Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: 161896447
Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff
diff --git a/prebuilts/api/26.0/private/app.te b/prebuilts/api/26.0/private/app.te
index 6f2b820..da8c67b 100644
--- a/prebuilts/api/26.0/private/app.te
+++ b/prebuilts/api/26.0/private/app.te
@@ -494,7 +494,7 @@
tmpfs
}:lnk_file no_w_file_perms;
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
neverallow {
bluetooth
isolated_app
@@ -515,7 +515,7 @@
-shell # bugreport
} input_device:chr_file ~getattr;
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
# neverallow rules for access to Bluetooth-related data files are above.
neverallow {
appdomain
diff --git a/prebuilts/api/26.0/private/domain.te b/prebuilts/api/26.0/private/domain.te
index d37a0bd..999c16a 100644
--- a/prebuilts/api/26.0/private/domain.te
+++ b/prebuilts/api/26.0/private/domain.te
@@ -4,7 +4,7 @@
allow domain crash_dump:process sigchld;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
neverallow {
domain
-vold
diff --git a/prebuilts/api/26.0/private/incidentd.te b/prebuilts/api/26.0/private/incidentd.te
index efd23bd..64e174f 100644
--- a/prebuilts/api/26.0/private/incidentd.te
+++ b/prebuilts/api/26.0/private/incidentd.te
@@ -66,7 +66,7 @@
# TODO control_logd(incidentd)
# Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
allow incidentd {
system_server_service
app_api_service
diff --git a/prebuilts/api/26.0/private/system_server.te b/prebuilts/api/26.0/private/system_server.te
index 05e4773..2e14d18 100644
--- a/prebuilts/api/26.0/private/system_server.te
+++ b/prebuilts/api/26.0/private/system_server.te
@@ -50,7 +50,7 @@
# system server gets network and bluetooth permissions.
net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs.
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
bluetooth_domain(system_server)
@@ -92,7 +92,7 @@
# Use generic "sockets" where the address family is not known
# to the kernel. The ioctl permission is specifically omitted here, but may
# be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
allow system_server self:socket create_socket_perms_no_ioctl;
# Set and get routes directly via netlink.
diff --git a/prebuilts/api/26.0/public/domain.te b/prebuilts/api/26.0/public/domain.te
index d2b370a..3adefd1 100644
--- a/prebuilts/api/26.0/public/domain.te
+++ b/prebuilts/api/26.0/public/domain.te
@@ -195,19 +195,19 @@
allow domain fs_type:filesystem getattr;
allow domain fs_type:dir getattr;
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
# ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
ioctl unpriv_unix_sock_ioctls;
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
# not grant the wider ioctl permission. That must be granted
# separately.
allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -223,7 +223,7 @@
### neverallow rules
###
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
neverallowxperm domain domain:socket_class_set ioctl { 0 };
# TIOCSTI is only ever used for exploits. Block it.
@@ -234,7 +234,7 @@
# Do not allow any domain other than init or recovery to create unlabeled files.
neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
neverallow {
domain
-kernel
@@ -243,7 +243,7 @@
-vold
} self:capability mknod;
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
neverallow {
domain
userdebug_or_eng(`-domain')
@@ -343,7 +343,7 @@
#
# Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
#
neverallow {
domain
@@ -445,7 +445,7 @@
neverallow { domain -init } mmc_prop:property_service set;
# Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
neverallow {
domain
-adbd
@@ -668,7 +668,7 @@
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
@@ -722,7 +722,7 @@
} vendor_shell_exec:file { execute execute_no_trans };
# Do not allow vendor components to execute files from system
- # except for the ones whitelist here.
+ # except for the ones allowlist here.
neverallow {
domain
-coredomain
@@ -923,7 +923,7 @@
# In addition to the symlink reading restrictions above, restrict
# write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
# not be trusting any content in those directories.
neverallow {
domain
diff --git a/prebuilts/api/26.0/public/hal_wifi_supplicant.te b/prebuilts/api/26.0/public/hal_wifi_supplicant.te
index 0f2540e..028440c 100644
--- a/prebuilts/api/26.0/public/hal_wifi_supplicant.te
+++ b/prebuilts/api/26.0/public/hal_wifi_supplicant.te
@@ -5,7 +5,7 @@
add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
diff --git a/prebuilts/api/26.0/public/netd.te b/prebuilts/api/26.0/public/netd.te
index 691887f..80fb76d 100644
--- a/prebuilts/api/26.0/public/netd.te
+++ b/prebuilts/api/26.0/public/netd.te
@@ -3,7 +3,7 @@
type netd_exec, exec_type, file_type;
net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(netd, cgroup)
diff --git a/prebuilts/api/26.0/public/vendor_toolbox.te b/prebuilts/api/26.0/public/vendor_toolbox.te
index eb292ca..63f938d 100644
--- a/prebuilts/api/26.0/public/vendor_toolbox.te
+++ b/prebuilts/api/26.0/public/vendor_toolbox.te
@@ -7,7 +7,7 @@
# or read, execute the vendor_toolbox file.
full_treble_only(`
# Do not allow non-vendor domains to transition
- # to vendor toolbox except for the whitelisted domains.
+ # to vendor toolbox except for the allowlisted domains.
neverallow {
coredomain
-init
diff --git a/prebuilts/api/27.0/private/app.te b/prebuilts/api/27.0/private/app.te
index 9251ed9..c53fa36 100644
--- a/prebuilts/api/27.0/private/app.te
+++ b/prebuilts/api/27.0/private/app.te
@@ -512,7 +512,7 @@
tmpfs
}:lnk_file no_w_file_perms;
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
neverallow {
bluetooth
isolated_app
@@ -533,7 +533,7 @@
-shell # bugreport
} input_device:chr_file ~getattr;
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
# neverallow rules for access to Bluetooth-related data files are above.
neverallow {
appdomain
diff --git a/prebuilts/api/27.0/private/domain.te b/prebuilts/api/27.0/private/domain.te
index d37a0bd..999c16a 100644
--- a/prebuilts/api/27.0/private/domain.te
+++ b/prebuilts/api/27.0/private/domain.te
@@ -4,7 +4,7 @@
allow domain crash_dump:process sigchld;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
neverallow {
domain
-vold
diff --git a/prebuilts/api/27.0/private/incidentd.te b/prebuilts/api/27.0/private/incidentd.te
index efd23bd..64e174f 100644
--- a/prebuilts/api/27.0/private/incidentd.te
+++ b/prebuilts/api/27.0/private/incidentd.te
@@ -66,7 +66,7 @@
# TODO control_logd(incidentd)
# Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
allow incidentd {
system_server_service
app_api_service
diff --git a/prebuilts/api/27.0/private/isolated_app.te b/prebuilts/api/27.0/private/isolated_app.te
index 37935c3..fbfb8a5 100644
--- a/prebuilts/api/27.0/private/isolated_app.te
+++ b/prebuilts/api/27.0/private/isolated_app.te
@@ -74,7 +74,7 @@
neverallow isolated_app vndbinder_device:chr_file *;
# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
neverallow isolated_app *:service_manager ~find;
# b/17487348
diff --git a/prebuilts/api/27.0/private/system_server.te b/prebuilts/api/27.0/private/system_server.te
index 40c5382..3a5b53b 100644
--- a/prebuilts/api/27.0/private/system_server.te
+++ b/prebuilts/api/27.0/private/system_server.te
@@ -50,7 +50,7 @@
# system server gets network and bluetooth permissions.
net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs.
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
bluetooth_domain(system_server)
@@ -95,7 +95,7 @@
# Use generic "sockets" where the address family is not known
# to the kernel. The ioctl permission is specifically omitted here, but may
# be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
allow system_server self:socket create_socket_perms_no_ioctl;
# Set and get routes directly via netlink.
diff --git a/prebuilts/api/27.0/public/domain.te b/prebuilts/api/27.0/public/domain.te
index f5c72cc..e9ae56c 100644
--- a/prebuilts/api/27.0/public/domain.te
+++ b/prebuilts/api/27.0/public/domain.te
@@ -195,19 +195,19 @@
allow domain fs_type:filesystem getattr;
allow domain fs_type:dir getattr;
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
# ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
ioctl unpriv_unix_sock_ioctls;
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
# not grant the wider ioctl permission. That must be granted
# separately.
allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -226,7 +226,7 @@
### neverallow rules
###
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
neverallowxperm domain domain:socket_class_set ioctl { 0 };
# TIOCSTI is only ever used for exploits. Block it.
@@ -237,7 +237,7 @@
# Do not allow any domain other than init or recovery to create unlabeled files.
neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
neverallow {
domain
-kernel
@@ -246,7 +246,7 @@
-vold
} self:capability mknod;
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
neverallow {
domain
userdebug_or_eng(`-domain')
@@ -347,7 +347,7 @@
#
# Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
#
neverallow {
domain
@@ -448,7 +448,7 @@
neverallow { domain -init } mmc_prop:property_service set;
# Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
neverallow {
domain
-adbd
@@ -664,7 +664,7 @@
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
@@ -718,7 +718,7 @@
} vendor_shell_exec:file { execute execute_no_trans };
# Do not allow vendor components to execute files from system
- # except for the ones whitelist here.
+ # except for the ones allowlist here.
neverallow {
domain
-coredomain
@@ -916,7 +916,7 @@
# In addition to the symlink reading restrictions above, restrict
# write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
# not be trusting any content in those directories.
neverallow {
domain
diff --git a/prebuilts/api/27.0/public/hal_wifi_supplicant.te b/prebuilts/api/27.0/public/hal_wifi_supplicant.te
index 0f2540e..028440c 100644
--- a/prebuilts/api/27.0/public/hal_wifi_supplicant.te
+++ b/prebuilts/api/27.0/public/hal_wifi_supplicant.te
@@ -5,7 +5,7 @@
add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
diff --git a/prebuilts/api/27.0/public/netd.te b/prebuilts/api/27.0/public/netd.te
index aa99da2..7f7872e 100644
--- a/prebuilts/api/27.0/public/netd.te
+++ b/prebuilts/api/27.0/public/netd.te
@@ -3,7 +3,7 @@
type netd_exec, exec_type, file_type;
net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(netd, cgroup)
diff --git a/prebuilts/api/27.0/public/vendor_toolbox.te b/prebuilts/api/27.0/public/vendor_toolbox.te
index eb292ca..63f938d 100644
--- a/prebuilts/api/27.0/public/vendor_toolbox.te
+++ b/prebuilts/api/27.0/public/vendor_toolbox.te
@@ -7,7 +7,7 @@
# or read, execute the vendor_toolbox file.
full_treble_only(`
# Do not allow non-vendor domains to transition
- # to vendor toolbox except for the whitelisted domains.
+ # to vendor toolbox except for the allowlisted domains.
neverallow {
coredomain
-init
diff --git a/prebuilts/api/28.0/private/domain.te b/prebuilts/api/28.0/private/domain.te
index fb6ba4f..5053c28 100644
--- a/prebuilts/api/28.0/private/domain.te
+++ b/prebuilts/api/28.0/private/domain.te
@@ -4,7 +4,7 @@
allow domain crash_dump:process sigchld;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
neverallow {
domain
-vold
diff --git a/prebuilts/api/28.0/private/incidentd.te b/prebuilts/api/28.0/private/incidentd.te
index 6b248f1..35b184c 100644
--- a/prebuilts/api/28.0/private/incidentd.te
+++ b/prebuilts/api/28.0/private/incidentd.te
@@ -115,7 +115,7 @@
# TODO control_logd(incidentd)
# Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
allow incidentd {
system_server_service
app_api_service
diff --git a/prebuilts/api/28.0/private/isolated_app.te b/prebuilts/api/28.0/private/isolated_app.te
index a6276b3..6af6040 100644
--- a/prebuilts/api/28.0/private/isolated_app.te
+++ b/prebuilts/api/28.0/private/isolated_app.te
@@ -77,7 +77,7 @@
neverallow isolated_app vndbinder_device:chr_file *;
# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
neverallow isolated_app *:service_manager ~find;
# b/17487348
diff --git a/prebuilts/api/28.0/private/perfetto.te b/prebuilts/api/28.0/private/perfetto.te
index 9ac5d87..67725bf 100644
--- a/prebuilts/api/28.0/private/perfetto.te
+++ b/prebuilts/api/28.0/private/perfetto.te
@@ -1,5 +1,5 @@
# Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
# This command line client accesses the privileged socket of the traced
# daemon.
diff --git a/prebuilts/api/28.0/private/system_server.te b/prebuilts/api/28.0/private/system_server.te
index fa84c32..2927e0b 100644
--- a/prebuilts/api/28.0/private/system_server.te
+++ b/prebuilts/api/28.0/private/system_server.te
@@ -46,7 +46,7 @@
# system server gets network and bluetooth permissions.
net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs.
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
bluetooth_domain(system_server)
@@ -91,7 +91,7 @@
# Use generic "sockets" where the address family is not known
# to the kernel. The ioctl permission is specifically omitted here, but may
# be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
allow system_server self:socket create_socket_perms_no_ioctl;
# Set and get routes directly via netlink.
diff --git a/prebuilts/api/28.0/private/traced_probes.te b/prebuilts/api/28.0/private/traced_probes.te
index 5d80f7e..e32e2e6 100644
--- a/prebuilts/api/28.0/private/traced_probes.te
+++ b/prebuilts/api/28.0/private/traced_probes.te
@@ -16,7 +16,7 @@
allow traced_probes debugfs_trace_marker:file getattr;
# TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
userdebug_or_eng(`
allow traced_probes debugfs_tracing_debug:file rw_file_perms;
')
diff --git a/prebuilts/api/28.0/public/app.te b/prebuilts/api/28.0/public/app.te
index 439c1f8..55308da 100644
--- a/prebuilts/api/28.0/public/app.te
+++ b/prebuilts/api/28.0/public/app.te
@@ -530,7 +530,7 @@
tmpfs
}:lnk_file no_w_file_perms;
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
neverallow {
bluetooth
isolated_app
@@ -551,7 +551,7 @@
-shell # bugreport
} input_device:chr_file ~getattr;
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
# neverallow rules for access to Bluetooth-related data files are above.
neverallow {
appdomain
diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te
index e9337b6..2533aec 100644
--- a/prebuilts/api/28.0/public/domain.te
+++ b/prebuilts/api/28.0/public/domain.te
@@ -257,19 +257,19 @@
allow domain fs_type:filesystem getattr;
allow domain fs_type:dir getattr;
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
# ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
ioctl unpriv_unix_sock_ioctls;
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
# not grant the wider ioctl permission. That must be granted
# separately.
allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -288,7 +288,7 @@
### neverallow rules
###
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
neverallowxperm domain domain:socket_class_set ioctl { 0 };
# b/68014825 and https://android-review.googlesource.com/516535
@@ -303,7 +303,7 @@
# Do not allow any domain other than init to create unlabeled files.
neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
neverallow {
domain
-kernel
@@ -312,7 +312,7 @@
-vold
} self:global_capability_class_set mknod;
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
neverallow {
domain
userdebug_or_eng(`-domain')
@@ -424,7 +424,7 @@
#
# Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
#
neverallow {
domain
@@ -552,7 +552,7 @@
')
# Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
neverallow {
domain
-adbd
@@ -928,7 +928,7 @@
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
@@ -997,7 +997,7 @@
full_treble_only(`
# Do not allow vendor components to execute files from system
- # except for the ones whitelist here.
+ # except for the ones allowlist here.
neverallow {
domain
-coredomain
@@ -1014,7 +1014,7 @@
full_treble_only(`
# Do not allow system components to execute files from vendor
- # except for the ones whitelisted here.
+ # except for the ones allowlisted here.
neverallow {
coredomain
-init
@@ -1224,7 +1224,7 @@
# In addition to the symlink reading restrictions above, restrict
# write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
# not be trusting any content in those directories.
neverallow {
domain
diff --git a/prebuilts/api/28.0/public/hal_wifi_supplicant.te b/prebuilts/api/28.0/public/hal_wifi_supplicant.te
index 6bf0d32..3778515 100644
--- a/prebuilts/api/28.0/public/hal_wifi_supplicant.te
+++ b/prebuilts/api/28.0/public/hal_wifi_supplicant.te
@@ -5,7 +5,7 @@
add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
diff --git a/prebuilts/api/28.0/public/netd.te b/prebuilts/api/28.0/public/netd.te
index 18113e7..1fb3d48 100644
--- a/prebuilts/api/28.0/public/netd.te
+++ b/prebuilts/api/28.0/public/netd.te
@@ -3,7 +3,7 @@
type netd_exec, exec_type, file_type;
net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(netd, cgroup)
diff --git a/prebuilts/api/28.0/public/vendor_toolbox.te b/prebuilts/api/28.0/public/vendor_toolbox.te
index eb292ca..63f938d 100644
--- a/prebuilts/api/28.0/public/vendor_toolbox.te
+++ b/prebuilts/api/28.0/public/vendor_toolbox.te
@@ -7,7 +7,7 @@
# or read, execute the vendor_toolbox file.
full_treble_only(`
# Do not allow non-vendor domains to transition
- # to vendor toolbox except for the whitelisted domains.
+ # to vendor toolbox except for the allowlisted domains.
neverallow {
coredomain
-init
diff --git a/prebuilts/api/29.0/private/coredomain.te b/prebuilts/api/29.0/private/coredomain.te
index 169f6b2..419d9fe 100644
--- a/prebuilts/api/29.0/private/coredomain.te
+++ b/prebuilts/api/29.0/private/coredomain.te
@@ -15,7 +15,7 @@
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
diff --git a/prebuilts/api/29.0/private/domain.te b/prebuilts/api/29.0/private/domain.te
index 209eeb0..447176e 100644
--- a/prebuilts/api/29.0/private/domain.te
+++ b/prebuilts/api/29.0/private/domain.te
@@ -83,7 +83,7 @@
')
# Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
neverallow {
domain
-vold
@@ -185,7 +185,7 @@
#
# Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
# Executable files loaded from /data is a persistence vector
# we want to avoid. See
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
@@ -299,7 +299,7 @@
-zygote
} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
neverallow {
domain
userdebug_or_eng(`-domain')
diff --git a/prebuilts/api/29.0/private/heapprofd.te b/prebuilts/api/29.0/private/heapprofd.te
index 5330c58..f984677 100644
--- a/prebuilts/api/29.0/private/heapprofd.te
+++ b/prebuilts/api/29.0/private/heapprofd.te
@@ -29,7 +29,7 @@
allow heapprofd self:capability kill;
# When scanning /proc/[pid]/cmdline to find matching processes for by-name
-# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# profiling, only allowlisted domains will be allowed by SELinux. Avoid
# spamming logs with denials for entries that we can not access.
dontaudit heapprofd domain:dir { search open };
diff --git a/prebuilts/api/29.0/private/incidentd.te b/prebuilts/api/29.0/private/incidentd.te
index b93f1b2..ee9812e 100644
--- a/prebuilts/api/29.0/private/incidentd.te
+++ b/prebuilts/api/29.0/private/incidentd.te
@@ -126,7 +126,7 @@
# TODO control_logd(incidentd)
# Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
allow incidentd {
system_server_service
app_api_service
diff --git a/prebuilts/api/29.0/private/isolated_app.te b/prebuilts/api/29.0/private/isolated_app.te
index 94b49b0..714405f 100644
--- a/prebuilts/api/29.0/private/isolated_app.te
+++ b/prebuilts/api/29.0/private/isolated_app.te
@@ -87,7 +87,7 @@
neverallow isolated_app vndbinder_device:chr_file *;
# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
neverallow isolated_app *:service_manager ~find;
# b/17487348
diff --git a/prebuilts/api/29.0/private/perfetto.te b/prebuilts/api/29.0/private/perfetto.te
index 60a6250..6b1a81a 100644
--- a/prebuilts/api/29.0/private/perfetto.te
+++ b/prebuilts/api/29.0/private/perfetto.te
@@ -1,5 +1,5 @@
# Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
# This command line client accesses the privileged socket of the traced
# daemon.
diff --git a/prebuilts/api/29.0/private/system_server.te b/prebuilts/api/29.0/private/system_server.te
index 73891c9..5f60674 100644
--- a/prebuilts/api/29.0/private/system_server.te
+++ b/prebuilts/api/29.0/private/system_server.te
@@ -50,14 +50,14 @@
# system server gets network and bluetooth permissions.
net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs.
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
bluetooth_domain(system_server)
# Allow setup of tcp keepalive offload. This gives system_server the permission to
# call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
-# be granted individually, except for a small set of safe values whitelisted in
+# be granted individually, except for a small set of safe values allowlisted in
# public/domain.te.
allow system_server appdomain:tcp_socket ioctl;
@@ -102,7 +102,7 @@
# Use generic "sockets" where the address family is not known
# to the kernel. The ioctl permission is specifically omitted here, but may
# be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
allow system_server self:socket create_socket_perms_no_ioctl;
# Set and get routes directly via netlink.
diff --git a/prebuilts/api/29.0/private/traced_probes.te b/prebuilts/api/29.0/private/traced_probes.te
index 4820e3f..5b4c0cc 100644
--- a/prebuilts/api/29.0/private/traced_probes.te
+++ b/prebuilts/api/29.0/private/traced_probes.te
@@ -16,7 +16,7 @@
allow traced_probes debugfs_trace_marker:file getattr;
# TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
userdebug_or_eng(`
allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
allow traced_probes debugfs_tracing_debug:file rw_file_perms;
diff --git a/prebuilts/api/29.0/public/app.te b/prebuilts/api/29.0/public/app.te
index 5c48e71..5b3459f 100644
--- a/prebuilts/api/29.0/public/app.te
+++ b/prebuilts/api/29.0/public/app.te
@@ -537,7 +537,7 @@
tmpfs
}:lnk_file no_w_file_perms;
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
neverallow {
bluetooth
isolated_app
@@ -558,7 +558,7 @@
-shell # bugreport
} input_device:chr_file ~getattr;
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
# neverallow rules for access to Bluetooth-related data files are above.
neverallow {
appdomain
diff --git a/prebuilts/api/29.0/public/domain.te b/prebuilts/api/29.0/public/domain.te
index 987bb9f..1a9e0e1 100644
--- a/prebuilts/api/29.0/public/domain.te
+++ b/prebuilts/api/29.0/public/domain.te
@@ -260,19 +260,19 @@
allow domain fs_type:filesystem getattr;
allow domain fs_type:dir getattr;
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
# ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
ioctl unpriv_unix_sock_ioctls;
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
# not grant the wider ioctl permission. That must be granted
# separately.
allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -288,7 +288,7 @@
# Allow a process to make a determination whether a file descriptor
# for a plain file or pipe (fifo_file) is a tty. Note that granting
-# this whitelist to domain does not grant the ioctl permission to
+# this allowlist to domain does not grant the ioctl permission to
# these files. That must be granted separately.
allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
allowxperm domain domain:fifo_file ioctl { TCGETS };
@@ -331,7 +331,7 @@
###
# All ioctls on file-like objects (except chr_file and blk_file) and
-# sockets must be restricted to a whitelist.
+# sockets must be restricted to a allowlist.
neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 };
# b/68014825 and https://android-review.googlesource.com/516535
@@ -346,7 +346,7 @@
# Do not allow any domain other than init to create unlabeled files.
neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
neverallow {
domain
-kernel
@@ -544,7 +544,7 @@
')
# Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
neverallow {
domain
-adbd
@@ -951,7 +951,7 @@
full_treble_only(`
# Do not allow vendor components to execute files from system
- # except for the ones whitelist here.
+ # except for the ones allowlist here.
neverallow {
domain
-coredomain
@@ -970,7 +970,7 @@
full_treble_only(`
# Do not allow system components to execute files from vendor
- # except for the ones whitelisted here.
+ # except for the ones allowlisted here.
neverallow {
coredomain
-init
@@ -998,7 +998,7 @@
full_treble_only(`
# Do not allow system components access to /vendor files except for the
- # ones whitelisted here.
+ # ones allowlisted here.
neverallow {
coredomain
# TODO(b/37168747): clean up fwk access to /vendor
@@ -1028,7 +1028,7 @@
full_treble_only(`
# Do not allow vendor components access to /system files except for the
- # ones whitelisted here.
+ # ones allowlisted here.
neverallow {
domain
-appdomain
@@ -1215,7 +1215,7 @@
# In addition to the symlink reading restrictions above, restrict
# write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
# not be trusting any content in those directories.
neverallow {
domain
diff --git a/prebuilts/api/29.0/public/hal_wifi_supplicant.te b/prebuilts/api/29.0/public/hal_wifi_supplicant.te
index 6004c33..79a0667 100644
--- a/prebuilts/api/29.0/public/hal_wifi_supplicant.te
+++ b/prebuilts/api/29.0/public/hal_wifi_supplicant.te
@@ -4,7 +4,7 @@
hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
diff --git a/prebuilts/api/29.0/public/netd.te b/prebuilts/api/29.0/public/netd.te
index c8877b2..f776db6 100644
--- a/prebuilts/api/29.0/public/netd.te
+++ b/prebuilts/api/29.0/public/netd.te
@@ -3,7 +3,7 @@
type netd_exec, system_file_type, exec_type, file_type;
net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(netd, cgroup)
diff --git a/prebuilts/api/29.0/public/vendor_toolbox.te b/prebuilts/api/29.0/public/vendor_toolbox.te
index eb292ca..63f938d 100644
--- a/prebuilts/api/29.0/public/vendor_toolbox.te
+++ b/prebuilts/api/29.0/public/vendor_toolbox.te
@@ -7,7 +7,7 @@
# or read, execute the vendor_toolbox file.
full_treble_only(`
# Do not allow non-vendor domains to transition
- # to vendor toolbox except for the whitelisted domains.
+ # to vendor toolbox except for the allowlisted domains.
neverallow {
coredomain
-init
diff --git a/prebuilts/api/30.0/private/atrace.te b/prebuilts/api/30.0/private/atrace.te
index ad7d177..585c254 100644
--- a/prebuilts/api/30.0/private/atrace.te
+++ b/prebuilts/api/30.0/private/atrace.te
@@ -59,7 +59,7 @@
hal_client_domain(atrace, hal_vibrator)
')
-# Remove logspam from notification attempts to non-whitelisted services.
+# Remove logspam from notification attempts to non-allowlisted services.
dontaudit atrace hwservice_manager_type:hwservice_manager find;
dontaudit atrace service_manager_type:service_manager find;
dontaudit atrace domain:binder call;
diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te
index 86e8009..f13d98a 100644
--- a/prebuilts/api/30.0/private/coredomain.te
+++ b/prebuilts/api/30.0/private/coredomain.te
@@ -15,7 +15,7 @@
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te
index 1a8ce50..dc83b8f 100644
--- a/prebuilts/api/30.0/private/domain.te
+++ b/prebuilts/api/30.0/private/domain.te
@@ -122,7 +122,7 @@
allow domain boringssl_self_test_marker:dir search;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
neverallow {
domain
-vold
@@ -225,7 +225,7 @@
#
# Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
# Executable files loaded from /data is a persistence vector
# we want to avoid. See
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
@@ -342,7 +342,7 @@
-zygote
} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
neverallow {
domain
userdebug_or_eng(`-domain')
diff --git a/prebuilts/api/30.0/private/heapprofd.te b/prebuilts/api/30.0/private/heapprofd.te
index ec3e4d0..7bd60a4 100644
--- a/prebuilts/api/30.0/private/heapprofd.te
+++ b/prebuilts/api/30.0/private/heapprofd.te
@@ -29,7 +29,7 @@
allow heapprofd self:capability kill;
# When scanning /proc/[pid]/cmdline to find matching processes for by-name
-# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# profiling, only allowlisted domains will be allowed by SELinux. Avoid
# spamming logs with denials for entries that we can not access.
dontaudit heapprofd domain:dir { search open };
diff --git a/prebuilts/api/30.0/private/incidentd.te b/prebuilts/api/30.0/private/incidentd.te
index 656f69f..f10173b 100644
--- a/prebuilts/api/30.0/private/incidentd.te
+++ b/prebuilts/api/30.0/private/incidentd.te
@@ -145,7 +145,7 @@
r_dir_file(incidentd, misc_logd_file)
# Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
allow incidentd {
system_server_service
app_api_service
diff --git a/prebuilts/api/30.0/private/isolated_app.te b/prebuilts/api/30.0/private/isolated_app.te
index 4c6c5aa..94d60f0 100644
--- a/prebuilts/api/30.0/private/isolated_app.te
+++ b/prebuilts/api/30.0/private/isolated_app.te
@@ -88,7 +88,7 @@
neverallow isolated_app vndbinder_device:chr_file *;
# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
neverallow isolated_app *:service_manager ~find;
# b/17487348
diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te
index 0161361..14707ac 100644
--- a/prebuilts/api/30.0/private/perfetto.te
+++ b/prebuilts/api/30.0/private/perfetto.te
@@ -1,5 +1,5 @@
# Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
# This command line client accesses the privileged socket of the traced
# daemon.
diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te
index 66c46ed..0082827 100644
--- a/prebuilts/api/30.0/private/system_server.te
+++ b/prebuilts/api/30.0/private/system_server.te
@@ -66,14 +66,14 @@
# system server gets network and bluetooth permissions.
net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs.
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
bluetooth_domain(system_server)
# Allow setup of tcp keepalive offload. This gives system_server the permission to
# call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
-# be granted individually, except for a small set of safe values whitelisted in
+# be granted individually, except for a small set of safe values allowlisted in
# public/domain.te.
allow system_server appdomain:tcp_socket ioctl;
@@ -118,7 +118,7 @@
# Use generic "sockets" where the address family is not known
# to the kernel. The ioctl permission is specifically omitted here, but may
# be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
allow system_server self:socket create_socket_perms_no_ioctl;
# Set and get routes directly via netlink.
diff --git a/prebuilts/api/30.0/private/traced_probes.te b/prebuilts/api/30.0/private/traced_probes.te
index dd6ece0..36f9c51 100644
--- a/prebuilts/api/30.0/private/traced_probes.te
+++ b/prebuilts/api/30.0/private/traced_probes.te
@@ -16,7 +16,7 @@
allow traced_probes debugfs_trace_marker:file getattr;
# TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
userdebug_or_eng(`
allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
allow traced_probes debugfs_tracing_debug:file rw_file_perms;
diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te
index e5b9fd6..c892d9e 100644
--- a/prebuilts/api/30.0/public/app.te
+++ b/prebuilts/api/30.0/public/app.te
@@ -537,7 +537,7 @@
tmpfs
}:lnk_file no_w_file_perms;
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
neverallow {
bluetooth
isolated_app
@@ -558,7 +558,7 @@
-shell # bugreport
} input_device:chr_file ~getattr;
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
# neverallow rules for access to Bluetooth-related data files are above.
neverallow {
appdomain
diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te
index 8cb4950..c151b95 100644
--- a/prebuilts/api/30.0/public/domain.te
+++ b/prebuilts/api/30.0/public/domain.te
@@ -260,19 +260,19 @@
allow domain fs_type:filesystem getattr;
allow domain fs_type:dir getattr;
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
# ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
# not grant the ioctl permission on these socket types. That must be granted
# separately.
allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
ioctl unpriv_unix_sock_ioctls;
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
# not grant the wider ioctl permission. That must be granted
# separately.
allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -288,7 +288,7 @@
# Allow a process to make a determination whether a file descriptor
# for a plain file or pipe (fifo_file) is a tty. Note that granting
-# this whitelist to domain does not grant the ioctl permission to
+# this allowlist to domain does not grant the ioctl permission to
# these files. That must be granted separately.
allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
allowxperm domain domain:fifo_file ioctl { TCGETS };
@@ -331,7 +331,7 @@
###
# All ioctls on file-like objects (except chr_file and blk_file) and
-# sockets must be restricted to a whitelist.
+# sockets must be restricted to a allowlist.
neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 };
# b/68014825 and https://android-review.googlesource.com/516535
@@ -346,7 +346,7 @@
# Do not allow any domain other than init to create unlabeled files.
neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
neverallow {
domain
-kernel
@@ -544,7 +544,7 @@
')
# Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
neverallow {
domain
-adbd
@@ -934,7 +934,7 @@
full_treble_only(`
# Do not allow vendor components to execute files from system
- # except for the ones whitelist here.
+ # except for the ones allowlist here.
neverallow {
domain
-coredomain
@@ -955,7 +955,7 @@
full_treble_only(`
# Do not allow system components to execute files from vendor
- # except for the ones whitelisted here.
+ # except for the ones allowlisted here.
neverallow {
coredomain
-init
@@ -984,7 +984,7 @@
full_treble_only(`
# Do not allow system components access to /vendor files except for the
- # ones whitelisted here.
+ # ones allowlisted here.
neverallow {
coredomain
# TODO(b/37168747): clean up fwk access to /vendor
@@ -1019,7 +1019,7 @@
full_treble_only(`
# Do not allow vendor components access to /system files except for the
- # ones whitelisted here.
+ # ones allowlisted here.
neverallow {
domain
-appdomain
@@ -1212,7 +1212,7 @@
# In addition to the symlink reading restrictions above, restrict
# write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
# not be trusting any content in those directories.
neverallow {
domain
diff --git a/prebuilts/api/30.0/public/hal_wifi_supplicant.te b/prebuilts/api/30.0/public/hal_wifi_supplicant.te
index 6004c33..79a0667 100644
--- a/prebuilts/api/30.0/public/hal_wifi_supplicant.te
+++ b/prebuilts/api/30.0/public/hal_wifi_supplicant.te
@@ -4,7 +4,7 @@
hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
diff --git a/prebuilts/api/30.0/public/netd.te b/prebuilts/api/30.0/public/netd.te
index 8005406..0b83d4c 100644
--- a/prebuilts/api/30.0/public/netd.te
+++ b/prebuilts/api/30.0/public/netd.te
@@ -3,7 +3,7 @@
type netd_exec, system_file_type, exec_type, file_type;
net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(netd, cgroup)
diff --git a/prebuilts/api/30.0/public/vendor_toolbox.te b/prebuilts/api/30.0/public/vendor_toolbox.te
index eb292ca..63f938d 100644
--- a/prebuilts/api/30.0/public/vendor_toolbox.te
+++ b/prebuilts/api/30.0/public/vendor_toolbox.te
@@ -7,7 +7,7 @@
# or read, execute the vendor_toolbox file.
full_treble_only(`
# Do not allow non-vendor domains to transition
- # to vendor toolbox except for the whitelisted domains.
+ # to vendor toolbox except for the allowlisted domains.
neverallow {
coredomain
-init
diff --git a/private/atrace.te b/private/atrace.te
index ad7d177..585c254 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -59,7 +59,7 @@
hal_client_domain(atrace, hal_vibrator)
')
-# Remove logspam from notification attempts to non-whitelisted services.
+# Remove logspam from notification attempts to non-allowlisted services.
dontaudit atrace hwservice_manager_type:hwservice_manager find;
dontaudit atrace service_manager_type:service_manager find;
dontaudit atrace domain:binder call;
diff --git a/private/coredomain.te b/private/coredomain.te
index edb2245..f14faf1 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -34,7 +34,7 @@
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
diff --git a/private/domain.te b/private/domain.te
index 8ba992b..6cee382 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -109,7 +109,7 @@
allow domain boringssl_self_test_marker:dir search;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
neverallow {
domain
-vold
@@ -212,7 +212,7 @@
#
# Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
# Executable files loaded from /data is a persistence vector
# we want to avoid. See
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
@@ -329,7 +329,7 @@
-zygote
} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
neverallow {
domain
userdebug_or_eng(`-domain')
diff --git a/private/heapprofd.te b/private/heapprofd.te
index ec3e4d0..7bd60a4 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -29,7 +29,7 @@
allow heapprofd self:capability kill;
# When scanning /proc/[pid]/cmdline to find matching processes for by-name
-# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# profiling, only allowlisted domains will be allowed by SELinux. Avoid
# spamming logs with denials for entries that we can not access.
dontaudit heapprofd domain:dir { search open };
diff --git a/private/incidentd.te b/private/incidentd.te
index 656f69f..f10173b 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -145,7 +145,7 @@
r_dir_file(incidentd, misc_logd_file)
# Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
allow incidentd {
system_server_service
app_api_service
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 33b5219..e9411f5 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -91,7 +91,7 @@
neverallow isolated_app vndbinder_device:chr_file *;
# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
neverallow isolated_app *:service_manager ~find;
# b/17487348
diff --git a/private/perfetto.te b/private/perfetto.te
index 0161361..14707ac 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -1,5 +1,5 @@
# Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
# This command line client accesses the privileged socket of the traced
# daemon.
diff --git a/private/system_server.te b/private/system_server.te
index fc4ba0d..0622908 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -66,14 +66,14 @@
# system server gets network and bluetooth permissions.
net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs.
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
bluetooth_domain(system_server)
# Allow setup of tcp keepalive offload. This gives system_server the permission to
# call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
-# be granted individually, except for a small set of safe values whitelisted in
+# be granted individually, except for a small set of safe values allowlisted in
# public/domain.te.
allow system_server appdomain:tcp_socket ioctl;
@@ -118,7 +118,7 @@
# Use generic "sockets" where the address family is not known
# to the kernel. The ioctl permission is specifically omitted here, but may
# be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
allow system_server self:socket create_socket_perms_no_ioctl;
# Set and get routes directly via netlink.
diff --git a/private/traced_probes.te b/private/traced_probes.te
index dd6ece0..36f9c51 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -16,7 +16,7 @@
allow traced_probes debugfs_trace_marker:file getattr;
# TODO(primiano): temporarily I/O tracing categories are still
-# userdebug only until we nail down the blacklist/whitelist.
+# userdebug only until we nail down the denylist/allowlist.
userdebug_or_eng(`
allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
allow traced_probes debugfs_tracing_debug:file rw_file_perms;
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 6004c33..79a0667 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -4,7 +4,7 @@
hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(hal_wifi_supplicant, sysfs_type)
diff --git a/public/netd.te b/public/netd.te
index 55b6283..ad2dde9 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -3,7 +3,7 @@
type netd_exec, system_file_type, exec_type, file_type;
net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
r_dir_file(netd, cgroup)
diff --git a/public/vendor_toolbox.te b/public/vendor_toolbox.te
index eb292ca..63f938d 100644
--- a/public/vendor_toolbox.te
+++ b/public/vendor_toolbox.te
@@ -7,7 +7,7 @@
# or read, execute the vendor_toolbox file.
full_treble_only(`
# Do not allow non-vendor domains to transition
- # to vendor toolbox except for the whitelisted domains.
+ # to vendor toolbox except for the allowlisted domains.
neverallow {
coredomain
-init