Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 521d1bef35211b82fa7a92e2f327ec7a829d1ba1 / . / private / service.te
blob: 63259c67d5898c4fefa357265c1302e8b1f33902 [file] [log] [blame]
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]1type adaptive_auth_service, system_server_service, service_manager_type;
2type ambient_context_service, app_api_service, system_server_service, service_manager_type;
3type attention_service, system_server_service, service_manager_type;
4type bg_install_control_service, system_api_service, system_server_service, service_manager_type;
5type compos_service, service_manager_type;
6type communal_service, app_api_service, system_server_service, service_manager_type;
7type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
8type feature_flags_service, app_api_service, system_server_service, service_manager_type;
9type gsi_service, service_manager_type;
10type incidentcompanion_service, app_api_service, system_api_service, system_server_service, service_manager_type;
11type logcat_service, system_server_service, service_manager_type;
12type logd_service, service_manager_type;
13type mediatuner_service, app_api_service, service_manager_type;
sandeepbandaru600e3952024-02-19 09:40:54 +0000[diff] [blame]14type on_device_intelligence_service, app_api_service, system_server_service, service_manager_type, isolated_compute_allowed_service;
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]15type profcollectd_service, service_manager_type;
Pablo Gamito521d1be2024-08-27 09:13:19 +0000[diff] [blame^]16type protolog_configuration_service, app_api_service, system_api_service, system_server_service, service_manager_type;
Pablo Gamito9a90b922024-08-26 14:16:59 +0000[diff] [blame]17type resolver_service, system_server_service, service_manager_type;
18type rkpd_registrar_service, service_manager_type;
19type rkpd_refresh_service, service_manager_type;
20type safety_center_service, app_api_service, system_api_service, system_server_service, service_manager_type;
21type stats_service, service_manager_type;
22type statsbootstrap_service, system_server_service, service_manager_type;
23type statscompanion_service, system_server_service, service_manager_type;
24type statsmanager_service, system_api_service, system_server_service, service_manager_type;
Roman Kalukiewiczd416f1b2024-08-06 00:18:32 +0000[diff] [blame]25
26is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
27 type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
28')
Collin Fijalkovich6f4cfe82020-12-11 14:51:32 -0800[diff] [blame]29type tracingproxy_service, system_server_service, service_manager_type;
Billy Lau8bb3ed72022-01-19 13:44:25 -0800[diff] [blame]30type transparency_service, system_server_service, service_manager_type;
Inseob Kim094e8e82023-11-17 18:03:46 +0900[diff] [blame]31
32is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
33 type vfio_handler_service, service_manager_type;
34')
Alan Stokes38131e72024-02-20 11:06:37 +0000[diff] [blame]35is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
36 type virtualization_maintenance_service, service_manager_type;
37')
Seungjae Yoof60a1e02024-05-20 14:15:22 +0900[diff] [blame]38is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
Seungjae Yooc9df2932024-06-17 00:38:19 +0000[diff] [blame]39 type vm_tethering_service, system_server_service, service_manager_type;
40 type vmnic_service, service_manager_type;
Seungjae Yoof60a1e02024-05-20 14:15:22 +0900[diff] [blame]41')
Aidan Wolter56d74cd2024-08-20 19:19:37 +0000[diff] [blame]42is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
43 type microfuchsia_service, service_manager_type;
44')
Inseob Kim094e8e82023-11-17 18:03:46 +0900[diff] [blame]45
Steven Moreland92f72cd2019-08-01 14:05:05 -0700[diff] [blame]46type uce_service, service_manager_type;
Tom Chan4409ea42023-12-18 21:57:49 +0000[diff] [blame]47type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
Inseob Kim75806ef2024-03-27 17:18:41 +0900[diff] [blame]48
49###
50### Neverallow rules
51###
52
53# servicemanager handles registering or looking up named services.
54# It does not make sense to register or lookup something which is not a service.
55# Trigger a compile error if this occurs.
56neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };