Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / refs/heads/android-15 / . / public / device.te
blob: 835b532a2183522b889949b43b36685720a0fed8 [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]1# Device types
2type device, dev_type, fs_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]3type ashmem_device, dev_type, mlstrustedobject;
Tri Voa7f61022019-09-24 14:43:00 -0700[diff] [blame]4type ashmem_libcutils_device, dev_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]5type audio_device, dev_type;
6type binder_device, dev_type, mlstrustedobject;
Charles Chen27a8f432023-04-20 16:38:30 +0000[diff] [blame]7type hwbinder_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
Martijn Coenene7d8f4c2017-03-21 16:01:52 -0700[diff] [blame]8type vndbinder_device, dev_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]9type block_device, dev_type;
Henri Chataing9ff34232023-01-04 16:55:23 +0000[diff] [blame]10type bt_device, dev_type;
Jeff Vander Stoep68339ac2016-04-23 16:34:03 -0700[diff] [blame]11type camera_device, dev_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]12type dm_device, dev_type;
Akilesh Kailash63a21042023-02-13 16:30:40 -0800[diff] [blame]13type ublk_block_device, dev_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]14type dm_user_device, dev_type;
Akilesh Kailash63a21042023-02-13 16:30:40 -0800[diff] [blame]15type ublk_control_device, dev_type;
Max Bires9e7a5b02017-01-09 14:57:03 -0800[diff] [blame]16type keychord_device, dev_type;
Jeff Sharkeya8e0f762017-03-25 21:38:17 -0600[diff] [blame]17type loop_control_device, dev_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]18type loop_device, dev_type;
Mark Salyzyn34d32ea2014-12-15 12:01:35 -0800[diff] [blame]19type pmsg_device, dev_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]20type radio_device, dev_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]21type ram_device, dev_type;
dcashmanc7594892015-05-18 14:01:37 -0700[diff] [blame]22type rtc_device, dev_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]23type vd_device, dev_type;
Stephen Smalley273d7ea2014-09-30 11:37:51 -0400[diff] [blame]24type vold_device, dev_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]25type console_device, dev_type;
Stephen Smalleyaf47ebb2013-11-04 09:47:29 -0500[diff] [blame]26type fscklogs, dev_type;
Stephen Smalley3ba90122013-12-12 09:09:53 -0500[diff] [blame]27# GPU (used by most UI apps)
Sandeep Bandaru702797d2024-09-20 14:55:25 +0000[diff] [blame]28type gpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]29type graphics_device, dev_type;
Alex Klyubin8d688312013-10-03 13:35:56 -0700[diff] [blame]30type hw_random_device, dev_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]31type input_device, dev_type;
Maxc27c23f2016-12-04 15:11:29 -0800[diff] [blame]32type port_device, dev_type;
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]33type lowpan_device, dev_type;
Stephen Smalleyc94e2392012-01-06 10:25:53 -0500[diff] [blame]34type mtp_device, dev_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]35type nfc_device, dev_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]36type ptmx_device, dev_type, mlstrustedobject;
Alan Stokesa0518b72020-10-27 11:28:00 +0000[diff] [blame]37type kmsg_device, dev_type, mlstrustedobject;
Josh Gao94e2a922017-03-28 13:09:37 -0700[diff] [blame]38type kmsg_debug_device, dev_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]39type null_device, dev_type, mlstrustedobject;
Stephen Smalleycbc52792014-09-11 15:51:28 -0400[diff] [blame]40type random_device, dev_type, mlstrustedobject;
Ruchi Kandoiea3cf002018-03-06 14:26:34 -0800[diff] [blame]41type secure_element_device, dev_type;
Robert Craig65d4f442013-03-27 06:30:25 -0400[diff] [blame]42type sensors_device, dev_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]43type serial_device, dev_type;
44type socket_device, dev_type;
Stephen Smalley74ba8c82013-04-05 14:22:27 -0400[diff] [blame]45type owntty_device, dev_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]46type tty_device, dev_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]47type video_device, dev_type;
Stephen Smalleycbc52792014-09-11 15:51:28 -0400[diff] [blame]48type zero_device, dev_type, mlstrustedobject;
Daichi Hironoa20802d2015-12-02 13:43:46 +0900[diff] [blame]49type fuse_device, dev_type, mlstrustedobject;
Robert Craigf62af812013-01-30 13:17:14 -0500[diff] [blame]50type iio_device, dev_type;
Charles Chen27a8f432023-04-20 16:38:30 +0000[diff] [blame]51type ion_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
Hridya Valsaraju8c9cf622020-12-14 22:57:49 -0800[diff] [blame]52type dmabuf_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
Charles Chen27a8f432023-04-20 16:38:30 +0000[diff] [blame]53type dmabuf_system_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject, isolated_compute_allowed_device;
Hridya Valsaraju8c9cf622020-12-14 22:57:49 -0800[diff] [blame]54type dmabuf_system_secure_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
Bart Searsdbca6252024-08-04 23:06:24 +0000[diff] [blame]55type qtaguid_device, dev_type;
rpcraigbac99922012-12-03 06:07:45 -0500[diff] [blame]56type watchdog_device, dev_type;
Christine Franks225fb932021-03-31 21:42:24 +0000[diff] [blame]57type uhid_device, dev_type, mlstrustedobject;
Stephen Smalley9fc0d402014-03-26 15:37:54 -0400[diff] [blame]58type uio_device, dev_type;
Robert Craig18b5f872013-01-07 09:21:18 -0500[diff] [blame]59type tun_device, dev_type, mlstrustedobject;
Stephen Smalleycbc52792014-09-11 15:51:28 -0400[diff] [blame]60type usbaccessory_device, dev_type, mlstrustedobject;
61type usb_device, dev_type, mlstrustedobject;
chrisweirccaaae42019-12-13 17:01:27 -0800[diff] [blame]62type usb_serial_device, dev_type;
Alistair Delva1a3ee382020-03-16 15:35:49 -0700[diff] [blame]63type gnss_device, dev_type;
Geremy Condrac529c662013-02-28 17:33:16 -0800[diff] [blame]64type properties_device, dev_type;
Tom Cherry949d7cb2015-12-01 16:58:27 -0800[diff] [blame]65type properties_serial, dev_type;
Tom Cherry8b5433a2017-11-16 14:25:02 -0800[diff] [blame]66type property_info, dev_type;
Daniel Norman4245d042023-11-30 23:28:04 +0000[diff] [blame]67type hidraw_device, dev_type;
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]68
69# All devices have a uart for the hci
70# attach service. The uart dev node
71# varies per device. This type
72# is used in per device policy
73type hci_attach_dev, dev_type;
hqjiangee5f4002012-07-11 11:21:05 -0700[diff] [blame]74
Robert Craig65d4f442013-03-27 06:30:25 -0400[diff] [blame]75# All devices have a rpmsg device for
hqjiangee5f4002012-07-11 11:21:05 -0700[diff] [blame]76# achieving remoteproc and rpmsg modules
77type rpmsg_device, dev_type;
Robert Craigdfef99a2014-02-19 20:16:13 -0500[diff] [blame]78
79# Partition layout block device
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]80type root_block_device, dev_type;
Andres Moralesd8447fd2014-07-09 15:18:32 -0700[diff] [blame]81
dcashmanf37ce3f2014-09-08 13:11:01 -0700[diff] [blame]82# factory reset protection block device
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]83type frp_block_device, dev_type;
Stephen Smalleydd053a92014-09-11 08:50:04 -0400[diff] [blame]84
Stephen Smalley206b1a62014-09-30 12:53:12 -0400[diff] [blame]85# System block device mounted on /system.
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]86# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]87type system_block_device, dev_type;
Stephen Smalley206b1a62014-09-30 12:53:12 -0400[diff] [blame]88
89# Recovery block device.
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]90# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]91type recovery_block_device, dev_type;
Stephen Smalley206b1a62014-09-30 12:53:12 -0400[diff] [blame]92
Nick Kralevicha8e073c2015-02-27 17:39:09 -0800[diff] [blame]93# boot block device.
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]94# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]95type boot_block_device, dev_type;
Nick Kralevicha8e073c2015-02-27 17:39:09 -0800[diff] [blame]96
Seungjae Yoo1b2d9de2023-08-14 09:11:38 +0900[diff] [blame]97# dtbo block device, type used for getting DTBO information for AVF.
98# Documented at https://source.android.com/docs/core/architecture/dto/partitions
99type dtbo_block_device, dev_type;
100
Stephen Smalleydd053a92014-09-11 08:50:04 -0400[diff] [blame]101# Userdata block device mounted on /data.
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]102# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]103type userdata_block_device, dev_type;
Stephen Smalleydd053a92014-09-11 08:50:04 -0400[diff] [blame]104
Jaegeuk Kimb5f16b22023-01-15 19:35:34 -0800[diff] [blame]105# Zoned block device.
106type zoned_block_device, dev_type;
107
Stephen Smalleydd053a92014-09-11 08:50:04 -0400[diff] [blame]108# Cache block device mounted on /cache.
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]109# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]110type cache_block_device, dev_type;
Stephen Smalley8a0c25e2014-09-23 09:11:30 -0400[diff] [blame]111
112# Block device for any swap partition.
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]113type swap_block_device, dev_type;
Stephen Smalley273d7ea2014-09-30 11:37:51 -0400[diff] [blame]114
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]115# Metadata block device mounted on /metadata, used for encryption metadata and
116# various other purposes.
117# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]118type metadata_block_device, dev_type;
David Zeuthena10f7892015-10-05 17:04:39 -0400[diff] [blame]119
120# The 'misc' partition used by recovery and A/B.
Eric Biggers9bf0a0c2022-04-15 02:18:37 +0000[diff] [blame]121# Documented at https://source.android.com/devices/bootloader/partitions
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]122type misc_block_device, dev_type;
Hridya Valsaraju4ae8fe92018-08-17 11:07:09 -0700[diff] [blame]123
124# 'super' partition to be used for logical partitioning.
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]125type super_block_device, super_block_device_type, dev_type;
David Anderson6557d872019-03-15 16:41:15 -0700[diff] [blame]126
127# sdcard devices; normally vold uses the vold_block_device label and creates a
128# separate device node. gsid, however, accesses the original devide node
129# created through uevents, so we use a separate label.
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]130type sdcard_block_device, dev_type;
Randall Huang10d42ce2021-02-19 07:45:02 +0800[diff] [blame]131
132# Userdata device file for filesystem tunables
133type userdata_sysdev, dev_type;
Jaegeuk Kimbe66c592022-03-06 00:47:06 -0800[diff] [blame]134
135# Root disk file for disk tunables
136type rootdisk_sysdev, dev_type;
Inseob Kim825056d2023-08-01 11:00:49 +0900[diff] [blame]137
138# vfio device
139type vfio_device, dev_type;
Inseob Kim09b27c72024-03-28 10:37:28 +0900[diff] [blame]140
141# system/sepolicy/public is for vendor-facing type and attribute definitions.
142# DO NOT ADD allow, neverallow, or dontaudit statements here.
143# Instead, add such policy rules to system/sepolicy/private/*.te.