Blame - ocontexts - fp2-dev/platform/external/sepolicy

blob: 7cbb989757810f1e53b148573d5574bd3d3d012c [file] [log] [blame]

Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	1	sid kernel u:r:kernel:s0
				2	sid security u:object_r:kernel:s0
				3	sid unlabeled u:object_r:unlabeled:s0
				4	sid fs u:object_r:labeledfs:s0
				5	sid file u:object_r:unlabeled:s0
				6	sid file_labels u:object_r:unlabeled:s0
				7	sid init u:object_r:unlabeled:s0
				8	sid any_socket u:object_r:unlabeled:s0
				9	sid port u:object_r:port:s0
				10	sid netif u:object_r:netif:s0
				11	sid netmsg u:object_r:unlabeled:s0
				12	sid node u:object_r:node:s0
				13	sid igmp_packet u:object_r:unlabeled:s0
				14	sid icmp_socket u:object_r:unlabeled:s0
				15	sid tcp_socket u:object_r:unlabeled:s0
				16	sid sysctl_modprobe u:object_r:unlabeled:s0
				17	sid sysctl u:object_r:proc:s0
				18	sid sysctl_fs u:object_r:unlabeled:s0
				19	sid sysctl_kernel u:object_r:unlabeled:s0
				20	sid sysctl_net u:object_r:unlabeled:s0
				21	sid sysctl_net_unix u:object_r:unlabeled:s0
				22	sid sysctl_vm u:object_r:unlabeled:s0
				23	sid sysctl_dev u:object_r:unlabeled:s0
				24	sid kmod u:object_r:unlabeled:s0
				25	sid policy u:object_r:unlabeled:s0
				26	sid scmp_packet u:object_r:unlabeled:s0
				27	sid devnull u:object_r:null_device:s0
				28
				29	# Label inodes via getxattr.
				30	fs_use_xattr yaffs2 u:object_r:labeledfs:s0;
				31	fs_use_xattr jffs2 u:object_r:labeledfs:s0;
				32	fs_use_xattr ext2 u:object_r:labeledfs:s0;
				33	fs_use_xattr ext3 u:object_r:labeledfs:s0;
				34	fs_use_xattr ext4 u:object_r:labeledfs:s0;
				35	fs_use_xattr xfs u:object_r:labeledfs:s0;
				36	fs_use_xattr btrfs u:object_r:labeledfs:s0;
				37
				38	# Label inodes from task label.
				39	fs_use_task pipefs u:object_r:pipefs:s0;
				40	fs_use_task sockfs u:object_r:sockfs:s0;
				41
				42	# Label inodes from combination of task label and fs label.
				43	# Define type_transition rules if you want per-domain types.
				44	fs_use_trans devpts u:object_r:devpts:s0;
				45	fs_use_trans tmpfs u:object_r:tmpfs:s0;
				46	fs_use_trans devtmpfs u:object_r:device:s0;
				47	fs_use_trans shm u:object_r:shm:s0;
				48	fs_use_trans mqueue u:object_r:mqueue:s0;
				49
				50	# Label inodes with the fs label.
				51	genfscon rootfs / u:object_r:rootfs:s0
				52	# proc labeling can be further refined (longest matching prefix).
				53	genfscon proc / u:object_r:proc:s0
Stephen Smalley	e4682a6	2012-06-27 08:53:39 -0400	[diff] [blame]	54	genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid:s0
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	55	# selinuxfs booleans can be individually labeled.
				56	genfscon selinuxfs / u:object_r:selinuxfs:s0
				57	genfscon cgroup / u:object_r:cgroup:s0
				58	# sysfs labels can be set by userspace.
				59	genfscon sysfs / u:object_r:sysfs:s0
				60	genfscon inotifyfs / u:object_r:inotify:s0
				61	genfscon vfat / u:object_r:sdcard:s0
				62	genfscon debugfs / u:object_r:debugfs:s0
				63	genfscon fuse / u:object_r:sdcard:s0
				64
				65	# portcon statements go here, e.g.
				66	# portcon tcp 80 u:object_r:http_port:s0