Lines Matching refs:domain
3 # We do not apply this to the su domain to avoid interfering with
5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
6 allow domain crash_dump:process sigchld;
12 get_prop(domain, heapprofd_prop);
15 domain
35 domain
53 r_dir_file(domain, sysfs_fs_incfs_features);
56 allow domain cgroup:dir search;
57 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
58 allow { domain -appdomain -rs } cgroup:file w_file_perms;
60 allow domain cgroup_v2:dir search;
61 allow { domain -appdomain -rs } cgroup_v2:dir w_dir_perms;
62 allow { domain -appdomain -rs } cgroup_v2:file w_file_perms;
64 allow domain cgroup_rc_file:dir search;
65 allow domain cgroup_rc_file:file r_file_perms;
66 allow domain task_profiles_file:file r_file_perms;
67 allow domain task_profiles_api_file:file r_file_perms;
68 allow domain vendor_task_profiles_file:file r_file_perms;
72 get_prop(domain, use_memfd_prop);
75 get_prop(domain, module_sdkextensions_prop)
78 get_prop(domain, bq_config_prop);
84 get_prop(domain, core_property_type)
85 get_prop(domain, exported3_system_prop)
86 get_prop(domain, vendor_default_prop)
96 get_prop({domain -coredomain -appdomain}, vendor_default_prop)
100 allow domain kernel:key search;
102 allow domain fsverity_init:key search;
105 allow domain su:key search;
109 allow domain linkerconfig_file:dir search;
110 allow domain linkerconfig_file:file r_file_perms;
113 allow domain boringssl_self_test_marker:dir search;
118 domain
129 neverallow { domain -priv_app -gmscore_app } *:keystore_key gen_unique_id;
130 neverallow { domain -priv_app -gmscore_app } *:keystore2_key gen_unique_id;
131 neverallow { domain -system_server } *:keystore2_key use_dev_id;
132 neverallow { domain -system_server } keystore:keystore2 { clear_ns lock reset unlock };
135 domain
138 userdebug_or_eng(`-domain')
143 neverallow { domain -init -system_server } dropbox_data_file:dir *;
144 neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
149 domain
157 domain
176 domain
183 domain
192 domain
198 domain
206 neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename -priv_app } staging…
207 neverallow { domain -init -system_app -system_server -apexd -adbd -kernel -installd -iorap_inode2fi…
208 neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
211 neverallow { domain -init -system_server } staging_data_file:file
215 domain
229 domain
253 domain
260 domain
271 domain
284 domain
295 domain
307 domain
318 # Instead of granting them it is usually better to add the domain to
360 domain
376 domain userdebug_or_eng(`-init')
382 domain
383 userdebug_or_eng(`-domain')
398 domain
405 neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set;
406 neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read;
409 neverallow { domain -init -system_server } pm_prop:property_service set;
410 neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
413 neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
416 neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
437 # Vendor domains are not permitted to initiate communications to core domain sockets
440 domain
446 -logd # Logging by writing to logd Unix domain socket is public API
495 # images, and should not be granted to any domain in current policy.
496 # (Every domain is allowed self:fork, so this will trigger if the
497 # intsersection of domain & mlsvendorcompat is not empty.)
498 neverallow domain mlsvendorcompat:process fork;
502 neverallow { domain -init -otapreopt_chroot } { system_file_type vendor_file_type }:dir_file_class_…
507 domain
517 domain
531 domain