Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 1c73a5cd9259f7ccc01d5a31a319ed24cc565ee8 / . / file.te
blob: 61c9be5bbb57dae814c84b1bb357237dca478815 [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]1# Filesystem types
2type labeledfs, fs_type;
3type pipefs, fs_type;
4type sockfs, fs_type;
5type rootfs, fs_type;
6type proc, fs_type;
Stephen Smalley7adb9992013-12-06 09:31:40 -0500[diff] [blame]7# Security-sensitive proc nodes that should not be writable to most.
8type proc_security, fs_type;
9# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
10type usermodehelper, fs_type, sysfs_type;
hqjiang4c06d272012-07-19 11:07:04 -0700[diff] [blame]11type qtaguid_proc, fs_type, mlstrustedobject;
Robert Craig65d4f442013-03-27 06:30:25 -0400[diff] [blame]12type proc_bluetooth_writable, fs_type;
Robert Craig529fcbe2014-01-07 13:46:56 -0500[diff] [blame]13type proc_net, fs_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]14type selinuxfs, fs_type;
15type cgroup, fs_type, mlstrustedobject;
16type sysfs, fs_type, mlstrustedobject;
17type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
Stephen Smalley61c80d52012-11-16 09:06:47 -0500[diff] [blame]18type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
Stephen Smalleyf7948232012-03-19 15:56:01 -0400[diff] [blame]19type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
William Robertsec7d39b2013-09-28 18:46:21 -0400[diff] [blame]20type sysfs_wake_lock, fs_type, sysfs_type;
Nick Kralevichc4a3b512013-10-23 09:08:23 -0700[diff] [blame]21# /sys/devices/system/cpu
22type sysfs_devices_system_cpu, fs_type, sysfs_type;
Nick Kralevich5467fce2014-02-13 12:19:50 -0800[diff] [blame]23# /sys/module/lowmemorykiller
24type sysfs_lowmemorykiller, fs_type, sysfs_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]25type inotify, fs_type, mlstrustedobject;
Stephen Smalleye8848722012-11-13 13:00:05 -0500[diff] [blame]26type devpts, fs_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]27type tmpfs, fs_type;
28type shm, fs_type;
29type mqueue, fs_type;
William Robertsc195ec32013-03-06 16:26:36 -0800[diff] [blame]30type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
31type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]32type debugfs, fs_type, mlstrustedobject;
33
34# File types
35type unlabeled, file_type;
36# Default type for anything under /system.
37type system_file, file_type;
38# Default type for anything under /data.
39type system_data_file, file_type, data_file_type;
Stephen Smalleyc83d0082012-03-07 14:59:01 -0500[diff] [blame]40# /data/drm - DRM plugin data
41type drm_data_file, file_type, data_file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]42# /data/anr - ANR traces
Stephen Smalleya883c382012-04-04 16:00:11 -0400[diff] [blame]43type anr_data_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]44# /data/tombstones - core dumps
45type tombstone_data_file, file_type, data_file_type;
46# /data/app - user-installed apps
Stephen Smalley59d28032012-03-19 10:24:52 -0400[diff] [blame]47type apk_data_file, file_type, data_file_type;
48type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
Robert Craigffd8c442013-04-03 14:21:46 -0400[diff] [blame]49# /data/app-private - forward-locked apps
50type apk_private_data_file, file_type, data_file_type;
51type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]52# /data/dalvik-cache
53type dalvikcache_data_file, file_type, data_file_type;
54# /data/local - writable by shell
55type shell_data_file, file_type, data_file_type;
56# /data/gps
57type gps_data_file, file_type, data_file_type;
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]58
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]59# /data/misc subdirectories
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]60type adb_keys_file, file_type, data_file_type;
Stephen Smalley8510d312013-11-07 13:42:46 -0500[diff] [blame]61type audio_data_file, file_type, data_file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]62type bluetooth_data_file, file_type, data_file_type;
Stephen Smalley8510d312013-11-07 13:42:46 -0500[diff] [blame]63type camera_data_file, file_type, data_file_type;
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]64type keystore_data_file, file_type, data_file_type;
65type media_data_file, file_type, data_file_type;
Stephen Smalleye13fabd2013-12-17 14:39:35 -0500[diff] [blame]66type media_rw_data_file, file_type, data_file_type;
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]67type nfc_data_file, file_type, data_file_type;
68type radio_data_file, file_type, data_file_type;
69type systemkeys_data_file, file_type, data_file_type;
70type vpn_data_file, file_type, data_file_type;
71type wifi_data_file, file_type, data_file_type;
Nick Kralevich7466f9b2013-12-12 15:32:42 -0800[diff] [blame]72type zoneinfo_data_file, file_type, data_file_type;
Nick Kralevich6a32eec2013-12-12 15:23:10 -0800[diff] [blame]73
Stephen Smalley8510d312013-11-07 13:42:46 -0500[diff] [blame]74# Compatibility with type names used in vanilla Android 4.3 and 4.4.
75typealias audio_data_file alias audio_firmware_file;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]76# /data/data subdirectories - app sandboxes
77type app_data_file, file_type, data_file_type;
Stephen Smalleyb9760aa2012-07-27 11:07:09 -0400[diff] [blame]78type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]79# Default type for anything under /cache
80type cache_file, file_type, mlstrustedobject;
rpcraig1c8464e2012-12-04 08:13:58 -0500[diff] [blame]81# Type for /cache/.*\.{data|restore} and default
82# type for anything under /cache/backup
83type cache_backup_file, file_type, mlstrustedobject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]84# Default type for anything under /efs
85type efs_file, file_type;
Stephen Smalleyf6cbbe22012-03-19 10:29:36 -0400[diff] [blame]86# Type for wallpaper file.
Stephen Smalley6c39ee02012-06-27 08:50:27 -0400[diff] [blame]87type wallpaper_file, file_type, mlstrustedobject;
rpcraig7672eac2012-10-22 13:50:01 -0400[diff] [blame]88# /mnt/asec
89type asec_apk_file, file_type, data_file_type;
Robert Craig48b18832014-02-04 11:36:41 -0500[diff] [blame]90# Elements of asec files (/mnt/asec) that are world readable
91type asec_public_file, file_type, data_file_type;
rpcraig7672eac2012-10-22 13:50:01 -0400[diff] [blame]92# /data/app-asec
93type asec_image_file, file_type, data_file_type;
rpcraig1c8464e2012-12-04 08:13:58 -0500[diff] [blame]94# /data/backup and /data/secure/backup
95type backup_data_file, file_type, data_file_type, mlstrustedobject;
William Roberts9e70c8b2013-01-23 14:02:43 -0800[diff] [blame]96# For /data/security
97type security_file, file_type;
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]98# All devices have bluetooth efs files. But they
99# vary per device, so this type is used in per
William Robertsc27d30a2012-09-06 18:50:35 -0700[diff] [blame]100# device policy
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]101type bluetooth_efs_file, file_type;
Geremy Condrabfb26e72013-04-03 17:41:22 -0700[diff] [blame]102# Downloaded files
103type download_file, file_type;
William Roberts7fa2f9e2012-05-31 09:40:12 -0400[diff] [blame]104
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]105# Socket types
Stephen Smalley61c80d52012-11-16 09:06:47 -0500[diff] [blame]106type adbd_socket, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]107type bluetooth_socket, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]108type dnsproxyd_socket, file_type, mlstrustedobject;
Nick Kralevich09e6abd2013-12-13 22:19:45 -0800[diff] [blame]109type dumpstate_socket, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]110type gps_socket, file_type;
111type installd_socket, file_type;
112type keystore_socket, file_type;
Nick Kralevich2b392fc2013-12-05 16:55:34 -0800[diff] [blame]113type lmkd_socket, file_type;
Mark Salyzyn8ed750e2013-11-12 15:34:52 -0800[diff] [blame]114type logd_debug, file_type;
115type logd_socket, file_type;
116type logdr_socket, file_type;
117type logdw_socket, file_type;
Stephen Smalley4caf8c92013-09-19 15:09:38 -0400[diff] [blame]118type mdns_socket, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]119type netd_socket, file_type;
120type property_socket, file_type;
121type qemud_socket, file_type;
Robert Craig18b5f872013-01-07 09:21:18 -0500[diff] [blame]122type racoon_socket, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]123type rild_socket, file_type;
124type rild_debug_socket, file_type;
125type system_wpa_socket, file_type;
Stephen Smalley45ba6652013-09-27 10:24:49 -0400[diff] [blame]126type system_ndebug_socket, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]127type vold_socket, file_type;
128type wpa_socket, file_type;
129type zygote_socket, file_type;
130
hqjiang81039ab2012-07-10 14:36:22 -0700[diff] [blame]131# UART (for GPS) control proc file
132type gps_control, file_type;
133
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]134# Allow files to be created in their appropriate filesystems.
135allow fs_type self:filesystem associate;
136allow sysfs_type sysfs:filesystem associate;
137allow file_type labeledfs:filesystem associate;
138allow file_type tmpfs:filesystem associate;
Stephen Smalley7aba0bc2013-05-10 11:29:35 -0400[diff] [blame]139allow file_type rootfs:filesystem associate;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]140allow dev_type tmpfs:filesystem associate;