Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 869a4c2e196f663b5efb8443e9a08c398cd53f59 / . / private / genfs_contexts
blob: 76f5bdda17fba361619c0970b8aed85958b9e7a9 [file] [log] [blame]
William Robertsdc107232012-07-11 16:46:38 -0700[diff] [blame]1# Label inodes with the fs label.
2genfscon rootfs / u:object_r:rootfs:s0
3# proc labeling can be further refined (longest matching prefix).
4genfscon proc / u:object_r:proc:s0
Max Biresaae18182017-10-19 15:51:38 -0700[diff] [blame]5genfscon proc /asound u:object_r:proc_asound:s0
Tri Vo218d87c2018-01-17 15:59:48 -0800[diff] [blame]6genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]7genfscon proc /cmdline u:object_r:proc_cmdline:s0
Nick Kralevich929da012017-02-16 12:04:40 -0800[diff] [blame]8genfscon proc /config.gz u:object_r:config_gz:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]9genfscon proc /diskstats u:object_r:proc_diskstats:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]10genfscon proc /filesystems u:object_r:proc_filesystems:s0
Daniel Micay5423db62016-07-29 14:48:19 -0400[diff] [blame]11genfscon proc /interrupts u:object_r:proc_interrupts:s0
dcashman26cd9122015-07-13 08:39:17 -0700[diff] [blame]12genfscon proc /iomem u:object_r:proc_iomem:s0
Tri Vo87ed5e82017-09-13 14:34:56 -0700[diff] [blame]13genfscon proc /kmsg u:object_r:proc_kmsg:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]14genfscon proc /loadavg u:object_r:proc_loadavg:s0
dcashmanf25ea5f2016-02-23 17:09:48 -0800[diff] [blame]15genfscon proc /meminfo u:object_r:proc_meminfo:s0
Nick Kralevich50bb7b52017-03-03 12:17:49 -0800[diff] [blame]16genfscon proc /misc u:object_r:proc_misc:s0
Jaesoo Leed363b0f2017-03-02 17:02:29 +0900[diff] [blame]17genfscon proc /modules u:object_r:proc_modules:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]18genfscon proc /mounts u:object_r:proc_mounts:s0
Robert Craig1bf61c42014-01-07 14:41:47 -0500[diff] [blame]19genfscon proc /net u:object_r:proc_net:s0
hqjiang4c06d272012-07-19 11:07:04 -0700[diff] [blame]20genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
Jeff Vander Stoep43303c82018-01-02 13:10:46 -0800[diff] [blame]21genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
Nick Kralevich2de02872014-09-26 10:51:12 -0700[diff] [blame]22genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]23genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
Daniel Micay5423db62016-07-29 14:48:19 -0400[diff] [blame]24genfscon proc /softirqs u:object_r:proc_timer:s0
25genfscon proc /stat u:object_r:proc_stat:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]26genfscon proc /swaps u:object_r:proc_swaps:s0
Stephen Smalley3dad7b62014-03-05 09:50:08 -0500[diff] [blame]27genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]28genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
Tri Voe7f49342017-11-14 16:32:36 -0800[diff] [blame]29genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]30genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
31genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
32genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
33genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]34genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
35genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]36genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]37genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]38genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]39genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]40genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
41genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
42genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]43genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
Yabin Cui5b15bae2017-03-06 17:27:54 -0800[diff] [blame]44genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]45genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
Tri Vo4081fd32017-11-28 08:42:40 -0800[diff] [blame]46genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]47genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
Tri Vo04fb82f2017-10-04 10:34:11 -0700[diff] [blame]48genfscon proc /sys/kernel/random u:object_r:proc_random:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]49genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]50genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
51genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
52genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
53genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
54genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
55genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
56genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]57genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
Robert Craig529fcbe2014-01-07 13:46:56 -0500[diff] [blame]58genfscon proc /sys/net u:object_r:proc_net:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]59genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
60genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
61genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0
62genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0
Stephen Smalleye6a7b372013-12-09 13:24:25 -0500[diff] [blame]63genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
Luis Hector Chavez64a05032017-02-23 14:40:56 -0800[diff] [blame]64genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
65genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
Tom Cherry8bdb1da2017-10-24 13:17:46 -0700[diff] [blame]66genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
Jeff Sharkeyc9605962015-05-14 20:55:31 -0700[diff] [blame]67genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
Jeff Vander Stoepbc1986f2016-06-27 15:38:25 -0700[diff] [blame]68genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
Daniel Micay5423db62016-07-29 14:48:19 -0400[diff] [blame]69genfscon proc /timer_list u:object_r:proc_timer:s0
70genfscon proc /timer_stats u:object_r:proc_timer:s0
Nick Kraleviche427a2b2017-01-04 08:43:09 -0800[diff] [blame]71genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
Connor O'Brienac3c61e2017-11-17 15:40:51 -0800[diff] [blame]72genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
Adam Lesinski3526a662015-05-12 17:14:35 -0700[diff] [blame]73genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
74genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
Jin Qiand3459062017-01-11 16:20:49 -0800[diff] [blame]75genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
Jeff Sharkey828433c2017-01-17 18:33:50 -0700[diff] [blame]76genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
Andres Oportus97b955d2017-06-07 10:39:11 -0700[diff] [blame]77genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
Marissa Wall80ee23f2017-11-10 14:10:19 -0800[diff] [blame]78genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0
79genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0
Tri Vo84e181b2017-11-05 15:35:16 -0800[diff] [blame]80genfscon proc /uptime u:object_r:proc_uptime:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]81genfscon proc /version u:object_r:proc_version:s0
82genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
Tri Vo06d7dca2018-01-10 12:51:51 -0800[diff] [blame]83genfscon proc /vmstat u:object_r:proc_vmstat:s0
Daniel Micay7078e8b2016-08-08 13:48:01 -0400[diff] [blame]84genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
Adam Lesinski3526a662015-05-12 17:14:35 -0700[diff] [blame]85
William Robertsdc107232012-07-11 16:46:38 -0700[diff] [blame]86# selinuxfs booleans can be individually labeled.
87genfscon selinuxfs / u:object_r:selinuxfs:s0
88genfscon cgroup / u:object_r:cgroup:s0
Chenbo Feng254ad0d2017-08-01 18:06:18 -0700[diff] [blame]89genfscon cgroup2 / u:object_r:cgroup_bpf:s0
William Robertsdc107232012-07-11 16:46:38 -0700[diff] [blame]90# sysfs labels can be set by userspace.
91genfscon sysfs / u:object_r:sysfs:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]92genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]93genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]94genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
Tri Voc135f0a2017-12-08 15:47:21 -0800[diff] [blame]95genfscon sysfs /class/net u:object_r:sysfs_net:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]96genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
97genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]98genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]99genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
Tao Bao5b4bea42017-10-05 13:50:07 -0700[diff] [blame]100genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]101genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
102genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
103genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
104genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
105genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
Tri Vo8dabc2c2017-10-01 15:53:01 -0700[diff] [blame]106genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]107genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
Tri Vo04fb82f2017-10-04 10:34:11 -0700[diff] [blame]108genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
Jin Qian4de505b2017-05-02 13:45:08 -0700[diff] [blame]109genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
Tri Vo0e3235f2017-12-06 17:00:59 +0000[diff] [blame]110genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]111genfscon sysfs /power/state u:object_r:sysfs_power:s0
112genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]113genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
114genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]115genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
Andreas Gampe9213fe02017-12-06 10:09:50 -0800[diff] [blame]116genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]117genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]118genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]119genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
120genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
121genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
122
123genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
124genfscon debugfs /tracing u:object_r:debugfs_tracing:s0
125genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
126genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
127genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
128genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
129genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
130genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
Yi Jinbc24ba72018-01-22 14:00:46 -0800[diff] [blame]131genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
Joel Galenson27c0aa72017-07-26 16:22:50 -0700[diff] [blame]132
133genfscon debugfs /tracing/events/sync/enable u:object_r:debugfs_tracing_debug:s0
134genfscon debugfs /tracing/events/workqueue/enable u:object_r:debugfs_tracing_debug:s0
135genfscon debugfs /tracing/events/regulator/enable u:object_r:debugfs_tracing_debug:s0
136genfscon debugfs /tracing/events/pagecache/enable u:object_r:debugfs_tracing_debug:s0
137genfscon debugfs /tracing/events/irq/enable u:object_r:debugfs_tracing_debug:s0
138genfscon debugfs /tracing/events/ipi/enable u:object_r:debugfs_tracing_debug:s0
139genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
140genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
141genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0
142genfscon debugfs /tracing/events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0
143genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0
144genfscon debugfs /tracing/events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0
145genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
146genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
147genfscon debugfs /tracing/events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0
148genfscon debugfs /tracing/events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0
149genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0
150
151genfscon tracefs /events/sync/enable u:object_r:debugfs_tracing_debug:s0
152genfscon tracefs /events/workqueue/enable u:object_r:debugfs_tracing_debug:s0
153genfscon tracefs /events/regulator/enable u:object_r:debugfs_tracing_debug:s0
154genfscon tracefs /events/pagecache/enable u:object_r:debugfs_tracing_debug:s0
155genfscon tracefs /events/irq/enable u:object_r:debugfs_tracing_debug:s0
156genfscon tracefs /events/ipi/enable u:object_r:debugfs_tracing_debug:s0
157genfscon tracefs /events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
158genfscon tracefs /events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
159genfscon tracefs /events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0
160genfscon tracefs /events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0
161genfscon tracefs /events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0
162genfscon tracefs /events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0
163genfscon tracefs /events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
164genfscon tracefs /events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
165genfscon tracefs /events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0
166genfscon tracefs /events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0
167genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0
168
William Robertsdc107232012-07-11 16:46:38 -0700[diff] [blame]169genfscon inotifyfs / u:object_r:inotify:s0
Stephen Smalley374b2a12014-07-08 14:45:09 -0400[diff] [blame]170genfscon vfat / u:object_r:vfat:s0
William Robertsdc107232012-07-11 16:46:38 -0700[diff] [blame]171genfscon debugfs / u:object_r:debugfs:s0
Christian Poetzsch4dafa722016-05-13 13:36:33 +0100[diff] [blame]172genfscon tracefs / u:object_r:debugfs_tracing:s0
Stephen Smalley374b2a12014-07-08 14:45:09 -0400[diff] [blame]173genfscon fuse / u:object_r:fuse:s0
Daniel Rosenbergc15090b2016-03-01 16:13:50 -0800[diff] [blame]174genfscon configfs / u:object_r:configfs:s0
175genfscon sdcardfs / u:object_r:sdcardfs:s0
Daniel Rosenberg9d0d6852017-10-23 18:20:09 -0700[diff] [blame]176genfscon esdfs / u:object_r:sdcardfs:s0
jaejyn.shin318e0c92014-04-10 13:32:54 +0900[diff] [blame]177genfscon pstore / u:object_r:pstorefs:s0
Nick Kralevich77cc0552014-04-15 14:53:05 -0700[diff] [blame]178genfscon functionfs / u:object_r:functionfs:s0
Nick Kralevich5a5fb852014-06-07 07:31:31 -0700[diff] [blame]179genfscon usbfs / u:object_r:usbfs:s0
Nick Kralevichfdc56c52015-04-10 17:42:49 -0700[diff] [blame]180genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
Chenbo Feng254ad0d2017-08-01 18:06:18 -0700[diff] [blame]181genfscon bpf / u:object_r:fs_bpf:s0