_processor_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_98)
-(typeattributeset base_typeattr_98 (and (hal_ir_server ) (not (hal_ir ))))
+(typeattributeset base_typeattr_98 (and (hal_input_processor_server ) (not (hal_input_processor ))))
(typeattribute base_typeattr_97)
-(typeattributeset base_typeattr_97 (and (hal_ir_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_97 (and (hal_input_processor_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_96)
-(typeattributeset base_typeattr_96 (and (hal_input_processor_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_96 (and (hal_input_classifier_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_95)
-(typeattributeset base_typeattr_95 (and (hal_input_processor_server ) (not (hal_input_processor ))))
+(typeattributeset base_typeattr_95 (and (hal_input_classifier_server ) (not (hal_input_classifier ))))
(typeattribute base_typeattr_94)
-(typeattributeset base_typeattr_94 (and (hal_input_processor_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_94 (and (hal_input_classifier_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_93)
-(typeattributeset base_typeattr_93 (and (hal_input_classifier_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_93 (and (hal_identity_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_92)
-(typeattributeset base_typeattr_92 (and (hal_input_classifier_server ) (not (hal_input_classifier ))))
+(typeattributeset base_typeattr_92 (and (hal_identity_server ) (not (hal_identity ))))
(typeattribute base_typeattr_91)
-(typeattributeset base_typeattr_91 (and (hal_input_classifier_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_91 (and (hal_identity_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_90)
-(typeattributeset base_typeattr_90 (and (hal_identity_client ) (not (halclientdomain ))))
+(typeattributeset base_typeattr_90 (and (hal_hwcrypto_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_89)
-(typeattributeset base_typeattr_89 (and (hal_identity_server ) (not (hal_identity ))))
+(typeattributeset base_typeattr_89 (and (hal_hwcrypto_server ) (not (hal_hwcrypto ))))
(typeattribute base_typeattr_88)
-(typeattributeset base_typeattr_88 (and (hal_identity_server ) (not (halserverdomain ))))
+(typeattributeset base_typeattr_88 (and (hal_hwcrypto_server ) (not (halserverdomain ))))
(typeattribute base_typeattr_87)
(typeattributeset base_typeattr_87 (and (hal_health_storage_client ) (not (halclientdomain ))))
(typeattribute base_typeattr_86)
diff --git a/prebuilts/api/202504/private/adbd.te b/prebuilts/api/202504/private/adbd.te
index b87b319..138c8f5 100644
--- a/prebuilts/api/202504/private/adbd.te
+++ b/prebuilts/api/202504/private/adbd.te
@@ -178,6 +178,10 @@
allow adbd perfetto_traces_data_file:file r_file_perms;
allow adbd perfetto_traces_data_file:dir r_dir_perms;
+# Allow to pull ProfilingManager Perfetto traces.
+allow adbd perfetto_traces_profiling_data_file:file r_file_perms;
+allow adbd perfetto_traces_profiling_data_file:dir r_dir_perms;
+
# Allow to push and manage configs in /data/misc/perfetto-configs.
allow adbd perfetto_configs_data_file:dir rw_dir_perms;
allow adbd perfetto_configs_data_file:file create_file_perms;
@@ -228,3 +232,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# allow adbd to check if an app is frozen
+allow adbd cgroup_v2:file read;
diff --git a/prebuilts/api/202504/private/app.te b/prebuilts/api/202504/private/app.te
index b9a6d85..b359663 100644
--- a/prebuilts/api/202504/private/app.te
+++ b/prebuilts/api/202504/private/app.te
@@ -6,6 +6,7 @@
appdomain
-ephemeral_app
-isolated_app_all
+ -network_stack
-platform_app
-priv_app
-shell
@@ -19,6 +20,7 @@
appdomain
-ephemeral_app
-isolated_app_all
+ -network_stack
-platform_app
-priv_app
-shell
diff --git a/prebuilts/api/202504/private/attributes b/prebuilts/api/202504/private/attributes
index 4f59acf..93bf295 100644
--- a/prebuilts/api/202504/private/attributes
+++ b/prebuilts/api/202504/private/attributes
@@ -40,3 +40,7 @@
until_board_api(202504, `
hal_attribute(vm_capabilities);
')
+
+until_board_api(202504, `
+ hal_attribute(hwcrypto);
+')
diff --git a/prebuilts/api/202504/private/bpfloader.te b/prebuilts/api/202504/private/bpfloader.te
index 4fe3843..7d8a706 100644
--- a/prebuilts/api/202504/private/bpfloader.te
+++ b/prebuilts/api/202504/private/bpfloader.te
@@ -54,7 +54,7 @@
neverallow { domain -bpfloader } fs_bpf_loader:bpf *;
neverallow { domain -bpfloader } fs_bpf_loader:file *;
-neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
+neverallow { domain -bpfloader -init userdebug_or_eng(`-overlay_remounter') } bpfloader_exec:file { execute execute_no_trans };
neverallow { coredomain -bpfloader -netd -netutils_wrapper } fs_bpf_vendor:file *;
diff --git a/prebuilts/api/202504/private/compat/202404/202404.ignore.cil b/prebuilts/api/202504/private/compat/202404/202404.ignore.cil
index c10b0d5..224c49b 100644
--- a/prebuilts/api/202504/private/compat/202404/202404.ignore.cil
+++ b/prebuilts/api/202504/private/compat/202404/202404.ignore.cil
@@ -10,10 +10,13 @@
binderfs_logs_transactions
bluetooth_finder_prop
crosvm
+ drm_config_prop
early_virtmgr
early_virtmgr_exec
+ enable_16k_pages_prop
forensic_service
fstype_prop
+ fwk_vold_service
hal_mediaquality_service
hal_vm_capabilities_service
intrusion_detection_service
diff --git a/prebuilts/api/202504/private/compat/30.0/30.0.ignore.cil b/prebuilts/api/202504/private/compat/30.0/30.0.ignore.cil
index 0a3d2e9..1d3b389 100644
--- a/prebuilts/api/202504/private/compat/30.0/30.0.ignore.cil
+++ b/prebuilts/api/202504/private/compat/30.0/30.0.ignore.cil
@@ -22,6 +22,7 @@
artd
artd_exec
artd_service
+ atrace
authorization_service
bootanim_config_prop
camerax_extensions_prop
@@ -95,6 +96,7 @@
odsign
odsign_data_file
odsign_exec
+ otapreopt_chroot
pac_proxy_service
permission_checker_service
people_service
@@ -138,6 +140,7 @@
system_suspend_control_internal_service
task_profiles_api_file
texttospeech_service
+ traced_tmpfs
translation_service
update_engine_stable_service
userdata_sysdev
diff --git a/prebuilts/api/202504/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/202504/private/compat/32.0/32.0.ignore.cil
index 43ce0a1..dd74cd8 100644
--- a/prebuilts/api/202504/private/compat/32.0/32.0.ignore.cil
+++ b/prebuilts/api/202504/private/compat/32.0/32.0.ignore.cil
@@ -12,6 +12,7 @@
attestation_verification_service
bluetooth_config_prop
binderfs_features
+ bpfloader
charger_vendor
cloudsearch
cloudsearch_service
@@ -58,6 +59,7 @@
hal_wifi_supplicant_service
locale_service
mdns_service
+ mediatranscoding
nearby_service
persist_wm_debug_prop
proc_watermark_boost_factor
diff --git a/prebuilts/api/202504/private/compat/33.0/33.0.cil b/prebuilts/api/202504/private/compat/33.0/33.0.cil
index 204048e..16babe7 100644
--- a/prebuilts/api/202504/private/compat/33.0/33.0.cil
+++ b/prebuilts/api/202504/private/compat/33.0/33.0.cil
@@ -2083,7 +2083,7 @@
(typeattributeset permission_checker_service_33_0 (permission_checker_service))
(typeattributeset permission_service_33_0 (permission_service))
(typeattributeset permissionmgr_service_33_0 (permissionmgr_service))
-(typeattributeset persist_debug_prop_33_0 (persist_debug_prop))
+(typeattributeset persist_debug_prop_33_0 (persist_debug_prop system_user_mode_emulation_prop))
(typeattributeset persist_vendor_debug_wifi_prop_33_0 (persist_vendor_debug_wifi_prop))
(typeattributeset persist_wm_debug_prop_33_0 (persist_wm_debug_prop))
(typeattributeset persistent_data_block_service_33_0 (persistent_data_block_service))
diff --git a/prebuilts/api/202504/private/coredomain.te b/prebuilts/api/202504/private/coredomain.te
index 23ad43a..7f0ca9d 100644
--- a/prebuilts/api/202504/private/coredomain.te
+++ b/prebuilts/api/202504/private/coredomain.te
@@ -63,6 +63,7 @@
-rs # spawned by appdomain, so carryover the exception above
-system_server
-traced_perf
+ userdebug_or_eng(`-overlay_remounter')
} vendor_app_file:dir { open read getattr search };
')
@@ -84,6 +85,7 @@
-system_server
-traced_perf
-mediaserver
+ userdebug_or_eng(`-overlay_remounter')
} vendor_app_file:file r_file_perms;
')
@@ -105,6 +107,7 @@
-webview_zygote
-zygote
-heapprofd
+ userdebug_or_eng(`-overlay_remounter')
} vendor_overlay_file:dir { getattr open read search };
')
@@ -127,6 +130,7 @@
-heapprofd
userdebug_or_eng(`-profcollectd')
userdebug_or_eng(`-simpleperf_boot')
+ userdebug_or_eng(`-overlay_remounter')
} vendor_overlay_file:file open;
')
diff --git a/prebuilts/api/202504/private/crash_dump.te b/prebuilts/api/202504/private/crash_dump.te
index a9a802c..4bd1d38 100644
--- a/prebuilts/api/202504/private/crash_dump.te
+++ b/prebuilts/api/202504/private/crash_dump.te
@@ -118,7 +118,10 @@
# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
# Do not allow the execution of crash_dump without a domain transition.
-neverallow domain crash_dump_exec:file execute_no_trans;
+neverallow {
+ domain
+ userdebug_or_eng(`-overlay_remounter')
+} crash_dump_exec:file execute_no_trans;
# sigchld not explicitly forbidden since it's part of the
# domain-transition-on-exec macros, and is by itself not sensitive
diff --git a/prebuilts/api/202504/private/crosvm.te b/prebuilts/api/202504/private/crosvm.te
index a377e7a..6051992 100644
--- a/prebuilts/api/202504/private/crosvm.te
+++ b/prebuilts/api/202504/private/crosvm.te
@@ -223,6 +223,7 @@
-crosvm
-virtualizationmanager
-vmlauncher_app
+ userdebug_or_eng(`-overlay_remounter')
is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `-early_virtmgr')
} crosvm_exec:file no_x_file_perms;
diff --git a/prebuilts/api/202504/private/domain.te b/prebuilts/api/202504/private/domain.te
index 31b544b..8db40a5 100644
--- a/prebuilts/api/202504/private/domain.te
+++ b/prebuilts/api/202504/private/domain.te
@@ -532,12 +532,6 @@
# TODO(384942085): Reduce the scope.
allow domain kernel:key search;
-# For testing purposes, allow access to keys installed with su.
-# TODO(277916185): Remove since this shouldn't be needed anymore.
-userdebug_or_eng(`
- allow domain su:key search;
-')
-
# Allow access to linkerconfig file
allow domain linkerconfig_file:dir search;
allow domain linkerconfig_file:file r_file_perms;
@@ -595,6 +589,11 @@
# permission on /metadata dir
allow domain metadata_file:dir search;
+# overlayfs performs all file operations as the mounter, being overlay_remounter.
+# It thus opens files as overlay_remounter, and then uses those files in the context of
+# the caller, which is anyone accessing a file on a overlaid read-only partition
+userdebug_or_eng(`allow domain overlay_remounter:fd use');
+
###
### neverallow rules
###
@@ -705,7 +704,7 @@
# Do not allow renaming of block files or character files
# Ability to do so can lead to possible use in an exploit chain
# e.g. https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html
-neverallow * *:{ blk_file chr_file } rename;
+neverallow { domain userdebug_or_eng(`-overlay_remounter') } *:{ blk_file chr_file } rename;
# Don't allow raw read/write/open access to generic devices.
# Rather force a relabel to a more specific type.
@@ -740,16 +739,21 @@
domain
with_asan(`-asan_extract')
recovery_only(`userdebug_or_eng(`-fastbootd')')
+ userdebug_or_eng(`-kernel')
+ userdebug_or_eng(`-overlay_remounter')
} {
system_file_type
vendor_file_type
exec_type
}:dir_file_class_set { create write setattr relabelfrom append unlink link rename };
-neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto;
+neverallow { domain -kernel with_asan(`-asan_extract') userdebug_or_eng(`-overlay_remounter') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
-neverallow * exec_type:dir_file_class_set mounton;
+neverallow {
+ domain
+ userdebug_or_eng(`-overlay_remounter')
+} exec_type:dir_file_class_set mounton;
# Nothing should be writing to files in the rootfs.
neverallow * rootfs:file { create write setattr relabelto append unlink link rename };
@@ -761,9 +765,9 @@
# Ensure that context mount types are not writable, to ensure that
# the write to /system restriction above is not bypassed via context=
# mount to another type.
-neverallow * contextmount_type:dir_file_class_set
+neverallow { domain userdebug_or_eng(`-overlay_remounter') } contextmount_type:dir_file_class_set
{ create setattr relabelfrom relabelto append link rename };
-neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } contextmount_type:dir_file_class_set { write unlink };
+neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') userdebug_or_eng(`-overlay_remounter') } contextmount_type:dir_file_class_set { write unlink };
# Do not allow service_manager add for default service labels.
# Instead domains should use a more specific type such as
@@ -1150,6 +1154,7 @@
-init
-shell
-ueventd
+ userdebug_or_eng(`-overlay_remounter')
} vendor_shell_exec:file { execute execute_no_trans };
')
@@ -1204,6 +1209,7 @@
-shell
-system_executes_vendor_violators
-ueventd
+ userdebug_or_eng(`-overlay_remounter')
} {
vendor_file_type
-same_process_hal_file
@@ -1219,6 +1225,7 @@
coredomain
-shell
-system_executes_vendor_violators
+ userdebug_or_eng(`-overlay_remounter')
} {
vendor_file_type
-same_process_hal_file
@@ -1302,19 +1309,25 @@
# Do not mount on top of symlinks, fifos, or sockets.
# Feature parity with Chromium LSM.
-neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
+neverallow {
+ domain
+ userdebug_or_eng(`-overlay_remounter')
+} { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
# Nobody should be able to execute su on user builds.
# On userdebug/eng builds, only dumpstate, shell, and
# su itself execute su.
-neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms;
+neverallow { domain userdebug_or_eng(`-dumpstate -shell -su -overlay_remounter') } su_exec:file no_x_file_perms;
# Do not allow the introduction of new execmod rules. Text relocations
# and modification of executable pages are unsafe.
# The only exceptions are for NDK text relocations associated with
# https://code.google.com/p/android/issues/detail?id=23203
# which, long term, need to go away.
-neverallow * {
+neverallow {
+ domain
+ userdebug_or_eng(`-overlay_remounter')
+} {
file_type
-apk_data_file
-app_data_file
@@ -1328,7 +1341,12 @@
# Do not allow the introduction of new execmod rules. Text relocations
# and modification of executable pages are unsafe.
-neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod;
+neverallow {
+ domain
+ -untrusted_app_25
+ -untrusted_app_27
+ userdebug_or_eng(`-overlay_remounter')
+} file_type:file execmod;
# Ensure that all types assigned to processes are included
# in the domain attribute, so that all allow and neverallow rules
@@ -1453,6 +1471,7 @@
-installd
-profman
-artd
+ userdebug_or_eng(`-overlay_remounter')
} profman_exec:file no_x_file_perms;
# Enforce restrictions on kernel module origin.
@@ -1520,6 +1539,7 @@
neverallow {
coredomain
-appdomain
+ userdebug_or_eng(`-overlay_remounter')
} {vendor_public_framework_file vendor_public_lib_file}:file { execute execute_no_trans };
')
@@ -1834,6 +1854,7 @@
-zygote
userdebug_or_eng(`-mediaextractor')
userdebug_or_eng(`-mediaswcodec')
+ userdebug_or_eng(`-overlay_remounter')
} {
file_type
-system_file_type
@@ -1909,6 +1930,7 @@
neverallow {
domain
-appdomain
+ userdebug_or_eng(`-overlay_remounter')
} {
data_file_type
-apex_art_data_file
@@ -1942,6 +1964,7 @@
vold
vold_prepare_subdirs
zygote
+ userdebug_or_eng(`overlay_remounter')
}')
neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
# Since the kernel checks dac_read_search before dac_override, domains that
@@ -1970,6 +1993,7 @@
-update_engine
-vold
-zygote
+ userdebug_or_eng(`-overlay_remounter')
} { fs_type
-sdcard_type
-fusefs_type
@@ -2038,6 +2062,7 @@
userdebug_or_eng(`-simpleperf_boot')
-traced_perf
-ueventd
+ userdebug_or_eng(`-overlay_remounter')
} vendor_file:file { no_w_file_perms no_x_file_perms open };
')
@@ -2081,6 +2106,7 @@
-traced_perf # library/binary access for symbolization
-ueventd # reads /vendor/ueventd.rc
-vold # loads incremental fs driver
+ userdebug_or_eng(`-overlay_remounter')
} {
vendor_file_type
-same_process_hal_file
@@ -2114,7 +2140,16 @@
# Only init and otapreopt_chroot should be mounting filesystems on locations
# labeled system or vendor (/product and /vendor respectively).
-neverallow { domain -dexopt_chroot_setup -init -otapreopt_chroot } { system_file_type vendor_file_type }:dir_file_class_set mounton;
+neverallow {
+ domain
+ -dexopt_chroot_setup
+ -init
+ -otapreopt_chroot
+ userdebug_or_eng(`-overlay_remounter')
+} {
+ system_file_type
+ vendor_file_type
+}:dir_file_class_set mounton;
# Only allow init and vendor_init to read/write mm_events properties
# NOTE: dumpstate is allowed to read any system property
@@ -2274,5 +2309,26 @@
# ueventd needs write access to all sysfs files.
neverallow { domain -init -vendor_init -ueventd } sysfs_pgsize_migration:file no_w_file_perms;
-# We need to be able to rely on vsock labels, so disallow changing them.
-neverallow domain *:vsock_socket { relabelfrom relabelto };
+# virtmanager enforces access policy for which components can connect
+# to which VMs. If you have permissions to make direct connections, you
+# can talk to anything.
+starting_at_board_api(202504, `
+neverallow {
+ domain
+
+ # these are expected
+ -early_virtmgr
+ -virtualizationmanager
+ -virtualizationservice
+ -adbd_common # maybe should move to emulator/virtual device specific policy
+
+ # not expected, and defined outside of system/sepolicy.
+ # Note: this attribute is strongly recommended to be empty if not required.
+ -unconstrained_vsock_violators
+
+ # these are permissions that should be removed, and they are here for visibility.
+ -compos_fd_server # TODO: get connections from virtmanager
+ -hal_keymint_system # TODO: get connections from virtmanager
+ -vmlauncher_app # TODO: get connections from virtmanager
+} *:vsock_socket { connect create accept bind };
+')
diff --git a/prebuilts/api/202504/private/file.te b/prebuilts/api/202504/private/file.te
index 3a66143..6bdcc39 100644
--- a/prebuilts/api/202504/private/file.te
+++ b/prebuilts/api/202504/private/file.te
@@ -192,6 +192,9 @@
# /sys/firmware/acpi/tables
type sysfs_firmware_acpi_tables, fs_type, sysfs_type;
+# Type for /system/bin/pbtombstone.
+type pbtombstone_exec, system_file_type, exec_type, file_type;
+
# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate;
diff --git a/prebuilts/api/202504/private/file_contexts b/prebuilts/api/202504/private/file_contexts
index 7ef3226..0b3e7f4 100644
--- a/prebuilts/api/202504/private/file_contexts
+++ b/prebuilts/api/202504/private/file_contexts
@@ -353,6 +353,7 @@
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
/system/bin/sgdisk u:object_r:sgdisk_exec:s0
/system/bin/blkid u:object_r:blkid_exec:s0
+/system/bin/pbtombstone u:object_r:pbtombstone_exec:s0
/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
/system/bin/idmap2(d)? u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0
@@ -952,3 +953,7 @@
#############################
# For early boot VM
/mnt/vm u:object_r:vm_data_file:s0
+
+#############################
+# For overlays
+/second_stage_resources/overlay_remounter u:object_r:overlay_remounter_exec:s0
diff --git a/prebuilts/api/202504/private/genfs_contexts b/prebuilts/api/202504/private/genfs_contexts
index a872a04..0a0c9cb 100644
--- a/prebuilts/api/202504/private/genfs_contexts
+++ b/prebuilts/api/202504/private/genfs_contexts
@@ -266,6 +266,7 @@
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/android_vendor_lmk/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
diff --git a/prebuilts/api/202504/private/incident.te b/prebuilts/api/202504/private/incident.te
index db9ae86..19db7d7 100644
--- a/prebuilts/api/202504/private/incident.te
+++ b/prebuilts/api/202504/private/incident.te
@@ -34,4 +34,14 @@
allow incident incidentd:fifo_file write;
# only allow incident being called by shell or dumpstate
-neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans };
+neverallow {
+ domain
+ -su
+ -shell
+ -incident
+ -dumpstate
+ userdebug_or_eng(`-overlay_remounter')
+} incident_exec:file {
+ execute
+ execute_no_trans
+};
diff --git a/prebuilts/api/202504/private/incident_helper.te b/prebuilts/api/202504/private/incident_helper.te
index b453855..cdaf144 100644
--- a/prebuilts/api/202504/private/incident_helper.te
+++ b/prebuilts/api/202504/private/incident_helper.te
@@ -11,4 +11,13 @@
allow incident_helper incidentd:unix_stream_socket { read write };
# only allow incidentd and shell to call incident_helper
-neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
+neverallow {
+ domain
+ -incidentd
+ -incident_helper
+ -shell
+ userdebug_or_eng(`-overlay_remounter')
+} incident_helper_exec:file {
+ execute
+ execute_no_trans
+};
diff --git a/prebuilts/api/202504/private/incidentd.te b/prebuilts/api/202504/private/incidentd.te
index bf98d31..11da9ea 100644
--- a/prebuilts/api/202504/private/incidentd.te
+++ b/prebuilts/api/202504/private/incidentd.te
@@ -25,6 +25,9 @@
# section id 1116, allow accessing statsd socket
unix_socket_send(incidentd, statsdw, statsd)
+# section id 1116, allow using userfaultfd
+userfaultfd_use(incidentd)
+
# section id 2001, allow reading /proc/pagetypeinfo
allow incidentd proc_pagetypeinfo:file r_file_perms;
diff --git a/prebuilts/api/202504/private/init.te b/prebuilts/api/202504/private/init.te
index 35d7647..6f0ee80 100644
--- a/prebuilts/api/202504/private/init.te
+++ b/prebuilts/api/202504/private/init.te
@@ -814,7 +814,7 @@
# The init domain is only entered via an exec based transition from the
# kernel domain, never via setcon().
neverallow domain init:process dyntransition;
-neverallow { domain -kernel } init:process transition;
+neverallow { domain -kernel userdebug_or_eng(`-overlay_remounter') } init:process transition;
neverallow init { file_type fs_type -init_exec }:file entrypoint;
# Never read/follow symlinks created by shell or untrusted apps.
diff --git a/prebuilts/api/202504/private/kernel.te b/prebuilts/api/202504/private/kernel.te
index 1b82c66..0d3aa77 100644
--- a/prebuilts/api/202504/private/kernel.te
+++ b/prebuilts/api/202504/private/kernel.te
@@ -2,6 +2,9 @@
domain_auto_trans(kernel, init_exec, init)
domain_auto_trans(kernel, snapuserd_exec, snapuserd)
+userdebug_or_eng(`
+ domain_auto_trans(kernel, overlay_remounter_exec, overlay_remounter)
+')
# Allow the kernel to read otapreopt_chroot's file descriptors and files under
# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
@@ -150,6 +153,15 @@
# required by VTS lidbm unit test
allow kernel appdomain_tmpfs:file { read write };
+# Allow first stage init to copy and then launch overlay_remounter
+userdebug_or_eng(`
+ allow kernel tmpfs:dir rw_dir_perms;
+ allow kernel tmpfs:file { create_file_perms relabelfrom };
+ allow kernel overlay_remounter_exec:file { relabelto unlink };
+ allow kernel overlay_remounter:process2 nosuid_transition;
+ allow kernel overlay_remounter:process share;
+')
+
dontaudit kernel metadata_file:dir search;
dontaudit kernel ota_metadata_file:dir rw_dir_perms;
dontaudit kernel sysfs:dir r_dir_perms;
diff --git a/prebuilts/api/202504/private/linkerconfig.te b/prebuilts/api/202504/private/linkerconfig.te
index ce26fd2..5459c1d 100644
--- a/prebuilts/api/202504/private/linkerconfig.te
+++ b/prebuilts/api/202504/private/linkerconfig.te
@@ -36,4 +36,5 @@
-init
-linkerconfig
-otapreopt_chroot
+ userdebug_or_eng(`-overlay_remounter')
} linkerconfig_exec:file no_x_file_perms;
diff --git a/prebuilts/api/202504/private/mmd.te b/prebuilts/api/202504/private/mmd.te
index 90510f1..1c0eca1 100644
--- a/prebuilts/api/202504/private/mmd.te
+++ b/prebuilts/api/202504/private/mmd.te
@@ -5,8 +5,9 @@
init_daemon_domain(mmd)
-# Set mmd.enabled_aconfig properties.
-set_prop(mmd, mmd_prop)
+# Set mmd.enabled_aconfig and zram backing device size.
+set_prop(mmd, mmd_status_prop)
+get_prop(mmd, mmd_prop)
get_prop(mmd, device_config_mmd_native_prop)
# mmd binder setup
@@ -29,3 +30,10 @@
# swapon syscall
allow mmd self:capability sys_admin;
+
+# Allow mmd to write to statsd socket.
+unix_socket_send(mmd, statsdw, statsd)
+# Allow mmd to interact with statsd binder calls for pulled atoms.
+allow mmd stats_service:service_manager find;
+allow mmd statsmanager_service:service_manager find;
+binder_call(mmd, statsd)
diff --git a/prebuilts/api/202504/private/netutils_wrapper.te b/prebuilts/api/202504/private/netutils_wrapper.te
index 37a2c47..28766dd 100644
--- a/prebuilts/api/202504/private/netutils_wrapper.te
+++ b/prebuilts/api/202504/private/netutils_wrapper.te
@@ -50,4 +50,4 @@
# netutils wrapper may only use the following capabilities.
neverallow netutils_wrapper self:global_capability_class_set ~{ net_admin net_raw };
-neverallow domain netutils_wrapper_exec:file execute_no_trans;
+neverallow { domain userdebug_or_eng(`-overlay_remounter') } netutils_wrapper_exec:file execute_no_trans;
diff --git a/prebuilts/api/202504/private/network_stack.te b/prebuilts/api/202504/private/network_stack.te
index 4450e02..8a07245 100644
--- a/prebuilts/api/202504/private/network_stack.te
+++ b/prebuilts/api/202504/private/network_stack.te
@@ -51,6 +51,10 @@
# calls if (fd.isSocket$()) if (isLingerSocket(fd)) ...
dontaudit network_stack self:key_socket getopt;
+# Allow network_stack to open/read/getattr various /proc/net files
+# (includes /proc/net/{anycast6,igmp,psched} /proc/sys/net/ipv4/ip_default_ttl)
+r_dir_file(network_stack, proc_net_type)
+
# Grant read permission of connectivity namespace system property prefix.
get_prop(network_stack, device_config_connectivity_prop)
diff --git a/prebuilts/api/202504/private/overlay_remounter.te b/prebuilts/api/202504/private/overlay_remounter.te
new file mode 100644
index 0000000..12f7b0d
--- /dev/null
+++ b/prebuilts/api/202504/private/overlay_remounter.te
@@ -0,0 +1,47 @@
+# Domain used for overlay_remounter process
+
+# All types must be defined regardless of build variant to ensure
+# policy compilation succeeds with userdebug/user combination at boot
+type overlay_remounter, domain, coredomain;
+
+# File types must be defined for file_contexts.
+type overlay_remounter_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+ domain_auto_trans(overlay_remounter, init_exec, init)
+
+ allow overlay_remounter init:process share;
+ allow overlay_remounter init:process2 nosuid_transition;
+ allow overlay_remounter kernel:fd use;
+ allow overlay_remounter tmpfs:chr_file { open read write };
+ allow overlay_remounter labeledfs:filesystem { mount unmount };
+ allow overlay_remounter overlayfs_file:chr_file { unlink create link rename };
+ allow overlay_remounter overlayfs_file:dir create_dir_perms;
+ allow overlay_remounter overlayfs_file:file { create open rename unlink write };
+ allow overlay_remounter self:capability { chown fowner sys_admin dac_override dac_read_search };
+ allow overlay_remounter unlabeled:dir { rmdir search };
+ use_bootstrap_libs(overlay_remounter)
+
+ # overlay_remounter must be able to perform all possible operations
+ # on the overlaid partitions
+ allow overlay_remounter {
+ system_dlkm_file_type
+ vendor_file_type
+ system_file_type
+ adb_keys_file
+ }:{ file } ~{ entrypoint };
+
+ allow overlay_remounter {
+ system_dlkm_file_type
+ vendor_file_type
+ system_file_type
+ adb_keys_file
+ }:chr_file unlink;
+
+ allow overlay_remounter {
+ system_dlkm_file_type
+ vendor_file_type
+ system_file_type
+ adb_keys_file
+ }:{ dir lnk_file } *;
+')
diff --git a/prebuilts/api/202504/private/platform_app.te b/prebuilts/api/202504/private/platform_app.te
index e60dcdd..38339da 100644
--- a/prebuilts/api/202504/private/platform_app.te
+++ b/prebuilts/api/202504/private/platform_app.te
@@ -43,7 +43,7 @@
userdebug_or_eng(`
set_prop(platform_app, persist_wm_debug_prop)
')
-neverallow { domain -init -dumpstate userdebug_or_eng(`-domain') } persist_wm_debug_prop:property_service set;
+neverallow { domain -init -dumpstate -system_server userdebug_or_eng(`-domain') } persist_wm_debug_prop:property_service set;
userdebug_or_eng(`
set_prop(platform_app, persist_sysui_builder_extras_prop)
@@ -144,6 +144,9 @@
# Allow platform apps to create VMs
virtualizationservice_use(platform_app)
+# Allow platform apps to read files and directories under /data/system/shutdown-checkpoints/
+r_dir_file(platform_app, shutdown_checkpoints_system_data_file)
+
###
### Neverallow rules
###
diff --git a/prebuilts/api/202504/private/property.te b/prebuilts/api/202504/private/property.te
index dec43e1..f560007 100644
--- a/prebuilts/api/202504/private/property.te
+++ b/prebuilts/api/202504/private/property.te
@@ -36,7 +36,7 @@
system_internal_prop(localization_prop)
system_internal_prop(logd_auditrate_prop)
system_internal_prop(lower_kptr_restrict_prop)
-system_internal_prop(mmd_prop)
+system_internal_prop(mmd_status_prop)
system_internal_prop(net_464xlat_fromvendor_prop)
system_internal_prop(net_connectivity_prop)
system_internal_prop(netd_stable_secret_prop)
@@ -57,7 +57,9 @@
system_internal_prop(system_adbd_prop)
system_internal_prop(system_audio_config_prop)
system_internal_prop(timezone_metadata_prop)
+system_internal_prop(traced_config_prop)
system_internal_prop(traced_perf_enabled_prop)
+system_internal_prop(traced_relay_relay_port_prop)
system_internal_prop(uprobestats_start_with_config_prop)
system_internal_prop(tuner_server_ctl_prop)
system_internal_prop(userspace_reboot_log_prop)
@@ -110,9 +112,13 @@
# Properties which should only be written by vendor_init
system_vendor_config_prop(avf_virtualizationservice_prop)
+until_board_api(202504, `
+ system_vendor_config_prop(drm_config_prop)
+')
system_vendor_config_prop(high_barometer_quality_prop)
+system_vendor_config_prop(mmd_prop)
+system_vendor_config_prop(mmd_shared_prop)
system_vendor_config_prop(prefetch_boot_prop)
-system_vendor_config_prop(widevine_sys_vendor_prop)
typeattribute log_prop log_property_type;
typeattribute log_tag_prop log_property_type;
diff --git a/prebuilts/api/202504/private/property_contexts b/prebuilts/api/202504/private/property_contexts
index fa82e29..92d8dca 100644
--- a/prebuilts/api/202504/private/property_contexts
+++ b/prebuilts/api/202504/private/property_contexts
@@ -88,6 +88,9 @@
persist.security. u:object_r:system_prop:s0
persist.traced.enable u:object_r:traced_enabled_prop:s0
traced.lazy. u:object_r:traced_lazy_prop:s0
+traced_relay.relay_port u:object_r:traced_relay_relay_port_prop:s0
+ro.traced. u:object_r:traced_config_prop:s0
+traced.relay_producer_port u:object_r:traced_config_prop:s0
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
uprobestats.start_with_config u:object_r:uprobestats_start_with_config_prop:s0
@@ -718,6 +721,7 @@
bluetooth.core.le.connection_scan_window_slow u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.inquiry_scan_interval u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.inquiry_scan_window u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.msft_vendor_opcode u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.vendor_capabilities.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.hfp.software_datapath.enabled u:object_r:bluetooth_config_prop:s0 exact bool
@@ -776,8 +780,6 @@
pm.16kb.app_compat.disabled u:object_r:pm_16kb_app_compat_prop:s0 exact bool
-ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
-
ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
ro.bluetooth.leaudio_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
@@ -1811,11 +1813,13 @@
# Properties that allows vendors to enable Trusty widevine VM features
# Enable Widevine VM
-trusty.widevine_vm.enabled u:object_r:widevine_sys_vendor_prop:s0 exact bool
+trusty.widevine_vm.enabled u:object_r:drm_config_prop:s0 exact bool
# Sets the path used by Widevine HALs to find correct library for the widevine
# service provider location
-widevine.liboemcrypto.path u:object_r:widevine_sys_vendor_prop:s0 exact string
+widevine.liboemcrypto.path u:object_r:drm_config_prop:s0 exact string
# Properties for mmd
mmd. u:object_r:mmd_prop:s0
-mmd.enabled_aconfig u:object_r:mmd_prop:s0 exact bool
+mmd.zram.enabled u:object_r:mmd_shared_prop:s0 exact bool
+mmd.enabled_aconfig u:object_r:mmd_status_prop:s0 exact bool
+mmd.status. u:object_r:mmd_status_prop:s0
diff --git a/prebuilts/api/202504/private/runas_app.te b/prebuilts/api/202504/private/runas_app.te
index 9142a19..88b4abb 100644
--- a/prebuilts/api/202504/private/runas_app.te
+++ b/prebuilts/api/202504/private/runas_app.te
@@ -17,9 +17,6 @@
allow runas_app untrusted_app_all:process { ptrace sigkill signal sigstop };
allow runas_app untrusted_app_all:unix_stream_socket connectto;
-# Allow executing system image simpleperf without a domain transition.
-allow runas_app simpleperf_exec:file rx_file_perms;
-
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
# the same domain as their respective process, most of which this domain is not
@@ -28,8 +25,8 @@
# Allow runas_app to call perf_event_open for profiling debuggable app
# processes, but not the whole system.
-allow runas_app self:perf_event { open read write kernel };
-neverallow runas_app self:perf_event ~{ open read write kernel };
+allow runas_app self:perf_event { open read write };
+neverallow runas_app self:perf_event ~{ open read write };
# Suppress bionic loader denial /data/local/tests directories.
dontaudit runas_app shell_test_data_file:dir search;
diff --git a/prebuilts/api/202504/private/seapp_contexts b/prebuilts/api/202504/private/seapp_contexts
index 25ed1ba..1a4d944 100644
--- a/prebuilts/api/202504/private/seapp_contexts
+++ b/prebuilts/api/202504/private/seapp_contexts
@@ -221,6 +221,4 @@
user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
user=_app fromRunAs=true domain=runas_app levelFrom=user
-user=_app isPrivApp=true name=com.android.virtualization.vmlauncher domain=vmlauncher_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true name=com.google.android.virtualization.vmlauncher domain=vmlauncher_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.virtualization.terminal domain=vmlauncher_app type=privapp_data_file levelFrom=all
diff --git a/prebuilts/api/202504/private/service.te b/prebuilts/api/202504/private/service.te
index 6912eb9..3b84e93 100644
--- a/prebuilts/api/202504/private/service.te
+++ b/prebuilts/api/202504/private/service.te
@@ -20,7 +20,7 @@
type mmd_service, service_manager_type;
type on_device_intelligence_service, app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
type profcollectd_service, service_manager_type;
-type protolog_configuration_service, app_api_service, system_api_service, system_server_service, service_manager_type;
+type protolog_configuration_service, app_api_service, system_api_service, system_server_service, service_manager_type, ephemeral_app_api_service;
type resolver_service, system_server_service, service_manager_type;
type rkpd_registrar_service, service_manager_type;
type rkpd_refresh_service, service_manager_type;
@@ -60,7 +60,9 @@
')
type uce_service, service_manager_type;
-type fwk_vold_service, service_manager_type;
+until_board_api(202504, `
+ type fwk_vold_service, service_manager_type;
+')
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
type wifi_mainline_supplicant_service, service_manager_type;
type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
diff --git a/prebuilts/api/202504/private/service_contexts b/prebuilts/api/202504/private/service_contexts
index c72f9b0..dec8f6b 100644
--- a/prebuilts/api/202504/private/service_contexts
+++ b/prebuilts/api/202504/private/service_contexts
@@ -32,6 +32,7 @@
android.hardware.biometrics.fingerprint.IFingerprint/virtual u:object_r:hal_fingerprint_service:s0
android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual u:object_r:hal_fingerprint_service:s0
android.hardware.bluetooth.IBluetoothHci/default u:object_r:hal_bluetooth_service:s0
+android.hardware.bluetooth.offload.leaudio.IHciProxy/default u:object_r:hal_bluetooth_service:s0
android.hardware.bluetooth.finder.IBluetoothFinder/default u:object_r:hal_bluetooth_service:s0
is_flag_enabled(RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE, `
android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default u:object_r:hal_bluetooth_service:s0
diff --git a/prebuilts/api/202504/private/shell.te b/prebuilts/api/202504/private/shell.te
index 2033f7e..492d8f5 100644
--- a/prebuilts/api/202504/private/shell.te
+++ b/prebuilts/api/202504/private/shell.te
@@ -67,6 +67,9 @@
# ... and /data/misc/perfetto-traces/bugreport/ .
allow shell perfetto_traces_bugreport_data_file:dir rw_dir_perms;
allow shell perfetto_traces_bugreport_data_file:file { r_file_perms unlink };
+# ... and /data/misc/perfetto-traces/profiling/ .
+allow shell perfetto_traces_profiling_data_file:dir rw_dir_perms;
+allow shell perfetto_traces_profiling_data_file:file { r_file_perms unlink };
# Allow shell to create/remove configs stored in /data/misc/perfetto-configs.
allow shell perfetto_configs_data_file:dir rw_dir_perms;
@@ -142,7 +145,7 @@
# Allow shell to call perf_event_open for profiling other shell processes, but
# not the whole system.
-allow shell self:perf_event { open read write kernel };
+allow shell self:perf_event { open read write };
# Allow shell to read microdroid vendor image
r_dir_file(shell, vendor_microdroid_file)
diff --git a/prebuilts/api/202504/private/simpleperf.te b/prebuilts/api/202504/private/simpleperf.te
index 9c70060..46769cb 100644
--- a/prebuilts/api/202504/private/simpleperf.te
+++ b/prebuilts/api/202504/private/simpleperf.te
@@ -14,14 +14,13 @@
untrusted_app_all
}')
-domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
+domain_auto_trans(simpleperf_profileable_apps, simpleperf_exec, simpleperf)
# When running in this domain, simpleperf is scoped to profiling an individual
# app. The necessary MAC permissions for profiling are more maintainable and
# consistent if simpleperf is marked as an app domain as well (as, for example,
# it will then see the same set of system libraries as the app).
app_domain(simpleperf)
-untrusted_app_domain(simpleperf)
# Allow ptrace attach to the target app, for reading JIT debug info (using
# process_vm_readv) during unwinding and symbolization.
@@ -45,7 +44,23 @@
# not allowed to see.
dontaudit simpleperf domain:dir search;
+# Allow simpleperf to read apk files and libraries executed by the app.
+r_dir_file(simpleperf, privapp_data_file);
+r_dir_file(simpleperf, app_data_file);
+allow simpleperf { apk_tmp_file apk_private_tmp_file }:file { getattr read };
+allow simpleperf system_linker_exec:file r_file_perms;
+allow simpleperf app_exec_data_file:file r_file_perms;
+allow simpleperf asec_public_file:file r_file_perms;
+r_dir_file(simpleperf, vendor_app_file);
+
+# Allow simpleperf to read input files passed from adb shell.
+allow simpleperf shell_data_file:file r_file_perms;
+allow simpleperf shell_data_file:dir r_dir_perms;
+
# Neverallows:
# Profiling must be confined to the scope of an individual app.
neverallow simpleperf self:perf_event ~{ open read write kernel };
+# Never allow other processes to ptrace simpleperf, as this could leak sensitive infomation from
+# raw samples.
+neverallow { domain -crash_dump -llkd } simpleperf:process ptrace;
diff --git a/prebuilts/api/202504/private/simpleperf_app_runner.te b/prebuilts/api/202504/private/simpleperf_app_runner.te
index 184a80a..e4871ac 100644
--- a/prebuilts/api/202504/private/simpleperf_app_runner.te
+++ b/prebuilts/api/202504/private/simpleperf_app_runner.te
@@ -4,6 +4,7 @@
# run simpleperf_app_runner in adb shell.
allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner adbd:unix_stream_socket { read write };
allow simpleperf_app_runner shell:fd use;
allow simpleperf_app_runner devpts:chr_file { read write ioctl };
@@ -29,7 +30,7 @@
# simpleperf_app_runner passes pipe fds.
# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
-allow simpleperf_app_runner shell:fifo_file { read write };
+allow simpleperf_app_runner shell:fifo_file { getattr read write };
# simpleperf_app_runner checks shell data paths.
# simpleperf_app_runner passes shell data fds.
diff --git a/prebuilts/api/202504/private/statsd.te b/prebuilts/api/202504/private/statsd.te
index 3db5c60..acc3aa6 100644
--- a/prebuilts/api/202504/private/statsd.te
+++ b/prebuilts/api/202504/private/statsd.te
@@ -98,6 +98,10 @@
allow statsd mediaserver_service:service_manager find;
binder_call(statsd, mediaserver)
+# Allow statsd to interact with mmd
+allow statsd mmd_service:service_manager find;
+binder_call(statsd, mmd)
+
# Allow logd access.
read_logd(statsd)
control_logd(statsd)
diff --git a/prebuilts/api/202504/private/system_server.te b/prebuilts/api/202504/private/system_server.te
index 20556ab..4e5112e 100644
--- a/prebuilts/api/202504/private/system_server.te
+++ b/prebuilts/api/202504/private/system_server.te
@@ -429,6 +429,9 @@
hal_sensors_server
hal_vibrator_server
hal_vr_server
+ hal_wifi_hostapd_server
+ hal_wifi_server
+ hal_wifi_supplicant_server
system_suspend_server
}:process { signal };
@@ -846,6 +849,9 @@
# Read device's serial number from system properties
get_prop(system_server, serialno_prop)
+# Read whether uvc gadget is enabled
+get_prop(system_server, usb_uvc_enabled_prop)
+
# Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop)
@@ -898,6 +904,7 @@
# Read persist.wm.debug. properties
get_prop(system_server, persist_wm_debug_prop)
+set_prop(system_server, persist_wm_debug_prop)
# Read persist.sysui.notification.builder_extras_override property
get_prop(system_server, persist_sysui_builder_extras_prop)
@@ -919,6 +926,9 @@
# Allow system server to determine if system services are enabled
get_prop(system_server, system_service_enable_prop)
+# Allow system server to read shared mmd properties
+get_prop(system_server, mmd_shared_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
@@ -1167,6 +1177,9 @@
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
+# Allow invoking pbtombstone
+allow system_server pbtombstone_exec:file rx_file_perms;
+
# Allow system process to setup fs-verity
allowxperm system_server { apk_data_file apk_tmp_file system_data_file apex_system_server_data_file }:file ioctl FS_IOC_ENABLE_VERITY;
@@ -1359,6 +1372,7 @@
file_type
-toolbox_exec
-logcat_exec
+ -pbtombstone_exec
with_asan(`-shell_exec -asanwrapper_exec -zygote_exec')
}:file execute_no_trans;
diff --git a/prebuilts/api/202504/private/traced.te b/prebuilts/api/202504/private/traced.te
index 8a29541..619a55b 100644
--- a/prebuilts/api/202504/private/traced.te
+++ b/prebuilts/api/202504/private/traced.te
@@ -56,6 +56,11 @@
# Allow traced to detect if a process is frozen (b/381089063).
allow traced cgroup_v2:file r_file_perms;
+# Allow traced/traced_relay to read the traced config properties.
+get_prop(traced, traced_config_prop)
+# Allow traced_relay to read the relay port being used
+get_prop(traced, traced_relay_relay_port_prop)
+
# Allow setting debug properties which guard initialization of the Perfetto SDK
# in SurfaceFlinger and HWUI's copy of Skia.
# Required for the android.sdk_sysprop_guard data source.
diff --git a/prebuilts/api/202504/private/ueventd.te b/prebuilts/api/202504/private/ueventd.te
index 7effa6d..654f861 100644
--- a/prebuilts/api/202504/private/ueventd.te
+++ b/prebuilts/api/202504/private/ueventd.te
@@ -75,6 +75,9 @@
# Allow ueventd to read apexd property
get_prop(ueventd, apexd_prop)
+# Allow ueventd to correctly label the symlinks it creates
+allow ueventd block_device:lnk_file relabelfrom;
+
#####
##### neverallow rules
#####
diff --git a/prebuilts/api/202504/private/vendor_toolbox.te b/prebuilts/api/202504/private/vendor_toolbox.te
index 178fa8f..5421dd5 100644
--- a/prebuilts/api/202504/private/vendor_toolbox.te
+++ b/prebuilts/api/202504/private/vendor_toolbox.te
@@ -7,5 +7,6 @@
coredomain
-init
-modprobe
+ userdebug_or_eng(`-overlay_remounter')
} vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
')
diff --git a/prebuilts/api/202504/private/virtualizationmanager.te b/prebuilts/api/202504/private/virtualizationmanager.te
index 259c402..95bdd1c 100644
--- a/prebuilts/api/202504/private/virtualizationmanager.te
+++ b/prebuilts/api/202504/private/virtualizationmanager.te
@@ -115,8 +115,16 @@
r_dir_file(virtualizationmanager, vendor_microdroid_file)
# Do not allow writing vendor_microdroid_file from any process.
-neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } vendor_microdroid_file:dir no_w_dir_perms;
-neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } vendor_microdroid_file:file no_w_file_perms;
+neverallow {
+ domain
+ recovery_only(`userdebug_or_eng(`-fastbootd')')
+ userdebug_or_eng(`-overlay_remounter')
+} vendor_microdroid_file:dir no_w_dir_perms;
+neverallow {
+ domain
+ recovery_only(`userdebug_or_eng(`-fastbootd')')
+ userdebug_or_eng(`-overlay_remounter')
+} vendor_microdroid_file:file no_w_file_perms;
# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
r_dir_file(virtualizationmanager, crosvm);
diff --git a/prebuilts/api/202504/private/wifi_mainline_supplicant.te b/prebuilts/api/202504/private/wifi_mainline_supplicant.te
index d6c7998..c18cef6 100644
--- a/prebuilts/api/202504/private/wifi_mainline_supplicant.te
+++ b/prebuilts/api/202504/private/wifi_mainline_supplicant.te
@@ -5,7 +5,7 @@
init_daemon_domain(wifi_mainline_supplicant)
add_service(wifi_mainline_supplicant, wifi_mainline_supplicant_service)
-allow wifi_mainline_supplicant self:global_capability_class_set { setuid setgid net_admin net_raw };
+allow wifi_mainline_supplicant self:global_capability_class_set { net_admin net_raw };
allow wifi_mainline_supplicant proc_net:file rw_file_perms;
allow wifi_mainline_supplicant sysfs_net:dir search;
diff --git a/prebuilts/api/202504/public/attributes b/prebuilts/api/202504/public/attributes
index bc58e40..ae7720e 100644
--- a/prebuilts/api/202504/public/attributes
+++ b/prebuilts/api/202504/public/attributes
@@ -366,6 +366,9 @@
hal_attribute(graphics_composer);
hal_attribute(health);
hal_attribute(health_storage);
+starting_at_board_api(202504, `
+ hal_attribute(hwcrypto);
+')
hal_attribute(identity);
hal_attribute(input_classifier);
hal_attribute(input_processor);
diff --git a/prebuilts/api/202504/public/property.te b/prebuilts/api/202504/public/property.te
index cb18741..c6c56a9 100644
--- a/prebuilts/api/202504/public/property.te
+++ b/prebuilts/api/202504/public/property.te
@@ -153,6 +153,9 @@
system_vendor_config_prop(composd_vm_vendor_prop)
system_vendor_config_prop(cpu_variant_prop)
system_vendor_config_prop(debugfs_restriction_prop)
+starting_at_board_api(202504, `
+ system_vendor_config_prop(drm_config_prop)
+')
system_vendor_config_prop(drm_service_config_prop)
system_vendor_config_prop(exported_camera_prop)
system_vendor_config_prop(exported_config_prop)
diff --git a/prebuilts/api/202504/public/service.te b/prebuilts/api/202504/public/service.te
index db79fdf..aa9d184 100644
--- a/prebuilts/api/202504/public/service.te
+++ b/prebuilts/api/202504/public/service.te
@@ -18,6 +18,9 @@
type evsmanagerd_service, service_manager_type;
type fingerprintd_service, service_manager_type;
type fwk_automotive_display_service, service_manager_type;
+starting_at_board_api(202504, `
+ type fwk_vold_service, service_manager_type;
+')
type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;
diff --git a/private/attributes b/private/attributes
index 4f59acf..93bf295 100644
--- a/private/attributes
+++ b/private/attributes
@@ -40,3 +40,7 @@
until_board_api(202504, `
hal_attribute(vm_capabilities);
')
+
+until_board_api(202504, `
+ hal_attribute(hwcrypto);
+')
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 8007d6c..224c49b 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -10,11 +10,13 @@
binderfs_logs_transactions
bluetooth_finder_prop
crosvm
+ drm_config_prop
early_virtmgr
early_virtmgr_exec
enable_16k_pages_prop
forensic_service
fstype_prop
+ fwk_vold_service
hal_mediaquality_service
hal_vm_capabilities_service
intrusion_detection_service
diff --git a/private/property.te b/private/property.te
index cd87e7a..f560007 100644
--- a/private/property.te
+++ b/private/property.te
@@ -112,11 +112,13 @@
# Properties which should only be written by vendor_init
system_vendor_config_prop(avf_virtualizationservice_prop)
+until_board_api(202504, `
+ system_vendor_config_prop(drm_config_prop)
+')
system_vendor_config_prop(high_barometer_quality_prop)
system_vendor_config_prop(mmd_prop)
system_vendor_config_prop(mmd_shared_prop)
system_vendor_config_prop(prefetch_boot_prop)
-system_vendor_config_prop(widevine_sys_vendor_prop)
typeattribute log_prop log_property_type;
typeattribute log_tag_prop log_property_type;
diff --git a/private/property_contexts b/private/property_contexts
index f9a6535..92d8dca 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1813,10 +1813,10 @@
# Properties that allows vendors to enable Trusty widevine VM features
# Enable Widevine VM
-trusty.widevine_vm.enabled u:object_r:widevine_sys_vendor_prop:s0 exact bool
+trusty.widevine_vm.enabled u:object_r:drm_config_prop:s0 exact bool
# Sets the path used by Widevine HALs to find correct library for the widevine
# service provider location
-widevine.liboemcrypto.path u:object_r:widevine_sys_vendor_prop:s0 exact string
+widevine.liboemcrypto.path u:object_r:drm_config_prop:s0 exact string
# Properties for mmd
mmd. u:object_r:mmd_prop:s0
diff --git a/private/service.te b/private/service.te
index ab9351c..3b84e93 100644
--- a/private/service.te
+++ b/private/service.te
@@ -60,7 +60,9 @@
')
type uce_service, service_manager_type;
-type fwk_vold_service, service_manager_type;
+until_board_api(202504, `
+ type fwk_vold_service, service_manager_type;
+')
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
type wifi_mainline_supplicant_service, service_manager_type;
type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
diff --git a/public/attributes b/public/attributes
index bc58e40..ae7720e 100644
--- a/public/attributes
+++ b/public/attributes
@@ -366,6 +366,9 @@
hal_attribute(graphics_composer);
hal_attribute(health);
hal_attribute(health_storage);
+starting_at_board_api(202504, `
+ hal_attribute(hwcrypto);
+')
hal_attribute(identity);
hal_attribute(input_classifier);
hal_attribute(input_processor);
diff --git a/public/property.te b/public/property.te
index cb18741..c6c56a9 100644
--- a/public/property.te
+++ b/public/property.te
@@ -153,6 +153,9 @@
system_vendor_config_prop(composd_vm_vendor_prop)
system_vendor_config_prop(cpu_variant_prop)
system_vendor_config_prop(debugfs_restriction_prop)
+starting_at_board_api(202504, `
+ system_vendor_config_prop(drm_config_prop)
+')
system_vendor_config_prop(drm_service_config_prop)
system_vendor_config_prop(exported_camera_prop)
system_vendor_config_prop(exported_config_prop)
diff --git a/public/service.te b/public/service.te
index db79fdf..aa9d184 100644
--- a/public/service.te
+++ b/public/service.te
@@ -18,6 +18,9 @@
type evsmanagerd_service, service_manager_type;
type fingerprintd_service, service_manager_type;
type fwk_automotive_display_service, service_manager_type;
+starting_at_board_api(202504, `
+ type fwk_vold_service, service_manager_type;
+')
type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;