Lines Matching refs:domain
4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net_type:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
33 allow domain init:fd use;
36 allow domain su:fd use;
37 allow domain su:unix_stream_socket { connectto getattr getopt read write shutdown };
38 allow domain su:unix_dgram_socket sendto;
40 allow { domain -init } su:binder { call transfer };
44 allow domain su:fifo_file { write getattr };
47 allow domain su:process sigchld;
50 allow domain coredump_file:file create_file_perms;
51 allow domain coredump_file:dir ra_dir_perms;
56 allow domain method_trace_data_file:dir create_dir_perms;
57 allow domain method_trace_data_file:file create_file_perms;
61 allow domain tmpfs:dir { getattr search };
62 allow domain rootfs:dir search;
63 allow domain rootfs:lnk_file { read getattr };
66 allow domain device:dir search;
67 allow domain dev_type:lnk_file r_file_perms;
68 allow domain devpts:dir search;
69 allow domain dmabuf_heap_device:dir r_dir_perms;
70 allow domain socket_device:dir r_dir_perms;
71 allow domain owntty_device:chr_file rw_file_perms;
72 allow domain null_device:chr_file rw_file_perms;
73 allow domain zero_device:chr_file rw_file_perms;
77 allow domain ashmem_device:chr_file { getattr read ioctl lock map append write };
79 allow domain ashmem_libcutils_device:chr_file rw_file_perms;
82 allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
86 allowxperm domain binder_device:chr_file ioctl { unpriv_binder_ioctls };
89 allow domain binderfs:dir { getattr search };
90 allow domain binderfs_logs_proc:dir search;
92 allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_…
93 allow domain ptmx_device:chr_file rw_file_perms;
94 allow domain random_device:chr_file rw_file_perms;
95 allow domain proc_random:dir r_dir_perms;
96 allow domain proc_random:file r_file_perms;
97 allow domain properties_device:dir { search getattr };
98 allow domain properties_serial:file r_file_perms;
99 allow domain property_info:file r_file_perms;
102 get_prop(domain, aaudio_config_prop)
103 get_prop(domain, arm64_memtag_prop)
104 get_prop(domain, bootloader_prop)
105 get_prop(domain, build_odm_prop)
106 get_prop(domain, build_prop)
107 get_prop(domain, build_vendor_prop)
108 get_prop(domain, debug_prop)
109 get_prop(domain, exported_config_prop)
110 get_prop(domain, exported_default_prop)
111 get_prop(domain, exported_dumpstate_prop)
112 get_prop(domain, exported_secure_prop)
113 get_prop(domain, exported_system_prop)
114 get_prop(domain, fingerprint_prop)
115 get_prop(domain, hal_instrumentation_prop)
116 get_prop(domain, hw_timeout_multiplier_prop)
117 get_prop(domain, init_service_status_prop)
118 get_prop(domain, libc_debug_prop)
119 get_prop(domain, logd_prop)
120 get_prop(domain, mediadrm_config_prop)
121 get_prop(domain, property_service_version_prop)
122 get_prop(domain, soc_prop)
123 get_prop(domain, socket_hook_prop)
124 get_prop(domain, surfaceflinger_prop)
125 get_prop(domain, telephony_status_prop)
126 get_prop(domain, vendor_socket_hook_prop)
127 get_prop(domain, vndk_prop)
128 get_prop(domain, vold_status_prop)
129 get_prop(domain, vts_config_prop)
132 get_prop(domain, binder_cache_bluetooth_server_prop)
133 get_prop(domain, binder_cache_system_server_prop)
134 get_prop(domain, binder_cache_telephony_server_prop)
138 get_prop(domain, log_property_type)
139 dontaudit domain property_type:file audit_access;
140 allow domain property_contexts_file:file r_file_perms;
142 allow domain init:key search;
143 allow domain vold:key search;
146 write_logd(domain)
149 allow domain {
155 allow domain system_file:lnk_file { getattr read };
159 allow domain system_seccomp_policy_file:file r_file_perms;
161 allow domain system_security_cacerts_file:file r_file_perms;
162 allow domain system_group_file:file r_file_perms;
163 allow domain system_passwd_file:file r_file_perms;
164 allow domain system_linker_exec:file { execute read open getattr map };
165 allow domain system_linker_config_file:file r_file_perms;
166 allow domain system_lib_file:file { execute read open getattr map };
168 allow domain system_linker_exec:lnk_file { read open getattr };
169 allow domain system_lib_file:lnk_file { read open getattr };
171 allow domain system_event_log_tags_file:file r_file_perms;
178 allow domain system_file:file { execute read open getattr map };
179 allow domain vendor_file_type:dir { search getattr };
180 allow domain vendor_file_type:file { execute read open getattr map };
181 allow domain vendor_file_type:lnk_file { getattr read };
187 allow domain vendor_hal_file:dir r_dir_perms;
190 allow domain same_process_hal_file:dir r_dir_perms;
192 domain
198 allow domain vndk_sp_file:dir r_dir_perms;
199 allow domain vndk_sp_file:file { execute read open getattr map };
202 allow domain vendor_configs_file:dir r_dir_perms;
203 allow domain vendor_configs_file:file { read open getattr map };
208 allow domain vendor_file_type:lnk_file { getattr open read };
213 allow domain vendor_file:dir { getattr search };
216 allow { domain -coredomain } vendor_file_type:dir r_dir_perms;
217 allow { domain -coredomain } vendor_file_type:file { read open getattr execute map };
218 allow { domain -coredomain } vendor_file_type:lnk_file { getattr read };
222 allow domain sysfs:lnk_file { getattr read };
227 allow domain { system_zoneinfo_file zoneinfo_data_file }:file r_file_perms;
228 allow domain { system_zoneinfo_file zoneinfo_data_file }:dir r_dir_perms;
231 r_dir_file(domain, sysfs_devices_system_cpu)
233 r_dir_file(domain, sysfs_usb);
237 allow domain sysfs_transparent_hugepage:dir search;
238 allow domain sysfs_transparent_hugepage:file r_file_perms;
242 allow domain system_data_file:dir getattr;
247 allow domain system_data_root_file:dir { search getattr } ;
248 allow domain system_data_file:dir search;
250 allow domain vendor_data_file:dir { getattr search };
253 allow domain proc:lnk_file { getattr read };
256 allow domain proc_cpuinfo:file r_file_perms;
259 allow domain dev_cpu_variant:file r_file_perms;
262 allow domain proc_perf:file r_file_perms;
265 allow domain selinuxfs:dir search;
266 allow domain selinuxfs:file getattr;
267 allow domain sysfs:dir search;
268 allow domain selinuxfs:filesystem getattr;
273 allow domain debugfs:dir search;
274 allow domain debugfs_tracing:dir search;
275 allow domain debugfs_tracing_debug:dir search;
276 allow domain debugfs_trace_marker:file w_file_perms;
284 allow domain self:lockdown confidentiality;
287 allow domain fs_type:filesystem getattr;
288 allow domain fs_type:dir getattr;
292 # defaults for all processes. Note that granting this allowlist to domain does
295 allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
298 allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
302 # Note that granting this allowlist to domain does
305 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
310 allowxperm domain { file_type fs_type domain dev_type }:{ dir notdevfile_class_set blk_file } ioctl…
312 # If a domain has ioctl access to tun_device, it must clearly enumerate the
314 allowxperm domain tun_device:chr_file ioctl { FIOCLEX FIONCLEX };
318 # this allowlist to domain does not grant the ioctl permission to
320 allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
321 allowxperm domain domain:fifo_file ioctl { TCGETS };
323 # If a domain has access to perform an ioctl on a block device, allow these
325 allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
331 allowxperm domain { file_type sdcard_type }:file ioctl {
342 allow { domain -domain } hwservice_manager_type:hwservice_manager { add find };
345 allow { domain -domain } vndservice_manager_type:service_manager { add find };
348 with_asan(`allow domain system_data_file:dir getattr;')
350 with_asan(`allow domain system_asan_options_file:file r_file_perms;')
353 allow domain apex_mnt_dir:dir { getattr search };
354 allow domain apex_mnt_dir:lnk_file r_file_perms;
366 neverallowxperm domain domain:socket_class_set ioctl { SIOCATMARK };
373 # Do not allow any domain other than init to create unlabeled files.
374 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
378 domain
388 # No domain needs mac_override as it is unused by SELinux.
401 # init starts in kernel domain and switches to init domain via setcon in
405 neverallow { domain -kernel } kernel:security setcheckreqprot;
413 neverallow { domain -init } kernel:security setsecparam;
417 domain
423 domain
434 dontaudit domain postinstall_mnt_dir:dir audit_access;
438 domain
445 neverallow { domain -init } usermodehelper:file { append write };
446 neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write };
447 neverallow { domain -init -vendor_init } proc_security:file { append open read write };
450 # triggered, it's probably due to a service with no SELinux domain.
456 neverallow { domain -kernel -init -recovery } block_device:blk_file { open read write };
465 neverallow domain device:chr_file { open read write };
468 neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:fi…
470 # The test files and executables MUST not be accessible to any domain
471 neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_per…
472 neverallow domain nativetest_data_file:dir no_w_dir_perms;
473 neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
475 neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
476 neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
477 neverallow { domain -shell -init -adbd -heapprofd } shell_test_data_file:file *;
479 neverallow { domain -shell -init -adbd } shell_test_data_file:sock_file *;
482 neverallow { domain -init } property_data_file:dir no_w_dir_perms;
483 neverallow { domain -init } property_data_file:file { no_w_file_perms no_x_file_perms };
484 neverallow { domain -init } property_type:file { no_w_file_perms no_x_file_perms };
485 neverallow { domain -init } properties_device:file { no_w_file_perms no_x_file_perms };
486 neverallow { domain -init } properties_serial:file { no_w_file_perms no_x_file_perms };
493 domain
502 neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_t…
519 neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } contextmount_type:dir_file_cl…
541 neverallow { domain -init -vendor_init } mmc_prop:property_service set;
542 neverallow { domain -init -vendor_init } vndk_prop:property_service set;
545 neverallow { domain -init } mmc_prop:property_service set;
546 neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
547 neverallow { domain -init } exported_secure_prop:property_service set;
548 neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
549 neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
550 neverallow { domain -init -vendor_init } hw_timeout_multiplier_prop:property_service set;
554 neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set;
555 neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
558 neverallow { domain -init } aac_drc_prop:property_service set;
559 neverallow { domain -init } build_prop:property_service set;
564 domain
582 domain
594 domain
603 # No domain other than recovery, update_engine and fastbootd can write to system partition(s).
605 domain
618 domain
619 userdebug_or_eng(`-domain') # exclude debuggable builds
633 neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr;
650 domain
725 # Core domains are not permitted to initiate communications to vendor domain sockets.
736 domain
745 domain
832 domain
862 domain
894 domain
942 domain
969 neverallow { domain -coredomain } {
1010 domain
1014 # vendor_init needs access to init_exec for domain transition. vendor_init
1041 neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
1042 neverallow { domain -system_server } zygote_socket:sock_file write;
1044 neverallow { domain -system_server -webview_zygote -app_zygote } webview_zygote:unix_stream_socket …
1045 neverallow { domain -system_server } webview_zygote:sock_file write;
1046 neverallow { domain -system_server } app_zygote:sock_file write;
1049 domain
1064 neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file wr…
1065 neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_…
1068 neverallow { domain -init -system_server } heapdump_data_file:file read;
1095 neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms;
1116 neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod;
1118 neverallow { domain -init } proc:{ file dir } mounton;
1121 # in the domain attribute, so that all allow and neverallow rules
1122 # written on domain are applied to all processes.
1124 # from a domain to a non-domain type and vice versa.
1125 # TODO - rework this: neverallow domain ~domain:process { transition dyntransition };
1126 neverallow ~domain domain:process { transition dyntransition };
1137 domain
1152 domain
1169 # Only these domains should transition to shell domain. This domain is
1171 # script with differing privilege, define a domain and set up a transition.
1174 domain
1182 # the appdomain attribute. simpleperf is excluded as a domain transitioned to
1184 neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } {
1191 domain
1197 domain
1208 domain
1218 domain
1233 domain
1261 # executable file used to enter a domain should be labeled
1262 # with its own _exec type, not with the domain type.
1265 # type mydaemon, domain;
1270 neverallow * domain:file { execute execute_no_trans entrypoint };
1276 neverallow { domain -init -vendor_init -dumpstate } debugfs:{ file lnk_file } no_rw_file_perms;
1279 neverallow domain debugfs_type:file { execute execute_no_trans };
1282 neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms;
1287 domain
1302 neverallow domain crash_dump:process noatsecure;
1319 neverallow domain {
1325 neverallow domain cgroup:file create;
1326 neverallow domain cgroup_v2:file create;
1328 dontaudit domain proc_type:dir write;
1329 dontaudit domain sysfs_type:dir write;
1330 dontaudit domain cgroup:file create;
1331 dontaudit domain cgroup_v2:file create;
1336 dontaudit domain proc_type:dir add_name;
1337 dontaudit domain sysfs_type:dir add_name;
1338 dontaudit domain proc_type:file create;
1339 dontaudit domain sysfs_type:file create;
1361 domain
1383 domain
1391 domain
1397 neverallow { domain -traced_probes -init -vendor_init } debugfs_tracing_printk_formats:file *;
1400 neverallow { domain userdebug_or_eng(`-domain') } self:lockdown integrity;