Searched refs:domain (Results 1 – 25 of 1556) sorted by relevance
12345678910>>...63
| /system/sepolicy/private/ |
| D | property.te | 49 neverallow domain {
57 neverallow { domain -coredomain } {
64 neverallow { domain -coredomain } {
89 neverallow domain property_type:file { ioctl lock };
120 domain
127 dontaudit domain {
139 domain
144 domain
153 domain
172 domain
[all …]
|
| D | domain.te | 3 # We do not apply this to the su domain to avoid interfering with
5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
6 allow domain crash_dump:process sigchld;
12 get_prop(domain, heapprofd_prop);
15 domain
35 domain
53 r_dir_file(domain, sysfs_fs_incfs_features);
56 allow domain cgroup:dir search;
57 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
58 allow { domain -appdomain -rs } cgroup:file w_file_perms;
[all …]
|
| D | bpfloader.te | 2 type bpfloader, domain;
23 neverallow { domain -init -vendor_init } { fs_bpf fs_bpf_tethering }:dir { open read setattr };
24 neverallow { domain -bpfloader } { fs_bpf fs_bpf_tethering }:dir { add_name create write };
25 neverallow domain { fs_bpf fs_bpf_tethering }:dir ~{ add_name create getattr mounton open read sear…
28 neverallow { domain -bpfloader -init -vendor_init } { fs_bpf fs_bpf_tethering }:file { map open set…
29 neverallow { domain -bpfloader } { fs_bpf fs_bpf_tethering }:file create;
30 neverallow { domain -bpfloader -gpuservice -init -lmkd -netd -netutils_wrapper -network_stack -syst…
31 neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -network_stack -system_server } …
32 neverallow domain { fs_bpf fs_bpf_tethering }:file ~{ create map open read setattr write };
34 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
[all …]
|
| D | seapp_contexts | 74 # domain (string)
79 # domain= determines the label to be used for the app process; entries
80 # without domain= are ignored for this purpose.
109 # only the system server can be in system_server domain
110 neverallow isSystemServer=false domain=system_server
111 neverallow isSystemServer="" domain=system_server
114 neverallow user=((?!system).)* domain=system_app
122 # neverallow shared relro to any other domain
124 neverallow user=shared_relro domain=((?!shared_relro).)*
125 neverallow user=((?!shared_relro).)* domain=shared_relro
[all …]
|
| /system/sepolicy/prebuilts/api/31.0/private/ |
| D | property.te | 49 neverallow domain {
57 neverallow { domain -coredomain } {
64 neverallow { domain -coredomain } {
89 neverallow domain property_type:file { ioctl lock };
120 domain
127 dontaudit domain {
139 domain
144 domain
153 domain
172 domain
[all …]
|
| D | domain.te | 3 # We do not apply this to the su domain to avoid interfering with
5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
6 allow domain crash_dump:process sigchld;
12 get_prop(domain, heapprofd_prop);
15 domain
35 domain
53 r_dir_file(domain, sysfs_fs_incfs_features);
56 allow domain cgroup:dir search;
57 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
58 allow { domain -appdomain -rs } cgroup:file w_file_perms;
[all …]
|
| D | bpfloader.te | 2 type bpfloader, domain;
23 neverallow { domain -init -vendor_init } { fs_bpf fs_bpf_tethering }:dir { open read setattr };
24 neverallow { domain -bpfloader } { fs_bpf fs_bpf_tethering }:dir { add_name create write };
25 neverallow domain { fs_bpf fs_bpf_tethering }:dir ~{ add_name create getattr mounton open read sear…
28 neverallow { domain -bpfloader -init -vendor_init } { fs_bpf fs_bpf_tethering }:file { map open set…
29 neverallow { domain -bpfloader } { fs_bpf fs_bpf_tethering }:file create;
30 neverallow { domain -bpfloader -gpuservice -init -lmkd -netd -netutils_wrapper -network_stack -syst…
31 neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -network_stack -system_server } …
32 neverallow domain { fs_bpf fs_bpf_tethering }:file ~{ create map open read setattr write };
34 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
[all …]
|
| D | seapp_contexts | 74 # domain (string)
79 # domain= determines the label to be used for the app process; entries
80 # without domain= are ignored for this purpose.
109 # only the system server can be in system_server domain
110 neverallow isSystemServer=false domain=system_server
111 neverallow isSystemServer="" domain=system_server
114 neverallow user=((?!system).)* domain=system_app
122 # neverallow shared relro to any other domain
124 neverallow user=shared_relro domain=((?!shared_relro).)*
125 neverallow user=((?!shared_relro).)* domain=shared_relro
[all …]
|
| /system/sepolicy/prebuilts/api/30.0/private/ |
| D | domain.te | 3 # We do not apply this to the su domain to avoid interfering with
5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
6 allow domain crash_dump:process sigchld;
12 get_prop(domain, heapprofd_prop);
15 domain
35 domain
53 allow domain cgroup:dir search;
54 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
55 allow { domain -appdomain -rs } cgroup:file w_file_perms;
57 allow domain cgroup_rc_file:dir search;
[all …]
|
| D | bpfloader.te | 2 type bpfloader, domain;
20 neverallow { domain -init -vendor_init } fs_bpf:dir setattr;
21 neverallow { domain -bpfloader } fs_bpf:dir { write add_name };
22 neverallow domain fs_bpf:dir { reparent rename rmdir };
25 neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr;
26 neverallow { domain -bpfloader } fs_bpf:file create;
27 neverallow domain fs_bpf:file { rename unlink };
29 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
30 neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run;
31 neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write };
[all …]
|
| D | seapp_contexts | 74 # domain (string)
79 # domain= determines the label to be used for the app process; entries
80 # without domain= are ignored for this purpose.
108 # only the system server can be in system_server domain
109 neverallow isSystemServer=false domain=system_server
110 neverallow isSystemServer="" domain=system_server
113 neverallow user=((?!system).)* domain=system_app
121 # neverallow shared relro to any other domain
123 neverallow user=shared_relro domain=((?!shared_relro).)*
124 neverallow user=((?!shared_relro).)* domain=shared_relro
[all …]
|
| /system/sepolicy/prebuilts/api/31.0/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net_type:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| /system/sepolicy/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net_type:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| /system/sepolicy/prebuilts/api/29.0/private/ |
| D | domain.te | 3 # We do not apply this to the su domain to avoid interfering with
5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
6 allow domain crash_dump:process sigchld;
12 get_prop(domain, heapprofd_prop);
15 domain
32 allow domain cgroup:dir search;
33 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
34 allow { domain -appdomain -rs } cgroup:file w_file_perms;
36 allow domain cgroup_rc_file:dir search;
37 allow domain cgroup_rc_file:file r_file_perms;
[all …]
|
| D | seapp_contexts | 74 # domain (string)
79 # domain= determines the label to be used for the app process; entries
80 # without domain= are ignored for this purpose.
108 # only the system server can be in system_server domain
109 neverallow isSystemServer=false domain=system_server
110 neverallow isSystemServer="" domain=system_server
113 neverallow user=((?!system).)* domain=system_app
120 # neverallow shared relro to any other domain
122 neverallow user=shared_relro domain=((?!shared_relro).)*
123 neverallow user=((?!shared_relro).)* domain=shared_relro
[all …]
|
| /system/sepolicy/prebuilts/api/30.0/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net_type:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| /system/sepolicy/prebuilts/api/29.0/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net_type:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| /system/sepolicy/prebuilts/api/28.0/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| /system/sepolicy/prebuilts/api/27.0/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| D | su.te | 3 type su, domain;
10 # after performing an adb root command. The domain definition is
24 dontaudit su domain:process *;
25 dontaudit su domain:fd *;
26 dontaudit su domain:dir *;
27 dontaudit su domain:lnk_file *;
28 dontaudit su domain:{ fifo_file file } *;
29 dontaudit su domain:socket_class_set *;
30 dontaudit su domain:ipc_class_set *;
31 dontaudit su domain:key *;
[all …]
|
| /system/sepolicy/prebuilts/api/26.0/public/ |
| D | domain.te | 4 allow domain init:process sigchld;
6 # Intra-domain accesses.
7 allow domain self:process {
24 allow domain self:fd use;
25 allow domain proc:dir r_dir_perms;
26 allow domain proc_net:dir search;
27 r_dir_file(domain, self)
28 allow domain self:{ fifo_file file } rw_file_perms;
29 allow domain self:unix_dgram_socket { create_socket_perms sendto };
30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
[all …]
|
| D | su.te | 3 type su, domain;
10 # after performing an adb root command. The domain definition is
24 dontaudit su domain:process *;
25 dontaudit su domain:fd *;
26 dontaudit su domain:dir *;
27 dontaudit su domain:lnk_file *;
28 dontaudit su domain:{ fifo_file file } *;
29 dontaudit su domain:socket_class_set *;
30 dontaudit su domain:ipc_class_set *;
31 dontaudit su domain:key *;
[all …]
|
| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | seapp_contexts | 48 # domain (string)
52 # Only entries that specify domain= will be used for app process labeling.
68 # only the system server can be in system_server domain
69 neverallow isSystemServer=false domain=system_server
70 neverallow isSystemServer="" domain=system_server
73 neverallow user=((?!system).)* domain=system_app
80 # neverallow shared relro to any other domain
82 neverallow user=shared_relro domain=((?!shared_relro).)*
83 neverallow user=((?!shared_relro).)* domain=shared_relro
85 # neverallow non-isolated uids into isolated_app domain
[all …]
|
| /system/sepolicy/prebuilts/api/27.0/private/ |
| D | seapp_contexts | 48 # domain (string)
52 # Only entries that specify domain= will be used for app process labeling.
68 # only the system server can be in system_server domain
69 neverallow isSystemServer=false domain=system_server
70 neverallow isSystemServer="" domain=system_server
73 neverallow user=((?!system).)* domain=system_app
80 # neverallow shared relro to any other domain
82 neverallow user=shared_relro domain=((?!shared_relro).)*
83 neverallow user=((?!shared_relro).)* domain=shared_relro
85 # neverallow non-isolated uids into isolated_app domain
[all …]
|
| /system/sepolicy/prebuilts/api/26.0/private/ |
| D | seapp_contexts | 48 # domain (string)
52 # Only entries that specify domain= will be used for app process labeling.
68 # only the system server can be in system_server domain
69 neverallow isSystemServer=false domain=system_server
70 neverallow isSystemServer="" domain=system_server
73 neverallow user=((?!system).)* domain=system_app
80 # neverallow shared relro to any other domain
82 neverallow user=shared_relro domain=((?!shared_relro).)*
83 neverallow user=((?!shared_relro).)* domain=shared_relro
85 # neverallow non-isolated uids into isolated_app domain
[all …]
|
12345678910>>...63