1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type, proc_type; 7type binderfs, fs_type; 8type binderfs_logs, fs_type; 9type binderfs_logs_proc, fs_type; 10# Security-sensitive proc nodes that should not be writable to most. 11type proc_security, fs_type, proc_type; 12type proc_drop_caches, fs_type, proc_type; 13type proc_overcommit_memory, fs_type, proc_type; 14type proc_min_free_order_shift, fs_type, proc_type; 15type proc_kpageflags, fs_type, proc_type; 16# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 17type usermodehelper, fs_type, proc_type; 18type sysfs_usermodehelper, fs_type, sysfs_type; 19type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; 20type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; 21type proc_bluetooth_writable, fs_type, proc_type; 22type proc_abi, fs_type, proc_type; 23type proc_asound, fs_type, proc_type; 24type proc_buddyinfo, fs_type, proc_type; 25type proc_cmdline, fs_type, proc_type; 26type proc_cpuinfo, fs_type, proc_type; 27type proc_dirty, fs_type, proc_type; 28type proc_diskstats, fs_type, proc_type; 29type proc_extra_free_kbytes, fs_type, proc_type; 30type proc_filesystems, fs_type, proc_type; 31type proc_fs_verity, fs_type, proc_type; 32type proc_hostname, fs_type, proc_type; 33type proc_hung_task, fs_type, proc_type; 34type proc_interrupts, fs_type, proc_type; 35type proc_iomem, fs_type, proc_type; 36type proc_keys, fs_type, proc_type; 37type proc_kmsg, fs_type, proc_type; 38type proc_loadavg, fs_type, proc_type; 39type proc_lowmemorykiller, fs_type, proc_type; 40type proc_max_map_count, fs_type, proc_type; 41type proc_meminfo, fs_type, proc_type; 42type proc_misc, fs_type, proc_type; 43type proc_modules, fs_type, proc_type; 44type proc_mounts, fs_type, proc_type; 45type proc_net, fs_type, proc_type, proc_net_type; 46type proc_net_tcp_udp, fs_type, proc_type; 47type proc_page_cluster, fs_type, proc_type; 48type proc_pagetypeinfo, fs_type, proc_type; 49type proc_panic, fs_type, proc_type; 50type proc_perf, fs_type, proc_type; 51type proc_pid_max, fs_type, proc_type; 52type proc_pipe_conf, fs_type, proc_type; 53type proc_pressure_cpu, fs_type, proc_type; 54type proc_pressure_io, fs_type, proc_type; 55type proc_pressure_mem, fs_type, proc_type; 56type proc_random, fs_type, proc_type; 57type proc_sched, fs_type, proc_type; 58type proc_slabinfo, fs_type, proc_type; 59type proc_stat, fs_type, proc_type; 60type proc_swaps, fs_type, proc_type; 61type proc_sysrq, fs_type, proc_type; 62type proc_timer, fs_type, proc_type; 63type proc_tty_drivers, fs_type, proc_type; 64type proc_uid_cputime_showstat, fs_type, proc_type; 65type proc_uid_cputime_removeuid, fs_type, proc_type; 66type proc_uid_io_stats, fs_type, proc_type; 67type proc_uid_procstat_set, fs_type, proc_type; 68type proc_uid_time_in_state, fs_type, proc_type; 69type proc_uid_concurrent_active_time, fs_type, proc_type; 70type proc_uid_concurrent_policy_time, fs_type, proc_type; 71type proc_uid_cpupower, fs_type, proc_type; 72type proc_uptime, fs_type, proc_type; 73type proc_version, fs_type, proc_type; 74type proc_vmallocinfo, fs_type, proc_type; 75type proc_vmstat, fs_type, proc_type; 76type proc_zoneinfo, fs_type, proc_type; 77type selinuxfs, fs_type, mlstrustedobject; 78type fusectlfs, fs_type; 79type cgroup, fs_type, mlstrustedobject; 80type cgroup_bpf, fs_type; 81type sysfs, fs_type, sysfs_type, mlstrustedobject; 82type sysfs_android_usb, fs_type, sysfs_type; 83type sysfs_uio, sysfs_type, fs_type; 84type sysfs_batteryinfo, fs_type, sysfs_type; 85type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 86type sysfs_devices_block, fs_type, sysfs_type; 87type sysfs_dm, fs_type, sysfs_type; 88type sysfs_dm_verity, fs_type, sysfs_type; 89type sysfs_dt_firmware_android, fs_type, sysfs_type; 90type sysfs_extcon, fs_type, sysfs_type; 91type sysfs_ion, fs_type, sysfs_type; 92type sysfs_ipv4, fs_type, sysfs_type; 93type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; 94type sysfs_leds, fs_type, sysfs_type; 95type sysfs_loop, fs_type, sysfs_type; 96type sysfs_hwrandom, fs_type, sysfs_type; 97type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 98type sysfs_wake_lock, fs_type, sysfs_type; 99type sysfs_net, fs_type, sysfs_type; 100type sysfs_power, fs_type, sysfs_type; 101type sysfs_rtc, fs_type, sysfs_type; 102type sysfs_suspend_stats, fs_type, sysfs_type; 103type sysfs_switch, fs_type, sysfs_type; 104type sysfs_transparent_hugepage, fs_type, sysfs_type; 105type sysfs_usb, fs_type, sysfs_type; 106type sysfs_wakeup, fs_type, sysfs_type; 107type sysfs_wakeup_reasons, fs_type, sysfs_type; 108type sysfs_fs_ext4_features, sysfs_type, fs_type; 109type sysfs_fs_f2fs, sysfs_type, fs_type; 110type fs_bpf, fs_type; 111type configfs, fs_type; 112# /sys/devices/system/cpu 113type sysfs_devices_system_cpu, fs_type, sysfs_type; 114# /sys/module/lowmemorykiller 115type sysfs_lowmemorykiller, fs_type, sysfs_type; 116# /sys/module/wlan/parameters/fwpath 117type sysfs_wlan_fwpath, fs_type, sysfs_type; 118type sysfs_vibrator, fs_type, sysfs_type; 119 120type sysfs_thermal, sysfs_type, fs_type; 121 122type sysfs_zram, fs_type, sysfs_type; 123type sysfs_zram_uevent, fs_type, sysfs_type; 124type inotify, fs_type, mlstrustedobject; 125type devpts, fs_type, mlstrustedobject; 126type tmpfs, fs_type; 127type shm, fs_type; 128type mqueue, fs_type; 129type fuse, sdcard_type, fs_type, mlstrustedobject; 130type sdcardfs, sdcard_type, fs_type, mlstrustedobject; 131type vfat, sdcard_type, fs_type, mlstrustedobject; 132type exfat, sdcard_type, fs_type, mlstrustedobject; 133type debugfs, fs_type, debugfs_type; 134type debugfs_kprobes, fs_type, debugfs_type; 135type debugfs_mmc, fs_type, debugfs_type; 136type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; 137type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject; 138type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject; 139type debugfs_tracing_instances, fs_type, debugfs_type; 140type debugfs_wakeup_sources, fs_type, debugfs_type; 141type debugfs_wifi_tracing, fs_type, debugfs_type; 142type securityfs, fs_type; 143 144type pstorefs, fs_type; 145type functionfs, fs_type, mlstrustedobject; 146type oemfs, fs_type, contextmount_type; 147type usbfs, fs_type; 148type binfmt_miscfs, fs_type; 149type app_fusefs, fs_type, contextmount_type; 150 151# File types 152type unlabeled, file_type; 153 154# Default type for anything under /system. 155type system_file, system_file_type, file_type; 156# Default type for /system/asan.options 157type system_asan_options_file, system_file_type, file_type; 158# Type for /system/etc/event-log-tags (liblog implementation detail) 159type system_event_log_tags_file, system_file_type, file_type; 160# Default type for anything under /system/lib[64]. 161type system_lib_file, system_file_type, file_type; 162# system libraries that are available only to bootstrap processes 163type system_bootstrap_lib_file, system_file_type, file_type; 164# Default type for the group file /system/etc/group. 165type system_group_file, system_file_type, file_type; 166# Default type for linker executable /system/bin/linker[64]. 167type system_linker_exec, system_file_type, file_type; 168# Default type for linker config /system/etc/ld.config.*. 169type system_linker_config_file, system_file_type, file_type; 170# Default type for the passwd file /system/etc/passwd. 171type system_passwd_file, system_file_type, file_type; 172# Default type for linker config /system/etc/seccomp_policy/*. 173type system_seccomp_policy_file, system_file_type, file_type; 174# Default type for cacerts in /system/etc/security/cacerts/*. 175type system_security_cacerts_file, system_file_type, file_type; 176# Default type for /system/bin/tcpdump. 177type tcpdump_exec, system_file_type, exec_type, file_type; 178# Default type for zoneinfo files in /system/usr/share/zoneinfo/*. 179type system_zoneinfo_file, system_file_type, file_type; 180# Cgroups description file under /system/etc/cgroups.json 181type cgroup_desc_file, system_file_type, file_type; 182# Vendor cgroups description file under /vendor/etc/cgroups.json 183type vendor_cgroup_desc_file, vendor_file_type, file_type; 184# Task profiles file under /system/etc/task_profiles.json 185type task_profiles_file, system_file_type, file_type; 186# Vendor task profiles file under /vendor/etc/task_profiles.json 187type vendor_task_profiles_file, vendor_file_type, file_type; 188# Type for /system/apex/com.android.art 189type art_apex_dir, system_file_type, file_type; 190# /linkerconfig(/.*)? 191type linkerconfig_file, file_type; 192# Control files under /data/incremental 193type incremental_control_file, file_type, data_file_type, core_data_file_type; 194 195# Default type for directories search for 196# HAL implementations 197type vendor_hal_file, vendor_file_type, file_type; 198# Default type for under /vendor or /system/vendor 199type vendor_file, vendor_file_type, file_type; 200# Default type for everything in /vendor/app 201type vendor_app_file, vendor_file_type, file_type; 202# Default type for everything under /vendor/etc/ 203type vendor_configs_file, vendor_file_type, file_type; 204# Default type for all *same process* HALs and their lib/bin dependencies. 205# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so 206type same_process_hal_file, vendor_file_type, file_type; 207# Default type for vndk-sp libs. /vendor/lib/vndk-sp 208type vndk_sp_file, vendor_file_type, file_type; 209# Default type for everything in /vendor/framework 210type vendor_framework_file, vendor_file_type, file_type; 211# Default type for everything in /vendor/overlay 212type vendor_overlay_file, vendor_file_type, file_type; 213# Type for all vendor public libraries. These libs should only be exposed to 214# apps. ABI stability of these libs is vendor's responsibility. 215type vendor_public_lib_file, vendor_file_type, file_type; 216 217# Input configuration 218type vendor_keylayout_file, vendor_file_type, file_type; 219type vendor_keychars_file, vendor_file_type, file_type; 220type vendor_idc_file, vendor_file_type, file_type; 221 222# /metadata partition itself 223type metadata_file, file_type; 224# Vold files within /metadata 225type vold_metadata_file, file_type; 226# GSI files within /metadata 227type gsi_metadata_file, file_type; 228# system_server shares Weaver slot information in /metadata 229type password_slot_metadata_file, file_type; 230# APEX files within /metadata 231type apex_metadata_file, file_type; 232# libsnapshot files within /metadata 233type ota_metadata_file, file_type; 234# property files within /metadata/bootstat 235type metadata_bootstat_file, file_type; 236# Staged install files within /metadata/staged-install 237type staged_install_file, file_type; 238 239# Type for /dev/cpu_variant:.*. 240type dev_cpu_variant, file_type; 241# Speedup access for trusted applications to the runtime event tags 242type runtime_event_log_tags_file, file_type; 243# Type for /system/bin/logcat. 244type logcat_exec, system_file_type, exec_type, file_type; 245# Speedup access to cgroup map file 246type cgroup_rc_file, file_type; 247# /cores for coredumps on userdebug / eng builds 248type coredump_file, file_type; 249# Type of /data itself 250type system_data_root_file, file_type, data_file_type, core_data_file_type; 251# Default type for anything under /data. 252type system_data_file, file_type, data_file_type, core_data_file_type; 253# Type for /data/system/packages.list. 254# TODO(b/129332765): Narrow down permissions to this. 255# Find out users of system_data_file that should be granted only this. 256type packages_list_file, file_type, data_file_type, core_data_file_type; 257# Default type for anything under /data/vendor{_ce,_de}. 258type vendor_data_file, file_type, data_file_type; 259# Unencrypted data 260type unencrypted_data_file, file_type, data_file_type, core_data_file_type; 261# installd-create files in /data/misc/installd such as layout_version 262type install_data_file, file_type, data_file_type, core_data_file_type; 263# /data/drm - DRM plugin data 264type drm_data_file, file_type, data_file_type, core_data_file_type; 265# /data/adb - adb debugging files 266type adb_data_file, file_type, data_file_type, core_data_file_type; 267# /data/anr - ANR traces 268type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 269# /data/tombstones - core dumps 270type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 271# /data/vendor/tombstones/wifi - vendor wifi dumps 272type tombstone_wifi_data_file, file_type, data_file_type; 273# /data/apex - APEX data files 274type apex_data_file, file_type, data_file_type, core_data_file_type; 275# /data/app - user-installed apps 276type apk_data_file, file_type, data_file_type, core_data_file_type; 277type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 278# /data/app-private - forward-locked apps 279type apk_private_data_file, file_type, data_file_type, core_data_file_type; 280type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 281# /data/dalvik-cache 282type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; 283# /data/ota 284type ota_data_file, file_type, data_file_type, core_data_file_type; 285# /data/ota_package 286type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 287# /data/misc/profiles 288type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 289# /data/misc/profman 290type profman_dump_data_file, file_type, data_file_type, core_data_file_type; 291# /data/misc/prereboot 292type prereboot_data_file, file_type, data_file_type, core_data_file_type; 293# /data/resource-cache 294type resourcecache_data_file, file_type, data_file_type, core_data_file_type; 295# /data/local - writable by shell 296type shell_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 297# /data/property 298type property_data_file, file_type, data_file_type, core_data_file_type; 299# /data/bootchart 300type bootchart_data_file, file_type, data_file_type, core_data_file_type; 301# /data/system/dropbox 302type dropbox_data_file, file_type, data_file_type, core_data_file_type; 303# /data/system/heapdump 304type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 305# /data/nativetest 306type nativetest_data_file, file_type, data_file_type, core_data_file_type; 307# /data/system_de/0/ringtones 308type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 309# /data/preloads 310type preloads_data_file, file_type, data_file_type, core_data_file_type; 311# /data/preloads/media 312type preloads_media_file, file_type, data_file_type, core_data_file_type; 313# /data/misc/dhcp and /data/misc/dhcp-6.8.2 314type dhcp_data_file, file_type, data_file_type, core_data_file_type; 315# /data/server_configurable_flags 316type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; 317# /data/app-staging 318type staging_data_file, file_type, data_file_type, core_data_file_type; 319# /vendor/apex 320type vendor_apex_file, vendor_file_type, file_type; 321 322# Mount locations managed by vold 323type mnt_media_rw_file, file_type; 324type mnt_user_file, file_type; 325type mnt_pass_through_file, file_type; 326type mnt_expand_file, file_type; 327type mnt_sdcard_file, file_type; 328type storage_file, file_type; 329 330# Label for storage dirs which are just mount stubs 331type mnt_media_rw_stub_file, file_type; 332type storage_stub_file, file_type; 333 334# Mount location for read-write vendor partitions. 335type mnt_vendor_file, file_type; 336 337# Mount location for read-write product partitions. 338type mnt_product_file, file_type; 339 340# Mount point used for APEX images 341type apex_mnt_dir, file_type; 342 343# /postinstall: Mount point used by update_engine to run postinstall. 344type postinstall_mnt_dir, file_type; 345# Files inside the /postinstall mountpoint are all labeled as postinstall_file. 346type postinstall_file, file_type; 347# /postinstall/apex: Mount point used for APEX images within /postinstall. 348type postinstall_apex_mnt_dir, file_type; 349 350# /data_mirror: Contains mirror directory for storing all apps data. 351type mirror_data_file, file_type, core_data_file_type; 352 353# /data/misc subdirectories 354type adb_keys_file, file_type, data_file_type, core_data_file_type; 355type apex_module_data_file, file_type, data_file_type, core_data_file_type; 356type apex_permission_data_file, file_type, data_file_type, core_data_file_type; 357type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; 358type apex_wifi_data_file, file_type, data_file_type, core_data_file_type; 359type audio_data_file, file_type, data_file_type, core_data_file_type; 360type audioserver_data_file, file_type, data_file_type, core_data_file_type; 361type bluetooth_data_file, file_type, data_file_type, core_data_file_type; 362type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; 363type bootstat_data_file, file_type, data_file_type, core_data_file_type; 364type boottrace_data_file, file_type, data_file_type, core_data_file_type; 365type camera_data_file, file_type, data_file_type, core_data_file_type; 366type credstore_data_file, file_type, data_file_type, core_data_file_type; 367type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; 368type incident_data_file, file_type, data_file_type, core_data_file_type; 369type keychain_data_file, file_type, data_file_type, core_data_file_type; 370type keystore_data_file, file_type, data_file_type, core_data_file_type; 371type media_data_file, file_type, data_file_type, core_data_file_type; 372type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 373type misc_user_data_file, file_type, data_file_type, core_data_file_type; 374type net_data_file, file_type, data_file_type, core_data_file_type; 375type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; 376type nfc_data_file, file_type, data_file_type, core_data_file_type; 377type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 378type recovery_data_file, file_type, data_file_type, core_data_file_type; 379type shared_relro_file, file_type, data_file_type, core_data_file_type; 380type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type; 381type stats_data_file, file_type, data_file_type, core_data_file_type; 382type systemkeys_data_file, file_type, data_file_type, core_data_file_type; 383type textclassifier_data_file, file_type, data_file_type, core_data_file_type; 384type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 385type vpn_data_file, file_type, data_file_type, core_data_file_type; 386type wifi_data_file, file_type, data_file_type, core_data_file_type; 387type zoneinfo_data_file, file_type, data_file_type, core_data_file_type; 388type vold_data_file, file_type, data_file_type, core_data_file_type; 389type iorapd_data_file, file_type, data_file_type, core_data_file_type; 390type tee_data_file, file_type, data_file_type; 391type update_engine_data_file, file_type, data_file_type, core_data_file_type; 392type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; 393# /data/misc/trace for method traces on userdebug / eng builds 394type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 395type gsi_data_file, file_type, data_file_type, core_data_file_type; 396 397# /data/data subdirectories - app sandboxes 398type app_data_file, file_type, data_file_type, core_data_file_type; 399# /data/data subdirectories - priv-app sandboxes 400type privapp_data_file, file_type, data_file_type, core_data_file_type; 401# /data/data subdirectory for system UID apps. 402type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 403# Compatibility with type name used in Android 4.3 and 4.4. 404# Default type for anything under /cache 405type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 406# Type for /cache/overlay /mnt/scratch/overlay 407type overlayfs_file, file_type, data_file_type, core_data_file_type; 408# Type for /cache/backup_stage/* (fd interchange with apps) 409type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 410# type for anything under /cache/backup (local transport storage) 411type cache_private_backup_file, file_type, data_file_type, core_data_file_type; 412# Type for anything under /cache/recovery 413type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 414# Default type for anything under /efs 415type efs_file, file_type; 416# Type for wallpaper file. 417type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 418# Type for shortcut manager icon file. 419type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; 420# Type for user icon file. 421type icon_file, file_type, data_file_type, core_data_file_type; 422# /mnt/asec 423type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 424# Elements of asec files (/mnt/asec) that are world readable 425type asec_public_file, file_type, data_file_type, core_data_file_type; 426# /data/app-asec 427type asec_image_file, file_type, data_file_type, core_data_file_type; 428# /data/backup and /data/secure/backup 429type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 430# All devices have bluetooth efs files. But they 431# vary per device, so this type is used in per 432# device policy 433type bluetooth_efs_file, file_type; 434# Type for fingerprint template file 435type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; 436# Type for _new_ fingerprint template file 437type fingerprint_vendor_data_file, file_type, data_file_type; 438# Type for appfuse file. 439type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 440# Type for face template file 441type face_vendor_data_file, file_type, data_file_type; 442# Type for iris template file 443type iris_vendor_data_file, file_type, data_file_type; 444 445# Socket types 446type adbd_socket, file_type, coredomain_socket; 447type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 448type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; 449type dumpstate_socket, file_type, coredomain_socket; 450type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; 451type lmkd_socket, file_type, coredomain_socket; 452type logd_socket, file_type, coredomain_socket, mlstrustedobject; 453type logdr_socket, file_type, coredomain_socket, mlstrustedobject; 454type logdw_socket, file_type, coredomain_socket, mlstrustedobject; 455type mdns_socket, file_type, coredomain_socket; 456type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; 457type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; 458type mtpd_socket, file_type, coredomain_socket; 459type property_socket, file_type, coredomain_socket, mlstrustedobject; 460type racoon_socket, file_type, coredomain_socket; 461type recovery_socket, file_type, coredomain_socket; 462type rild_socket, file_type; 463type rild_debug_socket, file_type; 464type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; 465type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 466type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 467type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 468type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; 469type tombstoned_java_trace_socket, file_type, mlstrustedobject; 470type tombstoned_intercept_socket, file_type, coredomain_socket; 471type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; 472type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject; 473type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; 474type uncrypt_socket, file_type, coredomain_socket; 475type wpa_socket, file_type, data_file_type, core_data_file_type; 476type zygote_socket, file_type, coredomain_socket; 477type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; 478# UART (for GPS) control proc file 479type gps_control, file_type; 480 481# PDX endpoint types 482type pdx_display_dir, pdx_endpoint_dir_type, file_type; 483type pdx_performance_dir, pdx_endpoint_dir_type, file_type; 484type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; 485 486pdx_service_socket_types(display_client, pdx_display_dir) 487pdx_service_socket_types(display_manager, pdx_display_dir) 488pdx_service_socket_types(display_screenshot, pdx_display_dir) 489pdx_service_socket_types(display_vsync, pdx_display_dir) 490pdx_service_socket_types(performance_client, pdx_performance_dir) 491pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) 492 493# file_contexts files 494type file_contexts_file, system_file_type, file_type; 495 496# mac_permissions file 497type mac_perms_file, system_file_type, file_type; 498 499# property_contexts file 500type property_contexts_file, system_file_type, file_type; 501 502# seapp_contexts file 503type seapp_contexts_file, system_file_type, file_type; 504 505# sepolicy files binary and others 506type sepolicy_file, system_file_type, file_type; 507 508# service_contexts file 509type service_contexts_file, system_file_type, file_type; 510 511# vendor service_contexts file 512type vendor_service_contexts_file, vendor_file_type, file_type; 513 514# nonplat service_contexts file (only accessible on non full-treble devices) 515type nonplat_service_contexts_file, vendor_file_type, file_type; 516 517# hwservice_contexts file 518type hwservice_contexts_file, system_file_type, file_type; 519 520# vndservice_contexts file 521type vndservice_contexts_file, file_type; 522 523# Allow files to be created in their appropriate filesystems. 524allow fs_type self:filesystem associate; 525allow cgroup tmpfs:filesystem associate; 526allow cgroup_bpf tmpfs:filesystem associate; 527allow cgroup_rc_file tmpfs:filesystem associate; 528allow sysfs_type sysfs:filesystem associate; 529allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate; 530allow file_type labeledfs:filesystem associate; 531allow file_type tmpfs:filesystem associate; 532allow file_type rootfs:filesystem associate; 533allow dev_type tmpfs:filesystem associate; 534allow app_fuse_file app_fusefs:filesystem associate; 535allow postinstall_file self:filesystem associate; 536 537# asanwrapper (run a sanitized app_process, to be used with wrap properties) 538with_asan(`type asanwrapper_exec, exec_type, file_type;') 539 540# Deprecated in SDK version 28 541type audiohal_data_file, file_type, data_file_type, core_data_file_type; 542 543# It's a bug to assign the file_type attribute and fs_type attribute 544# to any type. Do not allow it. 545# 546# For example, the following is a bug: 547# type apk_data_file, file_type, data_file_type, fs_type; 548# Should be: 549# type apk_data_file, file_type, data_file_type; 550neverallow fs_type file_type:filesystem associate; 551