Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f38734e2878e423e519c83f5988890a46e4733eb / . / private / service.te
blob: 7e893009c4a19e54f82c9cdf0a5924c66840f4aa [file] [log] [blame]
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]1type ambient_context_service, app_api_service, system_server_service, service_manager_type;
Grace Cheng6f991b02024-11-08 03:14:45 +0000[diff] [blame]2type authentication_policy_service, system_api_service, system_server_service, service_manager_type;
Vadim Caen1d81f872024-08-19 15:08:35 +0200[diff] [blame]3
4# These types will be public starting at board api 202504
5until_board_api(202504, `
6 type app_function_service, app_api_service, system_server_service, service_manager_type;
7')
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]8type attention_service, system_server_service, service_manager_type;
9type bg_install_control_service, system_api_service, system_server_service, service_manager_type;
10type compos_service, service_manager_type;
11type communal_service, app_api_service, system_server_service, service_manager_type;
12type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
13type feature_flags_service, app_api_service, system_server_service, service_manager_type;
Emilian Peev33392712024-11-27 01:29:35 +0000[diff] [blame]14type fwk_devicestate_service, system_server_service, service_manager_type;
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]15type gsi_service, service_manager_type;
16type incidentcompanion_service, app_api_service, system_api_service, system_server_service, service_manager_type;
17type logcat_service, system_server_service, service_manager_type;
18type logd_service, service_manager_type;
19type mediatuner_service, app_api_service, service_manager_type;
Hung Nguyen9c7d3062024-11-05 15:50:00 -0800[diff] [blame]20type mmd_service, service_manager_type;
sandeepbandaru600e3952024-02-19 09:40:54 +0000[diff] [blame]21type on_device_intelligence_service, app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]22type profcollectd_service, service_manager_type;
Pablo Gamito521d1be2024-08-27 09:13:19 +0000[diff] [blame]23type protolog_configuration_service, app_api_service, system_api_service, system_server_service, service_manager_type;
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]24type resolver_service, system_server_service, service_manager_type;
25type rkpd_registrar_service, service_manager_type;
26type rkpd_refresh_service, service_manager_type;
Vikram Gaurf6c6f452024-09-05 23:00:09 +0000[diff] [blame]27type rkp_cert_processor_service, service_manager_type;
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]28type safety_center_service, app_api_service, system_api_service, system_server_service, service_manager_type;
29type stats_service, service_manager_type;
30type statsbootstrap_service, system_server_service, service_manager_type;
31type statscompanion_service, system_server_service, service_manager_type;
32type statsmanager_service, system_api_service, system_server_service, service_manager_type;
Haofan Wange7c20312024-10-03 21:32:52 +0000[diff] [blame]33until_board_api(202504, `
34 type media_quality_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
35')
Roman Kalukiewiczd416f1b2024-08-06 00:18:32 +0000[diff] [blame]36
Haofan Wangf5ff3eb2024-10-23 05:30:53 +0000[diff] [blame]37until_board_api(202504, `
38 type hal_mediaquality_service, protected_service, hal_service_type, service_manager_type;
39')
40
Roman Kalukiewiczd416f1b2024-08-06 00:18:32 +0000[diff] [blame]41is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
42 type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
43')
Collin Fijalkovich6f4cfe82020-12-11 14:51:32 -0800[diff] [blame]44type tracingproxy_service, system_server_service, service_manager_type;
David Anderson290f0052024-10-11 09:32:02 -0700[diff] [blame]45type tradeinmode_service, system_server_service, service_manager_type;
Billy Lau8bb3ed72022-01-19 13:44:25 -0800[diff] [blame]46type transparency_service, system_server_service, service_manager_type;
Inseob Kim094e8e82023-11-17 18:03:46 +0900[diff] [blame]47
48is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
49 type vfio_handler_service, service_manager_type;
50')
Alan Stokes38131e72024-02-20 11:06:37 +0000[diff] [blame]51is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
52 type virtualization_maintenance_service, service_manager_type;
53')
Seungjae Yoof60a1e02024-05-20 14:15:22 +0900[diff] [blame]54is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
Seungjae Yooc9df2932024-06-17 00:38:19 +0000[diff] [blame]55 type vm_tethering_service, system_server_service, service_manager_type;
56 type vmnic_service, service_manager_type;
Seungjae Yoof60a1e02024-05-20 14:15:22 +0900[diff] [blame]57')
Aidan Wolter56d74cd2024-08-20 19:19:37 +0000[diff] [blame]58is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
59 type microfuchsia_service, service_manager_type;
60')
Inseob Kim094e8e82023-11-17 18:03:46 +0900[diff] [blame]61
Gabriel Bireneb5872e2024-08-15 22:29:02 +0000[diff] [blame]62type uce_service, service_manager_type;
63type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
64type wifi_mainline_supplicant_service, service_manager_type;
Inseob Kim75806ef2024-03-27 17:18:41 +0900[diff] [blame]65
66###
67### Neverallow rules
68###
69
70# servicemanager handles registering or looking up named services.
71# It does not make sense to register or lookup something which is not a service.
72# Trigger a compile error if this occurs.
73neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };