| # Filesystem types |
| type labeledfs, fs_type; |
| type pipefs, fs_type; |
| type sockfs, fs_type; |
| type rootfs, fs_type; |
| type proc, fs_type, proc_type; |
| type binderfs, fs_type; |
| type binderfs_logs, fs_type; |
| type binderfs_logs_proc, fs_type; |
| type binderfs_features, fs_type; |
| # Security-sensitive proc nodes that should not be writable to most. |
| type proc_security, fs_type, proc_type; |
| type proc_drop_caches, fs_type, proc_type; |
| type proc_overcommit_memory, fs_type, proc_type; |
| type proc_min_free_order_shift, fs_type, proc_type; |
| type proc_kpageflags, fs_type, proc_type; |
| type proc_watermark_boost_factor, fs_type, proc_type; |
| # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. |
| type usermodehelper, fs_type, proc_type; |
| type sysfs_usermodehelper, fs_type, sysfs_type; |
| type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; |
| type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; |
| type proc_bluetooth_writable, fs_type, proc_type; |
| type proc_abi, fs_type, proc_type; |
| type proc_asound, fs_type, proc_type; |
| type proc_bootconfig, fs_type, proc_type; |
| type proc_bpf, fs_type, proc_type; |
| type proc_buddyinfo, fs_type, proc_type; |
| type proc_cmdline, fs_type, proc_type; |
| type proc_cpu_alignment, fs_type, proc_type; |
| type proc_cpuinfo, fs_type, proc_type; |
| type proc_dirty, fs_type, proc_type; |
| type proc_diskstats, fs_type, proc_type; |
| type proc_extra_free_kbytes, fs_type, proc_type; |
| type proc_filesystems, fs_type, proc_type; |
| type proc_fs_verity, fs_type, proc_type; |
| type proc_hostname, fs_type, proc_type; |
| type proc_hung_task, fs_type, proc_type; |
| type proc_interrupts, fs_type, proc_type; |
| type proc_iomem, fs_type, proc_type; |
| type proc_kallsyms, fs_type, proc_type; |
| type proc_keys, fs_type, proc_type; |
| type proc_kmsg, fs_type, proc_type; |
| type proc_loadavg, fs_type, proc_type; |
| type proc_locks, fs_type, proc_type; |
| type proc_lowmemorykiller, fs_type, proc_type; |
| type proc_max_map_count, fs_type, proc_type; |
| type proc_meminfo, fs_type, proc_type; |
| type proc_misc, fs_type, proc_type; |
| type proc_modules, fs_type, proc_type; |
| type proc_mounts, fs_type, proc_type; |
| type proc_net, fs_type, proc_type, proc_net_type; |
| type proc_net_tcp_udp, fs_type, proc_type; |
| type proc_page_cluster, fs_type, proc_type; |
| type proc_pagetypeinfo, fs_type, proc_type; |
| type proc_panic, fs_type, proc_type; |
| type proc_perf, fs_type, proc_type; |
| type proc_pid_max, fs_type, proc_type; |
| type proc_pipe_conf, fs_type, proc_type; |
| type proc_pressure_cpu, fs_type, proc_type; |
| type proc_pressure_io, fs_type, proc_type; |
| type proc_pressure_mem, fs_type, proc_type; |
| type proc_random, fs_type, proc_type; |
| type proc_sched, fs_type, proc_type; |
| type proc_slabinfo, fs_type, proc_type; |
| type proc_stat, fs_type, proc_type; |
| type proc_swaps, fs_type, proc_type; |
| type proc_sysrq, fs_type, proc_type; |
| type proc_timer, fs_type, proc_type; |
| type proc_tty_drivers, fs_type, proc_type; |
| type proc_uid_cputime_showstat, fs_type, proc_type; |
| type proc_uid_cputime_removeuid, fs_type, proc_type; |
| type proc_uid_io_stats, fs_type, proc_type; |
| type proc_uid_procstat_set, fs_type, proc_type; |
| type proc_uid_time_in_state, fs_type, proc_type; |
| type proc_uid_concurrent_active_time, fs_type, proc_type; |
| type proc_uid_concurrent_policy_time, fs_type, proc_type; |
| type proc_uid_cpupower, fs_type, proc_type; |
| type proc_uptime, fs_type, proc_type; |
| type proc_version, fs_type, proc_type; |
| type proc_vmallocinfo, fs_type, proc_type; |
| type proc_vmstat, fs_type, proc_type; |
| type proc_watermark_scale_factor, fs_type, proc_type; |
| type proc_zoneinfo, fs_type, proc_type; |
| type proc_vendor_sched, proc_type, fs_type; |
| type selinuxfs, fs_type, mlstrustedobject; |
| type fusectlfs, fs_type; |
| type cgroup, fs_type, mlstrustedobject; |
| type cgroup_v2, fs_type; |
| type sysfs, fs_type, sysfs_type, mlstrustedobject; |
| type sysfs_android_usb, fs_type, sysfs_type; |
| type sysfs_uio, sysfs_type, fs_type; |
| type sysfs_batteryinfo, fs_type, sysfs_type; |
| type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; |
| type sysfs_devfreq_cur, fs_type, sysfs_type; |
| type sysfs_devfreq_dir, fs_type, sysfs_type; |
| type sysfs_devices_block, fs_type, sysfs_type; |
| type sysfs_dm, fs_type, sysfs_type; |
| type sysfs_dm_verity, fs_type, sysfs_type; |
| type sysfs_dma_heap, fs_type, sysfs_type; |
| type sysfs_dmabuf_stats, fs_type, sysfs_type; |
| type sysfs_dt_firmware_android, fs_type, sysfs_type; |
| type sysfs_extcon, fs_type, sysfs_type; |
| type sysfs_ion, fs_type, sysfs_type; |
| type sysfs_ipv4, fs_type, sysfs_type; |
| type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; |
| type sysfs_leds, fs_type, sysfs_type; |
| type sysfs_loop, fs_type, sysfs_type; |
| type sysfs_gpu, fs_type, sysfs_type; |
| type sysfs_hwrandom, fs_type, sysfs_type; |
| type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; |
| type sysfs_wake_lock, fs_type, sysfs_type; |
| type sysfs_net, fs_type, sysfs_type; |
| type sysfs_power, fs_type, sysfs_type; |
| type sysfs_rtc, fs_type, sysfs_type; |
| type sysfs_suspend_stats, fs_type, sysfs_type; |
| type sysfs_switch, fs_type, sysfs_type; |
| type sysfs_transparent_hugepage, fs_type, sysfs_type; |
| type sysfs_lru_gen_enabled, fs_type, sysfs_type; |
| type sysfs_usb, fs_type, sysfs_type; |
| type sysfs_wakeup, fs_type, sysfs_type; |
| type sysfs_wakeup_reasons, fs_type, sysfs_type; |
| type sysfs_fs_ext4_features, sysfs_type, fs_type; |
| type sysfs_fs_f2fs, sysfs_type, fs_type; |
| type sysfs_fs_fuse_bpf, sysfs_type, fs_type; |
| type sysfs_fs_fuse_features, sysfs_type, fs_type; |
| type sysfs_fs_incfs_features, sysfs_type, fs_type; |
| type sysfs_fs_incfs_metrics, sysfs_type, fs_type; |
| type sysfs_vendor_sched, sysfs_type, fs_type; |
| userdebug_or_eng(` |
| typeattribute sysfs_vendor_sched mlstrustedobject; |
| ') |
| type fs_bpf, fs_type, bpffs_type; |
| # TODO: S+ fs_bpf_tethering (used by mainline) should be private |
| type fs_bpf_tethering, fs_type, bpffs_type; |
| type fs_bpf_vendor, fs_type, bpffs_type; |
| type configfs, fs_type; |
| # /sys/devices/cs_etm |
| type sysfs_devices_cs_etm, fs_type, sysfs_type; |
| # /sys/devices/system/cpu |
| type sysfs_devices_system_cpu, fs_type, sysfs_type; |
| # /sys/module/lowmemorykiller |
| type sysfs_lowmemorykiller, fs_type, sysfs_type; |
| # /sys/module/wlan/parameters/fwpath |
| type sysfs_wlan_fwpath, fs_type, sysfs_type; |
| type sysfs_vibrator, fs_type, sysfs_type; |
| type sysfs_uhid, fs_type, sysfs_type; |
| type sysfs_thermal, sysfs_type, fs_type; |
| |
| type sysfs_zram, fs_type, sysfs_type; |
| type sysfs_zram_uevent, fs_type, sysfs_type; |
| type inotify, fs_type, mlstrustedobject; |
| type devpts, fs_type, mlstrustedobject; |
| type tmpfs, fs_type; |
| type shm, fs_type; |
| type mqueue, fs_type; |
| type fuse, fusefs_type, fs_type, mlstrustedobject; |
| type fuseblk, sdcard_type, fusefs_type, fs_type, mlstrustedobject; |
| type sdcardfs, sdcard_type, fs_type, mlstrustedobject; |
| type vfat, sdcard_type, fs_type, mlstrustedobject; |
| type exfat, sdcard_type, fs_type, mlstrustedobject; |
| type debugfs, fs_type, debugfs_type; |
| type debugfs_kprobes, fs_type, debugfs_type; |
| type debugfs_mmc, fs_type, debugfs_type; |
| type debugfs_mm_events_tracing, fs_type, debugfs_type, tracefs_type; |
| type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject, tracefs_type; |
| type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject, tracefs_type; |
| type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject, tracefs_type; |
| type debugfs_tracing_instances, fs_type, debugfs_type, tracefs_type; |
| type debugfs_tracing_printk_formats, fs_type, debugfs_type, tracefs_type; |
| type debugfs_wakeup_sources, fs_type, debugfs_type; |
| type debugfs_wifi_tracing, fs_type, debugfs_type, tracefs_type; |
| type securityfs, fs_type; |
| |
| type pstorefs, fs_type; |
| type functionfs, fs_type, mlstrustedobject; |
| type oemfs, fs_type, contextmount_type; |
| type usbfs, fs_type; |
| type binfmt_miscfs, fs_type; |
| type app_fusefs, fs_type, fusefs_type, contextmount_type; |
| |
| # File types |
| type unlabeled, file_type; |
| |
| # Default type for anything under /system. |
| type system_file, system_file_type, file_type; |
| # Default type for /system/asan.options |
| type system_asan_options_file, system_file_type, file_type; |
| # Type for /system/etc/event-log-tags (liblog implementation detail) |
| type system_event_log_tags_file, system_file_type, file_type; |
| # Default type for anything under /system/lib[64]. |
| type system_lib_file, system_file_type, file_type; |
| # system libraries that are available only to bootstrap processes |
| type system_bootstrap_lib_file, system_file_type, file_type; |
| # Default type for the group file /system/etc/group. |
| type system_group_file, system_file_type, file_type; |
| # Default type for linker executable /system/bin/linker[64]. |
| type system_linker_exec, system_file_type, file_type; |
| # Default type for linker config /system/etc/ld.config.*. |
| type system_linker_config_file, system_file_type, file_type; |
| # Default type for the passwd file /system/etc/passwd. |
| type system_passwd_file, system_file_type, file_type; |
| # Default type for linker config /system/etc/seccomp_policy/*. |
| type system_seccomp_policy_file, system_file_type, file_type; |
| # Default type for cacerts in /system/etc/security/cacerts/*. |
| type system_security_cacerts_file, system_file_type, file_type; |
| # Default type for /system/bin/tcpdump. |
| type tcpdump_exec, system_file_type, exec_type, file_type; |
| # Default type for zoneinfo files in /system/usr/share/zoneinfo/*. |
| type system_zoneinfo_file, system_file_type, file_type; |
| # Cgroups description file under /system/etc/cgroups.json |
| type cgroup_desc_file, system_file_type, file_type; |
| # Cgroups description file under /system/etc/task_profiles/cgroups_*.json |
| type cgroup_desc_api_file, system_file_type, file_type; |
| # Vendor cgroups description file under /vendor/etc/cgroups.json |
| type vendor_cgroup_desc_file, vendor_file_type, file_type; |
| # Task profiles file under /system/etc/task_profiles.json |
| type task_profiles_file, system_file_type, file_type; |
| # Task profiles file under /system/etc/task_profiles/task_profiles_*.json |
| type task_profiles_api_file, system_file_type, file_type; |
| # Vendor task profiles file under /vendor/etc/task_profiles.json |
| type vendor_task_profiles_file, vendor_file_type, file_type; |
| # Type for /system/apex/com.android.art |
| type art_apex_dir, system_file_type, file_type; |
| # /linkerconfig(/.*)? |
| type linkerconfig_file, file_type; |
| # Control files under /data/incremental |
| type incremental_control_file, file_type, data_file_type, core_data_file_type; |
| |
| # Default type for directories search for |
| # HAL implementations |
| type vendor_hal_file, vendor_file_type, file_type; |
| # Default type for under /vendor or /system/vendor |
| type vendor_file, vendor_file_type, file_type; |
| # Default type for everything in /vendor/app |
| type vendor_app_file, vendor_file_type, file_type; |
| # Default type for everything under /vendor/etc/ |
| type vendor_configs_file, vendor_file_type, file_type; |
| # Default type for all *same process* HALs and their lib/bin dependencies. |
| # e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so |
| type same_process_hal_file, vendor_file_type, file_type; |
| # Default type for vndk-sp libs. /vendor/lib/vndk-sp |
| type vndk_sp_file, vendor_file_type, file_type; |
| # Default type for everything in /vendor/framework |
| type vendor_framework_file, vendor_file_type, file_type; |
| # Default type for everything in /vendor/overlay |
| type vendor_overlay_file, vendor_file_type, file_type; |
| # Type for all vendor public libraries. These libs should only be exposed to |
| # apps. ABI stability of these libs is vendor's responsibility. |
| type vendor_public_lib_file, vendor_file_type, file_type; |
| # Type for all vendor public libraries for system. These libs should only be exposed to |
| # system. ABI stability of these libs is vendor's responsibility. |
| type vendor_public_framework_file, vendor_file_type, file_type; |
| # Type for all microdroid related files in the vendor partition. |
| type vendor_microdroid_file, vendor_file_type, file_type; |
| |
| # Input configuration |
| type vendor_keylayout_file, vendor_file_type, file_type; |
| type vendor_keychars_file, vendor_file_type, file_type; |
| type vendor_idc_file, vendor_file_type, file_type; |
| |
| # Type for vendor uuid mapping config file |
| type vendor_uuid_mapping_config_file, vendor_file_type, file_type; |
| |
| # SoC-specific virtual machine disk files |
| type vendor_vm_file, vendor_file_type, file_type; |
| # SoC-specific virtual machine disk files that are mutable |
| type vendor_vm_data_file, vendor_file_type, file_type; |
| |
| # /metadata partition itself |
| type metadata_file, file_type; |
| # Vold files within /metadata |
| type vold_metadata_file, file_type; |
| # GSI files within /metadata |
| type gsi_metadata_file, gsi_metadata_file_type, file_type; |
| # DSU (GSI) files within /metadata that are globally readable. |
| type gsi_public_metadata_file, gsi_metadata_file_type, file_type; |
| # system_server shares Weaver slot information in /metadata |
| type password_slot_metadata_file, file_type; |
| # APEX files within /metadata |
| type apex_metadata_file, file_type; |
| # libsnapshot files within /metadata |
| type ota_metadata_file, file_type; |
| # property files within /metadata/bootstat |
| type metadata_bootstat_file, file_type; |
| # userspace reboot files within /metadata/userspacereboot |
| type userspace_reboot_metadata_file, file_type; |
| # Staged install files within /metadata/staged-install |
| type staged_install_file, file_type; |
| # Metadata information within /metadata/watchdog |
| type watchdog_metadata_file, file_type; |
| |
| # Type for /dev/cpu_variant:.*. |
| type dev_cpu_variant, file_type; |
| # Speedup access for trusted applications to the runtime event tags |
| type runtime_event_log_tags_file, file_type; |
| # Type for /system/bin/logcat. |
| type logcat_exec, system_file_type, exec_type, file_type; |
| # Speedup access to cgroup map file |
| type cgroup_rc_file, file_type; |
| # /cores for coredumps on userdebug / eng builds |
| type coredump_file, file_type; |
| # Type of /data itself |
| type system_data_root_file, file_type, data_file_type, core_data_file_type; |
| # Default type for anything under /data. |
| type system_data_file, file_type, data_file_type, core_data_file_type; |
| # Default type for directories containing per-user encrypted directories, such |
| # as /data/user and /data/user_de. |
| type system_userdir_file, file_type, data_file_type, core_data_file_type; |
| # Type for /data/system/packages.list. |
| # TODO(b/129332765): Narrow down permissions to this. |
| # Find out users of system_data_file that should be granted only this. |
| type packages_list_file, file_type, data_file_type, core_data_file_type; |
| type game_mode_intervention_list_file, file_type, data_file_type, core_data_file_type; |
| # Default type for anything inside /data/vendor_{ce,de}. |
| type vendor_data_file, file_type, data_file_type; |
| # Type for /data/vendor_{ce,de} themselves. This has core_data_file_type |
| # because these directories themselves are platform-managed; only the files |
| # *inside* them are vendor data. (Somewhat similar to system_data_root_file.) |
| type vendor_userdir_file, file_type, data_file_type, core_data_file_type; |
| # Unencrypted data |
| type unencrypted_data_file, file_type, data_file_type, core_data_file_type; |
| # installd-create files in /data/misc/installd such as layout_version |
| type install_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/drm - DRM plugin data |
| type drm_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/adb - adb debugging files |
| type adb_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/anr - ANR traces |
| type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/tombstones - core dumps |
| type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/vendor/tombstones/wifi - vendor wifi dumps |
| type tombstone_wifi_data_file, file_type, data_file_type; |
| # /data/apex - APEX data files |
| type apex_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/app - user-installed apps |
| type apk_data_file, file_type, data_file_type, core_data_file_type; |
| type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/app-private - forward-locked apps |
| type apk_private_data_file, file_type, data_file_type, core_data_file_type; |
| type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/dalvik-cache |
| type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/ota |
| type ota_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/ota_package |
| type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/misc/profiles |
| type user_profile_root_file, file_type, data_file_type, core_data_file_type; |
| type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/misc/profman |
| type profman_dump_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/misc/prereboot |
| type prereboot_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/resource-cache |
| type resourcecache_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/local - writable by shell |
| type shell_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; |
| # /data/property |
| type property_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/bootchart |
| type bootchart_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/system/dropbox |
| type dropbox_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/system/heapdump |
| type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/nativetest |
| type nativetest_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/local/tests |
| type shell_test_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/system_de/0/ringtones |
| type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # /data/preloads |
| type preloads_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/preloads/media |
| type preloads_media_file, file_type, data_file_type, core_data_file_type; |
| # /data/misc/dhcp and /data/misc/dhcp-6.8.2 |
| type dhcp_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/server_configurable_flags |
| type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/app-staging |
| type staging_data_file, file_type, data_file_type, core_data_file_type; |
| # /vendor/apex |
| type vendor_apex_file, vendor_file_type, file_type; |
| # apex_manifest.pb in vendor apex |
| type vendor_apex_metadata_file, vendor_file_type, file_type; |
| # /data/system/shutdown-checkpoints |
| type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type; |
| |
| # Mount locations managed by vold |
| type mnt_media_rw_file, file_type; |
| type mnt_user_file, file_type; |
| type mnt_pass_through_file, file_type; |
| type mnt_expand_file, file_type; |
| type mnt_sdcard_file, file_type; |
| type storage_file, file_type; |
| |
| # Label for storage dirs which are just mount stubs |
| type mnt_media_rw_stub_file, file_type; |
| type storage_stub_file, file_type; |
| |
| # Mount location for read-write vendor partitions. |
| type mnt_vendor_file, file_type; |
| |
| # Mount location for read-write product partitions. |
| type mnt_product_file, file_type; |
| |
| # Mount point used for APEX images |
| type apex_mnt_dir, file_type; |
| |
| # /apex/apex-info-list.xml created by apexd |
| type apex_info_file, file_type; |
| |
| # /postinstall: Mount point used by update_engine to run postinstall. |
| type postinstall_mnt_dir, file_type; |
| # Files inside the /postinstall mountpoint are all labeled as postinstall_file. |
| type postinstall_file, file_type; |
| # /postinstall/apex: Mount point used for APEX images within /postinstall. |
| type postinstall_apex_mnt_dir, file_type; |
| |
| # /data_mirror: Contains mirror directory for storing all apps data. |
| type mirror_data_file, file_type, core_data_file_type; |
| |
| # /data/misc subdirectories |
| type adb_keys_file, file_type, data_file_type, core_data_file_type; |
| type apex_system_server_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; |
| type apex_module_data_file, file_type, data_file_type, core_data_file_type; |
| type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type; |
| type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; |
| type appcompat_data_file, file_type, data_file_type, core_data_file_type; |
| type audio_data_file, file_type, data_file_type, core_data_file_type; |
| type audioserver_data_file, file_type, data_file_type, core_data_file_type; |
| type bluetooth_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; |
| type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; |
| type bootstat_data_file, file_type, data_file_type, core_data_file_type; |
| type boottrace_data_file, file_type, data_file_type, core_data_file_type; |
| type camera_data_file, file_type, data_file_type, core_data_file_type; |
| type credstore_data_file, file_type, data_file_type, core_data_file_type; |
| type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; |
| type incident_data_file, file_type, data_file_type, core_data_file_type; |
| type keychain_data_file, file_type, data_file_type, core_data_file_type; |
| type keystore_data_file, file_type, data_file_type, core_data_file_type; |
| type media_data_file, file_type, data_file_type, core_data_file_type; |
| type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| type media_userdir_file, file_type, data_file_type, core_data_file_type; |
| type misc_user_data_file, file_type, data_file_type, core_data_file_type; |
| type net_data_file, file_type, data_file_type, core_data_file_type; |
| type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; |
| type nfc_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; |
| type nfc_logs_data_file, file_type, data_file_type, core_data_file_type; |
| type radio_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; |
| type recovery_data_file, file_type, data_file_type, core_data_file_type; |
| type shared_relro_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type; |
| type stats_config_data_file, file_type, data_file_type, core_data_file_type; |
| type stats_data_file, file_type, data_file_type, core_data_file_type; |
| type systemkeys_data_file, file_type, data_file_type, core_data_file_type; |
| type textclassifier_data_file, file_type, data_file_type, core_data_file_type; |
| type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| type vpn_data_file, file_type, data_file_type, core_data_file_type; |
| type wifi_data_file, file_type, data_file_type, core_data_file_type; |
| type vold_data_file, file_type, data_file_type, core_data_file_type; |
| type tee_data_file, file_type, data_file_type; |
| type update_engine_data_file, file_type, data_file_type, core_data_file_type; |
| type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; |
| # /data/misc/trace for method traces on userdebug / eng builds |
| type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| type gsi_data_file, file_type, data_file_type, core_data_file_type; |
| type radio_core_data_file, file_type, data_file_type, core_data_file_type; |
| |
| # /data/data subdirectories - app sandboxes |
| type app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; |
| # /data/data subdirectories - priv-app sandboxes |
| type privapp_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; |
| # /data/data subdirectory for system UID apps. |
| type system_app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; |
| # Compatibility with type name used in Android 4.3 and 4.4. |
| # Default type for anything under /cache |
| type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # Type for /cache/overlay /mnt/scratch/overlay |
| type overlayfs_file, file_type, data_file_type, core_data_file_type; |
| # Type for /cache/backup_stage/* (fd interchange with apps) |
| type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # type for anything under /cache/backup (local transport storage) |
| type cache_private_backup_file, file_type, data_file_type, core_data_file_type; |
| # Type for anything under /cache/recovery |
| type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # Default type for anything under /efs |
| type efs_file, file_type; |
| # Type for wallpaper file. |
| type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # Type for shortcut manager icon file. |
| type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # Type for user icon file. |
| type icon_file, file_type, data_file_type, core_data_file_type; |
| # /mnt/asec |
| type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # Elements of asec files (/mnt/asec) that are world readable |
| type asec_public_file, file_type, data_file_type, core_data_file_type; |
| # /data/app-asec |
| type asec_image_file, file_type, data_file_type, core_data_file_type; |
| # /data/backup and /data/secure/backup |
| type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # All devices have bluetooth efs files. But they |
| # vary per device, so this type is used in per |
| # device policy |
| type bluetooth_efs_file, file_type; |
| # Type for fingerprint template file |
| type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; |
| # Type for _new_ fingerprint template file |
| type fingerprint_vendor_data_file, file_type, data_file_type; |
| # Type for appfuse file. |
| type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; |
| # Type for face template file |
| type face_vendor_data_file, file_type, data_file_type; |
| # Type for iris template file |
| type iris_vendor_data_file, file_type, data_file_type; |
| |
| # Socket types |
| type adbd_socket, file_type, coredomain_socket; |
| type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; |
| type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; |
| type dumpstate_socket, file_type, coredomain_socket; |
| type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; |
| type lmkd_socket, file_type, coredomain_socket; |
| type logd_socket, file_type, coredomain_socket, mlstrustedobject; |
| type logdr_socket, file_type, coredomain_socket, mlstrustedobject; |
| type logdw_socket, file_type, coredomain_socket, mlstrustedobject; |
| type mdns_socket, file_type, coredomain_socket; |
| type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; |
| type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; |
| type mtpd_socket, file_type, coredomain_socket; |
| type property_socket, file_type, coredomain_socket, mlstrustedobject; |
| type racoon_socket, file_type, coredomain_socket; |
| type recovery_socket, file_type, coredomain_socket; |
| type rild_socket, file_type; |
| type rild_debug_socket, file_type; |
| type snapuserd_socket, file_type, coredomain_socket; |
| type snapuserd_proxy_socket, file_type, coredomain_socket; |
| type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; |
| type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; |
| type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; |
| type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; |
| type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; |
| type tombstoned_java_trace_socket, file_type, mlstrustedobject; |
| type tombstoned_intercept_socket, file_type, coredomain_socket; |
| type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; |
| type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject; |
| type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; |
| type uncrypt_socket, file_type, coredomain_socket; |
| type wpa_socket, file_type, data_file_type, core_data_file_type; |
| type zygote_socket, file_type, coredomain_socket; |
| type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; |
| # UART (for GPS) control proc file |
| type gps_control, file_type; |
| |
| # PDX endpoint types |
| type pdx_display_dir, pdx_endpoint_dir_type, file_type; |
| type pdx_performance_dir, pdx_endpoint_dir_type, file_type; |
| type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; |
| |
| pdx_service_socket_types(display_client, pdx_display_dir) |
| pdx_service_socket_types(display_manager, pdx_display_dir) |
| pdx_service_socket_types(display_screenshot, pdx_display_dir) |
| pdx_service_socket_types(display_vsync, pdx_display_dir) |
| pdx_service_socket_types(performance_client, pdx_performance_dir) |
| pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) |
| |
| # file_contexts files |
| type file_contexts_file, system_file_type, file_type; |
| |
| # mac_permissions file |
| type mac_perms_file, system_file_type, file_type; |
| |
| # property_contexts file |
| type property_contexts_file, system_file_type, file_type; |
| |
| # seapp_contexts file |
| type seapp_contexts_file, system_file_type, file_type; |
| |
| # sepolicy files binary and others |
| type sepolicy_file, system_file_type, file_type; |
| |
| # service_contexts file |
| type service_contexts_file, system_file_type, file_type; |
| |
| # keystore2_key_contexts_file |
| type keystore2_key_contexts_file, system_file_type, file_type; |
| |
| # vendor service_contexts file |
| type vendor_service_contexts_file, vendor_file_type, file_type; |
| |
| # hwservice_contexts file |
| type hwservice_contexts_file, system_file_type, file_type; |
| |
| # vndservice_contexts file |
| type vndservice_contexts_file, file_type; |
| |
| # /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions. |
| type debugfs_bootreceiver_tracing, fs_type, debugfs_type, tracefs_type; |
| |
| # kernel modules |
| type vendor_kernel_modules, vendor_file_type, file_type; |
| |
| # system_dlkm |
| type system_dlkm_file, system_dlkm_file_type, file_type; |
| |
| # Allow files to be created in their appropriate filesystems. |
| allow fs_type self:filesystem associate; |
| allow cgroup tmpfs:filesystem associate; |
| allow cgroup_v2 tmpfs:filesystem associate; |
| allow cgroup_rc_file tmpfs:filesystem associate; |
| allow sysfs_type sysfs:filesystem associate; |
| allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate; |
| allow file_type labeledfs:filesystem associate; |
| allow file_type tmpfs:filesystem associate; |
| allow file_type rootfs:filesystem associate; |
| allow dev_type tmpfs:filesystem associate; |
| allow app_fuse_file app_fusefs:filesystem associate; |
| allow postinstall_file self:filesystem associate; |
| allow proc_net proc:filesystem associate; |
| |
| # asanwrapper (run a sanitized app_process, to be used with wrap properties) |
| with_asan(`type asanwrapper_exec, exec_type, file_type;') |
| |
| # Deprecated in SDK version 28 |
| type audiohal_data_file, file_type, data_file_type, core_data_file_type; |
| |
| # It's a bug to assign the file_type attribute and fs_type attribute |
| # to any type. Do not allow it. |
| # |
| # For example, the following is a bug: |
| # type apk_data_file, file_type, data_file_type, fs_type; |
| # Should be: |
| # type apk_data_file, file_type, data_file_type; |
| neverallow fs_type file_type:filesystem associate; |