Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 07429e39ee8c97cb0d95f31c7f8aa0ed843cfd64 / . / private / file.te
blob: e48fc4c634c48076702796a70484b2e287af27b8 [file] [log] [blame]
Nick Kralevich929da012017-02-16 12:04:40 -0800[diff] [blame]1# /proc/config.gz
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]2type config_gz, fs_type, proc_type;
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]3
Maciej Żenczykowskib13921c2022-05-21 05:03:29 -0700[diff] [blame]4# /sys/fs/bpf/<dir> for mainline tethering use
5# TODO: move S+ fs_bpf_tethering here from public/file.te
6type fs_bpf_net_private, fs_type, bpffs_type;
7type fs_bpf_net_shared, fs_type, bpffs_type;
8type fs_bpf_netd_readonly, fs_type, bpffs_type;
9type fs_bpf_netd_shared, fs_type, bpffs_type;
Maciej Żenczykowskie14e69a2022-12-01 14:45:35 +0000[diff] [blame]10type fs_bpf_loader, fs_type, bpffs_type;
Maciej Żenczykowskib13921c2022-05-21 05:03:29 -0700[diff] [blame]11
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]12# /data/misc/storaged
13type storaged_data_file, file_type, data_file_type, core_data_file_type;
Vishnu Nair2d6942d2017-11-17 08:23:32 -0800[diff] [blame]14
15# /data/misc/wmtrace for wm traces
Hongwei Wang93720262023-01-20 12:14:31 -0800[diff] [blame]16type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Primiano Tucci1a9f4f72018-01-24 16:07:09 +0000[diff] [blame]17
Hongming Jin58f83412021-02-09 12:03:40 -0800[diff] [blame]18# /data/misc/a11ytrace for accessibility traces
19type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type;
20
Primiano Tucci1a9f4f72018-01-24 16:07:09 +0000[diff] [blame]21# /data/misc/perfetto-traces for perfetto traces
22type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
Dan Austin55d90962018-11-29 10:37:18 -0800[diff] [blame]23
Primiano Tucci2f998092021-01-07 17:12:21 +0000[diff] [blame]24# /data/misc/perfetto-traces/bugreport for perfetto traces for bugreports.
25type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_file_type;
26
Primiano Tucci512bdb92020-10-13 21:13:09 +0100[diff] [blame]27# /data/misc/perfetto-configs for perfetto configs
28type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
29
Mohammad Samiul Islamd2ffd352022-05-11 21:43:54 +0100[diff] [blame]30# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes
31type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type;
Bram Bonneb93f26f2022-03-15 18:28:02 +0100[diff] [blame]32# /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes
33type sdk_sandbox_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
34
Dan Austin55d90962018-11-29 10:37:18 -0800[diff] [blame]35# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
36type debugfs_kcov, fs_type, debugfs_type;
37
Nick Kralevichfb66c6f2019-01-11 09:37:46 -0800[diff] [blame]38# App executable files in /data/data directories
39type app_exec_data_file, file_type, data_file_type, core_data_file_type;
40typealias app_exec_data_file alias rs_data_file;
Narayan Kamath2ad229c2019-01-14 15:02:12 +0000[diff] [blame]41
42# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
43# of application data.
44type rollback_data_file, file_type, data_file_type, core_data_file_type;
Kiyoung Kimaffa6f32019-07-08 19:02:05 +0900[diff] [blame]45
Tianjieb729aa62021-10-05 22:13:20 -0700[diff] [blame]46# /data/misc_ce/checkin for checkin apps.
47type checkin_data_file, file_type, data_file_type, core_data_file_type;
48
Yifan Hong07a99e12019-08-07 13:01:15 -0700[diff] [blame]49# /data/gsi/ota
50type ota_image_data_file, file_type, data_file_type, core_data_file_type;
Shuo Qian9322cb02019-10-15 13:13:56 -0700[diff] [blame]51
Howard Chen55665d62020-12-25 17:32:13 +0800[diff] [blame]52# /data/gsi_persistent_data
53type gsi_persistent_data_file, file_type, data_file_type, core_data_file_type;
54
Shuo Qian9322cb02019-10-15 13:13:56 -0700[diff] [blame]55# /data/misc/emergencynumberdb
56type emergency_data_file, file_type, data_file_type, core_data_file_type;
Yi Kong239c85d2020-06-18 12:43:23 +0800[diff] [blame]57
58# /data/misc/profcollectd
59type profcollectd_data_file, file_type, data_file_type, core_data_file_type;
Orion Hodson8f75f762020-10-16 15:29:55 +0100[diff] [blame]60
61# /data/misc/apexdata/com.android.art
Alan Stokesfa10a142021-07-12 14:21:48 +0100[diff] [blame]62type apex_art_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
Orion Hodson8f75f762020-10-16 15:29:55 +0100[diff] [blame]63
64# /data/misc/apexdata/com.android.art/staging
65type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type;
Seigo Nonaka9c3707f2021-01-21 13:08:31 -0800[diff] [blame]66
Alan Stokes10fbf232021-07-12 15:12:37 +0100[diff] [blame]67# /data/misc/apexdata/com.android.compos
68type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
69
Alan Stokes53c76a22022-02-08 15:44:06 +0000[diff] [blame]70# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained
71# for backward compatibility b/217581286
72type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
73type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
74type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
Junyu Laic43dbf82022-04-20 18:48:06 +0800[diff] [blame]75type apex_tethering_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
Alan Stokes53c76a22022-02-08 15:44:06 +0000[diff] [blame]76type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
77
Seigo Nonaka9c3707f2021-01-21 13:08:31 -0800[diff] [blame]78# /data/font/files
79type font_data_file, file_type, data_file_type, core_data_file_type;
Martijn Coenen6afdb722020-11-27 12:23:54 +0100[diff] [blame]80
Alexander Potapenko0a64d102022-01-28 19:48:27 +0100[diff] [blame]81# /data/misc/dmesgd
82type dmesgd_data_file, file_type, data_file_type, core_data_file_type;
83
Orion Hodson7c6b3eb2021-04-09 15:17:38 +0100[diff] [blame]84# /data/misc/odrefresh
85type odrefresh_data_file, file_type, data_file_type, core_data_file_type;
86
Martijn Coenen6afdb722020-11-27 12:23:54 +0100[diff] [blame]87# /data/misc/odsign
88type odsign_data_file, file_type, data_file_type, core_data_file_type;
satayevafc97912021-03-19 11:08:49 +0000[diff] [blame]89
Shikha Panwar36daf982022-02-24 11:50:35 +0000[diff] [blame]90# /data/misc/odsign_metrics
91type odsign_metrics_file, file_type, data_file_type, core_data_file_type;
92
Andrew Walbran654c5b02021-05-19 17:10:43 +0000[diff] [blame]93# /data/misc/virtualizationservice
David Brazdil55d808c2022-12-15 13:38:42 +0000[diff] [blame]94# The type needs to be mlstrustedobject to allow for being accessed from
95# virtualizationmanager, which runs at a more constrained MLS level.
96type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Andrew Walbran654c5b02021-05-19 17:10:43 +0000[diff] [blame]97
satayevafc97912021-03-19 11:08:49 +0000[diff] [blame]98# /data/system/environ
99type environ_system_data_file, file_type, data_file_type, core_data_file_type;
Andrew Walbrana995e842021-03-29 17:19:12 +0000[diff] [blame]100
Josh Yang1d967dd2021-12-23 14:37:41 -0800[diff] [blame]101# /data/bootanim
102type bootanim_data_file, file_type, data_file_type, core_data_file_type;
103
Andrew Walbrana995e842021-03-29 17:19:12 +0000[diff] [blame]104# /dev/kvm
David Brazdil55d808c2022-12-15 13:38:42 +0000[diff] [blame]105# The type needs to be mlstrustedobject to allow for being accessed from
106# crosvm, which runs at a more constrained MLS level.
Elliot Bermanae5869a2023-03-22 17:31:35 -0700[diff] [blame]107type kvm_device, dev_type, mlstrustedobject, vm_manager_device_type;
Alan Stokesec4a90f2021-09-21 13:32:24 +0100[diff] [blame]108
109# /apex/com.android.virt/bin/fd_server
110type fd_server_exec, system_file_type, exec_type, file_type;
Jeff Vander Stoep5aa5e5e2021-11-17 08:51:11 +0100[diff] [blame]111
Alan Stokes766caba2022-02-14 14:33:37 +0000[diff] [blame]112# /apex/com.android.compos/bin/compsvc
113type compos_exec, exec_type, file_type, system_file_type;
114# /apex/com.android.compos/bin/compos_key_helper
115type compos_key_helper_exec, exec_type, file_type, system_file_type;
116
Jeff Vander Stoep5aa5e5e2021-11-17 08:51:11 +0100[diff] [blame]117# /metadata/sepolicy
118type sepolicy_metadata_file, file_type;
Jeff Vander Stoepbc0fa662021-12-03 15:21:54 +0100[diff] [blame]119
120# /dev/selinux/test - used to verify that apex sepolicy is loaded and
121# property labeled.
122type sepolicy_test_file, file_type;
Jiakai Zhangc871c1c2022-07-19 21:29:31 +0100[diff] [blame]123
124# /apex/com.android.art/bin/art_exec
125# This executable does not have its own domain because it is executed in the caller's domain. For
126# example, it is executed in the `artd` domain when artd calls it.
127type art_exec_exec, system_file_type, exec_type, file_type;
Pete Bentleye6da3b82022-09-16 15:31:39 +0100[diff] [blame]128
129# Filesystem entry for for PRNG seeder socket. Processes require
130# write permission on this to connect, and needs to be mlstrustedobject
131# in to satisfy MLS constraints for trusted domains.
132type prng_seeder_socket, file_type, coredomain_socket, mlstrustedobject;
Jaewan Kim93f57882023-02-07 01:49:24 +0900[diff] [blame]133
Yakun Xu07429e32023-06-02 03:36:01 +0000[diff] [blame^]134# /data/misc/threadnetwork
135type threadnetwork_data_file, file_type, data_file_type, core_data_file_type;
136
Jaewan Kim93f57882023-02-07 01:49:24 +0900[diff] [blame]137# /sys/firmware/devicetree/base/avf
138type sysfs_dt_avf, fs_type, sysfs_type;