Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / refs/heads/android-15 / . / public / file.te
blob: 94483a3bf1d34ebd750b8969afb7809e30e2c4cb [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]1# Filesystem types
2type labeledfs, fs_type;
3type pipefs, fs_type;
4type sockfs, fs_type;
5type rootfs, fs_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]6type proc, fs_type, proc_type;
Hridya Valsaraju004539e2019-12-08 12:11:01 -0800[diff] [blame]7type binderfs, fs_type;
8type binderfs_logs, fs_type;
9type binderfs_logs_proc, fs_type;
Li Li0b3f5852023-10-11 21:48:19 -0700[diff] [blame]10type binderfs_logs_stats, fs_type;
Inseob Kim3458c572024-04-22 15:43:18 +0900[diff] [blame]11
12starting_at_board_api(202504, `
13 type binderfs_logs_transactions, fs_type;
Steven Moreland248f0e02024-05-17 22:30:40 +0000[diff] [blame]14 type binderfs_logs_transaction_history, fs_type;
Inseob Kim3458c572024-04-22 15:43:18 +0900[diff] [blame]15')
16
Carlos Llamas75821322022-02-24 08:15:56 -0800[diff] [blame]17type binderfs_features, fs_type;
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]18# Security-sensitive proc nodes that should not be writable to most.
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]19type proc_security, fs_type, proc_type;
20type proc_drop_caches, fs_type, proc_type;
21type proc_overcommit_memory, fs_type, proc_type;
22type proc_min_free_order_shift, fs_type, proc_type;
Florian Mayer87b5e752019-05-16 19:47:04 +0100[diff] [blame]23type proc_kpageflags, fs_type, proc_type;
Martin Liu4db56b02021-07-01 12:10:26 +0800[diff] [blame]24type proc_watermark_boost_factor, fs_type, proc_type;
Martin Liu52aa5032023-11-06 22:35:45 +0800[diff] [blame]25type proc_percpu_pagelist_high_fraction, fs_type, proc_type;
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]26# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]27type usermodehelper, fs_type, proc_type;
Jeff Vander Stoepece21852017-07-12 10:37:57 -0700[diff] [blame]28type sysfs_usermodehelper, fs_type, sysfs_type;
Bart Searsdbca6252024-08-04 23:06:24 +0000[diff] [blame]29type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
30type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]31type proc_bluetooth_writable, fs_type, proc_type;
32type proc_abi, fs_type, proc_type;
33type proc_asound, fs_type, proc_type;
Devin Moore840d4f32021-02-17 09:30:52 -0800[diff] [blame]34type proc_bootconfig, fs_type, proc_type;
Maciej Żenczykowski3702f332021-11-11 01:51:15 -0800[diff] [blame]35type proc_bpf, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]36type proc_buddyinfo, fs_type, proc_type;
T.J. Mercier716260a2024-04-26 18:28:28 +0000[diff] [blame]37starting_at_board_api(202504, `
38 type proc_cgroups, fs_type, proc_type;
39')
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]40type proc_cmdline, fs_type, proc_type;
Alistair Delva6092d632021-10-28 20:31:44 -0700[diff] [blame]41type proc_cpu_alignment, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]42type proc_cpuinfo, fs_type, proc_type;
43type proc_dirty, fs_type, proc_type;
44type proc_diskstats, fs_type, proc_type;
45type proc_extra_free_kbytes, fs_type, proc_type;
46type proc_filesystems, fs_type, proc_type;
Xiaoyong Zhoua711d372019-03-08 15:47:22 -0800[diff] [blame]47type proc_fs_verity, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]48type proc_hostname, fs_type, proc_type;
49type proc_hung_task, fs_type, proc_type;
50type proc_interrupts, fs_type, proc_type;
51type proc_iomem, fs_type, proc_type;
Primiano Tuccicd452302020-10-09 09:15:10 +0100[diff] [blame]52type proc_kallsyms, fs_type, proc_type;
Xiaoyong Zhou2ebc63b2019-01-29 15:27:21 -0800[diff] [blame]53type proc_keys, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]54type proc_kmsg, fs_type, proc_type;
55type proc_loadavg, fs_type, proc_type;
Marco Ballesio3eabc1d2021-01-06 15:14:24 -0800[diff] [blame]56type proc_locks, fs_type, proc_type;
Jim Blackler3cfad102019-04-26 17:27:58 +0100[diff] [blame]57type proc_lowmemorykiller, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]58type proc_max_map_count, fs_type, proc_type;
59type proc_meminfo, fs_type, proc_type;
60type proc_misc, fs_type, proc_type;
61type proc_modules, fs_type, proc_type;
62type proc_mounts, fs_type, proc_type;
Jeff Vander Stoep7a4af302018-04-10 12:47:48 -0700[diff] [blame]63type proc_net, fs_type, proc_type, proc_net_type;
Jeff Vander Stoep42451772018-09-28 10:55:14 -0700[diff] [blame]64type proc_net_tcp_udp, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]65type proc_page_cluster, fs_type, proc_type;
66type proc_pagetypeinfo, fs_type, proc_type;
67type proc_panic, fs_type, proc_type;
68type proc_perf, fs_type, proc_type;
69type proc_pid_max, fs_type, proc_type;
70type proc_pipe_conf, fs_type, proc_type;
Suren Baghdasaryan53065d62018-05-10 15:36:59 -0700[diff] [blame]71type proc_pressure_cpu, fs_type, proc_type;
72type proc_pressure_io, fs_type, proc_type;
73type proc_pressure_mem, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]74type proc_random, fs_type, proc_type;
75type proc_sched, fs_type, proc_type;
Mark Salyzynd6eaed82018-06-14 07:34:19 -0700[diff] [blame]76type proc_slabinfo, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]77type proc_stat, fs_type, proc_type;
78type proc_swaps, fs_type, proc_type;
79type proc_sysrq, fs_type, proc_type;
80type proc_timer, fs_type, proc_type;
81type proc_tty_drivers, fs_type, proc_type;
82type proc_uid_cputime_showstat, fs_type, proc_type;
83type proc_uid_cputime_removeuid, fs_type, proc_type;
84type proc_uid_io_stats, fs_type, proc_type;
85type proc_uid_procstat_set, fs_type, proc_type;
86type proc_uid_time_in_state, fs_type, proc_type;
87type proc_uid_concurrent_active_time, fs_type, proc_type;
88type proc_uid_concurrent_policy_time, fs_type, proc_type;
89type proc_uid_cpupower, fs_type, proc_type;
90type proc_uptime, fs_type, proc_type;
91type proc_version, fs_type, proc_type;
92type proc_vmallocinfo, fs_type, proc_type;
93type proc_vmstat, fs_type, proc_type;
Suren Baghdasaryan69886772021-07-29 14:29:47 -0700[diff] [blame]94type proc_watermark_scale_factor, fs_type, proc_type;
Tri Vo41bf08e2018-02-15 18:07:18 -0800[diff] [blame]95type proc_zoneinfo, fs_type, proc_type;
Rick Yiub31ec342021-07-29 21:24:38 +0800[diff] [blame]96type proc_vendor_sched, proc_type, fs_type;
Stephen Smalleycbc52792014-09-11 15:51:28 -0400[diff] [blame]97type selinuxfs, fs_type, mlstrustedobject;
Martijn Coenenaa2cb512020-05-28 15:04:48 +0200[diff] [blame]98type fusectlfs, fs_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]99type cgroup, fs_type, mlstrustedobject;
Marco Ballesio8f280b02020-05-27 14:10:39 -0700[diff] [blame]100type cgroup_v2, fs_type;
Stephen Smalley9add1f02014-05-08 13:18:52 -0400[diff] [blame]101type sysfs, fs_type, sysfs_type, mlstrustedobject;
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]102type sysfs_android_usb, fs_type, sysfs_type;
Jeff Vander Stoepf2d07902016-03-25 07:52:22 -0700[diff] [blame]103type sysfs_uio, sysfs_type, fs_type;
dcashmana31755f2016-01-05 14:32:54 -0800[diff] [blame]104type sysfs_batteryinfo, fs_type, sysfs_type;
Stephen Smalley61c80d52012-11-16 09:06:47 -0500[diff] [blame]105type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
David Massoudc50fecd2021-04-16 20:02:06 +0800[diff] [blame]106type sysfs_devfreq_cur, fs_type, sysfs_type;
107type sysfs_devfreq_dir, fs_type, sysfs_type;
Bart Van Assche4374a1f2021-10-08 09:30:42 -0700[diff] [blame]108type sysfs_devices_block, fs_type, sysfs_type;
Tao Bao5b4bea42017-10-05 13:50:07 -0700[diff] [blame]109type sysfs_dm, fs_type, sysfs_type;
Martijn Coenend38fa3f2019-12-16 13:39:15 +0100[diff] [blame]110type sysfs_dm_verity, fs_type, sysfs_type;
Hridya Valsaraju2c3ef292021-02-01 10:25:05 -0800[diff] [blame]111type sysfs_dma_heap, fs_type, sysfs_type;
Hridya Valsaraju6217b662021-01-10 21:09:37 -0800[diff] [blame]112type sysfs_dmabuf_stats, fs_type, sysfs_type;
Tri Vo04fb82f2017-10-04 10:34:11 -0700[diff] [blame]113type sysfs_dt_firmware_android, fs_type, sysfs_type;
Nick Chalko4ccc8562019-02-15 12:15:21 -0800[diff] [blame]114type sysfs_extcon, fs_type, sysfs_type;
Suren Baghdasaryan4da970f2019-11-17 14:41:33 -0800[diff] [blame]115type sysfs_ion, fs_type, sysfs_type;
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]116type sysfs_ipv4, fs_type, sysfs_type;
Andreas Gampe9213fe02017-12-06 10:09:50 -0800[diff] [blame]117type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
Steven Moreland62aee3b2017-01-04 17:56:04 -0800[diff] [blame]118type sysfs_leds, fs_type, sysfs_type;
Martijn Coenend7bf9212018-12-18 15:38:59 +0100[diff] [blame]119type sysfs_loop, fs_type, sysfs_type;
Jason Macnaka9339802022-02-24 18:32:16 +0000[diff] [blame]120type sysfs_gpu, fs_type, sysfs_type;
dcashman85c0f8a2016-03-11 15:23:49 -0800[diff] [blame]121type sysfs_hwrandom, fs_type, sysfs_type;
Stephen Smalleyf7948232012-03-19 15:56:01 -0400[diff] [blame]122type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
William Robertsec7d39b2013-09-28 18:46:21 -0400[diff] [blame]123type sysfs_wake_lock, fs_type, sysfs_type;
Tri Voe62a56b2017-10-01 15:53:01 -0700[diff] [blame]124type sysfs_net, fs_type, sysfs_type;
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]125type sysfs_power, fs_type, sysfs_type;
126type sysfs_rtc, fs_type, sysfs_type;
Tri Vo5f1ac022019-11-07 13:37:34 -0800[diff] [blame]127type sysfs_suspend_stats, fs_type, sysfs_type;
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]128type sysfs_switch, fs_type, sysfs_type;
Steve Muckle75603e32023-10-03 22:31:22 +0000[diff] [blame]129type sysfs_sync_on_suspend, fs_type, sysfs_type;
Tri Vod6c5ff52019-03-13 12:06:01 -0700[diff] [blame]130type sysfs_transparent_hugepage, fs_type, sysfs_type;
Kalesh Singh98f63492022-04-06 16:36:58 -0700[diff] [blame]131type sysfs_lru_gen_enabled, fs_type, sysfs_type;
Tri Vo422fb982018-03-21 10:43:30 -0700[diff] [blame]132type sysfs_usb, fs_type, sysfs_type;
Tri Vo5f1ac022019-11-07 13:37:34 -0800[diff] [blame]133type sysfs_wakeup, fs_type, sysfs_type;
Tri Vo19602152017-10-09 20:39:34 -0700[diff] [blame]134type sysfs_wakeup_reasons, fs_type, sysfs_type;
Jin Qian5f573ab2017-05-02 13:45:08 -0700[diff] [blame]135type sysfs_fs_ext4_features, sysfs_type, fs_type;
Daniel Rosenberg46c50682019-02-15 14:29:05 -0800[diff] [blame]136type sysfs_fs_f2fs, sysfs_type, fs_type;
Paul Lawrencee3e26b72021-11-12 00:53:26 +0000[diff] [blame]137type sysfs_fs_fuse_bpf, sysfs_type, fs_type;
Paul Lawrence6b5da952023-03-01 14:32:25 -0800[diff] [blame]138type sysfs_fs_fuse_features, sysfs_type, fs_type;
Yurii Zubrytskyi80dfa062021-01-14 21:01:25 -0800[diff] [blame]139type sysfs_fs_incfs_features, sysfs_type, fs_type;
Songchun Fan633f7ca2021-05-04 22:40:23 -0700[diff] [blame]140type sysfs_fs_incfs_metrics, sysfs_type, fs_type;
Rick Yiub31ec342021-07-29 21:24:38 +0800[diff] [blame]141type sysfs_vendor_sched, sysfs_type, fs_type;
142userdebug_or_eng(`
143 typeattribute sysfs_vendor_sched mlstrustedobject;
144')
Maciej Żenczykowskib13921c2022-05-21 05:03:29 -0700[diff] [blame]145type fs_bpf, fs_type, bpffs_type;
146# TODO: S+ fs_bpf_tethering (used by mainline) should be private
147type fs_bpf_tethering, fs_type, bpffs_type;
148type fs_bpf_vendor, fs_type, bpffs_type;
Inseob Kim3458c572024-04-22 15:43:18 +0900[diff] [blame]149
Daniel Rosenberg47fb4b92016-03-01 16:13:50 -0800[diff] [blame]150type configfs, fs_type;
Yi Kongcdacc622020-08-31 15:24:40 +0800[diff] [blame]151# /sys/devices/cs_etm
152type sysfs_devices_cs_etm, fs_type, sysfs_type;
Nick Kralevichc4a3b512013-10-23 09:08:23 -0700[diff] [blame]153# /sys/devices/system/cpu
154type sysfs_devices_system_cpu, fs_type, sysfs_type;
Nick Kralevich5467fce2014-02-13 12:19:50 -0800[diff] [blame]155# /sys/module/lowmemorykiller
156type sysfs_lowmemorykiller, fs_type, sysfs_type;
Christopher Wiley97db27d2016-06-30 14:23:12 -0700[diff] [blame]157# /sys/module/wlan/parameters/fwpath
158type sysfs_wlan_fwpath, fs_type, sysfs_type;
Prashant Malanib32b4a12016-10-11 11:01:49 -0700[diff] [blame]159type sysfs_vibrator, fs_type, sysfs_type;
Chris Yec0e72062020-11-20 19:17:22 -0800[diff] [blame]160type sysfs_uhid, fs_type, sysfs_type;
dcashman98eff7c2016-03-24 09:23:54 -0700[diff] [blame]161type sysfs_thermal, sysfs_type, fs_type;
162
dcashman36f255f2016-01-04 14:23:23 -0800[diff] [blame]163type sysfs_zram, fs_type, sysfs_type;
164type sysfs_zram_uevent, fs_type, sysfs_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]165type inotify, fs_type, mlstrustedobject;
Stephen Smalleye8848722012-11-13 13:00:05 -0500[diff] [blame]166type devpts, fs_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]167type tmpfs, fs_type;
168type shm, fs_type;
169type mqueue, fs_type;
Thiébaud Weksteen9ec53272021-06-23 10:21:49 +0200[diff] [blame]170type fuse, fusefs_type, fs_type, mlstrustedobject;
Alfred Piccioni30ae4272023-01-17 18:22:34 +0100[diff] [blame]171type fuseblk, sdcard_type, fusefs_type, fs_type, mlstrustedobject;
Daniel Rosenberg47fb4b92016-03-01 16:13:50 -0800[diff] [blame]172type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
Stephen Smalley374b2a12014-07-08 14:45:09 -0400[diff] [blame]173type vfat, sdcard_type, fs_type, mlstrustedobject;
Jeff Sharkey000cafc2018-03-30 12:22:54 -0600[diff] [blame]174type exfat, sdcard_type, fs_type, mlstrustedobject;
Jeff Vander Stoepb5969072017-06-25 15:35:54 -0700[diff] [blame]175type debugfs, fs_type, debugfs_type;
Jeff Vander Stoepbd3fd0e2020-06-10 12:27:12 +0200[diff] [blame]176type debugfs_kprobes, fs_type, debugfs_type;
ynwang9fa88232016-06-17 15:05:10 -0700[diff] [blame]177type debugfs_mmc, fs_type, debugfs_type;
Hridya Valsaraju23f9f512021-05-04 22:01:51 -0700[diff] [blame]178type debugfs_mm_events_tracing, fs_type, debugfs_type, tracefs_type;
179type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject, tracefs_type;
180type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject, tracefs_type;
181type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject, tracefs_type;
182type debugfs_tracing_instances, fs_type, debugfs_type, tracefs_type;
183type debugfs_tracing_printk_formats, fs_type, debugfs_type, tracefs_type;
Yi Jinbc24ba72018-01-22 14:00:46 -0800[diff] [blame]184type debugfs_wakeup_sources, fs_type, debugfs_type;
Hridya Valsaraju23f9f512021-05-04 22:01:51 -0700[diff] [blame]185type debugfs_wifi_tracing, fs_type, debugfs_type, tracefs_type;
A. Cody Schuffelen71b0b852020-02-18 15:26:44 -0800[diff] [blame]186type securityfs, fs_type;
Carmen Jackson25788df2017-04-14 12:12:50 -0700[diff] [blame]187
jaejyn.shin318e0c92014-04-10 13:32:54 +0900[diff] [blame]188type pstorefs, fs_type;
Jerry Zhangf921dd92016-09-22 11:07:50 -0700[diff] [blame]189type functionfs, fs_type, mlstrustedobject;
Stephen Smalleyd2503ba2014-05-30 08:49:51 -0400[diff] [blame]190type oemfs, fs_type, contextmount_type;
Nick Kralevich5a5fb852014-06-07 07:31:31 -0700[diff] [blame]191type usbfs, fs_type;
Nick Kralevichfdc56c52015-04-10 17:42:49 -0700[diff] [blame]192type binfmt_miscfs, fs_type;
Thiébaud Weksteen9ec53272021-06-23 10:21:49 +0200[diff] [blame]193type app_fusefs, fs_type, fusefs_type, contextmount_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]194
195# File types
196type unlabeled, file_type;
Sandeep Patil277a20e2017-04-01 17:17:12 -0700[diff] [blame]197
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]198# Default type for anything under /system.
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]199type system_file, system_file_type, file_type;
Tri Vo93318192018-10-06 16:16:46 -0700[diff] [blame]200# Default type for /system/asan.options
201type system_asan_options_file, system_file_type, file_type;
Steven Morelandb7246ac2019-01-10 13:59:37 -0800[diff] [blame]202# Type for /system/etc/event-log-tags (liblog implementation detail)
203type system_event_log_tags_file, system_file_type, file_type;
Tri Vo5c1fe612018-08-11 15:34:49 -0700[diff] [blame]204# Default type for anything under /system/lib[64].
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]205type system_lib_file, system_file_type, file_type;
Jiyong Parka0f998e2019-03-15 02:45:33 +0900[diff] [blame]206# system libraries that are available only to bootstrap processes
207type system_bootstrap_lib_file, system_file_type, file_type;
Tom Cherryda05f1d2019-07-15 13:33:48 -0700[diff] [blame]208# Default type for the group file /system/etc/group.
209type system_group_file, system_file_type, file_type;
Tri Vo5c1fe612018-08-11 15:34:49 -0700[diff] [blame]210# Default type for linker executable /system/bin/linker[64].
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]211type system_linker_exec, system_file_type, file_type;
Tri Vo5c1fe612018-08-11 15:34:49 -0700[diff] [blame]212# Default type for linker config /system/etc/ld.config.*.
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]213type system_linker_config_file, system_file_type, file_type;
Tom Cherryda05f1d2019-07-15 13:33:48 -0700[diff] [blame]214# Default type for the passwd file /system/etc/passwd.
215type system_passwd_file, system_file_type, file_type;
Tri Vo5c1fe612018-08-11 15:34:49 -0700[diff] [blame]216# Default type for linker config /system/etc/seccomp_policy/*.
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]217type system_seccomp_policy_file, system_file_type, file_type;
Tri Vo5c1fe612018-08-11 15:34:49 -0700[diff] [blame]218# Default type for cacerts in /system/etc/security/cacerts/*.
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]219type system_security_cacerts_file, system_file_type, file_type;
Tri Voe8b33c32018-10-11 10:49:59 -0700[diff] [blame]220# Default type for /system/bin/tcpdump.
221type tcpdump_exec, system_file_type, exec_type, file_type;
Nick Kralevichff1c7652018-09-27 08:45:16 -0700[diff] [blame]222# Default type for zoneinfo files in /system/usr/share/zoneinfo/*.
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]223type system_zoneinfo_file, system_file_type, file_type;
T.J. Mercier55c17f22024-10-17 22:21:21 +0000[diff] [blame]224# Cgroups description file under /system/etc/cgroups.json or
225# API file under /system/etc/task_profiles/cgroups_*.json
Suren Baghdasaryan561ce802019-01-10 17:10:31 -0800[diff] [blame]226type cgroup_desc_file, system_file_type, file_type;
T.J. Mercier55c17f22024-10-17 22:21:21 +0000[diff] [blame]227until_board_api(202504, `
228 # Cgroups description file under /system/etc/task_profiles/cgroups_*.json
229 type cgroup_desc_api_file, system_file_type, file_type;
230')
Suren Baghdasaryan6155b2f2019-02-19 15:02:14 -0800[diff] [blame]231# Vendor cgroups description file under /vendor/etc/cgroups.json
232type vendor_cgroup_desc_file, vendor_file_type, file_type;
T.J. Mercierd85b55d2024-10-17 22:42:00 +0000[diff] [blame]233# Task profiles file under /system/etc/task_profiles.json or
234# API file under /system/etc/task_profiles/task_profiles_*.json
Suren Baghdasaryan561ce802019-01-10 17:10:31 -0800[diff] [blame]235type task_profiles_file, system_file_type, file_type;
T.J. Mercierd85b55d2024-10-17 22:42:00 +0000[diff] [blame]236until_board_api(202504, `
237 # Task profiles file under /system/etc/task_profiles/task_profiles_*.json
238 type task_profiles_api_file, system_file_type, file_type;
239')
Suren Baghdasaryan6155b2f2019-02-19 15:02:14 -0800[diff] [blame]240# Vendor task profiles file under /vendor/etc/task_profiles.json
241type vendor_task_profiles_file, vendor_file_type, file_type;
Martin Stjernholmd7951d22019-07-17 15:48:30 +0100[diff] [blame]242# Type for /system/apex/com.android.art
243type art_apex_dir, system_file_type, file_type;
Kiyoung Kim00cf2fb2019-11-22 14:56:10 +0900[diff] [blame]244# /linkerconfig(/.*)?
245type linkerconfig_file, file_type;
Songchun Fanb1512f32020-02-12 18:16:09 -0800[diff] [blame]246# Control files under /data/incremental
247type incremental_control_file, file_type, data_file_type, core_data_file_type;
Håkan Kvist1f915b42024-02-15 08:34:47 +0100[diff] [blame]248# /oem/media/bootanimation.zip|shutdownanimation.zip|userspace-reboot.zip
249type bootanim_oem_file, file_type, system_file_type;
Sandeep Patil277a20e2017-04-01 17:17:12 -0700[diff] [blame]250
251# Default type for directories search for
252# HAL implementations
253type vendor_hal_file, vendor_file_type, file_type;
254# Default type for under /vendor or /system/vendor
255type vendor_file, vendor_file_type, file_type;
256# Default type for everything in /vendor/app
257type vendor_app_file, vendor_file_type, file_type;
258# Default type for everything under /vendor/etc/
259type vendor_configs_file, vendor_file_type, file_type;
Tri Vod98b7282018-08-08 10:02:12 -0700[diff] [blame]260# Default type for all *same process* HALs and their lib/bin dependencies.
Sandeep Patil277a20e2017-04-01 17:17:12 -0700[diff] [blame]261# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so
262type same_process_hal_file, vendor_file_type, file_type;
Jiyong Parkba23c8f2017-04-10 13:37:40 +0900[diff] [blame]263# Default type for vndk-sp libs. /vendor/lib/vndk-sp
264type vndk_sp_file, vendor_file_type, file_type;
Sandeep Patil277a20e2017-04-01 17:17:12 -0700[diff] [blame]265# Default type for everything in /vendor/framework
266type vendor_framework_file, vendor_file_type, file_type;
267# Default type for everything in /vendor/overlay
268type vendor_overlay_file, vendor_file_type, file_type;
Tri Vo29497b62018-04-30 14:38:21 -0700[diff] [blame]269# Type for all vendor public libraries. These libs should only be exposed to
270# apps. ABI stability of these libs is vendor's responsibility.
271type vendor_public_lib_file, vendor_file_type, file_type;
Dorin Drimus84cd7082021-01-25 13:57:56 +0100[diff] [blame]272# Type for all vendor public libraries for system. These libs should only be exposed to
273# system. ABI stability of these libs is vendor's responsibility.
274type vendor_public_framework_file, vendor_file_type, file_type;
Seungjae Yood2a08922023-11-15 17:59:30 +0900[diff] [blame]275# Type for all microdroid related files in the vendor partition.
Seungjae Yooed25d942023-11-27 15:01:40 +0900[diff] [blame]276# Files having this type should be read-only.
Seungjae Yood2a08922023-11-15 17:59:30 +0900[diff] [blame]277type vendor_microdroid_file, vendor_file_type, file_type;
Sandeep Patil277a20e2017-04-01 17:17:12 -0700[diff] [blame]278
Pawan Waghb0718822024-04-29 22:03:20 +0000[diff] [blame]279starting_at_board_api(202504, `
280 # boot otas for 16KB developer option
281 type vendor_boot_ota_file, vendor_file_type, file_type;
282')
283
Siarhei Vishniakou3639f572018-10-08 12:04:15 -0700[diff] [blame]284# Input configuration
285type vendor_keylayout_file, vendor_file_type, file_type;
286type vendor_keychars_file, vendor_file_type, file_type;
287type vendor_idc_file, vendor_file_type, file_type;
288
Rajesh Nyamagoudce542662021-11-18 22:59:29 +0000[diff] [blame]289# Type for vendor uuid mapping config file
290type vendor_uuid_mapping_config_file, vendor_file_type, file_type;
291
Jiyong Park3fee5a42021-08-09 09:24:45 +0900[diff] [blame]292# SoC-specific virtual machine disk files
293type vendor_vm_file, vendor_file_type, file_type;
294# SoC-specific virtual machine disk files that are mutable
295type vendor_vm_data_file, vendor_file_type, file_type;
296
Paul Crowley42bd1632018-04-20 11:14:49 -0700[diff] [blame]297# /metadata partition itself
298type metadata_file, file_type;
299# Vold files within /metadata
Paul Crowleyd9a4e062018-02-01 10:15:34 -0800[diff] [blame]300type vold_metadata_file, file_type;
David Andersondb90b912019-01-22 19:05:29 -0800[diff] [blame]301# GSI files within /metadata
Yi-Yo Chiang806898d2021-03-22 13:46:12 +0800[diff] [blame]302type gsi_metadata_file, gsi_metadata_file_type, file_type;
303# DSU (GSI) files within /metadata that are globally readable.
304type gsi_public_metadata_file, gsi_metadata_file_type, file_type;
David Andersond99b7fd2019-02-28 14:11:34 -0800[diff] [blame]305# system_server shares Weaver slot information in /metadata
306type password_slot_metadata_file, file_type;
Martijn Coenen5fbbf262019-03-12 16:37:13 +0100[diff] [blame]307# APEX files within /metadata
308type apex_metadata_file, file_type;
David Andersonc1bc8732019-07-08 19:03:59 -0700[diff] [blame]309# libsnapshot files within /metadata
310type ota_metadata_file, file_type;
Mark Salyzyn79f9ca62019-05-23 12:49:42 -0700[diff] [blame]311# property files within /metadata/bootstat
312type metadata_bootstat_file, file_type;
Gavin Corkeryed62b312020-06-02 10:47:16 +0100[diff] [blame]313# userspace reboot files within /metadata/userspacereboot
314type userspace_reboot_metadata_file, file_type;
Mohammad Samiul Islam476d6162020-05-19 12:43:18 +0100[diff] [blame]315# Staged install files within /metadata/staged-install
316type staged_install_file, file_type;
Gavin Corkeryb0aae282020-12-05 17:25:35 +0000[diff] [blame]317# Metadata information within /metadata/watchdog
318type watchdog_metadata_file, file_type;
Rhed Jaoebe13162023-05-25 06:59:05 +0000[diff] [blame]319# Repair mode files within /metadata/repair-mode
320type repair_mode_metadata_file, file_type;
Dennis Shen6c8210d2024-02-13 03:18:32 +0000[diff] [blame]321# Aconfig storage file
322type aconfig_storage_metadata_file, file_type;
323# Aconfig storage flag value persistent copy
324type aconfig_storage_flags_metadata_file, file_type;
Paul Crowleyd9a4e062018-02-01 10:15:34 -0800[diff] [blame]325
Haibo Huang544a0d52018-11-05 15:03:16 -0800[diff] [blame]326# Type for /dev/cpu_variant:.*.
327type dev_cpu_variant, file_type;
Mark Salyzynd33a9a12016-11-07 15:11:39 -0800[diff] [blame]328# Speedup access for trusted applications to the runtime event tags
329type runtime_event_log_tags_file, file_type;
Stephen Smalley54e9bc42014-09-04 08:44:49 -0400[diff] [blame]330# Type for /system/bin/logcat.
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]331type logcat_exec, system_file_type, exec_type, file_type;
Suren Baghdasaryan561ce802019-01-10 17:10:31 -0800[diff] [blame]332# Speedup access to cgroup map file
333type cgroup_rc_file, file_type;
Nick Kralevichca62a8b2014-10-31 12:40:12 -0700[diff] [blame]334# /cores for coredumps on userdebug / eng builds
335type coredump_file, file_type;
Paul Crowleyaed0f762019-08-01 15:57:47 -0700[diff] [blame]336# Type of /data itself
337type system_data_root_file, file_type, data_file_type, core_data_file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]338# Default type for anything under /data.
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]339type system_data_file, file_type, data_file_type, core_data_file_type;
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]340# Default type for directories containing per-user encrypted directories, such
341# as /data/user and /data/user_de.
342type system_userdir_file, file_type, data_file_type, core_data_file_type;
Florian Mayer4ab64c92019-03-19 18:14:38 +0000[diff] [blame]343# Type for /data/system/packages.list.
344# TODO(b/129332765): Narrow down permissions to this.
345# Find out users of system_data_file that should be granted only this.
346type packages_list_file, file_type, data_file_type, core_data_file_type;
Andy Yu8337d042022-03-25 11:08:59 -0700[diff] [blame]347type game_mode_intervention_list_file, file_type, data_file_type, core_data_file_type;
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]348# Default type for anything inside /data/vendor_{ce,de}.
Jeff Vander Stoepd25ccab2018-02-07 16:29:06 -0800[diff] [blame]349type vendor_data_file, file_type, data_file_type;
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]350# Type for /data/vendor_{ce,de} themselves. This has core_data_file_type
351# because these directories themselves are platform-managed; only the files
352# *inside* them are vendor data. (Somewhat similar to system_data_root_file.)
353type vendor_userdir_file, file_type, data_file_type, core_data_file_type;
Paul Lawrence38af1da2015-03-11 15:44:14 -0700[diff] [blame]354# Unencrypted data
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]355type unencrypted_data_file, file_type, data_file_type, core_data_file_type;
Paul Crowley04023ad2019-08-16 13:41:55 -0700[diff] [blame]356# installd-create files in /data/misc/installd such as layout_version
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]357type install_data_file, file_type, data_file_type, core_data_file_type;
Stephen Smalleyc83d0082012-03-07 14:59:01 -0500[diff] [blame]358# /data/drm - DRM plugin data
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]359type drm_data_file, file_type, data_file_type, core_data_file_type;
Nick Kralevich973877d2014-10-20 21:56:02 -0700[diff] [blame]360# /data/adb - adb debugging files
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]361type adb_data_file, file_type, data_file_type, core_data_file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]362# /data/anr - ANR traces
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]363type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]364# /data/tombstones - core dumps
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]365type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
xshu6ad3c892017-12-15 14:01:44 -0800[diff] [blame]366# /data/vendor/tombstones/wifi - vendor wifi dumps
367type tombstone_wifi_data_file, file_type, data_file_type;
Martijn Coenenac097ac2018-08-17 09:35:42 +0200[diff] [blame]368# /data/apex - APEX data files
369type apex_data_file, file_type, data_file_type, core_data_file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]370# /data/app - user-installed apps
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]371type apk_data_file, file_type, data_file_type, core_data_file_type;
372type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Robert Craigffd8c442013-04-03 14:21:46 -0400[diff] [blame]373# /data/app-private - forward-locked apps
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]374type apk_private_data_file, file_type, data_file_type, core_data_file_type;
375type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]376# /data/dalvik-cache
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]377type dalvikcache_data_file, file_type, data_file_type, core_data_file_type;
Andreas Gampe47ebae12015-12-02 21:23:30 -0800[diff] [blame]378# /data/ota
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]379type ota_data_file, file_type, data_file_type, core_data_file_type;
Tao Baoe06ed7d2016-05-24 21:07:48 -0700[diff] [blame]380# /data/ota_package
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]381type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Calin Juravle89625c92016-02-01 19:28:39 +0000[diff] [blame]382# /data/misc/profiles
Alan Stokes7aa40412020-12-04 14:07:52 +0000[diff] [blame]383type user_profile_root_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]384type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
David Sehra5d07922016-05-27 12:41:35 -0700[diff] [blame]385# /data/misc/profman
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]386type profman_dump_data_file, file_type, data_file_type, core_data_file_type;
Jerry Chang5594f302020-01-02 16:14:48 +0800[diff] [blame]387# /data/misc/prereboot
388type prereboot_data_file, file_type, data_file_type, core_data_file_type;
Nick Kralevichfad4d5f2014-06-16 14:19:31 -0700[diff] [blame]389# /data/resource-cache
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]390type resourcecache_data_file, file_type, data_file_type, core_data_file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]391# /data/local - writable by shell
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]392type shell_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
Stephen Smalleyad0d0fc2014-05-29 09:22:16 -0400[diff] [blame]393# /data/property
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]394type property_data_file, file_type, data_file_type, core_data_file_type;
Yongqin Liucc38e6d2014-12-05 13:40:22 +0800[diff] [blame]395# /data/bootchart
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]396type bootchart_data_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4d3ee1a2018-04-16 07:49:49 -0700[diff] [blame]397# /data/system/dropbox
398type dropbox_data_file, file_type, data_file_type, core_data_file_type;
Nick Kralevich8a06c072015-04-07 16:40:44 -0700[diff] [blame]399# /data/system/heapdump
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]400type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Nick Kraleviche9d261f2015-10-28 16:45:58 -0700[diff] [blame]401# /data/nativetest
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]402type nativetest_data_file, file_type, data_file_type, core_data_file_type;
Colin Crossda4e51b2020-08-31 16:11:11 -0700[diff] [blame]403# /data/local/tests
404type shell_test_data_file, file_type, data_file_type, core_data_file_type;
Jeff Sharkey62bb52c2016-02-22 17:50:01 -0700[diff] [blame]405# /data/system_de/0/ringtones
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]406type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Fyodor Kupolov49ac2a32016-05-20 11:08:45 -0700[diff] [blame]407# /data/preloads
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]408type preloads_data_file, file_type, data_file_type, core_data_file_type;
Fyodor Kupolovb238fe62017-03-14 11:42:03 -0700[diff] [blame]409# /data/preloads/media
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]410type preloads_media_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep50563c02017-03-29 15:50:32 -0700[diff] [blame]411# /data/misc/dhcp and /data/misc/dhcp-6.8.2
412type dhcp_data_file, file_type, data_file_type, core_data_file_type;
Hongyi Zhangb965e3c2018-11-08 16:46:19 -0800[diff] [blame]413# /data/server_configurable_flags
414type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type;
Gavin Corkery64b812c2019-02-27 11:21:20 +0000[diff] [blame]415# /data/app-staging
Dario Freni274c1de2019-01-02 14:20:52 +0000[diff] [blame]416type staging_data_file, file_type, data_file_type, core_data_file_type;
Jooyung Hanea61d192019-04-24 10:45:40 +0900[diff] [blame]417# /vendor/apex
418type vendor_apex_file, vendor_file_type, file_type;
Jooyung Hanb6211b82023-05-31 17:51:14 +0900[diff] [blame]419# apex_manifest.pb in vendor apex
420type vendor_apex_metadata_file, vendor_file_type, file_type;
Woody Lin35541e12023-02-06 16:32:45 +0800[diff] [blame]421# /data/system/shutdown-checkpoints
422type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type;
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]423
Jeff Sharkeyf063f462015-03-27 11:25:39 -0700[diff] [blame]424# Mount locations managed by vold
425type mnt_media_rw_file, file_type;
426type mnt_user_file, file_type;
Zimfcf599c2020-01-13 20:42:37 +0000[diff] [blame]427type mnt_pass_through_file, file_type;
Jeff Sharkey73d9c2a2015-04-06 16:21:54 -0700[diff] [blame]428type mnt_expand_file, file_type;
Tri Vo8eff3e22019-04-11 15:23:24 -0700[diff] [blame]429type mnt_sdcard_file, file_type;
Jeff Sharkeyf063f462015-03-27 11:25:39 -0700[diff] [blame]430type storage_file, file_type;
431
432# Label for storage dirs which are just mount stubs
433type mnt_media_rw_stub_file, file_type;
434type storage_stub_file, file_type;
435
Tri Vo210a8052018-04-10 20:49:45 -0700[diff] [blame]436# Mount location for read-write vendor partitions.
437type mnt_vendor_file, file_type;
438
Bowgo Tsaic2870322018-06-29 10:10:00 +0800[diff] [blame]439# Mount location for read-write product partitions.
440type mnt_product_file, file_type;
441
Martijn Coenenac097ac2018-08-17 09:35:42 +0200[diff] [blame]442# Mount point used for APEX images
443type apex_mnt_dir, file_type;
444
Jiyong Park93a99cf2020-05-11 20:49:07 +0900[diff] [blame]445# /apex/apex-info-list.xml created by apexd
446type apex_info_file, file_type;
447
Alex Deymoa52b5612016-03-01 16:14:45 -0800[diff] [blame]448# /postinstall: Mount point used by update_engine to run postinstall.
449type postinstall_mnt_dir, file_type;
450# Files inside the /postinstall mountpoint are all labeled as postinstall_file.
Alex Deymoa9671c62016-04-05 16:07:25 -0700[diff] [blame]451type postinstall_file, file_type;
Roland Levillaina42ebf42019-01-24 14:32:17 +0000[diff] [blame]452# /postinstall/apex: Mount point used for APEX images within /postinstall.
453type postinstall_apex_mnt_dir, file_type;
Alex Deymoa52b5612016-03-01 16:14:45 -0800[diff] [blame]454
Ricky Wai5b1b4232019-12-13 12:30:26 +0000[diff] [blame]455# /data_mirror: Contains mirror directory for storing all apps data.
456type mirror_data_file, file_type, core_data_file_type;
457
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]458# /data/misc subdirectories
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]459type adb_keys_file, file_type, data_file_type, core_data_file_type;
Alan Stokesfa10a142021-07-12 14:21:48 +0100[diff] [blame]460type apex_system_server_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
Oli Lan79b4e1a2019-11-19 18:10:16 +0000[diff] [blame]461type apex_module_data_file, file_type, data_file_type, core_data_file_type;
Kelvin Zhanga1e58812021-01-28 16:14:20 -0500[diff] [blame]462type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type;
Oli Lan91ce5b92019-12-02 18:29:48 +0000[diff] [blame]463type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
Andrei Onea850842f2020-12-23 15:21:23 +0000[diff] [blame]464type appcompat_data_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]465type audio_data_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]466type audioserver_data_file, file_type, data_file_type, core_data_file_type;
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]467type bluetooth_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]468type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type;
469type bootstat_data_file, file_type, data_file_type, core_data_file_type;
470type boottrace_data_file, file_type, data_file_type, core_data_file_type;
471type camera_data_file, file_type, data_file_type, core_data_file_type;
David Zeuthen02bf8142020-01-17 16:47:53 -0500[diff] [blame]472type credstore_data_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]473type gatekeeper_data_file, file_type, data_file_type, core_data_file_type;
474type incident_data_file, file_type, data_file_type, core_data_file_type;
475type keychain_data_file, file_type, data_file_type, core_data_file_type;
476type keystore_data_file, file_type, data_file_type, core_data_file_type;
477type media_data_file, file_type, data_file_type, core_data_file_type;
478type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]479type media_userdir_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]480type misc_user_data_file, file_type, data_file_type, core_data_file_type;
481type net_data_file, file_type, data_file_type, core_data_file_type;
Ricky Waiff3b9572017-12-14 09:56:32 +0000[diff] [blame]482type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]483type nfc_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
Jack Yudd648132020-07-08 17:09:49 +0800[diff] [blame]484type nfc_logs_data_file, file_type, data_file_type, core_data_file_type;
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]485type radio_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]486type recovery_data_file, file_type, data_file_type, core_data_file_type;
Alan Stokesc7229c72020-09-24 13:46:46 +0100[diff] [blame]487type shared_relro_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Yifan Hong589bb6f2020-02-03 17:01:49 -0800[diff] [blame]488type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type;
Jeffrey Huangfcf5a912023-02-02 11:57:18 -0800[diff] [blame]489type stats_config_data_file, file_type, data_file_type, core_data_file_type;
Howard Ro21bd2ae2018-08-21 23:59:46 -0700[diff] [blame]490type stats_data_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]491type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
Abodunrinwa Tokiadfc5db2017-04-26 21:20:20 +0100[diff] [blame]492type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
Max Bires35c36382018-01-15 16:44:04 -0800[diff] [blame]493type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]494type vpn_data_file, file_type, data_file_type, core_data_file_type;
495type wifi_data_file, file_type, data_file_type, core_data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]496type vold_data_file, file_type, data_file_type, core_data_file_type;
Alex Klyubin0f6c0472017-03-28 21:59:24 -0700[diff] [blame]497type tee_data_file, file_type, data_file_type;
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]498type update_engine_data_file, file_type, data_file_type, core_data_file_type;
Hakan Kvist6fe014f2017-11-06 12:56:00 +0100[diff] [blame]499type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
Kelvin Zhangdbe230a2023-04-28 17:25:49 -0700[diff] [blame]500type snapuserd_log_data_file, file_type, data_file_type, core_data_file_type;
Calin Juravlef255d772015-11-10 18:49:57 +0000[diff] [blame]501# /data/misc/trace for method traces on userdebug / eng builds
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]502type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
David Andersondb90b912019-01-22 19:05:29 -0800[diff] [blame]503type gsi_data_file, file_type, data_file_type, core_data_file_type;
Chiachang Wang813c25f2020-12-24 15:11:15 +0800[diff] [blame]504type radio_core_data_file, file_type, data_file_type, core_data_file_type;
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]505
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]506# /data/data subdirectories - app sandboxes
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]507type app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
Nick Kralevich23c9d912018-08-02 15:54:23 -0700[diff] [blame]508# /data/data subdirectories - priv-app sandboxes
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]509type privapp_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
Stephen Smalley91a4f8d2014-05-07 13:10:02 -0400[diff] [blame]510# /data/data subdirectory for system UID apps.
Alan Stokesf8ad3392020-10-27 17:35:33 +0000[diff] [blame]511type system_app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
Stephen Smalleydc88dca2014-03-12 13:31:14 -0400[diff] [blame]512# Compatibility with type name used in Android 4.3 and 4.4.
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]513# Default type for anything under /cache
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]514type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Mark Salyzyn1369dfc2018-07-02 08:13:40 -0700[diff] [blame]515# Type for /cache/overlay /mnt/scratch/overlay
Mark Salyzyn9b398f32018-06-13 08:02:29 -0700[diff] [blame]516type overlayfs_file, file_type, data_file_type, core_data_file_type;
Christopher Tateb8104a42016-01-28 11:30:41 -0800[diff] [blame]517# Type for /cache/backup_stage/* (fd interchange with apps)
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]518type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Christopher Tateb8104a42016-01-28 11:30:41 -0800[diff] [blame]519# type for anything under /cache/backup (local transport storage)
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]520type cache_private_backup_file, file_type, data_file_type, core_data_file_type;
Felipe Leme549ccf72015-12-22 12:37:17 -0800[diff] [blame]521# Type for anything under /cache/recovery
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]522type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]523# Default type for anything under /efs
524type efs_file, file_type;
Stephen Smalleyf6cbbe22012-03-19 10:29:36 -0400[diff] [blame]525# Type for wallpaper file.
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]526type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Makoto Onuki085c1692016-03-08 15:06:44 -0800[diff] [blame]527# Type for shortcut manager icon file.
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]528type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Oleksandr Peletskyi33fe4782016-02-25 16:37:06 +0100[diff] [blame]529# Type for user icon file.
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]530type icon_file, file_type, data_file_type, core_data_file_type;
rpcraig7672eac2012-10-22 13:50:01 -0400[diff] [blame]531# /mnt/asec
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]532type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Robert Craig48b18832014-02-04 11:36:41 -0500[diff] [blame]533# Elements of asec files (/mnt/asec) that are world readable
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]534type asec_public_file, file_type, data_file_type, core_data_file_type;
rpcraig7672eac2012-10-22 13:50:01 -0400[diff] [blame]535# /data/app-asec
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]536type asec_image_file, file_type, data_file_type, core_data_file_type;
rpcraig1c8464e2012-12-04 08:13:58 -0500[diff] [blame]537# /data/backup and /data/secure/backup
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]538type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]539# All devices have bluetooth efs files. But they
540# vary per device, so this type is used in per
William Robertsc27d30a2012-09-06 18:50:35 -0700[diff] [blame]541# device policy
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]542type bluetooth_efs_file, file_type;
Jim Miller54e0e5a2016-12-15 19:46:43 -0800[diff] [blame]543# Type for fingerprint template file
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]544type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
Nick Kralevich83f25e22018-11-19 18:42:11 +0000[diff] [blame]545# Type for _new_ fingerprint template file
546type fingerprint_vendor_data_file, file_type, data_file_type;
Daichi Hironoe178ac52016-01-28 15:48:39 +0900[diff] [blame]547# Type for appfuse file.
Jeff Vander Stoep4a478c42017-03-27 22:44:40 -0700[diff] [blame]548type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
Kevin Chyn91c25802018-11-15 15:28:07 -0800[diff] [blame]549# Type for face template file
550type face_vendor_data_file, file_type, data_file_type;
551# Type for iris template file
552type iris_vendor_data_file, file_type, data_file_type;
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]553
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]554# Socket types
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]555type adbd_socket, file_type, coredomain_socket;
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]556type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]557type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject;
558type dumpstate_socket, file_type, coredomain_socket;
559type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject;
560type lmkd_socket, file_type, coredomain_socket;
561type logd_socket, file_type, coredomain_socket, mlstrustedobject;
562type logdr_socket, file_type, coredomain_socket, mlstrustedobject;
563type logdw_socket, file_type, coredomain_socket, mlstrustedobject;
564type mdns_socket, file_type, coredomain_socket;
565type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject;
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]566type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]567type mtpd_socket, file_type, coredomain_socket;
Kangping Dong0d6679a2024-01-16 22:19:28 +0800[diff] [blame]568type ot_daemon_socket, file_type, coredomain_socket;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]569type property_socket, file_type, coredomain_socket, mlstrustedobject;
570type racoon_socket, file_type, coredomain_socket;
Jerry Zhang1d85efa2018-05-29 10:54:16 -0700[diff] [blame]571type recovery_socket, file_type, coredomain_socket;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]572type rild_socket, file_type;
573type rild_debug_socket, file_type;
David Andersonfe303692020-10-19 22:11:29 -0700[diff] [blame]574type snapuserd_socket, file_type, coredomain_socket;
David Andersonbf5b6ce2021-07-26 15:03:11 -0700[diff] [blame]575type snapuserd_proxy_socket, file_type, coredomain_socket;
Howard Ro21bd2ae2018-08-21 23:59:46 -0700[diff] [blame]576type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
Jeff Vander Stoepbdd45472018-01-24 07:01:13 -0800[diff] [blame]577type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
Jeff Vander Stoepdd7e36c2017-11-06 08:33:33 -0800[diff] [blame]578type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
Jing Ji2b124402019-12-29 21:38:38 -0800[diff] [blame]579type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]580type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
Narayan Kamath11bfcc12017-05-15 18:39:16 +0100[diff] [blame]581type tombstoned_java_trace_socket, file_type, mlstrustedobject;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]582type tombstoned_intercept_socket, file_type, coredomain_socket;
Carmen Jackson76d70462018-10-19 17:01:24 -0700[diff] [blame]583type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject;
Ryan Savitski67a82482020-01-22 19:16:13 +0000[diff] [blame]584type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject;
585type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]586type uncrypt_socket, file_type, coredomain_socket;
Jeff Vander Stoepbdd45472018-01-24 07:01:13 -0800[diff] [blame]587type wpa_socket, file_type, data_file_type, core_data_file_type;
Alex Klyubin2f6151e2017-03-30 17:39:00 -0700[diff] [blame]588type zygote_socket, file_type, coredomain_socket;
Florian Mayer23e1f4c2018-12-21 13:29:55 +0000[diff] [blame]589type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject;
hqjiang81039ab2012-07-10 14:36:22 -0700[diff] [blame]590# UART (for GPS) control proc file
591type gps_control, file_type;
592
Alex Vakulenko41daa7f2017-05-01 13:01:44 -0700[diff] [blame]593# PDX endpoint types
594type pdx_display_dir, pdx_endpoint_dir_type, file_type;
595type pdx_performance_dir, pdx_endpoint_dir_type, file_type;
Alex Vakulenko41daa7f2017-05-01 13:01:44 -0700[diff] [blame]596type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type;
597
598pdx_service_socket_types(display_client, pdx_display_dir)
599pdx_service_socket_types(display_manager, pdx_display_dir)
600pdx_service_socket_types(display_screenshot, pdx_display_dir)
601pdx_service_socket_types(display_vsync, pdx_display_dir)
602pdx_service_socket_types(performance_client, pdx_performance_dir)
Alex Vakulenko41daa7f2017-05-01 13:01:44 -0700[diff] [blame]603pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir)
604
Sandeep Patilc9cf7362017-03-24 15:02:13 -0700[diff] [blame]605# file_contexts files
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]606type file_contexts_file, system_file_type, file_type;
Sandeep Patilc9cf7362017-03-24 15:02:13 -0700[diff] [blame]607
Sandeep Patilbb24f3a2017-03-27 12:06:04 -0700[diff] [blame]608# mac_permissions file
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]609type mac_perms_file, system_file_type, file_type;
Sandeep Patilbb24f3a2017-03-27 12:06:04 -0700[diff] [blame]610
Tom Cherry949d7cb2015-12-01 16:58:27 -0800[diff] [blame]611# property_contexts file
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]612type property_contexts_file, system_file_type, file_type;
Tom Cherry949d7cb2015-12-01 16:58:27 -0800[diff] [blame]613
Sandeep Patil1e149962017-03-27 10:57:07 -0700[diff] [blame]614# seapp_contexts file
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]615type seapp_contexts_file, system_file_type, file_type;
Sandeep Patil1e149962017-03-27 10:57:07 -0700[diff] [blame]616
Sandeep Patil136caa12017-03-27 11:39:16 -0700[diff] [blame]617# sepolicy files binary and others
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]618type sepolicy_file, system_file_type, file_type;
Sandeep Patil136caa12017-03-27 11:39:16 -0700[diff] [blame]619
Sandeep Patil939d16b2017-03-24 12:24:43 -0700[diff] [blame]620# service_contexts file
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]621type service_contexts_file, system_file_type, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]622
Janis Danisevskisc40681f2020-07-25 13:02:29 -0700[diff] [blame]623# keystore2_key_contexts_file
624type keystore2_key_contexts_file, system_file_type, file_type;
625
linpeter87c72612020-06-12 16:25:41 +0800[diff] [blame]626# vendor service_contexts file
627type vendor_service_contexts_file, vendor_file_type, file_type;
628
Martijn Coenen3ea47b92017-04-07 16:14:43 -0700[diff] [blame]629# hwservice_contexts file
Nick Kralevich5e372712018-09-27 10:21:37 -0700[diff] [blame]630type hwservice_contexts_file, system_file_type, file_type;
Martijn Coenen3ea47b92017-04-07 16:14:43 -0700[diff] [blame]631
Martijn Coenen6676c232017-03-31 17:29:53 -0700[diff] [blame]632# vndservice_contexts file
633type vndservice_contexts_file, file_type;
634
Alexander Potapenko3d528172021-03-02 16:46:50 +0100[diff] [blame]635# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions.
Hridya Valsaraju23f9f512021-05-04 22:01:51 -0700[diff] [blame]636type debugfs_bootreceiver_tracing, fs_type, debugfs_type, tracefs_type;
Alexander Potapenko3d528172021-03-02 16:46:50 +0100[diff] [blame]637
Yabin Cui2e2df6b2021-03-31 10:23:40 -0700[diff] [blame]638# kernel modules
639type vendor_kernel_modules, vendor_file_type, file_type;
640
Ramji Jiyani4a556892022-02-10 00:35:54 +0000[diff] [blame]641# system_dlkm
642type system_dlkm_file, system_dlkm_file_type, file_type;
643
Andreas Gampec848d372017-04-03 15:23:16 -0700[diff] [blame]644# asanwrapper (run a sanitized app_process, to be used with wrap properties)
645with_asan(`type asanwrapper_exec, exec_type, file_type;')
646
Jeff Vander Stoepb1a921e2017-10-20 20:24:15 -0700[diff] [blame]647# Deprecated in SDK version 28
648type audiohal_data_file, file_type, data_file_type, core_data_file_type;
Inseob Kim09b27c72024-03-28 10:37:28 +0900[diff] [blame]649
Inseob Kim9b323082024-11-06 17:10:09 +0900[diff] [blame]650starting_at_board_api(202504, `
651 type sysfs_udc, fs_type, sysfs_type;
Nikita Ioffe48966b62024-10-22 14:01:17 +0000[diff] [blame]652 type tee_service_contexts_file, system_file_type, file_type;
Inseob Kim9b323082024-11-06 17:10:09 +0900[diff] [blame]653')
654
Inseob Kim09b27c72024-03-28 10:37:28 +0900[diff] [blame]655# system/sepolicy/public is for vendor-facing type and attribute definitions.
656# DO NOT ADD allow, neverallow, or dontaudit statements here.
657# Instead, add such policy rules to system/sepolicy/private/*.te.