Merge "Add screencap domain." into stage-aosp-master am: 09d37ab90b -s ours am: 091d3fcc29 -s ours
am: 407cf0880e -s ours
Change-Id: I73e2866bbb6957ea7ebc05aa529623359e53da48
diff --git a/Android.mk b/Android.mk
index a61b252..1c9295e 100644
--- a/Android.mk
+++ b/Android.mk
@@ -1,5 +1,7 @@
LOCAL_PATH:= $(call my-dir)
+include $(LOCAL_PATH)/definitions.mk
+
# PLATFORM_SEPOLICY_VERSION is a number of the form "NN.m" with "NN" mapping to
# PLATFORM_SDK_VERSION and "m" as a minor number which allows for SELinux
# changes independent of PLATFORM_SDK_VERSION. This value will be set to
@@ -47,6 +49,8 @@
ifdef BOARD_SEPOLICY_M4DEFS
LOCAL_ADDITIONAL_M4DEFS := $(addprefix -D, $(BOARD_SEPOLICY_M4DEFS))
+else
+LOCAL_ADDITIONAL_M4DEFS :=
endif
# sepolicy is now divided into multiple portions:
@@ -190,8 +194,13 @@
plat_sepolicy.cil \
plat_and_mapping_sepolicy.cil.sha256 \
secilc \
- plat_sepolicy_vers.txt \
- treble_sepolicy_tests
+ plat_sepolicy_vers.txt
+
+ifneq ($(with_asan),true)
+LOCAL_REQUIRED_MODULES += \
+ treble_sepolicy_tests \
+ sepolicy_tests
+endif
# Include precompiled policy, unless told otherwise
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
@@ -222,17 +231,9 @@
$(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(reqd_policy_mask.conf): PRIVATE_FULL_TREBLE := $(PRODUCT_FULL_TREBLE)
$(reqd_policy_mask.conf): $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
- @mkdir -p $(dir $@)
- $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
- -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
- -D target_arch=$(PRIVATE_TGT_ARCH) \
- -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
- -D target_full_treble=$(PRODUCT_FULL_TREBLE) \
- -s $^ > $@
-
+ $(transform-policy-to-conf)
# b/37755687
CHECKPOLICY_ASAN_OPTIONS := ASAN_OPTIONS=detect_leaks=0
@@ -256,18 +257,10 @@
$(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(plat_pub_policy.conf): PRIVATE_FULL_TREBLE := $(PRODUCT_FULL_TREBLE)
$(plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
- @mkdir -p $(dir $@)
- $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
- -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
- -D target_arch=$(PRIVATE_TGT_ARCH) \
- -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
- -D target_full_treble=$(PRODUCT_FULL_TREBLE) \
- -s $^ > $@
-
+ $(transform-policy-to-conf)
plat_pub_policy.cil := $(intermediates)/plat_pub_policy.cil
$(plat_pub_policy.cil): PRIVATE_POL_CONF := $(plat_pub_policy.conf)
$(plat_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
@@ -312,17 +305,10 @@
$(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(plat_policy.conf): PRIVATE_FULL_TREBLE := $(PRODUCT_FULL_TREBLE)
$(plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
- @mkdir -p $(dir $@)
- $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
- -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
- -D target_arch=$(PRIVATE_TGT_ARCH) \
- -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
- -D target_full_treble=$(PRODUCT_FULL_TREBLE) \
- -s $^ > $@
+ $(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CIL_FILES := \
@@ -424,17 +410,10 @@
$(nonplat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(nonplat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(nonplat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(nonplat_policy.conf): PRIVATE_FULL_TREBLE := $(PRODUCT_FULL_TREBLE)
$(nonplat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS))
- @mkdir -p $(dir $@)
- $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
- -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
- -D target_arch=$(PRIVATE_TGT_ARCH) \
- -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
- -D target_full_treble=$(PRODUCT_FULL_TREBLE) \
- -s $^ > $@
+ $(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
nonplat_policy_raw := $(intermediates)/nonplat_policy_raw.cil
@@ -550,18 +529,11 @@
$(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
$(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
$(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS))
- @mkdir -p $(dir $@)
- $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
- -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
- -D target_arch=$(PRIVATE_TGT_ARCH) \
- -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
- -D target_recovery=true \
- -s $^ > $@
+ $(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
$(LOCAL_BUILT_MODULE): $(sepolicy.recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
@@ -596,16 +568,11 @@
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
$(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
+$(LOCAL_BUILT_MODULE): PRIVATE_FULL_TREBLE := cts
$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
- mkdir -p $(dir $@)
- $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=user \
- -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
- -D target_arch=$(PRIVATE_TGT_ARCH) \
- -D target_with_asan=false \
- -D target_full_treble=cts \
- -s $^ > $@
+ $(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
##################################
@@ -1158,26 +1125,151 @@
nonplat_mac_perms_keys.tmp :=
all_nonplat_mac_perms_files :=
+#################################
+include $(CLEAR_VARS)
+LOCAL_MODULE := sepolicy_tests
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := tests
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+sepolicy_tests := $(intermediates)/sepolicy_tests
+$(sepolicy_tests): PRIVATE_PLAT_FC := $(built_plat_fc)
+$(sepolicy_tests): PRIVATE_NONPLAT_FC := $(built_nonplat_fc)
+$(sepolicy_tests): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(sepolicy_tests): $(HOST_OUT_EXECUTABLES)/sepolicy_tests.py \
+$(built_plat_fc) $(built_nonplat_fc) $(built_sepolicy)
+ @mkdir -p $(dir $@)
+ $(hide) python $(HOST_OUT_EXECUTABLES)/sepolicy_tests.py -l $(HOST_OUT)/lib64 -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) -p $(PRIVATE_SEPOLICY)
+ $(hide) touch $@
+
##################################
ifeq ($(PRODUCT_FULL_TREBLE),true)
include $(CLEAR_VARS)
# For Treble builds run tests verifying that processes are properly labeled and
-# permissions granted do not violate the treble model.
+# permissions granted do not violate the treble model. Also ensure that treble
+# compatibility guarantees are upheld between SELinux version bumps.
LOCAL_MODULE := treble_sepolicy_tests
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := tests
include $(BUILD_SYSTEM)/base_rules.mk
+# 26.0_plat - the platform policy shipped as part of the 26.0 release. This is
+# built to enable us to determine the diff between the current policy and the
+# 26.0 policy, which will be used in tests to make sure that compatibility has
+# been maintained by our mapping files.
+26.0_PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/prebuilts/api/26.0/public
+26.0_PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/prebuilts/api/26.0/private
+26.0_plat_policy.conf := $(intermediates)/26.0_plat_policy.conf
+$(26.0_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(26.0_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(26.0_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(26.0_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(26.0_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(26.0_plat_policy.conf): PRIVATE_FULL_TREBLE := true
+$(26.0_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+$(26.0_PLAT_PUBLIC_POLICY) $(26.0_PLAT_PRIVATE_POLICY))
+ $(transform-policy-to-conf)
+ $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+
+built_26.0_plat_sepolicy := $(intermediates)/built_26.0_plat_sepolicy
+$(built_26.0_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, technical_debt.cil , $(26.0_PLAT_PRIVATE_POLICY))
+$(built_26.0_plat_sepolicy): $(26.0_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+ $(HOST_OUT_EXECUTABLES)/secilc \
+ $(call build_policy, technical_debt.cil, $(26.0_PLAT_PRIVATE_POLICY))
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@ $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o $@ -f /dev/null
+
+26.0_plat_policy.conf :=
+
+
+# 26.0_compat - the current plat_sepolicy.cil built with the compatibility file
+# targeting the 26.0 SELinux release. This ensures that our policy will build
+# when used on a device that has non-platform policy targetting the 26.0 release.
+26.0_compat := $(intermediates)/26.0_compat
+26.0_mapping.cil := $(LOCAL_PATH)/private/compat/26.0/26.0.cil
+26.0_mapping.ignore.cil := $(LOCAL_PATH)/private/compat/26.0/26.0.ignore.cil
+26.0_nonplat := $(LOCAL_PATH)/prebuilts/api/26.0/nonplat_sepolicy.cil
+$(26.0_compat): PRIVATE_CIL_FILES := \
+$(built_plat_cil) $(26.0_mapping.cil) $(26.0_nonplat)
+$(26.0_compat): $(HOST_OUT_EXECUTABLES)/secilc \
+$(built_plat_cil) $(26.0_mapping.cil) $(26.0_nonplat)
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -N -c $(POLICYVERS) \
+ $(PRIVATE_CIL_FILES) -o $@ -f /dev/null
+
+# 26.0_mapping.combined.cil - a combination of the mapping file used when
+# combining the current platform policy with nonplatform policy based on the
+# 26.0 policy release and also a special ignored file that exists purely for
+# these tests.
+26.0_mapping.combined.cil := $(intermediates)/26.0_mapping.combined.cil
+$(26.0_mapping.combined.cil): $(26.0_mapping.cil) $(26.0_mapping.ignore.cil)
+ mkdir -p $(dir $@)
+ cat $^ > $@
+
+# plat_sepolicy - the current platform policy only, built into a policy binary.
+# TODO - this currently excludes partner extensions, but support should be added
+# to enable partners to add their own compatibility mapping
+BASE_PLAT_PUBLIC_POLICY := $(filter-out $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR), $(PLAT_PUBLIC_POLICY))
+BASE_PLAT_PRIVATE_POLICY := $(filter-out $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR), $(PLAT_PRIVATE_POLICY))
+base_plat_policy.conf := $(intermediates)/base_plat_policy.conf
+$(base_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(base_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(base_plat_policy.conf): PRIVATE_FULL_TREBLE := true
+$(base_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+$(BASE_PLAT_PUBLIC_POLICY) $(BASE_PLAT_PRIVATE_POLICY))
+ $(transform-policy-to-conf)
+ $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+
+built_plat_sepolicy := $(intermediates)/built_plat_sepolicy
+$(built_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(BASE_PLAT_PRIVATE_POLICY))
+$(built_plat_sepolicy): $(base_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/secilc \
+$(call build_policy, $(sepolicy_build_cil_workaround_files), $(BASE_PLAT_PRIVATE_POLICY))
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@ $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o $@ -f /dev/null
+
treble_sepolicy_tests := $(intermediates)/treble_sepolicy_tests
$(treble_sepolicy_tests): PRIVATE_PLAT_FC := $(built_plat_fc)
$(treble_sepolicy_tests): PRIVATE_NONPLAT_FC := $(built_nonplat_fc)
$(treble_sepolicy_tests): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(treble_sepolicy_tests): PRIVATE_SEPOLICY_OLD := $(built_26.0_plat_sepolicy)
+$(treble_sepolicy_tests): PRIVATE_COMBINED_MAPPING := $(26.0_mapping.combined.cil)
+$(treble_sepolicy_tests): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
$(treble_sepolicy_tests): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests.py \
-$(built_plat_fc) $(built_nonplat_fc) $(built_sepolicy)
+$(built_plat_fc) $(built_nonplat_fc) $(built_sepolicy) $(built_plat_sepolicy) \
+$(built_26.0_plat_sepolicy) $(26.0_compat) $(26.0_mapping.combined.cil)
@mkdir -p $(dir $@)
- $(hide) python $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests.py -l $(HOST_OUT)/lib64 -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) -p $(PRIVATE_SEPOLICY)
+ $(hide) python $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests.py -l \
+ $(HOST_OUT)/lib64 -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) \
+ -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
+ -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY)
$(hide) touch $@
+
+26.0_PLAT_PUBLIC_POLICY :=
+26.0_PLAT_PRIVATE_POLICY :=
+26.0_compat :=
+26.0_mapping.cil :=
+26.0_mapping.combined.cil :=
+26.0_mapping.ignore.cil :=
+26.0_nonplat :=
+BASE_PLAT_PUBLIC_POLICY :=
+BASE_PLAT_PRIVATE_POLICY :=
+base_plat_policy.conf :=
+built_26.0_plat_sepolicy :=
+plat_sepolicy :=
+
endif # ($(PRODUCT_FULL_TREBLE),true)
#################################
diff --git a/definitions.mk b/definitions.mk
new file mode 100644
index 0000000..47d0004
--- /dev/null
+++ b/definitions.mk
@@ -0,0 +1,15 @@
+# Command to turn collection of policy files into a policy.conf file to be
+# processed by checkpolicy
+define transform-policy-to-conf
+@mkdir -p $(dir $@)
+$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
+ -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
+ -D target_build_variant=$(TARGET_BUILD_VARIANT) \
+ -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
+ -D target_arch=$(PRIVATE_TGT_ARCH) \
+ -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
+ -D target_full_treble=$(PRIVATE_FULL_TREBLE) \
+ $(PRIVATE_TGT_RECOVERY) \
+ -s $^ > $@
+endef
+.KATI_READONLY := transform-policy-to-conf
diff --git a/prebuilts/api/26.0/nonplat_sepolicy.cil b/prebuilts/api/26.0/nonplat_sepolicy.cil
new file mode 100644
index 0000000..2ed4efa
--- /dev/null
+++ b/prebuilts/api/26.0/nonplat_sepolicy.cil
@@ -0,0 +1,6109 @@
+(roletype r domain)
+(typeattributeset dev_type (device_26_0 alarm_device_26_0 ashmem_device_26_0 audio_device_26_0 audio_timer_device_26_0 audio_seq_device_26_0 binder_device_26_0 hwbinder_device_26_0 vndbinder_device_26_0 block_device_26_0 camera_device_26_0 dm_device_26_0 keychord_device_26_0 loop_control_device_26_0 loop_device_26_0 pmsg_device_26_0 radio_device_26_0 ram_device_26_0 rtc_device_26_0 vold_device_26_0 console_device_26_0 cpuctl_device_26_0 fscklogs_26_0 full_device_26_0 gpu_device_26_0 graphics_device_26_0 hw_random_device_26_0 input_device_26_0 kmem_device_26_0 port_device_26_0 log_device_26_0 mtd_device_26_0 mtp_device_26_0 nfc_device_26_0 ptmx_device_26_0 kmsg_device_26_0 null_device_26_0 random_device_26_0 sensors_device_26_0 serial_device_26_0 socket_device_26_0 owntty_device_26_0 tty_device_26_0 video_device_26_0 vcs_device_26_0 zero_device_26_0 fuse_device_26_0 iio_device_26_0 ion_device_26_0 qtaguid_device_26_0 watchdog_device_26_0 uhid_device_26_0 uio_device_26_0 tun_device_26_0 usbaccessory_device_26_0 usb_device_26_0 properties_device_26_0 properties_serial_26_0 i2c_device_26_0 hci_attach_dev_26_0 rpmsg_device_26_0 root_block_device_26_0 frp_block_device_26_0 system_block_device_26_0 recovery_block_device_26_0 boot_block_device_26_0 userdata_block_device_26_0 cache_block_device_26_0 swap_block_device_26_0 metadata_block_device_26_0 misc_block_device_26_0 ppp_device_26_0 tee_device_26_0))
+(typeattributeset domain (adbd_26_0 audioserver_26_0 blkid_26_0 blkid_untrusted_26_0 bluetooth_26_0 bootanim_26_0 bootstat_26_0 bufferhubd_26_0 cameraserver_26_0 charger_26_0 clatd_26_0 cppreopts_26_0 crash_dump_26_0 dex2oat_26_0 dhcp_26_0 dnsmasq_26_0 drmserver_26_0 dumpstate_26_0 ephemeral_app_26_0 fingerprintd_26_0 fsck_26_0 fsck_untrusted_26_0 gatekeeperd_26_0 healthd_26_0 hwservicemanager_26_0 idmap_26_0 incident_26_0 incidentd_26_0 init_26_0 inputflinger_26_0 install_recovery_26_0 installd_26_0 isolated_app_26_0 kernel_26_0 keystore_26_0 lmkd_26_0 logd_26_0 logpersist_26_0 mdnsd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediametrics_26_0 mediaserver_26_0 modprobe_26_0 mtp_26_0 netd_26_0 netutils_wrapper_26_0 nfc_26_0 otapreopt_chroot_26_0 otapreopt_slot_26_0 performanced_26_0 perfprofd_26_0 platform_app_26_0 postinstall_26_0 postinstall_dexopt_26_0 ppp_26_0 preopt2cachename_26_0 priv_app_26_0 profman_26_0 racoon_26_0 radio_26_0 recovery_26_0 recovery_persist_26_0 recovery_refresh_26_0 rild_26_0 runas_26_0 sdcardd_26_0 servicemanager_26_0 sgdisk_26_0 shared_relro_26_0 shell_26_0 slideshow_26_0 su_26_0 surfaceflinger_26_0 system_app_26_0 system_server_26_0 tee_26_0 tombstoned_26_0 toolbox_26_0 tzdatacheck_26_0 ueventd_26_0 uncrypt_26_0 untrusted_app_26_0 untrusted_app_25_26_0 untrusted_v2_app_26_0 update_engine_26_0 update_verifier_26_0 vdc_26_0 virtual_touchpad_26_0 vndservicemanager_26_0 vold_26_0 vr_hwc_26_0 watchdogd_26_0 webview_zygote_26_0 wificond_26_0 zygote_26_0 hal_audio_default hal_bluetooth_default hal_bootctl_default hal_camera_default hal_configstore_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_memtrack_default hal_nfc_default hal_power_default hal_sensors_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_offload_default hal_wifi_supplicant_default hostapd vendor_modprobe))
+(typeattributeset fs_type (device_26_0 labeledfs_26_0 pipefs_26_0 sockfs_26_0 rootfs_26_0 proc_26_0 proc_security_26_0 proc_drop_caches_26_0 proc_overcommit_memory_26_0 usermodehelper_26_0 qtaguid_proc_26_0 proc_bluetooth_writable_26_0 proc_cpuinfo_26_0 proc_interrupts_26_0 proc_iomem_26_0 proc_meminfo_26_0 proc_misc_26_0 proc_modules_26_0 proc_net_26_0 proc_perf_26_0 proc_stat_26_0 proc_sysrq_26_0 proc_timer_26_0 proc_tty_drivers_26_0 proc_uid_cputime_showstat_26_0 proc_uid_cputime_removeuid_26_0 proc_uid_io_stats_26_0 proc_uid_procstat_set_26_0 proc_zoneinfo_26_0 selinuxfs_26_0 cgroup_26_0 sysfs_26_0 sysfs_uio_26_0 sysfs_batteryinfo_26_0 sysfs_bluetooth_writable_26_0 sysfs_leds_26_0 sysfs_hwrandom_26_0 sysfs_nfc_power_writable_26_0 sysfs_wake_lock_26_0 sysfs_mac_address_26_0 configfs_26_0 sysfs_devices_system_cpu_26_0 sysfs_lowmemorykiller_26_0 sysfs_wlan_fwpath_26_0 sysfs_vibrator_26_0 sysfs_thermal_26_0 sysfs_zram_26_0 sysfs_zram_uevent_26_0 inotify_26_0 devpts_26_0 tmpfs_26_0 shm_26_0 mqueue_26_0 fuse_26_0 sdcardfs_26_0 vfat_26_0 debugfs_26_0 debugfs_mmc_26_0 debugfs_trace_marker_26_0 debugfs_tracing_26_0 debugfs_tracing_instances_26_0 debugfs_wifi_tracing_26_0 tracing_shell_writable_26_0 tracing_shell_writable_debug_26_0 pstorefs_26_0 functionfs_26_0 oemfs_26_0 usbfs_26_0 binfmt_miscfs_26_0 app_fusefs_26_0))
+(typeattributeset contextmount_type (oemfs_26_0 app_fusefs_26_0))
+(typeattributeset file_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 drmserver_socket_26_0 dumpstate_exec_26_0 sysfs_usb_26_0 unlabeled_26_0 system_file_26_0 vendor_hal_file_26_0 vendor_file_26_0 vendor_app_file_26_0 vendor_configs_file_26_0 same_process_hal_file_26_0 vndk_sp_file_26_0 vendor_framework_file_26_0 vendor_overlay_file_26_0 runtime_event_log_tags_file_26_0 logcat_exec_26_0 coredump_file_26_0 system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 mnt_media_rw_file_26_0 mnt_user_file_26_0 mnt_expand_file_26_0 storage_file_26_0 mnt_media_rw_stub_file_26_0 storage_stub_file_26_0 postinstall_mnt_dir_26_0 postinstall_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 cache_file_26_0 cache_backup_file_26_0 cache_private_backup_file_26_0 cache_recovery_file_26_0 efs_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 bluetooth_efs_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 adbd_socket_26_0 bluetooth_socket_26_0 dnsproxyd_socket_26_0 dumpstate_socket_26_0 fwmarkd_socket_26_0 lmkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdns_socket_26_0 mdnsd_socket_26_0 misc_logd_file_26_0 mtpd_socket_26_0 netd_socket_26_0 property_socket_26_0 racoon_socket_26_0 rild_socket_26_0 rild_debug_socket_26_0 system_wpa_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 tombstoned_intercept_socket_26_0 uncrypt_socket_26_0 vold_socket_26_0 webview_zygote_socket_26_0 wpa_socket_26_0 zygote_socket_26_0 gps_control_26_0 pdx_display_dir_26_0 pdx_performance_dir_26_0 pdx_bufferhub_dir_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 file_contexts_file_26_0 mac_perms_file_26_0 property_contexts_file_26_0 seapp_contexts_file_26_0 sepolicy_file_26_0 service_contexts_file_26_0 hwservice_contexts_file_26_0 vndservice_contexts_file_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 hostapd_socket hal_audio_default_exec hal_audio_default_tmpfs hal_bluetooth_default_exec hal_bluetooth_default_tmpfs hal_bootctl_default_exec hal_bootctl_default_tmpfs hal_camera_default_exec hal_camera_default_tmpfs hal_configstore_default_exec hal_configstore_default_tmpfs hal_contexthub_default_exec hal_contexthub_default_tmpfs hal_drm_default_exec hal_drm_default_tmpfs hal_dumpstate_default_exec hal_dumpstate_default_tmpfs hal_fingerprint_default_exec hal_fingerprint_default_tmpfs hal_gatekeeper_default_exec hal_gatekeeper_default_tmpfs hal_gnss_default_exec hal_gnss_default_tmpfs hal_graphics_allocator_default_exec hal_graphics_allocator_default_tmpfs hal_graphics_composer_default_exec hal_graphics_composer_default_tmpfs hal_health_default_exec hal_health_default_tmpfs hal_ir_default_exec hal_ir_default_tmpfs hal_keymaster_default_exec hal_keymaster_default_tmpfs hal_light_default_exec hal_light_default_tmpfs hal_memtrack_default_exec hal_memtrack_default_tmpfs hal_nfc_default_exec hal_nfc_default_tmpfs mediacodec_tmpfs hal_power_default_exec hal_power_default_tmpfs hal_sensors_default_exec hal_sensors_default_tmpfs hal_thermal_default_exec hal_thermal_default_tmpfs hal_tv_cec_default_exec hal_tv_cec_default_tmpfs hal_tv_input_default_exec hal_tv_input_default_tmpfs hal_usb_default_exec hal_usb_default_tmpfs hal_vibrator_default_exec hal_vibrator_default_tmpfs hal_vr_default_exec hal_vr_default_tmpfs hal_wifi_default_exec hal_wifi_default_tmpfs hal_wifi_offload_default_exec hal_wifi_offload_default_tmpfs hal_wifi_supplicant_default_exec hal_wifi_supplicant_default_tmpfs hostapd_exec hostapd_tmpfs rild_exec rild_tmpfs tee_exec tee_tmpfs vndservicemanager_exec vndservicemanager_tmpfs))
+(typeattributeset exec_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 dumpstate_exec_26_0 logcat_exec_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 hal_audio_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_camera_default_exec hal_configstore_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_sensors_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec hostapd_exec rild_exec tee_exec vndservicemanager_exec))
+(typeattributeset data_file_type (system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0))
+(typeattributeset core_data_file_type (system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0))
+(typeattributeset vendor_file_type (vendor_hal_file_26_0 vendor_file_26_0 vendor_app_file_26_0 vendor_configs_file_26_0 same_process_hal_file_26_0 vndk_sp_file_26_0 vendor_framework_file_26_0 vendor_overlay_file_26_0 mediacodec_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 hal_audio_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_camera_default_exec hal_configstore_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_sensors_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec hostapd_exec rild_exec tee_exec vndservicemanager_exec))
+(typeattributeset sysfs_type (usermodehelper_26_0 sysfs_26_0 sysfs_uio_26_0 sysfs_batteryinfo_26_0 sysfs_bluetooth_writable_26_0 sysfs_leds_26_0 sysfs_hwrandom_26_0 sysfs_nfc_power_writable_26_0 sysfs_wake_lock_26_0 sysfs_mac_address_26_0 sysfs_usb_26_0 sysfs_devices_system_cpu_26_0 sysfs_lowmemorykiller_26_0 sysfs_wlan_fwpath_26_0 sysfs_vibrator_26_0 sysfs_thermal_26_0 sysfs_zram_26_0 sysfs_zram_uevent_26_0))
+(typeattributeset debugfs_type (debugfs_mmc_26_0 debugfs_trace_marker_26_0 debugfs_tracing_26_0 debugfs_tracing_instances_26_0 debugfs_wifi_tracing_26_0 tracing_shell_writable_26_0 tracing_shell_writable_debug_26_0))
+(typeattributeset sdcard_type (fuse_26_0 sdcardfs_26_0 vfat_26_0))
+(typeattributeset node_type (node_26_0))
+(typeattributeset netif_type (netif_26_0))
+(typeattributeset port_type (port_26_0))
+(typeattributeset property_type (asan_reboot_prop_26_0 audio_prop_26_0 boottime_prop_26_0 bluetooth_prop_26_0 config_prop_26_0 cppreopt_prop_26_0 ctl_bootanim_prop_26_0 ctl_bugreport_prop_26_0 ctl_console_prop_26_0 ctl_default_prop_26_0 ctl_dumpstate_prop_26_0 ctl_fuse_prop_26_0 ctl_mdnsd_prop_26_0 ctl_rildaemon_prop_26_0 dalvik_prop_26_0 debuggerd_prop_26_0 debug_prop_26_0 default_prop_26_0 device_logging_prop_26_0 dhcp_prop_26_0 dumpstate_options_prop_26_0 dumpstate_prop_26_0 ffs_prop_26_0 fingerprint_prop_26_0 firstboot_prop_26_0 hwservicemanager_prop_26_0 logd_prop_26_0 logpersistd_logging_prop_26_0 log_prop_26_0 log_tag_prop_26_0 mmc_prop_26_0 net_dns_prop_26_0 net_radio_prop_26_0 nfc_prop_26_0 overlay_prop_26_0 pan_result_prop_26_0 persist_debug_prop_26_0 persistent_properties_ready_prop_26_0 powerctl_prop_26_0 radio_prop_26_0 restorecon_prop_26_0 safemode_prop_26_0 serialno_prop_26_0 shell_prop_26_0 system_prop_26_0 system_radio_prop_26_0 vold_prop_26_0 wifi_log_prop_26_0 wifi_prop_26_0))
+(typeattributeset core_property_type (audio_prop_26_0 config_prop_26_0 cppreopt_prop_26_0 dalvik_prop_26_0 debuggerd_prop_26_0 debug_prop_26_0 default_prop_26_0 dhcp_prop_26_0 dumpstate_prop_26_0 ffs_prop_26_0 fingerprint_prop_26_0 logd_prop_26_0 net_radio_prop_26_0 nfc_prop_26_0 pan_result_prop_26_0 persist_debug_prop_26_0 powerctl_prop_26_0 radio_prop_26_0 restorecon_prop_26_0 shell_prop_26_0 system_prop_26_0 system_radio_prop_26_0 vold_prop_26_0))
+(typeattributeset log_property_type (log_prop_26_0 log_tag_prop_26_0 wifi_log_prop_26_0))
+(typeattributeset system_server_service (accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 battery_service_26_0 bluetooth_manager_service_26_0 cameraproxy_service_26_0 clipboard_service_26_0 contexthub_service_26_0 IProxyService_service_26_0 commontime_management_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 coverage_service_26_0 cpuinfo_service_26_0 dbinfo_service_26_0 device_policy_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 devicestoragemonitor_service_26_0 diskstats_service_26_0 display_service_26_0 font_service_26_0 netd_listener_service_26_0 DockObserver_service_26_0 dreams_service_26_0 dropbox_service_26_0 ethernet_service_26_0 fingerprint_service_26_0 gfxinfo_service_26_0 graphicsstats_service_26_0 hardware_service_26_0 hardware_properties_service_26_0 hdmi_control_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 lock_settings_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 meminfo_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 network_score_service_26_0 network_time_update_service_26_0 notification_service_26_0 oem_lock_service_26_0 otadexopt_service_26_0 overlay_service_26_0 package_service_26_0 permission_service_26_0 persistent_data_block_service_26_0 pinner_service_26_0 power_service_26_0 print_service_26_0 processinfo_service_26_0 procstats_service_26_0 recovery_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 samplingprofiler_service_26_0 scheduling_policy_service_26_0 search_service_26_0 sec_key_att_app_id_provider_service_26_0 sensorservice_service_26_0 serial_service_26_0 servicediscovery_service_26_0 settings_service_26_0 shortcut_service_26_0 statusbar_service_26_0 storagestats_service_26_0 task_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 trust_service_26_0 tv_input_service_26_0 uimode_service_26_0 updatelock_service_26_0 usagestats_service_26_0 usb_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 vr_manager_service_26_0 wallpaper_service_26_0 webviewupdate_service_26_0 wifip2p_service_26_0 wifiscanner_service_26_0 wifi_service_26_0 wifiaware_service_26_0 window_service_26_0))
+(typeattributeset app_api_service (batteryproperties_service_26_0 gatekeeper_service_26_0 accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 bluetooth_manager_service_26_0 clipboard_service_26_0 contexthub_service_26_0 IProxyService_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 device_policy_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 display_service_26_0 font_service_26_0 dreams_service_26_0 dropbox_service_26_0 ethernet_service_26_0 fingerprint_service_26_0 graphicsstats_service_26_0 hardware_properties_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 notification_service_26_0 package_service_26_0 permission_service_26_0 power_service_26_0 print_service_26_0 procstats_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 search_service_26_0 sec_key_att_app_id_provider_service_26_0 sensorservice_service_26_0 servicediscovery_service_26_0 settings_service_26_0 shortcut_service_26_0 statusbar_service_26_0 storagestats_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 trust_service_26_0 tv_input_service_26_0 uimode_service_26_0 usagestats_service_26_0 usb_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 wallpaper_service_26_0 webviewupdate_service_26_0 wifip2p_service_26_0 wifi_service_26_0 wifiaware_service_26_0))
+(typeattributeset ephemeral_app_api_service (batteryproperties_service_26_0 accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 bluetooth_manager_service_26_0 clipboard_service_26_0 IProxyService_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 display_service_26_0 font_service_26_0 dreams_service_26_0 dropbox_service_26_0 graphicsstats_service_26_0 hardware_properties_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 notification_service_26_0 package_service_26_0 permission_service_26_0 power_service_26_0 print_service_26_0 procstats_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 search_service_26_0 sensorservice_service_26_0 servicediscovery_service_26_0 settings_service_26_0 statusbar_service_26_0 storagestats_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 tv_input_service_26_0 uimode_service_26_0 usagestats_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 webviewupdate_service_26_0))
+(typeattributeset system_api_service (cpuinfo_service_26_0 dbinfo_service_26_0 diskstats_service_26_0 gfxinfo_service_26_0 hdmi_control_service_26_0 lock_settings_service_26_0 meminfo_service_26_0 network_score_service_26_0 oem_lock_service_26_0 persistent_data_block_service_26_0 serial_service_26_0 updatelock_service_26_0 wifiscanner_service_26_0 window_service_26_0))
+(typeattributeset service_manager_type (audioserver_service_26_0 batteryproperties_service_26_0 bluetooth_service_26_0 cameraserver_service_26_0 default_android_service_26_0 drmserver_service_26_0 dumpstate_service_26_0 fingerprintd_service_26_0 hal_fingerprint_service_26_0 gatekeeper_service_26_0 gpu_service_26_0 inputflinger_service_26_0 incident_service_26_0 installd_service_26_0 keystore_service_26_0 mediaserver_service_26_0 mediametrics_service_26_0 mediaextractor_service_26_0 mediacodec_service_26_0 mediadrmserver_service_26_0 mediacasserver_service_26_0 netd_service_26_0 nfc_service_26_0 radio_service_26_0 storaged_service_26_0 surfaceflinger_service_26_0 system_app_service_26_0 update_engine_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0 accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 battery_service_26_0 bluetooth_manager_service_26_0 cameraproxy_service_26_0 clipboard_service_26_0 contexthub_service_26_0 IProxyService_service_26_0 commontime_management_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 coverage_service_26_0 cpuinfo_service_26_0 dbinfo_service_26_0 device_policy_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 devicestoragemonitor_service_26_0 diskstats_service_26_0 display_service_26_0 font_service_26_0 netd_listener_service_26_0 DockObserver_service_26_0 dreams_service_26_0 dropbox_service_26_0 ethernet_service_26_0 fingerprint_service_26_0 gfxinfo_service_26_0 graphicsstats_service_26_0 hardware_service_26_0 hardware_properties_service_26_0 hdmi_control_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 lock_settings_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 meminfo_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 network_score_service_26_0 network_time_update_service_26_0 notification_service_26_0 oem_lock_service_26_0 otadexopt_service_26_0 overlay_service_26_0 package_service_26_0 permission_service_26_0 persistent_data_block_service_26_0 pinner_service_26_0 power_service_26_0 print_service_26_0 processinfo_service_26_0 procstats_service_26_0 recovery_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 samplingprofiler_service_26_0 scheduling_policy_service_26_0 search_service_26_0 sec_key_att_app_id_provider_service_26_0 sensorservice_service_26_0 serial_service_26_0 servicediscovery_service_26_0 settings_service_26_0 shortcut_service_26_0 statusbar_service_26_0 storagestats_service_26_0 task_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 trust_service_26_0 tv_input_service_26_0 uimode_service_26_0 updatelock_service_26_0 usagestats_service_26_0 usb_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 vr_manager_service_26_0 wallpaper_service_26_0 webviewupdate_service_26_0 wifip2p_service_26_0 wifiscanner_service_26_0 wifi_service_26_0 wificond_service_26_0 wifiaware_service_26_0 window_service_26_0))
+(typeattributeset hwservice_manager_type (default_android_hwservice_26_0 fwk_display_hwservice_26_0 fwk_scheduler_hwservice_26_0 fwk_sensor_hwservice_26_0 hal_audio_hwservice_26_0 hal_bluetooth_hwservice_26_0 hal_bootctl_hwservice_26_0 hal_camera_hwservice_26_0 hal_configstore_ISurfaceFlingerConfigs_26_0 hal_contexthub_hwservice_26_0 hal_drm_hwservice_26_0 hal_dumpstate_hwservice_26_0 hal_fingerprint_hwservice_26_0 hal_gatekeeper_hwservice_26_0 hal_gnss_hwservice_26_0 hal_graphics_allocator_hwservice_26_0 hal_graphics_composer_hwservice_26_0 hal_graphics_mapper_hwservice_26_0 hal_health_hwservice_26_0 hal_ir_hwservice_26_0 hal_keymaster_hwservice_26_0 hal_light_hwservice_26_0 hal_memtrack_hwservice_26_0 hal_nfc_hwservice_26_0 hal_oemlock_hwservice_26_0 hal_omx_hwservice_26_0 hal_power_hwservice_26_0 hal_renderscript_hwservice_26_0 hal_sensors_hwservice_26_0 hal_telephony_hwservice_26_0 hal_thermal_hwservice_26_0 hal_tv_cec_hwservice_26_0 hal_tv_input_hwservice_26_0 hal_usb_hwservice_26_0 hal_vibrator_hwservice_26_0 hal_vr_hwservice_26_0 hal_weaver_hwservice_26_0 hal_wifi_hwservice_26_0 hal_wifi_supplicant_hwservice_26_0 hidl_allocator_hwservice_26_0 hidl_base_hwservice_26_0 hidl_manager_hwservice_26_0 hidl_memory_hwservice_26_0 hidl_token_hwservice_26_0 system_wifi_keystore_hwservice_26_0))
+(typeattributeset same_process_hwservice (hal_graphics_mapper_hwservice_26_0 hal_renderscript_hwservice_26_0))
+(typeattributeset coredomain_hwservice (fwk_display_hwservice_26_0 fwk_scheduler_hwservice_26_0 fwk_sensor_hwservice_26_0 hidl_allocator_hwservice_26_0 hidl_manager_hwservice_26_0 hidl_memory_hwservice_26_0 hidl_token_hwservice_26_0 system_wifi_keystore_hwservice_26_0))
+(typeattributeset vndservice_manager_type (default_android_vndservice_26_0))
+(typeattributeset mlstrustedsubject (bufferhubd_26_0 cppreopts_26_0 drmserver_26_0 dumpstate_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 hwservicemanager_26_0 init_26_0 installd_26_0 kernel_26_0 keystore_26_0 lmkd_26_0 logd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediaserver_26_0 netd_26_0 otapreopt_slot_26_0 performanced_26_0 perfprofd_26_0 racoon_26_0 radio_26_0 runas_26_0 servicemanager_26_0 shell_26_0 su_26_0 tombstoned_26_0 uncrypt_26_0 vold_26_0))
+(typeattributeset mlstrustedobject (alarm_device_26_0 ashmem_device_26_0 binder_device_26_0 hwbinder_device_26_0 pmsg_device_26_0 gpu_device_26_0 log_device_26_0 mtp_device_26_0 ptmx_device_26_0 null_device_26_0 random_device_26_0 owntty_device_26_0 zero_device_26_0 fuse_device_26_0 ion_device_26_0 tun_device_26_0 usbaccessory_device_26_0 usb_device_26_0 qtaguid_proc_26_0 selinuxfs_26_0 cgroup_26_0 sysfs_26_0 sysfs_bluetooth_writable_26_0 sysfs_nfc_power_writable_26_0 sysfs_usb_26_0 inotify_26_0 devpts_26_0 fuse_26_0 sdcardfs_26_0 vfat_26_0 debugfs_trace_marker_26_0 functionfs_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_tmp_file_26_0 apk_private_tmp_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 shell_data_file_26_0 heapdump_data_file_26_0 ringtone_file_26_0 media_rw_data_file_26_0 radio_data_file_26_0 perfprofd_data_file_26_0 method_trace_data_file_26_0 system_app_data_file_26_0 cache_file_26_0 cache_backup_file_26_0 cache_recovery_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 asec_apk_file_26_0 backup_data_file_26_0 app_fuse_file_26_0 dnsproxyd_socket_26_0 fwmarkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdnsd_socket_26_0 property_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0))
+(typeattributeset netdomain (clatd_26_0 dhcp_26_0 dnsmasq_26_0 drmserver_26_0 dumpstate_26_0 mediadrmserver_26_0 mediaserver_26_0 mtp_26_0 netd_26_0 ppp_26_0 racoon_26_0 radio_26_0 rild_26_0 shell_26_0 su_26_0 update_engine_26_0 hal_wifi_supplicant_default hostapd))
+(typeattributeset bluetoothdomain (radio_26_0))
+(typeattributeset binderservicedomain (cameraserver_26_0 drmserver_26_0 gatekeeperd_26_0 healthd_26_0 inputflinger_26_0 keystore_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediametrics_26_0 mediaserver_26_0 radio_26_0 virtual_touchpad_26_0 vr_hwc_26_0))
+(typeattributeset update_engine_common (update_engine_26_0))
+(typeattributeset coredomain (perfprofd_26_0))
+(typeattributeset coredomain_socket (adbd_socket_26_0 bluetooth_socket_26_0 dnsproxyd_socket_26_0 dumpstate_socket_26_0 fwmarkd_socket_26_0 lmkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdns_socket_26_0 mdnsd_socket_26_0 misc_logd_file_26_0 mtpd_socket_26_0 netd_socket_26_0 property_socket_26_0 racoon_socket_26_0 system_wpa_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 tombstoned_intercept_socket_26_0 uncrypt_socket_26_0 vold_socket_26_0 webview_zygote_socket_26_0 zygote_socket_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_client_channel_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_manager_channel_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_screenshot_channel_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_display_vsync_channel_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_performance_client_channel_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 pdx_bufferhub_client_channel_socket_26_0))
+(typeattributeset pdx_endpoint_dir_type (pdx_display_dir_26_0 pdx_performance_dir_26_0 pdx_bufferhub_dir_26_0))
+(typeattributeset pdx_endpoint_socket_type (pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0))
+(typeattributeset pdx_channel_socket_type (pdx_display_client_channel_socket_26_0 pdx_display_manager_channel_socket_26_0 pdx_display_screenshot_channel_socket_26_0 pdx_display_vsync_channel_socket_26_0 pdx_performance_client_channel_socket_26_0 pdx_bufferhub_client_channel_socket_26_0))
+(typeattributeset pdx_display_client_endpoint_dir_type (pdx_display_dir_26_0))
+(typeattributeset pdx_display_client_endpoint_socket_type (pdx_display_client_endpoint_socket_26_0))
+(typeattributeset pdx_display_client_channel_socket_type (pdx_display_client_channel_socket_26_0))
+(typeattributeset pdx_display_manager_endpoint_dir_type (pdx_display_dir_26_0))
+(typeattributeset pdx_display_manager_endpoint_socket_type (pdx_display_manager_endpoint_socket_26_0))
+(typeattributeset pdx_display_manager_channel_socket_type (pdx_display_manager_channel_socket_26_0))
+(typeattributeset pdx_display_screenshot_endpoint_dir_type (pdx_display_dir_26_0))
+(typeattributeset pdx_display_screenshot_endpoint_socket_type (pdx_display_screenshot_endpoint_socket_26_0))
+(typeattributeset pdx_display_screenshot_channel_socket_type (pdx_display_screenshot_channel_socket_26_0))
+(typeattributeset pdx_display_vsync_endpoint_dir_type (pdx_display_dir_26_0))
+(typeattributeset pdx_display_vsync_endpoint_socket_type (pdx_display_vsync_endpoint_socket_26_0))
+(typeattributeset pdx_display_vsync_channel_socket_type (pdx_display_vsync_channel_socket_26_0))
+(typeattributeset pdx_performance_client_endpoint_dir_type (pdx_performance_dir_26_0))
+(typeattributeset pdx_performance_client_endpoint_socket_type (pdx_performance_client_endpoint_socket_26_0))
+(typeattributeset pdx_performance_client_channel_socket_type (pdx_performance_client_channel_socket_26_0))
+(typeattributeset pdx_performance_client_server_type (performanced_26_0))
+(typeattributeset pdx_bufferhub_client_endpoint_dir_type (pdx_bufferhub_dir_26_0))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_type (pdx_bufferhub_client_endpoint_socket_26_0))
+(typeattributeset pdx_bufferhub_client_channel_socket_type (pdx_bufferhub_client_channel_socket_26_0))
+(typeattributeset pdx_bufferhub_client_server_type (bufferhubd_26_0))
+(typeattributeset halserverdomain (rild_26_0 hal_audio_default hal_bluetooth_default hal_bootctl_default hal_camera_default hal_configstore_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_memtrack_default hal_nfc_default hal_power_default hal_sensors_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_offload_default hal_wifi_supplicant_default))
+(typeattributeset halclientdomain (bootanim_26_0 bufferhubd_26_0 cameraserver_26_0 dumpstate_26_0 gatekeeperd_26_0 healthd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaserver_26_0 radio_26_0 update_engine_26_0 update_verifier_26_0 vold_26_0 vr_hwc_26_0 hal_audio_default))
+(typeattributeset hal_allocator_client (mediacodec_26_0 mediaserver_26_0 hal_audio_default))
+(typeattributeset hal_audio (hal_audio_default))
+(typeattributeset hal_audio_server (hal_audio_default))
+(typeattributeset hal_bluetooth (hal_bluetooth_default))
+(typeattributeset hal_bluetooth_server (hal_bluetooth_default))
+(typeattributeset hal_bootctl (hal_bootctl_default))
+(typeattributeset hal_bootctl_client (update_engine_26_0 update_verifier_26_0))
+(typeattributeset hal_bootctl_server (hal_bootctl_default))
+(typeattributeset hal_camera (hal_camera_default))
+(typeattributeset hal_camera_client (cameraserver_26_0))
+(typeattributeset hal_camera_server (hal_camera_default))
+(typeattributeset hal_configstore (hal_configstore_default))
+(typeattributeset hal_configstore_server (hal_configstore_default))
+(typeattributeset hal_contexthub (hal_contexthub_default))
+(typeattributeset hal_contexthub_server (hal_contexthub_default))
+(typeattributeset hal_drm (hal_drm_default))
+(typeattributeset hal_drm_client (mediadrmserver_26_0))
+(typeattributeset hal_drm_server (hal_drm_default))
+(typeattributeset hal_dumpstate (hal_dumpstate_default))
+(typeattributeset hal_dumpstate_client (dumpstate_26_0))
+(typeattributeset hal_dumpstate_server (hal_dumpstate_default))
+(typeattributeset hal_fingerprint (hal_fingerprint_default))
+(typeattributeset hal_fingerprint_server (hal_fingerprint_default))
+(typeattributeset hal_gatekeeper (hal_gatekeeper_default))
+(typeattributeset hal_gatekeeper_client (gatekeeperd_26_0))
+(typeattributeset hal_gatekeeper_server (hal_gatekeeper_default))
+(typeattributeset hal_gnss (hal_gnss_default))
+(typeattributeset hal_gnss_server (hal_gnss_default))
+(typeattributeset hal_graphics_allocator (hal_graphics_allocator_default))
+(typeattributeset hal_graphics_allocator_client (bootanim_26_0 bufferhubd_26_0 cameraserver_26_0 dumpstate_26_0 mediacodec_26_0 vr_hwc_26_0))
+(typeattributeset hal_graphics_allocator_server (hal_graphics_allocator_default))
+(typeattributeset hal_graphics_composer (hal_graphics_composer_default))
+(typeattributeset hal_graphics_composer_client (bootanim_26_0))
+(typeattributeset hal_graphics_composer_server (hal_graphics_composer_default))
+(typeattributeset hal_health (hal_health_default))
+(typeattributeset hal_health_client (healthd_26_0))
+(typeattributeset hal_health_server (hal_health_default))
+(typeattributeset hal_ir (hal_ir_default))
+(typeattributeset hal_ir_server (hal_ir_default))
+(typeattributeset hal_keymaster (hal_keymaster_default))
+(typeattributeset hal_keymaster_client (vold_26_0))
+(typeattributeset hal_keymaster_server (hal_keymaster_default))
+(typeattributeset hal_light (hal_light_default))
+(typeattributeset hal_light_server (hal_light_default))
+(typeattributeset hal_memtrack (hal_memtrack_default))
+(typeattributeset hal_memtrack_server (hal_memtrack_default))
+(typeattributeset hal_nfc (hal_nfc_default))
+(typeattributeset hal_nfc_server (hal_nfc_default))
+(typeattributeset hal_power (hal_power_default))
+(typeattributeset hal_power_server (hal_power_default))
+(typeattributeset hal_sensors (hal_sensors_default))
+(typeattributeset hal_sensors_server (hal_sensors_default))
+(typeattributeset hal_telephony (rild_26_0))
+(typeattributeset hal_telephony_client (radio_26_0))
+(typeattributeset hal_telephony_server (rild_26_0))
+(typeattributeset hal_thermal (hal_thermal_default))
+(typeattributeset hal_thermal_server (hal_thermal_default))
+(typeattributeset hal_tv_cec (hal_tv_cec_default))
+(typeattributeset hal_tv_cec_server (hal_tv_cec_default))
+(typeattributeset hal_tv_input (hal_tv_input_default))
+(typeattributeset hal_tv_input_server (hal_tv_input_default))
+(typeattributeset hal_usb (hal_usb_default))
+(typeattributeset hal_usb_server (hal_usb_default))
+(typeattributeset hal_vibrator (hal_vibrator_default))
+(typeattributeset hal_vibrator_client (dumpstate_26_0))
+(typeattributeset hal_vibrator_server (hal_vibrator_default))
+(typeattributeset hal_vr (hal_vr_default))
+(typeattributeset hal_vr_server (hal_vr_default))
+(typeattributeset hal_wifi (hal_wifi_default))
+(typeattributeset hal_wifi_server (hal_wifi_default))
+(typeattributeset hal_wifi_offload (hal_wifi_offload_default))
+(typeattributeset hal_wifi_offload_server (hal_wifi_offload_default))
+(typeattributeset hal_wifi_supplicant (hal_wifi_supplicant_default))
+(typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default))
+(typeattribute adbd_26_0)
+(roletype object_r adbd_26_0)
+(typeattribute audioserver_26_0)
+(roletype object_r audioserver_26_0)
+(typeattribute blkid_26_0)
+(roletype object_r blkid_26_0)
+(typeattribute blkid_untrusted_26_0)
+(roletype object_r blkid_untrusted_26_0)
+(typeattribute bluetooth_26_0)
+(roletype object_r bluetooth_26_0)
+(typeattribute bootanim_26_0)
+(roletype object_r bootanim_26_0)
+(typeattribute bootanim_exec_26_0)
+(roletype object_r bootanim_exec_26_0)
+(typeattribute bootstat_26_0)
+(roletype object_r bootstat_26_0)
+(typeattribute bootstat_exec_26_0)
+(roletype object_r bootstat_exec_26_0)
+(typeattribute bufferhubd_26_0)
+(roletype object_r bufferhubd_26_0)
+(typeattribute bufferhubd_exec_26_0)
+(roletype object_r bufferhubd_exec_26_0)
+(typeattribute cameraserver_26_0)
+(roletype object_r cameraserver_26_0)
+(typeattribute cameraserver_exec_26_0)
+(roletype object_r cameraserver_exec_26_0)
+(typeattribute charger_26_0)
+(roletype object_r charger_26_0)
+(typeattribute clatd_26_0)
+(roletype object_r clatd_26_0)
+(typeattribute clatd_exec_26_0)
+(roletype object_r clatd_exec_26_0)
+(typeattribute cppreopts_26_0)
+(roletype object_r cppreopts_26_0)
+(typeattribute cppreopts_exec_26_0)
+(roletype object_r cppreopts_exec_26_0)
+(typeattribute crash_dump_26_0)
+(roletype object_r crash_dump_26_0)
+(typeattribute crash_dump_exec_26_0)
+(roletype object_r crash_dump_exec_26_0)
+(typeattribute device_26_0)
+(roletype object_r device_26_0)
+(typeattribute alarm_device_26_0)
+(roletype object_r alarm_device_26_0)
+(typeattribute ashmem_device_26_0)
+(roletype object_r ashmem_device_26_0)
+(typeattribute audio_device_26_0)
+(roletype object_r audio_device_26_0)
+(typeattribute audio_timer_device_26_0)
+(roletype object_r audio_timer_device_26_0)
+(typeattribute audio_seq_device_26_0)
+(roletype object_r audio_seq_device_26_0)
+(typeattribute binder_device_26_0)
+(roletype object_r binder_device_26_0)
+(typeattribute hwbinder_device_26_0)
+(roletype object_r hwbinder_device_26_0)
+(typeattribute vndbinder_device_26_0)
+(roletype object_r vndbinder_device_26_0)
+(typeattribute block_device_26_0)
+(roletype object_r block_device_26_0)
+(typeattribute camera_device_26_0)
+(roletype object_r camera_device_26_0)
+(typeattribute dm_device_26_0)
+(roletype object_r dm_device_26_0)
+(typeattribute keychord_device_26_0)
+(roletype object_r keychord_device_26_0)
+(typeattribute loop_control_device_26_0)
+(roletype object_r loop_control_device_26_0)
+(typeattribute loop_device_26_0)
+(roletype object_r loop_device_26_0)
+(typeattribute pmsg_device_26_0)
+(roletype object_r pmsg_device_26_0)
+(typeattribute radio_device_26_0)
+(roletype object_r radio_device_26_0)
+(typeattribute ram_device_26_0)
+(roletype object_r ram_device_26_0)
+(typeattribute rtc_device_26_0)
+(roletype object_r rtc_device_26_0)
+(typeattribute vold_device_26_0)
+(roletype object_r vold_device_26_0)
+(typeattribute console_device_26_0)
+(roletype object_r console_device_26_0)
+(typeattribute cpuctl_device_26_0)
+(roletype object_r cpuctl_device_26_0)
+(typeattribute fscklogs_26_0)
+(roletype object_r fscklogs_26_0)
+(typeattribute full_device_26_0)
+(roletype object_r full_device_26_0)
+(typeattribute gpu_device_26_0)
+(roletype object_r gpu_device_26_0)
+(typeattribute graphics_device_26_0)
+(roletype object_r graphics_device_26_0)
+(typeattribute hw_random_device_26_0)
+(roletype object_r hw_random_device_26_0)
+(typeattribute input_device_26_0)
+(roletype object_r input_device_26_0)
+(typeattribute kmem_device_26_0)
+(roletype object_r kmem_device_26_0)
+(typeattribute port_device_26_0)
+(roletype object_r port_device_26_0)
+(typeattribute log_device_26_0)
+(roletype object_r log_device_26_0)
+(typeattribute mtd_device_26_0)
+(roletype object_r mtd_device_26_0)
+(typeattribute mtp_device_26_0)
+(roletype object_r mtp_device_26_0)
+(typeattribute nfc_device_26_0)
+(roletype object_r nfc_device_26_0)
+(typeattribute ptmx_device_26_0)
+(roletype object_r ptmx_device_26_0)
+(typeattribute kmsg_device_26_0)
+(roletype object_r kmsg_device_26_0)
+(typeattribute null_device_26_0)
+(roletype object_r null_device_26_0)
+(typeattribute random_device_26_0)
+(roletype object_r random_device_26_0)
+(typeattribute sensors_device_26_0)
+(roletype object_r sensors_device_26_0)
+(typeattribute serial_device_26_0)
+(roletype object_r serial_device_26_0)
+(typeattribute socket_device_26_0)
+(roletype object_r socket_device_26_0)
+(typeattribute owntty_device_26_0)
+(roletype object_r owntty_device_26_0)
+(typeattribute tty_device_26_0)
+(roletype object_r tty_device_26_0)
+(typeattribute video_device_26_0)
+(roletype object_r video_device_26_0)
+(typeattribute vcs_device_26_0)
+(roletype object_r vcs_device_26_0)
+(typeattribute zero_device_26_0)
+(roletype object_r zero_device_26_0)
+(typeattribute fuse_device_26_0)
+(roletype object_r fuse_device_26_0)
+(typeattribute iio_device_26_0)
+(roletype object_r iio_device_26_0)
+(typeattribute ion_device_26_0)
+(roletype object_r ion_device_26_0)
+(typeattribute qtaguid_device_26_0)
+(roletype object_r qtaguid_device_26_0)
+(typeattribute watchdog_device_26_0)
+(roletype object_r watchdog_device_26_0)
+(typeattribute uhid_device_26_0)
+(roletype object_r uhid_device_26_0)
+(typeattribute uio_device_26_0)
+(roletype object_r uio_device_26_0)
+(typeattribute tun_device_26_0)
+(roletype object_r tun_device_26_0)
+(typeattribute usbaccessory_device_26_0)
+(roletype object_r usbaccessory_device_26_0)
+(typeattribute usb_device_26_0)
+(roletype object_r usb_device_26_0)
+(typeattribute properties_device_26_0)
+(roletype object_r properties_device_26_0)
+(typeattribute properties_serial_26_0)
+(roletype object_r properties_serial_26_0)
+(typeattribute i2c_device_26_0)
+(roletype object_r i2c_device_26_0)
+(typeattribute hci_attach_dev_26_0)
+(roletype object_r hci_attach_dev_26_0)
+(typeattribute rpmsg_device_26_0)
+(roletype object_r rpmsg_device_26_0)
+(typeattribute root_block_device_26_0)
+(roletype object_r root_block_device_26_0)
+(typeattribute frp_block_device_26_0)
+(roletype object_r frp_block_device_26_0)
+(typeattribute system_block_device_26_0)
+(roletype object_r system_block_device_26_0)
+(typeattribute recovery_block_device_26_0)
+(roletype object_r recovery_block_device_26_0)
+(typeattribute boot_block_device_26_0)
+(roletype object_r boot_block_device_26_0)
+(typeattribute userdata_block_device_26_0)
+(roletype object_r userdata_block_device_26_0)
+(typeattribute cache_block_device_26_0)
+(roletype object_r cache_block_device_26_0)
+(typeattribute swap_block_device_26_0)
+(roletype object_r swap_block_device_26_0)
+(typeattribute metadata_block_device_26_0)
+(roletype object_r metadata_block_device_26_0)
+(typeattribute misc_block_device_26_0)
+(roletype object_r misc_block_device_26_0)
+(typeattribute dex2oat_26_0)
+(roletype object_r dex2oat_26_0)
+(typeattribute dex2oat_exec_26_0)
+(roletype object_r dex2oat_exec_26_0)
+(typeattribute dhcp_26_0)
+(roletype object_r dhcp_26_0)
+(typeattribute dhcp_exec_26_0)
+(roletype object_r dhcp_exec_26_0)
+(typeattribute dnsmasq_26_0)
+(roletype object_r dnsmasq_26_0)
+(typeattribute dnsmasq_exec_26_0)
+(roletype object_r dnsmasq_exec_26_0)
+(typeattribute drmserver_26_0)
+(roletype object_r drmserver_26_0)
+(typeattribute drmserver_exec_26_0)
+(roletype object_r drmserver_exec_26_0)
+(typeattribute drmserver_socket_26_0)
+(roletype object_r drmserver_socket_26_0)
+(typeattribute dumpstate_26_0)
+(roletype object_r dumpstate_26_0)
+(typeattribute dumpstate_exec_26_0)
+(roletype object_r dumpstate_exec_26_0)
+(typeattribute ephemeral_app_26_0)
+(roletype object_r ephemeral_app_26_0)
+(typeattribute labeledfs_26_0)
+(roletype object_r labeledfs_26_0)
+(typeattribute pipefs_26_0)
+(roletype object_r pipefs_26_0)
+(typeattribute sockfs_26_0)
+(roletype object_r sockfs_26_0)
+(typeattribute rootfs_26_0)
+(roletype object_r rootfs_26_0)
+(typeattribute proc_26_0)
+(roletype object_r proc_26_0)
+(typeattribute proc_security_26_0)
+(roletype object_r proc_security_26_0)
+(typeattribute proc_drop_caches_26_0)
+(roletype object_r proc_drop_caches_26_0)
+(typeattribute proc_overcommit_memory_26_0)
+(roletype object_r proc_overcommit_memory_26_0)
+(typeattribute usermodehelper_26_0)
+(roletype object_r usermodehelper_26_0)
+(typeattribute qtaguid_proc_26_0)
+(roletype object_r qtaguid_proc_26_0)
+(typeattribute proc_bluetooth_writable_26_0)
+(roletype object_r proc_bluetooth_writable_26_0)
+(typeattribute proc_cpuinfo_26_0)
+(roletype object_r proc_cpuinfo_26_0)
+(typeattribute proc_interrupts_26_0)
+(roletype object_r proc_interrupts_26_0)
+(typeattribute proc_iomem_26_0)
+(roletype object_r proc_iomem_26_0)
+(typeattribute proc_meminfo_26_0)
+(roletype object_r proc_meminfo_26_0)
+(typeattribute proc_misc_26_0)
+(roletype object_r proc_misc_26_0)
+(typeattribute proc_modules_26_0)
+(roletype object_r proc_modules_26_0)
+(typeattribute proc_net_26_0)
+(roletype object_r proc_net_26_0)
+(typeattribute proc_perf_26_0)
+(roletype object_r proc_perf_26_0)
+(typeattribute proc_stat_26_0)
+(roletype object_r proc_stat_26_0)
+(typeattribute proc_sysrq_26_0)
+(roletype object_r proc_sysrq_26_0)
+(typeattribute proc_timer_26_0)
+(roletype object_r proc_timer_26_0)
+(typeattribute proc_tty_drivers_26_0)
+(roletype object_r proc_tty_drivers_26_0)
+(typeattribute proc_uid_cputime_showstat_26_0)
+(roletype object_r proc_uid_cputime_showstat_26_0)
+(typeattribute proc_uid_cputime_removeuid_26_0)
+(roletype object_r proc_uid_cputime_removeuid_26_0)
+(typeattribute proc_uid_io_stats_26_0)
+(roletype object_r proc_uid_io_stats_26_0)
+(typeattribute proc_uid_procstat_set_26_0)
+(roletype object_r proc_uid_procstat_set_26_0)
+(typeattribute proc_zoneinfo_26_0)
+(roletype object_r proc_zoneinfo_26_0)
+(typeattribute selinuxfs_26_0)
+(roletype object_r selinuxfs_26_0)
+(typeattribute cgroup_26_0)
+(roletype object_r cgroup_26_0)
+(typeattribute sysfs_26_0)
+(roletype object_r sysfs_26_0)
+(typeattribute sysfs_uio_26_0)
+(roletype object_r sysfs_uio_26_0)
+(typeattribute sysfs_batteryinfo_26_0)
+(roletype object_r sysfs_batteryinfo_26_0)
+(typeattribute sysfs_bluetooth_writable_26_0)
+(roletype object_r sysfs_bluetooth_writable_26_0)
+(typeattribute sysfs_leds_26_0)
+(roletype object_r sysfs_leds_26_0)
+(typeattribute sysfs_hwrandom_26_0)
+(roletype object_r sysfs_hwrandom_26_0)
+(typeattribute sysfs_nfc_power_writable_26_0)
+(roletype object_r sysfs_nfc_power_writable_26_0)
+(typeattribute sysfs_wake_lock_26_0)
+(roletype object_r sysfs_wake_lock_26_0)
+(typeattribute sysfs_mac_address_26_0)
+(roletype object_r sysfs_mac_address_26_0)
+(typeattribute sysfs_usb_26_0)
+(roletype object_r sysfs_usb_26_0)
+(typeattribute configfs_26_0)
+(roletype object_r configfs_26_0)
+(typeattribute sysfs_devices_system_cpu_26_0)
+(roletype object_r sysfs_devices_system_cpu_26_0)
+(typeattribute sysfs_lowmemorykiller_26_0)
+(roletype object_r sysfs_lowmemorykiller_26_0)
+(typeattribute sysfs_wlan_fwpath_26_0)
+(roletype object_r sysfs_wlan_fwpath_26_0)
+(typeattribute sysfs_vibrator_26_0)
+(roletype object_r sysfs_vibrator_26_0)
+(typeattribute sysfs_thermal_26_0)
+(roletype object_r sysfs_thermal_26_0)
+(typeattribute sysfs_zram_26_0)
+(roletype object_r sysfs_zram_26_0)
+(typeattribute sysfs_zram_uevent_26_0)
+(roletype object_r sysfs_zram_uevent_26_0)
+(typeattribute inotify_26_0)
+(roletype object_r inotify_26_0)
+(typeattribute devpts_26_0)
+(roletype object_r devpts_26_0)
+(typeattribute tmpfs_26_0)
+(roletype object_r tmpfs_26_0)
+(typeattribute shm_26_0)
+(roletype object_r shm_26_0)
+(typeattribute mqueue_26_0)
+(roletype object_r mqueue_26_0)
+(typeattribute fuse_26_0)
+(roletype object_r fuse_26_0)
+(typeattribute sdcardfs_26_0)
+(roletype object_r sdcardfs_26_0)
+(typeattribute vfat_26_0)
+(roletype object_r vfat_26_0)
+(typeattribute debugfs_26_0)
+(roletype object_r debugfs_26_0)
+(typeattribute debugfs_mmc_26_0)
+(roletype object_r debugfs_mmc_26_0)
+(typeattribute debugfs_trace_marker_26_0)
+(roletype object_r debugfs_trace_marker_26_0)
+(typeattribute debugfs_tracing_26_0)
+(roletype object_r debugfs_tracing_26_0)
+(typeattribute debugfs_tracing_instances_26_0)
+(roletype object_r debugfs_tracing_instances_26_0)
+(typeattribute debugfs_wifi_tracing_26_0)
+(roletype object_r debugfs_wifi_tracing_26_0)
+(typeattribute tracing_shell_writable_26_0)
+(roletype object_r tracing_shell_writable_26_0)
+(typeattribute tracing_shell_writable_debug_26_0)
+(roletype object_r tracing_shell_writable_debug_26_0)
+(typeattribute pstorefs_26_0)
+(roletype object_r pstorefs_26_0)
+(typeattribute functionfs_26_0)
+(roletype object_r functionfs_26_0)
+(typeattribute oemfs_26_0)
+(roletype object_r oemfs_26_0)
+(typeattribute usbfs_26_0)
+(roletype object_r usbfs_26_0)
+(typeattribute binfmt_miscfs_26_0)
+(roletype object_r binfmt_miscfs_26_0)
+(typeattribute app_fusefs_26_0)
+(roletype object_r app_fusefs_26_0)
+(typeattribute unlabeled_26_0)
+(roletype object_r unlabeled_26_0)
+(typeattribute system_file_26_0)
+(roletype object_r system_file_26_0)
+(typeattribute vendor_hal_file_26_0)
+(roletype object_r vendor_hal_file_26_0)
+(typeattribute vendor_file_26_0)
+(roletype object_r vendor_file_26_0)
+(typeattribute vendor_app_file_26_0)
+(roletype object_r vendor_app_file_26_0)
+(typeattribute vendor_configs_file_26_0)
+(roletype object_r vendor_configs_file_26_0)
+(typeattribute same_process_hal_file_26_0)
+(roletype object_r same_process_hal_file_26_0)
+(typeattribute vndk_sp_file_26_0)
+(roletype object_r vndk_sp_file_26_0)
+(typeattribute vendor_framework_file_26_0)
+(roletype object_r vendor_framework_file_26_0)
+(typeattribute vendor_overlay_file_26_0)
+(roletype object_r vendor_overlay_file_26_0)
+(typeattribute runtime_event_log_tags_file_26_0)
+(roletype object_r runtime_event_log_tags_file_26_0)
+(typeattribute logcat_exec_26_0)
+(roletype object_r logcat_exec_26_0)
+(typeattribute coredump_file_26_0)
+(roletype object_r coredump_file_26_0)
+(typeattribute system_data_file_26_0)
+(roletype object_r system_data_file_26_0)
+(typeattribute unencrypted_data_file_26_0)
+(roletype object_r unencrypted_data_file_26_0)
+(typeattribute install_data_file_26_0)
+(roletype object_r install_data_file_26_0)
+(typeattribute drm_data_file_26_0)
+(roletype object_r drm_data_file_26_0)
+(typeattribute adb_data_file_26_0)
+(roletype object_r adb_data_file_26_0)
+(typeattribute anr_data_file_26_0)
+(roletype object_r anr_data_file_26_0)
+(typeattribute tombstone_data_file_26_0)
+(roletype object_r tombstone_data_file_26_0)
+(typeattribute apk_data_file_26_0)
+(roletype object_r apk_data_file_26_0)
+(typeattribute apk_tmp_file_26_0)
+(roletype object_r apk_tmp_file_26_0)
+(typeattribute apk_private_data_file_26_0)
+(roletype object_r apk_private_data_file_26_0)
+(typeattribute apk_private_tmp_file_26_0)
+(roletype object_r apk_private_tmp_file_26_0)
+(typeattribute dalvikcache_data_file_26_0)
+(roletype object_r dalvikcache_data_file_26_0)
+(typeattribute ota_data_file_26_0)
+(roletype object_r ota_data_file_26_0)
+(typeattribute ota_package_file_26_0)
+(roletype object_r ota_package_file_26_0)
+(typeattribute user_profile_data_file_26_0)
+(roletype object_r user_profile_data_file_26_0)
+(typeattribute profman_dump_data_file_26_0)
+(roletype object_r profman_dump_data_file_26_0)
+(typeattribute resourcecache_data_file_26_0)
+(roletype object_r resourcecache_data_file_26_0)
+(typeattribute shell_data_file_26_0)
+(roletype object_r shell_data_file_26_0)
+(typeattribute property_data_file_26_0)
+(roletype object_r property_data_file_26_0)
+(typeattribute bootchart_data_file_26_0)
+(roletype object_r bootchart_data_file_26_0)
+(typeattribute heapdump_data_file_26_0)
+(roletype object_r heapdump_data_file_26_0)
+(typeattribute nativetest_data_file_26_0)
+(roletype object_r nativetest_data_file_26_0)
+(typeattribute ringtone_file_26_0)
+(roletype object_r ringtone_file_26_0)
+(typeattribute preloads_data_file_26_0)
+(roletype object_r preloads_data_file_26_0)
+(typeattribute preloads_media_file_26_0)
+(roletype object_r preloads_media_file_26_0)
+(typeattribute dhcp_data_file_26_0)
+(roletype object_r dhcp_data_file_26_0)
+(typeattribute mnt_media_rw_file_26_0)
+(roletype object_r mnt_media_rw_file_26_0)
+(typeattribute mnt_user_file_26_0)
+(roletype object_r mnt_user_file_26_0)
+(typeattribute mnt_expand_file_26_0)
+(roletype object_r mnt_expand_file_26_0)
+(typeattribute storage_file_26_0)
+(roletype object_r storage_file_26_0)
+(typeattribute mnt_media_rw_stub_file_26_0)
+(roletype object_r mnt_media_rw_stub_file_26_0)
+(typeattribute storage_stub_file_26_0)
+(roletype object_r storage_stub_file_26_0)
+(typeattribute postinstall_mnt_dir_26_0)
+(roletype object_r postinstall_mnt_dir_26_0)
+(typeattribute postinstall_file_26_0)
+(roletype object_r postinstall_file_26_0)
+(typeattribute adb_keys_file_26_0)
+(roletype object_r adb_keys_file_26_0)
+(typeattribute audio_data_file_26_0)
+(roletype object_r audio_data_file_26_0)
+(typeattribute audiohal_data_file_26_0)
+(roletype object_r audiohal_data_file_26_0)
+(typeattribute audioserver_data_file_26_0)
+(roletype object_r audioserver_data_file_26_0)
+(typeattribute bluetooth_data_file_26_0)
+(roletype object_r bluetooth_data_file_26_0)
+(typeattribute bluetooth_logs_data_file_26_0)
+(roletype object_r bluetooth_logs_data_file_26_0)
+(typeattribute bootstat_data_file_26_0)
+(roletype object_r bootstat_data_file_26_0)
+(typeattribute boottrace_data_file_26_0)
+(roletype object_r boottrace_data_file_26_0)
+(typeattribute camera_data_file_26_0)
+(roletype object_r camera_data_file_26_0)
+(typeattribute gatekeeper_data_file_26_0)
+(roletype object_r gatekeeper_data_file_26_0)
+(typeattribute incident_data_file_26_0)
+(roletype object_r incident_data_file_26_0)
+(typeattribute keychain_data_file_26_0)
+(roletype object_r keychain_data_file_26_0)
+(typeattribute keystore_data_file_26_0)
+(roletype object_r keystore_data_file_26_0)
+(typeattribute media_data_file_26_0)
+(roletype object_r media_data_file_26_0)
+(typeattribute media_rw_data_file_26_0)
+(roletype object_r media_rw_data_file_26_0)
+(typeattribute misc_user_data_file_26_0)
+(roletype object_r misc_user_data_file_26_0)
+(typeattribute net_data_file_26_0)
+(roletype object_r net_data_file_26_0)
+(typeattribute nfc_data_file_26_0)
+(roletype object_r nfc_data_file_26_0)
+(typeattribute radio_data_file_26_0)
+(roletype object_r radio_data_file_26_0)
+(typeattribute reboot_data_file_26_0)
+(roletype object_r reboot_data_file_26_0)
+(typeattribute recovery_data_file_26_0)
+(roletype object_r recovery_data_file_26_0)
+(typeattribute shared_relro_file_26_0)
+(roletype object_r shared_relro_file_26_0)
+(typeattribute systemkeys_data_file_26_0)
+(roletype object_r systemkeys_data_file_26_0)
+(typeattribute textclassifier_data_file_26_0)
+(roletype object_r textclassifier_data_file_26_0)
+(typeattribute vpn_data_file_26_0)
+(roletype object_r vpn_data_file_26_0)
+(typeattribute wifi_data_file_26_0)
+(roletype object_r wifi_data_file_26_0)
+(typeattribute zoneinfo_data_file_26_0)
+(roletype object_r zoneinfo_data_file_26_0)
+(typeattribute vold_data_file_26_0)
+(roletype object_r vold_data_file_26_0)
+(typeattribute perfprofd_data_file_26_0)
+(roletype object_r perfprofd_data_file_26_0)
+(typeattribute tee_data_file_26_0)
+(roletype object_r tee_data_file_26_0)
+(typeattribute update_engine_data_file_26_0)
+(roletype object_r update_engine_data_file_26_0)
+(typeattribute method_trace_data_file_26_0)
+(roletype object_r method_trace_data_file_26_0)
+(typeattribute app_data_file_26_0)
+(roletype object_r app_data_file_26_0)
+(typeattribute system_app_data_file_26_0)
+(roletype object_r system_app_data_file_26_0)
+(typeattribute cache_file_26_0)
+(roletype object_r cache_file_26_0)
+(typeattribute cache_backup_file_26_0)
+(roletype object_r cache_backup_file_26_0)
+(typeattribute cache_private_backup_file_26_0)
+(roletype object_r cache_private_backup_file_26_0)
+(typeattribute cache_recovery_file_26_0)
+(roletype object_r cache_recovery_file_26_0)
+(typeattribute efs_file_26_0)
+(roletype object_r efs_file_26_0)
+(typeattribute wallpaper_file_26_0)
+(roletype object_r wallpaper_file_26_0)
+(typeattribute shortcut_manager_icons_26_0)
+(roletype object_r shortcut_manager_icons_26_0)
+(typeattribute icon_file_26_0)
+(roletype object_r icon_file_26_0)
+(typeattribute asec_apk_file_26_0)
+(roletype object_r asec_apk_file_26_0)
+(typeattribute asec_public_file_26_0)
+(roletype object_r asec_public_file_26_0)
+(typeattribute asec_image_file_26_0)
+(roletype object_r asec_image_file_26_0)
+(typeattribute backup_data_file_26_0)
+(roletype object_r backup_data_file_26_0)
+(typeattribute bluetooth_efs_file_26_0)
+(roletype object_r bluetooth_efs_file_26_0)
+(typeattribute fingerprintd_data_file_26_0)
+(roletype object_r fingerprintd_data_file_26_0)
+(typeattribute app_fuse_file_26_0)
+(roletype object_r app_fuse_file_26_0)
+(typeattribute adbd_socket_26_0)
+(roletype object_r adbd_socket_26_0)
+(typeattribute bluetooth_socket_26_0)
+(roletype object_r bluetooth_socket_26_0)
+(typeattribute dnsproxyd_socket_26_0)
+(roletype object_r dnsproxyd_socket_26_0)
+(typeattribute dumpstate_socket_26_0)
+(roletype object_r dumpstate_socket_26_0)
+(typeattribute fwmarkd_socket_26_0)
+(roletype object_r fwmarkd_socket_26_0)
+(typeattribute lmkd_socket_26_0)
+(roletype object_r lmkd_socket_26_0)
+(typeattribute logd_socket_26_0)
+(roletype object_r logd_socket_26_0)
+(typeattribute logdr_socket_26_0)
+(roletype object_r logdr_socket_26_0)
+(typeattribute logdw_socket_26_0)
+(roletype object_r logdw_socket_26_0)
+(typeattribute mdns_socket_26_0)
+(roletype object_r mdns_socket_26_0)
+(typeattribute mdnsd_socket_26_0)
+(roletype object_r mdnsd_socket_26_0)
+(typeattribute misc_logd_file_26_0)
+(roletype object_r misc_logd_file_26_0)
+(typeattribute mtpd_socket_26_0)
+(roletype object_r mtpd_socket_26_0)
+(typeattribute netd_socket_26_0)
+(roletype object_r netd_socket_26_0)
+(typeattribute property_socket_26_0)
+(roletype object_r property_socket_26_0)
+(typeattribute racoon_socket_26_0)
+(roletype object_r racoon_socket_26_0)
+(typeattribute rild_socket_26_0)
+(roletype object_r rild_socket_26_0)
+(typeattribute rild_debug_socket_26_0)
+(roletype object_r rild_debug_socket_26_0)
+(typeattribute system_wpa_socket_26_0)
+(roletype object_r system_wpa_socket_26_0)
+(typeattribute system_ndebug_socket_26_0)
+(roletype object_r system_ndebug_socket_26_0)
+(typeattribute tombstoned_crash_socket_26_0)
+(roletype object_r tombstoned_crash_socket_26_0)
+(typeattribute tombstoned_intercept_socket_26_0)
+(roletype object_r tombstoned_intercept_socket_26_0)
+(typeattribute uncrypt_socket_26_0)
+(roletype object_r uncrypt_socket_26_0)
+(typeattribute vold_socket_26_0)
+(roletype object_r vold_socket_26_0)
+(typeattribute webview_zygote_socket_26_0)
+(roletype object_r webview_zygote_socket_26_0)
+(typeattribute wpa_socket_26_0)
+(roletype object_r wpa_socket_26_0)
+(typeattribute zygote_socket_26_0)
+(roletype object_r zygote_socket_26_0)
+(typeattribute gps_control_26_0)
+(roletype object_r gps_control_26_0)
+(typeattribute pdx_display_dir_26_0)
+(roletype object_r pdx_display_dir_26_0)
+(typeattribute pdx_performance_dir_26_0)
+(roletype object_r pdx_performance_dir_26_0)
+(typeattribute pdx_bufferhub_dir_26_0)
+(roletype object_r pdx_bufferhub_dir_26_0)
+(typeattribute pdx_display_client_endpoint_socket_26_0)
+(roletype object_r pdx_display_client_endpoint_socket_26_0)
+(typeattribute pdx_display_client_channel_socket_26_0)
+(roletype object_r pdx_display_client_channel_socket_26_0)
+(typeattribute pdx_display_manager_endpoint_socket_26_0)
+(roletype object_r pdx_display_manager_endpoint_socket_26_0)
+(typeattribute pdx_display_manager_channel_socket_26_0)
+(roletype object_r pdx_display_manager_channel_socket_26_0)
+(typeattribute pdx_display_screenshot_endpoint_socket_26_0)
+(roletype object_r pdx_display_screenshot_endpoint_socket_26_0)
+(typeattribute pdx_display_screenshot_channel_socket_26_0)
+(roletype object_r pdx_display_screenshot_channel_socket_26_0)
+(typeattribute pdx_display_vsync_endpoint_socket_26_0)
+(roletype object_r pdx_display_vsync_endpoint_socket_26_0)
+(typeattribute pdx_display_vsync_channel_socket_26_0)
+(roletype object_r pdx_display_vsync_channel_socket_26_0)
+(typeattribute pdx_performance_client_endpoint_socket_26_0)
+(roletype object_r pdx_performance_client_endpoint_socket_26_0)
+(typeattribute pdx_performance_client_channel_socket_26_0)
+(roletype object_r pdx_performance_client_channel_socket_26_0)
+(typeattribute pdx_bufferhub_client_endpoint_socket_26_0)
+(roletype object_r pdx_bufferhub_client_endpoint_socket_26_0)
+(typeattribute pdx_bufferhub_client_channel_socket_26_0)
+(roletype object_r pdx_bufferhub_client_channel_socket_26_0)
+(typeattribute file_contexts_file_26_0)
+(roletype object_r file_contexts_file_26_0)
+(typeattribute mac_perms_file_26_0)
+(roletype object_r mac_perms_file_26_0)
+(typeattribute property_contexts_file_26_0)
+(roletype object_r property_contexts_file_26_0)
+(typeattribute seapp_contexts_file_26_0)
+(roletype object_r seapp_contexts_file_26_0)
+(typeattribute sepolicy_file_26_0)
+(roletype object_r sepolicy_file_26_0)
+(typeattribute service_contexts_file_26_0)
+(roletype object_r service_contexts_file_26_0)
+(typeattribute hwservice_contexts_file_26_0)
+(roletype object_r hwservice_contexts_file_26_0)
+(typeattribute vndservice_contexts_file_26_0)
+(roletype object_r vndservice_contexts_file_26_0)
+(typeattribute fingerprintd_26_0)
+(roletype object_r fingerprintd_26_0)
+(typeattribute fingerprintd_exec_26_0)
+(roletype object_r fingerprintd_exec_26_0)
+(typeattribute fsck_26_0)
+(roletype object_r fsck_26_0)
+(typeattribute fsck_exec_26_0)
+(roletype object_r fsck_exec_26_0)
+(typeattribute fsck_untrusted_26_0)
+(roletype object_r fsck_untrusted_26_0)
+(typeattribute gatekeeperd_26_0)
+(roletype object_r gatekeeperd_26_0)
+(typeattribute gatekeeperd_exec_26_0)
+(roletype object_r gatekeeperd_exec_26_0)
+(typeattribute healthd_26_0)
+(roletype object_r healthd_26_0)
+(typeattribute healthd_exec_26_0)
+(roletype object_r healthd_exec_26_0)
+(typeattribute default_android_hwservice_26_0)
+(roletype object_r default_android_hwservice_26_0)
+(typeattribute fwk_display_hwservice_26_0)
+(roletype object_r fwk_display_hwservice_26_0)
+(typeattribute fwk_scheduler_hwservice_26_0)
+(roletype object_r fwk_scheduler_hwservice_26_0)
+(typeattribute fwk_sensor_hwservice_26_0)
+(roletype object_r fwk_sensor_hwservice_26_0)
+(typeattribute hal_audio_hwservice_26_0)
+(roletype object_r hal_audio_hwservice_26_0)
+(typeattribute hal_bluetooth_hwservice_26_0)
+(roletype object_r hal_bluetooth_hwservice_26_0)
+(typeattribute hal_bootctl_hwservice_26_0)
+(roletype object_r hal_bootctl_hwservice_26_0)
+(typeattribute hal_camera_hwservice_26_0)
+(roletype object_r hal_camera_hwservice_26_0)
+(typeattribute hal_configstore_ISurfaceFlingerConfigs_26_0)
+(roletype object_r hal_configstore_ISurfaceFlingerConfigs_26_0)
+(typeattribute hal_contexthub_hwservice_26_0)
+(roletype object_r hal_contexthub_hwservice_26_0)
+(typeattribute hal_drm_hwservice_26_0)
+(roletype object_r hal_drm_hwservice_26_0)
+(typeattribute hal_dumpstate_hwservice_26_0)
+(roletype object_r hal_dumpstate_hwservice_26_0)
+(typeattribute hal_fingerprint_hwservice_26_0)
+(roletype object_r hal_fingerprint_hwservice_26_0)
+(typeattribute hal_gatekeeper_hwservice_26_0)
+(roletype object_r hal_gatekeeper_hwservice_26_0)
+(typeattribute hal_gnss_hwservice_26_0)
+(roletype object_r hal_gnss_hwservice_26_0)
+(typeattribute hal_graphics_allocator_hwservice_26_0)
+(roletype object_r hal_graphics_allocator_hwservice_26_0)
+(typeattribute hal_graphics_composer_hwservice_26_0)
+(roletype object_r hal_graphics_composer_hwservice_26_0)
+(typeattribute hal_graphics_mapper_hwservice_26_0)
+(roletype object_r hal_graphics_mapper_hwservice_26_0)
+(typeattribute hal_health_hwservice_26_0)
+(roletype object_r hal_health_hwservice_26_0)
+(typeattribute hal_ir_hwservice_26_0)
+(roletype object_r hal_ir_hwservice_26_0)
+(typeattribute hal_keymaster_hwservice_26_0)
+(roletype object_r hal_keymaster_hwservice_26_0)
+(typeattribute hal_light_hwservice_26_0)
+(roletype object_r hal_light_hwservice_26_0)
+(typeattribute hal_memtrack_hwservice_26_0)
+(roletype object_r hal_memtrack_hwservice_26_0)
+(typeattribute hal_nfc_hwservice_26_0)
+(roletype object_r hal_nfc_hwservice_26_0)
+(typeattribute hal_oemlock_hwservice_26_0)
+(roletype object_r hal_oemlock_hwservice_26_0)
+(typeattribute hal_omx_hwservice_26_0)
+(roletype object_r hal_omx_hwservice_26_0)
+(typeattribute hal_power_hwservice_26_0)
+(roletype object_r hal_power_hwservice_26_0)
+(typeattribute hal_renderscript_hwservice_26_0)
+(roletype object_r hal_renderscript_hwservice_26_0)
+(typeattribute hal_sensors_hwservice_26_0)
+(roletype object_r hal_sensors_hwservice_26_0)
+(typeattribute hal_telephony_hwservice_26_0)
+(roletype object_r hal_telephony_hwservice_26_0)
+(typeattribute hal_thermal_hwservice_26_0)
+(roletype object_r hal_thermal_hwservice_26_0)
+(typeattribute hal_tv_cec_hwservice_26_0)
+(roletype object_r hal_tv_cec_hwservice_26_0)
+(typeattribute hal_tv_input_hwservice_26_0)
+(roletype object_r hal_tv_input_hwservice_26_0)
+(typeattribute hal_usb_hwservice_26_0)
+(roletype object_r hal_usb_hwservice_26_0)
+(typeattribute hal_vibrator_hwservice_26_0)
+(roletype object_r hal_vibrator_hwservice_26_0)
+(typeattribute hal_vr_hwservice_26_0)
+(roletype object_r hal_vr_hwservice_26_0)
+(typeattribute hal_weaver_hwservice_26_0)
+(roletype object_r hal_weaver_hwservice_26_0)
+(typeattribute hal_wifi_hwservice_26_0)
+(roletype object_r hal_wifi_hwservice_26_0)
+(typeattribute hal_wifi_supplicant_hwservice_26_0)
+(roletype object_r hal_wifi_supplicant_hwservice_26_0)
+(typeattribute hidl_allocator_hwservice_26_0)
+(roletype object_r hidl_allocator_hwservice_26_0)
+(typeattribute hidl_base_hwservice_26_0)
+(roletype object_r hidl_base_hwservice_26_0)
+(typeattribute hidl_manager_hwservice_26_0)
+(roletype object_r hidl_manager_hwservice_26_0)
+(typeattribute hidl_memory_hwservice_26_0)
+(roletype object_r hidl_memory_hwservice_26_0)
+(typeattribute hidl_token_hwservice_26_0)
+(roletype object_r hidl_token_hwservice_26_0)
+(typeattribute system_wifi_keystore_hwservice_26_0)
+(roletype object_r system_wifi_keystore_hwservice_26_0)
+(typeattribute hwservicemanager_26_0)
+(roletype object_r hwservicemanager_26_0)
+(typeattribute hwservicemanager_exec_26_0)
+(roletype object_r hwservicemanager_exec_26_0)
+(typeattribute idmap_26_0)
+(roletype object_r idmap_26_0)
+(typeattribute idmap_exec_26_0)
+(roletype object_r idmap_exec_26_0)
+(typeattribute incident_26_0)
+(roletype object_r incident_26_0)
+(typeattribute incidentd_26_0)
+(roletype object_r incidentd_26_0)
+(typeattribute init_26_0)
+(roletype object_r init_26_0)
+(typeattribute init_exec_26_0)
+(roletype object_r init_exec_26_0)
+(typeattribute inputflinger_26_0)
+(roletype object_r inputflinger_26_0)
+(typeattribute inputflinger_exec_26_0)
+(roletype object_r inputflinger_exec_26_0)
+(typeattribute install_recovery_26_0)
+(roletype object_r install_recovery_26_0)
+(typeattribute install_recovery_exec_26_0)
+(roletype object_r install_recovery_exec_26_0)
+(typeattribute installd_26_0)
+(roletype object_r installd_26_0)
+(typeattribute installd_exec_26_0)
+(roletype object_r installd_exec_26_0)
+(typeattribute isolated_app_26_0)
+(roletype object_r isolated_app_26_0)
+(typeattribute kernel_26_0)
+(roletype object_r kernel_26_0)
+(typeattribute keystore_26_0)
+(roletype object_r keystore_26_0)
+(typeattribute keystore_exec_26_0)
+(roletype object_r keystore_exec_26_0)
+(typeattribute lmkd_26_0)
+(roletype object_r lmkd_26_0)
+(typeattribute lmkd_exec_26_0)
+(roletype object_r lmkd_exec_26_0)
+(typeattribute logd_26_0)
+(roletype object_r logd_26_0)
+(typeattribute logd_exec_26_0)
+(roletype object_r logd_exec_26_0)
+(typeattribute logpersist_26_0)
+(roletype object_r logpersist_26_0)
+(typeattribute mdnsd_26_0)
+(roletype object_r mdnsd_26_0)
+(typeattribute mediacodec_26_0)
+(roletype object_r mediacodec_26_0)
+(typeattribute mediacodec_exec_26_0)
+(roletype object_r mediacodec_exec_26_0)
+(typeattribute mediadrmserver_26_0)
+(roletype object_r mediadrmserver_26_0)
+(typeattribute mediadrmserver_exec_26_0)
+(roletype object_r mediadrmserver_exec_26_0)
+(typeattribute mediaextractor_26_0)
+(roletype object_r mediaextractor_26_0)
+(typeattribute mediaextractor_exec_26_0)
+(roletype object_r mediaextractor_exec_26_0)
+(typeattribute mediametrics_26_0)
+(roletype object_r mediametrics_26_0)
+(typeattribute mediametrics_exec_26_0)
+(roletype object_r mediametrics_exec_26_0)
+(typeattribute mediaserver_26_0)
+(roletype object_r mediaserver_26_0)
+(typeattribute mediaserver_exec_26_0)
+(roletype object_r mediaserver_exec_26_0)
+(typeattribute modprobe_26_0)
+(roletype object_r modprobe_26_0)
+(typeattribute mtp_26_0)
+(roletype object_r mtp_26_0)
+(typeattribute mtp_exec_26_0)
+(roletype object_r mtp_exec_26_0)
+(typeattribute node_26_0)
+(roletype object_r node_26_0)
+(typeattribute netif_26_0)
+(roletype object_r netif_26_0)
+(typeattribute port_26_0)
+(roletype object_r port_26_0)
+(typeattribute netd_26_0)
+(roletype object_r netd_26_0)
+(typeattribute netd_exec_26_0)
+(roletype object_r netd_exec_26_0)
+(typeattribute netutils_wrapper_26_0)
+(roletype object_r netutils_wrapper_26_0)
+(typeattribute netutils_wrapper_exec_26_0)
+(roletype object_r netutils_wrapper_exec_26_0)
+(typeattribute nfc_26_0)
+(roletype object_r nfc_26_0)
+(typeattribute otapreopt_chroot_26_0)
+(roletype object_r otapreopt_chroot_26_0)
+(typeattribute otapreopt_chroot_exec_26_0)
+(roletype object_r otapreopt_chroot_exec_26_0)
+(typeattribute otapreopt_slot_26_0)
+(roletype object_r otapreopt_slot_26_0)
+(typeattribute otapreopt_slot_exec_26_0)
+(roletype object_r otapreopt_slot_exec_26_0)
+(typeattribute performanced_26_0)
+(roletype object_r performanced_26_0)
+(typeattribute performanced_exec_26_0)
+(roletype object_r performanced_exec_26_0)
+(typeattribute perfprofd_26_0)
+(roletype object_r perfprofd_26_0)
+(typeattribute perfprofd_exec_26_0)
+(roletype object_r perfprofd_exec_26_0)
+(typeattribute platform_app_26_0)
+(roletype object_r platform_app_26_0)
+(typeattribute postinstall_26_0)
+(roletype object_r postinstall_26_0)
+(typeattribute postinstall_dexopt_26_0)
+(roletype object_r postinstall_dexopt_26_0)
+(typeattribute ppp_26_0)
+(roletype object_r ppp_26_0)
+(typeattribute ppp_device_26_0)
+(roletype object_r ppp_device_26_0)
+(typeattribute ppp_exec_26_0)
+(roletype object_r ppp_exec_26_0)
+(typeattribute preopt2cachename_26_0)
+(roletype object_r preopt2cachename_26_0)
+(typeattribute preopt2cachename_exec_26_0)
+(roletype object_r preopt2cachename_exec_26_0)
+(typeattribute priv_app_26_0)
+(roletype object_r priv_app_26_0)
+(typeattribute profman_26_0)
+(roletype object_r profman_26_0)
+(typeattribute profman_exec_26_0)
+(roletype object_r profman_exec_26_0)
+(typeattribute asan_reboot_prop_26_0)
+(roletype object_r asan_reboot_prop_26_0)
+(typeattribute audio_prop_26_0)
+(roletype object_r audio_prop_26_0)
+(typeattribute boottime_prop_26_0)
+(roletype object_r boottime_prop_26_0)
+(typeattribute bluetooth_prop_26_0)
+(roletype object_r bluetooth_prop_26_0)
+(typeattribute config_prop_26_0)
+(roletype object_r config_prop_26_0)
+(typeattribute cppreopt_prop_26_0)
+(roletype object_r cppreopt_prop_26_0)
+(typeattribute ctl_bootanim_prop_26_0)
+(roletype object_r ctl_bootanim_prop_26_0)
+(typeattribute ctl_bugreport_prop_26_0)
+(roletype object_r ctl_bugreport_prop_26_0)
+(typeattribute ctl_console_prop_26_0)
+(roletype object_r ctl_console_prop_26_0)
+(typeattribute ctl_default_prop_26_0)
+(roletype object_r ctl_default_prop_26_0)
+(typeattribute ctl_dumpstate_prop_26_0)
+(roletype object_r ctl_dumpstate_prop_26_0)
+(typeattribute ctl_fuse_prop_26_0)
+(roletype object_r ctl_fuse_prop_26_0)
+(typeattribute ctl_mdnsd_prop_26_0)
+(roletype object_r ctl_mdnsd_prop_26_0)
+(typeattribute ctl_rildaemon_prop_26_0)
+(roletype object_r ctl_rildaemon_prop_26_0)
+(typeattribute dalvik_prop_26_0)
+(roletype object_r dalvik_prop_26_0)
+(typeattribute debuggerd_prop_26_0)
+(roletype object_r debuggerd_prop_26_0)
+(typeattribute debug_prop_26_0)
+(roletype object_r debug_prop_26_0)
+(typeattribute default_prop_26_0)
+(roletype object_r default_prop_26_0)
+(typeattribute device_logging_prop_26_0)
+(roletype object_r device_logging_prop_26_0)
+(typeattribute dhcp_prop_26_0)
+(roletype object_r dhcp_prop_26_0)
+(typeattribute dumpstate_options_prop_26_0)
+(roletype object_r dumpstate_options_prop_26_0)
+(typeattribute dumpstate_prop_26_0)
+(roletype object_r dumpstate_prop_26_0)
+(typeattribute ffs_prop_26_0)
+(roletype object_r ffs_prop_26_0)
+(typeattribute fingerprint_prop_26_0)
+(roletype object_r fingerprint_prop_26_0)
+(typeattribute firstboot_prop_26_0)
+(roletype object_r firstboot_prop_26_0)
+(typeattribute hwservicemanager_prop_26_0)
+(roletype object_r hwservicemanager_prop_26_0)
+(typeattribute logd_prop_26_0)
+(roletype object_r logd_prop_26_0)
+(typeattribute logpersistd_logging_prop_26_0)
+(roletype object_r logpersistd_logging_prop_26_0)
+(typeattribute log_prop_26_0)
+(roletype object_r log_prop_26_0)
+(typeattribute log_tag_prop_26_0)
+(roletype object_r log_tag_prop_26_0)
+(typeattribute mmc_prop_26_0)
+(roletype object_r mmc_prop_26_0)
+(typeattribute net_dns_prop_26_0)
+(roletype object_r net_dns_prop_26_0)
+(typeattribute net_radio_prop_26_0)
+(roletype object_r net_radio_prop_26_0)
+(typeattribute nfc_prop_26_0)
+(roletype object_r nfc_prop_26_0)
+(typeattribute overlay_prop_26_0)
+(roletype object_r overlay_prop_26_0)
+(typeattribute pan_result_prop_26_0)
+(roletype object_r pan_result_prop_26_0)
+(typeattribute persist_debug_prop_26_0)
+(roletype object_r persist_debug_prop_26_0)
+(typeattribute persistent_properties_ready_prop_26_0)
+(roletype object_r persistent_properties_ready_prop_26_0)
+(typeattribute powerctl_prop_26_0)
+(roletype object_r powerctl_prop_26_0)
+(typeattribute radio_prop_26_0)
+(roletype object_r radio_prop_26_0)
+(typeattribute restorecon_prop_26_0)
+(roletype object_r restorecon_prop_26_0)
+(typeattribute safemode_prop_26_0)
+(roletype object_r safemode_prop_26_0)
+(typeattribute serialno_prop_26_0)
+(roletype object_r serialno_prop_26_0)
+(typeattribute shell_prop_26_0)
+(roletype object_r shell_prop_26_0)
+(typeattribute system_prop_26_0)
+(roletype object_r system_prop_26_0)
+(typeattribute system_radio_prop_26_0)
+(roletype object_r system_radio_prop_26_0)
+(typeattribute vold_prop_26_0)
+(roletype object_r vold_prop_26_0)
+(typeattribute wifi_log_prop_26_0)
+(roletype object_r wifi_log_prop_26_0)
+(typeattribute wifi_prop_26_0)
+(roletype object_r wifi_prop_26_0)
+(typeattribute racoon_26_0)
+(roletype object_r racoon_26_0)
+(typeattribute racoon_exec_26_0)
+(roletype object_r racoon_exec_26_0)
+(typeattribute radio_26_0)
+(roletype object_r radio_26_0)
+(typeattribute recovery_26_0)
+(roletype object_r recovery_26_0)
+(typeattribute recovery_persist_26_0)
+(roletype object_r recovery_persist_26_0)
+(typeattribute recovery_persist_exec_26_0)
+(roletype object_r recovery_persist_exec_26_0)
+(typeattribute recovery_refresh_26_0)
+(roletype object_r recovery_refresh_26_0)
+(typeattribute recovery_refresh_exec_26_0)
+(roletype object_r recovery_refresh_exec_26_0)
+(typeattribute rild_26_0)
+(roletype object_r rild_26_0)
+(typeattribute runas_26_0)
+(roletype object_r runas_26_0)
+(typeattribute runas_exec_26_0)
+(roletype object_r runas_exec_26_0)
+(typeattribute sdcardd_26_0)
+(roletype object_r sdcardd_26_0)
+(typeattribute sdcardd_exec_26_0)
+(roletype object_r sdcardd_exec_26_0)
+(typeattribute audioserver_service_26_0)
+(roletype object_r audioserver_service_26_0)
+(typeattribute batteryproperties_service_26_0)
+(roletype object_r batteryproperties_service_26_0)
+(typeattribute bluetooth_service_26_0)
+(roletype object_r bluetooth_service_26_0)
+(typeattribute cameraserver_service_26_0)
+(roletype object_r cameraserver_service_26_0)
+(typeattribute default_android_service_26_0)
+(roletype object_r default_android_service_26_0)
+(typeattribute drmserver_service_26_0)
+(roletype object_r drmserver_service_26_0)
+(typeattribute dumpstate_service_26_0)
+(roletype object_r dumpstate_service_26_0)
+(typeattribute fingerprintd_service_26_0)
+(roletype object_r fingerprintd_service_26_0)
+(typeattribute hal_fingerprint_service_26_0)
+(roletype object_r hal_fingerprint_service_26_0)
+(typeattribute gatekeeper_service_26_0)
+(roletype object_r gatekeeper_service_26_0)
+(typeattribute gpu_service_26_0)
+(roletype object_r gpu_service_26_0)
+(typeattribute inputflinger_service_26_0)
+(roletype object_r inputflinger_service_26_0)
+(typeattribute incident_service_26_0)
+(roletype object_r incident_service_26_0)
+(typeattribute installd_service_26_0)
+(roletype object_r installd_service_26_0)
+(typeattribute keystore_service_26_0)
+(roletype object_r keystore_service_26_0)
+(typeattribute mediaserver_service_26_0)
+(roletype object_r mediaserver_service_26_0)
+(typeattribute mediametrics_service_26_0)
+(roletype object_r mediametrics_service_26_0)
+(typeattribute mediaextractor_service_26_0)
+(roletype object_r mediaextractor_service_26_0)
+(typeattribute mediacodec_service_26_0)
+(roletype object_r mediacodec_service_26_0)
+(typeattribute mediadrmserver_service_26_0)
+(roletype object_r mediadrmserver_service_26_0)
+(typeattribute mediacasserver_service_26_0)
+(roletype object_r mediacasserver_service_26_0)
+(typeattribute netd_service_26_0)
+(roletype object_r netd_service_26_0)
+(typeattribute nfc_service_26_0)
+(roletype object_r nfc_service_26_0)
+(typeattribute radio_service_26_0)
+(roletype object_r radio_service_26_0)
+(typeattribute storaged_service_26_0)
+(roletype object_r storaged_service_26_0)
+(typeattribute surfaceflinger_service_26_0)
+(roletype object_r surfaceflinger_service_26_0)
+(typeattribute system_app_service_26_0)
+(roletype object_r system_app_service_26_0)
+(typeattribute update_engine_service_26_0)
+(roletype object_r update_engine_service_26_0)
+(typeattribute virtual_touchpad_service_26_0)
+(roletype object_r virtual_touchpad_service_26_0)
+(typeattribute vr_hwc_service_26_0)
+(roletype object_r vr_hwc_service_26_0)
+(typeattribute accessibility_service_26_0)
+(roletype object_r accessibility_service_26_0)
+(typeattribute account_service_26_0)
+(roletype object_r account_service_26_0)
+(typeattribute activity_service_26_0)
+(roletype object_r activity_service_26_0)
+(typeattribute alarm_service_26_0)
+(roletype object_r alarm_service_26_0)
+(typeattribute appops_service_26_0)
+(roletype object_r appops_service_26_0)
+(typeattribute appwidget_service_26_0)
+(roletype object_r appwidget_service_26_0)
+(typeattribute assetatlas_service_26_0)
+(roletype object_r assetatlas_service_26_0)
+(typeattribute audio_service_26_0)
+(roletype object_r audio_service_26_0)
+(typeattribute autofill_service_26_0)
+(roletype object_r autofill_service_26_0)
+(typeattribute backup_service_26_0)
+(roletype object_r backup_service_26_0)
+(typeattribute batterystats_service_26_0)
+(roletype object_r batterystats_service_26_0)
+(typeattribute battery_service_26_0)
+(roletype object_r battery_service_26_0)
+(typeattribute bluetooth_manager_service_26_0)
+(roletype object_r bluetooth_manager_service_26_0)
+(typeattribute cameraproxy_service_26_0)
+(roletype object_r cameraproxy_service_26_0)
+(typeattribute clipboard_service_26_0)
+(roletype object_r clipboard_service_26_0)
+(typeattribute contexthub_service_26_0)
+(roletype object_r contexthub_service_26_0)
+(typeattribute IProxyService_service_26_0)
+(roletype object_r IProxyService_service_26_0)
+(typeattribute commontime_management_service_26_0)
+(roletype object_r commontime_management_service_26_0)
+(typeattribute companion_device_service_26_0)
+(roletype object_r companion_device_service_26_0)
+(typeattribute connectivity_service_26_0)
+(roletype object_r connectivity_service_26_0)
+(typeattribute connmetrics_service_26_0)
+(roletype object_r connmetrics_service_26_0)
+(typeattribute consumer_ir_service_26_0)
+(roletype object_r consumer_ir_service_26_0)
+(typeattribute content_service_26_0)
+(roletype object_r content_service_26_0)
+(typeattribute country_detector_service_26_0)
+(roletype object_r country_detector_service_26_0)
+(typeattribute coverage_service_26_0)
+(roletype object_r coverage_service_26_0)
+(typeattribute cpuinfo_service_26_0)
+(roletype object_r cpuinfo_service_26_0)
+(typeattribute dbinfo_service_26_0)
+(roletype object_r dbinfo_service_26_0)
+(typeattribute device_policy_service_26_0)
+(roletype object_r device_policy_service_26_0)
+(typeattribute deviceidle_service_26_0)
+(roletype object_r deviceidle_service_26_0)
+(typeattribute device_identifiers_service_26_0)
+(roletype object_r device_identifiers_service_26_0)
+(typeattribute devicestoragemonitor_service_26_0)
+(roletype object_r devicestoragemonitor_service_26_0)
+(typeattribute diskstats_service_26_0)
+(roletype object_r diskstats_service_26_0)
+(typeattribute display_service_26_0)
+(roletype object_r display_service_26_0)
+(typeattribute font_service_26_0)
+(roletype object_r font_service_26_0)
+(typeattribute netd_listener_service_26_0)
+(roletype object_r netd_listener_service_26_0)
+(typeattribute DockObserver_service_26_0)
+(roletype object_r DockObserver_service_26_0)
+(typeattribute dreams_service_26_0)
+(roletype object_r dreams_service_26_0)
+(typeattribute dropbox_service_26_0)
+(roletype object_r dropbox_service_26_0)
+(typeattribute ethernet_service_26_0)
+(roletype object_r ethernet_service_26_0)
+(typeattribute fingerprint_service_26_0)
+(roletype object_r fingerprint_service_26_0)
+(typeattribute gfxinfo_service_26_0)
+(roletype object_r gfxinfo_service_26_0)
+(typeattribute graphicsstats_service_26_0)
+(roletype object_r graphicsstats_service_26_0)
+(typeattribute hardware_service_26_0)
+(roletype object_r hardware_service_26_0)
+(typeattribute hardware_properties_service_26_0)
+(roletype object_r hardware_properties_service_26_0)
+(typeattribute hdmi_control_service_26_0)
+(roletype object_r hdmi_control_service_26_0)
+(typeattribute input_method_service_26_0)
+(roletype object_r input_method_service_26_0)
+(typeattribute input_service_26_0)
+(roletype object_r input_service_26_0)
+(typeattribute imms_service_26_0)
+(roletype object_r imms_service_26_0)
+(typeattribute ipsec_service_26_0)
+(roletype object_r ipsec_service_26_0)
+(typeattribute jobscheduler_service_26_0)
+(roletype object_r jobscheduler_service_26_0)
+(typeattribute launcherapps_service_26_0)
+(roletype object_r launcherapps_service_26_0)
+(typeattribute location_service_26_0)
+(roletype object_r location_service_26_0)
+(typeattribute lock_settings_service_26_0)
+(roletype object_r lock_settings_service_26_0)
+(typeattribute media_projection_service_26_0)
+(roletype object_r media_projection_service_26_0)
+(typeattribute media_router_service_26_0)
+(roletype object_r media_router_service_26_0)
+(typeattribute media_session_service_26_0)
+(roletype object_r media_session_service_26_0)
+(typeattribute meminfo_service_26_0)
+(roletype object_r meminfo_service_26_0)
+(typeattribute midi_service_26_0)
+(roletype object_r midi_service_26_0)
+(typeattribute mount_service_26_0)
+(roletype object_r mount_service_26_0)
+(typeattribute netpolicy_service_26_0)
+(roletype object_r netpolicy_service_26_0)
+(typeattribute netstats_service_26_0)
+(roletype object_r netstats_service_26_0)
+(typeattribute network_management_service_26_0)
+(roletype object_r network_management_service_26_0)
+(typeattribute network_score_service_26_0)
+(roletype object_r network_score_service_26_0)
+(typeattribute network_time_update_service_26_0)
+(roletype object_r network_time_update_service_26_0)
+(typeattribute notification_service_26_0)
+(roletype object_r notification_service_26_0)
+(typeattribute oem_lock_service_26_0)
+(roletype object_r oem_lock_service_26_0)
+(typeattribute otadexopt_service_26_0)
+(roletype object_r otadexopt_service_26_0)
+(typeattribute overlay_service_26_0)
+(roletype object_r overlay_service_26_0)
+(typeattribute package_service_26_0)
+(roletype object_r package_service_26_0)
+(typeattribute permission_service_26_0)
+(roletype object_r permission_service_26_0)
+(typeattribute persistent_data_block_service_26_0)
+(roletype object_r persistent_data_block_service_26_0)
+(typeattribute pinner_service_26_0)
+(roletype object_r pinner_service_26_0)
+(typeattribute power_service_26_0)
+(roletype object_r power_service_26_0)
+(typeattribute print_service_26_0)
+(roletype object_r print_service_26_0)
+(typeattribute processinfo_service_26_0)
+(roletype object_r processinfo_service_26_0)
+(typeattribute procstats_service_26_0)
+(roletype object_r procstats_service_26_0)
+(typeattribute recovery_service_26_0)
+(roletype object_r recovery_service_26_0)
+(typeattribute registry_service_26_0)
+(roletype object_r registry_service_26_0)
+(typeattribute restrictions_service_26_0)
+(roletype object_r restrictions_service_26_0)
+(typeattribute rttmanager_service_26_0)
+(roletype object_r rttmanager_service_26_0)
+(typeattribute samplingprofiler_service_26_0)
+(roletype object_r samplingprofiler_service_26_0)
+(typeattribute scheduling_policy_service_26_0)
+(roletype object_r scheduling_policy_service_26_0)
+(typeattribute search_service_26_0)
+(roletype object_r search_service_26_0)
+(typeattribute sec_key_att_app_id_provider_service_26_0)
+(roletype object_r sec_key_att_app_id_provider_service_26_0)
+(typeattribute sensorservice_service_26_0)
+(roletype object_r sensorservice_service_26_0)
+(typeattribute serial_service_26_0)
+(roletype object_r serial_service_26_0)
+(typeattribute servicediscovery_service_26_0)
+(roletype object_r servicediscovery_service_26_0)
+(typeattribute settings_service_26_0)
+(roletype object_r settings_service_26_0)
+(typeattribute shortcut_service_26_0)
+(roletype object_r shortcut_service_26_0)
+(typeattribute statusbar_service_26_0)
+(roletype object_r statusbar_service_26_0)
+(typeattribute storagestats_service_26_0)
+(roletype object_r storagestats_service_26_0)
+(typeattribute task_service_26_0)
+(roletype object_r task_service_26_0)
+(typeattribute textclassification_service_26_0)
+(roletype object_r textclassification_service_26_0)
+(typeattribute textservices_service_26_0)
+(roletype object_r textservices_service_26_0)
+(typeattribute telecom_service_26_0)
+(roletype object_r telecom_service_26_0)
+(typeattribute trust_service_26_0)
+(roletype object_r trust_service_26_0)
+(typeattribute tv_input_service_26_0)
+(roletype object_r tv_input_service_26_0)
+(typeattribute uimode_service_26_0)
+(roletype object_r uimode_service_26_0)
+(typeattribute updatelock_service_26_0)
+(roletype object_r updatelock_service_26_0)
+(typeattribute usagestats_service_26_0)
+(roletype object_r usagestats_service_26_0)
+(typeattribute usb_service_26_0)
+(roletype object_r usb_service_26_0)
+(typeattribute user_service_26_0)
+(roletype object_r user_service_26_0)
+(typeattribute vibrator_service_26_0)
+(roletype object_r vibrator_service_26_0)
+(typeattribute voiceinteraction_service_26_0)
+(roletype object_r voiceinteraction_service_26_0)
+(typeattribute vr_manager_service_26_0)
+(roletype object_r vr_manager_service_26_0)
+(typeattribute wallpaper_service_26_0)
+(roletype object_r wallpaper_service_26_0)
+(typeattribute webviewupdate_service_26_0)
+(roletype object_r webviewupdate_service_26_0)
+(typeattribute wifip2p_service_26_0)
+(roletype object_r wifip2p_service_26_0)
+(typeattribute wifiscanner_service_26_0)
+(roletype object_r wifiscanner_service_26_0)
+(typeattribute wifi_service_26_0)
+(roletype object_r wifi_service_26_0)
+(typeattribute wificond_service_26_0)
+(roletype object_r wificond_service_26_0)
+(typeattribute wifiaware_service_26_0)
+(roletype object_r wifiaware_service_26_0)
+(typeattribute window_service_26_0)
+(roletype object_r window_service_26_0)
+(typeattribute servicemanager_26_0)
+(roletype object_r servicemanager_26_0)
+(typeattribute servicemanager_exec_26_0)
+(roletype object_r servicemanager_exec_26_0)
+(typeattribute sgdisk_26_0)
+(roletype object_r sgdisk_26_0)
+(typeattribute sgdisk_exec_26_0)
+(roletype object_r sgdisk_exec_26_0)
+(typeattribute shared_relro_26_0)
+(roletype object_r shared_relro_26_0)
+(typeattribute shell_26_0)
+(roletype object_r shell_26_0)
+(typeattribute shell_exec_26_0)
+(roletype object_r shell_exec_26_0)
+(typeattribute slideshow_26_0)
+(roletype object_r slideshow_26_0)
+(typeattribute su_26_0)
+(roletype object_r su_26_0)
+(typeattribute su_exec_26_0)
+(roletype object_r su_exec_26_0)
+(typeattribute surfaceflinger_26_0)
+(roletype object_r surfaceflinger_26_0)
+(typeattribute system_app_26_0)
+(roletype object_r system_app_26_0)
+(typeattribute system_server_26_0)
+(roletype object_r system_server_26_0)
+(typeattribute tee_26_0)
+(roletype object_r tee_26_0)
+(typeattribute tee_device_26_0)
+(roletype object_r tee_device_26_0)
+(typeattribute tombstoned_26_0)
+(roletype object_r tombstoned_26_0)
+(typeattribute tombstoned_exec_26_0)
+(roletype object_r tombstoned_exec_26_0)
+(typeattribute toolbox_26_0)
+(roletype object_r toolbox_26_0)
+(typeattribute toolbox_exec_26_0)
+(roletype object_r toolbox_exec_26_0)
+(typeattribute tzdatacheck_26_0)
+(roletype object_r tzdatacheck_26_0)
+(typeattribute tzdatacheck_exec_26_0)
+(roletype object_r tzdatacheck_exec_26_0)
+(typeattribute ueventd_26_0)
+(roletype object_r ueventd_26_0)
+(typeattribute uncrypt_26_0)
+(roletype object_r uncrypt_26_0)
+(typeattribute uncrypt_exec_26_0)
+(roletype object_r uncrypt_exec_26_0)
+(typeattribute untrusted_app_26_0)
+(roletype object_r untrusted_app_26_0)
+(typeattribute untrusted_app_25_26_0)
+(roletype object_r untrusted_app_25_26_0)
+(typeattribute untrusted_v2_app_26_0)
+(roletype object_r untrusted_v2_app_26_0)
+(typeattribute update_engine_26_0)
+(roletype object_r update_engine_26_0)
+(typeattribute update_engine_exec_26_0)
+(roletype object_r update_engine_exec_26_0)
+(typeattribute update_verifier_26_0)
+(roletype object_r update_verifier_26_0)
+(typeattribute update_verifier_exec_26_0)
+(roletype object_r update_verifier_exec_26_0)
+(typeattribute vdc_26_0)
+(roletype object_r vdc_26_0)
+(typeattribute vdc_exec_26_0)
+(roletype object_r vdc_exec_26_0)
+(typeattribute vendor_shell_exec_26_0)
+(roletype object_r vendor_shell_exec_26_0)
+(typeattribute vendor_toolbox_exec_26_0)
+(roletype object_r vendor_toolbox_exec_26_0)
+(typeattribute virtual_touchpad_26_0)
+(roletype object_r virtual_touchpad_26_0)
+(typeattribute virtual_touchpad_exec_26_0)
+(roletype object_r virtual_touchpad_exec_26_0)
+(typeattribute default_android_vndservice_26_0)
+(roletype object_r default_android_vndservice_26_0)
+(typeattribute vndservicemanager_26_0)
+(roletype object_r vndservicemanager_26_0)
+(typeattribute vold_26_0)
+(roletype object_r vold_26_0)
+(typeattribute vold_exec_26_0)
+(roletype object_r vold_exec_26_0)
+(typeattribute vr_hwc_26_0)
+(roletype object_r vr_hwc_26_0)
+(typeattribute vr_hwc_exec_26_0)
+(roletype object_r vr_hwc_exec_26_0)
+(typeattribute watchdogd_26_0)
+(roletype object_r watchdogd_26_0)
+(typeattribute webview_zygote_26_0)
+(roletype object_r webview_zygote_26_0)
+(typeattribute webview_zygote_exec_26_0)
+(roletype object_r webview_zygote_exec_26_0)
+(typeattribute wificond_26_0)
+(roletype object_r wificond_26_0)
+(typeattribute wificond_exec_26_0)
+(roletype object_r wificond_exec_26_0)
+(typeattribute zygote_26_0)
+(roletype object_r zygote_26_0)
+(typeattribute zygote_exec_26_0)
+(roletype object_r zygote_exec_26_0)
+(type hostapd_socket)
+(roletype object_r hostapd_socket)
+(type hal_audio_default)
+(roletype object_r hal_audio_default)
+(type hal_audio_default_exec)
+(roletype object_r hal_audio_default_exec)
+(type hal_audio_default_tmpfs)
+(roletype object_r hal_audio_default_tmpfs)
+(type hal_bluetooth_default)
+(roletype object_r hal_bluetooth_default)
+(type hal_bluetooth_default_exec)
+(roletype object_r hal_bluetooth_default_exec)
+(type hal_bluetooth_default_tmpfs)
+(roletype object_r hal_bluetooth_default_tmpfs)
+(type hal_bootctl_default)
+(roletype object_r hal_bootctl_default)
+(type hal_bootctl_default_exec)
+(roletype object_r hal_bootctl_default_exec)
+(type hal_bootctl_default_tmpfs)
+(roletype object_r hal_bootctl_default_tmpfs)
+(type hal_camera_default)
+(roletype object_r hal_camera_default)
+(type hal_camera_default_exec)
+(roletype object_r hal_camera_default_exec)
+(type hal_camera_default_tmpfs)
+(roletype object_r hal_camera_default_tmpfs)
+(type hal_configstore_default)
+(roletype object_r hal_configstore_default)
+(type hal_configstore_default_exec)
+(roletype object_r hal_configstore_default_exec)
+(type hal_configstore_default_tmpfs)
+(roletype object_r hal_configstore_default_tmpfs)
+(type hal_contexthub_default)
+(roletype object_r hal_contexthub_default)
+(type hal_contexthub_default_exec)
+(roletype object_r hal_contexthub_default_exec)
+(type hal_contexthub_default_tmpfs)
+(roletype object_r hal_contexthub_default_tmpfs)
+(type hal_drm_default)
+(roletype object_r hal_drm_default)
+(type hal_drm_default_exec)
+(roletype object_r hal_drm_default_exec)
+(type hal_drm_default_tmpfs)
+(roletype object_r hal_drm_default_tmpfs)
+(type hal_dumpstate_default)
+(roletype object_r hal_dumpstate_default)
+(type hal_dumpstate_default_exec)
+(roletype object_r hal_dumpstate_default_exec)
+(type hal_dumpstate_default_tmpfs)
+(roletype object_r hal_dumpstate_default_tmpfs)
+(type hal_fingerprint_default)
+(roletype object_r hal_fingerprint_default)
+(type hal_fingerprint_default_exec)
+(roletype object_r hal_fingerprint_default_exec)
+(type hal_fingerprint_default_tmpfs)
+(roletype object_r hal_fingerprint_default_tmpfs)
+(type hal_gatekeeper_default)
+(roletype object_r hal_gatekeeper_default)
+(type hal_gatekeeper_default_exec)
+(roletype object_r hal_gatekeeper_default_exec)
+(type hal_gatekeeper_default_tmpfs)
+(roletype object_r hal_gatekeeper_default_tmpfs)
+(type hal_gnss_default)
+(roletype object_r hal_gnss_default)
+(type hal_gnss_default_exec)
+(roletype object_r hal_gnss_default_exec)
+(type hal_gnss_default_tmpfs)
+(roletype object_r hal_gnss_default_tmpfs)
+(type hal_graphics_allocator_default)
+(roletype object_r hal_graphics_allocator_default)
+(type hal_graphics_allocator_default_exec)
+(roletype object_r hal_graphics_allocator_default_exec)
+(type hal_graphics_allocator_default_tmpfs)
+(roletype object_r hal_graphics_allocator_default_tmpfs)
+(type hal_graphics_composer_default)
+(roletype object_r hal_graphics_composer_default)
+(type hal_graphics_composer_default_exec)
+(roletype object_r hal_graphics_composer_default_exec)
+(type hal_graphics_composer_default_tmpfs)
+(roletype object_r hal_graphics_composer_default_tmpfs)
+(type hal_health_default)
+(roletype object_r hal_health_default)
+(type hal_health_default_exec)
+(roletype object_r hal_health_default_exec)
+(type hal_health_default_tmpfs)
+(roletype object_r hal_health_default_tmpfs)
+(type hal_ir_default)
+(roletype object_r hal_ir_default)
+(type hal_ir_default_exec)
+(roletype object_r hal_ir_default_exec)
+(type hal_ir_default_tmpfs)
+(roletype object_r hal_ir_default_tmpfs)
+(type hal_keymaster_default)
+(roletype object_r hal_keymaster_default)
+(type hal_keymaster_default_exec)
+(roletype object_r hal_keymaster_default_exec)
+(type hal_keymaster_default_tmpfs)
+(roletype object_r hal_keymaster_default_tmpfs)
+(type hal_light_default)
+(roletype object_r hal_light_default)
+(type hal_light_default_exec)
+(roletype object_r hal_light_default_exec)
+(type hal_light_default_tmpfs)
+(roletype object_r hal_light_default_tmpfs)
+(type hal_memtrack_default)
+(roletype object_r hal_memtrack_default)
+(type hal_memtrack_default_exec)
+(roletype object_r hal_memtrack_default_exec)
+(type hal_memtrack_default_tmpfs)
+(roletype object_r hal_memtrack_default_tmpfs)
+(type hal_nfc_default)
+(roletype object_r hal_nfc_default)
+(type hal_nfc_default_exec)
+(roletype object_r hal_nfc_default_exec)
+(type hal_nfc_default_tmpfs)
+(roletype object_r hal_nfc_default_tmpfs)
+(type mediacodec_tmpfs)
+(roletype object_r mediacodec_tmpfs)
+(type hal_power_default)
+(roletype object_r hal_power_default)
+(type hal_power_default_exec)
+(roletype object_r hal_power_default_exec)
+(type hal_power_default_tmpfs)
+(roletype object_r hal_power_default_tmpfs)
+(type hal_sensors_default)
+(roletype object_r hal_sensors_default)
+(type hal_sensors_default_exec)
+(roletype object_r hal_sensors_default_exec)
+(type hal_sensors_default_tmpfs)
+(roletype object_r hal_sensors_default_tmpfs)
+(type hal_thermal_default)
+(roletype object_r hal_thermal_default)
+(type hal_thermal_default_exec)
+(roletype object_r hal_thermal_default_exec)
+(type hal_thermal_default_tmpfs)
+(roletype object_r hal_thermal_default_tmpfs)
+(type hal_tv_cec_default)
+(roletype object_r hal_tv_cec_default)
+(type hal_tv_cec_default_exec)
+(roletype object_r hal_tv_cec_default_exec)
+(type hal_tv_cec_default_tmpfs)
+(roletype object_r hal_tv_cec_default_tmpfs)
+(type hal_tv_input_default)
+(roletype object_r hal_tv_input_default)
+(type hal_tv_input_default_exec)
+(roletype object_r hal_tv_input_default_exec)
+(type hal_tv_input_default_tmpfs)
+(roletype object_r hal_tv_input_default_tmpfs)
+(type hal_usb_default)
+(roletype object_r hal_usb_default)
+(type hal_usb_default_exec)
+(roletype object_r hal_usb_default_exec)
+(type hal_usb_default_tmpfs)
+(roletype object_r hal_usb_default_tmpfs)
+(type hal_vibrator_default)
+(roletype object_r hal_vibrator_default)
+(type hal_vibrator_default_exec)
+(roletype object_r hal_vibrator_default_exec)
+(type hal_vibrator_default_tmpfs)
+(roletype object_r hal_vibrator_default_tmpfs)
+(type hal_vr_default)
+(roletype object_r hal_vr_default)
+(type hal_vr_default_exec)
+(roletype object_r hal_vr_default_exec)
+(type hal_vr_default_tmpfs)
+(roletype object_r hal_vr_default_tmpfs)
+(type hal_wifi_default)
+(roletype object_r hal_wifi_default)
+(type hal_wifi_default_exec)
+(roletype object_r hal_wifi_default_exec)
+(type hal_wifi_default_tmpfs)
+(roletype object_r hal_wifi_default_tmpfs)
+(type hal_wifi_offload_default)
+(roletype object_r hal_wifi_offload_default)
+(type hal_wifi_offload_default_exec)
+(roletype object_r hal_wifi_offload_default_exec)
+(type hal_wifi_offload_default_tmpfs)
+(roletype object_r hal_wifi_offload_default_tmpfs)
+(type hal_wifi_supplicant_default)
+(roletype object_r hal_wifi_supplicant_default)
+(type hal_wifi_supplicant_default_exec)
+(roletype object_r hal_wifi_supplicant_default_exec)
+(type hal_wifi_supplicant_default_tmpfs)
+(roletype object_r hal_wifi_supplicant_default_tmpfs)
+(type hostapd)
+(roletype object_r hostapd)
+(type hostapd_exec)
+(roletype object_r hostapd_exec)
+(type hostapd_tmpfs)
+(roletype object_r hostapd_tmpfs)
+(type rild_exec)
+(roletype object_r rild_exec)
+(type rild_tmpfs)
+(roletype object_r rild_tmpfs)
+(type tee_exec)
+(roletype object_r tee_exec)
+(type tee_tmpfs)
+(roletype object_r tee_tmpfs)
+(type vendor_modprobe)
+(roletype object_r vendor_modprobe)
+(type vndservicemanager_exec)
+(roletype object_r vndservicemanager_exec)
+(type vndservicemanager_tmpfs)
+(roletype object_r vndservicemanager_tmpfs)
+(allow bootanim_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 bootanim_26_0 (dir (search)))
+(allow servicemanager_26_0 bootanim_26_0 (file (read open)))
+(allow servicemanager_26_0 bootanim_26_0 (process (getattr)))
+(allow bootanim_26_0 surfaceflinger_26_0 (binder (call transfer)))
+(allow surfaceflinger_26_0 bootanim_26_0 (binder (transfer)))
+(allow bootanim_26_0 surfaceflinger_26_0 (fd (use)))
+(allow bootanim_26_0 audioserver_26_0 (binder (call transfer)))
+(allow audioserver_26_0 bootanim_26_0 (binder (transfer)))
+(allow bootanim_26_0 audioserver_26_0 (fd (use)))
+(allow bootanim_26_0 hwservicemanager_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 bootanim_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 bootanim_26_0 (dir (search)))
+(allow hwservicemanager_26_0 bootanim_26_0 (file (read open)))
+(allow hwservicemanager_26_0 bootanim_26_0 (process (getattr)))
+(allow bootanim_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow bootanim_26_0 oemfs_26_0 (dir (search)))
+(allow bootanim_26_0 oemfs_26_0 (file (ioctl read getattr lock open)))
+(allow bootanim_26_0 audio_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow bootanim_26_0 audio_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow bootanim_26_0 audioserver_service_26_0 (service_manager (find)))
+(allow bootanim_26_0 surfaceflinger_service_26_0 (service_manager (find)))
+(allow bootanim_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow bootanim_26_0 hal_graphics_allocator (fd (use)))
+(allow bootanim_26_0 hal_graphics_composer (fd (use)))
+(allow bootanim_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow bootanim_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow bootanim_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow bootanim_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow bootanim_26_0 sysfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow bootanim_26_0 sysfs_26_0 (file (ioctl read getattr lock open)))
+(allow bootanim_26_0 sysfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow bootanim_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow bootanim_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow bootanim_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow bootanim_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow bootstat_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read getattr lock open)))
+(allow bootstat_26_0 bootstat_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow bootstat_26_0 bootstat_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow bootstat_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow bootstat_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow bootstat_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow bootstat_26_0 boottime_prop_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (create bind)))
+(allow bufferhubd_26_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
+(allow bufferhubd_26_0 self (process (setsockcreate)))
+(allow bufferhubd_26_0 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown)))
+(neverallow base_typeattr_1_26_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(allow bufferhubd_26_0 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow bufferhubd_26_0 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append open)))
+(allow bufferhubd_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow bufferhubd_26_0 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow bufferhubd_26_0 pdx_performance_client_server_type (fd (use)))
+(allow pdx_performance_client_server_type bufferhubd_26_0 (fd (use)))
+(allow bufferhubd_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow bufferhubd_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow bufferhubd_26_0 mediacodec_26_0 (fd (use)))
+(allow cameraserver_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 cameraserver_26_0 (dir (search)))
+(allow servicemanager_26_0 cameraserver_26_0 (file (read open)))
+(allow servicemanager_26_0 cameraserver_26_0 (process (getattr)))
+(allow cameraserver_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain cameraserver_26_0 (binder (transfer)))
+(allow cameraserver_26_0 binderservicedomain (fd (use)))
+(allow cameraserver_26_0 appdomain (binder (call transfer)))
+(allow appdomain cameraserver_26_0 (binder (transfer)))
+(allow cameraserver_26_0 appdomain (fd (use)))
+(allow cameraserver_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow cameraserver_26_0 hal_graphics_composer (fd (use)))
+(allow cameraserver_26_0 cameraserver_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_2_26_0 cameraserver_service_26_0 (service_manager (add)))
+(neverallow cameraserver_26_0 unlabeled_26_0 (service_manager (add)))
+(allow cameraserver_26_0 appops_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 audioserver_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 batterystats_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 cameraproxy_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 mediaserver_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 processinfo_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 scheduling_policy_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 surfaceflinger_service_26_0 (service_manager (find)))
+(allow cameraserver_26_0 hidl_token_hwservice_26_0 (hwservice_manager (find)))
+(neverallow cameraserver_26_0 fs_type (file (execute_no_trans)))
+(neverallow cameraserver_26_0 file_type (file (execute_no_trans)))
+(neverallow cameraserver_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow cameraserver_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow cameraserver_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow charger_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow charger_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow charger_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow charger_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow charger_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow charger_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow charger_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow charger_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow charger_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow charger_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow charger_26_0 self (capability (sys_tty_config)))
+(allow charger_26_0 self (capability (sys_boot)))
+(allow charger_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow charger_26_0 self (capability2 (block_suspend)))
+(allow charger_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow charger_26_0 sysfs_26_0 (file (write)))
+(allow charger_26_0 sysfs_batteryinfo_26_0 (file (ioctl read getattr lock open)))
+(allow charger_26_0 pstorefs_26_0 (dir (ioctl read getattr lock search open)))
+(allow charger_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow charger_26_0 graphics_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow charger_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow charger_26_0 input_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow charger_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow charger_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow charger_26_0 proc_sysrq_26_0 (file (ioctl read write getattr lock append open)))
+(allow charger_26_0 property_socket_26_0 (sock_file (write)))
+(allow charger_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow charger_26_0 system_prop_26_0 (property_service (set)))
+(allow charger_26_0 system_prop_26_0 (file (ioctl read getattr lock open)))
+(allow clatd_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow clatd_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow clatd_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow clatd_26_0 netd_26_0 (fd (use)))
+(allow clatd_26_0 netd_26_0 (fifo_file (read write)))
+(allow clatd_26_0 netd_26_0 (netlink_kobject_uevent_socket (read write)))
+(allow clatd_26_0 netd_26_0 (netlink_nflog_socket (read write)))
+(allow clatd_26_0 netd_26_0 (netlink_route_socket (read write)))
+(allow clatd_26_0 netd_26_0 (udp_socket (read write)))
+(allow clatd_26_0 netd_26_0 (unix_stream_socket (read write)))
+(allow clatd_26_0 netd_26_0 (unix_dgram_socket (read write)))
+(allow clatd_26_0 self (capability (setgid setuid net_admin net_raw)))
+(allow clatd_26_0 self (capability (ipc_lock)))
+(allow clatd_26_0 self (netlink_route_socket (nlmsg_write)))
+(allow clatd_26_0 self (rawip_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow clatd_26_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow clatd_26_0 self (tun_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow clatd_26_0 tun_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow cppreopts_26_0 dalvikcache_data_file_26_0 (dir (write add_name remove_name search)))
+(allow cppreopts_26_0 dalvikcache_data_file_26_0 (file (read write create getattr rename open)))
+(allow cppreopts_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow cppreopts_26_0 system_file_26_0 (dir (read open)))
+(allow cppreopts_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow crash_dump_26_0 base_typeattr_3_26_0 (process (sigchld sigkill sigstop signal ptrace)))
+(dontaudit crash_dump_26_0 self (capability (sys_ptrace)))
+(allow crash_dump_26_0 logd_26_0 (process (sigchld sigkill sigstop signal ptrace)))
+(allow crash_dump_26_0 domain (fd (use)))
+(allow crash_dump_26_0 domain (fifo_file (write append)))
+(allow crash_dump_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow crash_dump_26_0 domain (file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 domain (lnk_file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 exec_type (file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 dalvikcache_data_file_26_0 (dir (getattr search)))
+(allow crash_dump_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow crash_dump_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 vendor_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow crash_dump_26_0 same_process_hal_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow crash_dump_26_0 vendor_file_26_0 (file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 vendor_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 same_process_hal_file_26_0 (file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 same_process_hal_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow crash_dump_26_0 tombstoned_crash_socket_26_0 (sock_file (write)))
+(allow crash_dump_26_0 tombstoned_26_0 (unix_stream_socket (connectto)))
+(allow crash_dump_26_0 system_ndebug_socket_26_0 (sock_file (write)))
+(allow crash_dump_26_0 system_server_26_0 (unix_stream_socket (connectto)))
+(allow crash_dump_26_0 anr_data_file_26_0 (file (getattr append)))
+(allow crash_dump_26_0 tombstone_data_file_26_0 (file (getattr append)))
+(allow crash_dump_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow crash_dump_26_0 logdr_socket_26_0 (sock_file (write)))
+(allow crash_dump_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(neverallow domain crash_dump_exec_26_0 (file (execute_no_trans)))
+(allow dex2oat_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dex2oat_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dex2oat_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 vendor_framework_file_26_0 (dir (getattr search)))
+(allow dex2oat_26_0 vendor_framework_file_26_0 (file (read getattr open)))
+(allow dex2oat_26_0 tmpfs_26_0 (file (read getattr)))
+(allow dex2oat_26_0 dalvikcache_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dex2oat_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 dalvikcache_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 dalvikcache_data_file_26_0 (file (write)))
+(allow dex2oat_26_0 dalvikcache_data_file_26_0 (lnk_file (read)))
+(allow dex2oat_26_0 installd_26_0 (fd (use)))
+(allow dex2oat_26_0 system_file_26_0 (file (lock)))
+(allow dex2oat_26_0 asec_apk_file_26_0 (file (read)))
+(allow dex2oat_26_0 unlabeled_26_0 (file (read)))
+(allow dex2oat_26_0 oemfs_26_0 (file (read)))
+(allow dex2oat_26_0 apk_tmp_file_26_0 (dir (search)))
+(allow dex2oat_26_0 apk_tmp_file_26_0 (file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 user_profile_data_file_26_0 (file (read getattr lock)))
+(allow dex2oat_26_0 app_data_file_26_0 (file (read write getattr lock)))
+(allow dex2oat_26_0 postinstall_dexopt_26_0 (fd (use)))
+(allow dex2oat_26_0 postinstall_file_26_0 (dir (getattr search)))
+(allow dex2oat_26_0 postinstall_file_26_0 (filesystem (getattr)))
+(allow dex2oat_26_0 postinstall_file_26_0 (lnk_file (read)))
+(allow dex2oat_26_0 ota_data_file_26_0 (dir (ioctl read write getattr lock add_name search open)))
+(allow dex2oat_26_0 ota_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dex2oat_26_0 ota_data_file_26_0 (lnk_file (read create)))
+(allow dex2oat_26_0 ota_data_file_26_0 (file (write create setattr lock append open)))
+(neverallow dex2oat_26_0 app_data_file_26_0 (file (open)))
+(neverallow dex2oat_26_0 app_data_file_26_0 (lnk_file (open)))
+(neverallow dex2oat_26_0 app_data_file_26_0 (sock_file (open)))
+(neverallow dex2oat_26_0 app_data_file_26_0 (fifo_file (open)))
+(allow dhcp_26_0 cgroup_26_0 (dir (write create add_name)))
+(allow dhcp_26_0 self (capability (setgid setuid net_bind_service net_admin net_raw)))
+(allow dhcp_26_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow dhcp_26_0 self (netlink_route_socket (nlmsg_write)))
+(allow dhcp_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dhcp_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dhcp_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dhcp_26_0 proc_net_26_0 (file (write)))
+(allow dhcp_26_0 property_socket_26_0 (sock_file (write)))
+(allow dhcp_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow dhcp_26_0 dhcp_prop_26_0 (property_service (set)))
+(allow dhcp_26_0 dhcp_prop_26_0 (file (ioctl read getattr lock open)))
+(allow dhcp_26_0 property_socket_26_0 (sock_file (write)))
+(allow dhcp_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow dhcp_26_0 pan_result_prop_26_0 (property_service (set)))
+(allow dhcp_26_0 pan_result_prop_26_0 (file (ioctl read getattr lock open)))
+(allow dhcp_26_0 dhcp_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow dhcp_26_0 dhcp_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow dhcp_26_0 netd_26_0 (fd (use)))
+(allow dhcp_26_0 netd_26_0 (fifo_file (ioctl read write getattr lock append open)))
+(allow dhcp_26_0 netd_26_0 (udp_socket (read write)))
+(allow dhcp_26_0 netd_26_0 (unix_stream_socket (read write)))
+(allow dhcp_26_0 netd_26_0 (unix_dgram_socket (read write)))
+(allow dhcp_26_0 netd_26_0 (netlink_route_socket (read write)))
+(allow dhcp_26_0 netd_26_0 (netlink_nflog_socket (read write)))
+(allow dhcp_26_0 netd_26_0 (netlink_kobject_uevent_socket (read write)))
+(allow display_service_server fwk_display_hwservice_26_0 (hwservice_manager (add find)))
+(allow display_service_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_4_26_0 fwk_display_hwservice_26_0 (hwservice_manager (add)))
+(neverallow display_service_server unlabeled_26_0 (hwservice_manager (add)))
+(allowx dnsmasq_26_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx dnsmasq_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx dnsmasq_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow dnsmasq_26_0 self (capability (dac_override)))
+(allow dnsmasq_26_0 self (capability (setgid setuid net_bind_service net_admin net_raw)))
+(allow dnsmasq_26_0 dhcp_data_file_26_0 (dir (write lock add_name remove_name search open)))
+(allow dnsmasq_26_0 dhcp_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow dnsmasq_26_0 netd_26_0 (fd (use)))
+(allow dnsmasq_26_0 netd_26_0 (fifo_file (read write)))
+(allow dnsmasq_26_0 netd_26_0 (netlink_kobject_uevent_socket (read write)))
+(allow dnsmasq_26_0 netd_26_0 (netlink_nflog_socket (read write)))
+(allow dnsmasq_26_0 netd_26_0 (netlink_route_socket (read write)))
+(allow dnsmasq_26_0 netd_26_0 (unix_stream_socket (read write)))
+(allow dnsmasq_26_0 netd_26_0 (unix_dgram_socket (read write)))
+(allow dnsmasq_26_0 netd_26_0 (udp_socket (read write)))
+(allow domain init_26_0 (process (sigchld)))
+(allow domain self (process (fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit)))
+(allow domain self (fd (use)))
+(allow domain proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain proc_net_26_0 (dir (search)))
+(allow domain self (dir (ioctl read getattr lock search open)))
+(allow domain self (file (ioctl read getattr lock open)))
+(allow domain self (lnk_file (ioctl read getattr lock open)))
+(allow domain self (file (ioctl read write getattr lock append open)))
+(allow domain self (fifo_file (ioctl read write getattr lock append open)))
+(allow domain self (unix_dgram_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto)))
+(allow domain self (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto)))
+(allow domain init_26_0 (fd (use)))
+(allow domain su_26_0 (unix_stream_socket (connectto)))
+(allow domain su_26_0 (fd (use)))
+(allow domain su_26_0 (unix_stream_socket (read write getattr getopt shutdown)))
+(allow base_typeattr_5_26_0 su_26_0 (binder (call transfer)))
+(allow base_typeattr_5_26_0 su_26_0 (fd (use)))
+(allow domain su_26_0 (fifo_file (write getattr)))
+(allow domain su_26_0 (process (sigchld)))
+(allow domain coredump_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow domain coredump_file_26_0 (dir (ioctl read write getattr lock add_name search open)))
+(allow domain rootfs_26_0 (dir (search)))
+(allow domain rootfs_26_0 (lnk_file (read getattr)))
+(allow domain device_26_0 (dir (search)))
+(allow domain dev_type (lnk_file (ioctl read getattr lock open)))
+(allow domain devpts_26_0 (dir (search)))
+(allow domain socket_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain owntty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow domain null_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow domain zero_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow domain ashmem_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow base_typeattr_6_26_0 binder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow base_typeattr_7_26_0 hwbinder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow domain ptmx_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow domain alarm_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow domain random_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow domain properties_device_26_0 (dir (getattr search)))
+(allow domain properties_serial_26_0 (file (ioctl read getattr lock open)))
+(allow domain core_property_type (file (ioctl read getattr lock open)))
+(allow domain log_property_type (file (ioctl read getattr lock open)))
+(dontaudit domain property_type (file (audit_access)))
+(allow domain property_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow domain init_26_0 (key (search)))
+(allow domain vold_26_0 (key (search)))
+(allow domain logdw_socket_26_0 (sock_file (write)))
+(allow domain logd_26_0 (unix_dgram_socket (sendto)))
+(allow domain pmsg_device_26_0 (chr_file (write lock append open)))
+(allow domain system_file_26_0 (dir (getattr search)))
+(allow domain system_file_26_0 (file (read getattr execute open)))
+(allow domain system_file_26_0 (lnk_file (read getattr)))
+(allow domain vendor_hal_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain same_process_hal_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain same_process_hal_file_26_0 (file (read getattr execute open)))
+(allow domain vndk_sp_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain vndk_sp_file_26_0 (file (read getattr execute open)))
+(allow domain vendor_configs_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain vendor_configs_file_26_0 (file (read getattr open)))
+(allow domain vendor_file_26_0 (lnk_file (read getattr open)))
+(allow domain vendor_file_26_0 (dir (getattr search)))
+(allow base_typeattr_8_26_0 vendor_file_type (dir (ioctl read getattr lock search open)))
+(allow base_typeattr_8_26_0 vendor_file_type (file (read getattr execute open)))
+(allow base_typeattr_8_26_0 vendor_file_type (lnk_file (read getattr)))
+(allow domain sysfs_26_0 (lnk_file (read)))
+(allow domain zoneinfo_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain zoneinfo_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow domain zoneinfo_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow domain sysfs_devices_system_cpu_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain sysfs_devices_system_cpu_26_0 (file (ioctl read getattr lock open)))
+(allow domain sysfs_devices_system_cpu_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow domain sysfs_usb_26_0 (dir (ioctl read getattr lock search open)))
+(allow domain sysfs_usb_26_0 (file (ioctl read getattr lock open)))
+(allow domain sysfs_usb_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow appdomain system_data_file_26_0 (dir (getattr)))
+(allow coredomain system_data_file_26_0 (dir (getattr)))
+(allow domain system_data_file_26_0 (dir (search)))
+(allow domain proc_26_0 (lnk_file (read getattr)))
+(allow domain proc_cpuinfo_26_0 (file (ioctl read getattr lock open)))
+(allow domain proc_overcommit_memory_26_0 (file (ioctl read getattr lock open)))
+(allow domain proc_perf_26_0 (file (ioctl read getattr lock open)))
+(allow domain selinuxfs_26_0 (dir (search)))
+(allow domain selinuxfs_26_0 (file (getattr)))
+(allow domain sysfs_26_0 (dir (search)))
+(allow domain selinuxfs_26_0 (filesystem (getattr)))
+(allow domain cgroup_26_0 (dir (write search)))
+(allow domain cgroup_26_0 (file (write lock append open)))
+(allow domain debugfs_26_0 (dir (search)))
+(allow domain debugfs_tracing_26_0 (dir (search)))
+(allow domain debugfs_trace_marker_26_0 (file (write lock append open)))
+(allow domain fs_type (filesystem (getattr)))
+(allow domain fs_type (dir (getattr)))
+(allowx domain domain (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx domain domain (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx domain domain (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx domain domain (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx domain domain (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx domain domain (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx domain domain (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx domain domain (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx domain domain (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx domain domain (ioctl unix_stream_socket (0x5401 0x5411 ((range 0x5413 0x5414)) 0x541b 0x5451)))
+(allowx domain domain (ioctl unix_dgram_socket (0x5401 0x5411 ((range 0x5413 0x5414)) 0x541b 0x5451)))
+(allowx domain devpts_26_0 (ioctl chr_file (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allow base_typeattr_9_26_0 hwservice_manager_type (hwservice_manager (add find)))
+(allow base_typeattr_9_26_0 vndservice_manager_type (service_manager (add find)))
+(neverallowx domain domain (ioctl socket (0x0)))
+(neverallowx domain domain (ioctl tcp_socket (0x0)))
+(neverallowx domain domain (ioctl udp_socket (0x0)))
+(neverallowx domain domain (ioctl rawip_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_socket (0x0)))
+(neverallowx domain domain (ioctl packet_socket (0x0)))
+(neverallowx domain domain (ioctl key_socket (0x0)))
+(neverallowx domain domain (ioctl unix_stream_socket (0x0)))
+(neverallowx domain domain (ioctl unix_dgram_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_route_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_tcpdiag_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_nflog_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_xfrm_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_selinux_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_audit_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_dnrt_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_kobject_uevent_socket (0x0)))
+(neverallowx domain domain (ioctl appletalk_socket (0x0)))
+(neverallowx domain domain (ioctl tun_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_iscsi_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_fib_lookup_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_connector_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_netfilter_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_generic_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_scsitransport_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_rdma_socket (0x0)))
+(neverallowx domain domain (ioctl netlink_crypto_socket (0x0)))
+(neverallowx domain domain (ioctl sctp_socket (0x0)))
+(neverallowx domain domain (ioctl icmp_socket (0x0)))
+(neverallowx domain domain (ioctl ax25_socket (0x0)))
+(neverallowx domain domain (ioctl ipx_socket (0x0)))
+(neverallowx domain domain (ioctl netrom_socket (0x0)))
+(neverallowx domain domain (ioctl atmpvc_socket (0x0)))
+(neverallowx domain domain (ioctl x25_socket (0x0)))
+(neverallowx domain domain (ioctl rose_socket (0x0)))
+(neverallowx domain domain (ioctl decnet_socket (0x0)))
+(neverallowx domain domain (ioctl atmsvc_socket (0x0)))
+(neverallowx domain domain (ioctl rds_socket (0x0)))
+(neverallowx domain domain (ioctl irda_socket (0x0)))
+(neverallowx domain domain (ioctl pppox_socket (0x0)))
+(neverallowx domain domain (ioctl llc_socket (0x0)))
+(neverallowx domain domain (ioctl can_socket (0x0)))
+(neverallowx domain domain (ioctl tipc_socket (0x0)))
+(neverallowx domain domain (ioctl bluetooth_socket (0x0)))
+(neverallowx domain domain (ioctl iucv_socket (0x0)))
+(neverallowx domain domain (ioctl rxrpc_socket (0x0)))
+(neverallowx domain domain (ioctl isdn_socket (0x0)))
+(neverallowx domain domain (ioctl phonet_socket (0x0)))
+(neverallowx domain domain (ioctl ieee802154_socket (0x0)))
+(neverallowx domain domain (ioctl caif_socket (0x0)))
+(neverallowx domain domain (ioctl alg_socket (0x0)))
+(neverallowx domain domain (ioctl nfc_socket (0x0)))
+(neverallowx domain domain (ioctl vsock_socket (0x0)))
+(neverallowx domain domain (ioctl kcm_socket (0x0)))
+(neverallowx domain domain (ioctl qipcrtr_socket (0x0)))
+(neverallowx base_typeattr_10_26_0 devpts_26_0 (ioctl chr_file (0x5412)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (file (create)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (dir (create)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (lnk_file (create)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (chr_file (create)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (blk_file (create)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (sock_file (create)))
+(neverallow base_typeattr_11_26_0 unlabeled_26_0 (fifo_file (create)))
+(neverallow base_typeattr_12_26_0 self (capability (mknod)))
+(neverallow base_typeattr_13_26_0 self (capability (sys_rawio)))
+(neverallow base_typeattr_10_26_0 self (memprotect (mmap_zero)))
+(neverallow base_typeattr_10_26_0 self (capability2 (mac_override)))
+(neverallow base_typeattr_14_26_0 self (capability2 (mac_admin)))
+(neverallow base_typeattr_10_26_0 kernel_26_0 (security (load_policy)))
+(neverallow base_typeattr_10_26_0 kernel_26_0 (security (setenforce)))
+(neverallow base_typeattr_15_26_0 kernel_26_0 (security (setcheckreqprot)))
+(neverallow base_typeattr_10_26_0 kernel_26_0 (security (setbool)))
+(neverallow base_typeattr_5_26_0 kernel_26_0 (security (setsecparam)))
+(neverallow base_typeattr_16_26_0 hw_random_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_10_26_0 base_typeattr_17_26_0 (file (entrypoint)))
+(neverallow base_typeattr_18_26_0 kmem_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_10_26_0 kmem_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_18_26_0 port_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_10_26_0 port_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_5_26_0 usermodehelper_26_0 (file (write append)))
+(neverallow base_typeattr_5_26_0 proc_security_26_0 (file (read write append open)))
+(neverallow base_typeattr_10_26_0 init_26_0 (process (ptrace)))
+(neverallow base_typeattr_10_26_0 init_26_0 (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_19_26_0 block_device_26_0 (blk_file (read write open)))
+(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (chr_file (rename)))
+(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (blk_file (rename)))
+(neverallow domain device_26_0 (chr_file (read write open)))
+(neverallow base_typeattr_20_26_0 base_typeattr_21_26_0 (filesystem (mount remount relabelfrom relabelto)))
+(neverallow base_typeattr_22_26_0 base_typeattr_23_26_0 (file (execute)))
+(neverallow base_typeattr_24_26_0 base_typeattr_25_26_0 (file (execute)))
+(neverallow domain cache_file_26_0 (file (execute)))
+(neverallow domain cache_backup_file_26_0 (file (execute)))
+(neverallow domain cache_private_backup_file_26_0 (file (execute)))
+(neverallow domain cache_recovery_file_26_0 (file (execute)))
+(neverallow base_typeattr_26_26_0 base_typeattr_27_26_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_28_26_0 nativetest_data_file_26_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_5_26_0 property_data_file_26_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_5_26_0 property_data_file_26_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_5_26_0 property_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_5_26_0 properties_device_26_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_5_26_0 properties_serial_26_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_14_26_0 exec_type (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 exec_type (dir (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 exec_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 exec_type (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 exec_type (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 exec_type (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 exec_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (dir (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 vendor_file_type (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (dir (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (lnk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (chr_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (sock_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_14_26_0 system_file_26_0 (fifo_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_29_26_0 exec_type (file (relabelto)))
+(neverallow base_typeattr_29_26_0 exec_type (dir (relabelto)))
+(neverallow base_typeattr_29_26_0 exec_type (lnk_file (relabelto)))
+(neverallow base_typeattr_29_26_0 exec_type (chr_file (relabelto)))
+(neverallow base_typeattr_29_26_0 exec_type (blk_file (relabelto)))
+(neverallow base_typeattr_29_26_0 exec_type (sock_file (relabelto)))
+(neverallow base_typeattr_29_26_0 exec_type (fifo_file (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (file (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (dir (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (lnk_file (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (chr_file (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (blk_file (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (sock_file (relabelto)))
+(neverallow base_typeattr_29_26_0 vendor_file_type (fifo_file (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (file (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (dir (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (lnk_file (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (chr_file (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (blk_file (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (sock_file (relabelto)))
+(neverallow base_typeattr_29_26_0 system_file_26_0 (fifo_file (relabelto)))
+(neverallow base_typeattr_10_26_0 exec_type (file (mounton)))
+(neverallow base_typeattr_10_26_0 exec_type (dir (mounton)))
+(neverallow base_typeattr_10_26_0 exec_type (lnk_file (mounton)))
+(neverallow base_typeattr_10_26_0 exec_type (chr_file (mounton)))
+(neverallow base_typeattr_10_26_0 exec_type (blk_file (mounton)))
+(neverallow base_typeattr_10_26_0 exec_type (sock_file (mounton)))
+(neverallow base_typeattr_10_26_0 exec_type (fifo_file (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (file (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (dir (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (lnk_file (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (chr_file (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (blk_file (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (sock_file (mounton)))
+(neverallow base_typeattr_5_26_0 vendor_file_type (fifo_file (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (file (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (dir (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (lnk_file (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (chr_file (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (blk_file (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (sock_file (mounton)))
+(neverallow base_typeattr_5_26_0 system_file_26_0 (fifo_file (mounton)))
+(neverallow base_typeattr_10_26_0 rootfs_26_0 (file (write create setattr relabelto append unlink link rename)))
+(neverallow base_typeattr_10_26_0 base_typeattr_30_26_0 (filesystem (relabelto)))
+(neverallow base_typeattr_14_26_0 contextmount_type (file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_14_26_0 contextmount_type (dir (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_14_26_0 contextmount_type (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_14_26_0 contextmount_type (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_14_26_0 contextmount_type (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_14_26_0 contextmount_type (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_14_26_0 contextmount_type (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
+(neverallow base_typeattr_10_26_0 default_android_service_26_0 (service_manager (add)))
+(neverallow base_typeattr_10_26_0 default_android_vndservice_26_0 (service_manager (add find)))
+(neverallow base_typeattr_10_26_0 default_android_hwservice_26_0 (hwservice_manager (add find)))
+(neverallow base_typeattr_10_26_0 hidl_base_hwservice_26_0 (hwservice_manager (find)))
+(neverallow base_typeattr_5_26_0 default_prop_26_0 (property_service (set)))
+(neverallow base_typeattr_5_26_0 mmc_prop_26_0 (property_service (set)))
+(neverallow base_typeattr_31_26_0 serialno_prop_26_0 (file (ioctl read getattr lock open)))
+(neverallow base_typeattr_32_26_0 firstboot_prop_26_0 (file (ioctl read getattr lock open)))
+(neverallow base_typeattr_33_26_0 frp_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_34_26_0 metadata_block_device_26_0 (blk_file (ioctl read write lock append link rename open)))
+(neverallow base_typeattr_35_26_0 system_block_device_26_0 (blk_file (write)))
+(neverallow base_typeattr_36_26_0 recovery_block_device_26_0 (blk_file (write)))
+(neverallow base_typeattr_37_26_0 misc_block_device_26_0 (blk_file (ioctl read write lock relabelfrom append link rename open)))
+(neverallow hal_bootctl unlabeled_26_0 (service_manager (list)))
+(neverallow base_typeattr_38_26_0 base_typeattr_10_26_0 (binder (set_context_mgr)))
+(neverallow servicemanager_26_0 hwbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow servicemanager_26_0 vndbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow hwservicemanager_26_0 binder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow hwservicemanager_26_0 vndbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow vndservicemanager_26_0 binder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow vndservicemanager_26_0 hwbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_39_26_0 binder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(neverallow base_typeattr_39_26_0 service_manager_type (service_manager (find)))
+(neverallow base_typeattr_40_26_0 base_typeattr_41_26_0 (service_manager (find)))
+(neverallow base_typeattr_39_26_0 servicemanager_26_0 (binder (call transfer)))
+(neverallow binder_in_vendor_violators unlabeled_26_0 (service_manager (list)))
+(neverallow base_typeattr_42_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(neverallow ueventd_26_0 vndbinder_device_26_0 (chr_file (ioctl read write append)))
+(neverallow base_typeattr_43_26_0 vndservice_manager_type (service_manager (add find list)))
+(neverallow base_typeattr_43_26_0 vndservicemanager_26_0 (binder (impersonate call set_context_mgr transfer)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (udp_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (packet_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (key_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (tun_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (x25_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rose_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rds_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (irda_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (llc_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (can_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (caif_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (alg_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (udp_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (packet_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (key_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (tun_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (x25_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rose_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rds_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (irda_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (llc_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (can_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (caif_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (alg_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (unix_stream_socket (connectto)))
+(neverallow socket_between_core_and_vendor_violators unlabeled_26_0 (service_manager (list)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (udp_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (packet_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (key_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (tun_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (x25_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (rose_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (rds_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (irda_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (llc_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (can_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (caif_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (alg_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_48_26_0 netd_26_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_46_26_0 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_46_26_0 coredomain_socket (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_46_26_0 unlabeled_26_0 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_40_26_0 base_typeattr_49_26_0 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow pdx_endpoint_socket_type unlabeled_26_0 (service_manager (list)))
+(neverallow pdx_channel_socket_type unlabeled_26_0 (service_manager (list)))
+(neverallow base_typeattr_50_26_0 base_typeattr_51_26_0 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_52_26_0 vendor_app_file_26_0 (dir (read getattr search open)))
+(neverallow base_typeattr_52_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open)))
+(neverallow base_typeattr_52_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(neverallow base_typeattr_53_26_0 vendor_overlay_file_26_0 (dir (read getattr search open)))
+(neverallow base_typeattr_53_26_0 vendor_overlay_file_26_0 (file (ioctl read getattr lock open)))
+(neverallow base_typeattr_53_26_0 vendor_overlay_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(neverallow base_typeattr_54_26_0 vendor_shell_exec_26_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_55_26_0 base_typeattr_56_26_0 (file (execute execute_no_trans entrypoint)))
+(neverallow vendor_executes_system_violators unlabeled_26_0 (service_manager (list)))
+(neverallow base_typeattr_57_26_0 dalvikcache_data_file_26_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_57_26_0 dalvikcache_data_file_26_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_58_26_0 zygote_26_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_59_26_0 zygote_socket_26_0 (sock_file (write)))
+(neverallow base_typeattr_60_26_0 webview_zygote_26_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_59_26_0 webview_zygote_socket_26_0 (sock_file (write)))
+(neverallow base_typeattr_61_26_0 tombstoned_26_0 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_62_26_0 tombstoned_crash_socket_26_0 (sock_file (write)))
+(neverallow base_typeattr_63_26_0 tombstoned_intercept_socket_26_0 (sock_file (write)))
+(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (sem (create destroy getattr setattr read write associate unix_read unix_write)))
+(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (msg (send receive)))
+(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
+(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
+(neverallow base_typeattr_10_26_0 dev_type (lnk_file (mounton)))
+(neverallow base_typeattr_10_26_0 dev_type (sock_file (mounton)))
+(neverallow base_typeattr_10_26_0 dev_type (fifo_file (mounton)))
+(neverallow base_typeattr_10_26_0 fs_type (lnk_file (mounton)))
+(neverallow base_typeattr_10_26_0 fs_type (sock_file (mounton)))
+(neverallow base_typeattr_10_26_0 fs_type (fifo_file (mounton)))
+(neverallow base_typeattr_10_26_0 file_type (lnk_file (mounton)))
+(neverallow base_typeattr_10_26_0 file_type (sock_file (mounton)))
+(neverallow base_typeattr_10_26_0 file_type (fifo_file (mounton)))
+(neverallow base_typeattr_64_26_0 su_exec_26_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_10_26_0 base_typeattr_65_26_0 (file (execmod)))
+(neverallow base_typeattr_10_26_0 self (process (execstack execheap)))
+(neverallow base_typeattr_66_26_0 file_type (file (execmod)))
+(neverallow base_typeattr_5_26_0 proc_26_0 (file (mounton)))
+(neverallow base_typeattr_5_26_0 proc_26_0 (dir (mounton)))
+(neverallow base_typeattr_67_26_0 domain (process (transition dyntransition)))
+(neverallow base_typeattr_68_26_0 system_data_file_26_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow installd_26_0 system_data_file_26_0 (file (write create setattr relabelto append link rename execute quotaon mounton execute_no_trans entrypoint execmod audit_access)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (file (create unlink open)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (dir (create unlink open)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (lnk_file (create unlink open)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (chr_file (create unlink open)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (blk_file (create unlink open)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (sock_file (create unlink open)))
+(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (fifo_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (dir (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (lnk_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (chr_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (blk_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (sock_file (create unlink open)))
+(neverallow untrusted_app_all system_app_data_file_26_0 (fifo_file (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (file (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (dir (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (lnk_file (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (chr_file (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (blk_file (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (sock_file (create unlink open)))
+(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (fifo_file (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (file (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (dir (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (lnk_file (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (chr_file (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (blk_file (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (sock_file (create unlink open)))
+(neverallow isolated_app_26_0 system_app_data_file_26_0 (fifo_file (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (file (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (dir (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (lnk_file (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (chr_file (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (blk_file (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (sock_file (create unlink open)))
+(neverallow priv_app_26_0 system_app_data_file_26_0 (fifo_file (create unlink open)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (file (create unlink)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (dir (create unlink)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (lnk_file (create unlink)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (chr_file (create unlink)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (blk_file (create unlink)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (sock_file (create unlink)))
+(neverallow base_typeattr_70_26_0 app_data_file_26_0 (fifo_file (create unlink)))
+(neverallow base_typeattr_71_26_0 shell_26_0 (process (transition dyntransition)))
+(neverallow base_typeattr_72_26_0 base_typeattr_73_26_0 (process (transition dyntransition)))
+(neverallow base_typeattr_74_26_0 app_data_file_26_0 (lnk_file (read)))
+(neverallow base_typeattr_75_26_0 shell_data_file_26_0 (lnk_file (read)))
+(neverallow base_typeattr_76_26_0 shell_data_file_26_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_77_26_0 shell_data_file_26_0 (dir (search open)))
+(neverallow base_typeattr_78_26_0 shell_data_file_26_0 (file (open)))
+(neverallow base_typeattr_10_26_0 base_typeattr_79_26_0 (service_manager (list)))
+(neverallow base_typeattr_10_26_0 base_typeattr_80_26_0 (hwservice_manager (list)))
+(neverallow base_typeattr_10_26_0 domain (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_81_26_0 debugfs_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_82_26_0 profman_exec_26_0 (file (execute execute_no_trans)))
+(neverallow base_typeattr_10_26_0 base_typeattr_83_26_0 (system (module_load)))
+(neverallow base_typeattr_14_26_0 self (capability (setfcap)))
+(neverallow domain crash_dump_26_0 (process (noatsecure)))
+(neverallow base_typeattr_84_26_0 coredomain_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_10_26_0 same_process_hwservice (hwservice_manager (add)))
+(allow drmserver_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 drmserver_26_0 (dir (search)))
+(allow servicemanager_26_0 drmserver_26_0 (file (read open)))
+(allow servicemanager_26_0 drmserver_26_0 (process (getattr)))
+(allow drmserver_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 drmserver_26_0 (binder (transfer)))
+(allow drmserver_26_0 system_server_26_0 (fd (use)))
+(allow drmserver_26_0 appdomain (binder (call transfer)))
+(allow appdomain drmserver_26_0 (binder (transfer)))
+(allow drmserver_26_0 appdomain (fd (use)))
+(allow drmserver_26_0 system_server_26_0 (fd (use)))
+(allow drmserver_26_0 mediaserver_26_0 (binder (call transfer)))
+(allow mediaserver_26_0 drmserver_26_0 (binder (transfer)))
+(allow drmserver_26_0 mediaserver_26_0 (fd (use)))
+(allow drmserver_26_0 sdcard_type (dir (search)))
+(allow drmserver_26_0 drm_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow drmserver_26_0 drm_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow drmserver_26_0 tee_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow drmserver_26_0 app_data_file_26_0 (file (read write getattr)))
+(allow drmserver_26_0 sdcard_type (file (read write getattr)))
+(allow drmserver_26_0 efs_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_26_0 efs_file_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 efs_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow drmserver_26_0 apk_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow drmserver_26_0 drmserver_socket_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow drmserver_26_0 apk_data_file_26_0 (sock_file (unlink)))
+(allow drmserver_26_0 media_rw_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_26_0 media_rw_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 media_rw_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow drmserver_26_0 apk_data_file_26_0 (file (read getattr)))
+(allow drmserver_26_0 asec_apk_file_26_0 (file (read getattr)))
+(allow drmserver_26_0 ringtone_file_26_0 (file (read getattr)))
+(allow drmserver_26_0 radio_data_file_26_0 (file (read getattr)))
+(allow drmserver_26_0 oemfs_26_0 (dir (search)))
+(allow drmserver_26_0 oemfs_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 drmserver_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_85_26_0 drmserver_service_26_0 (service_manager (add)))
+(neverallow drmserver_26_0 unlabeled_26_0 (service_manager (add)))
+(allow drmserver_26_0 permission_service_26_0 (service_manager (find)))
+(allow drmserver_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow drmserver_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow drmserver_26_0 kernel_26_0 (security (compute_av)))
+(allow drmserver_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow drmserver_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow drmserver_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow drmserver_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 dumpstate_26_0 (dir (search)))
+(allow servicemanager_26_0 dumpstate_26_0 (file (read open)))
+(allow servicemanager_26_0 dumpstate_26_0 (process (getattr)))
+(allow dumpstate_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow dumpstate_26_0 self (capability2 (block_suspend)))
+(allow dumpstate_26_0 self (capability (setgid setuid sys_resource)))
+(allow dumpstate_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 domain (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 domain (lnk_file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 self (capability (kill net_admin net_raw)))
+(allow dumpstate_26_0 system_file_26_0 (file (execute_no_trans)))
+(allow dumpstate_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dumpstate_26_0 self (capability (chown dac_override fowner fsetid)))
+(allow dumpstate_26_0 anr_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow dumpstate_26_0 anr_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow dumpstate_26_0 system_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 self (capability2 (syslog)))
+(allow dumpstate_26_0 kernel_26_0 (system (syslog_read)))
+(allow dumpstate_26_0 pstorefs_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 domain (process (getattr)))
+(allow dumpstate_26_0 appdomain (process (signal)))
+(allow dumpstate_26_0 system_server_26_0 (process (signal)))
+(allow dumpstate_26_0 hal_audio_server (process (signal)))
+(allow dumpstate_26_0 hal_bluetooth_server (process (signal)))
+(allow dumpstate_26_0 hal_camera_server (process (signal)))
+(allow dumpstate_26_0 hal_graphics_composer_server (process (signal)))
+(allow dumpstate_26_0 hal_vr_server (process (signal)))
+(allow dumpstate_26_0 audioserver_26_0 (process (signal)))
+(allow dumpstate_26_0 cameraserver_26_0 (process (signal)))
+(allow dumpstate_26_0 drmserver_26_0 (process (signal)))
+(allow dumpstate_26_0 inputflinger_26_0 (process (signal)))
+(allow dumpstate_26_0 mediacodec_26_0 (process (signal)))
+(allow dumpstate_26_0 mediadrmserver_26_0 (process (signal)))
+(allow dumpstate_26_0 mediaextractor_26_0 (process (signal)))
+(allow dumpstate_26_0 mediaserver_26_0 (process (signal)))
+(allow dumpstate_26_0 sdcardd_26_0 (process (signal)))
+(allow dumpstate_26_0 surfaceflinger_26_0 (process (signal)))
+(allow dumpstate_26_0 tombstoned_intercept_socket_26_0 (sock_file (write)))
+(allow dumpstate_26_0 tombstoned_26_0 (unix_stream_socket (connectto)))
+(allow dumpstate_26_0 sysfs_usb_26_0 (file (write lock append open)))
+(allow dumpstate_26_0 qtaguid_proc_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 debugfs_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 block_device_26_0 (dir (getattr search)))
+(allow dumpstate_26_0 storage_file_26_0 (dir (getattr search)))
+(allow dumpstate_26_0 fuse_device_26_0 (chr_file (getattr)))
+(allow dumpstate_26_0 dm_device_26_0 (blk_file (getattr)))
+(allow dumpstate_26_0 cache_block_device_26_0 (blk_file (getattr)))
+(allow dumpstate_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain dumpstate_26_0 (binder (transfer)))
+(allow dumpstate_26_0 binderservicedomain (fd (use)))
+(allow dumpstate_26_0 appdomain (binder (call transfer)))
+(allow dumpstate_26_0 netd_26_0 (binder (call transfer)))
+(allow dumpstate_26_0 wificond_26_0 (binder (call transfer)))
+(allow appdomain dumpstate_26_0 (binder (transfer)))
+(allow netd_26_0 dumpstate_26_0 (binder (transfer)))
+(allow wificond_26_0 dumpstate_26_0 (binder (transfer)))
+(allow dumpstate_26_0 appdomain (fd (use)))
+(allow dumpstate_26_0 netd_26_0 (fd (use)))
+(allow dumpstate_26_0 wificond_26_0 (fd (use)))
+(allow dumpstate_26_0 sysfs_vibrator_26_0 (file (ioctl read write getattr lock append open)))
+(allow dumpstate_26_0 self (capability (sys_ptrace)))
+(allow dumpstate_26_0 shell_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow dumpstate_26_0 shell_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow dumpstate_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dumpstate_26_0 zygote_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dumpstate_26_0 ashmem_device_26_0 (chr_file (execute)))
+(allow dumpstate_26_0 self (process (execmem)))
+(allow dumpstate_26_0 dalvikcache_data_file_26_0 (dir (getattr search)))
+(allow dumpstate_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock execute open)))
+(allow dumpstate_26_0 dalvikcache_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 bluetooth_data_file_26_0 (dir (search)))
+(allow dumpstate_26_0 bluetooth_logs_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 bluetooth_logs_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow dumpstate_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow dumpstate_26_0 logdr_socket_26_0 (sock_file (write)))
+(allow dumpstate_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(allow dumpstate_26_0 logd_socket_26_0 (sock_file (write)))
+(allow dumpstate_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(allow dumpstate_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 net_data_file_26_0 (dir (search)))
+(allow dumpstate_26_0 net_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 self (netlink_tcpdiag_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read)))
+(allow dumpstate_26_0 tombstone_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 tombstone_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 cache_recovery_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 cache_recovery_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 recovery_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 recovery_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 user_profile_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 user_profile_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 misc_logd_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow dumpstate_26_0 misc_logd_file_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 base_typeattr_86_26_0 (service_manager (find)))
+(allow dumpstate_26_0 servicemanager_26_0 (service_manager (list)))
+(allow dumpstate_26_0 hwservicemanager_26_0 (hwservice_manager (list)))
+(allow dumpstate_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow dumpstate_26_0 property_socket_26_0 (sock_file (write)))
+(allow dumpstate_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow dumpstate_26_0 dumpstate_prop_26_0 (property_service (set)))
+(allow dumpstate_26_0 dumpstate_prop_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 property_socket_26_0 (sock_file (write)))
+(allow dumpstate_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow dumpstate_26_0 dumpstate_options_prop_26_0 (property_service (set)))
+(allow dumpstate_26_0 dumpstate_options_prop_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 serialno_prop_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 device_logging_prop_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 media_rw_data_file_26_0 (dir (getattr)))
+(allow dumpstate_26_0 proc_interrupts_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open)))
+(allow dumpstate_26_0 dumpstate_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_87_26_0 dumpstate_service_26_0 (service_manager (add)))
+(neverallow dumpstate_26_0 unlabeled_26_0 (service_manager (add)))
+(neverallow dumpstate_26_0 base_typeattr_10_26_0 (process (ptrace)))
+(neverallow base_typeattr_88_26_0 dumpstate_service_26_0 (service_manager (find)))
+(neverallow dumpstate_26_0 sysfs_26_0 (file (write create setattr relabelfrom append unlink link rename)))
+(allow fs_type self (filesystem (associate)))
+(allow sysfs_type sysfs_26_0 (filesystem (associate)))
+(allow debugfs_type debugfs_26_0 (filesystem (associate)))
+(allow debugfs_type debugfs_tracing_26_0 (filesystem (associate)))
+(allow file_type labeledfs_26_0 (filesystem (associate)))
+(allow file_type tmpfs_26_0 (filesystem (associate)))
+(allow file_type rootfs_26_0 (filesystem (associate)))
+(allow dev_type tmpfs_26_0 (filesystem (associate)))
+(allow app_fuse_file_26_0 app_fusefs_26_0 (filesystem (associate)))
+(allow postinstall_file_26_0 self (filesystem (associate)))
+(neverallow fs_type file_type (filesystem (associate)))
+(allow fingerprintd_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 fingerprintd_26_0 (dir (search)))
+(allow servicemanager_26_0 fingerprintd_26_0 (file (read open)))
+(allow servicemanager_26_0 fingerprintd_26_0 (process (getattr)))
+(allow fingerprintd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow fingerprintd_26_0 fingerprintd_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_89_26_0 fingerprintd_service_26_0 (service_manager (add)))
+(neverallow fingerprintd_26_0 unlabeled_26_0 (service_manager (add)))
+(allow fingerprintd_26_0 fingerprintd_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow fingerprintd_26_0 fingerprintd_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow keystore_26_0 fingerprintd_26_0 (dir (search)))
+(allow keystore_26_0 fingerprintd_26_0 (file (read open)))
+(allow keystore_26_0 fingerprintd_26_0 (process (getattr)))
+(allow fingerprintd_26_0 keystore_service_26_0 (service_manager (find)))
+(allow fingerprintd_26_0 keystore_26_0 (binder (call transfer)))
+(allow keystore_26_0 fingerprintd_26_0 (binder (transfer)))
+(allow fingerprintd_26_0 keystore_26_0 (fd (use)))
+(allow fingerprintd_26_0 keystore_26_0 (keystore_key (add_auth)))
+(allow fingerprintd_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 fingerprintd_26_0 (binder (transfer)))
+(allow fingerprintd_26_0 system_server_26_0 (fd (use)))
+(allow fingerprintd_26_0 permission_service_26_0 (service_manager (find)))
+(allow fingerprintd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow fingerprintd_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow fingerprintd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow fingerprintd_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow fingerprintd_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow fingerprintd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow fingerprintd_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow fsck_26_0 tmpfs_26_0 (chr_file (ioctl read write)))
+(allow fsck_26_0 devpts_26_0 (chr_file (ioctl read write getattr)))
+(allow fsck_26_0 vold_26_0 (fd (use)))
+(allow fsck_26_0 vold_26_0 (fifo_file (read write getattr)))
+(allow fsck_26_0 block_device_26_0 (dir (search)))
+(allow fsck_26_0 userdata_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow fsck_26_0 cache_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow fsck_26_0 dm_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow fsck_26_0 dev_type (blk_file (getattr)))
+(allow fsck_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow fsck_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow fsck_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow fsck_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(neverallow fsck_26_0 vold_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 root_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 frp_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 system_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 recovery_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 boot_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 swap_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_26_0 metadata_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_90_26_0 fsck_26_0 (process (transition)))
+(neverallow base_typeattr_10_26_0 fsck_26_0 (process (dyntransition)))
+(neverallow fsck_26_0 base_typeattr_91_26_0 (file (entrypoint)))
+(allow fsck_untrusted_26_0 devpts_26_0 (chr_file (ioctl read write getattr)))
+(allow fsck_untrusted_26_0 vold_26_0 (fd (use)))
+(allow fsck_untrusted_26_0 vold_26_0 (fifo_file (read write getattr)))
+(allow fsck_untrusted_26_0 block_device_26_0 (dir (search)))
+(allow fsck_untrusted_26_0 vold_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow fsck_untrusted_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow fsck_untrusted_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow fsck_untrusted_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow fsck_untrusted_26_0 dev_type (blk_file (getattr)))
+(neverallow fsck_untrusted_26_0 dm_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 root_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 frp_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 system_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 recovery_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 boot_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 userdata_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 cache_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 swap_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow fsck_untrusted_26_0 metadata_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(neverallow base_typeattr_92_26_0 fsck_untrusted_26_0 (process (transition)))
+(neverallow base_typeattr_10_26_0 fsck_untrusted_26_0 (process (dyntransition)))
+(neverallow fsck_untrusted_26_0 base_typeattr_91_26_0 (file (entrypoint)))
+(allow gatekeeperd_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 gatekeeperd_26_0 (dir (search)))
+(allow servicemanager_26_0 gatekeeperd_26_0 (file (read open)))
+(allow servicemanager_26_0 gatekeeperd_26_0 (process (getattr)))
+(allow gatekeeperd_26_0 tee_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow gatekeeperd_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow gatekeeperd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow gatekeeperd_26_0 gatekeeper_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_93_26_0 gatekeeper_service_26_0 (service_manager (add)))
+(neverallow gatekeeperd_26_0 unlabeled_26_0 (service_manager (add)))
+(allow keystore_26_0 gatekeeperd_26_0 (dir (search)))
+(allow keystore_26_0 gatekeeperd_26_0 (file (read open)))
+(allow keystore_26_0 gatekeeperd_26_0 (process (getattr)))
+(allow gatekeeperd_26_0 keystore_service_26_0 (service_manager (find)))
+(allow gatekeeperd_26_0 keystore_26_0 (binder (call transfer)))
+(allow keystore_26_0 gatekeeperd_26_0 (binder (transfer)))
+(allow gatekeeperd_26_0 keystore_26_0 (fd (use)))
+(allow gatekeeperd_26_0 keystore_26_0 (keystore_key (add_auth)))
+(allow gatekeeperd_26_0 system_server_26_0 (binder (call)))
+(allow gatekeeperd_26_0 permission_service_26_0 (service_manager (find)))
+(allow gatekeeperd_26_0 user_service_26_0 (service_manager (find)))
+(allow gatekeeperd_26_0 gatekeeper_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow gatekeeperd_26_0 gatekeeper_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow gatekeeperd_26_0 hardware_properties_service_26_0 (service_manager (find)))
+(allow gatekeeperd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow gatekeeperd_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow gatekeeperd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_allocator_client hal_allocator_server (binder (call transfer)))
+(allow hal_allocator_server hal_allocator_client (binder (transfer)))
+(allow hal_allocator_client hal_allocator_server (fd (use)))
+(allow hal_allocator_server hidl_allocator_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_allocator_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_94_26_0 hidl_allocator_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_allocator_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_allocator_client hidl_allocator_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_allocator_client hidl_memory_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_audio_client hal_audio_server (binder (call transfer)))
+(allow hal_audio_server hal_audio_client (binder (transfer)))
+(allow hal_audio_client hal_audio_server (fd (use)))
+(allow hal_audio_server hal_audio_client (binder (call transfer)))
+(allow hal_audio_client hal_audio_server (binder (transfer)))
+(allow hal_audio_server hal_audio_client (fd (use)))
+(allow hal_audio_server hal_audio_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_audio_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_95_26_0 hal_audio_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_audio_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_audio_client hal_audio_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_audio ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow hal_audio audiohal_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_audio audiohal_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_audio proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_audio proc_26_0 (file (ioctl read getattr lock open)))
+(allow hal_audio proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_audio audio_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_audio audio_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_audio shell_26_0 (fd (use)))
+(allow hal_audio shell_26_0 (fifo_file (write)))
+(allow hal_audio dumpstate_26_0 (fd (use)))
+(allow hal_audio dumpstate_26_0 (fifo_file (write)))
+(neverallow hal_audio fs_type (file (execute_no_trans)))
+(neverallow hal_audio file_type (file (execute_no_trans)))
+(neverallow hal_audio domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow hal_audio domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_audio domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_96_26_0 audio_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow hal_bluetooth_client hal_bluetooth_server (binder (call transfer)))
+(allow hal_bluetooth_server hal_bluetooth_client (binder (transfer)))
+(allow hal_bluetooth_client hal_bluetooth_server (fd (use)))
+(allow hal_bluetooth_server hal_bluetooth_client (binder (call transfer)))
+(allow hal_bluetooth_client hal_bluetooth_server (binder (transfer)))
+(allow hal_bluetooth_server hal_bluetooth_client (fd (use)))
+(allow hal_bluetooth_server hal_bluetooth_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_bluetooth_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_97_26_0 hal_bluetooth_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_bluetooth_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_bluetooth_client hal_bluetooth_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_bluetooth sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow hal_bluetooth self (capability2 (block_suspend)))
+(allow hal_bluetooth self (capability (net_admin)))
+(allow hal_bluetooth bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_bluetooth bluetooth_efs_file_26_0 (file (ioctl read getattr lock open)))
+(allow hal_bluetooth bluetooth_efs_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_bluetooth uhid_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_bluetooth hci_attach_dev_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_bluetooth sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_bluetooth sysfs_type (file (ioctl read getattr lock open)))
+(allow hal_bluetooth sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow hal_bluetooth sysfs_bluetooth_writable_26_0 (file (ioctl read write getattr lock append open)))
+(allow hal_bluetooth self (capability2 (wake_alarm)))
+(allow hal_bluetooth property_socket_26_0 (sock_file (write)))
+(allow hal_bluetooth init_26_0 (unix_stream_socket (connectto)))
+(allow hal_bluetooth bluetooth_prop_26_0 (property_service (set)))
+(allow hal_bluetooth bluetooth_prop_26_0 (file (ioctl read getattr lock open)))
+(allow hal_bluetooth proc_bluetooth_writable_26_0 (file (ioctl read write getattr lock append open)))
+(allow hal_bluetooth self (capability (sys_nice)))
+(allow hal_bootctl_client hal_bootctl_server (binder (call transfer)))
+(allow hal_bootctl_server hal_bootctl_client (binder (transfer)))
+(allow hal_bootctl_client hal_bootctl_server (fd (use)))
+(allow hal_bootctl_server hal_bootctl_client (binder (call transfer)))
+(allow hal_bootctl_client hal_bootctl_server (binder (transfer)))
+(allow hal_bootctl_server hal_bootctl_client (fd (use)))
+(allow hal_bootctl_server hal_bootctl_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_bootctl_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_98_26_0 hal_bootctl_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_bootctl_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_bootctl_client hal_bootctl_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_camera_client hal_camera_server (binder (call transfer)))
+(allow hal_camera_server hal_camera_client (binder (transfer)))
+(allow hal_camera_client hal_camera_server (fd (use)))
+(allow hal_camera_server hal_camera_client (binder (call transfer)))
+(allow hal_camera_client hal_camera_server (binder (transfer)))
+(allow hal_camera_server hal_camera_client (fd (use)))
+(allow hal_camera_server hal_camera_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_camera_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_99_26_0 hal_camera_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_camera_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_camera_client hal_camera_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_camera camera_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_camera camera_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_camera video_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_camera video_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_camera camera_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_camera ion_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_camera_client hal_graphics_allocator (fd (use)))
+(allow hal_camera_server hal_graphics_allocator (fd (use)))
+(allow hal_camera base_typeattr_100_26_0 (fd (use)))
+(allow hal_camera surfaceflinger_26_0 (fd (use)))
+(allow hal_camera hal_allocator_server (fd (use)))
+(neverallow hal_camera fs_type (file (execute_no_trans)))
+(neverallow hal_camera file_type (file (execute_no_trans)))
+(neverallow hal_camera domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow hal_camera domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_camera domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_101_26_0 camera_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow hal_configstore_client hal_configstore_server (binder (call transfer)))
+(allow hal_configstore_server hal_configstore_client (binder (transfer)))
+(allow hal_configstore_client hal_configstore_server (fd (use)))
+(allow hal_configstore_server hal_configstore_ISurfaceFlingerConfigs_26_0 (hwservice_manager (add find)))
+(allow hal_configstore_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_102_26_0 hal_configstore_ISurfaceFlingerConfigs_26_0 (hwservice_manager (add)))
+(neverallow hal_configstore_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_contexthub_client hal_contexthub_server (binder (call transfer)))
+(allow hal_contexthub_server hal_contexthub_client (binder (transfer)))
+(allow hal_contexthub_client hal_contexthub_server (fd (use)))
+(allow hal_contexthub_server hal_contexthub_client (binder (call transfer)))
+(allow hal_contexthub_client hal_contexthub_server (binder (transfer)))
+(allow hal_contexthub_server hal_contexthub_client (fd (use)))
+(allow hal_contexthub_server hal_contexthub_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_contexthub_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_103_26_0 hal_contexthub_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_contexthub_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_contexthub_client hal_contexthub_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_drm_client hal_drm_server (binder (call transfer)))
+(allow hal_drm_server hal_drm_client (binder (transfer)))
+(allow hal_drm_client hal_drm_server (fd (use)))
+(allow hal_drm_server hal_drm_client (binder (call transfer)))
+(allow hal_drm_client hal_drm_server (binder (transfer)))
+(allow hal_drm_server hal_drm_client (fd (use)))
+(allow hal_drm_server hal_drm_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_drm_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_104_26_0 hal_drm_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_drm_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_drm_client hal_drm_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_drm hidl_memory_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_drm self (process (execmem)))
+(allow hal_drm serialno_prop_26_0 (file (ioctl read getattr lock open)))
+(allow hal_drm system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_drm system_file_26_0 (file (ioctl read getattr lock open)))
+(allow hal_drm system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_drm system_data_file_26_0 (dir (getattr search)))
+(allow hal_drm system_data_file_26_0 (file (read getattr)))
+(allow hal_drm system_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_drm cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_drm cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow hal_drm cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_drm cgroup_26_0 (dir (write search)))
+(allow hal_drm cgroup_26_0 (file (write lock append open)))
+(allow hal_drm ion_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_drm hal_graphics_allocator (fd (use)))
+(allow hal_drm mediaserver_26_0 (fd (use)))
+(allow hal_drm media_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_drm media_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_drm media_data_file_26_0 (file (read getattr)))
+(allow hal_drm sysfs_26_0 (file (ioctl read getattr lock open)))
+(allow hal_drm tee_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allowx hal_drm self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_drm self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_drm self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_drm self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx hal_drm self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx hal_drm self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx hal_drm self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx hal_drm self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx hal_drm self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(neverallow hal_drm fs_type (file (execute_no_trans)))
+(neverallow hal_drm file_type (file (execute_no_trans)))
+(neverallowx hal_drm domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx hal_drm domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx hal_drm domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx hal_drm domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_drm domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_drm domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx hal_drm domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx hal_drm domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx hal_drm domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_dumpstate_client hal_dumpstate_server (binder (call transfer)))
+(allow hal_dumpstate_server hal_dumpstate_client (binder (transfer)))
+(allow hal_dumpstate_client hal_dumpstate_server (fd (use)))
+(allow hal_dumpstate_server hal_dumpstate_client (binder (call transfer)))
+(allow hal_dumpstate_client hal_dumpstate_server (binder (transfer)))
+(allow hal_dumpstate_server hal_dumpstate_client (fd (use)))
+(allow hal_dumpstate_server hal_dumpstate_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_dumpstate_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_105_26_0 hal_dumpstate_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_dumpstate_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_dumpstate_client hal_dumpstate_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_dumpstate shell_data_file_26_0 (file (write)))
+(allow hal_dumpstate proc_interrupts_26_0 (file (ioctl read getattr lock open)))
+(allow hal_fingerprint_client hal_fingerprint_server (binder (call transfer)))
+(allow hal_fingerprint_server hal_fingerprint_client (binder (transfer)))
+(allow hal_fingerprint_client hal_fingerprint_server (fd (use)))
+(allow hal_fingerprint_server hal_fingerprint_client (binder (call transfer)))
+(allow hal_fingerprint_client hal_fingerprint_server (binder (transfer)))
+(allow hal_fingerprint_server hal_fingerprint_client (fd (use)))
+(allow hal_fingerprint_server hal_fingerprint_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_fingerprint_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_106_26_0 hal_fingerprint_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_fingerprint_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_fingerprint_client hal_fingerprint_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_fingerprint fingerprintd_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_fingerprint fingerprintd_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow hal_fingerprint ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow hal_fingerprint cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_fingerprint cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow hal_fingerprint cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_fingerprint sysfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_fingerprint sysfs_26_0 (file (ioctl read getattr lock open)))
+(allow hal_fingerprint sysfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_gatekeeper_client hal_gatekeeper_server (binder (call transfer)))
+(allow hal_gatekeeper_server hal_gatekeeper_client (binder (transfer)))
+(allow hal_gatekeeper_client hal_gatekeeper_server (fd (use)))
+(allow hal_gatekeeper_server hal_gatekeeper_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_gatekeeper_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_107_26_0 hal_gatekeeper_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_gatekeeper_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_gatekeeper_client hal_gatekeeper_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_gatekeeper tee_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_gatekeeper ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow hal_gnss_client hal_gnss_server (binder (call transfer)))
+(allow hal_gnss_server hal_gnss_client (binder (transfer)))
+(allow hal_gnss_client hal_gnss_server (fd (use)))
+(allow hal_gnss_server hal_gnss_client (binder (call transfer)))
+(allow hal_gnss_client hal_gnss_server (binder (transfer)))
+(allow hal_gnss_server hal_gnss_client (fd (use)))
+(allow hal_gnss_server hal_gnss_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_gnss_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_108_26_0 hal_gnss_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_gnss_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_gnss_client hal_gnss_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_graphics_allocator_client hal_graphics_allocator_server (binder (call transfer)))
+(allow hal_graphics_allocator_server hal_graphics_allocator_client (binder (transfer)))
+(allow hal_graphics_allocator_client hal_graphics_allocator_server (fd (use)))
+(allow hal_graphics_allocator_server hal_graphics_allocator_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_graphics_allocator_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_109_26_0 hal_graphics_allocator_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_graphics_allocator_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_graphics_allocator_client hal_graphics_allocator_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_graphics_allocator_client hal_graphics_mapper_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_graphics_allocator gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_graphics_allocator ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow hal_graphics_allocator self (capability (sys_nice)))
+(allow hal_graphics_composer_client hal_graphics_composer_server (binder (call transfer)))
+(allow hal_graphics_composer_server hal_graphics_composer_client (binder (transfer)))
+(allow hal_graphics_composer_client hal_graphics_composer_server (fd (use)))
+(allow hal_graphics_composer_server hal_graphics_composer_client (binder (call transfer)))
+(allow hal_graphics_composer_client hal_graphics_composer_server (binder (transfer)))
+(allow hal_graphics_composer_server hal_graphics_composer_client (fd (use)))
+(allow hal_graphics_composer_server hal_graphics_composer_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_graphics_composer_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_110_26_0 hal_graphics_composer_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_graphics_composer_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_graphics_composer_client hal_graphics_composer_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_graphics_composer_server hal_graphics_mapper_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_graphics_composer gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_graphics_composer ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow hal_graphics_composer hal_graphics_allocator (fd (use)))
+(allow hal_graphics_composer graphics_device_26_0 (dir (search)))
+(allow hal_graphics_composer graphics_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_graphics_composer system_server_26_0 (fd (use)))
+(allow hal_graphics_composer bootanim_26_0 (fd (use)))
+(allow hal_graphics_composer appdomain (fd (use)))
+(allow hal_graphics_composer self (capability (sys_nice)))
+(allow hal_health_client hal_health_server (binder (call transfer)))
+(allow hal_health_server hal_health_client (binder (transfer)))
+(allow hal_health_client hal_health_server (fd (use)))
+(allow hal_health_server hal_health_client (binder (call transfer)))
+(allow hal_health_client hal_health_server (binder (transfer)))
+(allow hal_health_server hal_health_client (fd (use)))
+(allow hal_health_server hal_health_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_health_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_111_26_0 hal_health_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_health_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_health_client hal_health_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_health system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_health system_file_26_0 (file (ioctl read getattr lock open)))
+(allow hal_health system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_ir_client hal_ir_server (binder (call transfer)))
+(allow hal_ir_server hal_ir_client (binder (transfer)))
+(allow hal_ir_client hal_ir_server (fd (use)))
+(allow hal_ir_server hal_ir_client (binder (call transfer)))
+(allow hal_ir_client hal_ir_server (binder (transfer)))
+(allow hal_ir_server hal_ir_client (fd (use)))
+(allow hal_ir_server hal_ir_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_ir_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_112_26_0 hal_ir_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_ir_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_ir_client hal_ir_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_keymaster_client hal_keymaster_server (binder (call transfer)))
+(allow hal_keymaster_server hal_keymaster_client (binder (transfer)))
+(allow hal_keymaster_client hal_keymaster_server (fd (use)))
+(allow hal_keymaster_server hal_keymaster_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_keymaster_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_113_26_0 hal_keymaster_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_keymaster_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_keymaster_client hal_keymaster_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_keymaster tee_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_keymaster ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow hal_light_client hal_light_server (binder (call transfer)))
+(allow hal_light_server hal_light_client (binder (transfer)))
+(allow hal_light_client hal_light_server (fd (use)))
+(allow hal_light_server hal_light_client (binder (call transfer)))
+(allow hal_light_client hal_light_server (binder (transfer)))
+(allow hal_light_server hal_light_client (fd (use)))
+(allow hal_light_server hal_light_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_light_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_114_26_0 hal_light_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_light_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_light_client hal_light_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_light sysfs_leds_26_0 (lnk_file (read)))
+(allow hal_light sysfs_leds_26_0 (file (ioctl read write getattr lock append open)))
+(allow hal_light sysfs_leds_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_memtrack_client hal_memtrack_server (binder (call transfer)))
+(allow hal_memtrack_server hal_memtrack_client (binder (transfer)))
+(allow hal_memtrack_client hal_memtrack_server (fd (use)))
+(allow hal_memtrack_server hal_memtrack_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_memtrack_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_115_26_0 hal_memtrack_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_memtrack_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_memtrack_client hal_memtrack_hwservice_26_0 (hwservice_manager (find)))
+(neverallow base_typeattr_116_26_0 self (capability (net_admin net_raw)))
+(neverallow base_typeattr_117_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow base_typeattr_117_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_117_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow hal_tetheroffload_server unlabeled_26_0 (service_manager (list)))
+(neverallow base_typeattr_118_26_0 fs_type (file (execute_no_trans)))
+(neverallow base_typeattr_118_26_0 file_type (file (execute_no_trans)))
+(neverallow base_typeattr_5_26_0 halserverdomain (process (transition)))
+(neverallow base_typeattr_10_26_0 halserverdomain (process (dyntransition)))
+(allow hal_nfc_client hal_nfc_server (binder (call transfer)))
+(allow hal_nfc_server hal_nfc_client (binder (transfer)))
+(allow hal_nfc_client hal_nfc_server (fd (use)))
+(allow hal_nfc_server hal_nfc_client (binder (call transfer)))
+(allow hal_nfc_client hal_nfc_server (binder (transfer)))
+(allow hal_nfc_server hal_nfc_client (fd (use)))
+(allow hal_nfc_server hal_nfc_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_nfc_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_119_26_0 hal_nfc_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_nfc_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_nfc_client hal_nfc_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_nfc property_socket_26_0 (sock_file (write)))
+(allow hal_nfc init_26_0 (unix_stream_socket (connectto)))
+(allow hal_nfc nfc_prop_26_0 (property_service (set)))
+(allow hal_nfc nfc_prop_26_0 (file (ioctl read getattr lock open)))
+(allow hal_nfc nfc_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow hal_nfc nfc_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_nfc nfc_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_nfc nfc_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_nfc nfc_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_oemlock_client hal_oemlock_server (binder (call transfer)))
+(allow hal_oemlock_server hal_oemlock_client (binder (transfer)))
+(allow hal_oemlock_client hal_oemlock_server (fd (use)))
+(allow hal_oemlock_server hal_oemlock_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_oemlock_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_120_26_0 hal_oemlock_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_oemlock_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_oemlock_client hal_oemlock_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_power_client hal_power_server (binder (call transfer)))
+(allow hal_power_server hal_power_client (binder (transfer)))
+(allow hal_power_client hal_power_server (fd (use)))
+(allow hal_power_server hal_power_client (binder (call transfer)))
+(allow hal_power_client hal_power_server (binder (transfer)))
+(allow hal_power_server hal_power_client (fd (use)))
+(allow hal_power_server hal_power_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_power_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_121_26_0 hal_power_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_power_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_power_client hal_power_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_sensors_client hal_sensors_server (binder (call transfer)))
+(allow hal_sensors_server hal_sensors_client (binder (transfer)))
+(allow hal_sensors_client hal_sensors_server (fd (use)))
+(allow hal_sensors_server hal_sensors_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_sensors_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_122_26_0 hal_sensors_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_sensors_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_sensors_client hal_sensors_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_sensors base_typeattr_100_26_0 (fd (use)))
+(allow hal_sensors hal_allocator (fd (use)))
+(allow hal_sensors self (capability (sys_nice)))
+(allow hal_telephony_client hal_telephony_server (binder (call transfer)))
+(allow hal_telephony_server hal_telephony_client (binder (transfer)))
+(allow hal_telephony_client hal_telephony_server (fd (use)))
+(allow hal_telephony_server hal_telephony_client (binder (call transfer)))
+(allow hal_telephony_client hal_telephony_server (binder (transfer)))
+(allow hal_telephony_server hal_telephony_client (fd (use)))
+(allow hal_telephony_server hal_telephony_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_telephony_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_123_26_0 hal_telephony_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_telephony_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_telephony_client hal_telephony_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_tetheroffload_client hal_tetheroffload_server (binder (call transfer)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (binder (transfer)))
+(allow hal_tetheroffload_client hal_tetheroffload_server (fd (use)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (binder (call transfer)))
+(allow hal_tetheroffload_client hal_tetheroffload_server (binder (transfer)))
+(allow hal_tetheroffload_server hal_tetheroffload_client (fd (use)))
+(allow hal_thermal_client hal_thermal_server (binder (call transfer)))
+(allow hal_thermal_server hal_thermal_client (binder (transfer)))
+(allow hal_thermal_client hal_thermal_server (fd (use)))
+(allow hal_thermal_server hal_thermal_client (binder (call transfer)))
+(allow hal_thermal_client hal_thermal_server (binder (transfer)))
+(allow hal_thermal_server hal_thermal_client (fd (use)))
+(allow hal_thermal_server hal_thermal_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_thermal_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_124_26_0 hal_thermal_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_thermal_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_thermal_client hal_thermal_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_tv_cec_client hal_tv_cec_server (binder (call transfer)))
+(allow hal_tv_cec_server hal_tv_cec_client (binder (transfer)))
+(allow hal_tv_cec_client hal_tv_cec_server (fd (use)))
+(allow hal_tv_cec_server hal_tv_cec_client (binder (call transfer)))
+(allow hal_tv_cec_client hal_tv_cec_server (binder (transfer)))
+(allow hal_tv_cec_server hal_tv_cec_client (fd (use)))
+(allow hal_tv_cec_server hal_tv_cec_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_tv_cec_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_125_26_0 hal_tv_cec_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_tv_cec_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_tv_cec_client hal_tv_cec_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_tv_input_client hal_tv_input_server (binder (call transfer)))
+(allow hal_tv_input_server hal_tv_input_client (binder (transfer)))
+(allow hal_tv_input_client hal_tv_input_server (fd (use)))
+(allow hal_tv_input_server hal_tv_input_client (binder (call transfer)))
+(allow hal_tv_input_client hal_tv_input_server (binder (transfer)))
+(allow hal_tv_input_server hal_tv_input_client (fd (use)))
+(allow hal_tv_input_server hal_tv_input_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_tv_input_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_126_26_0 hal_tv_input_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_tv_input_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_tv_input_client hal_tv_input_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_usb_client hal_usb_server (binder (call transfer)))
+(allow hal_usb_server hal_usb_client (binder (transfer)))
+(allow hal_usb_client hal_usb_server (fd (use)))
+(allow hal_usb_server hal_usb_client (binder (call transfer)))
+(allow hal_usb_client hal_usb_server (binder (transfer)))
+(allow hal_usb_server hal_usb_client (fd (use)))
+(allow hal_usb_server hal_usb_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_usb_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_127_26_0 hal_usb_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_usb_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_usb_client hal_usb_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_usb self (netlink_kobject_uevent_socket (create)))
+(allow hal_usb self (netlink_kobject_uevent_socket (setopt)))
+(allow hal_usb self (netlink_kobject_uevent_socket (bind)))
+(allow hal_usb self (netlink_kobject_uevent_socket (read)))
+(allow hal_usb sysfs_26_0 (dir (open)))
+(allow hal_usb sysfs_26_0 (dir (read)))
+(allow hal_usb sysfs_26_0 (file (read)))
+(allow hal_usb sysfs_26_0 (file (open)))
+(allow hal_usb sysfs_26_0 (file (write)))
+(allow hal_usb sysfs_26_0 (file (getattr)))
+(allow hal_vibrator_client hal_vibrator_server (binder (call transfer)))
+(allow hal_vibrator_server hal_vibrator_client (binder (transfer)))
+(allow hal_vibrator_client hal_vibrator_server (fd (use)))
+(allow hal_vibrator_server hal_vibrator_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_vibrator_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_128_26_0 hal_vibrator_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_vibrator_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_vibrator_client hal_vibrator_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_vibrator sysfs_vibrator_26_0 (file (ioctl read write getattr lock append open)))
+(allow hal_vr_client hal_vr_server (binder (call transfer)))
+(allow hal_vr_server hal_vr_client (binder (transfer)))
+(allow hal_vr_client hal_vr_server (fd (use)))
+(allow hal_vr_server hal_vr_client (binder (call transfer)))
+(allow hal_vr_client hal_vr_server (binder (transfer)))
+(allow hal_vr_server hal_vr_client (fd (use)))
+(allow hal_vr_server hal_vr_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_vr_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_129_26_0 hal_vr_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_vr_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_vr_client hal_vr_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_weaver_client hal_weaver_server (binder (call transfer)))
+(allow hal_weaver_server hal_weaver_client (binder (transfer)))
+(allow hal_weaver_client hal_weaver_server (fd (use)))
+(allow hal_weaver_server hal_weaver_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_weaver_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_130_26_0 hal_weaver_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_weaver_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_weaver_client hal_weaver_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_wifi_client hal_wifi_server (binder (call transfer)))
+(allow hal_wifi_server hal_wifi_client (binder (transfer)))
+(allow hal_wifi_client hal_wifi_server (fd (use)))
+(allow hal_wifi_server hal_wifi_client (binder (call transfer)))
+(allow hal_wifi_client hal_wifi_server (binder (transfer)))
+(allow hal_wifi_server hal_wifi_client (fd (use)))
+(allow hal_wifi_server hal_wifi_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_wifi_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_131_26_0 hal_wifi_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_wifi_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_wifi_client hal_wifi_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_wifi proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_wifi proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow hal_wifi proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_wifi sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_wifi sysfs_type (file (ioctl read getattr lock open)))
+(allow hal_wifi sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow hal_wifi property_socket_26_0 (sock_file (write)))
+(allow hal_wifi init_26_0 (unix_stream_socket (connectto)))
+(allow hal_wifi wifi_prop_26_0 (property_service (set)))
+(allow hal_wifi wifi_prop_26_0 (file (ioctl read getattr lock open)))
+(allow hal_wifi self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx hal_wifi self (ioctl udp_socket (0x8914)))
+(allow hal_wifi self (capability (net_admin net_raw)))
+(allow hal_wifi self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi sysfs_wlan_fwpath_26_0 (file (write lock append open)))
+(allow hal_wifi_offload_client hal_wifi_offload_server (binder (call transfer)))
+(allow hal_wifi_offload_server hal_wifi_offload_client (binder (transfer)))
+(allow hal_wifi_offload_client hal_wifi_offload_server (fd (use)))
+(allow hal_wifi_offload_server hal_wifi_offload_client (binder (call transfer)))
+(allow hal_wifi_offload_client hal_wifi_offload_server (binder (transfer)))
+(allow hal_wifi_offload_server hal_wifi_offload_client (fd (use)))
+(allow hal_wifi_offload proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_offload proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow hal_wifi_offload proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_wifi_offload sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_offload sysfs_type (file (ioctl read getattr lock open)))
+(allow hal_wifi_offload sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (call transfer)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (transfer)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (fd (use)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (call transfer)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (transfer)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (fd (use)))
+(allow hal_wifi_supplicant_server hal_wifi_supplicant_hwservice_26_0 (hwservice_manager (add find)))
+(allow hal_wifi_supplicant_server hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_132_26_0 hal_wifi_supplicant_hwservice_26_0 (hwservice_manager (add)))
+(neverallow hal_wifi_supplicant_server unlabeled_26_0 (hwservice_manager (add)))
+(allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice_26_0 (hwservice_manager (find)))
+(allowx hal_wifi_supplicant self (ioctl udp_socket (0x6900 0x6902)))
+(allowx hal_wifi_supplicant self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hal_wifi_supplicant self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_wifi_supplicant sysfs_type (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_supplicant sysfs_type (file (ioctl read getattr lock open)))
+(allow hal_wifi_supplicant sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow hal_wifi_supplicant proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_wifi_supplicant proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow hal_wifi_supplicant proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hal_wifi_supplicant kernel_26_0 (system (module_request)))
+(allow hal_wifi_supplicant self (capability (setgid setuid net_admin net_raw)))
+(allow hal_wifi_supplicant cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_wifi_supplicant self (netlink_route_socket (nlmsg_write)))
+(allow hal_wifi_supplicant self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_supplicant self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hal_wifi_supplicant self (packet_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (0x6900 0x6902)))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x8906 0x8907)) ((range 0x890b 0x890d)) ((range 0x8910 0x8927)) 0x8929 ((range 0x8930 0x8939)) ((range 0x8940 0x8943)) ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x8b00 0x8b02)) ((range 0x8b04 0x8b1d)) ((range 0x8b20 0x8b2d)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hal_wifi_supplicant wifi_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_wifi_supplicant wifi_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_wifi_supplicant wpa_socket_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hal_wifi_supplicant wpa_socket_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow hal_wifi_supplicant wpa_socket_26_0 (sock_file (write)))
+(allow hal_wifi_supplicant su_26_0 (unix_dgram_socket (sendto)))
+(neverallow hal_wifi_supplicant_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow hal_wifi_supplicant_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow healthd_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow healthd_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow healthd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow healthd_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow healthd_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow healthd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow healthd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow healthd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow healthd_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow healthd_26_0 self (capability (sys_tty_config)))
+(allow healthd_26_0 self (capability (sys_boot)))
+(allow healthd_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow healthd_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow healthd_26_0 self (capability2 (block_suspend)))
+(allow healthd_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 healthd_26_0 (dir (search)))
+(allow servicemanager_26_0 healthd_26_0 (file (read open)))
+(allow servicemanager_26_0 healthd_26_0 (process (getattr)))
+(allow healthd_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 healthd_26_0 (binder (transfer)))
+(allow healthd_26_0 system_server_26_0 (fd (use)))
+(allow healthd_26_0 sysfs_26_0 (file (write)))
+(allow healthd_26_0 sysfs_usb_26_0 (file (write)))
+(allow healthd_26_0 sysfs_batteryinfo_26_0 (file (ioctl read getattr lock open)))
+(allow healthd_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow healthd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow healthd_26_0 pstorefs_26_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow healthd_26_0 graphics_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow healthd_26_0 input_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow healthd_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow healthd_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow healthd_26_0 ashmem_device_26_0 (chr_file (execute)))
+(allow healthd_26_0 self (process (execmem)))
+(allow healthd_26_0 proc_sysrq_26_0 (file (ioctl read write getattr lock append open)))
+(allow healthd_26_0 batteryproperties_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_133_26_0 batteryproperties_service_26_0 (service_manager (add)))
+(neverallow healthd_26_0 unlabeled_26_0 (service_manager (add)))
+(allow healthd_26_0 property_socket_26_0 (sock_file (write)))
+(allow healthd_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow healthd_26_0 system_prop_26_0 (property_service (set)))
+(allow healthd_26_0 system_prop_26_0 (file (ioctl read getattr lock open)))
+(allow hwservicemanager_26_0 self (binder (set_context_mgr)))
+(allow hwservicemanager_26_0 property_socket_26_0 (sock_file (write)))
+(allow hwservicemanager_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow hwservicemanager_26_0 hwservicemanager_prop_26_0 (property_service (set)))
+(allow hwservicemanager_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open)))
+(allow hwservicemanager_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow hwservicemanager_26_0 hwservice_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow hwservicemanager_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow hwservicemanager_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow hwservicemanager_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hwservicemanager_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow hwservicemanager_26_0 kernel_26_0 (security (compute_av)))
+(allow hwservicemanager_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow idmap_26_0 installd_26_0 (fd (use)))
+(allow idmap_26_0 resourcecache_data_file_26_0 (file (read write getattr)))
+(allow idmap_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow idmap_26_0 apk_data_file_26_0 (dir (search)))
+(allow idmap_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow idmap_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open)))
+(allow idmap_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow idmap_26_0 vendor_overlay_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow idmap_26_0 vendor_overlay_file_26_0 (file (ioctl read getattr lock open)))
+(allow idmap_26_0 vendor_overlay_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 tmpfs_26_0 (chr_file (ioctl read write create getattr setattr lock append unlink open)))
+(allow init_26_0 tmpfs_26_0 (chr_file (relabelfrom)))
+(allow init_26_0 kmsg_device_26_0 (chr_file (write relabelto)))
+(allow init_26_0 properties_device_26_0 (dir (relabelto)))
+(allow init_26_0 properties_serial_26_0 (file (write relabelto)))
+(allow init_26_0 property_type (file (ioctl read write create getattr setattr lock relabelto append unlink rename open)))
+(allow init_26_0 device_26_0 (file (relabelfrom)))
+(allow init_26_0 runtime_event_log_tags_file_26_0 (file (write setattr relabelto open)))
+(allow init_26_0 device_26_0 (dir (relabelto)))
+(allow init_26_0 socket_device_26_0 (dir (relabelto)))
+(allow init_26_0 random_device_26_0 (chr_file (relabelto)))
+(allow init_26_0 tmpfs_26_0 (chr_file (relabelfrom)))
+(allow init_26_0 tmpfs_26_0 (blk_file (relabelfrom)))
+(allow init_26_0 tmpfs_26_0 (blk_file (getattr)))
+(allow init_26_0 block_device_26_0 (dir (relabelto)))
+(allow init_26_0 block_device_26_0 (lnk_file (relabelto)))
+(allow init_26_0 block_device_26_0 (blk_file (relabelto)))
+(allow init_26_0 dm_device_26_0 (chr_file (relabelto)))
+(allow init_26_0 dm_device_26_0 (blk_file (relabelto)))
+(allow init_26_0 kernel_26_0 (fd (use)))
+(allow init_26_0 tmpfs_26_0 (lnk_file (read getattr relabelfrom)))
+(allow init_26_0 system_block_device_26_0 (lnk_file (relabelto)))
+(allow init_26_0 system_block_device_26_0 (blk_file (relabelto)))
+(allow init_26_0 self (capability (sys_resource)))
+(allow init_26_0 tmpfs_26_0 (file (unlink)))
+(allow init_26_0 devpts_26_0 (chr_file (read write open)))
+(allow init_26_0 fscklogs_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow init_26_0 tmpfs_26_0 (chr_file (write)))
+(allow init_26_0 console_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow init_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow init_26_0 self (capability (sys_admin)))
+(allow init_26_0 rootfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 rootfs_26_0 (dir (mounton)))
+(allow init_26_0 cgroup_26_0 (dir (mounton)))
+(allow init_26_0 system_file_26_0 (dir (mounton)))
+(allow init_26_0 vendor_file_26_0 (dir (mounton)))
+(allow init_26_0 system_data_file_26_0 (dir (mounton)))
+(allow init_26_0 storage_file_26_0 (dir (mounton)))
+(allow init_26_0 postinstall_mnt_dir_26_0 (dir (mounton)))
+(allow init_26_0 cache_file_26_0 (dir (mounton)))
+(allow init_26_0 device_26_0 (dir (mounton)))
+(allow init_26_0 rootfs_26_0 (lnk_file (create unlink)))
+(allow init_26_0 sysfs_26_0 (dir (mounton)))
+(allow init_26_0 tmpfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 tmpfs_26_0 (dir (mounton)))
+(allow init_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow init_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 cpuctl_device_26_0 (dir (create mounton)))
+(allow init_26_0 configfs_26_0 (dir (mounton)))
+(allow init_26_0 configfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 tmpfs_26_0 (dir (relabelfrom)))
+(allow init_26_0 self (capability (dac_override)))
+(allow init_26_0 self (capability (sys_time)))
+(allow init_26_0 self (capability (sys_rawio mknod)))
+(allow init_26_0 dev_type (blk_file (ioctl read getattr lock open)))
+(allow init_26_0 fs_type (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget)))
+(allow init_26_0 unlabeled_26_0 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget)))
+(allow init_26_0 contextmount_type (filesystem (relabelto)))
+(allow init_26_0 contextmount_type (dir (ioctl read getattr lock search open)))
+(allow init_26_0 contextmount_type (file (ioctl read getattr lock open)))
+(allow init_26_0 contextmount_type (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 contextmount_type (sock_file (ioctl read getattr lock open)))
+(allow init_26_0 contextmount_type (fifo_file (ioctl read getattr lock open)))
+(allow init_26_0 rootfs_26_0 (file (relabelfrom)))
+(allow init_26_0 rootfs_26_0 (dir (relabelfrom)))
+(allow init_26_0 self (capability (chown fowner fsetid)))
+(allow init_26_0 base_typeattr_134_26_0 (dir (ioctl read create getattr setattr search open)))
+(allow init_26_0 base_typeattr_135_26_0 (dir (write relabelfrom add_name remove_name rmdir)))
+(allow init_26_0 base_typeattr_136_26_0 (file (read write create getattr setattr relabelfrom unlink open)))
+(allow init_26_0 base_typeattr_135_26_0 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow init_26_0 base_typeattr_135_26_0 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow init_26_0 base_typeattr_135_26_0 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow init_26_0 cache_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 base_typeattr_137_26_0 (file (relabelto)))
+(allow init_26_0 base_typeattr_137_26_0 (dir (relabelto)))
+(allow init_26_0 base_typeattr_137_26_0 (lnk_file (relabelto)))
+(allow init_26_0 base_typeattr_137_26_0 (chr_file (relabelto)))
+(allow init_26_0 base_typeattr_137_26_0 (blk_file (relabelto)))
+(allow init_26_0 base_typeattr_137_26_0 (sock_file (relabelto)))
+(allow init_26_0 base_typeattr_137_26_0 (fifo_file (relabelto)))
+(allow init_26_0 sysfs_26_0 (file (getattr relabelfrom)))
+(allow init_26_0 sysfs_26_0 (dir (getattr relabelfrom)))
+(allow init_26_0 sysfs_26_0 (lnk_file (getattr relabelfrom)))
+(allow init_26_0 debugfs_26_0 (file (getattr relabelfrom)))
+(allow init_26_0 debugfs_26_0 (dir (getattr relabelfrom)))
+(allow init_26_0 debugfs_26_0 (lnk_file (getattr relabelfrom)))
+(allow init_26_0 debugfs_tracing_26_0 (file (getattr relabelfrom)))
+(allow init_26_0 debugfs_tracing_26_0 (dir (getattr relabelfrom)))
+(allow init_26_0 debugfs_tracing_26_0 (lnk_file (getattr relabelfrom)))
+(allow init_26_0 sysfs_type (file (getattr relabelto)))
+(allow init_26_0 sysfs_type (dir (getattr relabelto)))
+(allow init_26_0 sysfs_type (lnk_file (getattr relabelto)))
+(allow init_26_0 debugfs_type (file (getattr relabelto)))
+(allow init_26_0 debugfs_type (dir (getattr relabelto)))
+(allow init_26_0 debugfs_type (lnk_file (getattr relabelto)))
+(allow init_26_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 dev_type (lnk_file (create)))
+(allow init_26_0 tracing_shell_writable_26_0 (file (write lock append open)))
+(allow init_26_0 debugfs_tracing_instances_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 debugfs_tracing_instances_26_0 (file (write lock append open)))
+(allow init_26_0 debugfs_wifi_tracing_26_0 (file (write lock append open)))
+(allow init_26_0 base_typeattr_138_26_0 (file (read setattr open)))
+(allow init_26_0 base_typeattr_138_26_0 (dir (read setattr search open)))
+(allow init_26_0 base_typeattr_139_26_0 (chr_file (read open)))
+(auditallow init_26_0 base_typeattr_140_26_0 (chr_file (read open)))
+(allow init_26_0 base_typeattr_141_26_0 (chr_file (setattr)))
+(allow init_26_0 unlabeled_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 unlabeled_26_0 (file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open)))
+(allow init_26_0 unlabeled_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open)))
+(allow init_26_0 unlabeled_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open)))
+(allow init_26_0 unlabeled_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open)))
+(allow init_26_0 kernel_26_0 (system (syslog_mod)))
+(allow init_26_0 self (capability2 (syslog)))
+(allow init_26_0 usermodehelper_26_0 (file (ioctl read write getattr lock append open)))
+(allow init_26_0 proc_security_26_0 (file (ioctl read write getattr lock append open)))
+(allow init_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow init_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 proc_26_0 (file (write lock append open)))
+(allow init_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow init_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 proc_net_26_0 (file (write lock append open)))
+(allow init_26_0 self (capability (net_admin)))
+(allow init_26_0 proc_sysrq_26_0 (file (write lock append open)))
+(allow init_26_0 proc_stat_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 self (capability (sys_boot)))
+(allow init_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow init_26_0 sysfs_type (lnk_file (read)))
+(allow init_26_0 sysfs_type (file (ioctl read write getattr lock append open)))
+(allow init_26_0 misc_logd_file_26_0 (dir (read write create getattr setattr add_name search open)))
+(allow init_26_0 misc_logd_file_26_0 (file (write create getattr setattr open)))
+(allow init_26_0 self (capability (kill)))
+(allow init_26_0 domain (process (sigkill signal)))
+(allow init_26_0 keystore_data_file_26_0 (dir (read create getattr setattr search open)))
+(allow init_26_0 keystore_data_file_26_0 (file (getattr)))
+(allow init_26_0 vold_data_file_26_0 (dir (read create getattr setattr search open)))
+(allow init_26_0 vold_data_file_26_0 (file (getattr)))
+(allow init_26_0 shell_data_file_26_0 (dir (read create getattr setattr search open)))
+(allow init_26_0 shell_data_file_26_0 (file (getattr)))
+(allow init_26_0 self (capability (setgid setuid setpcap)))
+(allow init_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow init_26_0 domain (file (ioctl read getattr lock open)))
+(allow init_26_0 domain (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 self (process (setexec setfscreate setsockcreate)))
+(allow init_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 sepolicy_file_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow init_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow init_26_0 kernel_26_0 (security (compute_av)))
+(allow init_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow init_26_0 kernel_26_0 (security (compute_create)))
+(allow init_26_0 domain (unix_stream_socket (create bind)))
+(allow init_26_0 domain (unix_dgram_socket (create bind)))
+(allow init_26_0 property_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 property_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow init_26_0 property_type (property_service (set)))
+(allow init_26_0 self (netlink_audit_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_relay)))
+(allow init_26_0 self (capability (audit_write)))
+(allow init_26_0 self (udp_socket (ioctl create)))
+(allowx init_26_0 self (ioctl udp_socket (0x8914)))
+(allow init_26_0 self (capability (net_raw)))
+(allow init_26_0 kernel_26_0 (process (setsched)))
+(allow init_26_0 swap_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow init_26_0 hw_random_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow init_26_0 device_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow init_26_0 self (capability (sys_tty_config)))
+(allow init_26_0 keychord_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow init_26_0 dm_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow init_26_0 dm_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow init_26_0 metadata_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow init_26_0 pstorefs_26_0 (dir (search)))
+(allow init_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 kernel_26_0 (system (syslog_read)))
+(allow init_26_0 init_26_0 (key (write search setattr)))
+(allow init_26_0 unencrypted_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow init_26_0 proc_overcommit_memory_26_0 (file (write)))
+(allow init_26_0 vold_socket_26_0 (sock_file (write)))
+(allow init_26_0 vold_26_0 (unix_stream_socket (connectto)))
+(allow init_26_0 misc_block_device_26_0 (blk_file (write lock append open)))
+(allow init_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow init_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 vendor_file_type (dir (ioctl read getattr lock search open)))
+(allow init_26_0 vendor_file_type (file (ioctl read getattr lock open)))
+(allow init_26_0 vendor_file_type (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow init_26_0 system_data_file_26_0 (file (read getattr)))
+(allow init_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 vendor_shell_exec_26_0 (file (execute)))
+(neverallow domain init_26_0 (process (dyntransition)))
+(neverallow base_typeattr_15_26_0 init_26_0 (process (transition)))
+(neverallow init_26_0 base_typeattr_142_26_0 (file (entrypoint)))
+(neverallow init_26_0 shell_data_file_26_0 (lnk_file (read)))
+(neverallow init_26_0 app_data_file_26_0 (lnk_file (read)))
+(neverallow init_26_0 fs_type (file (execute_no_trans)))
+(neverallow init_26_0 file_type (file (execute_no_trans)))
+(neverallow init_26_0 service_manager_type (service_manager (add find)))
+(neverallow init_26_0 servicemanager_26_0 (service_manager (list)))
+(neverallow init_26_0 shell_data_file_26_0 (dir (write add_name remove_name)))
+(allow inputflinger_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 inputflinger_26_0 (dir (search)))
+(allow servicemanager_26_0 inputflinger_26_0 (file (read open)))
+(allow servicemanager_26_0 inputflinger_26_0 (process (getattr)))
+(allow inputflinger_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 inputflinger_26_0 (binder (transfer)))
+(allow inputflinger_26_0 system_server_26_0 (fd (use)))
+(allow inputflinger_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow inputflinger_26_0 self (capability2 (block_suspend)))
+(allow inputflinger_26_0 inputflinger_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_143_26_0 inputflinger_service_26_0 (service_manager (add)))
+(neverallow inputflinger_26_0 unlabeled_26_0 (service_manager (add)))
+(allow inputflinger_26_0 input_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow inputflinger_26_0 input_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow inputflinger_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow inputflinger_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow inputflinger_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow install_recovery_26_0 self (capability (dac_override)))
+(allow install_recovery_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow install_recovery_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow install_recovery_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow install_recovery_26_0 block_device_26_0 (dir (search)))
+(allow install_recovery_26_0 boot_block_device_26_0 (blk_file (ioctl read getattr lock open)))
+(allow install_recovery_26_0 recovery_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow install_recovery_26_0 cache_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow install_recovery_26_0 cache_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow install_recovery_26_0 proc_drop_caches_26_0 (file (write lock append open)))
+(allow installd_26_0 self (capability (chown dac_override fowner fsetid setgid setuid sys_admin)))
+(allow installd_26_0 dalvikcache_data_file_26_0 (dir (relabelto)))
+(allow installd_26_0 dalvikcache_data_file_26_0 (file (relabelto link)))
+(allow installd_26_0 apk_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 apk_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom append unlink link rename open)))
+(allow installd_26_0 apk_data_file_26_0 (lnk_file (ioctl read create getattr lock unlink open)))
+(allow installd_26_0 asec_apk_file_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 apk_tmp_file_26_0 (file (ioctl read getattr lock unlink open)))
+(allow installd_26_0 apk_tmp_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 oemfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 oemfs_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 cgroup_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 cgroup_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 mnt_expand_file_26_0 (dir (getattr search)))
+(allow installd_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow installd_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow installd_26_0 kernel_26_0 (security (check_context)))
+(allow installd_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow installd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow installd_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow installd_26_0 vendor_overlay_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 vendor_overlay_file_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 vendor_overlay_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow installd_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 seapp_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 asec_image_file_26_0 (dir (search)))
+(allow installd_26_0 asec_image_file_26_0 (file (getattr)))
+(allow installd_26_0 system_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 system_data_file_26_0 (lnk_file (create setattr unlink)))
+(allow installd_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 media_rw_data_file_26_0 (file (getattr unlink)))
+(allow installd_26_0 system_data_file_26_0 (dir (relabelfrom)))
+(allow installd_26_0 media_rw_data_file_26_0 (dir (relabelto)))
+(allow installd_26_0 tmpfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow installd_26_0 storage_file_26_0 (dir (search)))
+(allow installd_26_0 sdcardfs_26_0 (dir (read write getattr remove_name search rmdir open)))
+(allow installd_26_0 sdcardfs_26_0 (file (getattr unlink)))
+(allow installd_26_0 misc_user_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 misc_user_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 keychain_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 keychain_data_file_26_0 (file (ioctl read getattr lock unlink open)))
+(allow installd_26_0 install_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 dalvikcache_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 dalvikcache_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 dalvikcache_data_file_26_0 (lnk_file (getattr)))
+(allow installd_26_0 resourcecache_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow installd_26_0 resourcecache_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 unlabeled_26_0 (dir (ioctl read write getattr lock relabelfrom add_name remove_name search rmdir open)))
+(allow installd_26_0 unlabeled_26_0 (file (getattr setattr relabelfrom unlink rename)))
+(allow installd_26_0 unlabeled_26_0 (lnk_file (getattr setattr relabelfrom unlink rename)))
+(allow installd_26_0 unlabeled_26_0 (sock_file (getattr setattr relabelfrom unlink rename)))
+(allow installd_26_0 unlabeled_26_0 (fifo_file (getattr setattr relabelfrom unlink rename)))
+(allow installd_26_0 unlabeled_26_0 (file (ioctl read getattr lock open)))
+(allow installd_26_0 system_data_file_26_0 (file (getattr relabelfrom unlink)))
+(allow installd_26_0 system_data_file_26_0 (lnk_file (getattr relabelfrom unlink)))
+(allow installd_26_0 system_data_file_26_0 (sock_file (getattr relabelfrom unlink)))
+(allow installd_26_0 system_data_file_26_0 (fifo_file (getattr relabelfrom unlink)))
+(allow installd_26_0 shell_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 bluetooth_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 nfc_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 radio_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 app_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 system_app_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 shell_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 shell_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 shell_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 shell_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 bluetooth_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 bluetooth_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 bluetooth_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 bluetooth_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 nfc_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 nfc_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 nfc_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 nfc_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 radio_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 radio_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 radio_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 app_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 app_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 app_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 app_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 system_app_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 system_app_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 system_app_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 system_app_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open)))
+(allow installd_26_0 user_profile_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow installd_26_0 user_profile_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow installd_26_0 user_profile_data_file_26_0 (dir (rmdir)))
+(allow installd_26_0 user_profile_data_file_26_0 (file (unlink)))
+(allow installd_26_0 profman_dump_data_file_26_0 (dir (write add_name search)))
+(allow installd_26_0 profman_dump_data_file_26_0 (file (write create setattr open)))
+(allow installd_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow installd_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow installd_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 installd_26_0 (dir (search)))
+(allow servicemanager_26_0 installd_26_0 (file (read open)))
+(allow servicemanager_26_0 installd_26_0 (process (getattr)))
+(allow installd_26_0 installd_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_144_26_0 installd_service_26_0 (service_manager (add)))
+(neverallow installd_26_0 unlabeled_26_0 (service_manager (add)))
+(allow installd_26_0 dumpstate_26_0 (fifo_file (write getattr)))
+(allow installd_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 installd_26_0 (binder (transfer)))
+(allow installd_26_0 system_server_26_0 (fd (use)))
+(allow installd_26_0 permission_service_26_0 (service_manager (find)))
+(allow installd_26_0 block_device_26_0 (dir (search)))
+(allow installd_26_0 labeledfs_26_0 (filesystem (quotamod quotaget)))
+(allow installd_26_0 preloads_data_file_26_0 (file (ioctl read getattr lock unlink open)))
+(allow installd_26_0 preloads_data_file_26_0 (dir (ioctl read write getattr lock remove_name search rmdir open)))
+(allow installd_26_0 preloads_media_file_26_0 (file (ioctl read getattr lock unlink open)))
+(allow installd_26_0 preloads_media_file_26_0 (dir (ioctl read write getattr lock remove_name search rmdir open)))
+(neverallow base_typeattr_145_26_0 installd_service_26_0 (service_manager (find)))
+(neverallow base_typeattr_63_26_0 installd_26_0 (binder (call)))
+(neverallow installd_26_0 base_typeattr_146_26_0 (binder (call)))
+(allow kernel_26_0 self (capability (sys_nice)))
+(allow kernel_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow kernel_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow kernel_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow kernel_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow kernel_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow kernel_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow kernel_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow kernel_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow kernel_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow kernel_26_0 rootfs_26_0 (file (relabelfrom)))
+(allow kernel_26_0 init_exec_26_0 (file (relabelto)))
+(allow kernel_26_0 init_26_0 (process (share)))
+(allow kernel_26_0 unlabeled_26_0 (dir (search)))
+(allow kernel_26_0 usbfs_26_0 (filesystem (mount)))
+(allow kernel_26_0 usbfs_26_0 (dir (search)))
+(dontaudit kernel_26_0 self (security (setenforce)))
+(allow kernel_26_0 self (capability (sys_resource)))
+(allow kernel_26_0 self (capability (sys_boot)))
+(allow kernel_26_0 proc_sysrq_26_0 (file (write lock append open)))
+(allow kernel_26_0 tmpfs_26_0 (chr_file (write)))
+(allow kernel_26_0 selinuxfs_26_0 (file (write)))
+(allow kernel_26_0 self (security (setcheckreqprot)))
+(allow kernel_26_0 priv_app_26_0 (fd (use)))
+(allow kernel_26_0 sdcard_type (file (read write)))
+(allow kernel_26_0 vold_26_0 (fd (use)))
+(allow kernel_26_0 app_data_file_26_0 (file (read)))
+(allow kernel_26_0 asec_image_file_26_0 (file (read)))
+(allow kernel_26_0 update_engine_data_file_26_0 (file (read)))
+(allow kernel_26_0 nativetest_data_file_26_0 (file (read)))
+(allow kernel_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow kernel_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow kernel_26_0 vold_data_file_26_0 (file (read)))
+(neverallow base_typeattr_10_26_0 kernel_26_0 (process (transition dyntransition)))
+(neverallow kernel_26_0 base_typeattr_10_26_0 (file (execute_no_trans entrypoint)))
+(neverallow kernel_26_0 self (capability (dac_override dac_read_search)))
+(allow keystore_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 keystore_26_0 (dir (search)))
+(allow servicemanager_26_0 keystore_26_0 (file (read open)))
+(allow servicemanager_26_0 keystore_26_0 (process (getattr)))
+(allow keystore_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 keystore_26_0 (binder (transfer)))
+(allow keystore_26_0 system_server_26_0 (fd (use)))
+(allow keystore_26_0 keystore_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow keystore_26_0 keystore_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow keystore_26_0 keystore_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow keystore_26_0 keystore_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow keystore_26_0 keystore_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow keystore_26_0 keystore_exec_26_0 (file (getattr)))
+(allow keystore_26_0 keystore_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_147_26_0 keystore_service_26_0 (service_manager (add)))
+(neverallow keystore_26_0 unlabeled_26_0 (service_manager (add)))
+(allow keystore_26_0 sec_key_att_app_id_provider_service_26_0 (service_manager (find)))
+(allow keystore_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow keystore_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow keystore_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow keystore_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow keystore_26_0 kernel_26_0 (security (compute_av)))
+(allow keystore_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow keystore_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow keystore_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow keystore_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (dir (write lock relabelfrom append unlink link rename execute quotaon mounton add_name remove_name reparent rmdir audit_access execmod)))
+(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (sock_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (fifo_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_10_26_0 keystore_26_0 (process (ptrace)))
+(allow lmkd_26_0 self (capability (dac_override kill sys_resource)))
+(allow lmkd_26_0 self (capability (ipc_lock)))
+(allow lmkd_26_0 appdomain (dir (ioctl read getattr lock search open)))
+(allow lmkd_26_0 appdomain (file (ioctl read getattr lock open)))
+(allow lmkd_26_0 appdomain (lnk_file (ioctl read getattr lock open)))
+(allow lmkd_26_0 appdomain (file (write)))
+(allow lmkd_26_0 system_server_26_0 (dir (ioctl read getattr lock search open)))
+(allow lmkd_26_0 system_server_26_0 (file (ioctl read getattr lock open)))
+(allow lmkd_26_0 system_server_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow lmkd_26_0 system_server_26_0 (file (write)))
+(allow lmkd_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow lmkd_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow lmkd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow lmkd_26_0 sysfs_lowmemorykiller_26_0 (file (write lock append open)))
+(allow lmkd_26_0 appdomain (process (sigkill)))
+(allow lmkd_26_0 cgroup_26_0 (dir (remove_name rmdir)))
+(allow lmkd_26_0 self (capability (sys_nice)))
+(allow lmkd_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open)))
+(neverallow base_typeattr_10_26_0 lmkd_26_0 (process (noatsecure)))
+(allow logd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow logd_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow logd_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow logd_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow logd_26_0 proc_meminfo_26_0 (dir (ioctl read getattr lock search open)))
+(allow logd_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 proc_meminfo_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow logd_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow logd_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow logd_26_0 self (capability (setgid setuid setpcap sys_nice audit_control)))
+(allow logd_26_0 self (capability2 (syslog)))
+(allow logd_26_0 self (netlink_audit_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_write)))
+(allow logd_26_0 kernel_26_0 (system (syslog_read)))
+(allow logd_26_0 kmsg_device_26_0 (chr_file (write lock append open)))
+(allow logd_26_0 system_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow logd_26_0 pstorefs_26_0 (dir (search)))
+(allow logd_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 misc_logd_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow logd_26_0 misc_logd_file_26_0 (file (ioctl read write getattr lock append open)))
+(allow logd_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read write getattr lock append open)))
+(allow logd_26_0 device_logging_prop_26_0 (file (ioctl read getattr lock open)))
+(allow logd_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow logd_26_0 domain (file (ioctl read getattr lock open)))
+(allow logd_26_0 domain (lnk_file (ioctl read getattr lock open)))
+(allow logd_26_0 kernel_26_0 (system (syslog_mod)))
+(allow logd_26_0 logd_socket_26_0 (sock_file (write)))
+(allow logd_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(allow logd_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read getattr lock open)))
+(allow runtime_event_log_tags_file_26_0 tmpfs_26_0 (filesystem (associate)))
+(dontaudit domain runtime_event_log_tags_file_26_0 (file (read open)))
+(neverallow logd_26_0 dev_type (blk_file (read write)))
+(neverallow logd_26_0 domain (process (ptrace)))
+(neverallow base_typeattr_149_26_0 logd_26_0 (process (ptrace)))
+(neverallow logd_26_0 system_file_26_0 (file (write)))
+(neverallow logd_26_0 system_file_26_0 (dir (write)))
+(neverallow logd_26_0 system_file_26_0 (lnk_file (write)))
+(neverallow logd_26_0 system_file_26_0 (chr_file (write)))
+(neverallow logd_26_0 system_file_26_0 (blk_file (write)))
+(neverallow logd_26_0 system_file_26_0 (sock_file (write)))
+(neverallow logd_26_0 system_file_26_0 (fifo_file (write)))
+(neverallow logd_26_0 system_data_file_26_0 (file (write)))
+(neverallow logd_26_0 system_data_file_26_0 (dir (write)))
+(neverallow logd_26_0 system_data_file_26_0 (lnk_file (write)))
+(neverallow logd_26_0 system_data_file_26_0 (chr_file (write)))
+(neverallow logd_26_0 system_data_file_26_0 (blk_file (write)))
+(neverallow logd_26_0 system_data_file_26_0 (sock_file (write)))
+(neverallow logd_26_0 system_data_file_26_0 (fifo_file (write)))
+(neverallow logd_26_0 app_data_file_26_0 (file (write)))
+(neverallow logd_26_0 app_data_file_26_0 (dir (write)))
+(neverallow logd_26_0 app_data_file_26_0 (lnk_file (write)))
+(neverallow logd_26_0 app_data_file_26_0 (chr_file (write)))
+(neverallow logd_26_0 app_data_file_26_0 (blk_file (write)))
+(neverallow logd_26_0 app_data_file_26_0 (sock_file (write)))
+(neverallow logd_26_0 app_data_file_26_0 (fifo_file (write)))
+(neverallow base_typeattr_5_26_0 logd_26_0 (process (transition)))
+(neverallow base_typeattr_10_26_0 logd_26_0 (process (dyntransition)))
+(neverallow base_typeattr_150_26_0 runtime_event_log_tags_file_26_0 (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow logpersist_26_0 dev_type (blk_file (read write)))
+(neverallow logpersist_26_0 domain (process (ptrace)))
+(neverallow logpersist_26_0 system_data_file_26_0 (file (write)))
+(neverallow logpersist_26_0 system_data_file_26_0 (dir (write)))
+(neverallow logpersist_26_0 system_data_file_26_0 (lnk_file (write)))
+(neverallow logpersist_26_0 system_data_file_26_0 (chr_file (write)))
+(neverallow logpersist_26_0 system_data_file_26_0 (blk_file (write)))
+(neverallow logpersist_26_0 system_data_file_26_0 (sock_file (write)))
+(neverallow logpersist_26_0 system_data_file_26_0 (fifo_file (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (file (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (dir (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (lnk_file (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (chr_file (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (blk_file (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (sock_file (write)))
+(neverallow logpersist_26_0 app_data_file_26_0 (fifo_file (write)))
+(neverallow base_typeattr_10_26_0 logpersist_26_0 (process (dyntransition)))
+(allow mediacodec_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open)))
+(allow mediacodec_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediacodec_26_0 vndservicemanager_26_0 (binder (call transfer)))
+(allow vndservicemanager_26_0 mediacodec_26_0 (dir (search)))
+(allow vndservicemanager_26_0 mediacodec_26_0 (file (read open)))
+(allow vndservicemanager_26_0 mediacodec_26_0 (process (getattr)))
+(allow mediacodec_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediacodec_26_0 (binder (transfer)))
+(allow mediacodec_26_0 binderservicedomain (fd (use)))
+(allow mediacodec_26_0 appdomain (binder (call transfer)))
+(allow appdomain mediacodec_26_0 (binder (transfer)))
+(allow mediacodec_26_0 appdomain (fd (use)))
+(allow mediacodec_26_0 hal_graphics_composer (fd (use)))
+(allow mediacodec_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediacodec_26_0 video_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediacodec_26_0 video_device_26_0 (dir (search)))
+(allow mediacodec_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediacodec_26_0 hal_camera (fd (use)))
+(allow mediacodec_26_0 su_26_0 (fifo_file (append)))
+(allow mediacodec_26_0 anr_data_file_26_0 (file (append)))
+(allow mediacodec_26_0 dumpstate_26_0 (fd (use)))
+(allow mediacodec_26_0 dumpstate_26_0 (fifo_file (write append)))
+(allow mediacodec_26_0 tombstoned_26_0 (unix_stream_socket (connectto)))
+(allow mediacodec_26_0 tombstoned_26_0 (fd (use)))
+(allow mediacodec_26_0 tombstoned_crash_socket_26_0 (sock_file (write)))
+(allow mediacodec_26_0 tombstone_data_file_26_0 (file (append)))
+(allow mediacodec_26_0 hal_omx_hwservice_26_0 (hwservice_manager (add find)))
+(allow mediacodec_26_0 hidl_base_hwservice_26_0 (hwservice_manager (add)))
+(neverallow base_typeattr_151_26_0 hal_omx_hwservice_26_0 (hwservice_manager (add)))
+(neverallow mediacodec_26_0 unlabeled_26_0 (hwservice_manager (add)))
+(allow mediacodec_26_0 bufferhubd_26_0 (fd (use)))
+(neverallow mediacodec_26_0 fs_type (file (execute_no_trans)))
+(neverallow mediacodec_26_0 file_type (file (execute_no_trans)))
+(neverallow mediacodec_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow mediacodec_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediacodec_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow mediadrmserver_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 mediadrmserver_26_0 (dir (search)))
+(allow servicemanager_26_0 mediadrmserver_26_0 (file (read open)))
+(allow servicemanager_26_0 mediadrmserver_26_0 (process (getattr)))
+(allow mediadrmserver_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediadrmserver_26_0 (binder (transfer)))
+(allow mediadrmserver_26_0 binderservicedomain (fd (use)))
+(allow mediadrmserver_26_0 appdomain (binder (call transfer)))
+(allow appdomain mediadrmserver_26_0 (binder (transfer)))
+(allow mediadrmserver_26_0 appdomain (fd (use)))
+(allow mediadrmserver_26_0 mediadrmserver_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_152_26_0 mediadrmserver_service_26_0 (service_manager (add)))
+(neverallow mediadrmserver_26_0 unlabeled_26_0 (service_manager (add)))
+(allow mediadrmserver_26_0 mediaserver_service_26_0 (service_manager (find)))
+(allow mediadrmserver_26_0 mediametrics_service_26_0 (service_manager (find)))
+(allow mediadrmserver_26_0 processinfo_service_26_0 (service_manager (find)))
+(allow mediadrmserver_26_0 surfaceflinger_service_26_0 (service_manager (find)))
+(allow mediadrmserver_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediadrmserver_26_0 mediacasserver_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_152_26_0 mediacasserver_service_26_0 (service_manager (add)))
+(neverallow mediadrmserver_26_0 unlabeled_26_0 (service_manager (add)))
+(allow mediadrmserver_26_0 mediacodec_26_0 (binder (call transfer)))
+(allow mediacodec_26_0 mediadrmserver_26_0 (binder (transfer)))
+(allow mediadrmserver_26_0 mediacodec_26_0 (fd (use)))
+(neverallow mediadrmserver_26_0 fs_type (file (execute_no_trans)))
+(neverallow mediadrmserver_26_0 file_type (file (execute_no_trans)))
+(neverallowx mediadrmserver_26_0 domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx mediadrmserver_26_0 domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx mediadrmserver_26_0 domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx mediadrmserver_26_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediadrmserver_26_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediadrmserver_26_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediadrmserver_26_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediadrmserver_26_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediadrmserver_26_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow mediaextractor_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 mediaextractor_26_0 (dir (search)))
+(allow servicemanager_26_0 mediaextractor_26_0 (file (read open)))
+(allow servicemanager_26_0 mediaextractor_26_0 (process (getattr)))
+(allow mediaextractor_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediaextractor_26_0 (binder (transfer)))
+(allow mediaextractor_26_0 binderservicedomain (fd (use)))
+(allow mediaextractor_26_0 appdomain (binder (call transfer)))
+(allow appdomain mediaextractor_26_0 (binder (transfer)))
+(allow mediaextractor_26_0 appdomain (fd (use)))
+(allow mediaextractor_26_0 mediaextractor_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_153_26_0 mediaextractor_service_26_0 (service_manager (add)))
+(neverallow mediaextractor_26_0 unlabeled_26_0 (service_manager (add)))
+(allow mediaextractor_26_0 mediametrics_service_26_0 (service_manager (find)))
+(allow mediaextractor_26_0 mediacasserver_service_26_0 (service_manager (find)))
+(allow mediaextractor_26_0 system_server_26_0 (fd (use)))
+(allow mediaextractor_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediaextractor_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow mediaextractor_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow mediaextractor_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow mediaextractor_26_0 su_26_0 (fifo_file (append)))
+(allow mediaextractor_26_0 anr_data_file_26_0 (file (append)))
+(allow mediaextractor_26_0 dumpstate_26_0 (fd (use)))
+(allow mediaextractor_26_0 dumpstate_26_0 (fifo_file (write append)))
+(allow mediaextractor_26_0 tombstoned_26_0 (unix_stream_socket (connectto)))
+(allow mediaextractor_26_0 tombstoned_26_0 (fd (use)))
+(allow mediaextractor_26_0 tombstoned_crash_socket_26_0 (sock_file (write)))
+(allow mediaextractor_26_0 tombstone_data_file_26_0 (file (append)))
+(allow mediaextractor_26_0 media_rw_data_file_26_0 (file (read getattr)))
+(allow mediaextractor_26_0 app_data_file_26_0 (file (read getattr)))
+(allow mediaextractor_26_0 apk_data_file_26_0 (file (read getattr)))
+(allow mediaextractor_26_0 asec_apk_file_26_0 (file (read getattr)))
+(allow mediaextractor_26_0 ringtone_file_26_0 (file (read getattr)))
+(neverallow mediaextractor_26_0 fs_type (file (execute_no_trans)))
+(neverallow mediaextractor_26_0 file_type (file (execute_no_trans)))
+(neverallow mediaextractor_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow mediaextractor_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediaextractor_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow mediametrics_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 mediametrics_26_0 (dir (search)))
+(allow servicemanager_26_0 mediametrics_26_0 (file (read open)))
+(allow servicemanager_26_0 mediametrics_26_0 (process (getattr)))
+(allow mediametrics_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediametrics_26_0 (binder (transfer)))
+(allow mediametrics_26_0 binderservicedomain (fd (use)))
+(allow mediametrics_26_0 mediametrics_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_154_26_0 mediametrics_service_26_0 (service_manager (add)))
+(neverallow mediametrics_26_0 unlabeled_26_0 (service_manager (add)))
+(allow mediametrics_26_0 system_server_26_0 (fd (use)))
+(allow mediametrics_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediametrics_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow mediametrics_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow mediametrics_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow mediametrics_26_0 app_data_file_26_0 (file (write)))
+(neverallow mediametrics_26_0 fs_type (file (execute_no_trans)))
+(neverallow mediametrics_26_0 file_type (file (execute_no_trans)))
+(neverallow mediametrics_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow mediametrics_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow mediametrics_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(allow mediaserver_26_0 sdcard_type (dir (ioctl read getattr lock search open)))
+(allow mediaserver_26_0 sdcard_type (file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 sdcard_type (lnk_file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 proc_26_0 (lnk_file (getattr)))
+(allow mediaserver_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_26_0 self (process (ptrace)))
+(allow mediaserver_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 mediaserver_26_0 (dir (search)))
+(allow servicemanager_26_0 mediaserver_26_0 (file (read open)))
+(allow servicemanager_26_0 mediaserver_26_0 (process (getattr)))
+(allow mediaserver_26_0 binderservicedomain (binder (call transfer)))
+(allow binderservicedomain mediaserver_26_0 (binder (transfer)))
+(allow mediaserver_26_0 binderservicedomain (fd (use)))
+(allow mediaserver_26_0 appdomain (binder (call transfer)))
+(allow appdomain mediaserver_26_0 (binder (transfer)))
+(allow mediaserver_26_0 appdomain (fd (use)))
+(allow mediaserver_26_0 media_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow mediaserver_26_0 media_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow mediaserver_26_0 app_data_file_26_0 (dir (search)))
+(allow mediaserver_26_0 app_data_file_26_0 (file (ioctl read write getattr lock append open)))
+(allow mediaserver_26_0 sdcard_type (file (write)))
+(allow mediaserver_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediaserver_26_0 video_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_26_0 video_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediaserver_26_0 property_socket_26_0 (sock_file (write)))
+(allow mediaserver_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow mediaserver_26_0 audio_prop_26_0 (property_service (set)))
+(allow mediaserver_26_0 audio_prop_26_0 (file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 sysfs_26_0 (file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 apk_data_file_26_0 (file (read getattr)))
+(allow mediaserver_26_0 asec_apk_file_26_0 (file (read getattr)))
+(allow mediaserver_26_0 ringtone_file_26_0 (file (read getattr)))
+(allow mediaserver_26_0 radio_data_file_26_0 (file (read getattr)))
+(allow mediaserver_26_0 appdomain (fifo_file (read write getattr)))
+(allow mediaserver_26_0 rpmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow mediaserver_26_0 system_server_26_0 (fifo_file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 media_rw_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow mediaserver_26_0 media_rw_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 media_rw_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 app_fuse_file_26_0 (file (read getattr)))
+(allow mediaserver_26_0 qtaguid_proc_26_0 (file (ioctl read write getattr lock append open)))
+(allow mediaserver_26_0 qtaguid_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 drmserver_socket_26_0 (sock_file (write)))
+(allow mediaserver_26_0 drmserver_26_0 (unix_stream_socket (connectto)))
+(allow mediaserver_26_0 bluetooth_socket_26_0 (sock_file (write)))
+(allow mediaserver_26_0 bluetooth_26_0 (unix_stream_socket (connectto)))
+(allow mediaserver_26_0 mediaserver_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_155_26_0 mediaserver_service_26_0 (service_manager (add)))
+(neverallow mediaserver_26_0 unlabeled_26_0 (service_manager (add)))
+(allow mediaserver_26_0 activity_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 appops_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 audioserver_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 cameraserver_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 batterystats_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 drmserver_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 mediaextractor_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 mediacodec_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 mediametrics_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 media_session_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 permission_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 power_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 processinfo_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 scheduling_policy_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 surfaceflinger_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 mediadrmserver_service_26_0 (service_manager (find)))
+(allow mediaserver_26_0 hidl_token_hwservice_26_0 (hwservice_manager (find)))
+(allow mediaserver_26_0 oemfs_26_0 (dir (search)))
+(allow mediaserver_26_0 oemfs_26_0 (file (ioctl read getattr lock open)))
+(allow drmserver_26_0 mediaserver_26_0 (dir (search)))
+(allow drmserver_26_0 mediaserver_26_0 (file (read open)))
+(allow drmserver_26_0 mediaserver_26_0 (process (getattr)))
+(allow mediaserver_26_0 drmserver_26_0 (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread)))
+(allowx mediaserver_26_0 self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx mediaserver_26_0 self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx mediaserver_26_0 self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451)))
+(allowx mediaserver_26_0 self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx mediaserver_26_0 self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx mediaserver_26_0 self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942)))
+(allowx mediaserver_26_0 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx mediaserver_26_0 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allowx mediaserver_26_0 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d)))
+(allow mediaserver_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow mediaserver_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow mediaserver_26_0 preloads_media_file_26_0 (file (ioctl read getattr)))
+(allow mediaserver_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow mediaserver_26_0 hal_graphics_allocator (fd (use)))
+(allow mediaserver_26_0 hal_graphics_composer (fd (use)))
+(allow mediaserver_26_0 hal_camera (fd (use)))
+(allow mediaserver_26_0 system_server_26_0 (fd (use)))
+(allow mediaserver_26_0 mediacodec_26_0 (binder (call transfer)))
+(allow mediacodec_26_0 mediaserver_26_0 (binder (transfer)))
+(allow mediaserver_26_0 mediacodec_26_0 (fd (use)))
+(neverallow mediaserver_26_0 fs_type (file (execute_no_trans)))
+(neverallow mediaserver_26_0 file_type (file (execute_no_trans)))
+(neverallowx mediaserver_26_0 domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx mediaserver_26_0 domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx mediaserver_26_0 domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx mediaserver_26_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediaserver_26_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediaserver_26_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx mediaserver_26_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediaserver_26_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx mediaserver_26_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow modprobe_26_0 proc_modules_26_0 (file (ioctl read getattr lock open)))
+(allow modprobe_26_0 self (capability (sys_module)))
+(allow modprobe_26_0 kernel_26_0 (key (search)))
+(allow modprobe_26_0 system_file_26_0 (system (module_load)))
+(allow modprobe_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow modprobe_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow modprobe_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow mtp_26_0 self (socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow mtp_26_0 self (capability (net_raw)))
+(allow mtp_26_0 ppp_26_0 (process (signal)))
+(allow mtp_26_0 vpn_data_file_26_0 (dir (search)))
+(allowx netd_26_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx netd_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx netd_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow netd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow netd_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow netd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow netd_26_0 system_server_26_0 (fd (use)))
+(allow netd_26_0 self (capability (kill net_admin net_raw)))
+(dontaudit netd_26_0 self (capability (fsetid)))
+(allow netd_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_26_0 self (netlink_route_socket (nlmsg_write)))
+(allow netd_26_0 self (netlink_nflog_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_26_0 self (netlink_tcpdiag_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
+(allow netd_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_26_0 self (netlink_netfilter_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow netd_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow netd_26_0 system_file_26_0 (file (getattr execute execute_no_trans)))
+(allow netd_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow netd_26_0 system_file_26_0 (file (lock)))
+(allow netd_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow netd_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow netd_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow netd_26_0 proc_net_26_0 (file (ioctl read write getattr lock append open)))
+(allow netd_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow netd_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow netd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow netd_26_0 sysfs_26_0 (file (write)))
+(allow netd_26_0 sysfs_usb_26_0 (file (write)))
+(allow netd_26_0 self (capability (chown dac_override)))
+(allow netd_26_0 net_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow netd_26_0 net_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow netd_26_0 self (capability (fowner)))
+(allow netd_26_0 dnsmasq_26_0 (process (signal)))
+(allow netd_26_0 clatd_26_0 (process (signal)))
+(allow netd_26_0 property_socket_26_0 (sock_file (write)))
+(allow netd_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow netd_26_0 ctl_mdnsd_prop_26_0 (property_service (set)))
+(allow netd_26_0 ctl_mdnsd_prop_26_0 (file (ioctl read getattr lock open)))
+(allow netd_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 netd_26_0 (dir (search)))
+(allow servicemanager_26_0 netd_26_0 (file (read open)))
+(allow servicemanager_26_0 netd_26_0 (process (getattr)))
+(allow netd_26_0 netd_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_156_26_0 netd_service_26_0 (service_manager (add)))
+(neverallow netd_26_0 unlabeled_26_0 (service_manager (add)))
+(allow netd_26_0 dumpstate_26_0 (fifo_file (write getattr)))
+(allow netd_26_0 system_server_26_0 (binder (call)))
+(allow netd_26_0 permission_service_26_0 (service_manager (find)))
+(allow netd_26_0 netd_listener_service_26_0 (service_manager (find)))
+(allow netd_26_0 netdomain (tcp_socket (read write getattr setattr getopt setopt)))
+(allow netd_26_0 netdomain (udp_socket (read write getattr setattr getopt setopt)))
+(allow netd_26_0 netdomain (rawip_socket (read write getattr setattr getopt setopt)))
+(allow netd_26_0 netdomain (tun_socket (read write getattr setattr getopt setopt)))
+(allow netd_26_0 netdomain (fd (use)))
+(allow netd_26_0 self (netlink_xfrm_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
+(neverallow netd_26_0 dev_type (blk_file (read write)))
+(neverallow netd_26_0 domain (process (ptrace)))
+(neverallow netd_26_0 system_file_26_0 (file (write)))
+(neverallow netd_26_0 system_file_26_0 (dir (write)))
+(neverallow netd_26_0 system_file_26_0 (lnk_file (write)))
+(neverallow netd_26_0 system_file_26_0 (chr_file (write)))
+(neverallow netd_26_0 system_file_26_0 (blk_file (write)))
+(neverallow netd_26_0 system_file_26_0 (sock_file (write)))
+(neverallow netd_26_0 system_file_26_0 (fifo_file (write)))
+(neverallow netd_26_0 system_data_file_26_0 (file (write)))
+(neverallow netd_26_0 system_data_file_26_0 (dir (write)))
+(neverallow netd_26_0 system_data_file_26_0 (lnk_file (write)))
+(neverallow netd_26_0 system_data_file_26_0 (chr_file (write)))
+(neverallow netd_26_0 system_data_file_26_0 (blk_file (write)))
+(neverallow netd_26_0 system_data_file_26_0 (sock_file (write)))
+(neverallow netd_26_0 system_data_file_26_0 (fifo_file (write)))
+(neverallow netd_26_0 app_data_file_26_0 (file (write)))
+(neverallow netd_26_0 app_data_file_26_0 (dir (write)))
+(neverallow netd_26_0 app_data_file_26_0 (lnk_file (write)))
+(neverallow netd_26_0 app_data_file_26_0 (chr_file (write)))
+(neverallow netd_26_0 app_data_file_26_0 (blk_file (write)))
+(neverallow netd_26_0 app_data_file_26_0 (sock_file (write)))
+(neverallow netd_26_0 app_data_file_26_0 (fifo_file (write)))
+(neverallow base_typeattr_157_26_0 netd_service_26_0 (service_manager (find)))
+(neverallow base_typeattr_63_26_0 netd_26_0 (binder (call)))
+(neverallow netd_26_0 base_typeattr_146_26_0 (binder (call)))
+(neverallow domain netutils_wrapper_exec_26_0 (file (execute_no_trans)))
+(allow otapreopt_chroot_26_0 postinstall_file_26_0 (dir (mounton search)))
+(allow otapreopt_chroot_26_0 self (capability (sys_chroot sys_admin)))
+(allow otapreopt_chroot_26_0 block_device_26_0 (dir (search)))
+(allow otapreopt_chroot_26_0 labeledfs_26_0 (filesystem (mount)))
+(dontaudit otapreopt_chroot_26_0 kernel_26_0 (process (setsched)))
+(allow otapreopt_chroot_26_0 postinstall_26_0 (fd (use)))
+(allow otapreopt_chroot_26_0 update_engine_26_0 (fd (use)))
+(allow otapreopt_chroot_26_0 update_engine_26_0 (fifo_file (write)))
+(allow otapreopt_slot_26_0 ota_data_file_26_0 (dir (ioctl read write getattr lock rename add_name remove_name reparent search rmdir open)))
+(allow otapreopt_slot_26_0 ota_data_file_26_0 (file (getattr)))
+(allow otapreopt_slot_26_0 ota_data_file_26_0 (lnk_file (getattr)))
+(allow otapreopt_slot_26_0 ota_data_file_26_0 (lnk_file (read)))
+(allow otapreopt_slot_26_0 dalvikcache_data_file_26_0 (dir (read write getattr add_name remove_name search rmdir open)))
+(allow otapreopt_slot_26_0 dalvikcache_data_file_26_0 (file (getattr unlink)))
+(allow otapreopt_slot_26_0 dalvikcache_data_file_26_0 (lnk_file (read getattr unlink)))
+(allow otapreopt_slot_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow otapreopt_slot_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow init_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (create bind)))
+(allow performanced_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown)))
+(allow performanced_26_0 self (process (setsockcreate)))
+(allow performanced_26_0 pdx_performance_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown)))
+(neverallow base_typeattr_158_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(allow performanced_26_0 self (capability (setgid setuid sys_nice)))
+(allow performanced_26_0 appdomain (dir (ioctl read getattr lock search open)))
+(allow performanced_26_0 bufferhubd_26_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_26_0 kernel_26_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_26_0 surfaceflinger_26_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_26_0 appdomain (file (ioctl read getattr lock open)))
+(allow performanced_26_0 appdomain (lnk_file (ioctl read getattr lock open)))
+(allow performanced_26_0 bufferhubd_26_0 (file (ioctl read getattr lock open)))
+(allow performanced_26_0 bufferhubd_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow performanced_26_0 kernel_26_0 (file (ioctl read getattr lock open)))
+(allow performanced_26_0 kernel_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow performanced_26_0 surfaceflinger_26_0 (file (ioctl read getattr lock open)))
+(allow performanced_26_0 surfaceflinger_26_0 (lnk_file (ioctl read getattr lock open)))
+(dontaudit performanced_26_0 domain (dir (read)))
+(allow performanced_26_0 appdomain (process (setsched)))
+(allow performanced_26_0 bufferhubd_26_0 (process (setsched)))
+(allow performanced_26_0 kernel_26_0 (process (setsched)))
+(allow performanced_26_0 surfaceflinger_26_0 (process (setsched)))
+(allow performanced_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow performanced_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow performanced_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow perfprofd_26_0 sysfs_devices_system_cpu_26_0 (file (ioctl read write getattr lock append open)))
+(allow perfprofd_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow perfprofd_26_0 app_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow perfprofd_26_0 app_data_file_26_0 (dir (search)))
+(allow perfprofd_26_0 self (capability (dac_override)))
+(allow perfprofd_26_0 perfprofd_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow perfprofd_26_0 perfprofd_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow perfprofd_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow perfprofd_26_0 logdr_socket_26_0 (sock_file (write)))
+(allow perfprofd_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(allow perfprofd_26_0 logdw_socket_26_0 (sock_file (write)))
+(allow perfprofd_26_0 logd_26_0 (unix_dgram_socket (sendto)))
+(allow perfprofd_26_0 pmsg_device_26_0 (chr_file (write lock append open)))
+(allow perfprofd_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow perfprofd_26_0 self (capability2 (block_suspend)))
+(allow perfprofd_26_0 self (capability (sys_admin)))
+(allow perfprofd_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow perfprofd_26_0 domain (file (ioctl read getattr lock open)))
+(allow perfprofd_26_0 domain (lnk_file (ioctl read getattr lock open)))
+(allow perfprofd_26_0 self (capability (sys_ptrace sys_resource)))
+(neverallow perfprofd_26_0 domain (process (ptrace)))
+(allow perfprofd_26_0 exec_type (file (ioctl read getattr lock open)))
+(allow perfprofd_26_0 debugfs_tracing_26_0 (file (ioctl read getattr lock open)))
+(allow perfprofd_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow perfprofd_26_0 self (capability (ipc_lock)))
+(allow postinstall_26_0 update_engine_common (fd (use)))
+(allow postinstall_26_0 update_engine_common (fifo_file (ioctl read write getattr lock append open)))
+(allow postinstall_26_0 postinstall_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow postinstall_26_0 postinstall_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow postinstall_26_0 postinstall_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow postinstall_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow postinstall_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow postinstall_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 postinstall_26_0 (dir (search)))
+(allow servicemanager_26_0 postinstall_26_0 (file (read open)))
+(allow servicemanager_26_0 postinstall_26_0 (process (getattr)))
+(allow postinstall_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 postinstall_26_0 (binder (transfer)))
+(allow postinstall_26_0 system_server_26_0 (fd (use)))
+(allow postinstall_26_0 otadexopt_service_26_0 (service_manager (find)))
+(neverallow base_typeattr_35_26_0 postinstall_26_0 (process (transition dyntransition)))
+(allow postinstall_dexopt_26_0 self (capability (chown dac_override fowner setgid setuid)))
+(allow postinstall_dexopt_26_0 postinstall_file_26_0 (filesystem (getattr)))
+(allow postinstall_dexopt_26_0 postinstall_file_26_0 (dir (getattr search)))
+(allow postinstall_dexopt_26_0 postinstall_file_26_0 (lnk_file (read)))
+(allow postinstall_dexopt_26_0 proc_26_0 (file (read getattr open)))
+(allow postinstall_dexopt_26_0 tmpfs_26_0 (file (read)))
+(allow postinstall_dexopt_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 user_profile_data_file_26_0 (dir (getattr search)))
+(allow postinstall_dexopt_26_0 user_profile_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 ota_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow postinstall_dexopt_26_0 ota_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow postinstall_dexopt_26_0 ota_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (dir (relabelto)))
+(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (file (relabelto link)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow postinstall_dexopt_26_0 kernel_26_0 (security (check_context)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow postinstall_dexopt_26_0 kernel_26_0 (security (compute_av)))
+(allow postinstall_dexopt_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow postinstall_dexopt_26_0 postinstall_26_0 (process (sigchld)))
+(allow postinstall_dexopt_26_0 otapreopt_chroot_26_0 (fd (use)))
+(allow postinstall_dexopt_26_0 cpuctl_device_26_0 (dir (search)))
+(allow ppp_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow ppp_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow ppp_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow ppp_26_0 mtp_26_0 (socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx ppp_26_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx ppp_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx ppp_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allowx ppp_26_0 mtp_26_0 (ioctl socket (((range 0x7436 0x7441)) ((range 0x7446 0x7447)) ((range 0x744b 0x745a)) ((range 0x7480 0x7488)))))
+(allow ppp_26_0 mtp_26_0 (unix_dgram_socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow ppp_26_0 ppp_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow ppp_26_0 self (capability (net_admin)))
+(allow ppp_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow ppp_26_0 vpn_data_file_26_0 (dir (write lock add_name remove_name search open)))
+(allow ppp_26_0 vpn_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow ppp_26_0 mtp_26_0 (fd (use)))
+(allow preopt2cachename_26_0 cppreopts_26_0 (fd (use)))
+(allow preopt2cachename_26_0 cppreopts_26_0 (fifo_file (read write getattr)))
+(allow preopt2cachename_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow profman_26_0 user_profile_data_file_26_0 (file (read write getattr lock)))
+(allow profman_26_0 asec_apk_file_26_0 (file (read)))
+(allow profman_26_0 apk_data_file_26_0 (file (read)))
+(allow profman_26_0 oemfs_26_0 (file (read)))
+(allow profman_26_0 tmpfs_26_0 (file (read)))
+(allow profman_26_0 profman_dump_data_file_26_0 (file (write)))
+(allow profman_26_0 installd_26_0 (fd (use)))
+(allow profman_26_0 app_data_file_26_0 (file (read write getattr lock)))
+(neverallow profman_26_0 app_data_file_26_0 (file (open)))
+(neverallow profman_26_0 app_data_file_26_0 (lnk_file (open)))
+(neverallow profman_26_0 app_data_file_26_0 (sock_file (open)))
+(neverallow profman_26_0 app_data_file_26_0 (fifo_file (open)))
+(allow property_type tmpfs_26_0 (filesystem (associate)))
+(neverallow base_typeattr_10_26_0 base_typeattr_159_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open)))
+(allowx racoon_26_0 self (ioctl udp_socket (0x8914 0x8916 0x891c)))
+(allow racoon_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 racoon_26_0 (dir (search)))
+(allow servicemanager_26_0 racoon_26_0 (file (read open)))
+(allow servicemanager_26_0 racoon_26_0 (process (getattr)))
+(allow racoon_26_0 tun_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow racoon_26_0 cgroup_26_0 (dir (create add_name)))
+(allow racoon_26_0 kernel_26_0 (system (module_request)))
+(allow racoon_26_0 self (key_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow racoon_26_0 self (tun_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow racoon_26_0 self (capability (net_bind_service net_admin net_raw)))
+(allow racoon_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow racoon_26_0 vpn_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow racoon_26_0 vpn_data_file_26_0 (dir (write lock add_name remove_name search open)))
+(allow keystore_26_0 racoon_26_0 (dir (search)))
+(allow keystore_26_0 racoon_26_0 (file (read open)))
+(allow keystore_26_0 racoon_26_0 (process (getattr)))
+(allow racoon_26_0 keystore_service_26_0 (service_manager (find)))
+(allow racoon_26_0 keystore_26_0 (binder (call transfer)))
+(allow keystore_26_0 racoon_26_0 (binder (transfer)))
+(allow racoon_26_0 keystore_26_0 (fd (use)))
+(allow racoon_26_0 keystore_26_0 (keystore_key (get sign verify)))
+(allow radio_26_0 radio_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow radio_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow radio_26_0 radio_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow radio_26_0 radio_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow radio_26_0 radio_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow radio_26_0 alarm_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow radio_26_0 net_data_file_26_0 (dir (search)))
+(allow radio_26_0 net_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow radio_26_0 property_socket_26_0 (sock_file (write)))
+(allow radio_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow radio_26_0 radio_prop_26_0 (property_service (set)))
+(allow radio_26_0 radio_prop_26_0 (file (ioctl read getattr lock open)))
+(allow radio_26_0 property_socket_26_0 (sock_file (write)))
+(allow radio_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow radio_26_0 net_radio_prop_26_0 (property_service (set)))
+(allow radio_26_0 net_radio_prop_26_0 (file (ioctl read getattr lock open)))
+(allow radio_26_0 property_socket_26_0 (sock_file (write)))
+(allow radio_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow radio_26_0 ctl_rildaemon_prop_26_0 (property_service (set)))
+(allow radio_26_0 ctl_rildaemon_prop_26_0 (file (ioctl read getattr lock open)))
+(allow radio_26_0 radio_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_160_26_0 radio_service_26_0 (service_manager (add)))
+(neverallow radio_26_0 unlabeled_26_0 (service_manager (add)))
+(allow radio_26_0 audioserver_service_26_0 (service_manager (find)))
+(allow radio_26_0 cameraserver_service_26_0 (service_manager (find)))
+(allow radio_26_0 drmserver_service_26_0 (service_manager (find)))
+(allow radio_26_0 mediaserver_service_26_0 (service_manager (find)))
+(allow radio_26_0 nfc_service_26_0 (service_manager (find)))
+(allow radio_26_0 surfaceflinger_service_26_0 (service_manager (find)))
+(allow radio_26_0 app_api_service (service_manager (find)))
+(allow radio_26_0 system_api_service (service_manager (find)))
+(allow radio_26_0 hwservicemanager_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 radio_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 radio_26_0 (dir (search)))
+(allow hwservicemanager_26_0 radio_26_0 (file (read open)))
+(allow hwservicemanager_26_0 radio_26_0 (process (getattr)))
+(neverallow recovery_26_0 data_file_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow recovery_26_0 data_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(allow recovery_persist_26_0 pstorefs_26_0 (dir (search)))
+(allow recovery_persist_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow recovery_persist_26_0 recovery_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow recovery_persist_26_0 recovery_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(neverallow recovery_persist_26_0 dev_type (blk_file (read write)))
+(neverallow recovery_persist_26_0 domain (process (ptrace)))
+(neverallow recovery_persist_26_0 system_file_26_0 (file (write)))
+(neverallow recovery_persist_26_0 system_file_26_0 (dir (write)))
+(neverallow recovery_persist_26_0 system_file_26_0 (lnk_file (write)))
+(neverallow recovery_persist_26_0 system_file_26_0 (chr_file (write)))
+(neverallow recovery_persist_26_0 system_file_26_0 (blk_file (write)))
+(neverallow recovery_persist_26_0 system_file_26_0 (sock_file (write)))
+(neverallow recovery_persist_26_0 system_file_26_0 (fifo_file (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (file (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (dir (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (lnk_file (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (chr_file (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (blk_file (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (sock_file (write)))
+(neverallow recovery_persist_26_0 system_data_file_26_0 (fifo_file (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (file (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (dir (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (lnk_file (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (chr_file (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (blk_file (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (sock_file (write)))
+(neverallow recovery_persist_26_0 app_data_file_26_0 (fifo_file (write)))
+(allow recovery_refresh_26_0 pstorefs_26_0 (dir (search)))
+(allow recovery_refresh_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(neverallow recovery_refresh_26_0 dev_type (blk_file (read write)))
+(neverallow recovery_refresh_26_0 domain (process (ptrace)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (file (write)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (dir (write)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (lnk_file (write)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (chr_file (write)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (blk_file (write)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (sock_file (write)))
+(neverallow recovery_refresh_26_0 system_file_26_0 (fifo_file (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (file (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (dir (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (lnk_file (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (chr_file (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (blk_file (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (sock_file (write)))
+(neverallow recovery_refresh_26_0 system_data_file_26_0 (fifo_file (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (file (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (dir (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (lnk_file (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (chr_file (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (blk_file (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (sock_file (write)))
+(neverallow recovery_refresh_26_0 app_data_file_26_0 (fifo_file (write)))
+(allowx rild_26_0 self (ioctl udp_socket (0x6900 0x6902)))
+(allowx rild_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx rild_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow rild_26_0 self (netlink_route_socket (nlmsg_write)))
+(allow rild_26_0 kernel_26_0 (system (module_request)))
+(allow rild_26_0 self (capability (setgid setuid setpcap net_admin net_raw)))
+(allow rild_26_0 alarm_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow rild_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow rild_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow rild_26_0 radio_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow rild_26_0 radio_device_26_0 (blk_file (ioctl read getattr lock open)))
+(allow rild_26_0 mtd_device_26_0 (dir (search)))
+(allow rild_26_0 efs_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow rild_26_0 efs_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow rild_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow rild_26_0 bluetooth_efs_file_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 radio_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow rild_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow rild_26_0 sdcard_type (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 system_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 system_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 system_file_26_0 (file (getattr execute execute_no_trans)))
+(allow rild_26_0 property_socket_26_0 (sock_file (write)))
+(allow rild_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow rild_26_0 radio_prop_26_0 (property_service (set)))
+(allow rild_26_0 radio_prop_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow rild_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow rild_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow rild_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow rild_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow rild_26_0 self (capability2 (block_suspend)))
+(allow rild_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow rild_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow rild_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow rild_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow rild_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow rild_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow rild_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow rild_26_0 self (socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow runas_26_0 adbd_26_0 (process (sigchld)))
+(allow runas_26_0 adbd_26_0 (unix_stream_socket (read write)))
+(allow runas_26_0 shell_26_0 (fd (use)))
+(allow runas_26_0 shell_26_0 (fifo_file (read write)))
+(allow runas_26_0 shell_26_0 (unix_stream_socket (read write)))
+(allow runas_26_0 devpts_26_0 (chr_file (ioctl read write)))
+(allow runas_26_0 shell_data_file_26_0 (file (read write)))
+(allow runas_26_0 system_data_file_26_0 (file (ioctl read getattr lock open)))
+(dontaudit runas_26_0 self (capability (dac_override)))
+(allow runas_26_0 app_data_file_26_0 (dir (getattr search)))
+(allow runas_26_0 self (capability (setgid setuid)))
+(allow runas_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow runas_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow runas_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow runas_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow runas_26_0 kernel_26_0 (security (check_context)))
+(allow runas_26_0 self (process (setcurrent)))
+(allow runas_26_0 base_typeattr_161_26_0 (process (dyntransition)))
+(allow runas_26_0 seapp_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(neverallow runas_26_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(neverallow runas_26_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(allow sdcardd_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow sdcardd_26_0 fuse_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow sdcardd_26_0 rootfs_26_0 (dir (mounton)))
+(allow sdcardd_26_0 sdcardfs_26_0 (filesystem (remount)))
+(allow sdcardd_26_0 tmpfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow sdcardd_26_0 mnt_media_rw_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow sdcardd_26_0 storage_file_26_0 (dir (search)))
+(allow sdcardd_26_0 storage_stub_file_26_0 (dir (mounton search)))
+(allow sdcardd_26_0 sdcard_type (filesystem (mount unmount)))
+(allow sdcardd_26_0 self (capability (dac_override setgid setuid sys_admin sys_resource)))
+(allow sdcardd_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow sdcardd_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow sdcardd_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow sdcardd_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow sdcardd_26_0 system_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow sdcardd_26_0 install_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow sdcardd_26_0 vold_26_0 (fd (use)))
+(allow sdcardd_26_0 vold_26_0 (fifo_file (read write getattr)))
+(allow sdcardd_26_0 mnt_expand_file_26_0 (dir (search)))
+(allow sdcardd_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(neverallow init_26_0 sdcardd_exec_26_0 (file (execute)))
+(neverallow init_26_0 sdcardd_26_0 (process (transition dyntransition)))
+(allow servicemanager_26_0 self (binder (set_context_mgr)))
+(allow servicemanager_26_0 base_typeattr_162_26_0 (binder (transfer)))
+(allow servicemanager_26_0 service_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow servicemanager_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow servicemanager_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow servicemanager_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow servicemanager_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow servicemanager_26_0 kernel_26_0 (security (compute_av)))
+(allow servicemanager_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(allow sgdisk_26_0 block_device_26_0 (dir (search)))
+(allow sgdisk_26_0 vold_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow sgdisk_26_0 devpts_26_0 (chr_file (ioctl read write getattr)))
+(allow sgdisk_26_0 vold_26_0 (fd (use)))
+(allow sgdisk_26_0 vold_26_0 (fifo_file (read write getattr)))
+(allow sgdisk_26_0 self (capability (sys_admin)))
+(neverallow base_typeattr_92_26_0 sgdisk_26_0 (process (transition)))
+(neverallow base_typeattr_10_26_0 sgdisk_26_0 (process (dyntransition)))
+(neverallow sgdisk_26_0 base_typeattr_163_26_0 (file (entrypoint)))
+(allow shared_relro_26_0 shared_relro_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow shared_relro_26_0 shared_relro_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow shared_relro_26_0 webviewupdate_service_26_0 (service_manager (find)))
+(allow shell_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow shell_26_0 logdr_socket_26_0 (sock_file (write)))
+(allow shell_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 logd_socket_26_0 (sock_file (write)))
+(allow shell_26_0 logd_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 pstorefs_26_0 (dir (search)))
+(allow shell_26_0 pstorefs_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 anr_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 anr_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 shell_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow shell_26_0 shell_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow shell_26_0 shell_data_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow shell_26_0 shell_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow shell_26_0 profman_dump_data_file_26_0 (dir (write getattr remove_name search)))
+(allow shell_26_0 profman_dump_data_file_26_0 (file (getattr unlink)))
+(allow shell_26_0 nativetest_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 nativetest_data_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow shell_26_0 dumpstate_socket_26_0 (sock_file (write)))
+(allow shell_26_0 dumpstate_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow shell_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow shell_26_0 console_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow shell_26_0 input_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 input_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow shell_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 system_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow shell_26_0 system_file_26_0 (file (getattr execute execute_no_trans)))
+(allow shell_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow shell_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow shell_26_0 zygote_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow shell_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 shell_prop_26_0 (property_service (set)))
+(allow shell_26_0 shell_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 ctl_bugreport_prop_26_0 (property_service (set)))
+(allow shell_26_0 ctl_bugreport_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 ctl_dumpstate_prop_26_0 (property_service (set)))
+(allow shell_26_0 ctl_dumpstate_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 dumpstate_prop_26_0 (property_service (set)))
+(allow shell_26_0 dumpstate_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 debug_prop_26_0 (property_service (set)))
+(allow shell_26_0 debug_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 powerctl_prop_26_0 (property_service (set)))
+(allow shell_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 log_tag_prop_26_0 (property_service (set)))
+(allow shell_26_0 log_tag_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 wifi_log_prop_26_0 (property_service (set)))
+(allow shell_26_0 wifi_log_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 log_prop_26_0 (property_service (set)))
+(allow shell_26_0 log_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 logpersistd_logging_prop_26_0 (property_service (set)))
+(allow shell_26_0 logpersistd_logging_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 boottrace_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow shell_26_0 boottrace_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow shell_26_0 property_socket_26_0 (sock_file (write)))
+(allow shell_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow shell_26_0 persist_debug_prop_26_0 (property_service (set)))
+(allow shell_26_0 persist_debug_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 serialno_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 device_logging_prop_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 servicemanager_26_0 (service_manager (list)))
+(allow shell_26_0 base_typeattr_164_26_0 (service_manager (find)))
+(allow shell_26_0 dumpstate_26_0 (binder (call)))
+(allow shell_26_0 hwservicemanager_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 shell_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 shell_26_0 (dir (search)))
+(allow hwservicemanager_26_0 shell_26_0 (file (read open)))
+(allow hwservicemanager_26_0 shell_26_0 (process (getattr)))
+(allow shell_26_0 hwservicemanager_26_0 (hwservice_manager (list)))
+(allow shell_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_interrupts_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_stat_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_timer_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 cgroup_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow shell_26_0 domain (dir (read getattr search open)))
+(allow shell_26_0 domain (file (read getattr open)))
+(allow shell_26_0 domain (lnk_file (read getattr open)))
+(allow shell_26_0 labeledfs_26_0 (filesystem (getattr)))
+(allow shell_26_0 proc_26_0 (filesystem (getattr)))
+(allow shell_26_0 device_26_0 (dir (getattr)))
+(allow shell_26_0 domain (process (getattr)))
+(allow shell_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 bootchart_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow shell_26_0 bootchart_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow shell_26_0 self (process (ptrace)))
+(allow shell_26_0 sysfs_batteryinfo_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 sysfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow shell_26_0 dev_type (dir (ioctl read getattr lock search open)))
+(allow shell_26_0 dev_type (chr_file (getattr)))
+(allow shell_26_0 proc_26_0 (lnk_file (getattr)))
+(allow shell_26_0 dev_type (blk_file (getattr)))
+(allow shell_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 property_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 seapp_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 service_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow shell_26_0 sepolicy_file_26_0 (file (ioctl read getattr lock open)))
+(neverallow shell_26_0 file_type (file (link)))
+(neverallowx shell_26_0 domain (ioctl tcp_socket (0x6900 0x6902)))
+(neverallowx shell_26_0 domain (ioctl udp_socket (0x6900 0x6902)))
+(neverallowx shell_26_0 domain (ioctl rawip_socket (0x6900 0x6902)))
+(neverallowx shell_26_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx shell_26_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx shell_26_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(neverallowx shell_26_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx shell_26_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallowx shell_26_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(neverallow shell_26_0 hw_random_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_26_0 kmem_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_26_0 port_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_26_0 fuse_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow shell_26_0 dev_type (blk_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(allow slideshow_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow slideshow_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow slideshow_26_0 self (capability2 (block_suspend)))
+(allow slideshow_26_0 device_26_0 (dir (ioctl read getattr lock search open)))
+(allow slideshow_26_0 self (capability (sys_tty_config)))
+(allow slideshow_26_0 graphics_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow slideshow_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow slideshow_26_0 input_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow slideshow_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow slideshow_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow su_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow su_26_0 vndservicemanager_26_0 (binder (call transfer)))
+(allow vndservicemanager_26_0 su_26_0 (dir (search)))
+(allow vndservicemanager_26_0 su_26_0 (file (read open)))
+(allow vndservicemanager_26_0 su_26_0 (process (getattr)))
+(dontaudit su_26_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
+(dontaudit su_26_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
+(dontaudit su_26_0 kernel_26_0 (security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy)))
+(dontaudit su_26_0 kernel_26_0 (system (ipc_info syslog_read syslog_mod syslog_console module_request module_load)))
+(dontaudit su_26_0 self (memprotect (mmap_zero)))
+(dontaudit su_26_0 domain (process (fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate)))
+(dontaudit su_26_0 domain (fd (use)))
+(dontaudit su_26_0 domain (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_26_0 domain (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 domain (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 domain (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_26_0 domain (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_26_0 domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_26_0 domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_26_0 domain (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(dontaudit su_26_0 domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(dontaudit su_26_0 domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 domain (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 domain (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 domain (sem (create destroy getattr setattr read write associate unix_read unix_write)))
+(dontaudit su_26_0 domain (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
+(dontaudit su_26_0 domain (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
+(dontaudit su_26_0 domain (ipc (create destroy getattr setattr read write associate unix_read unix_write)))
+(dontaudit su_26_0 domain (key (view read write search link setattr create)))
+(dontaudit su_26_0 fs_type (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget)))
+(dontaudit su_26_0 dev_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 dev_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_26_0 dev_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 dev_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 dev_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 dev_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 dev_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 fs_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 fs_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_26_0 fs_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 fs_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 fs_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 fs_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 fs_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(dontaudit su_26_0 file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 file_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 file_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(dontaudit su_26_0 node_type (node (recvfrom sendto)))
+(dontaudit su_26_0 node_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_26_0 node_type (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 node_type (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 netif_type (netif (ingress egress)))
+(dontaudit su_26_0 port_type (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_26_0 port_type (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 port_type (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 port_type (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(dontaudit su_26_0 port_type (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_26_0 port_type (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_26_0 port_type (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
+(dontaudit su_26_0 port_type (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
+(dontaudit su_26_0 port_type (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
+(dontaudit su_26_0 port_type (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 port_type (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(dontaudit su_26_0 port_type (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(dontaudit su_26_0 port_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_26_0 port_type (dccp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(dontaudit su_26_0 domain (peer (recv)))
+(dontaudit su_26_0 domain (binder (impersonate call set_context_mgr transfer)))
+(dontaudit su_26_0 property_type (property_service (set)))
+(dontaudit su_26_0 property_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(dontaudit su_26_0 service_manager_type (service_manager (add find list)))
+(dontaudit su_26_0 hwservice_manager_type (hwservice_manager (add find list)))
+(dontaudit su_26_0 vndservice_manager_type (service_manager (add find list)))
+(dontaudit su_26_0 servicemanager_26_0 (service_manager (list)))
+(dontaudit su_26_0 hwservicemanager_26_0 (hwservice_manager (list)))
+(dontaudit su_26_0 vndservicemanager_26_0 (service_manager (list)))
+(dontaudit su_26_0 keystore_26_0 (keystore_key (get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid add_auth user_changed gen_unique_id)))
+(dontaudit su_26_0 domain (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread)))
+(dontaudit su_26_0 unlabeled_26_0 (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget)))
+(dontaudit su_26_0 postinstall_file_26_0 (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget)))
+(allow tombstoned_26_0 domain (fd (use)))
+(allow tombstoned_26_0 domain (fifo_file (write)))
+(allow tombstoned_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow tombstoned_26_0 domain (file (ioctl read getattr lock open)))
+(allow tombstoned_26_0 tombstone_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow tombstoned_26_0 tombstone_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow tombstoned_26_0 anr_data_file_26_0 (file (getattr append)))
+(allow tombstoned_26_0 anr_data_file_26_0 (file (write)))
+(auditallow tombstoned_26_0 anr_data_file_26_0 (file (write)))
+(allow toolbox_26_0 tmpfs_26_0 (chr_file (ioctl read write)))
+(allow toolbox_26_0 devpts_26_0 (chr_file (ioctl read write getattr)))
+(allow toolbox_26_0 block_device_26_0 (dir (search)))
+(allow toolbox_26_0 swap_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(neverallow base_typeattr_5_26_0 toolbox_26_0 (process (transition)))
+(neverallow base_typeattr_10_26_0 toolbox_26_0 (process (dyntransition)))
+(neverallow toolbox_26_0 base_typeattr_165_26_0 (file (entrypoint)))
+(allow tzdatacheck_26_0 zoneinfo_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow tzdatacheck_26_0 zoneinfo_data_file_26_0 (file (unlink)))
+(allow ueventd_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow ueventd_26_0 self (capability (chown dac_override fowner fsetid setgid net_admin sys_rawio mknod)))
+(allow ueventd_26_0 device_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow ueventd_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow ueventd_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow ueventd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow ueventd_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow ueventd_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow ueventd_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow ueventd_26_0 sysfs_26_0 (file (write lock append open)))
+(allow ueventd_26_0 sysfs_usb_26_0 (file (write lock append open)))
+(allow ueventd_26_0 sysfs_hwrandom_26_0 (file (write lock append open)))
+(allow ueventd_26_0 sysfs_zram_uevent_26_0 (file (write lock append open)))
+(allow ueventd_26_0 sysfs_type (file (getattr setattr relabelfrom relabelto)))
+(allow ueventd_26_0 sysfs_type (lnk_file (getattr setattr relabelfrom relabelto)))
+(allow ueventd_26_0 sysfs_type (dir (ioctl read getattr setattr lock relabelfrom relabelto search open)))
+(allow ueventd_26_0 sysfs_devices_system_cpu_26_0 (file (ioctl read write getattr lock append open)))
+(allow ueventd_26_0 tmpfs_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow ueventd_26_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow ueventd_26_0 dev_type (lnk_file (create unlink)))
+(allow ueventd_26_0 dev_type (chr_file (create getattr setattr unlink)))
+(allow ueventd_26_0 dev_type (blk_file (create getattr setattr relabelfrom relabelto unlink)))
+(allow ueventd_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow ueventd_26_0 efs_file_26_0 (dir (search)))
+(allow ueventd_26_0 efs_file_26_0 (file (ioctl read getattr lock open)))
+(allow ueventd_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow ueventd_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow ueventd_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow ueventd_26_0 vendor_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow ueventd_26_0 vendor_file_26_0 (file (ioctl read getattr lock open)))
+(allow ueventd_26_0 vendor_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow ueventd_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow ueventd_26_0 self (process (setfscreate)))
+(neverallow ueventd_26_0 property_socket_26_0 (sock_file (write)))
+(neverallow ueventd_26_0 init_26_0 (unix_stream_socket (connectto)))
+(neverallow ueventd_26_0 property_type (property_service (set)))
+(neverallow ueventd_26_0 dev_type (blk_file (ioctl read write lock append link rename execute quotaon mounton open audit_access execmod)))
+(neverallow ueventd_26_0 kmem_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow ueventd_26_0 port_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(allow uncrypt_26_0 self (capability (dac_override)))
+(allow uncrypt_26_0 app_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_26_0 app_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 app_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 shell_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_26_0 shell_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 shell_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 cache_recovery_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow uncrypt_26_0 cache_recovery_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow uncrypt_26_0 ota_package_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_26_0 ota_package_file_26_0 (file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 uncrypt_socket_26_0 (sock_file (write)))
+(allow uncrypt_26_0 uncrypt_26_0 (unix_stream_socket (connectto)))
+(allow uncrypt_26_0 property_socket_26_0 (sock_file (write)))
+(allow uncrypt_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow uncrypt_26_0 powerctl_prop_26_0 (property_service (set)))
+(allow uncrypt_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 self (capability (sys_rawio)))
+(allow uncrypt_26_0 misc_block_device_26_0 (blk_file (write lock append open)))
+(allow uncrypt_26_0 block_device_26_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_26_0 userdata_block_device_26_0 (blk_file (write lock append open)))
+(allow uncrypt_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow uncrypt_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow uncrypt_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow update_engine_26_0 qtaguid_proc_26_0 (file (ioctl read write getattr lock append open)))
+(allow update_engine_26_0 qtaguid_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow update_engine_26_0 self (process (setsched)))
+(allow update_engine_26_0 self (capability (fowner sys_admin)))
+(allow update_engine_26_0 kmsg_device_26_0 (chr_file (write lock append open)))
+(allow update_engine_26_0 update_engine_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow update_engine_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow update_engine_26_0 self (capability2 (block_suspend)))
+(dontaudit update_engine_26_0 kernel_26_0 (process (setsched)))
+(allow update_engine_26_0 update_engine_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow update_engine_26_0 update_engine_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(dontaudit update_engine_26_0 kernel_26_0 (system (module_request)))
+(allow update_engine_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 update_engine_26_0 (dir (search)))
+(allow servicemanager_26_0 update_engine_26_0 (file (read open)))
+(allow servicemanager_26_0 update_engine_26_0 (process (getattr)))
+(allow update_engine_26_0 update_engine_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_166_26_0 update_engine_service_26_0 (service_manager (add)))
+(neverallow update_engine_26_0 unlabeled_26_0 (service_manager (add)))
+(allow update_engine_26_0 priv_app_26_0 (binder (call transfer)))
+(allow priv_app_26_0 update_engine_26_0 (binder (transfer)))
+(allow update_engine_26_0 priv_app_26_0 (fd (use)))
+(allow update_engine_26_0 ota_package_file_26_0 (file (ioctl read getattr lock open)))
+(allow update_engine_26_0 ota_package_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_common block_device_26_0 (dir (search)))
+(allow update_engine_common boot_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow update_engine_common system_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow update_engine_common misc_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow update_engine_common postinstall_mnt_dir_26_0 (dir (mounton)))
+(allow update_engine_common postinstall_file_26_0 (filesystem (mount unmount relabelfrom relabelto)))
+(allow update_engine_common labeledfs_26_0 (filesystem (relabelfrom)))
+(allow update_engine_common postinstall_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow update_engine_common postinstall_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow update_engine_common postinstall_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow update_engine_common shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow update_engine_common postinstall_26_0 (process (sigkill sigstop signal)))
+(allow update_engine_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow update_engine_26_0 proc_misc_26_0 (file (ioctl read getattr lock open)))
+(allow update_engine_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow update_verifier_26_0 block_device_26_0 (dir (search)))
+(allow update_verifier_26_0 ota_package_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow update_verifier_26_0 ota_package_file_26_0 (file (ioctl read getattr lock open)))
+(allow update_verifier_26_0 dm_device_26_0 (blk_file (ioctl read getattr lock open)))
+(allow update_verifier_26_0 property_socket_26_0 (sock_file (write)))
+(allow update_verifier_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow update_verifier_26_0 powerctl_prop_26_0 (property_service (set)))
+(allow update_verifier_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open)))
+(allow vdc_26_0 vold_socket_26_0 (sock_file (write)))
+(allow vdc_26_0 vold_26_0 (unix_stream_socket (connectto)))
+(allow vdc_26_0 dumpstate_26_0 (fd (use)))
+(allow vdc_26_0 dumpstate_26_0 (unix_stream_socket (read write getattr)))
+(allow vdc_26_0 shell_data_file_26_0 (file (write getattr)))
+(allow vdc_26_0 dumpstate_26_0 (unix_dgram_socket (read write)))
+(allow vdc_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vdc_26_0 kmsg_device_26_0 (chr_file (write lock append open)))
+(neverallow base_typeattr_167_26_0 vendor_toolbox_exec_26_0 (file (execute execute_no_trans entrypoint)))
+(allow virtual_touchpad_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 virtual_touchpad_26_0 (dir (search)))
+(allow servicemanager_26_0 virtual_touchpad_26_0 (file (read open)))
+(allow servicemanager_26_0 virtual_touchpad_26_0 (process (getattr)))
+(allow virtual_touchpad_26_0 virtual_touchpad_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_168_26_0 virtual_touchpad_service_26_0 (service_manager (add)))
+(neverallow virtual_touchpad_26_0 unlabeled_26_0 (service_manager (add)))
+(allow virtual_touchpad_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 virtual_touchpad_26_0 (binder (transfer)))
+(allow virtual_touchpad_26_0 system_server_26_0 (fd (use)))
+(allow virtual_touchpad_26_0 uhid_device_26_0 (chr_file (ioctl write lock append open)))
+(allow virtual_touchpad_26_0 permission_service_26_0 (service_manager (find)))
+(allow vold_26_0 cache_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow vold_26_0 cache_file_26_0 (file (read getattr)))
+(allow vold_26_0 cache_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow vold_26_0 proc_26_0 (dir (ioctl read getattr lock search open)))
+(allow vold_26_0 proc_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow vold_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow vold_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow vold_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow vold_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow vold_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow vold_26_0 sysfs_26_0 (file (write lock append open)))
+(allow vold_26_0 sysfs_usb_26_0 (file (write lock append open)))
+(allow vold_26_0 sysfs_zram_uevent_26_0 (file (write lock append open)))
+(allow vold_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow vold_26_0 rootfs_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow vold_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 self (process (setexec)))
+(allow vold_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow vold_26_0 self (process (setfscreate)))
+(allow vold_26_0 system_file_26_0 (file (getattr execute execute_no_trans)))
+(allow vold_26_0 block_device_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 device_26_0 (dir (write)))
+(allow vold_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 rootfs_26_0 (dir (mounton)))
+(allow vold_26_0 sdcard_type (dir (mounton)))
+(allow vold_26_0 sdcard_type (filesystem (mount remount unmount)))
+(allow vold_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 mnt_media_rw_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 storage_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 mnt_media_rw_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 storage_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 mnt_media_rw_stub_file_26_0 (dir (create getattr setattr mounton rmdir)))
+(allow vold_26_0 storage_stub_file_26_0 (dir (create getattr setattr mounton rmdir)))
+(allow vold_26_0 mnt_user_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 mnt_user_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 mnt_expand_file_26_0 (dir (ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 apk_data_file_26_0 (dir (create getattr setattr)))
+(allow vold_26_0 shell_data_file_26_0 (dir (create getattr setattr)))
+(allow vold_26_0 tmpfs_26_0 (filesystem (mount unmount)))
+(allow vold_26_0 tmpfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 tmpfs_26_0 (dir (mounton)))
+(allow vold_26_0 self (capability (chown dac_override fowner fsetid net_admin sys_admin mknod)))
+(allow vold_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow vold_26_0 app_data_file_26_0 (dir (search)))
+(allow vold_26_0 app_data_file_26_0 (file (ioctl read write getattr lock append open)))
+(allow vold_26_0 loop_control_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 loop_device_26_0 (blk_file (ioctl read write create getattr setattr lock append unlink open)))
+(allow vold_26_0 vold_device_26_0 (blk_file (ioctl read write create getattr setattr lock append unlink open)))
+(allow vold_26_0 dm_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 dm_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 domain (dir (ioctl read getattr lock search open)))
+(allow vold_26_0 domain (file (ioctl read getattr lock open)))
+(allow vold_26_0 domain (lnk_file (ioctl read getattr lock open)))
+(allow vold_26_0 domain (process (sigkill signal)))
+(allow vold_26_0 self (capability (kill sys_ptrace)))
+(allow vold_26_0 sysfs_26_0 (file (ioctl read write getattr lock append open)))
+(allow vold_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 fsck_exec_26_0 (file (ioctl read getattr lock execute open)))
+(allow vold_26_0 fscklogs_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow vold_26_0 fscklogs_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 labeledfs_26_0 (filesystem (mount unmount)))
+(allow vold_26_0 efs_file_26_0 (file (ioctl read write getattr lock append open)))
+(allow vold_26_0 system_data_file_26_0 (dir (ioctl read write create getattr setattr lock mounton add_name remove_name search rmdir open)))
+(allow vold_26_0 kernel_26_0 (process (setsched)))
+(allow vold_26_0 property_socket_26_0 (sock_file (write)))
+(allow vold_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow vold_26_0 vold_prop_26_0 (property_service (set)))
+(allow vold_26_0 vold_prop_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 property_socket_26_0 (sock_file (write)))
+(allow vold_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow vold_26_0 powerctl_prop_26_0 (property_service (set)))
+(allow vold_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 property_socket_26_0 (sock_file (write)))
+(allow vold_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow vold_26_0 ctl_fuse_prop_26_0 (property_service (set)))
+(allow vold_26_0 ctl_fuse_prop_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 property_socket_26_0 (sock_file (write)))
+(allow vold_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow vold_26_0 restorecon_prop_26_0 (property_service (set)))
+(allow vold_26_0 restorecon_prop_26_0 (file (ioctl read getattr lock open)))
+(allow vold_26_0 asec_image_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 asec_image_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow vold_26_0 asec_apk_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename mounton add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 asec_public_file_26_0 (dir (setattr relabelto)))
+(allow vold_26_0 asec_apk_file_26_0 (file (ioctl read getattr setattr lock relabelfrom relabelto open)))
+(allow vold_26_0 asec_public_file_26_0 (file (setattr relabelto)))
+(allow vold_26_0 unlabeled_26_0 (dir (ioctl read getattr setattr lock relabelfrom search open)))
+(allow vold_26_0 unlabeled_26_0 (file (ioctl read getattr setattr lock relabelfrom open)))
+(allow vold_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open)))
+(allow vold_26_0 self (capability2 (block_suspend)))
+(allow vold_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 vold_26_0 (dir (search)))
+(allow servicemanager_26_0 vold_26_0 (file (read open)))
+(allow servicemanager_26_0 vold_26_0 (process (getattr)))
+(allow vold_26_0 healthd_26_0 (binder (call transfer)))
+(allow healthd_26_0 vold_26_0 (binder (transfer)))
+(allow vold_26_0 healthd_26_0 (fd (use)))
+(allow vold_26_0 userdata_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 metadata_block_device_26_0 (blk_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 unencrypted_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 unencrypted_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 proc_drop_caches_26_0 (file (write lock append open)))
+(allow vold_26_0 vold_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 vold_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow vold_26_0 init_26_0 (key (write search setattr)))
+(allow vold_26_0 vold_26_0 (key (write search setattr)))
+(allow vold_26_0 self (capability (sys_nice)))
+(allow vold_26_0 self (capability (sys_chroot)))
+(allow vold_26_0 storage_file_26_0 (dir (mounton)))
+(allow vold_26_0 fuse_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vold_26_0 fuse_26_0 (filesystem (relabelfrom)))
+(allow vold_26_0 app_fusefs_26_0 (filesystem (relabelfrom relabelto)))
+(allow vold_26_0 app_fusefs_26_0 (filesystem (mount unmount)))
+(allow vold_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open)))
+(allow vold_26_0 user_profile_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow vold_26_0 misc_block_device_26_0 (blk_file (write lock append open)))
+(neverallow base_typeattr_92_26_0 vold_data_file_26_0 (dir (write lock relabelfrom append unlink link rename execute quotaon mounton add_name remove_name reparent rmdir audit_access execmod)))
+(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (sock_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (fifo_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_90_26_0 vold_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod)))
+(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access)))
+(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod)))
+(neverallow base_typeattr_90_26_0 restorecon_prop_26_0 (property_service (set)))
+(neverallow vold_26_0 fsck_exec_26_0 (file (execute_no_trans)))
+(allow vr_hwc_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 vr_hwc_26_0 (dir (search)))
+(allow servicemanager_26_0 vr_hwc_26_0 (file (read open)))
+(allow servicemanager_26_0 vr_hwc_26_0 (process (getattr)))
+(allow vr_hwc_26_0 surfaceflinger_26_0 (binder (call transfer)))
+(allow surfaceflinger_26_0 vr_hwc_26_0 (binder (transfer)))
+(allow vr_hwc_26_0 surfaceflinger_26_0 (fd (use)))
+(allow vr_hwc_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 vr_hwc_26_0 (binder (transfer)))
+(allow vr_hwc_26_0 system_server_26_0 (fd (use)))
+(allow vr_hwc_26_0 vr_hwc_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_171_26_0 vr_hwc_service_26_0 (service_manager (add)))
+(neverallow vr_hwc_26_0 unlabeled_26_0 (service_manager (add)))
+(allow vr_hwc_26_0 hwservicemanager_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 vr_hwc_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 vr_hwc_26_0 (dir (search)))
+(allow hwservicemanager_26_0 vr_hwc_26_0 (file (read open)))
+(allow hwservicemanager_26_0 vr_hwc_26_0 (process (getattr)))
+(allow vr_hwc_26_0 system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow vr_hwc_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow vr_hwc_26_0 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock search open)))
+(allow vr_hwc_26_0 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append open)))
+(allow vr_hwc_26_0 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto)))
+(allow vr_hwc_26_0 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown)))
+(allow vr_hwc_26_0 pdx_display_client_server_type (fd (use)))
+(allow pdx_display_client_server_type vr_hwc_26_0 (fd (use)))
+(allow vr_hwc_26_0 permission_service_26_0 (service_manager (find)))
+(allow watchdogd_26_0 watchdog_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow watchdogd_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow wificond_26_0 servicemanager_26_0 (binder (call transfer)))
+(allow servicemanager_26_0 wificond_26_0 (dir (search)))
+(allow servicemanager_26_0 wificond_26_0 (file (read open)))
+(allow servicemanager_26_0 wificond_26_0 (process (getattr)))
+(allow wificond_26_0 system_server_26_0 (binder (call transfer)))
+(allow system_server_26_0 wificond_26_0 (binder (transfer)))
+(allow wificond_26_0 system_server_26_0 (fd (use)))
+(allow wificond_26_0 wificond_service_26_0 (service_manager (add find)))
+(neverallow base_typeattr_172_26_0 wificond_service_26_0 (service_manager (add)))
+(neverallow wificond_26_0 unlabeled_26_0 (service_manager (add)))
+(allow wificond_26_0 property_socket_26_0 (sock_file (write)))
+(allow wificond_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow wificond_26_0 wifi_prop_26_0 (property_service (set)))
+(allow wificond_26_0 wifi_prop_26_0 (file (ioctl read getattr lock open)))
+(allow wificond_26_0 property_socket_26_0 (sock_file (write)))
+(allow wificond_26_0 init_26_0 (unix_stream_socket (connectto)))
+(allow wificond_26_0 ctl_default_prop_26_0 (property_service (set)))
+(allow wificond_26_0 ctl_default_prop_26_0 (file (ioctl read getattr lock open)))
+(allow wificond_26_0 self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allowx wificond_26_0 self (ioctl udp_socket (0x8914)))
+(allow wificond_26_0 self (capability (net_admin net_raw)))
+(allow wificond_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow wificond_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow wificond_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open)))
+(allow wificond_26_0 proc_net_26_0 (file (ioctl read getattr lock open)))
+(allow wificond_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow wificond_26_0 wifi_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow wificond_26_0 wifi_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow wificond_26_0 permission_service_26_0 (service_manager (find)))
+(allow wificond_26_0 dumpstate_26_0 (fd (use)))
+(allow wificond_26_0 dumpstate_26_0 (fifo_file (write)))
+(allow init_26_0 hal_audio_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_audio_default (process (transition)))
+(allow hal_audio_default hal_audio_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_audio_default (process (noatsecure)))
+(allow init_26_0 hal_audio_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_audio_default_exec process hal_audio_default)
+(typetransition hal_audio_default tmpfs_26_0 file hal_audio_default_tmpfs)
+(allow hal_audio_default hal_audio_default_tmpfs (file (read write getattr)))
+(allow hal_audio_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_bluetooth_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_bluetooth_default (process (transition)))
+(allow hal_bluetooth_default hal_bluetooth_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_bluetooth_default (process (noatsecure)))
+(allow init_26_0 hal_bluetooth_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_bluetooth_default_exec process hal_bluetooth_default)
+(typetransition hal_bluetooth_default tmpfs_26_0 file hal_bluetooth_default_tmpfs)
+(allow hal_bluetooth_default hal_bluetooth_default_tmpfs (file (read write getattr)))
+(allow hal_bluetooth_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_bootctl_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_bootctl_default (process (transition)))
+(allow hal_bootctl_default hal_bootctl_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_bootctl_default (process (noatsecure)))
+(allow init_26_0 hal_bootctl_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_bootctl_default_exec process hal_bootctl_default)
+(typetransition hal_bootctl_default tmpfs_26_0 file hal_bootctl_default_tmpfs)
+(allow hal_bootctl_default hal_bootctl_default_tmpfs (file (read write getattr)))
+(allow hal_bootctl_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_camera_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_camera_default (process (transition)))
+(allow hal_camera_default hal_camera_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_camera_default (process (noatsecure)))
+(allow init_26_0 hal_camera_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_camera_default_exec process hal_camera_default)
+(typetransition hal_camera_default tmpfs_26_0 file hal_camera_default_tmpfs)
+(allow hal_camera_default hal_camera_default_tmpfs (file (read write getattr)))
+(allow hal_camera_default tmpfs_26_0 (dir (getattr search)))
+(allow hal_camera_default fwk_sensor_hwservice_26_0 (hwservice_manager (find)))
+(allow init_26_0 hal_configstore_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_configstore_default (process (transition)))
+(allow hal_configstore_default hal_configstore_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_configstore_default (process (noatsecure)))
+(allow init_26_0 hal_configstore_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_configstore_default_exec process hal_configstore_default)
+(typetransition hal_configstore_default tmpfs_26_0 file hal_configstore_default_tmpfs)
+(allow hal_configstore_default hal_configstore_default_tmpfs (file (read write getattr)))
+(allow hal_configstore_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_contexthub_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_contexthub_default (process (transition)))
+(allow hal_contexthub_default hal_contexthub_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_contexthub_default (process (noatsecure)))
+(allow init_26_0 hal_contexthub_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_contexthub_default_exec process hal_contexthub_default)
+(typetransition hal_contexthub_default tmpfs_26_0 file hal_contexthub_default_tmpfs)
+(allow hal_contexthub_default hal_contexthub_default_tmpfs (file (read write getattr)))
+(allow hal_contexthub_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_drm_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_drm_default (process (transition)))
+(allow hal_drm_default hal_drm_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_drm_default (process (noatsecure)))
+(allow init_26_0 hal_drm_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_drm_default_exec process hal_drm_default)
+(typetransition hal_drm_default tmpfs_26_0 file hal_drm_default_tmpfs)
+(allow hal_drm_default hal_drm_default_tmpfs (file (read write getattr)))
+(allow hal_drm_default tmpfs_26_0 (dir (getattr search)))
+(allow hal_drm_default mediacodec_26_0 (fd (use)))
+(allow hal_drm_default base_typeattr_100_26_0 (fd (use)))
+(allow init_26_0 hal_dumpstate_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_dumpstate_default (process (transition)))
+(allow hal_dumpstate_default hal_dumpstate_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_dumpstate_default (process (noatsecure)))
+(allow init_26_0 hal_dumpstate_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_dumpstate_default_exec process hal_dumpstate_default)
+(typetransition hal_dumpstate_default tmpfs_26_0 file hal_dumpstate_default_tmpfs)
+(allow hal_dumpstate_default hal_dumpstate_default_tmpfs (file (read write getattr)))
+(allow hal_dumpstate_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_fingerprint_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_fingerprint_default (process (transition)))
+(allow hal_fingerprint_default hal_fingerprint_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_fingerprint_default (process (noatsecure)))
+(allow init_26_0 hal_fingerprint_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_fingerprint_default_exec process hal_fingerprint_default)
+(typetransition hal_fingerprint_default tmpfs_26_0 file hal_fingerprint_default_tmpfs)
+(allow hal_fingerprint_default hal_fingerprint_default_tmpfs (file (read write getattr)))
+(allow hal_fingerprint_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_gatekeeper_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_gatekeeper_default (process (transition)))
+(allow hal_gatekeeper_default hal_gatekeeper_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_gatekeeper_default (process (noatsecure)))
+(allow init_26_0 hal_gatekeeper_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_gatekeeper_default_exec process hal_gatekeeper_default)
+(typetransition hal_gatekeeper_default tmpfs_26_0 file hal_gatekeeper_default_tmpfs)
+(allow hal_gatekeeper_default hal_gatekeeper_default_tmpfs (file (read write getattr)))
+(allow hal_gatekeeper_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_gnss_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_gnss_default (process (transition)))
+(allow hal_gnss_default hal_gnss_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_gnss_default (process (noatsecure)))
+(allow init_26_0 hal_gnss_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_gnss_default_exec process hal_gnss_default)
+(typetransition hal_gnss_default tmpfs_26_0 file hal_gnss_default_tmpfs)
+(allow hal_gnss_default hal_gnss_default_tmpfs (file (read write getattr)))
+(allow hal_gnss_default tmpfs_26_0 (dir (getattr search)))
+(allow hal_gnss system_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow hal_gnss system_file_26_0 (file (ioctl read getattr lock open)))
+(allow hal_gnss system_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 hal_graphics_allocator_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_graphics_allocator_default (process (transition)))
+(allow hal_graphics_allocator_default hal_graphics_allocator_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_graphics_allocator_default (process (noatsecure)))
+(allow init_26_0 hal_graphics_allocator_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_graphics_allocator_default_exec process hal_graphics_allocator_default)
+(typetransition hal_graphics_allocator_default tmpfs_26_0 file hal_graphics_allocator_default_tmpfs)
+(allow hal_graphics_allocator_default hal_graphics_allocator_default_tmpfs (file (read write getattr)))
+(allow hal_graphics_allocator_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_graphics_composer_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_graphics_composer_default (process (transition)))
+(allow hal_graphics_composer_default hal_graphics_composer_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_graphics_composer_default (process (noatsecure)))
+(allow init_26_0 hal_graphics_composer_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_graphics_composer_default_exec process hal_graphics_composer_default)
+(typetransition hal_graphics_composer_default tmpfs_26_0 file hal_graphics_composer_default_tmpfs)
+(allow hal_graphics_composer_default hal_graphics_composer_default_tmpfs (file (read write getattr)))
+(allow hal_graphics_composer_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_health_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_health_default (process (transition)))
+(allow hal_health_default hal_health_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_health_default (process (noatsecure)))
+(allow init_26_0 hal_health_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_health_default_exec process hal_health_default)
+(typetransition hal_health_default tmpfs_26_0 file hal_health_default_tmpfs)
+(allow hal_health_default hal_health_default_tmpfs (file (read write getattr)))
+(allow hal_health_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_ir_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_ir_default (process (transition)))
+(allow hal_ir_default hal_ir_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_ir_default (process (noatsecure)))
+(allow init_26_0 hal_ir_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_ir_default_exec process hal_ir_default)
+(typetransition hal_ir_default tmpfs_26_0 file hal_ir_default_tmpfs)
+(allow hal_ir_default hal_ir_default_tmpfs (file (read write getattr)))
+(allow hal_ir_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_keymaster_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_keymaster_default (process (transition)))
+(allow hal_keymaster_default hal_keymaster_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_keymaster_default (process (noatsecure)))
+(allow init_26_0 hal_keymaster_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_keymaster_default_exec process hal_keymaster_default)
+(typetransition hal_keymaster_default tmpfs_26_0 file hal_keymaster_default_tmpfs)
+(allow hal_keymaster_default hal_keymaster_default_tmpfs (file (read write getattr)))
+(allow hal_keymaster_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_light_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_light_default (process (transition)))
+(allow hal_light_default hal_light_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_light_default (process (noatsecure)))
+(allow init_26_0 hal_light_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_light_default_exec process hal_light_default)
+(typetransition hal_light_default tmpfs_26_0 file hal_light_default_tmpfs)
+(allow hal_light_default hal_light_default_tmpfs (file (read write getattr)))
+(allow hal_light_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_memtrack_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_memtrack_default (process (transition)))
+(allow hal_memtrack_default hal_memtrack_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_memtrack_default (process (noatsecure)))
+(allow init_26_0 hal_memtrack_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_memtrack_default_exec process hal_memtrack_default)
+(typetransition hal_memtrack_default tmpfs_26_0 file hal_memtrack_default_tmpfs)
+(allow hal_memtrack_default hal_memtrack_default_tmpfs (file (read write getattr)))
+(allow hal_memtrack_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_nfc_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_nfc_default (process (transition)))
+(allow hal_nfc_default hal_nfc_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_nfc_default (process (noatsecure)))
+(allow init_26_0 hal_nfc_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_nfc_default_exec process hal_nfc_default)
+(typetransition hal_nfc_default tmpfs_26_0 file hal_nfc_default_tmpfs)
+(allow hal_nfc_default hal_nfc_default_tmpfs (file (read write getattr)))
+(allow hal_nfc_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 mediacodec_exec_26_0 (file (read getattr execute open)))
+(allow init_26_0 mediacodec_26_0 (process (transition)))
+(allow mediacodec_26_0 mediacodec_exec_26_0 (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 mediacodec_26_0 (process (noatsecure)))
+(allow init_26_0 mediacodec_26_0 (process (siginh rlimitinh)))
+(typetransition init_26_0 mediacodec_exec_26_0 process mediacodec)
+(typetransition mediacodec_26_0 tmpfs_26_0 file mediacodec_tmpfs)
+(allow mediacodec_26_0 mediacodec_tmpfs (file (read write getattr)))
+(allow mediacodec_26_0 tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_power_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_power_default (process (transition)))
+(allow hal_power_default hal_power_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_power_default (process (noatsecure)))
+(allow init_26_0 hal_power_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_power_default_exec process hal_power_default)
+(typetransition hal_power_default tmpfs_26_0 file hal_power_default_tmpfs)
+(allow hal_power_default hal_power_default_tmpfs (file (read write getattr)))
+(allow hal_power_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_sensors_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_sensors_default (process (transition)))
+(allow hal_sensors_default hal_sensors_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_sensors_default (process (noatsecure)))
+(allow init_26_0 hal_sensors_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_sensors_default_exec process hal_sensors_default)
+(typetransition hal_sensors_default tmpfs_26_0 file hal_sensors_default_tmpfs)
+(allow hal_sensors_default hal_sensors_default_tmpfs (file (read write getattr)))
+(allow hal_sensors_default tmpfs_26_0 (dir (getattr search)))
+(allow hal_sensors_default fwk_scheduler_hwservice_26_0 (hwservice_manager (find)))
+(allow init_26_0 hal_thermal_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_thermal_default (process (transition)))
+(allow hal_thermal_default hal_thermal_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_thermal_default (process (noatsecure)))
+(allow init_26_0 hal_thermal_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_thermal_default_exec process hal_thermal_default)
+(typetransition hal_thermal_default tmpfs_26_0 file hal_thermal_default_tmpfs)
+(allow hal_thermal_default hal_thermal_default_tmpfs (file (read write getattr)))
+(allow hal_thermal_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_tv_cec_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_tv_cec_default (process (transition)))
+(allow hal_tv_cec_default hal_tv_cec_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_tv_cec_default (process (noatsecure)))
+(allow init_26_0 hal_tv_cec_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_tv_cec_default_exec process hal_tv_cec_default)
+(typetransition hal_tv_cec_default tmpfs_26_0 file hal_tv_cec_default_tmpfs)
+(allow hal_tv_cec_default hal_tv_cec_default_tmpfs (file (read write getattr)))
+(allow hal_tv_cec_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_tv_input_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_tv_input_default (process (transition)))
+(allow hal_tv_input_default hal_tv_input_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_tv_input_default (process (noatsecure)))
+(allow init_26_0 hal_tv_input_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_tv_input_default_exec process hal_tv_input_default)
+(typetransition hal_tv_input_default tmpfs_26_0 file hal_tv_input_default_tmpfs)
+(allow hal_tv_input_default hal_tv_input_default_tmpfs (file (read write getattr)))
+(allow hal_tv_input_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_usb_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_usb_default (process (transition)))
+(allow hal_usb_default hal_usb_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_usb_default (process (noatsecure)))
+(allow init_26_0 hal_usb_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_usb_default_exec process hal_usb_default)
+(typetransition hal_usb_default tmpfs_26_0 file hal_usb_default_tmpfs)
+(allow hal_usb_default hal_usb_default_tmpfs (file (read write getattr)))
+(allow hal_usb_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_vibrator_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_vibrator_default (process (transition)))
+(allow hal_vibrator_default hal_vibrator_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_vibrator_default (process (noatsecure)))
+(allow init_26_0 hal_vibrator_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_vibrator_default_exec process hal_vibrator_default)
+(typetransition hal_vibrator_default tmpfs_26_0 file hal_vibrator_default_tmpfs)
+(allow hal_vibrator_default hal_vibrator_default_tmpfs (file (read write getattr)))
+(allow hal_vibrator_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_vr_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_vr_default (process (transition)))
+(allow hal_vr_default hal_vr_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_vr_default (process (noatsecure)))
+(allow init_26_0 hal_vr_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_vr_default_exec process hal_vr_default)
+(typetransition hal_vr_default tmpfs_26_0 file hal_vr_default_tmpfs)
+(allow hal_vr_default hal_vr_default_tmpfs (file (read write getattr)))
+(allow hal_vr_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_wifi_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_wifi_default (process (transition)))
+(allow hal_wifi_default hal_wifi_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_wifi_default (process (noatsecure)))
+(allow init_26_0 hal_wifi_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_wifi_default_exec process hal_wifi_default)
+(typetransition hal_wifi_default tmpfs_26_0 file hal_wifi_default_tmpfs)
+(allow hal_wifi_default hal_wifi_default_tmpfs (file (read write getattr)))
+(allow hal_wifi_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_wifi_offload_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_wifi_offload_default (process (transition)))
+(allow hal_wifi_offload_default hal_wifi_offload_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_wifi_offload_default (process (noatsecure)))
+(allow init_26_0 hal_wifi_offload_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_wifi_offload_default_exec process hal_wifi_offload_default)
+(typetransition hal_wifi_offload_default tmpfs_26_0 file hal_wifi_offload_default_tmpfs)
+(allow hal_wifi_offload_default hal_wifi_offload_default_tmpfs (file (read write getattr)))
+(allow hal_wifi_offload_default tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 hal_wifi_supplicant_default_exec (file (read getattr execute open)))
+(allow init_26_0 hal_wifi_supplicant_default (process (transition)))
+(allow hal_wifi_supplicant_default hal_wifi_supplicant_default_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hal_wifi_supplicant_default (process (noatsecure)))
+(allow init_26_0 hal_wifi_supplicant_default (process (siginh rlimitinh)))
+(typetransition init_26_0 hal_wifi_supplicant_default_exec process hal_wifi_supplicant_default)
+(typetransition hal_wifi_supplicant_default tmpfs_26_0 file hal_wifi_supplicant_default_tmpfs)
+(allow hal_wifi_supplicant_default hal_wifi_supplicant_default_tmpfs (file (read write getattr)))
+(allow hal_wifi_supplicant_default tmpfs_26_0 (dir (getattr search)))
+(allow hal_wifi_supplicant_default hwservicemanager_26_0 (binder (call transfer)))
+(allow hwservicemanager_26_0 hal_wifi_supplicant_default (binder (call transfer)))
+(allow hwservicemanager_26_0 hal_wifi_supplicant_default (dir (search)))
+(allow hwservicemanager_26_0 hal_wifi_supplicant_default (file (read open)))
+(allow hwservicemanager_26_0 hal_wifi_supplicant_default (process (getattr)))
+(allow hal_wifi_supplicant_default system_wifi_keystore_hwservice_26_0 (hwservice_manager (find)))
+(allow hal_wifi_supplicant_default wifi_keystore_service_server (binder (call transfer)))
+(allow wifi_keystore_service_server hal_wifi_supplicant_default (binder (transfer)))
+(allow hal_wifi_supplicant_default wifi_keystore_service_server (fd (use)))
+(allow init_26_0 hostapd_exec (file (read getattr execute open)))
+(allow init_26_0 hostapd (process (transition)))
+(allow hostapd hostapd_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 hostapd (process (noatsecure)))
+(allow init_26_0 hostapd (process (siginh rlimitinh)))
+(typetransition init_26_0 hostapd_exec process hostapd)
+(typetransition hostapd tmpfs_26_0 file hostapd_tmpfs)
+(allow hostapd hostapd_tmpfs (file (read write getattr)))
+(allow hostapd tmpfs_26_0 (dir (getattr search)))
+(allow hostapd self (capability (net_admin net_raw)))
+(allow hostapd sysfs_26_0 (file (ioctl read getattr lock open)))
+(allow hostapd sysfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hostapd proc_net_26_0 (file (read getattr open)))
+(allowx hostapd self (ioctl udp_socket (0x6900 0x6902)))
+(allowx hostapd self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff)))))
+(allowx hostapd self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff)))))
+(allow hostapd self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hostapd self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hostapd self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow hostapd self (netlink_route_socket (nlmsg_write)))
+(allow hostapd wifi_data_file_26_0 (file (ioctl read write getattr lock append open)))
+(allow hostapd wifi_data_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow hostapd wifi_data_file_26_0 (file (ioctl read getattr lock open)))
+(allow hostapd wifi_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow hostapd hostapd_socket (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open)))
+(allow hostapd hostapd_socket (sock_file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow init_26_0 rild_exec (file (read getattr execute open)))
+(allow init_26_0 rild_26_0 (process (transition)))
+(allow rild_26_0 rild_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 rild_26_0 (process (noatsecure)))
+(allow init_26_0 rild_26_0 (process (siginh rlimitinh)))
+(typetransition init_26_0 rild_exec process rild)
+(typetransition rild_26_0 tmpfs_26_0 file rild_tmpfs)
+(allow rild_26_0 rild_tmpfs (file (read write getattr)))
+(allow rild_26_0 tmpfs_26_0 (dir (getattr search)))
+(allow init_26_0 tee_exec (file (read getattr execute open)))
+(allow init_26_0 tee_26_0 (process (transition)))
+(allow tee_26_0 tee_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 tee_26_0 (process (noatsecure)))
+(allow init_26_0 tee_26_0 (process (siginh rlimitinh)))
+(typetransition init_26_0 tee_exec process tee)
+(typetransition tee_26_0 tmpfs_26_0 file tee_tmpfs)
+(allow tee_26_0 tee_tmpfs (file (read write getattr)))
+(allow tee_26_0 tmpfs_26_0 (dir (getattr search)))
+(allow tee_26_0 self (capability (dac_override)))
+(allow tee_26_0 tee_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow tee_26_0 tee_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open)))
+(allow tee_26_0 tee_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open)))
+(allow tee_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow tee_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown)))
+(allow tee_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open)))
+(allow tee_26_0 sysfs_type (dir (ioctl read getattr lock search open)))
+(allow tee_26_0 sysfs_type (file (ioctl read getattr lock open)))
+(allow tee_26_0 sysfs_type (lnk_file (ioctl read getattr lock open)))
+(allow tee_26_0 system_data_file_26_0 (file (read getattr)))
+(allow tee_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 vendor_toolbox_exec_26_0 (file (read getattr execute open)))
+(allow init_26_0 vendor_modprobe (process (transition)))
+(allow vendor_modprobe vendor_toolbox_exec_26_0 (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 vendor_modprobe (process (noatsecure)))
+(allow init_26_0 vendor_modprobe (process (siginh rlimitinh)))
+(allow vendor_modprobe proc_modules_26_0 (file (ioctl read getattr lock open)))
+(allow vendor_modprobe self (capability (sys_module)))
+(allow vendor_modprobe kernel_26_0 (key (search)))
+(allow vendor_modprobe vendor_file_26_0 (system (module_load)))
+(allow vendor_modprobe vendor_file_26_0 (dir (ioctl read getattr lock search open)))
+(allow vendor_modprobe vendor_file_26_0 (file (ioctl read getattr lock open)))
+(allow vendor_modprobe vendor_file_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow init_26_0 vndservicemanager_exec (file (read getattr execute open)))
+(allow init_26_0 vndservicemanager_26_0 (process (transition)))
+(allow vndservicemanager_26_0 vndservicemanager_exec (file (read getattr execute entrypoint open)))
+(dontaudit init_26_0 vndservicemanager_26_0 (process (noatsecure)))
+(allow init_26_0 vndservicemanager_26_0 (process (siginh rlimitinh)))
+(typetransition init_26_0 vndservicemanager_exec process vndservicemanager)
+(typetransition vndservicemanager_26_0 tmpfs_26_0 file vndservicemanager_tmpfs)
+(allow vndservicemanager_26_0 vndservicemanager_tmpfs (file (read write getattr)))
+(allow vndservicemanager_26_0 tmpfs_26_0 (dir (getattr search)))
+(allow vndservicemanager_26_0 self (binder (set_context_mgr)))
+(allow vndservicemanager_26_0 base_typeattr_173_26_0 (binder (transfer)))
+(allow vndservicemanager_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open)))
+(allow vndservicemanager_26_0 vndservice_contexts_file_26_0 (file (ioctl read getattr lock open)))
+(allow vndservicemanager_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open)))
+(allow vndservicemanager_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open)))
+(allow vndservicemanager_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open)))
+(allow vndservicemanager_26_0 selinuxfs_26_0 (file (write lock append open)))
+(allow vndservicemanager_26_0 kernel_26_0 (security (compute_av)))
+(allow vndservicemanager_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(typetransition hal_wifi_supplicant_default wifi_data_file_26_0 dir "sockets" wpa_socket)
+(typeattribute base_typeattr_173_26_0)
+(typeattributeset base_typeattr_173_26_0 ((and (domain) ((not (coredomain init_26_0))))))
+(typeattribute base_typeattr_172_26_0)
+(typeattributeset base_typeattr_172_26_0 ((and (domain) ((not (wificond_26_0))))))
+(typeattribute base_typeattr_171_26_0)
+(typeattributeset base_typeattr_171_26_0 ((and (domain) ((not (vr_hwc_26_0))))))
+(typeattribute base_typeattr_170_26_0)
+(typeattributeset base_typeattr_170_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 vold_26_0))))))
+(typeattribute base_typeattr_169_26_0)
+(typeattributeset base_typeattr_169_26_0 ((and (domain) ((not (kernel_26_0 vold_26_0))))))
+(typeattribute base_typeattr_168_26_0)
+(typeattributeset base_typeattr_168_26_0 ((and (domain) ((not (virtual_touchpad_26_0))))))
+(typeattribute base_typeattr_167_26_0)
+(typeattributeset base_typeattr_167_26_0 ((and (coredomain) ((not (init_26_0 modprobe_26_0))))))
+(typeattribute base_typeattr_166_26_0)
+(typeattributeset base_typeattr_166_26_0 ((and (domain) ((not (update_engine_26_0))))))
+(typeattribute base_typeattr_165_26_0)
+(typeattributeset base_typeattr_165_26_0 ((and (fs_type file_type) ((not (toolbox_exec_26_0))))))
+(typeattribute base_typeattr_164_26_0)
+(typeattributeset base_typeattr_164_26_0 ((and (service_manager_type) ((not (gatekeeper_service_26_0 incident_service_26_0 installd_service_26_0 netd_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0))))))
+(typeattribute base_typeattr_163_26_0)
+(typeattributeset base_typeattr_163_26_0 ((and (fs_type file_type) ((not (sgdisk_exec_26_0))))))
+(typeattribute base_typeattr_162_26_0)
+(typeattributeset base_typeattr_162_26_0 ((and (domain) ((not (hwservicemanager_26_0 init_26_0 vndservicemanager_26_0))))))
+(typeattribute base_typeattr_161_26_0)
+(typeattributeset base_typeattr_161_26_0 ((and (appdomain) ((not (system_app_26_0))))))
+(typeattribute base_typeattr_160_26_0)
+(typeattributeset base_typeattr_160_26_0 ((and (domain) ((not (radio_26_0))))))
+(typeattribute base_typeattr_159_26_0)
+(typeattributeset base_typeattr_159_26_0 ((and (core_property_type) ((not (audio_prop_26_0 config_prop_26_0 cppreopt_prop_26_0 dalvik_prop_26_0 debuggerd_prop_26_0 debug_prop_26_0 default_prop_26_0 dhcp_prop_26_0 dumpstate_prop_26_0 ffs_prop_26_0 fingerprint_prop_26_0 logd_prop_26_0 net_radio_prop_26_0 nfc_prop_26_0 pan_result_prop_26_0 persist_debug_prop_26_0 powerctl_prop_26_0 radio_prop_26_0 restorecon_prop_26_0 shell_prop_26_0 system_prop_26_0 system_radio_prop_26_0 vold_prop_26_0))))))
+(typeattribute base_typeattr_158_26_0)
+(typeattributeset base_typeattr_158_26_0 ((and (domain) ((not (performanced_26_0))))))
+(typeattribute base_typeattr_157_26_0)
+(typeattributeset base_typeattr_157_26_0 ((and (domain) ((not (dumpstate_26_0 netd_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_156_26_0)
+(typeattributeset base_typeattr_156_26_0 ((and (domain) ((not (netd_26_0))))))
+(typeattribute base_typeattr_155_26_0)
+(typeattributeset base_typeattr_155_26_0 ((and (domain) ((not (mediaserver_26_0))))))
+(typeattribute base_typeattr_154_26_0)
+(typeattributeset base_typeattr_154_26_0 ((and (domain) ((not (mediametrics_26_0))))))
+(typeattribute base_typeattr_153_26_0)
+(typeattributeset base_typeattr_153_26_0 ((and (domain) ((not (mediaextractor_26_0))))))
+(typeattribute base_typeattr_152_26_0)
+(typeattributeset base_typeattr_152_26_0 ((and (domain) ((not (mediadrmserver_26_0))))))
+(typeattribute base_typeattr_151_26_0)
+(typeattributeset base_typeattr_151_26_0 ((and (domain) ((not (mediacodec_26_0))))))
+(typeattribute base_typeattr_150_26_0)
+(typeattributeset base_typeattr_150_26_0 ((and (domain) ((not (init_26_0 logd_26_0))))))
+(typeattribute base_typeattr_149_26_0)
+(typeattributeset base_typeattr_149_26_0 ((and (domain) ((not (crash_dump_26_0))))))
+(typeattribute base_typeattr_148_26_0)
+(typeattributeset base_typeattr_148_26_0 ((and (domain) ((not (init_26_0 keystore_26_0))))))
+(typeattribute base_typeattr_147_26_0)
+(typeattributeset base_typeattr_147_26_0 ((and (domain) ((not (keystore_26_0))))))
+(typeattribute base_typeattr_146_26_0)
+(typeattributeset base_typeattr_146_26_0 ((and (domain) ((not (servicemanager_26_0 su_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_145_26_0)
+(typeattributeset base_typeattr_145_26_0 ((and (domain) ((not (dumpstate_26_0 installd_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_144_26_0)
+(typeattributeset base_typeattr_144_26_0 ((and (domain) ((not (installd_26_0))))))
+(typeattribute base_typeattr_143_26_0)
+(typeattributeset base_typeattr_143_26_0 ((and (domain) ((not (inputflinger_26_0))))))
+(typeattribute base_typeattr_142_26_0)
+(typeattributeset base_typeattr_142_26_0 ((and (fs_type file_type) ((not (init_exec_26_0))))))
+(typeattribute base_typeattr_141_26_0)
+(typeattributeset base_typeattr_141_26_0 ((and (dev_type) ((not (kmem_device_26_0 port_device_26_0))))))
+(typeattribute base_typeattr_140_26_0)
+(typeattributeset base_typeattr_140_26_0 ((and (dev_type) ((not (device_26_0 alarm_device_26_0 ashmem_device_26_0 binder_device_26_0 hwbinder_device_26_0 dm_device_26_0 keychord_device_26_0 console_device_26_0 hw_random_device_26_0 kmem_device_26_0 port_device_26_0 ptmx_device_26_0 kmsg_device_26_0 null_device_26_0 random_device_26_0 owntty_device_26_0 zero_device_26_0 devpts_26_0))))))
+(typeattribute base_typeattr_139_26_0)
+(typeattributeset base_typeattr_139_26_0 ((and (dev_type) ((not (device_26_0 vndbinder_device_26_0 kmem_device_26_0 port_device_26_0))))))
+(typeattribute base_typeattr_138_26_0)
+(typeattributeset base_typeattr_138_26_0 ((and (fs_type) ((not (contextmount_type sdcard_type rootfs_26_0))))))
+(typeattribute base_typeattr_137_26_0)
+(typeattributeset base_typeattr_137_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0))))))
+(typeattribute base_typeattr_136_26_0)
+(typeattributeset base_typeattr_136_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 runtime_event_log_tags_file_26_0 shell_data_file_26_0 keystore_data_file_26_0 vold_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 misc_logd_file_26_0))))))
+(typeattribute base_typeattr_135_26_0)
+(typeattributeset base_typeattr_135_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 shell_data_file_26_0 keystore_data_file_26_0 vold_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 misc_logd_file_26_0))))))
+(typeattribute base_typeattr_134_26_0)
+(typeattributeset base_typeattr_134_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 app_data_file_26_0 system_app_data_file_26_0 misc_logd_file_26_0))))))
+(typeattribute base_typeattr_133_26_0)
+(typeattributeset base_typeattr_133_26_0 ((and (domain) ((not (healthd_26_0))))))
+(typeattribute base_typeattr_132_26_0)
+(typeattributeset base_typeattr_132_26_0 ((and (domain) ((not (hal_wifi_supplicant_server))))))
+(typeattribute base_typeattr_131_26_0)
+(typeattributeset base_typeattr_131_26_0 ((and (domain) ((not (hal_wifi_server))))))
+(typeattribute base_typeattr_130_26_0)
+(typeattributeset base_typeattr_130_26_0 ((and (domain) ((not (hal_weaver_server))))))
+(typeattribute base_typeattr_129_26_0)
+(typeattributeset base_typeattr_129_26_0 ((and (domain) ((not (hal_vr_server))))))
+(typeattribute base_typeattr_128_26_0)
+(typeattributeset base_typeattr_128_26_0 ((and (domain) ((not (hal_vibrator_server))))))
+(typeattribute base_typeattr_127_26_0)
+(typeattributeset base_typeattr_127_26_0 ((and (domain) ((not (hal_usb_server))))))
+(typeattribute base_typeattr_126_26_0)
+(typeattributeset base_typeattr_126_26_0 ((and (domain) ((not (hal_tv_input_server))))))
+(typeattribute base_typeattr_125_26_0)
+(typeattributeset base_typeattr_125_26_0 ((and (domain) ((not (hal_tv_cec_server))))))
+(typeattribute base_typeattr_124_26_0)
+(typeattributeset base_typeattr_124_26_0 ((and (domain) ((not (hal_thermal_server))))))
+(typeattribute base_typeattr_123_26_0)
+(typeattributeset base_typeattr_123_26_0 ((and (domain) ((not (hal_telephony_server))))))
+(typeattribute base_typeattr_122_26_0)
+(typeattributeset base_typeattr_122_26_0 ((and (domain) ((not (hal_sensors_server))))))
+(typeattribute base_typeattr_121_26_0)
+(typeattributeset base_typeattr_121_26_0 ((and (domain) ((not (hal_power_server))))))
+(typeattribute base_typeattr_120_26_0)
+(typeattributeset base_typeattr_120_26_0 ((and (domain) ((not (hal_oemlock_server))))))
+(typeattribute base_typeattr_119_26_0)
+(typeattributeset base_typeattr_119_26_0 ((and (domain) ((not (hal_nfc_server))))))
+(typeattribute base_typeattr_118_26_0)
+(typeattributeset base_typeattr_118_26_0 ((and (halserverdomain) ((not (hal_dumpstate_server rild_26_0))))))
+(typeattribute base_typeattr_117_26_0)
+(typeattributeset base_typeattr_117_26_0 ((and (halserverdomain) ((not (hal_tetheroffload_server hal_wifi_server hal_wifi_supplicant_server rild_26_0))))))
+(typeattribute base_typeattr_116_26_0)
+(typeattributeset base_typeattr_116_26_0 ((and (halserverdomain) ((not (hal_bluetooth_server hal_wifi_server hal_wifi_supplicant_server rild_26_0))))))
+(typeattribute base_typeattr_115_26_0)
+(typeattributeset base_typeattr_115_26_0 ((and (domain) ((not (hal_memtrack_server))))))
+(typeattribute base_typeattr_114_26_0)
+(typeattributeset base_typeattr_114_26_0 ((and (domain) ((not (hal_light_server))))))
+(typeattribute base_typeattr_113_26_0)
+(typeattributeset base_typeattr_113_26_0 ((and (domain) ((not (hal_keymaster_server))))))
+(typeattribute base_typeattr_112_26_0)
+(typeattributeset base_typeattr_112_26_0 ((and (domain) ((not (hal_ir_server))))))
+(typeattribute base_typeattr_111_26_0)
+(typeattributeset base_typeattr_111_26_0 ((and (domain) ((not (hal_health_server))))))
+(typeattribute base_typeattr_110_26_0)
+(typeattributeset base_typeattr_110_26_0 ((and (domain) ((not (hal_graphics_composer_server))))))
+(typeattribute base_typeattr_109_26_0)
+(typeattributeset base_typeattr_109_26_0 ((and (domain) ((not (hal_graphics_allocator_server))))))
+(typeattribute base_typeattr_108_26_0)
+(typeattributeset base_typeattr_108_26_0 ((and (domain) ((not (hal_gnss_server))))))
+(typeattribute base_typeattr_107_26_0)
+(typeattributeset base_typeattr_107_26_0 ((and (domain) ((not (hal_gatekeeper_server))))))
+(typeattribute base_typeattr_106_26_0)
+(typeattributeset base_typeattr_106_26_0 ((and (domain) ((not (hal_fingerprint_server))))))
+(typeattribute base_typeattr_105_26_0)
+(typeattributeset base_typeattr_105_26_0 ((and (domain) ((not (hal_dumpstate_server))))))
+(typeattribute base_typeattr_104_26_0)
+(typeattributeset base_typeattr_104_26_0 ((and (domain) ((not (hal_drm_server))))))
+(typeattribute base_typeattr_103_26_0)
+(typeattributeset base_typeattr_103_26_0 ((and (domain) ((not (hal_contexthub_server))))))
+(typeattribute base_typeattr_102_26_0)
+(typeattributeset base_typeattr_102_26_0 ((and (domain) ((not (hal_configstore_server))))))
+(typeattribute base_typeattr_101_26_0)
+(typeattributeset base_typeattr_101_26_0 ((and (halserverdomain) ((not (hal_camera_server))))))
+(typeattribute base_typeattr_100_26_0)
+(typeattributeset base_typeattr_100_26_0 ((and (appdomain) ((not (isolated_app_26_0))))))
+(typeattribute base_typeattr_99_26_0)
+(typeattributeset base_typeattr_99_26_0 ((and (domain) ((not (hal_camera_server))))))
+(typeattribute base_typeattr_98_26_0)
+(typeattributeset base_typeattr_98_26_0 ((and (domain) ((not (hal_bootctl_server))))))
+(typeattribute base_typeattr_97_26_0)
+(typeattributeset base_typeattr_97_26_0 ((and (domain) ((not (hal_bluetooth_server))))))
+(typeattribute base_typeattr_96_26_0)
+(typeattributeset base_typeattr_96_26_0 ((and (halserverdomain) ((not (hal_audio_server))))))
+(typeattribute base_typeattr_95_26_0)
+(typeattributeset base_typeattr_95_26_0 ((and (domain) ((not (hal_audio_server))))))
+(typeattribute base_typeattr_94_26_0)
+(typeattributeset base_typeattr_94_26_0 ((and (domain) ((not (hal_allocator_server))))))
+(typeattribute base_typeattr_93_26_0)
+(typeattributeset base_typeattr_93_26_0 ((and (domain) ((not (gatekeeperd_26_0))))))
+(typeattribute base_typeattr_92_26_0)
+(typeattributeset base_typeattr_92_26_0 ((and (domain) ((not (vold_26_0))))))
+(typeattribute base_typeattr_91_26_0)
+(typeattributeset base_typeattr_91_26_0 ((and (fs_type file_type) ((not (fsck_exec_26_0))))))
+(typeattribute base_typeattr_90_26_0)
+(typeattributeset base_typeattr_90_26_0 ((and (domain) ((not (init_26_0 vold_26_0))))))
+(typeattribute base_typeattr_89_26_0)
+(typeattributeset base_typeattr_89_26_0 ((and (domain) ((not (fingerprintd_26_0))))))
+(typeattribute base_typeattr_88_26_0)
+(typeattributeset base_typeattr_88_26_0 ((and (domain) ((not (dumpstate_26_0 shell_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_87_26_0)
+(typeattributeset base_typeattr_87_26_0 ((and (domain) ((not (dumpstate_26_0))))))
+(typeattribute base_typeattr_86_26_0)
+(typeattributeset base_typeattr_86_26_0 ((and (service_manager_type) ((not (dumpstate_service_26_0 gatekeeper_service_26_0 incident_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0))))))
+(typeattribute base_typeattr_85_26_0)
+(typeattributeset base_typeattr_85_26_0 ((and (domain) ((not (drmserver_26_0))))))
+(typeattribute base_typeattr_84_26_0)
+(typeattributeset base_typeattr_84_26_0 ((not (coredomain))))
+(typeattribute base_typeattr_83_26_0)
+(typeattributeset base_typeattr_83_26_0 ((not (rootfs_26_0 system_file_26_0 vendor_file_26_0))))
+(typeattribute base_typeattr_82_26_0)
+(typeattributeset base_typeattr_82_26_0 ((and (domain) ((not (installd_26_0 profman_26_0))))))
+(typeattribute base_typeattr_81_26_0)
+(typeattributeset base_typeattr_81_26_0 ((and (domain) ((not (dumpstate_26_0 init_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_80_26_0)
+(typeattributeset base_typeattr_80_26_0 ((not (hwservicemanager_26_0))))
+(typeattribute base_typeattr_79_26_0)
+(typeattributeset base_typeattr_79_26_0 ((not (servicemanager_26_0 vndservicemanager_26_0))))
+(typeattribute base_typeattr_78_26_0)
+(typeattributeset base_typeattr_78_26_0 ((and (domain) ((not (appdomain adbd_26_0 dumpstate_26_0 installd_26_0 uncrypt_26_0))))))
+(typeattribute base_typeattr_77_26_0)
+(typeattributeset base_typeattr_77_26_0 ((and (domain) ((not (appdomain adbd_26_0 dumpstate_26_0 init_26_0 installd_26_0 system_server_26_0 uncrypt_26_0))))))
+(typeattribute base_typeattr_76_26_0)
+(typeattributeset base_typeattr_76_26_0 ((and (domain) ((not (adbd_26_0 dumpstate_26_0 init_26_0 installd_26_0 shell_26_0 vold_26_0))))))
+(typeattribute base_typeattr_75_26_0)
+(typeattributeset base_typeattr_75_26_0 ((and (domain) ((not (installd_26_0 shell_26_0 uncrypt_26_0))))))
+(typeattribute base_typeattr_74_26_0)
+(typeattributeset base_typeattr_74_26_0 ((and (domain) ((not (appdomain installd_26_0 uncrypt_26_0))))))
+(typeattribute base_typeattr_73_26_0)
+(typeattributeset base_typeattr_73_26_0 ((and (appdomain) ((not (bluetooth_26_0 shell_26_0 su_26_0))))))
+(typeattribute base_typeattr_72_26_0)
+(typeattributeset base_typeattr_72_26_0 ((and (domain) ((not (runas_26_0 webview_zygote_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_71_26_0)
+(typeattributeset base_typeattr_71_26_0 ((and (domain) ((not (adbd_26_0 init_26_0 runas_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_70_26_0)
+(typeattributeset base_typeattr_70_26_0 ((and (domain) ((not (appdomain installd_26_0))))))
+(typeattribute base_typeattr_69_26_0)
+(typeattributeset base_typeattr_69_26_0 ((and (domain) ((not (appdomain installd_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_68_26_0)
+(typeattributeset base_typeattr_68_26_0 ((and (domain) ((not (init_26_0 installd_26_0 system_app_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_67_26_0)
+(typeattributeset base_typeattr_67_26_0 ((not (domain))))
+(typeattribute base_typeattr_66_26_0)
+(typeattributeset base_typeattr_66_26_0 ((and (domain) ((not (untrusted_app_all))))))
+(typeattribute base_typeattr_65_26_0)
+(typeattributeset base_typeattr_65_26_0 ((and (file_type) ((not (apk_data_file_26_0 app_data_file_26_0 asec_public_file_26_0))))))
+(typeattribute base_typeattr_64_26_0)
+(typeattributeset base_typeattr_64_26_0 ((and (domain) ((not (dumpstate_26_0 shell_26_0 su_26_0))))))
+(typeattribute base_typeattr_63_26_0)
+(typeattributeset base_typeattr_63_26_0 ((and (domain) ((not (dumpstate_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_62_26_0)
+(typeattributeset base_typeattr_62_26_0 ((and (domain) ((not (crash_dump_26_0 mediacodec_26_0 mediaextractor_26_0))))))
+(typeattribute base_typeattr_61_26_0)
+(typeattributeset base_typeattr_61_26_0 ((and (domain) ((not (crash_dump_26_0 dumpstate_26_0 mediacodec_26_0 mediaextractor_26_0 system_server_26_0 tombstoned_26_0))))))
+(typeattribute base_typeattr_60_26_0)
+(typeattributeset base_typeattr_60_26_0 ((and (domain) ((not (system_server_26_0 webview_zygote_26_0))))))
+(typeattribute base_typeattr_59_26_0)
+(typeattributeset base_typeattr_59_26_0 ((and (domain) ((not (system_server_26_0))))))
+(typeattribute base_typeattr_58_26_0)
+(typeattributeset base_typeattr_58_26_0 ((and (domain) ((not (system_server_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_57_26_0)
+(typeattributeset base_typeattr_57_26_0 ((and (domain) ((not (cppreopts_26_0 dex2oat_26_0 init_26_0 installd_26_0 otapreopt_slot_26_0 postinstall_dexopt_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_56_26_0)
+(typeattributeset base_typeattr_56_26_0 ((and (exec_type) ((not (vendor_file_type crash_dump_exec_26_0 netutils_wrapper_exec_26_0))))))
+(typeattribute base_typeattr_55_26_0)
+(typeattributeset base_typeattr_55_26_0 ((and (domain) ((not (appdomain coredomain vendor_executes_system_violators rild_26_0))))))
+(typeattribute base_typeattr_54_26_0)
+(typeattributeset base_typeattr_54_26_0 ((and (coredomain) ((not (init_26_0))))))
+(typeattribute base_typeattr_53_26_0)
+(typeattributeset base_typeattr_53_26_0 ((and (coredomain) ((not (appdomain idmap_26_0 init_26_0 installd_26_0 system_server_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_52_26_0)
+(typeattributeset base_typeattr_52_26_0 ((and (coredomain) ((not (appdomain dex2oat_26_0 idmap_26_0 init_26_0 installd_26_0 postinstall_dexopt_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_51_26_0)
+(typeattributeset base_typeattr_51_26_0 ((and (dev_type file_type) ((not (core_data_file_type coredomain_socket unlabeled_26_0))))))
+(typeattribute base_typeattr_50_26_0)
+(typeattributeset base_typeattr_50_26_0 ((and (coredomain) ((not (socket_between_core_and_vendor_violators init_26_0 ueventd_26_0))))))
+(typeattribute base_typeattr_49_26_0)
+(typeattributeset base_typeattr_49_26_0 ((and (core_data_file_type coredomain_socket unlabeled_26_0) ((not (pdx_endpoint_socket_type pdx_channel_socket_type app_data_file_26_0))))))
+(typeattribute base_typeattr_48_26_0)
+(typeattributeset base_typeattr_48_26_0 ((and (domain) ((not (netdomain coredomain socket_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_47_26_0)
+(typeattributeset base_typeattr_47_26_0 ((and (coredomain) ((not (incidentd_26_0 init_26_0 logd_26_0 mdnsd_26_0 netd_26_0 su_26_0 tombstoned_26_0))))))
+(typeattribute base_typeattr_46_26_0)
+(typeattributeset base_typeattr_46_26_0 ((and (domain) ((not (appdomain coredomain socket_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_45_26_0)
+(typeattributeset base_typeattr_45_26_0 ((and (domain) ((not (coredomain socket_between_core_and_vendor_violators))))))
+(typeattribute base_typeattr_44_26_0)
+(typeattributeset base_typeattr_44_26_0 ((and (coredomain) ((not (adbd_26_0 init_26_0))))))
+(typeattribute base_typeattr_43_26_0)
+(typeattributeset base_typeattr_43_26_0 ((and (coredomain) ((not (shell_26_0 su_26_0))))))
+(typeattribute base_typeattr_42_26_0)
+(typeattributeset base_typeattr_42_26_0 ((and (coredomain) ((not (shell_26_0 su_26_0 ueventd_26_0))))))
+(typeattribute base_typeattr_41_26_0)
+(typeattributeset base_typeattr_41_26_0 ((and (service_manager_type) ((not (app_api_service ephemeral_app_api_service audioserver_service_26_0 cameraserver_service_26_0 drmserver_service_26_0 keystore_service_26_0 mediaserver_service_26_0 mediametrics_service_26_0 mediaextractor_service_26_0 mediadrmserver_service_26_0 mediacasserver_service_26_0 nfc_service_26_0 radio_service_26_0 surfaceflinger_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0 vr_manager_service_26_0))))))
+(typeattribute base_typeattr_40_26_0)
+(typeattributeset base_typeattr_40_26_0 ((and (appdomain) ((not (coredomain))))))
+(typeattribute base_typeattr_39_26_0)
+(typeattributeset base_typeattr_39_26_0 ((and (domain) ((not (appdomain coredomain binder_in_vendor_violators))))))
+(typeattribute base_typeattr_38_26_0)
+(typeattributeset base_typeattr_38_26_0 ((and (domain) ((not (hwservicemanager_26_0 servicemanager_26_0 vndservicemanager_26_0))))))
+(typeattribute base_typeattr_37_26_0)
+(typeattributeset base_typeattr_37_26_0 ((and (domain) ((not (domain hal_bootctl init_26_0 recovery_26_0 ueventd_26_0 uncrypt_26_0 update_engine_26_0 vold_26_0))))))
+(typeattribute base_typeattr_36_26_0)
+(typeattributeset base_typeattr_36_26_0 ((and (domain) ((not (install_recovery_26_0 recovery_26_0))))))
+(typeattribute base_typeattr_35_26_0)
+(typeattributeset base_typeattr_35_26_0 ((and (domain) ((not (recovery_26_0 update_engine_26_0))))))
+(typeattribute base_typeattr_34_26_0)
+(typeattributeset base_typeattr_34_26_0 ((and (domain) ((not (init_26_0 recovery_26_0 vold_26_0))))))
+(typeattribute base_typeattr_33_26_0)
+(typeattributeset base_typeattr_33_26_0 ((and (domain) ((not (init_26_0 recovery_26_0 shell_26_0 system_server_26_0 ueventd_26_0))))))
+(typeattribute base_typeattr_32_26_0)
+(typeattributeset base_typeattr_32_26_0 ((and (domain) ((not (init_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_31_26_0)
+(typeattributeset base_typeattr_31_26_0 ((and (domain) ((not (hal_drm adbd_26_0 dumpstate_26_0 init_26_0 mediadrmserver_26_0 recovery_26_0 shell_26_0 system_server_26_0))))))
+(typeattribute base_typeattr_30_26_0)
+(typeattributeset base_typeattr_30_26_0 ((and (fs_type) ((not (contextmount_type))))))
+(typeattribute base_typeattr_29_26_0)
+(typeattributeset base_typeattr_29_26_0 ((and (domain) ((not (kernel_26_0 recovery_26_0))))))
+(typeattribute base_typeattr_28_26_0)
+(typeattributeset base_typeattr_28_26_0 ((and (domain) ((not (shell_26_0))))))
+(typeattribute base_typeattr_27_26_0)
+(typeattributeset base_typeattr_27_26_0 ((and (data_file_type) ((not (system_data_file_26_0 apk_data_file_26_0 dalvikcache_data_file_26_0))))))
+(typeattribute base_typeattr_26_26_0)
+(typeattributeset base_typeattr_26_26_0 ((and (domain) ((not (appdomain))))))
+(typeattribute base_typeattr_25_26_0)
+(typeattributeset base_typeattr_25_26_0 ((and (fs_type) ((not (rootfs_26_0))))))
+(typeattribute base_typeattr_24_26_0)
+(typeattributeset base_typeattr_24_26_0 ((and (domain) ((not (appdomain recovery_26_0))))))
+(typeattribute base_typeattr_23_26_0)
+(typeattributeset base_typeattr_23_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 postinstall_file_26_0))))))
+(typeattribute base_typeattr_22_26_0)
+(typeattributeset base_typeattr_22_26_0 ((and (domain) ((not (appdomain dumpstate_26_0 shell_26_0 su_26_0 system_server_26_0 webview_zygote_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_21_26_0)
+(typeattributeset base_typeattr_21_26_0 ((and (fs_type) ((not (sdcard_type))))))
+(typeattribute base_typeattr_20_26_0)
+(typeattributeset base_typeattr_20_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 otapreopt_chroot_26_0 recovery_26_0 update_engine_26_0 vold_26_0 zygote_26_0))))))
+(typeattribute base_typeattr_19_26_0)
+(typeattributeset base_typeattr_19_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 recovery_26_0))))))
+(typeattribute base_typeattr_18_26_0)
+(typeattributeset base_typeattr_18_26_0 ((and (domain) ((not (shell_26_0 ueventd_26_0))))))
+(typeattribute base_typeattr_17_26_0)
+(typeattributeset base_typeattr_17_26_0 ((and (file_type) ((not (exec_type postinstall_file_26_0))))))
+(typeattribute base_typeattr_16_26_0)
+(typeattributeset base_typeattr_16_26_0 ((and (domain) ((not (init_26_0 shell_26_0 system_server_26_0 ueventd_26_0))))))
+(typeattribute base_typeattr_15_26_0)
+(typeattributeset base_typeattr_15_26_0 ((and (domain) ((not (kernel_26_0))))))
+(typeattribute base_typeattr_14_26_0)
+(typeattributeset base_typeattr_14_26_0 ((and (domain) ((not (recovery_26_0))))))
+(typeattribute base_typeattr_13_26_0)
+(typeattributeset base_typeattr_13_26_0 ((and (domain) ((not (domain healthd_26_0 init_26_0 kernel_26_0 recovery_26_0 tee_26_0 ueventd_26_0 uncrypt_26_0))))))
+(typeattribute base_typeattr_12_26_0)
+(typeattributeset base_typeattr_12_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 ueventd_26_0 vold_26_0))))))
+(typeattribute base_typeattr_11_26_0)
+(typeattributeset base_typeattr_11_26_0 ((and (domain) ((not (init_26_0 recovery_26_0))))))
+(typeattribute base_typeattr_10_26_0)
+(typeattributeset base_typeattr_10_26_0 ((all)))
+(typeattribute base_typeattr_9_26_0)
+(typeattributeset base_typeattr_9_26_0 ((and (domain) ((not (domain))))))
+(typeattribute base_typeattr_8_26_0)
+(typeattributeset base_typeattr_8_26_0 ((and (domain) ((not (coredomain))))))
+(typeattribute base_typeattr_7_26_0)
+(typeattributeset base_typeattr_7_26_0 ((and (domain) ((not (servicemanager_26_0 vndservicemanager_26_0))))))
+(typeattribute base_typeattr_6_26_0)
+(typeattributeset base_typeattr_6_26_0 ((and (appdomain coredomain binder_in_vendor_violators) ((not (hwservicemanager_26_0))))))
+(typeattribute base_typeattr_5_26_0)
+(typeattributeset base_typeattr_5_26_0 ((and (domain) ((not (init_26_0))))))
+(typeattribute base_typeattr_4_26_0)
+(typeattributeset base_typeattr_4_26_0 ((and (domain) ((not (display_service_server))))))
+(typeattribute base_typeattr_3_26_0)
+(typeattributeset base_typeattr_3_26_0 ((and (domain) ((not (crash_dump_26_0 init_26_0 keystore_26_0 logd_26_0))))))
+(typeattribute base_typeattr_2_26_0)
+(typeattributeset base_typeattr_2_26_0 ((and (domain) ((not (cameraserver_26_0))))))
+(typeattribute base_typeattr_1_26_0)
+(typeattributeset base_typeattr_1_26_0 ((and (domain) ((not (bufferhubd_26_0))))))
diff --git a/prebuilts/api/26.0/private/app.te b/prebuilts/api/26.0/private/app.te
index 4b9d87d..6f2b820 100644
--- a/prebuilts/api/26.0/private/app.te
+++ b/prebuilts/api/26.0/private/app.te
@@ -225,8 +225,8 @@
allow { appdomain -isolated_app -ephemeral_app } sdcardfs:file create_file_perms;
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
-allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:dir create_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:file create_file_perms;
+allow { appdomain -isolated_app -ephemeral_app } { media_rw_data_file vfat }:dir create_dir_perms;
+allow { appdomain -isolated_app -ephemeral_app } { media_rw_data_file vfat }:file create_file_perms;
# Access OBBs (vfat images) mounted by vold (b/17633509)
# File write access allowed for FDs returned through Storage Access Framework
diff --git a/prebuilts/api/26.0/private/app_neverallows.te b/prebuilts/api/26.0/private/app_neverallows.te
index 0917724..3c159d5 100644
--- a/prebuilts/api/26.0/private/app_neverallows.te
+++ b/prebuilts/api/26.0/private/app_neverallows.te
@@ -132,20 +132,63 @@
# incidence rate of security issues than system/core components and have
# access to lower layes of the stack (all the way down to hardware) thus
# increasing opportunities for bypassing the Android security model.
+#
+# Safe services include:
+# - same process services: because they by definition run in the process
+# of the client and thus have the same access as the client domain in which
+# the process runs
+# - coredomain_hwservice: are considered safe because they do not pose risks
+# associated with reason #2 above.
+# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
+# designed for use by any domain.
+# - hal_graphics_allocator_hwservice: because these operations are also offered
+# by surfaceflinger Binder service, which apps are permitted to access
+# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
+# Binder service which apps were permitted to access.
neverallow all_untrusted_apps {
hwservice_manager_type
- # Same process services are safe because they by definition run in the process
- # of the client and thus have the same access as the client domain in which
- # the process runs
-same_process_hwservice
- -coredomain_hwservice # neverallows for coredomain HwBinder services are below
- -hal_configstore_ISurfaceFlingerConfigs # Designed for use by any domain
- # These operations are also offered by surfaceflinger Binder service which
- # apps are permitted to access
+ -coredomain_hwservice
+ -hal_configstore_ISurfaceFlingerConfigs
-hal_graphics_allocator_hwservice
- # HwBinder version of mediacodec Binder service which apps were permitted to
- # access
-hal_omx_hwservice
+ -untrusted_app_visible_hwservice
+}:hwservice_manager find;
+neverallow untrusted_app_visible_hwservice unlabeled:service_manager list; #TODO: b/62658302
+# Make sure that the following services are never accessible by untrusted_apps
+neverallow all_untrusted_apps {
+ default_android_hwservice
+ hal_audio_hwservice
+ hal_bluetooth_hwservice
+ hal_bootctl_hwservice
+ hal_camera_hwservice
+ hal_contexthub_hwservice
+ hal_drm_hwservice
+ hal_dumpstate_hwservice
+ hal_fingerprint_hwservice
+ hal_gatekeeper_hwservice
+ hal_gnss_hwservice
+ hal_graphics_composer_hwservice
+ hal_health_hwservice
+ hal_ir_hwservice
+ hal_keymaster_hwservice
+ hal_light_hwservice
+ hal_memtrack_hwservice
+ hal_nfc_hwservice
+ hal_oemlock_hwservice
+ hal_power_hwservice
+ hal_sensors_hwservice
+ hal_telephony_hwservice
+ hal_thermal_hwservice
+ hal_tv_cec_hwservice
+ hal_tv_input_hwservice
+ hal_usb_hwservice
+ hal_vibrator_hwservice
+ hal_vr_hwservice
+ hal_weaver_hwservice
+ hal_wifi_hwservice
+ hal_wifi_supplicant_hwservice
+ hidl_base_hwservice
}:hwservice_manager find;
# HwBinder services offered by core components (as opposed to vendor components)
# are considered somewhat safer due to point #2 above.
diff --git a/prebuilts/api/26.0/private/file_contexts b/prebuilts/api/26.0/private/file_contexts
index aefd95f..4485b95 100644
--- a/prebuilts/api/26.0/private/file_contexts
+++ b/prebuilts/api/26.0/private/file_contexts
@@ -38,7 +38,6 @@
/sdcard u:object_r:rootfs:s0
# SELinux policy files
-/file_contexts\.bin u:object_r:file_contexts_file:s0
/nonplat_file_contexts u:object_r:file_contexts_file:s0
/plat_file_contexts u:object_r:file_contexts_file:s0
/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0
@@ -523,6 +522,7 @@
/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:tracing_shell_writable_debug:s0
/sys/kernel/debug/tracing/events/block/block_rq_issue/enable u:object_r:tracing_shell_writable_debug:s0
/sys/kernel/debug/tracing/events/block/block_rq_complete/enable u:object_r:tracing_shell_writable_debug:s0
+/sys/kernel/debug/tracing/saved_cmdlines_size u:object_r:tracing_shell_writable_debug:s0
#############################
# asec containers
diff --git a/prebuilts/api/26.0/public/attributes b/prebuilts/api/26.0/public/attributes
index 90740d4..cde55da 100644
--- a/prebuilts/api/26.0/public/attributes
+++ b/prebuilts/api/26.0/public/attributes
@@ -144,6 +144,15 @@
# TODO(b/36463595)
attribute vendor_executes_system_violators;
+# hwservices that are accessible from untrusted applications
+# WARNING: Use of this attribute should be avoided unless
+# absolutely necessary. It is a temporary allowance to aid the
+# transition to treble and will be removed in a future platform
+# version, requiring all hwservices that are labeled with this
+# attribute to be submitted to AOSP in order to maintain their
+# app-visibility.
+attribute untrusted_app_visible_hwservice;
+
# PDX services
attribute pdx_endpoint_dir_type;
attribute pdx_endpoint_socket_type;
diff --git a/prebuilts/api/26.0/public/domain.te b/prebuilts/api/26.0/public/domain.te
index 34cbadc..d2b370a 100644
--- a/prebuilts/api/26.0/public/domain.te
+++ b/prebuilts/api/26.0/public/domain.te
@@ -497,6 +497,7 @@
-recovery
-ueventd
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+neverallow hal_bootctl unlabeled:service_manager list; #TODO: b/62658302
# Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr;
@@ -555,6 +556,7 @@
-appdomain
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
} servicemanager:binder { call transfer };
+ neverallow binder_in_vendor_violators unlabeled:service_manager list ; #TODO: b/62658302
')
# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
@@ -613,6 +615,7 @@
-incidentd # TODO(b/35870313): Remove incidentd from this list once vendor domains no longer declare Binder services
-tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
});
+ neverallow socket_between_core_and_vendor_violators unlabeled:service_manager list ; #TODO: b/62658302
# Vendor domains (except netdomain) are not permitted to initiate communications to netd sockets
neverallow_establish_socket_comms({
@@ -644,6 +647,10 @@
-pdx_endpoint_socket_type # used by VR layer
-pdx_channel_socket_type # used by VR layer
}:sock_file ~{ append getattr ioctl read write };
+ neverallow {
+ pdx_endpoint_socket_type
+ pdx_channel_socket_type
+ } unlabeled:service_manager list; #TODO: b/62658302
# Core domains are not permitted to create/open sockets owned by vendor domains
neverallow {
@@ -728,6 +735,7 @@
-crash_dump_exec
-netutils_wrapper_exec
}:file { entrypoint execute execute_no_trans };
+ neverallow vendor_executes_system_violators unlabeled:service_manager list; #TODO: b/62658302
')
# Only authorized processes should be writing to files in /data/dalvik-cache
diff --git a/prebuilts/api/26.0/public/hal_neverallows.te b/prebuilts/api/26.0/public/hal_neverallows.te
index feadcda..fc2b5f6 100644
--- a/prebuilts/api/26.0/public/hal_neverallows.te
+++ b/prebuilts/api/26.0/public/hal_neverallows.te
@@ -8,14 +8,16 @@
-rild
} self:capability { net_admin net_raw };
-# Unless a HAL's job is to manage network hardware, it should not be
-# using network sockets.
+# Unless a HAL's job is to communicate over the network, or control network
+# hardware, it should not be using network sockets.
neverallow {
halserverdomain
+ -hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_supplicant_server
-rild
} domain:{ tcp_socket udp_socket rawip_socket } *;
+neverallow hal_tetheroffload_server unlabeled:service_manager list; #TODO: b/62658302
###
# HALs are defined as an attribute and so a given domain could hypothetically
diff --git a/prebuilts/api/26.0/public/radio.te b/prebuilts/api/26.0/public/radio.te
index 87329d9..6f29a70 100644
--- a/prebuilts/api/26.0/public/radio.te
+++ b/prebuilts/api/26.0/public/radio.te
@@ -5,9 +5,8 @@
bluetooth_domain(radio)
binder_service(radio)
-# TODO(b/36613472): Remove this once radio no longer communicates with rild over sockets.
-# Talks to rild via the rild socket.
-unix_socket_connect(radio, rild, rild)
+# Talks to rild via the rild socket only for devices without full treble
+not_full_treble(`unix_socket_connect(radio, rild, rild)')
# Data file accesses.
allow radio radio_data_file:dir create_dir_perms;
diff --git a/prebuilts/api/26.0/public/runas.te b/prebuilts/api/26.0/public/runas.te
index cda02ef..7a7febf 100644
--- a/prebuilts/api/26.0/public/runas.te
+++ b/prebuilts/api/26.0/public/runas.te
@@ -2,6 +2,7 @@
type runas_exec, exec_type, file_type;
allow runas adbd:process sigchld;
+allow runas adbd:unix_stream_socket { read write };
allow runas shell:fd use;
allow runas shell:fifo_file { read write };
allow runas shell:unix_stream_socket { read write };
diff --git a/prebuilts/api/26.0/public/te_macros b/prebuilts/api/26.0/public/te_macros
index b1937d8..d65eb88 100644
--- a/prebuilts/api/26.0/public/te_macros
+++ b/prebuilts/api/26.0/public/te_macros
@@ -550,6 +550,7 @@
define(`add_service', `
allow $1 $2:service_manager { add find };
neverallow { domain -$1 } $2:service_manager add;
+ neverallow $1 unlabeled:service_manager add; #TODO: b/62658302
')
###########################################
@@ -561,6 +562,7 @@
allow $1 $2:hwservice_manager { add find };
allow $1 hidl_base_hwservice:hwservice_manager add;
neverallow { domain -$1 } $2:hwservice_manager add;
+ neverallow $1 unlabeled:hwservice_manager add; #TODO: b/62658302
')
##########################################
diff --git a/private/adbd.te b/private/adbd.te
index 52597eb..2008364 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -63,14 +63,9 @@
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
-# Perform binder IPC to surfaceflinger (screencap)
-# XXX Run screencap in a separate domain?
-binder_use(adbd)
-binder_call(adbd, surfaceflinger)
-# b/13188914
-allow adbd gpu_device:chr_file rw_file_perms;
-allow adbd ion_device:chr_file rw_file_perms;
-r_dir_file(adbd, system_file)
+# Use screencap
+domain_auto_trans(adbd, screencap_exec, screencap)
+allow adbd screencap:process signal;
# Needed for various screenshots
hal_client_domain(adbd, hal_graphics_allocator)
@@ -137,5 +132,5 @@
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
-neverallow adbd { domain -crash_dump -shell }:process transition;
+neverallow adbd { domain -crash_dump -shell -screencap }:process transition;
neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
diff --git a/private/app.te b/private/app.te
index c491b92..c414723 100644
--- a/private/app.te
+++ b/private/app.te
@@ -411,7 +411,9 @@
# sigchld allowed for parent death notification.
# signull allowed for kill(pid, 0) existence test.
# All others prohibited.
-neverallow appdomain { domain -appdomain }:process
+neverallow { appdomain -shell } { domain -appdomain }:process
+ { sigkill sigstop signal };
+neverallow shell { domain -appdomain -screencap }:process
{ sigkill sigstop signal };
# Transition to a non-app domain.
@@ -476,9 +478,12 @@
{ create write setattr relabelfrom relabelto append unlink link rename };
# access tmp apk files
-neverallow { appdomain -platform_app -priv_app }
+neverallow { appdomain -untrusted_app_all -platform_app -priv_app }
{ apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
+neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
+neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read };
+
# Access to factory files.
neverallow appdomain efs_file:dir_file_class_set write;
neverallow { appdomain -shell } efs_file:dir_file_class_set read;
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 796c943..46c7e22 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -2,18 +2,15 @@
### neverallow rules for untrusted app domains
###
-# Only allow domains in AOSP to use the untrusted_app_all attribute.
-neverallow { untrusted_app_all -untrusted_app -untrusted_app_25 } domain:process fork;
-
define(`all_untrusted_apps',`{
ephemeral_app
isolated_app
+ mediaprovider
untrusted_app
untrusted_app_25
untrusted_app_all
untrusted_v2_app
}')
-
# Receive or send uevent messages.
neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
@@ -35,9 +32,9 @@
# Do not allow untrusted apps to connect to the property service
# or set properties. b/10243159
-neverallow all_untrusted_apps property_socket:sock_file write;
-neverallow all_untrusted_apps init:unix_stream_socket connectto;
-neverallow all_untrusted_apps property_type:property_service set;
+neverallow { all_untrusted_apps -mediaprovider } property_socket:sock_file write;
+neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
+neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
# Do not allow untrusted apps to be assigned mlstrustedsubject.
# This would undermine the per-user isolation model being
@@ -75,15 +72,15 @@
} *;
# Do not allow untrusted apps access to /cache
-neverallow all_untrusted_apps { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
-neverallow all_untrusted_apps { cache_file cache_recovery_file }:file ~{ read getattr };
+neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
+neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
# Do not allow untrusted apps to create/unlink files outside of its sandbox,
# internal storage or sdcard.
# World accessible data locations allow application to fill the device
# with unaccounted for data. This data will not get removed during
# application un-installation.
-neverallow all_untrusted_apps {
+neverallow { all_untrusted_apps -mediaprovider } {
fs_type
-fuse # sdcard
-sdcardfs # sdcard
@@ -140,62 +137,21 @@
# incidence rate of security issues than system/core components and have
# access to lower layes of the stack (all the way down to hardware) thus
# increasing opportunities for bypassing the Android security model.
-#
-# Safe services include:
-# - same process services: because they by definition run in the process
-# of the client and thus have the same access as the client domain in which
-# the process runs
-# - coredomain_hwservice: are considered safe because they do not pose risks
-# associated with reason #2 above.
-# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
-# designed for use by any domain.
-# - hal_graphics_allocator_hwservice: because these operations are also offered
-# by surfaceflinger Binder service, which apps are permitted to access
-# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
-# Binder service which apps were permitted to access.
neverallow all_untrusted_apps {
hwservice_manager_type
+ # Same process services are safe because they by definition run in the process
+ # of the client and thus have the same access as the client domain in which
+ # the process runs
-same_process_hwservice
- -coredomain_hwservice
- -hal_configstore_ISurfaceFlingerConfigs
+ -coredomain_hwservice # neverallows for coredomain HwBinder services are below
+ -hal_configstore_ISurfaceFlingerConfigs # Designed for use by any domain
+ # These operations are also offered by surfaceflinger Binder service which
+ # apps are permitted to access
-hal_graphics_allocator_hwservice
+ # HwBinder version of mediacodec Binder service which apps were permitted to
+ # access
-hal_omx_hwservice
- -untrusted_app_visible_hwservice
-}:hwservice_manager find;
-# Make sure that the following services are never accessible by untrusted_apps
-neverallow all_untrusted_apps {
- default_android_hwservice
- hal_audio_hwservice
- hal_bluetooth_hwservice
- hal_bootctl_hwservice
- hal_camera_hwservice
- hal_contexthub_hwservice
- hal_drm_hwservice
- hal_dumpstate_hwservice
- hal_fingerprint_hwservice
- hal_gatekeeper_hwservice
- hal_gnss_hwservice
- hal_graphics_composer_hwservice
- hal_health_hwservice
- hal_ir_hwservice
- hal_keymaster_hwservice
- hal_light_hwservice
- hal_memtrack_hwservice
- hal_nfc_hwservice
- hal_oemlock_hwservice
- hal_power_hwservice
- hal_sensors_hwservice
- hal_telephony_hwservice
- hal_thermal_hwservice
- hal_tv_cec_hwservice
- hal_tv_input_hwservice
- hal_usb_hwservice
- hal_vibrator_hwservice
- hal_vr_hwservice
- hal_weaver_hwservice
- hal_wifi_hwservice
- hal_wifi_supplicant_hwservice
- hidl_base_hwservice
+ -hal_cas_hwservice
}:hwservice_manager find;
# HwBinder services offered by core components (as opposed to vendor components)
# are considered somewhat safer due to point #2 above.
@@ -220,6 +176,7 @@
-coredomain
-hal_configstore_server
-hal_graphics_allocator_server
+ -hal_cas_server
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
}:binder { call transfer };
')
diff --git a/private/atrace.te b/private/atrace.te
index a57c6ec..fc27517 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -11,8 +11,11 @@
allow atrace boottrace_data_file:dir search;
allow atrace boottrace_data_file:file r_file_perms;
- # atrace reads the files in /sys/kernel/debug/tracing/
- allow atrace debugfs_tracing:file r_file_perms;
+ # Allow atrace to access tracefs.
+ allow atrace debugfs_tracing:dir r_dir_perms;
+ allow atrace debugfs_tracing:file rw_file_perms;
+ allow atrace debugfs_tracing_debug:file rw_file_perms;
+ allow atrace debugfs_trace_marker:file getattr;
# atrace sets debug.atrace.* properties
set_prop(atrace, debug_prop)
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
new file mode 100644
index 0000000..903dbdb
--- /dev/null
+++ b/private/compat/26.0/26.0.cil
@@ -0,0 +1,706 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_keystore)
+(typeattribute hal_wifi_keystore_client)
+(typeattribute hal_wifi_keystore_server)
+(typeattribute untrusted_app_visible_hwservice)
+
+;; types removed from current policy
+(type asan_reboot_prop)
+(type log_device)
+(type mediacasserver_service)
+(type tracing_shell_writable)
+(type tracing_shell_writable_debug)
+
+(typeattributeset accessibility_service_26_0 (accessibility_service))
+(typeattributeset account_service_26_0 (account_service))
+(typeattributeset activity_service_26_0 (activity_service))
+(typeattributeset adbd_26_0 (adbd))
+(typeattributeset adb_data_file_26_0 (adb_data_file))
+(typeattributeset adbd_socket_26_0 (adbd_socket))
+(typeattributeset adb_keys_file_26_0 (adb_keys_file))
+(typeattributeset alarm_device_26_0 (alarm_device))
+(typeattributeset alarm_service_26_0 (alarm_service))
+(typeattributeset anr_data_file_26_0 (anr_data_file))
+(typeattributeset apk_data_file_26_0 (apk_data_file))
+(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
+(typeattributeset app_data_file_26_0 (app_data_file))
+(typeattributeset app_fuse_file_26_0 (app_fuse_file))
+(typeattributeset app_fusefs_26_0 (app_fusefs))
+(typeattributeset appops_service_26_0 (appops_service))
+(typeattributeset appwidget_service_26_0 (appwidget_service))
+(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop))
+(typeattributeset asec_apk_file_26_0 (asec_apk_file))
+(typeattributeset asec_image_file_26_0 (asec_image_file))
+(typeattributeset asec_public_file_26_0 (asec_public_file))
+(typeattributeset ashmem_device_26_0 (ashmem_device))
+(typeattributeset assetatlas_service_26_0 (assetatlas_service))
+(typeattributeset audio_data_file_26_0 (audio_data_file))
+(typeattributeset audio_device_26_0 (audio_device))
+(typeattributeset audiohal_data_file_26_0 (audiohal_data_file))
+(typeattributeset audio_prop_26_0 (audio_prop))
+(typeattributeset audio_seq_device_26_0 (audio_seq_device))
+(typeattributeset audioserver_26_0 (audioserver))
+(typeattributeset audioserver_data_file_26_0 (audioserver_data_file))
+(typeattributeset audioserver_service_26_0 (audioserver_service))
+(typeattributeset audio_service_26_0 (audio_service))
+(typeattributeset audio_timer_device_26_0 (audio_timer_device))
+(typeattributeset autofill_service_26_0 (autofill_service))
+(typeattributeset backup_data_file_26_0 (backup_data_file))
+(typeattributeset backup_service_26_0 (backup_service))
+(typeattributeset batteryproperties_service_26_0 (batteryproperties_service))
+(typeattributeset battery_service_26_0 (battery_service))
+(typeattributeset batterystats_service_26_0 (batterystats_service))
+(typeattributeset binder_device_26_0 (binder_device))
+(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs))
+(typeattributeset blkid_26_0 (blkid))
+(typeattributeset blkid_untrusted_26_0 (blkid_untrusted))
+(typeattributeset block_device_26_0 (block_device))
+(typeattributeset bluetooth_26_0 (bluetooth))
+(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_26_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_26_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_26_0 (bluetooth_socket))
+(typeattributeset bootanim_26_0 (bootanim))
+(typeattributeset bootanim_exec_26_0 (bootanim_exec))
+(typeattributeset boot_block_device_26_0 (boot_block_device))
+(typeattributeset bootchart_data_file_26_0 (bootchart_data_file))
+(typeattributeset bootstat_26_0 (bootstat))
+(typeattributeset bootstat_data_file_26_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_26_0 (bootstat_exec))
+(typeattributeset boottime_prop_26_0 (boottime_prop))
+(typeattributeset boottrace_data_file_26_0 (boottrace_data_file))
+(typeattributeset bufferhubd_26_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_26_0 (cache_backup_file))
+(typeattributeset cache_block_device_26_0 (cache_block_device))
+(typeattributeset cache_file_26_0 (cache_file))
+(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_26_0 (cache_recovery_file))
+(typeattributeset camera_data_file_26_0 (camera_data_file))
+(typeattributeset camera_device_26_0 (camera_device))
+(typeattributeset cameraproxy_service_26_0 (cameraproxy_service))
+(typeattributeset cameraserver_26_0 (cameraserver))
+(typeattributeset cameraserver_exec_26_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_26_0 (cameraserver_service))
+(typeattributeset cgroup_26_0 (cgroup))
+(typeattributeset charger_26_0 (charger))
+(typeattributeset clatd_26_0 (clatd))
+(typeattributeset clatd_exec_26_0 (clatd_exec))
+(typeattributeset clipboard_service_26_0 (clipboard_service))
+(typeattributeset commontime_management_service_26_0 (commontime_management_service))
+(typeattributeset companion_device_service_26_0 (companion_device_service))
+(typeattributeset configfs_26_0 (configfs))
+(typeattributeset config_prop_26_0 (config_prop))
+(typeattributeset connectivity_service_26_0 (connectivity_service))
+(typeattributeset connmetrics_service_26_0 (connmetrics_service))
+(typeattributeset console_device_26_0 (console_device))
+(typeattributeset consumer_ir_service_26_0 (consumer_ir_service))
+(typeattributeset content_service_26_0 (content_service))
+(typeattributeset contexthub_service_26_0 (contexthub_service))
+(typeattributeset coredump_file_26_0 (coredump_file))
+(typeattributeset country_detector_service_26_0 (country_detector_service))
+(typeattributeset coverage_service_26_0 (coverage_service))
+(typeattributeset cppreopt_prop_26_0 (cppreopt_prop))
+(typeattributeset cppreopts_26_0 (cppreopts))
+(typeattributeset cppreopts_exec_26_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_26_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_26_0 (cpuinfo_service))
+(typeattributeset crash_dump_26_0 (crash_dump))
+(typeattributeset crash_dump_exec_26_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_26_0 (dalvik_prop))
+(typeattributeset dbinfo_service_26_0 (dbinfo_service))
+(typeattributeset debugfs_26_0 (debugfs))
+(typeattributeset debugfs_mmc_26_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_26_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_26_0 (debuggerd_prop))
+(typeattributeset debug_prop_26_0 (debug_prop))
+(typeattributeset default_android_hwservice_26_0 (default_android_hwservice))
+(typeattributeset default_android_service_26_0 (default_android_service))
+(typeattributeset default_android_vndservice_26_0 (default_android_vndservice))
+(typeattributeset default_prop_26_0 (default_prop))
+(typeattributeset device_26_0 (device))
+(typeattributeset device_identifiers_service_26_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_26_0 (deviceidle_service))
+(typeattributeset device_logging_prop_26_0 (device_logging_prop))
+(typeattributeset device_policy_service_26_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service))
+(typeattributeset devpts_26_0 (devpts))
+(typeattributeset dex2oat_26_0 (dex2oat))
+(typeattributeset dex2oat_exec_26_0 (dex2oat_exec))
+(typeattributeset dhcp_26_0 (dhcp))
+(typeattributeset dhcp_data_file_26_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_26_0 (dhcp_exec))
+(typeattributeset dhcp_prop_26_0 (dhcp_prop))
+(typeattributeset diskstats_service_26_0 (diskstats_service))
+(typeattributeset display_service_26_0 (display_service))
+(typeattributeset dm_device_26_0 (dm_device))
+(typeattributeset dnsmasq_26_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_26_0 (DockObserver_service))
+(typeattributeset dreams_service_26_0 (dreams_service))
+(typeattributeset drm_data_file_26_0 (drm_data_file))
+(typeattributeset drmserver_26_0 (drmserver))
+(typeattributeset drmserver_exec_26_0 (drmserver_exec))
+(typeattributeset drmserver_service_26_0 (drmserver_service))
+(typeattributeset drmserver_socket_26_0 (drmserver_socket))
+(typeattributeset dropbox_service_26_0 (dropbox_service))
+(typeattributeset dumpstate_26_0 (dumpstate))
+(typeattributeset dumpstate_exec_26_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_26_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_26_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_26_0 (dumpstate_socket))
+(typeattributeset efs_file_26_0 (efs_file))
+(typeattributeset ephemeral_app_26_0 (ephemeral_app))
+(typeattributeset ethernet_service_26_0 (ethernet_service))
+(typeattributeset ffs_prop_26_0 (ffs_prop))
+(typeattributeset file_contexts_file_26_0 (file_contexts_file))
+(typeattributeset fingerprintd_26_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_26_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_26_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_26_0 (fingerprint_service))
+(typeattributeset firstboot_prop_26_0 (firstboot_prop))
+(typeattributeset font_service_26_0 (font_service))
+(typeattributeset frp_block_device_26_0 (frp_block_device))
+(typeattributeset fsck_26_0 (fsck))
+(typeattributeset fsck_exec_26_0 (fsck_exec))
+(typeattributeset fscklogs_26_0 (fscklogs))
+(typeattributeset fsck_untrusted_26_0 (fsck_untrusted))
+(typeattributeset full_device_26_0 (full_device))
+(typeattributeset functionfs_26_0 (functionfs))
+(typeattributeset fuse_26_0 (fuse))
+(typeattributeset fuse_device_26_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_26_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_26_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_26_0 (gfxinfo_service))
+(typeattributeset gps_control_26_0 (gps_control))
+(typeattributeset gpu_device_26_0 (gpu_device))
+(typeattributeset gpu_service_26_0 (gpu_service))
+(typeattributeset graphics_device_26_0 (graphics_device))
+(typeattributeset graphicsstats_service_26_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice))
+(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice))
+(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice))
+(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_26_0 (hardware_properties_service))
+(typeattributeset hardware_service_26_0 (hardware_service))
+(typeattributeset hci_attach_dev_26_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_26_0 (hdmi_control_service))
+(typeattributeset healthd_26_0 (healthd))
+(typeattributeset healthd_exec_26_0 (healthd_exec))
+(typeattributeset heapdump_data_file_26_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_26_0 (hwbinder_device))
+(typeattributeset hw_random_device_26_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_26_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_26_0 (i2c_device))
+(typeattributeset icon_file_26_0 (icon_file))
+(typeattributeset idmap_26_0 (idmap))
+(typeattributeset idmap_exec_26_0 (idmap_exec))
+(typeattributeset iio_device_26_0 (iio_device))
+(typeattributeset imms_service_26_0 (imms_service))
+(typeattributeset incident_26_0 (incident))
+(typeattributeset incidentd_26_0 (incidentd))
+(typeattributeset incident_data_file_26_0 (incident_data_file))
+(typeattributeset incident_service_26_0 (incident_service))
+(typeattributeset init_26_0 (init))
+(typeattributeset init_exec_26_0 (init_exec))
+(typeattributeset inotify_26_0 (inotify))
+(typeattributeset input_device_26_0 (input_device))
+(typeattributeset inputflinger_26_0 (inputflinger))
+(typeattributeset inputflinger_exec_26_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_26_0 (inputflinger_service))
+(typeattributeset input_method_service_26_0 (input_method_service))
+(typeattributeset input_service_26_0 (input_service))
+(typeattributeset installd_26_0 (installd))
+(typeattributeset install_data_file_26_0 (install_data_file))
+(typeattributeset installd_exec_26_0 (installd_exec))
+(typeattributeset installd_service_26_0 (installd_service))
+(typeattributeset install_recovery_26_0 (install_recovery))
+(typeattributeset install_recovery_exec_26_0 (install_recovery_exec))
+(typeattributeset ion_device_26_0 (ion_device))
+(typeattributeset IProxyService_service_26_0 (IProxyService_service))
+(typeattributeset ipsec_service_26_0 (ipsec_service))
+(typeattributeset isolated_app_26_0 (isolated_app))
+(typeattributeset jobscheduler_service_26_0 (jobscheduler_service))
+(typeattributeset kernel_26_0 (kernel))
+(typeattributeset keychain_data_file_26_0 (keychain_data_file))
+(typeattributeset keychord_device_26_0 (keychord_device))
+(typeattributeset keystore_26_0 (keystore))
+(typeattributeset keystore_data_file_26_0 (keystore_data_file))
+(typeattributeset keystore_exec_26_0 (keystore_exec))
+(typeattributeset keystore_service_26_0 (keystore_service))
+(typeattributeset kmem_device_26_0 (kmem_device))
+(typeattributeset kmsg_device_26_0 (kmsg_device))
+(typeattributeset labeledfs_26_0 (labeledfs))
+(typeattributeset launcherapps_service_26_0 (launcherapps_service))
+(typeattributeset lmkd_26_0 (lmkd))
+(typeattributeset lmkd_exec_26_0 (lmkd_exec))
+(typeattributeset lmkd_socket_26_0 (lmkd_socket))
+(typeattributeset location_service_26_0 (location_service))
+(typeattributeset lock_settings_service_26_0 (lock_settings_service))
+(typeattributeset logcat_exec_26_0 (logcat_exec))
+(typeattributeset logd_26_0 (logd))
+(typeattributeset log_device_26_0 (log_device))
+(typeattributeset logd_exec_26_0 (logd_exec))
+(typeattributeset logd_prop_26_0 (logd_prop))
+(typeattributeset logdr_socket_26_0 (logdr_socket))
+(typeattributeset logd_socket_26_0 (logd_socket))
+(typeattributeset logdw_socket_26_0 (logdw_socket))
+(typeattributeset logpersist_26_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_26_0 (log_prop))
+(typeattributeset log_tag_prop_26_0 (log_tag_prop))
+(typeattributeset loop_control_device_26_0 (loop_control_device))
+(typeattributeset loop_device_26_0 (loop_device))
+(typeattributeset mac_perms_file_26_0 (mac_perms_file))
+(typeattributeset mdnsd_26_0 (mdnsd))
+(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
+(typeattributeset mdns_socket_26_0 (mdns_socket))
+(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset mediacodec_26_0 (mediacodec))
+(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_26_0 (mediacodec_service))
+(typeattributeset media_data_file_26_0 (media_data_file))
+(typeattributeset mediadrmserver_26_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_26_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_26_0 (mediaextractor_service))
+(typeattributeset mediametrics_26_0 (mediametrics))
+(typeattributeset mediametrics_exec_26_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_26_0 (mediametrics_service))
+(typeattributeset media_projection_service_26_0 (media_projection_service))
+(typeattributeset media_router_service_26_0 (media_router_service))
+(typeattributeset media_rw_data_file_26_0 (media_rw_data_file))
+(typeattributeset mediaserver_26_0 (mediaserver))
+(typeattributeset mediaserver_exec_26_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_26_0 (mediaserver_service))
+(typeattributeset media_session_service_26_0 (media_session_service))
+(typeattributeset meminfo_service_26_0 (meminfo_service))
+(typeattributeset metadata_block_device_26_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_26_0 (method_trace_data_file))
+(typeattributeset midi_service_26_0 (midi_service))
+(typeattributeset misc_block_device_26_0 (misc_block_device))
+(typeattributeset misc_logd_file_26_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_26_0 (misc_user_data_file))
+(typeattributeset mmc_prop_26_0 (mmc_prop))
+(typeattributeset mnt_expand_file_26_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_26_0 (mnt_user_file))
+(typeattributeset modprobe_26_0 (modprobe))
+(typeattributeset mount_service_26_0 (mount_service))
+(typeattributeset mqueue_26_0 (mqueue))
+(typeattributeset mtd_device_26_0 (mtd_device))
+(typeattributeset mtp_26_0 (mtp))
+(typeattributeset mtp_device_26_0 (mtp_device))
+(typeattributeset mtpd_socket_26_0 (mtpd_socket))
+(typeattributeset mtp_exec_26_0 (mtp_exec))
+(typeattributeset nativetest_data_file_26_0 (nativetest_data_file))
+(typeattributeset netd_26_0 (netd))
+(typeattributeset net_data_file_26_0 (net_data_file))
+(typeattributeset netd_exec_26_0 (netd_exec))
+(typeattributeset netd_listener_service_26_0 (netd_listener_service))
+(typeattributeset net_dns_prop_26_0 (net_dns_prop))
+(typeattributeset netd_service_26_0 (netd_service))
+(typeattributeset netd_socket_26_0 (netd_socket))
+(typeattributeset netif_26_0 (netif))
+(typeattributeset netpolicy_service_26_0 (netpolicy_service))
+(typeattributeset net_radio_prop_26_0 (net_radio_prop))
+(typeattributeset netstats_service_26_0 (netstats_service))
+(typeattributeset netutils_wrapper_26_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_26_0 (network_management_service))
+(typeattributeset network_score_service_26_0 (network_score_service))
+(typeattributeset network_time_update_service_26_0 (network_time_update_service))
+(typeattributeset nfc_26_0 (nfc))
+(typeattributeset nfc_data_file_26_0 (nfc_data_file))
+(typeattributeset nfc_device_26_0 (nfc_device))
+(typeattributeset nfc_prop_26_0 (nfc_prop))
+(typeattributeset nfc_service_26_0 (nfc_service))
+(typeattributeset node_26_0 (node))
+(typeattributeset notification_service_26_0 (notification_service))
+(typeattributeset null_device_26_0 (null_device))
+(typeattributeset oemfs_26_0 (oemfs))
+(typeattributeset oem_lock_service_26_0 (oem_lock_service))
+(typeattributeset ota_data_file_26_0 (ota_data_file))
+(typeattributeset otadexopt_service_26_0 (otadexopt_service))
+(typeattributeset ota_package_file_26_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_26_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_26_0 (overlay_prop))
+(typeattributeset overlay_service_26_0 (overlay_service))
+(typeattributeset owntty_device_26_0 (owntty_device))
+(typeattributeset package_service_26_0 (package_service))
+(typeattributeset pan_result_prop_26_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_26_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
+(typeattributeset performanced_26_0 (performanced))
+(typeattributeset performanced_exec_26_0 (performanced_exec))
+(typeattributeset perfprofd_26_0 (perfprofd))
+(typeattributeset perfprofd_data_file_26_0 (perfprofd_data_file))
+(typeattributeset perfprofd_exec_26_0 (perfprofd_exec))
+(typeattributeset permission_service_26_0 (permission_service))
+(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_26_0 (pinner_service))
+(typeattributeset pipefs_26_0 (pipefs))
+(typeattributeset platform_app_26_0 (platform_app))
+(typeattributeset pmsg_device_26_0 (pmsg_device))
+(typeattributeset port_26_0 (port))
+(typeattributeset port_device_26_0 (port_device))
+(typeattributeset postinstall_26_0 (postinstall))
+(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_26_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_26_0 (powerctl_prop))
+(typeattributeset power_service_26_0 (power_service))
+(typeattributeset ppp_26_0 (ppp))
+(typeattributeset ppp_device_26_0 (ppp_device))
+(typeattributeset ppp_exec_26_0 (ppp_exec))
+(typeattributeset preloads_data_file_26_0 (preloads_data_file))
+(typeattributeset preloads_media_file_26_0 (preloads_media_file))
+(typeattributeset preopt2cachename_26_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
+(typeattributeset print_service_26_0 (print_service))
+(typeattributeset priv_app_26_0 (mediaprovider priv_app))
+(typeattributeset proc_26_0 (proc proc_uid_time_in_state))
+(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
+(typeattributeset processinfo_service_26_0 (processinfo_service))
+(typeattributeset proc_interrupts_26_0 (proc_interrupts))
+(typeattributeset proc_iomem_26_0 (proc_iomem))
+(typeattributeset proc_meminfo_26_0 (proc_meminfo))
+(typeattributeset proc_misc_26_0 (proc_misc))
+(typeattributeset proc_modules_26_0 (proc_modules))
+(typeattributeset proc_net_26_0 (proc_net))
+(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_26_0 (proc_perf))
+(typeattributeset proc_security_26_0 (proc_security))
+(typeattributeset proc_stat_26_0 (proc_stat))
+(typeattributeset procstats_service_26_0 (procstats_service))
+(typeattributeset proc_sysrq_26_0 (proc_sysrq))
+(typeattributeset proc_timer_26_0 (proc_timer))
+(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set))
+(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo))
+(typeattributeset profman_26_0 (profman))
+(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file))
+(typeattributeset profman_exec_26_0 (profman_exec))
+(typeattributeset properties_device_26_0 (properties_device))
+(typeattributeset properties_serial_26_0 (properties_serial))
+(typeattributeset property_contexts_file_26_0 (property_contexts_file))
+(typeattributeset property_data_file_26_0 (property_data_file))
+(typeattributeset property_socket_26_0 (property_socket))
+(typeattributeset pstorefs_26_0 (pstorefs))
+(typeattributeset ptmx_device_26_0 (ptmx_device))
+(typeattributeset qtaguid_device_26_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_26_0 (qtaguid_proc))
+(typeattributeset racoon_26_0 (racoon))
+(typeattributeset racoon_exec_26_0 (racoon_exec))
+(typeattributeset racoon_socket_26_0 (racoon_socket))
+(typeattributeset radio_26_0 (radio))
+(typeattributeset radio_data_file_26_0 (radio_data_file))
+(typeattributeset radio_device_26_0 (radio_device))
+(typeattributeset radio_prop_26_0 (radio_prop))
+(typeattributeset radio_service_26_0 (radio_service))
+(typeattributeset ram_device_26_0 (ram_device))
+(typeattributeset random_device_26_0 (random_device))
+(typeattributeset reboot_data_file_26_0 (reboot_data_file))
+(typeattributeset recovery_26_0 (recovery))
+(typeattributeset recovery_block_device_26_0 (recovery_block_device))
+(typeattributeset recovery_data_file_26_0 (recovery_data_file))
+(typeattributeset recovery_persist_26_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_26_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_26_0 (recovery_service))
+(typeattributeset registry_service_26_0 (registry_service))
+(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_26_0 (restorecon_prop))
+(typeattributeset restrictions_service_26_0 (restrictions_service))
+(typeattributeset rild_26_0 (rild))
+(typeattributeset rild_debug_socket_26_0 (rild_debug_socket))
+(typeattributeset rild_socket_26_0 (rild_socket))
+(typeattributeset ringtone_file_26_0 (ringtone_file))
+(typeattributeset root_block_device_26_0 (root_block_device))
+(typeattributeset rootfs_26_0 (rootfs))
+(typeattributeset rpmsg_device_26_0 (rpmsg_device))
+(typeattributeset rtc_device_26_0 (rtc_device))
+(typeattributeset rttmanager_service_26_0 (rttmanager_service))
+(typeattributeset runas_26_0 (runas))
+(typeattributeset runas_exec_26_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_26_0 (safemode_prop))
+(typeattributeset same_process_hal_file_26_0 (same_process_hal_file))
+(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
+(typeattributeset sdcardd_26_0 (sdcardd))
+(typeattributeset sdcardd_exec_26_0 (sdcardd_exec))
+(typeattributeset sdcardfs_26_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file))
+(typeattributeset search_service_26_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_26_0 (selinuxfs))
+(typeattributeset sensors_device_26_0 (sensors_device))
+(typeattributeset sensorservice_service_26_0 (sensorservice_service))
+(typeattributeset sepolicy_file_26_0 (sepolicy_file))
+(typeattributeset serial_device_26_0 (serial_device))
+(typeattributeset serialno_prop_26_0 (serialno_prop))
+(typeattributeset serial_service_26_0 (serial_service))
+(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file))
+(typeattributeset servicediscovery_service_26_0 (servicediscovery_service))
+(typeattributeset servicemanager_26_0 (servicemanager))
+(typeattributeset servicemanager_exec_26_0 (servicemanager_exec))
+(typeattributeset settings_service_26_0 (settings_service))
+(typeattributeset sgdisk_26_0 (sgdisk))
+(typeattributeset sgdisk_exec_26_0 (sgdisk_exec))
+(typeattributeset shared_relro_26_0 (shared_relro))
+(typeattributeset shared_relro_file_26_0 (shared_relro_file))
+(typeattributeset shell_26_0 (shell))
+(typeattributeset shell_data_file_26_0 (shell_data_file))
+(typeattributeset shell_exec_26_0 (shell_exec))
+(typeattributeset shell_prop_26_0 (shell_prop))
+(typeattributeset shm_26_0 (shm))
+(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_26_0 (shortcut_service))
+(typeattributeset slideshow_26_0 (slideshow))
+(typeattributeset socket_device_26_0 (socket_device))
+(typeattributeset sockfs_26_0 (sockfs))
+(typeattributeset statusbar_service_26_0 (statusbar_service))
+(typeattributeset storaged_service_26_0 (storaged_service))
+(typeattributeset storage_file_26_0 (storage_file))
+(typeattributeset storagestats_service_26_0 (storagestats_service))
+(typeattributeset storage_stub_file_26_0 (storage_stub_file))
+(typeattributeset su_26_0 (su))
+(typeattributeset su_exec_26_0 (su_exec))
+(typeattributeset surfaceflinger_26_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_26_0 (swap_block_device))
+(typeattributeset sysfs_26_0 (sysfs))
+(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_26_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_26_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_26_0 (sysfs_uio))
+(typeattributeset sysfs_usb_26_0 (sysfs_usb))
+(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_26_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent))
+(typeattributeset system_app_26_0 (system_app))
+(typeattributeset system_app_data_file_26_0 (system_app_data_file))
+(typeattributeset system_app_service_26_0 (system_app_service))
+(typeattributeset system_block_device_26_0 (system_block_device))
+(typeattributeset system_data_file_26_0 (system_data_file))
+(typeattributeset system_file_26_0 (system_file))
+(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
+(typeattributeset system_prop_26_0 (system_prop))
+(typeattributeset system_radio_prop_26_0 (system_radio_prop))
+(typeattributeset system_server_26_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_26_0 (system_wpa_socket))
+(typeattributeset task_service_26_0 (task_service))
+(typeattributeset tee_26_0 (tee))
+(typeattributeset tee_data_file_26_0 (tee_data_file))
+(typeattributeset tee_device_26_0 (tee_device))
+(typeattributeset telecom_service_26_0 (telecom_service))
+(typeattributeset textclassification_service_26_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file))
+(typeattributeset textservices_service_26_0 (textservices_service))
+(typeattributeset tmpfs_26_0 (tmpfs))
+(typeattributeset tombstoned_26_0 (tombstoned))
+(typeattributeset tombstone_data_file_26_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_26_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket))
+(typeattributeset toolbox_26_0 (toolbox))
+(typeattributeset toolbox_exec_26_0 (toolbox_exec))
+(typeattributeset tracing_shell_writable_26_0 (debugfs_tracing tracing_shell_writable))
+(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug))
+(typeattributeset trust_service_26_0 (trust_service))
+(typeattributeset tty_device_26_0 (tty_device))
+(typeattributeset tun_device_26_0 (tun_device))
+(typeattributeset tv_input_service_26_0 (tv_input_service))
+(typeattributeset tzdatacheck_26_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec))
+(typeattributeset ueventd_26_0 (ueventd))
+(typeattributeset uhid_device_26_0 (uhid_device))
+(typeattributeset uimode_service_26_0 (uimode_service))
+(typeattributeset uio_device_26_0 (uio_device))
+(typeattributeset uncrypt_26_0 (uncrypt))
+(typeattributeset uncrypt_exec_26_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_26_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file))
+(typeattributeset unlabeled_26_0 (unlabeled))
+(typeattributeset untrusted_app_25_26_0 (untrusted_app_25))
+(typeattributeset untrusted_app_26_0 (untrusted_app))
+(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app))
+(typeattributeset update_engine_26_0 (update_engine))
+(typeattributeset update_engine_data_file_26_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_26_0 (update_engine_exec))
+(typeattributeset update_engine_service_26_0 (update_engine_service))
+(typeattributeset updatelock_service_26_0 (updatelock_service))
+(typeattributeset update_verifier_26_0 (update_verifier))
+(typeattributeset update_verifier_exec_26_0 (update_verifier_exec))
+(typeattributeset usagestats_service_26_0 (usagestats_service))
+(typeattributeset usbaccessory_device_26_0 (usbaccessory_device))
+(typeattributeset usb_device_26_0 (usb_device))
+(typeattributeset usbfs_26_0 (usbfs))
+(typeattributeset usb_service_26_0 (usb_service))
+(typeattributeset userdata_block_device_26_0 (userdata_block_device))
+(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper))
+(typeattributeset user_profile_data_file_26_0 (user_profile_data_file))
+(typeattributeset user_service_26_0 (user_service))
+(typeattributeset vcs_device_26_0 (vcs_device))
+(typeattributeset vdc_26_0 (vdc))
+(typeattributeset vdc_exec_26_0 (vdc_exec))
+(typeattributeset vendor_app_file_26_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_26_0 (vendor_configs_file))
+(typeattributeset vendor_file_26_0 (vendor_file))
+(typeattributeset vendor_framework_file_26_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_26_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec))
+(typeattributeset vfat_26_0 (vfat))
+(typeattributeset vibrator_service_26_0 (vibrator_service))
+(typeattributeset video_device_26_0 (video_device))
+(typeattributeset virtual_touchpad_26_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_26_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_26_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_26_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service))
+(typeattributeset vold_26_0 (vold))
+(typeattributeset vold_data_file_26_0 (vold_data_file))
+(typeattributeset vold_device_26_0 (vold_device))
+(typeattributeset vold_exec_26_0 (vold_exec))
+(typeattributeset vold_prop_26_0 (vold_prop))
+(typeattributeset vold_socket_26_0 (vold_socket))
+(typeattributeset vpn_data_file_26_0 (vpn_data_file))
+(typeattributeset vr_hwc_26_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_26_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_26_0 (vr_manager_service))
+(typeattributeset wallpaper_file_26_0 (wallpaper_file))
+(typeattributeset wallpaper_service_26_0 (wallpaper_service))
+(typeattributeset watchdogd_26_0 (watchdogd))
+(typeattributeset watchdog_device_26_0 (watchdog_device))
+(typeattributeset webviewupdate_service_26_0 (webviewupdate_service))
+(typeattributeset webview_zygote_26_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_26_0 (wifiaware_service))
+(typeattributeset wificond_26_0 (wificond))
+(typeattributeset wificond_exec_26_0 (wificond_exec))
+(typeattributeset wificond_service_26_0 (wificond_service))
+(typeattributeset wifi_data_file_26_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_26_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_26_0 (wifip2p_service))
+(typeattributeset wifi_prop_26_0 (wifi_prop))
+(typeattributeset wifiscanner_service_26_0 (wifiscanner_service))
+(typeattributeset wifi_service_26_0 (wifi_service))
+(typeattributeset window_service_26_0 (window_service))
+(typeattributeset wpa_socket_26_0 (wpa_socket))
+(typeattributeset zero_device_26_0 (zero_device))
+(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file))
+(typeattributeset zygote_26_0 (zygote))
+(typeattributeset zygote_exec_26_0 (zygote_exec))
+(typeattributeset zygote_socket_26_0 (zygote_socket))
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
new file mode 100644
index 0000000..6b37df7
--- /dev/null
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -0,0 +1,33 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( broadcastradio_service
+ e2fs
+ e2fs_exec
+ hal_cas_hwservice
+ hal_neuralnetworks_hwservice
+ hal_tetheroffload_hwservice
+ hal_wifi_offload_hwservice
+ kmsg_debug_device
+ mediaprovider_tmpfs
+ netd_stable_secret_prop
+ package_native_service
+ sysfs_fs_ext4_features
+ system_net_netd_hwservice
+ thermal_service
+ thermalcallback_hwservice
+ thermalserviced
+ thermalserviced_exec
+ thermalserviced_tmpfs
+ timezone_service
+ tombstoned_java_trace_socket))
+
+;; private_objects - a collection of types that were labeled differently in
+;; older policy, but that should not remain accessible to vendor policy.
+;; Thus, these types are also not mapped, but recorded for checkapi tests
+(typeattribute priv_objects)
+(typeattributeset priv_objects
+ ( screencap
+ screencap_exec ))
diff --git a/private/dumpstate.te b/private/dumpstate.te
index b8f8152..8f003aa 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -23,3 +23,7 @@
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
+
+# Use screencap
+domain_auto_trans(dumpstate, screencap_exec, screencap)
+allow dumpstate screencap:process signal;
diff --git a/private/e2fs.te b/private/e2fs.te
deleted file mode 100644
index add1cc2..0000000
--- a/private/e2fs.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type e2fs, domain, coredomain;
-
-allow e2fs block_device:blk_file getattr;
-allow e2fs block_device:dir search;
-allow e2fs userdata_block_device:blk_file rw_file_perms;
-
-# access /proc/filesystems
-allow e2fs proc:file r_file_perms;
-
-# access /sys/fs/ext4/features
-allow e2fs sysfs_fs_ext4_features:file r_file_perms;
-
-# access sselinux context files
-allow e2fs file_contexts_file:file { getattr open read };
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index d664a50..de5c53c 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -27,7 +27,6 @@
allow ephemeral_app mediacodec_service:service_manager find;
allow ephemeral_app mediametrics_service:service_manager find;
allow ephemeral_app mediadrmserver_service:service_manager find;
-allow ephemeral_app mediacasserver_service:service_manager find;
allow ephemeral_app surfaceflinger_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;
diff --git a/private/file_contexts b/private/file_contexts
index ddf267b..17378ee 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -51,7 +51,7 @@
/sepolicy u:object_r:sepolicy_file:s0
/plat_service_contexts u:object_r:service_contexts_file:s0
/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
-/nonplat_service_contexts u:object_r:service_contexts_file:s0
+/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/vndservice_contexts u:object_r:vndservice_contexts_file:s0
@@ -94,7 +94,6 @@
/dev/ion u:object_r:ion_device:s0
/dev/keychord u:object_r:keychord_device:s0
/dev/kmem u:object_r:kmem_device:s0
-/dev/log(/.*)? u:object_r:log_device:s0
/dev/loop-control u:object_r:loop_control_device:s0
/dev/mem u:object_r:kmem_device:s0
/dev/modem.* u:object_r:radio_device:s0
@@ -181,6 +180,7 @@
/system/bin/mke2fs u:object_r:e2fs_exec:s0
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
+/system/bin/make_f2fs -- u:object_r:fsck_exec:s0
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
/system/bin/tune2fs -- u:object_r:fsck_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
@@ -212,6 +212,7 @@
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
+/system/bin/screencap u:object_r:screencap_exec:s0
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
@@ -257,6 +258,7 @@
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
+/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
@@ -296,7 +298,7 @@
/vendor/etc/selinux/nonplat_mac_permissions.xml u:object_r:mac_perms_file:s0
/vendor/etc/selinux/nonplat_property_contexts u:object_r:property_contexts_file:s0
-/vendor/etc/selinux/nonplat_service_contexts u:object_r:service_contexts_file:s0
+/vendor/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
/vendor/etc/selinux/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/vendor/etc/selinux/nonplat_file_contexts u:object_r:file_contexts_file:s0
/vendor/etc/selinux/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3914cec..e77a39b 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -59,7 +59,7 @@
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
-genfscon sysfs /kernel/uevent_helper u:object_r:usermodehelper:s0
+genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 3cc6b1f..107e483 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -10,6 +10,7 @@
android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0
android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
+android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
@@ -25,6 +26,7 @@
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
+android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0
android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0
android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0
android.hardware.power::IPower u:object_r:hal_power_hwservice:s0
@@ -35,6 +37,7 @@
android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
+android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
new file mode 100644
index 0000000..63f56c8
--- /dev/null
+++ b/private/mediaprovider.te
@@ -0,0 +1,35 @@
+###
+### A domain for android.process.media, which contains both
+### MediaProvider and DownloadProvider and associated services.
+###
+
+typeattribute mediaprovider coredomain;
+app_domain(mediaprovider)
+
+# DownloadProvider accesses the network.
+net_domain(mediaprovider)
+
+# DownloadProvider uses /cache.
+allow mediaprovider cache_file:dir create_dir_perms;
+allow mediaprovider cache_file:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow mediaprovider cache_file:lnk_file r_file_perms;
+
+allow mediaprovider app_api_service:service_manager find;
+allow mediaprovider audioserver_service:service_manager find;
+allow mediaprovider drmserver_service:service_manager find;
+allow mediaprovider mediaserver_service:service_manager find;
+allow mediaprovider surfaceflinger_service:service_manager find;
+
+# Allow MediaProvider to read/write cached ringtones (opened by system).
+allow mediaprovider ringtone_file:file { getattr read write };
+
+# MtpServer uses /dev/mtp_usb
+allow mediaprovider mtp_device:chr_file rw_file_perms;
+
+# MtpServer uses /dev/usb-ffs/mtp
+allow mediaprovider functionfs:dir search;
+allow mediaprovider functionfs:file rw_file_perms;
+
+# MtpServer sets sys.usb.ffs.mtp.ready
+set_prop(mediaprovider, ffs_prop)
diff --git a/private/platform_app.te b/private/platform_app.te
index be707e3..4d937be 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -51,10 +51,10 @@
allow platform_app mediaextractor_service:service_manager find;
allow platform_app mediacodec_service:service_manager find;
allow platform_app mediadrmserver_service:service_manager find;
-allow platform_app mediacasserver_service:service_manager find;
allow platform_app persistent_data_block_service:service_manager find;
allow platform_app radio_service:service_manager find;
allow platform_app surfaceflinger_service:service_manager find;
+allow platform_app timezone_service:service_manager find;
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
diff --git a/private/priv_app.te b/private/priv_app.te
index 585f466..60fb411 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -27,7 +27,6 @@
allow priv_app mediacodec_service:service_manager find;
allow priv_app mediametrics_service:service_manager find;
allow priv_app mediadrmserver_service:service_manager find;
-allow priv_app mediacasserver_service:service_manager find;
allow priv_app mediaextractor_service:service_manager find;
allow priv_app mediaserver_service:service_manager find;
allow priv_app nfc_service:service_manager find;
@@ -105,20 +104,6 @@
allow priv_app preloads_media_file:file r_file_perms;
allow priv_app preloads_media_file:dir r_dir_perms;
-# TODO: revert this as part of fixing 33574909
-# android.process.media uses /dev/mtp_usb
-allow priv_app mtp_device:chr_file rw_file_perms;
-
-# TODO: revert this as part of fixing 33574909
-# MtpServer uses /dev/usb-ffs/mtp
-allow priv_app functionfs:dir search;
-allow priv_app functionfs:file rw_file_perms;
-
-# TODO: revert this as part of fixing 33574909
-# Traverse into /mnt/media_rw for bypassing FUSE daemon
-# TODO: narrow this to just MediaProvider
-allow priv_app mnt_media_rw_file:dir search;
-
# Allow privileged apps (e.g. GMS core) to generate unique hardware IDs
allow priv_app keystore:keystore_key gen_unique_id;
diff --git a/private/property_contexts b/private/property_contexts
index 3ca1d70..8eb2f28 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -112,6 +112,3 @@
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
-
-# ASAN install trigger
-asan.restore_reboot u:object_r:asan_reboot_prop:s0
diff --git a/private/screencap.te b/private/screencap.te
new file mode 100644
index 0000000..579373a
--- /dev/null
+++ b/private/screencap.te
@@ -0,0 +1,26 @@
+type screencap, domain;
+type screencap_exec, exec_type, file_type;
+
+typeattribute screencap coredomain;
+
+allow screencap gpu_device:chr_file rw_file_perms;
+allow screencap ion_device:chr_file rw_file_perms;
+
+allow screencap adbd:fifo_file write;
+allow screencap adbd:fd use;
+allow screencap adbd:unix_stream_socket { read write };
+
+allow screencap shell_data_file:file write;
+allow screencap shell:fd use;
+allow screencap shell:unix_stream_socket { read write };
+
+allow screencap dumpstate:fd use;
+allow screencap dumpstate:unix_stream_socket { read write };
+
+binder_use(screencap)
+binder_call(screencap, surfaceflinger)
+allow screencap surfaceflinger_service:service_manager find;
+allow screencap surfaceflinger:fd use;
+
+hwbinder_use(screencap)
+hal_client_domain(screencap, hal_graphics_allocator)
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 4356889..dc7e389 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -102,6 +102,7 @@
user=shared_relro domain=shared_relro
user=shell seinfo=platform domain=shell type=shell_data_file
user=_isolated domain=isolated_app levelFrom=user
+user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=user
user=_app isV2App=true domain=untrusted_v2_app type=app_data_file levelFrom=user
diff --git a/private/service_contexts b/private/service_contexts
index c08f632..a82243f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -87,10 +87,8 @@
media.extractor u:object_r:mediaextractor_service:s0
media.codec u:object_r:mediacodec_service:s0
media.resource_manager u:object_r:mediaserver_service:s0
-media.radio u:object_r:audioserver_service:s0
media.sound_trigger_hw u:object_r:audioserver_service:s0
media.drm u:object_r:mediadrmserver_service:s0
-media.cas u:object_r:mediacasserver_service:s0
media_projection u:object_r:media_projection_service:s0
media_resource_monitor u:object_r:media_session_service:s0
media_router u:object_r:media_router_service:s0
@@ -110,6 +108,7 @@
otadexopt u:object_r:otadexopt_service:s0
overlay u:object_r:overlay_service:s0
package u:object_r:package_service:s0
+package_native u:object_r:package_native_service:s0
permission u:object_r:permission_service:s0
persistent_data_block u:object_r:persistent_data_block_service:s0
phone_msim u:object_r:radio_service:s0
@@ -150,6 +149,8 @@
telephony.registry u:object_r:registry_service:s0
textclassification u:object_r:textclassification_service:s0
textservices u:object_r:textservices_service:s0
+timezone u:object_r:timezone_service:s0
+thermalservice u:object_r:thermal_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
uimode u:object_r:uimode_service:s0
diff --git a/private/shell.te b/private/shell.te
index 0886820..095dc43 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -6,7 +6,6 @@
# systrace support - allow atrace to run
allow shell debugfs_tracing:dir r_dir_perms;
allow shell debugfs_tracing:file rw_file_perms;
-
allow shell debugfs_trace_marker:file getattr;
allow shell atrace_exec:file rx_file_perms;
@@ -27,3 +26,7 @@
# Perform SELinux access checks, needed for CTS
selinux_check_access(shell)
selinux_check_context(shell)
+
+# Use screencap
+domain_auto_trans(shell, screencap_exec, screencap)
+allow shell screencap:process signal;
diff --git a/private/storaged.te b/private/storaged.te
index d5abd73..20377e0 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -43,6 +43,9 @@
# Implements a dumpsys interface.
allow storaged dumpstate:fd use;
+# use a subset of the package manager service
+allow storaged package_native_service:service_manager find;
+
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
# running as root. See b/35323867 #3.
dontaudit storaged self:capability dac_override;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index b33035e..7184fbc 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -21,6 +21,7 @@
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, bootanim)
+binder_call(surfaceflinger, screencap)
binder_service(surfaceflinger)
# Binder IPC to bu, presently runs in adbd domain.
diff --git a/private/system_server.te b/private/system_server.te
index a8d57d7..b493b6e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -195,6 +195,7 @@
hal_client_domain(system_server, hal_ir)
hal_client_domain(system_server, hal_light)
hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_neuralnetworks)
hal_client_domain(system_server, hal_oemlock)
allow system_server hal_omx_hwservice:hwservice_manager find;
allow system_server hidl_token_hwservice:hwservice_manager find;
@@ -567,7 +568,6 @@
allow system_server mediaextractor_service:service_manager find;
allow system_server mediacodec_service:service_manager find;
allow system_server mediadrmserver_service:service_manager find;
-allow system_server mediacasserver_service:service_manager find;
allow system_server netd_service:service_manager find;
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index ccbae10..974f328 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -22,6 +22,11 @@
; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
+; Apps, except isolated apps, are clients of Cas HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_cas_client;
+(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
+
; Domains hosting Camera HAL implementations are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute hal_camera hal_allocator_client;
diff --git a/private/thermalserviced.te b/private/thermalserviced.te
new file mode 100644
index 0000000..1a09e20
--- /dev/null
+++ b/private/thermalserviced.te
@@ -0,0 +1,4 @@
+typeattribute thermalserviced coredomain;
+
+init_daemon_domain(thermalserviced)
+
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index fc80129..cce589e 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -41,6 +41,9 @@
allow untrusted_app_all shell_data_file:file r_file_perms;
allow untrusted_app_all shell_data_file:dir r_dir_perms;
+# Allow to read staged apks.
+allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr};
+
# Read and write system app data files passed over Binder.
# Motivating case was /data/data/com.android.settings/cache/*.jpg for
# cropping or taking user photos.
@@ -70,7 +73,6 @@
allow untrusted_app_all mediacodec_service:service_manager find;
allow untrusted_app_all mediametrics_service:service_manager find;
allow untrusted_app_all mediadrmserver_service:service_manager find;
-allow untrusted_app_all mediacasserver_service:service_manager find;
allow untrusted_app_all nfc_service:service_manager find;
allow untrusted_app_all radio_service:service_manager find;
allow untrusted_app_all surfaceflinger_service:service_manager find;
diff --git a/private/untrusted_v2_app.te b/private/untrusted_v2_app.te
index ef62841..7ed3881 100644
--- a/private/untrusted_v2_app.te
+++ b/private/untrusted_v2_app.te
@@ -32,7 +32,6 @@
allow untrusted_v2_app mediacodec_service:service_manager find;
allow untrusted_v2_app mediametrics_service:service_manager find;
allow untrusted_v2_app mediadrmserver_service:service_manager find;
-allow untrusted_v2_app mediacasserver_service:service_manager find;
allow untrusted_v2_app nfc_service:service_manager find;
allow untrusted_v2_app radio_service:service_manager find;
allow untrusted_v2_app surfaceflinger_service:service_manager find;
diff --git a/public/asan_extract.te b/public/asan_extract.te
index 46b7557..15c5a09 100644
--- a/public/asan_extract.te
+++ b/public/asan_extract.te
@@ -31,10 +31,6 @@
# Restorecon will actually already try to run with sanitized libraries (libpackagelistparser).
allow asan_extract system_data_file:file execute;
- # TODO - remove (b/38241921):
- # We use asan.restore_reboot to signal a reboot is required.
- set_prop(asan_extract, asan_reboot_prop)
-
- # We need to signal a reboot when done
+ # We need to signal a reboot when done.
set_prop(asan_extract, powerctl_prop)
')
diff --git a/public/attributes b/public/attributes
index 45ea133..7ee7daf 100644
--- a/public/attributes
+++ b/public/attributes
@@ -29,6 +29,7 @@
# All types used for /data files.
attribute data_file_type;
+expandattribute data_file_type false;
# All types in /data, not in /data/vendor
attribute core_data_file_type;
# All types in /vendor
@@ -147,16 +148,6 @@
attribute vendor_executes_system_violators;
expandattribute vendor_executes_system_violators false;
-# hwservices that are accessible from untrusted applications
-# WARNING: Use of this attribute should be avoided unless
-# absolutely necessary. It is a temporary allowance to aid the
-# transition to treble and will be removed in a future platform
-# version, requiring all hwservices that are labeled with this
-# attribute to be submitted to AOSP in order to maintain their
-# app-visibility.
-attribute untrusted_app_visible_hwservice;
-expandattribute untrusted_app_visible_hwservice false;
-
# PDX services
attribute pdx_endpoint_dir_type;
attribute pdx_endpoint_socket_type;
@@ -225,7 +216,13 @@
attribute hal_drm_client;
expandattribute hal_drm_client true;
attribute hal_drm_server;
-expandattribute hal_drm_server false;
+expandattribute hal_drm_server true;
+attribute hal_cas;
+expandattribute hal_cas true;
+attribute hal_cas_client;
+expandattribute hal_cas_client true;
+attribute hal_cas_server;
+expandattribute hal_cas_server true;
attribute hal_dumpstate;
expandattribute hal_dumpstate true;
attribute hal_dumpstate_client;
@@ -292,6 +289,12 @@
expandattribute hal_memtrack_client true;
attribute hal_memtrack_server;
expandattribute hal_memtrack_server false;
+attribute hal_neuralnetworks;
+expandattribute hal_neuralnetworks true;
+attribute hal_neuralnetworks_client;
+expandattribute hal_neuralnetworks_client true;
+attribute hal_neuralnetworks_server;
+expandattribute hal_neuralnetworks_server false;
attribute hal_nfc;
expandattribute hal_nfc true;
attribute hal_nfc_client;
@@ -376,12 +379,6 @@
expandattribute hal_wifi_client true;
attribute hal_wifi_server;
expandattribute hal_wifi_server false;
-attribute hal_wifi_keystore;
-expandattribute hal_wifi_keystore true;
-attribute hal_wifi_keystore_client;
-expandattribute hal_wifi_keystore_client true;
-attribute hal_wifi_keystore_server;
-expandattribute hal_wifi_keystore_server true;
attribute hal_wifi_offload;
expandattribute hal_wifi_offload true;
attribute hal_wifi_offload_client;
diff --git a/public/bootanim.te b/public/bootanim.te
index e2584c3..1a265f9 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -2,6 +2,7 @@
type bootanim, domain;
type bootanim_exec, exec_type, file_type;
+hal_client_domain(bootanim, hal_configstore)
hal_client_domain(bootanim, hal_graphics_allocator)
hal_client_domain(bootanim, hal_graphics_composer)
diff --git a/public/device.te b/public/device.te
index 0f64bfa..475948d 100644
--- a/public/device.te
+++ b/public/device.te
@@ -30,7 +30,6 @@
type input_device, dev_type;
type kmem_device, dev_type;
type port_device, dev_type;
-type log_device, dev_type, mlstrustedobject;
type mtd_device, dev_type;
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
diff --git a/public/domain.te b/public/domain.te
index 2e46a45..e550485 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -317,6 +317,7 @@
# Only init should be able to configure kernel usermodehelpers or
# security-sensitive proc settings.
neverallow { domain -init } usermodehelper:file { append write };
+neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write };
neverallow { domain -init } proc_security:file { append open read write };
# No domain should be allowed to ptrace init.
@@ -453,6 +454,7 @@
-adbd
-dumpstate
-hal_drm
+ -hal_cas
-init
-mediadrmserver
-recovery
@@ -539,7 +541,6 @@
-cameraserver_service
-drmserver_service
-keystore_service
- -mediacasserver_service
-mediadrmserver_service
-mediaextractor_service
-mediametrics_service
diff --git a/public/dumpstate.te b/public/dumpstate.te
index f6d6a0a..3e97731 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -142,9 +142,6 @@
allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
allow dumpstate bluetooth_logs_data_file:file r_file_perms;
-# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
-allow dumpstate gpu_device:chr_file rw_file_perms;
-
# logd access
read_logd(dumpstate)
control_logd(dumpstate)
diff --git a/public/e2fs.te b/public/e2fs.te
index ecb25a2..30a815a 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -1 +1,15 @@
+type e2fs, domain, coredomain;
type e2fs_exec, exec_type, file_type;
+
+allow e2fs block_device:blk_file getattr;
+allow e2fs block_device:dir search;
+allow e2fs userdata_block_device:blk_file rw_file_perms;
+
+# access /proc/filesystems
+allow e2fs proc:file r_file_perms;
+
+# access /sys/fs/ext4/features
+allow e2fs sysfs_fs_ext4_features:file r_file_perms;
+
+# access sselinux context files
+allow e2fs file_contexts_file:file { getattr open read };
diff --git a/public/file.te b/public/file.te
index 8388c3b..bcdc461 100644
--- a/public/file.te
+++ b/public/file.te
@@ -9,7 +9,8 @@
type proc_drop_caches, fs_type;
type proc_overcommit_memory, fs_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
-type usermodehelper, fs_type, sysfs_type;
+type usermodehelper, fs_type;
+type sysfs_usermodehelper, fs_type, sysfs_type;
type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type;
type proc_cpuinfo, fs_type;
@@ -64,13 +65,14 @@
type fuse, sdcard_type, fs_type, mlstrustedobject;
type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
type vfat, sdcard_type, fs_type, mlstrustedobject;
-type debugfs, fs_type;
+type debugfs, fs_type, debugfs_type;
type debugfs_mmc, fs_type, debugfs_type;
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing, fs_type, debugfs_type;
type debugfs_tracing_debug, fs_type, debugfs_type;
type debugfs_tracing_instances, fs_type, debugfs_type;
type debugfs_wifi_tracing, fs_type, debugfs_type;
+
type pstorefs, fs_type;
type functionfs, fs_type, mlstrustedobject;
type oemfs, fs_type, contextmount_type;
@@ -217,13 +219,13 @@
type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# Compatibility with type name used in Android 4.3 and 4.4.
# Default type for anything under /cache
-type cache_file, file_type, mlstrustedobject;
+type cache_file, file_type, data_file_type, mlstrustedobject;
# Type for /cache/backup_stage/* (fd interchange with apps)
-type cache_backup_file, file_type, mlstrustedobject;
+type cache_backup_file, file_type, data_file_type, mlstrustedobject;
# type for anything under /cache/backup (local transport storage)
-type cache_private_backup_file, file_type;
+type cache_private_backup_file, file_type, data_file_type;
# Type for anything under /cache/recovery
-type cache_recovery_file, file_type, mlstrustedobject;
+type cache_recovery_file, file_type, data_file_type, mlstrustedobject;
# Default type for anything under /efs
type efs_file, file_type;
# Type for wallpaper file.
@@ -251,7 +253,7 @@
# Socket types
type adbd_socket, file_type, coredomain_socket;
-type bluetooth_socket, file_type, coredomain_socket;
+type bluetooth_socket, file_type, data_file_type, coredomain_socket;
type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject;
type dumpstate_socket, file_type, coredomain_socket;
type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject;
@@ -261,22 +263,22 @@
type logdw_socket, file_type, coredomain_socket, mlstrustedobject;
type mdns_socket, file_type, coredomain_socket;
type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject;
-type misc_logd_file, coredomain_socket, file_type;
+type misc_logd_file, coredomain_socket, file_type, data_file_type;
type mtpd_socket, file_type, coredomain_socket;
type netd_socket, file_type, coredomain_socket;
type property_socket, file_type, coredomain_socket, mlstrustedobject;
type racoon_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
-type system_wpa_socket, file_type, coredomain_socket;
-type system_ndebug_socket, file_type, coredomain_socket, mlstrustedobject;
+type system_wpa_socket, file_type, data_file_type, coredomain_socket;
+type system_ndebug_socket, file_type, data_file_type, coredomain_socket, mlstrustedobject;
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
type tombstoned_intercept_socket, file_type, coredomain_socket;
type uncrypt_socket, file_type, coredomain_socket;
type vold_socket, file_type, coredomain_socket;
type webview_zygote_socket, file_type, coredomain_socket;
-type wpa_socket, file_type;
+type wpa_socket, file_type, data_file_type;
type zygote_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file
type gps_control, file_type;
@@ -311,6 +313,9 @@
# service_contexts file
type service_contexts_file, file_type;
+# nonplat service_contexts file (only accessible on non full-treble devices)
+type nonplat_service_contexts_file, file_type;
+
# hwservice_contexts file
type hwservice_contexts_file, file_type;
diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index ff36956..2fc3627 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -29,9 +29,6 @@
allow gatekeeperd system_server:binder call;
allow gatekeeperd permission_service:service_manager find;
-# For parent user ID lookup
-allow gatekeeperd user_service:service_manager find;
-
# for SID file access
allow gatekeeperd gatekeeper_data_file:dir rw_dir_perms;
allow gatekeeperd gatekeeper_data_file:file create_file_perms;
diff --git a/public/hal_cas.te b/public/hal_cas.te
new file mode 100644
index 0000000..fd5d63b
--- /dev/null
+++ b/public/hal_cas.te
@@ -0,0 +1,37 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_cas_client, hal_cas_server)
+binder_call(hal_cas_server, hal_cas_client)
+
+add_hwservice(hal_cas_server, hal_cas_hwservice)
+allow hal_cas_client hal_cas_hwservice:hwservice_manager find;
+allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
+
+# Permit reading device's serial number from system properties
+get_prop(hal_cas, serialno_prop)
+
+# Read files already opened under /data
+allow hal_cas system_data_file:dir { search getattr };
+allow hal_cas system_data_file:file { getattr read };
+allow hal_cas system_data_file:lnk_file r_file_perms;
+
+# Read access to pseudo filesystems
+r_dir_file(hal_cas, cgroup)
+allow hal_cas cgroup:dir { search write };
+allow hal_cas cgroup:file w_file_perms;
+
+# Allow access to ion memory allocation device
+allow hal_cas ion_device:chr_file rw_file_perms;
+allow hal_cas hal_graphics_allocator:fd use;
+
+allow hal_cas tee_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# hal_cas should never execute any executable without a
+# domain transition
+neverallow hal_cas { file_type fs_type }:file execute_no_trans;
+
+# do not allow privileged socket ioctl commands
+neverallowxperm hal_cas domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index 66a168e..795592f 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -7,3 +7,51 @@
# As opposed to the rules of most other HALs, the different services exposed by
# this HAL should be restricted to different clients. Thus, the allow rules for
# clients are defined in the .te files of the clients.
+
+###
+### neverallow rules
+###
+
+# Should never execute an executable without a domain transition
+neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans;
+
+# Should never need network access. Disallow sockets except for
+# for unix stream/dgram sockets used for logging/debugging.
+neverallow hal_configstore_server domain:{
+ rawip_socket tcp_socket udp_socket
+ netlink_route_socket netlink_selinux_socket
+ socket netlink_socket packet_socket key_socket appletalk_socket
+ netlink_tcpdiag_socket netlink_nflog_socket
+ netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
+ netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
+ netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
+ netlink_rdma_socket netlink_crypto_socket
+} *;
+neverallow hal_configstore_server {
+ domain
+ -hal_configstore_server
+ -logd
+ userdebug_or_eng(`-su')
+}:{ unix_dgram_socket unix_stream_socket } *;
+
+# Should never need access to anything on /data
+neverallow hal_configstore_server {
+ data_file_type
+ -zoneinfo_data_file # granted to domain
+}:{ file fifo_file sock_file } *;
+
+# Should never need sdcard access
+neverallow hal_configstore_server { fuse sdcardfs vfat }:file *;
+
+# Do not permit access to service_manager and vndservice_manager
+neverallow hal_configstore_server *:service_manager *;
+
+# No privileged capabilities
+neverallow hal_configstore_server self:capability_class_set *;
+
+# No ptracing other processes
+neverallow hal_configstore_server *:process ptrace;
+
+# no relabeling
+neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto };
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
new file mode 100644
index 0000000..c697ac2
--- /dev/null
+++ b/public/hal_neuralnetworks.te
@@ -0,0 +1,8 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server)
+binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
+
+add_hwservice(hal_neuralnetworks_server, hal_neuralnetworks_hwservice)
+allow hal_neuralnetworks_client hal_neuralnetworks_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_allocator:fd use;
diff --git a/public/hwservice.te b/public/hwservice.te
index 3d9f095..1b11678 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -9,6 +9,7 @@
type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type;
type hal_contexthub_hwservice, hwservice_manager_type;
type hal_drm_hwservice, hwservice_manager_type;
+type hal_cas_hwservice, hwservice_manager_type;
type hal_dumpstate_hwservice, hwservice_manager_type;
type hal_fingerprint_hwservice, hwservice_manager_type;
type hal_gatekeeper_hwservice, hwservice_manager_type;
@@ -21,6 +22,7 @@
type hal_keymaster_hwservice, hwservice_manager_type;
type hal_light_hwservice, hwservice_manager_type;
type hal_memtrack_hwservice, hwservice_manager_type;
+type hal_neuralnetworks_hwservice, hwservice_manager_type;
type hal_nfc_hwservice, hwservice_manager_type;
type hal_oemlock_hwservice, hwservice_manager_type;
type hal_omx_hwservice, hwservice_manager_type;
@@ -46,3 +48,4 @@
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
+type thermalcallback_hwservice, hwservice_manager_type;
diff --git a/public/init.te b/public/init.te
index 1903cfd..e6162a9 100644
--- a/public/init.te
+++ b/public/init.te
@@ -252,7 +252,7 @@
allow init self:capability2 syslog;
# Set usermodehelpers and /proc security settings.
-allow init usermodehelper:file rw_file_perms;
+allow init { usermodehelper sysfs_usermodehelper }:file rw_file_perms;
allow init proc_security:file rw_file_perms;
# Write to /proc/sys/kernel/panic_on_oops.
diff --git a/public/kernel.te b/public/kernel.te
index 9537c0d..7f5d224 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -50,11 +50,12 @@
allow kernel selinuxfs:file write;
allow kernel self:security setcheckreqprot;
-# MTP sync (b/15835289)
# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
-allow kernel priv_app:fd use;
allow kernel sdcard_type:file { read write };
+# f_mtp driver accesses files from kernel context.
+allow kernel mediaprovider:fd use;
+
# Allow the kernel to read OBB files from app directories. (b/17428116)
# Kernel thread "loop0" reads a vold supplied file descriptor.
# Fixes CTS tests:
diff --git a/public/mediacodec.te b/public/mediacodec.te
index 5ca41fc..bcccbb8 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -37,6 +37,8 @@
hal_client_domain(mediacodec, hal_allocator)
+hal_client_domain(mediacodec, hal_cas)
+
# allocate and use graphic buffers
hal_client_domain(mediacodec, hal_graphics_allocator)
diff --git a/public/mediadrmserver.te b/public/mediadrmserver.te
index cef8121..123cb29 100644
--- a/public/mediadrmserver.te
+++ b/public/mediadrmserver.te
@@ -18,8 +18,6 @@
allow mediadrmserver surfaceflinger_service:service_manager find;
allow mediadrmserver system_file:dir r_dir_perms;
-add_service(mediadrmserver, mediacasserver_service)
-
binder_call(mediadrmserver, mediacodec)
###
### neverallow rules
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 94824b7..05e65bf 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -11,10 +11,12 @@
add_service(mediaextractor, mediaextractor_service)
allow mediaextractor mediametrics_service:service_manager find;
-allow mediaextractor mediacasserver_service:service_manager find;
+allow mediaextractor hidl_token_hwservice:hwservice_manager find;
allow mediaextractor system_server:fd use;
+hal_client_domain(mediaextractor, hal_cas)
+
r_dir_file(mediaextractor, cgroup)
allow mediaextractor proc_meminfo:file r_file_perms;
diff --git a/public/mediaprovider.te b/public/mediaprovider.te
new file mode 100644
index 0000000..24170a5
--- /dev/null
+++ b/public/mediaprovider.te
@@ -0,0 +1,6 @@
+###
+### A domain for android.process.media, which contains both
+### MediaProvider and DownloadProvider and associated services.
+###
+
+type mediaprovider, domain;
diff --git a/public/property.te b/public/property.te
index 4cc2701..95efcaa 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,4 +1,3 @@
-type asan_reboot_prop, property_type; # TODO - remove (b/38241921)
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
type bluetooth_prop, property_type;
diff --git a/public/recovery.te b/public/recovery.te
index 3be1f46..fe0b20e 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -147,5 +147,13 @@
# domains, including recovery.
#
# TODO: tighten this up further.
-neverallow recovery data_file_type:file { no_w_file_perms no_x_file_perms };
-neverallow recovery data_file_type:dir no_w_dir_perms;
+neverallow recovery {
+ data_file_type
+ -cache_file
+ -cache_recovery_file
+}:file { no_w_file_perms no_x_file_perms };
+neverallow recovery {
+ data_file_type
+ -cache_file
+ -cache_recovery_file
+}:dir no_w_dir_perms;
diff --git a/public/service.te b/public/service.te
index 28222a5..e97b864 100644
--- a/public/service.te
+++ b/public/service.te
@@ -18,13 +18,13 @@
type mediaextractor_service, service_manager_type;
type mediacodec_service, service_manager_type;
type mediadrmserver_service, service_manager_type;
-type mediacasserver_service, service_manager_type;
type netd_service, service_manager_type;
type nfc_service, service_manager_type;
type radio_service, service_manager_type;
type storaged_service, service_manager_type;
type surfaceflinger_service, service_manager_type;
type system_app_service, service_manager_type;
+type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vr_hwc_service, service_manager_type;
@@ -102,6 +102,7 @@
type otadexopt_service, system_server_service, service_manager_type;
type overlay_service, system_api_service, system_server_service, service_manager_type;
type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type package_native_service, system_server_service, service_manager_type;
type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
type pinner_service, system_server_service, service_manager_type;
@@ -128,6 +129,7 @@
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type timezone_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/servicemanager.te b/public/servicemanager.te
index 3cf5a46..7fa56f8 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -16,10 +16,9 @@
-vndservicemanager
}:binder transfer;
-# Access to all (system and vendor) service_contexts
-# TODO(b/36866029) access to nonplat_service_contexts
-# should not be allowed on full treble devices
allow servicemanager service_contexts_file:file r_file_perms;
+# nonplat_service_contexts only accessible on non full-treble devices
+not_full_treble('allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
# Check SELinux permissions.
selinux_check_access(servicemanager)
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
new file mode 100644
index 0000000..5b6025c
--- /dev/null
+++ b/public/thermalserviced.te
@@ -0,0 +1,11 @@
+# thermalserviced -- thermal management services for system and vendor
+type thermalserviced, domain;
+type thermalserviced_exec, exec_type, file_type;
+
+binder_use(thermalserviced)
+binder_service(thermalserviced)
+add_service(thermalserviced, thermal_service)
+
+hwbinder_use(thermalserviced)
+hal_client_domain(thermalserviced, hal_thermal)
+add_hwservice(thermalserviced, thermalcallback_hwservice)
diff --git a/public/ueventd.te b/public/ueventd.te
index b84ac72..212087e 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -11,7 +11,7 @@
r_dir_file(ueventd, rootfs)
# ueventd needs write access to files in /sys to regenerate uevents
-allow ueventd { sysfs_type -usermodehelper }:file w_file_perms;
+allow ueventd sysfs_type:file w_file_perms;
r_dir_file(ueventd, sysfs_type)
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
diff --git a/public/vold.te b/public/vold.te
index bb2b3d7..513438c 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -28,6 +28,9 @@
# For sgdisk launched through popen()
allow vold shell_exec:file rx_file_perms;
+# For formatting adoptable storage devices
+allow vold e2fs_exec:file rx_file_perms;
+
typeattribute vold mlstrustedsubject;
allow vold self:process setfscreate;
allow vold system_file:file x_file_perms;
diff --git a/tests/Android.bp b/tests/Android.bp
index 2c70f36..19aca9c 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -7,6 +7,12 @@
}
cc_prebuilt_binary {
+ name: "mini_parser.py",
+ srcs: ["mini_parser.py"],
+ host_supported: true,
+}
+
+cc_prebuilt_binary {
name: "policy.py",
srcs: ["policy.py"],
host_supported: true,
@@ -17,5 +23,12 @@
name: "treble_sepolicy_tests.py",
srcs: ["treble_sepolicy_tests.py"],
host_supported: true,
+ required: ["mini_parser.py", "policy.py"],
+}
+
+cc_prebuilt_binary {
+ name: "sepolicy_tests.py",
+ srcs: ["sepolicy_tests.py"],
+ host_supported: true,
required: ["policy.py"],
}
diff --git a/tests/mini_parser.py b/tests/mini_parser.py
new file mode 100644
index 0000000..57b3d59
--- /dev/null
+++ b/tests/mini_parser.py
@@ -0,0 +1,100 @@
+from os.path import basename
+import re
+import sys
+
+# A very limited parser whose job is to process the compatibility mapping
+# files and retrieve type and attribute information until proper support is
+# built into libsepol
+
+# get the text in the next matching parens
+
+class MiniCilParser:
+ types = set() # types declared in mapping
+ pubtypes = set()
+ typeattributes = set() # attributes declared in mapping
+ typeattributesets = {} # sets defined in mapping
+ rTypeattributesets = {} # reverse mapping of above sets
+ apiLevel = None
+
+ def _getNextStmt(self, infile):
+ parens = 0
+ s = ""
+ c = infile.read(1)
+ # get to first statement
+ while c and c != "(":
+ c = infile.read(1)
+
+ parens += 1
+ c = infile.read(1)
+ while c and parens != 0:
+ s += c
+ c = infile.read(1)
+ if c == ';':
+ # comment, get rid of rest of the line
+ while c != '\n':
+ c = infile.read(1)
+ elif c == '(':
+ parens += 1
+ elif c == ')':
+ parens -= 1
+ return s
+
+ def _parseType(self, stmt):
+ m = re.match(r"type\s+(.+)", stmt)
+ self.types.update(set(m.group(1)))
+ return
+
+ def _parseTypeattribute(self, stmt):
+ m = re.match(r"typeattribute\s+(.+)", stmt)
+ self.typeattributes.update(set(m.group(1)))
+ return
+
+ def _parseTypeattributeset(self, stmt):
+ m = re.match(r"typeattributeset\s+(.+?)\s+\((.+?)\)", stmt, flags = re.M |re.S)
+ ta = m.group(1)
+ # this isn't proper expression parsing, but will do for our
+ # current use
+ tas = m.group(2).split()
+
+ if self.typeattributesets.get(ta) is None:
+ self.typeattributesets[ta] = set()
+ self.typeattributesets[ta].update(set(tas))
+ for t in tas:
+ if self.rTypeattributesets.get(t) is None:
+ self.rTypeattributesets[t] = set()
+ self.rTypeattributesets[t].update(set(ta))
+
+ # check to see if this typeattributeset is a versioned public type
+ pub = re.match(r"(\w+)_\d+_\d+", ta)
+ if pub is not None:
+ self.pubtypes.update(set(pub.group(1)))
+ return
+
+ def _parseStmt(self, stmt):
+ if re.match(r"type\s+.+", stmt):
+ self._parseType(stmt)
+ elif re.match(r"typeattribute\s+.+", stmt):
+ self._parseTypeattribute(stmt)
+ elif re.match(r"typeattributeset\s+.+", stmt):
+ self._parseTypeattributeset(stmt)
+ else:
+ m = re.match(r"(\w+)\s+.+", stmt)
+ ret = "Warning: Unknown statement type (" + m.group(1) + ") in "
+ ret += "mapping file, perhaps consider adding support for it in "
+ ret += "system/sepolicy/tests/mini_parser.py!\n"
+ print ret
+ return
+
+ def __init__(self, policyFile):
+ with open(policyFile, 'r') as infile:
+ s = self._getNextStmt(infile)
+ while s:
+ self._parseStmt(s)
+ s = self._getNextStmt(infile)
+ fn = basename(policyFile)
+ m = re.match(r"(\d+\.\d+).+\.cil", fn)
+ self.apiLevel = m.group(1)
+
+if __name__ == '__main__':
+ f = sys.argv[1]
+ p = MiniCilParser(f)
diff --git a/tests/policy.py b/tests/policy.py
index e307656..15a537e 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -3,6 +3,33 @@
import os
import sys
+###
+# Check whether the regex will match a file path starting with the provided
+# prefix
+#
+# Compares regex entries in file_contexts with a path prefix. Regex entries
+# are often more specific than this file prefix. For example, the regex could
+# be /system/bin/foo\.sh and the prefix could be /system. This function
+# loops over the regex removing characters from the end until
+# 1) there is a match - return True or 2) run out of characters - return
+# False.
+#
+def MatchPathPrefix(pathregex, prefix):
+ for i in range(len(pathregex), 0, -1):
+ try:
+ pattern = re.compile('^' + pathregex[0:i] + "$")
+ except:
+ continue
+ if pattern.match(prefix):
+ return True
+ return False
+
+def MatchPathPrefixes(pathregex, Prefixes):
+ for Prefix in Prefixes:
+ if MatchPathPrefix(pathregex, Prefix):
+ return True
+ return False
+
class TERule:
def __init__(self, rule):
data = rule.split(',')
@@ -20,6 +47,27 @@
__policydbP = None
__BUFSIZE = 2048
+ # Check that path prefixes that match MatchPrefix, and do not Match
+ # DoNotMatchPrefix have the attribute Attr.
+ # For example assert that all types in /sys, and not in /sys/kernel/debugfs
+ # have the sysfs_type attribute.
+ def AssertPathTypesHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr):
+ # Query policy for the types associated with Attr
+ TypesPol = self.QueryTypeAttribute(Attr, True)
+ # Search file_contexts to find paths/types that should be associated with
+ # Attr.
+ TypesFc = self.__GetTypesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
+ violators = TypesFc.difference(TypesPol)
+
+ ret = ""
+ if len(violators) > 0:
+ ret += "The following types on "
+ ret += " ".join(str(x) for x in sorted(MatchPrefix))
+ ret += " must be associated with the "
+ ret += "\"" + Attr + "\" attribute: "
+ ret += " ".join(str(x) for x in sorted(violators)) + "\n"
+ return ret
+
# Return all file_contexts entries that map to the input Type.
def QueryFc(self, Type):
if Type in self.__FcDict:
@@ -35,18 +83,19 @@
if (TypeIterP == None):
sys.exit("Failed to initialize type iterator")
buf = create_string_buffer(self.__BUFSIZE)
-
+ TypeAttr = set()
while True:
ret = self.__libsepolwrap.get_type(buf, self.__BUFSIZE,
self.__policydbP, TypeIterP)
if ret == 0:
- yield buf.value
+ TypeAttr.add(buf.value)
continue
if ret == 1:
break;
# We should never get here.
sys.exit("Failed to import policy")
self.__libsepolwrap.destroy_type_iter(TypeIterP)
+ return TypeAttr
# Return all TERules that match:
# (any scontext) or (any tcontext) or (any tclass) or (any perms),
@@ -75,6 +124,37 @@
yield Rule
+ def GetAllTypes(self):
+ TypeIterP = self.__libsepolwrap.init_type_iter(self.__policydbP, None, False)
+ if (TypeIterP == None):
+ sys.exit("Failed to initialize type iterator")
+ buf = create_string_buffer(self.__BUFSIZE)
+ AllTypes = set()
+ while True:
+ ret = self.__libsepolwrap.get_type(buf, self.__BUFSIZE,
+ self.__policydbP, TypeIterP)
+ if ret == 0:
+ AllTypes.add(buf.value)
+ continue
+ if ret == 1:
+ break;
+ # We should never get here.
+ sys.exit("Failed to import policy")
+ self.__libsepolwrap.destroy_type_iter(TypeIterP)
+ return AllTypes
+
+ def __GetTypesByFilePathPrefix(self, MatchPrefixes, DoNotMatchPrefixes):
+ Types = set()
+ for Type in self.__FcDict:
+ for pathregex in self.__FcDict[Type]:
+ if not MatchPathPrefixes(pathregex, MatchPrefixes):
+ continue
+ if MatchPathPrefixes(pathregex, DoNotMatchPrefixes):
+ continue
+ Types.add(Type)
+ return Types
+
+
def __GetTERules(self, policydbP, avtabIterP):
if self.__Rules is None:
self.__Rules = set()
@@ -143,6 +223,8 @@
# load file_contexts
def __InitFC(self, FcPaths):
+ if FcPaths is None:
+ return
fc = []
for path in FcPaths:
if not os.path.exists(path):
diff --git a/tests/sepol_wrap.cpp b/tests/sepol_wrap.cpp
index a12d438..cd53367 100644
--- a/tests/sepol_wrap.cpp
+++ b/tests/sepol_wrap.cpp
@@ -17,8 +17,11 @@
#include <android-base/strings.h>
#include <sepol_wrap.h>
-
+#define TYPE_ITER_LOOKUP 0
+#define TYPE_ITER_ALLTYPES 1
+#define TYPE_ITER_ALLATTRS 2
struct type_iter {
+ unsigned int alltypes;
type_datum *d;
ebitmap_node *n;
unsigned int length;
@@ -36,23 +39,33 @@
return NULL;
}
- out->d = static_cast<type_datum *>(hashtab_search(db->p_types.table, type));
- if (is_attr && out->d->flavor != TYPE_ATTRIB) {
- std::cerr << "\"" << type << "\" MUST be an attribute in the policy" << std::endl;
- free(out);
- return NULL;
- } else if (!is_attr && out->d->flavor !=TYPE_TYPE) {
- std::cerr << "\"" << type << "\" MUST be a type in the policy" << std::endl;
- free(out);
- return NULL;
- }
-
- if (is_attr) {
- out->bit = ebitmap_start(&db->attr_type_map[out->d->s.value - 1], &out->n);
- out->length = ebitmap_length(&db->attr_type_map[out->d->s.value - 1]);
+ if (type == NULL) {
+ out->length = db->p_types.nprim;
+ out->bit = 0;
+ if (is_attr)
+ out->alltypes = TYPE_ITER_ALLATTRS;
+ else
+ out->alltypes = TYPE_ITER_ALLTYPES;
} else {
- out->bit = ebitmap_start(&db->type_attr_map[out->d->s.value - 1], &out->n);
- out->length = ebitmap_length(&db->type_attr_map[out->d->s.value - 1]);
+ out->alltypes = TYPE_ITER_LOOKUP;
+ out->d = static_cast<type_datum *>(hashtab_search(db->p_types.table, type));
+ if (is_attr && out->d->flavor != TYPE_ATTRIB) {
+ std::cerr << "\"" << type << "\" MUST be an attribute in the policy" << std::endl;
+ free(out);
+ return NULL;
+ } else if (!is_attr && out->d->flavor !=TYPE_TYPE) {
+ std::cerr << "\"" << type << "\" MUST be a type in the policy" << std::endl;
+ free(out);
+ return NULL;
+ }
+
+ if (is_attr) {
+ out->bit = ebitmap_start(&db->attr_type_map[out->d->s.value - 1], &out->n);
+ out->length = ebitmap_length(&db->attr_type_map[out->d->s.value - 1]);
+ } else {
+ out->bit = ebitmap_start(&db->type_attr_map[out->d->s.value - 1], &out->n);
+ out->length = ebitmap_length(&db->type_attr_map[out->d->s.value - 1]);
+ }
}
return static_cast<void *>(out);
@@ -65,7 +78,7 @@
}
/*
- * print allow rule into *out buffer.
+ * print type into *out buffer.
*
* Returns -1 on error.
* Returns 0 on successfully reading an avtab entry.
@@ -77,20 +90,28 @@
policydb_t *db = static_cast<policydb_t *>(policydbp);
struct type_iter *i = static_cast<struct type_iter *>(type_iterp);
- for (; i->bit < i->length; i->bit = ebitmap_next(&i->n, i->bit)) {
- if (!ebitmap_node_get_bit(i->n, i->bit)) {
- continue;
+ if (!i->alltypes) {
+ for (; i->bit < i->length; i->bit = ebitmap_next(&i->n, i->bit)) {
+ if (!ebitmap_node_get_bit(i->n, i->bit)) {
+ continue;
+ }
+ break;
}
- len = snprintf(out, max_size, "%s", db->p_type_val_to_name[i->bit]);
- if (len >= max_size) {
- std::cerr << "type name exceeds buffer size." << std::endl;
- return -1;
- }
- i->bit = ebitmap_next(&i->n, i->bit);
- return 0;
}
-
- return 1;
+ if (i->bit >= i->length)
+ return 1;
+ while ((i->alltypes == TYPE_ITER_ALLATTRS
+ && db->type_val_to_struct[i->bit]->flavor != TYPE_ATTRIB)
+ || (i->alltypes == TYPE_ITER_ALLTYPES
+ && db->type_val_to_struct[i->bit]->flavor != TYPE_TYPE))
+ i->bit++;
+ len = snprintf(out, max_size, "%s", db->p_type_val_to_name[i->bit]);
+ if (len >= max_size) {
+ std::cerr << "type name exceeds buffer size." << std::endl;
+ return -1;
+ }
+ i->alltypes ? i->bit++ : i->bit = ebitmap_next(&i->n, i->bit);
+ return 0;
}
void *load_policy(const char *policy_path)
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
new file mode 100644
index 0000000..3f93ff4
--- /dev/null
+++ b/tests/sepolicy_tests.py
@@ -0,0 +1,85 @@
+from optparse import OptionParser
+from optparse import Option, OptionValueError
+import os
+import policy
+import re
+import sys
+
+#############################################################
+# Tests
+#############################################################
+def TestDataTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/data/"], [], "data_file_type")
+
+def TestSysfsTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/sys/"], ["/sys/kernel/debug/",
+ "/sys/kernel/tracing"], "sysfs_type")
+
+def TestDebugfsTypeViolations(pol):
+ # TODO: this should apply to genfs_context entries as well
+ return pol.AssertPathTypesHaveAttr(["/sys/kernel/debug/",
+ "/sys/kernel/tracing"], [], "debugfs_type")
+###
+# extend OptionParser to allow the same option flag to be used multiple times.
+# This is used to allow multiple file_contexts files and tests to be
+# specified.
+#
+class MultipleOption(Option):
+ ACTIONS = Option.ACTIONS + ("extend",)
+ STORE_ACTIONS = Option.STORE_ACTIONS + ("extend",)
+ TYPED_ACTIONS = Option.TYPED_ACTIONS + ("extend",)
+ ALWAYS_TYPED_ACTIONS = Option.ALWAYS_TYPED_ACTIONS + ("extend",)
+
+ def take_action(self, action, dest, opt, value, values, parser):
+ if action == "extend":
+ values.ensure_value(dest, []).append(value)
+ else:
+ Option.take_action(self, action, dest, opt, value, values, parser)
+
+Tests = ["TestDataTypeViolators"]
+
+if __name__ == '__main__':
+ usage = "sepolicy_tests.py -f nonplat_file_contexts -f "
+ usage +="plat_file_contexts -p policy [--test test] [--help]"
+ parser = OptionParser(option_class=MultipleOption, usage=usage)
+ parser.add_option("-f", "--file_contexts", dest="file_contexts",
+ metavar="FILE", action="extend", type="string")
+ parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
+ parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
+ parser.add_option("-t", "--test", dest="test", action="extend",
+ help="Test options include "+str(Tests))
+
+ (options, args) = parser.parse_args()
+
+ if not options.libpath:
+ sys.exit("Must specify path to host libraries\n" + parser.usage)
+ if not os.path.exists(options.libpath):
+ sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ + parser.usage)
+
+ if not options.policy:
+ sys.exit("Must specify monolithic policy file\n" + parser.usage)
+ if not os.path.exists(options.policy):
+ sys.exit("Error: policy file " + options.policy + " does not exist\n"
+ + parser.usage)
+
+ if not options.file_contexts:
+ sys.exit("Error: Must specify file_contexts file(s)\n" + parser.usage)
+ for f in options.file_contexts:
+ if not os.path.exists(f):
+ sys.exit("Error: File_contexts file " + f + " does not exist\n" +
+ parser.usage)
+
+ pol = policy.Policy(options.policy, options.file_contexts, options.libpath)
+
+ results = ""
+ # If an individual test is not specified, run all tests.
+ if options.test is None or "TestDataTypeViolations" in options.tests:
+ results += TestDataTypeViolations(pol)
+ if options.test is None or "TestSysfsTypeViolations" in options.tests:
+ results += TestSysfsTypeViolations(pol)
+ if options.test is None or "TestDebugfsTypeViolations" in options.tests:
+ results += TestDebugfsTypeViolations(pol)
+
+ if len(results) > 0:
+ sys.exit(results)
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index ddccaba..f659677 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -1,7 +1,9 @@
from optparse import OptionParser
from optparse import Option, OptionValueError
import os
+import mini_parser
import policy
+from policy import MatchPathPrefix
import re
import sys
@@ -69,26 +71,10 @@
appdomains = set()
vendordomains = set()
-###
-# Check whether the regex will match a file path starting with the provided
-# prefix
-#
-# Compares regex entries in file_contexts with a path prefix. Regex entries
-# are often more specific than this file prefix. For example, the regex could
-# be /system/bin/foo\.sh and the prefix could be /system. This function
-# loops over the regex removing characters from the end until
-# 1) there is a match - return True or 2) run out of characters - return
-# False.
-#
-def MatchPathPrefix(pathregex, prefix):
- for i in range(len(pathregex), 0, -1):
- try:
- pattern = re.compile('^' + pathregex[0:i] + "$")
- except:
- continue
- if pattern.match(prefix):
- return True
- return False
+# compat vars
+alltypes = set()
+oldalltypes = set()
+compatMapping = None
def GetAllDomains(pol):
global alldomains
@@ -107,12 +93,11 @@
alldomains[d].appdomain = True
appdomains.add(d)
-
def GetCoreDomains():
global alldomains
global coredomains
for d in alldomains:
- # TestCoredomainViolators will verify if coredomain was incorrectly
+ # TestCoredomainViolations will verify if coredomain was incorrectly
# applied.
if "coredomain" in alldomains[d].attributes:
alldomains[d].coredomain = True
@@ -167,6 +152,12 @@
for result in pol.QueryTypeAttribute(domain, False):
alldomains[domain].attributes.add(result)
+def GetAllTypes(pol, oldpol):
+ global alltypes
+ global oldalltypes
+ alltypes = pol.GetAllTypes()
+ oldalltypes = oldpol.GetAllTypes()
+
def setup(pol):
GetAllDomains(pol)
GetAttributes(pol)
@@ -174,6 +165,13 @@
GetAppDomains()
GetCoreDomains()
+# setup for the policy compatibility tests
+def compatSetup(pol, oldpol, mapping):
+ global compatMapping
+
+ GetAllTypes(pol, oldpol)
+ compatMapping = mapping
+
#############################################################
# Tests
#############################################################
@@ -209,6 +207,31 @@
return ret
###
+# Make sure that any new type introduced in the new policy that was not present
+# in the old policy has been recorded in the mapping file.
+def TestNoUnmappedNewTypes():
+ global alltypes
+ global oldalltypes
+ newt = alltypes - oldalltypes
+ ret = ""
+ violators = []
+
+ for n in newt:
+ if compatMapping.rTypeattributesets.get(n) is None:
+ violators.append(n)
+
+ if len(violators) > 0:
+ ret += "SELinux: The following types were found added to the policy "
+ ret += "without an entry into the compatibility mapping file(s) found "
+ ret += "in private/compat/" + compatMapping.apiLevel + "/"
+ ret += compatMapping.apiLevel + "[.ignore].cil/n"
+ ret += " ".join(str(x) for x in sorted(violators)) + "\n"
+ return ret
+
+def TestTrebleCompatMapping():
+ ret = TestNoUnmappedNewTypes()
+ return ret
+###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
# specified.
@@ -225,17 +248,23 @@
else:
Option.take_action(self, action, dest, opt, value, values, parser)
-Tests = ["CoredomainViolators"]
+Tests = {"CoredomainViolations": TestCoredomainViolations,
+ "TrebleCompatMapping": TestTrebleCompatMapping }
if __name__ == '__main__':
usage = "treble_sepolicy_tests.py -f nonplat_file_contexts -f "
- usage +="plat_file_contexts -p policy [--test test] [--help]"
+ usage +="plat_file_contexts -p curr_policy -b base_policy -o old_policy "
+ usage +="-m mapping file [--test test] [--help]"
parser = OptionParser(option_class=MultipleOption, usage=usage)
+ parser.add_option("-b", "--basepolicy", dest="basepolicy", metavar="FILE")
parser.add_option("-f", "--file_contexts", dest="file_contexts",
metavar="FILE", action="extend", type="string")
- parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
parser.add_option("-l", "--library-path", dest="libpath", metavar="FILE")
- parser.add_option("-t", "--test", dest="test", action="extend",
+ parser.add_option("-m", "--mapping", dest="mapping", metavar="FILE")
+ parser.add_option("-o", "--oldpolicy", dest="oldpolicy", metavar="FILE")
+ parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
+ parser.add_option("-t", "--test", dest="tests", action="extend",
+
help="Test options include "+str(Tests))
(options, args) = parser.parse_args()
@@ -245,9 +274,14 @@
if not os.path.exists(options.libpath):
sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ parser.usage)
-
+ if not options.basepolicy:
+ sys.exit("Must specify the current platform-only policy file\n" + parser.usage)
+ if not options.mapping:
+ sys.exit("Must specify a compatibility mapping file\n" + parser.usage)
+ if not options.oldpolicy:
+ sys.exit("Must specify the previous monolithic policy file\n" + parser.usage)
if not options.policy:
- sys.exit("Must specify monolithic policy file\n" + parser.usage)
+ sys.exit("Must specify current monolithic policy file\n" + parser.usage)
if not os.path.exists(options.policy):
sys.exit("Error: policy file " + options.policy + " does not exist\n"
+ parser.usage)
@@ -261,14 +295,30 @@
pol = policy.Policy(options.policy, options.file_contexts, options.libpath)
setup(pol)
+ basepol = policy.Policy(options.basepolicy, None, options.libpath)
+ oldpol = policy.Policy(options.oldpolicy, None, options.libpath)
+ mapping = mini_parser.MiniCilParser(options.mapping)
+ compatSetup(basepol, oldpol, mapping)
if DEBUG:
PrintScontexts()
results = ""
# If an individual test is not specified, run all tests.
- if options.test is None or "CoredomainViolations" in options.tests:
- results += TestCoredomainViolations()
+ if options.tests is None:
+ for t in Tests.values():
+ results += t()
+ else:
+ for tn in options.tests:
+ t = Tests.get(tn)
+ if t:
+ results += t()
+ else:
+ err = "Error: unknown test: " + tn + "\n"
+ err += "Available tests:\n"
+ for tn in Tests.keys():
+ err += tn + "\n"
+ sys.exit(err)
if len(results) > 0:
sys.exit(results)
diff --git a/vendor/file.te b/vendor/file.te
index aeafb4a..3350b1e 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -1,2 +1,2 @@
# Socket types
-type hostapd_socket, file_type;
+type hostapd_socket, file_type, data_file_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index fbaa7e4..08cc068 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -9,6 +9,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service u:object_r:hal_configstore_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service u:object_r:hal_dumpstate_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.0-service u:object_r:hal_gnss_default_exec:s0
@@ -24,7 +25,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.0-service u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
diff --git a/vendor/hal_cas_default.te b/vendor/hal_cas_default.te
new file mode 100644
index 0000000..c7a858c
--- /dev/null
+++ b/vendor/hal_cas_default.te
@@ -0,0 +1,6 @@
+type hal_cas_default, domain;
+hal_server_domain(hal_cas_default, hal_cas)
+
+type hal_cas_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_cas_default)
+