microdroid/system/private/file_contexts - LeafOS-Project/android_system_sepolicy - Gitiles

 ###########################################
 # Root
 /                   u:object_r:rootfs:s0

 # Data files
 /build\.prop        u:object_r:rootfs:s0
 /init\..*           u:object_r:rootfs:s0

 # Executables
 /init               u:object_r:init_exec:s0

 # For kernel modules
 /lib(/.*)?          u:object_r:rootfs:s0

 # Empty directories
 /lost\+found        u:object_r:rootfs:s0
 /debug_ramdisk      u:object_r:tmpfs:s0
 /mnt                u:object_r:tmpfs:s0
 /proc               u:object_r:rootfs:s0
 /second_stage_resources u:object_r:tmpfs:s0
 /sys                u:object_r:sysfs:s0
 /apex               u:object_r:apex_mnt_dir:s0

 /apex/(\.(bootstrap|default)-)?apex-info-list.xml u:object_r:apex_info_file:s0

 # Symlinks
 /bin                u:object_r:rootfs:s0
 /d                  u:object_r:rootfs:s0
 /etc                u:object_r:rootfs:s0

 ##########################
 # Devices
 #
 /dev(/.*)?		u:object_r:device:s0
 /dev/block(/.*)?	u:object_r:block_device:s0
 /dev/block/dm-[0-9]+	u:object_r:dm_device:s0
 /dev/block/loop[0-9]*	u:object_r:loop_device:s0
 /dev/block/vd[a-z][0-9]*  u:object_r:vd_device:s0
 /dev/block/ram[0-9]*	u:object_r:ram_device:s0
 /dev/block/zram[0-9]*	u:object_r:ram_device:s0
 /dev/console		u:object_r:console_device:s0
 /dev/dm-user(/.*)?	u:object_r:dm_user_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/fuse		u:object_r:fuse_device:s0
 /dev/hvc0               u:object_r:serial_device:s0
 /dev/hvc1               u:object_r:serial_device:s0
 /dev/hvc2               u:object_r:log_device:s0
 /dev/hw_random		u:object_r:hw_random_device:s0
 /dev/loop-control	u:object_r:loop_control_device:s0
 /dev/ppp		u:object_r:ppp_device:s0
 /dev/ptmx		u:object_r:ptmx_device:s0
 /dev/kmsg		u:object_r:kmsg_device:s0
 /dev/kmsg_debug	u:object_r:kmsg_debug_device:s0
 /dev/null		u:object_r:null_device:s0
 /dev/open-dice0         u:object_r:open_dice_device:s0
 /dev/random		u:object_r:random_device:s0
 /dev/rtc[0-9]      u:object_r:rtc_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
 /dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
 /dev/socket/property_service_for_system  u:object_r:property_socket:s0
 /dev/socket/statsdw	u:object_r:statsdw_socket:s0
 /dev/socket/authfs_service u:object_r:authfs_service_socket:s0
 /dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
 /dev/socket/traced_consumer	u:object_r:traced_consumer_socket:s0
 /dev/socket/traced_producer	u:object_r:traced_producer_socket:s0
 /dev/tty		u:object_r:owntty_device:s0
 /dev/tty[0-9]*		u:object_r:tty_device:s0
 /dev/ttyS[0-9]*		u:object_r:serial_device:s0
 /dev/urandom		u:object_r:random_device:s0
 /dev/vsock		u:object_r:vsock_device:s0
 /dev/zero		u:object_r:zero_device:s0
 /dev/__properties__ u:object_r:properties_device:s0
 /dev/__properties__/appcompat_override u:object_r:properties_device:s0
 /dev/__properties__/property_info   u:object_r:property_info:s0
 /dev/__properties__/appcompat_override/property_info   u:object_r:property_info:s0
 #############################
 # Linker configuration
 #
 /linkerconfig(/.*)?          u:object_r:linkerconfig_file:s0
 #############################
 # System files
 #
 /system(/.*)?          u:object_r:system_file:s0
 /system/lib(64)?(/.*)?         u:object_r:system_lib_file:s0
 /system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
 /system/bin/apexd                u:object_r:apexd_exec:s0
 /system/bin/linker(64)? u:object_r:system_linker_exec:s0
 /system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
 /system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
 /system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
 /system/bin/init		u:object_r:init_exec:s0
 /system/bin/init_debug_policy	u:object_r:init_debug_policy_exec:s0
 /system/bin/logcat	--	u:object_r:logcat_exec:s0
 /system/bin/logd        u:object_r:logd_exec:s0
 /system/bin/sh		--	u:object_r:shell_exec:s0
 /system/bin/toolbox	--	u:object_r:toolbox_exec:s0
 /system/bin/toybox	--	u:object_r:toolbox_exec:s0
 /system/bin/zipfuse              u:object_r:zipfuse_exec:s0
 /system/bin/microdroid_launcher  u:object_r:microdroid_app_exec:s0
 /system/bin/microdroid_manager   u:object_r:microdroid_manager_exec:s0
 /system/bin/apkdmverity          u:object_r:apkdmverity_exec:s0
 /system/bin/authfs               u:object_r:authfs_exec:s0
 /system/bin/authfs_service       u:object_r:authfs_service_exec:s0
 /system/bin/encryptedstore       u:object_r:encryptedstore_exec:s0
 /system/bin/mke2fs		u:object_r:e2fs_exec:s0
 /system/bin/kexec_load           u:object_r:kexec_exec:s0
 /system/bin/prng_seeder          u:object_r:prng_seeder_exec:s0
 /system/bin/atrace               u:object_r:atrace_exec:s0
 /system/bin/perfetto             u:object_r:perfetto_exec:s0
 /system/bin/traced               u:object_r:traced_exec:s0
 /system/bin/traced_probes        u:object_r:traced_probes_exec:s0
 /system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
 /system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_api_file:s0
 /system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0
 /system/etc/group                       u:object_r:system_group_file:s0
 /system/etc/ld\.config.*                u:object_r:system_linker_config_file:s0
 /system/etc/passwd                      u:object_r:system_passwd_file:s0
 /system/etc/seccomp_policy(/.*)?        u:object_r:system_seccomp_policy_file:s0
 /system/etc/security/cacerts(/.*)?      u:object_r:system_security_cacerts_file:s0
 /system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil       u:object_r:sepolicy_file:s0
 /system/etc/selinux/plat_property_contexts  u:object_r:property_contexts_file:s0
 /system/etc/selinux/plat_service_contexts  u:object_r:service_contexts_file:s0
 /system/etc/selinux/plat_file_contexts  u:object_r:file_contexts_file:s0
 /system/etc/selinux/plat_sepolicy\.cil       u:object_r:sepolicy_file:s0
 /system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
 /system/etc/task_profiles\.json  u:object_r:task_profiles_file:s0
 /system/etc/task_profiles/task_profiles_[0-9]+\.json  u:object_r:task_profiles_api_file:s0

 #############################
 # Vendor files
 #
 /vendor(/.*)?                  u:object_r:vendor_file:s0
 /vendor/etc(/.*)?              u:object_r:vendor_configs_file:s0
 /vendor/etc/vintf(/.*)?        u:object_r:vendor_configs_file:s0

 #############################
 # Data files
 #
 # NOTE: When modifying existing label rules, changes may also need to
 # propagate to the "Expanded data files" section.
 #
 /data		u:object_r:system_data_root_file:s0
 /data/(.*)?		u:object_r:system_data_file:s0
 /data/local/tests(/.*)?	u:object_r:shell_test_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/local/tmp/ltp(/.*)?   u:object_r:nativetest_data_file:s0
 /data/local/traces(/.*)?	u:object_r:trace_data_file:s0
 /data/misc/authfs(/.*)?         u:object_r:authfs_data_file:s0
 /data/vendor(/.*)?              u:object_r:vendor_data_file:s0

 #############################
 # Directory for extra apks
 /mnt/extra-apk	u:object_r:extra_apk_file:s0

 #############################
 # Directory for encrypted storage (persistent across boot)
 /mnt/encryptedstore	u:object_r:encryptedstore_file:s0
	###########################################
	# Root
	/ u:object_r:rootfs:s0

	# Data files
	/build\.prop u:object_r:rootfs:s0
	/init\..* u:object_r:rootfs:s0

	# Executables
	/init u:object_r:init_exec:s0

	# For kernel modules
	/lib(/.*)? u:object_r:rootfs:s0

	# Empty directories
	/lost\+found u:object_r:rootfs:s0
	/debug_ramdisk u:object_r:tmpfs:s0
	/mnt u:object_r:tmpfs:s0
	/proc u:object_r:rootfs:s0
	/second_stage_resources u:object_r:tmpfs:s0
	/sys u:object_r:sysfs:s0
	/apex u:object_r:apex_mnt_dir:s0

	/apex/(\.(bootstrap\|default)-)?apex-info-list.xml u:object_r:apex_info_file:s0

	# Symlinks
	/bin u:object_r:rootfs:s0
	/d u:object_r:rootfs:s0
	/etc u:object_r:rootfs:s0

	##########################
	# Devices
	#
	/dev(/.*)? u:object_r:device:s0
	/dev/block(/.*)? u:object_r:block_device:s0
	/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
	/dev/block/loop[0-9]* u:object_r:loop_device:s0
	/dev/block/vd[a-z][0-9]* u:object_r:vd_device:s0
	/dev/block/ram[0-9]* u:object_r:ram_device:s0
	/dev/block/zram[0-9]* u:object_r:ram_device:s0
	/dev/console u:object_r:console_device:s0
	/dev/dm-user(/.*)? u:object_r:dm_user_device:s0
	/dev/device-mapper u:object_r:dm_device:s0
	/dev/fuse u:object_r:fuse_device:s0
	/dev/hvc0 u:object_r:serial_device:s0
	/dev/hvc1 u:object_r:serial_device:s0
	/dev/hvc2 u:object_r:log_device:s0
	/dev/hw_random u:object_r:hw_random_device:s0
	/dev/loop-control u:object_r:loop_control_device:s0
	/dev/ppp u:object_r:ppp_device:s0
	/dev/ptmx u:object_r:ptmx_device:s0
	/dev/kmsg u:object_r:kmsg_device:s0
	/dev/kmsg_debug u:object_r:kmsg_debug_device:s0
	/dev/null u:object_r:null_device:s0
	/dev/open-dice0 u:object_r:open_dice_device:s0
	/dev/random u:object_r:random_device:s0
	/dev/rtc[0-9] u:object_r:rtc_device:s0
	/dev/socket(/.*)? u:object_r:socket_device:s0
	/dev/socket/adbd u:object_r:adbd_socket:s0
	/dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
	/dev/socket/property_service u:object_r:property_socket:s0
	/dev/socket/property_service_for_system u:object_r:property_socket:s0
	/dev/socket/statsdw u:object_r:statsdw_socket:s0
	/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
	/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
	/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
	/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
	/dev/tty u:object_r:owntty_device:s0
	/dev/tty[0-9]* u:object_r:tty_device:s0
	/dev/ttyS[0-9]* u:object_r:serial_device:s0
	/dev/urandom u:object_r:random_device:s0
	/dev/vsock u:object_r:vsock_device:s0
	/dev/zero u:object_r:zero_device:s0
	/dev/__properties__ u:object_r:properties_device:s0
	/dev/__properties__/appcompat_override u:object_r:properties_device:s0
	/dev/__properties__/property_info u:object_r:property_info:s0
	/dev/__properties__/appcompat_override/property_info u:object_r:property_info:s0
	#############################
	# Linker configuration
	#
	/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
	#############################
	# System files
	#
	/system(/.*)? u:object_r:system_file:s0
	/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
	/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
	/system/bin/apexd u:object_r:apexd_exec:s0
	/system/bin/linker(64)? u:object_r:system_linker_exec:s0
	/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
	/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
	/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
	/system/bin/init u:object_r:init_exec:s0
	/system/bin/init_debug_policy u:object_r:init_debug_policy_exec:s0
	/system/bin/logcat -- u:object_r:logcat_exec:s0
	/system/bin/logd u:object_r:logd_exec:s0
	/system/bin/sh -- u:object_r:shell_exec:s0
	/system/bin/toolbox -- u:object_r:toolbox_exec:s0
	/system/bin/toybox -- u:object_r:toolbox_exec:s0
	/system/bin/zipfuse u:object_r:zipfuse_exec:s0
	/system/bin/microdroid_launcher u:object_r:microdroid_app_exec:s0
	/system/bin/microdroid_manager u:object_r:microdroid_manager_exec:s0
	/system/bin/apkdmverity u:object_r:apkdmverity_exec:s0
	/system/bin/authfs u:object_r:authfs_exec:s0
	/system/bin/authfs_service u:object_r:authfs_service_exec:s0
	/system/bin/encryptedstore u:object_r:encryptedstore_exec:s0
	/system/bin/mke2fs u:object_r:e2fs_exec:s0
	/system/bin/kexec_load u:object_r:kexec_exec:s0
	/system/bin/prng_seeder u:object_r:prng_seeder_exec:s0
	/system/bin/atrace u:object_r:atrace_exec:s0
	/system/bin/perfetto u:object_r:perfetto_exec:s0
	/system/bin/traced u:object_r:traced_exec:s0
	/system/bin/traced_probes u:object_r:traced_probes_exec:s0
	/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
	/system/etc/task_profiles/cgroups_[0-9]+\.json u:object_r:cgroup_desc_api_file:s0
	/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
	/system/etc/group u:object_r:system_group_file:s0
	/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
	/system/etc/passwd u:object_r:system_passwd_file:s0
	/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
	/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
	/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
	/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
	/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0
	/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0
	/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
	/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
	/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0
	/system/etc/task_profiles/task_profiles_[0-9]+\.json u:object_r:task_profiles_api_file:s0

	#############################
	# Vendor files
	#
	/vendor(/.*)? u:object_r:vendor_file:s0
	/vendor/etc(/.*)? u:object_r:vendor_configs_file:s0
	/vendor/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0

	#############################
	# Data files
	#
	# NOTE: When modifying existing label rules, changes may also need to
	# propagate to the "Expanded data files" section.
	#
	/data u:object_r:system_data_root_file:s0
	/data/(.*)? u:object_r:system_data_file:s0
	/data/local/tests(/.*)? u:object_r:shell_test_data_file:s0
	/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
	/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
	/data/local/traces(/.*)? u:object_r:trace_data_file:s0
	/data/misc/authfs(/.*)? u:object_r:authfs_data_file:s0
	/data/vendor(/.*)? u:object_r:vendor_data_file:s0

	#############################
	# Directory for extra apks
	/mnt/extra-apk u:object_r:extra_apk_file:s0

	#############################
	# Directory for encrypted storage (persistent across boot)
	/mnt/encryptedstore u:object_r:encryptedstore_file:s0