1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type, proc_type; 7# Security-sensitive proc nodes that should not be writable to most. 8type proc_security, fs_type, proc_type; 9type proc_drop_caches, fs_type, proc_type; 10type proc_overcommit_memory, fs_type, proc_type; 11type proc_min_free_order_shift, fs_type, proc_type; 12# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 13type usermodehelper, fs_type, proc_type; 14type sysfs_usermodehelper, fs_type, sysfs_type; 15type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; 16type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; 17type proc_bluetooth_writable, fs_type, proc_type; 18type proc_abi, fs_type, proc_type; 19type proc_asound, fs_type, proc_type; 20type proc_buddyinfo, fs_type, proc_type; 21type proc_cmdline, fs_type, proc_type; 22type proc_cpuinfo, fs_type, proc_type; 23type proc_dirty, fs_type, proc_type; 24type proc_diskstats, fs_type, proc_type; 25type proc_extra_free_kbytes, fs_type, proc_type; 26type proc_filesystems, fs_type, proc_type; 27type proc_fs_verity, fs_type, proc_type; 28type proc_hostname, fs_type, proc_type; 29type proc_hung_task, fs_type, proc_type; 30type proc_interrupts, fs_type, proc_type; 31type proc_iomem, fs_type, proc_type; 32type proc_keys, fs_type, proc_type; 33type proc_kmsg, fs_type, proc_type; 34type proc_loadavg, fs_type, proc_type; 35type proc_max_map_count, fs_type, proc_type; 36type proc_meminfo, fs_type, proc_type; 37type proc_misc, fs_type, proc_type; 38type proc_modules, fs_type, proc_type; 39type proc_mounts, fs_type, proc_type; 40type proc_net, fs_type, proc_type, proc_net_type; 41type proc_net_tcp_udp, fs_type, proc_type; 42type proc_page_cluster, fs_type, proc_type; 43type proc_pagetypeinfo, fs_type, proc_type; 44type proc_panic, fs_type, proc_type; 45type proc_perf, fs_type, proc_type; 46type proc_pid_max, fs_type, proc_type; 47type proc_pipe_conf, fs_type, proc_type; 48type proc_pressure_cpu, fs_type, proc_type; 49type proc_pressure_io, fs_type, proc_type; 50type proc_pressure_mem, fs_type, proc_type; 51type proc_random, fs_type, proc_type; 52type proc_sched, fs_type, proc_type; 53type proc_slabinfo, fs_type, proc_type; 54type proc_stat, fs_type, proc_type; 55type proc_swaps, fs_type, proc_type; 56type proc_sysrq, fs_type, proc_type; 57type proc_timer, fs_type, proc_type; 58type proc_tty_drivers, fs_type, proc_type; 59type proc_uid_cputime_showstat, fs_type, proc_type; 60type proc_uid_cputime_removeuid, fs_type, proc_type; 61type proc_uid_io_stats, fs_type, proc_type; 62type proc_uid_procstat_set, fs_type, proc_type; 63type proc_uid_time_in_state, fs_type, proc_type; 64type proc_uid_concurrent_active_time, fs_type, proc_type; 65type proc_uid_concurrent_policy_time, fs_type, proc_type; 66type proc_uid_cpupower, fs_type, proc_type; 67type proc_uptime, fs_type, proc_type; 68type proc_version, fs_type, proc_type; 69type proc_vmallocinfo, fs_type, proc_type; 70type proc_vmstat, fs_type, proc_type; 71type proc_zoneinfo, fs_type, proc_type; 72type selinuxfs, fs_type, mlstrustedobject; 73type cgroup, fs_type, mlstrustedobject; 74type cgroup_bpf, fs_type; 75type sysfs, fs_type, sysfs_type, mlstrustedobject; 76type sysfs_android_usb, fs_type, sysfs_type; 77type sysfs_uio, sysfs_type, fs_type; 78type sysfs_batteryinfo, fs_type, sysfs_type; 79type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 80type sysfs_devices_block, fs_type, sysfs_type; 81type sysfs_dm, fs_type, sysfs_type; 82type sysfs_dt_firmware_android, fs_type, sysfs_type; 83type sysfs_extcon, fs_type, sysfs_type; 84type sysfs_ipv4, fs_type, sysfs_type; 85type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; 86type sysfs_leds, fs_type, sysfs_type; 87type sysfs_loop, fs_type, sysfs_type; 88type sysfs_hwrandom, fs_type, sysfs_type; 89type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 90type sysfs_wake_lock, fs_type, sysfs_type; 91type sysfs_mac_address, fs_type, sysfs_type; 92type sysfs_net, fs_type, sysfs_type; 93type sysfs_power, fs_type, sysfs_type; 94type sysfs_rtc, fs_type, sysfs_type; 95type sysfs_switch, fs_type, sysfs_type; 96type sysfs_transparent_hugepage, fs_type, sysfs_type; 97type sysfs_usb, fs_type, sysfs_type; 98type sysfs_wakeup_reasons, fs_type, sysfs_type; 99type sysfs_fs_ext4_features, sysfs_type, fs_type; 100type sysfs_fs_f2fs, sysfs_type, fs_type; 101type fs_bpf, fs_type; 102type configfs, fs_type; 103# /sys/devices/system/cpu 104type sysfs_devices_system_cpu, fs_type, sysfs_type; 105# /sys/module/lowmemorykiller 106type sysfs_lowmemorykiller, fs_type, sysfs_type; 107# /sys/module/wlan/parameters/fwpath 108type sysfs_wlan_fwpath, fs_type, sysfs_type; 109type sysfs_vibrator, fs_type, sysfs_type; 110 111type sysfs_thermal, sysfs_type, fs_type; 112 113type sysfs_zram, fs_type, sysfs_type; 114type sysfs_zram_uevent, fs_type, sysfs_type; 115type inotify, fs_type, mlstrustedobject; 116type devpts, fs_type, mlstrustedobject; 117type tmpfs, fs_type; 118type shm, fs_type; 119type mqueue, fs_type; 120type fuse, sdcard_type, fs_type, mlstrustedobject; 121type sdcardfs, sdcard_type, fs_type, mlstrustedobject; 122type vfat, sdcard_type, fs_type, mlstrustedobject; 123type exfat, sdcard_type, fs_type, mlstrustedobject; 124type debugfs, fs_type, debugfs_type; 125type debugfs_mmc, fs_type, debugfs_type; 126type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; 127type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject; 128type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject; 129type debugfs_tracing_instances, fs_type, debugfs_type; 130type debugfs_wakeup_sources, fs_type, debugfs_type; 131type debugfs_wifi_tracing, fs_type, debugfs_type; 132 133type pstorefs, fs_type; 134type functionfs, fs_type, mlstrustedobject; 135type oemfs, fs_type, contextmount_type; 136type usbfs, fs_type; 137type binfmt_miscfs, fs_type; 138type app_fusefs, fs_type, contextmount_type; 139 140# File types 141type unlabeled, file_type; 142 143# Default type for anything under /system. 144type system_file, system_file_type, file_type; 145# Default type for /system/asan.options 146type system_asan_options_file, system_file_type, file_type; 147# Type for /system/etc/event-log-tags (liblog implementation detail) 148type system_event_log_tags_file, system_file_type, file_type; 149# Default type for anything under /system/lib[64]. 150type system_lib_file, system_file_type, file_type; 151# system libraries that are available only to bootstrap processes 152type system_bootstrap_lib_file, system_file_type, file_type; 153# Default type for linker executable /system/bin/linker[64]. 154type system_linker_exec, system_file_type, file_type; 155# Default type for linker config /system/etc/ld.config.*. 156type system_linker_config_file, system_file_type, file_type; 157# Default type for linker config /system/etc/seccomp_policy/*. 158type system_seccomp_policy_file, system_file_type, file_type; 159# Default type for cacerts in /system/etc/security/cacerts/*. 160type system_security_cacerts_file, system_file_type, file_type; 161# Default type for /system/bin/tcpdump. 162type tcpdump_exec, system_file_type, exec_type, file_type; 163# Default type for zoneinfo files in /system/usr/share/zoneinfo/*. 164type system_zoneinfo_file, system_file_type, file_type; 165# Cgroups description file under /system/etc/cgroups.json 166type cgroup_desc_file, system_file_type, file_type; 167# Vendor cgroups description file under /vendor/etc/cgroups.json 168type vendor_cgroup_desc_file, vendor_file_type, file_type; 169# Task profiles file under /system/etc/task_profiles.json 170type task_profiles_file, system_file_type, file_type; 171# Vendor task profiles file under /vendor/etc/task_profiles.json 172type vendor_task_profiles_file, vendor_file_type, file_type; 173 174# Default type for directories search for 175# HAL implementations 176type vendor_hal_file, vendor_file_type, file_type; 177# Default type for under /vendor or /system/vendor 178type vendor_file, vendor_file_type, file_type; 179# Default type for everything in /vendor/app 180type vendor_app_file, vendor_file_type, file_type; 181# Default type for everything under /vendor/etc/ 182type vendor_configs_file, vendor_file_type, file_type; 183# Default type for all *same process* HALs and their lib/bin dependencies. 184# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so 185type same_process_hal_file, vendor_file_type, file_type; 186# Default type for vndk-sp libs. /vendor/lib/vndk-sp 187type vndk_sp_file, vendor_file_type, file_type; 188# Default type for everything in /vendor/framework 189type vendor_framework_file, vendor_file_type, file_type; 190# Default type for everything in /vendor/overlay 191type vendor_overlay_file, vendor_file_type, file_type; 192# Type for all vendor public libraries. These libs should only be exposed to 193# apps. ABI stability of these libs is vendor's responsibility. 194type vendor_public_lib_file, vendor_file_type, file_type; 195 196# Input configuration 197type vendor_keylayout_file, vendor_file_type, file_type; 198type vendor_keychars_file, vendor_file_type, file_type; 199type vendor_idc_file, vendor_file_type, file_type; 200 201# /metadata partition itself 202type metadata_file, file_type; 203# Vold files within /metadata 204type vold_metadata_file, file_type; 205# GSI files within /metadata 206type gsi_metadata_file, file_type; 207# system_server shares Weaver slot information in /metadata 208type password_slot_metadata_file, file_type; 209# APEX files within /metadata 210type apex_metadata_file, file_type; 211 212# Type for /dev/cpu_variant:.*. 213type dev_cpu_variant, file_type; 214# Speedup access for trusted applications to the runtime event tags 215type runtime_event_log_tags_file, file_type; 216# Type for /system/bin/logcat. 217type logcat_exec, system_file_type, exec_type, file_type; 218# Speedup access to cgroup map file 219type cgroup_rc_file, file_type; 220# /cores for coredumps on userdebug / eng builds 221type coredump_file, file_type; 222# Default type for anything under /data. 223type system_data_file, file_type, data_file_type, core_data_file_type; 224# Type for /data/system/packages.list. 225# TODO(b/129332765): Narrow down permissions to this. 226# Find out users of system_data_file that should be granted only this. 227type packages_list_file, file_type, data_file_type, core_data_file_type; 228# Default type for anything under /data/vendor{_ce,_de}. 229type vendor_data_file, file_type, data_file_type; 230# Unencrypted data 231type unencrypted_data_file, file_type, data_file_type, core_data_file_type; 232# /data/.layout_version or other installd-created files that 233# are created in a system_data_file directory. 234type install_data_file, file_type, data_file_type, core_data_file_type; 235# /data/drm - DRM plugin data 236type drm_data_file, file_type, data_file_type, core_data_file_type; 237# /data/adb - adb debugging files 238type adb_data_file, file_type, data_file_type, core_data_file_type; 239# /data/anr - ANR traces 240type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 241# /data/tombstones - core dumps 242type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 243# /data/vendor/tombstones/wifi - vendor wifi dumps 244type tombstone_wifi_data_file, file_type, data_file_type; 245# /data/apex - APEX data files 246type apex_data_file, file_type, data_file_type, core_data_file_type; 247# /data/app - user-installed apps 248type apk_data_file, file_type, data_file_type, core_data_file_type; 249type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 250# /data/app-private - forward-locked apps 251type apk_private_data_file, file_type, data_file_type, core_data_file_type; 252type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 253# /data/dalvik-cache 254type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; 255# /data/ota 256type ota_data_file, file_type, data_file_type, core_data_file_type; 257# /data/ota_package 258type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 259# /data/misc/profiles 260type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 261# /data/misc/profman 262type profman_dump_data_file, file_type, data_file_type, core_data_file_type; 263# /data/resource-cache 264type resourcecache_data_file, file_type, data_file_type, core_data_file_type; 265# /data/local - writable by shell 266type shell_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 267# /data/property 268type property_data_file, file_type, data_file_type, core_data_file_type; 269# /data/bootchart 270type bootchart_data_file, file_type, data_file_type, core_data_file_type; 271# /data/system/dropbox 272type dropbox_data_file, file_type, data_file_type, core_data_file_type; 273# /data/system/heapdump 274type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 275# /data/nativetest 276type nativetest_data_file, file_type, data_file_type, core_data_file_type; 277# /data/system_de/0/ringtones 278type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 279# /data/preloads 280type preloads_data_file, file_type, data_file_type, core_data_file_type; 281# /data/preloads/media 282type preloads_media_file, file_type, data_file_type, core_data_file_type; 283# /data/misc/dhcp and /data/misc/dhcp-6.8.2 284type dhcp_data_file, file_type, data_file_type, core_data_file_type; 285# /data/server_configurable_flags 286type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; 287# /data/app-staging 288type staging_data_file, file_type, data_file_type, core_data_file_type; 289 290# Mount locations managed by vold 291type mnt_media_rw_file, file_type; 292type mnt_user_file, file_type; 293type mnt_expand_file, file_type; 294type storage_file, file_type; 295 296# Label for storage dirs which are just mount stubs 297type mnt_media_rw_stub_file, file_type; 298type storage_stub_file, file_type; 299 300# Mount location for read-write vendor partitions. 301type mnt_vendor_file, file_type; 302 303# Mount location for read-write product partitions. 304type mnt_product_file, file_type; 305 306# Mount point used for APEX images 307type apex_mnt_dir, file_type; 308 309# /postinstall: Mount point used by update_engine to run postinstall. 310type postinstall_mnt_dir, file_type; 311# Files inside the /postinstall mountpoint are all labeled as postinstall_file. 312type postinstall_file, file_type; 313# /postinstall/apex: Mount point used for APEX images within /postinstall. 314type postinstall_apex_mnt_dir, file_type; 315 316# /data/misc subdirectories 317type adb_keys_file, file_type, data_file_type, core_data_file_type; 318type audio_data_file, file_type, data_file_type, core_data_file_type; 319type audioserver_data_file, file_type, data_file_type, core_data_file_type; 320type bluetooth_data_file, file_type, data_file_type, core_data_file_type; 321type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; 322type bootstat_data_file, file_type, data_file_type, core_data_file_type; 323type boottrace_data_file, file_type, data_file_type, core_data_file_type; 324type camera_data_file, file_type, data_file_type, core_data_file_type; 325type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; 326type incident_data_file, file_type, data_file_type, core_data_file_type; 327type keychain_data_file, file_type, data_file_type, core_data_file_type; 328type keystore_data_file, file_type, data_file_type, core_data_file_type; 329type media_data_file, file_type, data_file_type, core_data_file_type; 330type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 331type misc_user_data_file, file_type, data_file_type, core_data_file_type; 332type net_data_file, file_type, data_file_type, core_data_file_type; 333type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; 334type nfc_data_file, file_type, data_file_type, core_data_file_type; 335type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 336type recovery_data_file, file_type, data_file_type, core_data_file_type; 337type shared_relro_file, file_type, data_file_type, core_data_file_type; 338type stats_data_file, file_type, data_file_type, core_data_file_type; 339type systemkeys_data_file, file_type, data_file_type, core_data_file_type; 340type textclassifier_data_file, file_type, data_file_type, core_data_file_type; 341type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 342type vpn_data_file, file_type, data_file_type, core_data_file_type; 343type wifi_data_file, file_type, data_file_type, core_data_file_type; 344type zoneinfo_data_file, file_type, data_file_type, core_data_file_type; 345type vold_data_file, file_type, data_file_type, core_data_file_type; 346type iorapd_data_file, file_type, data_file_type, core_data_file_type; 347type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 348type tee_data_file, file_type, data_file_type; 349type update_engine_data_file, file_type, data_file_type, core_data_file_type; 350type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; 351# /data/misc/trace for method traces on userdebug / eng builds 352type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 353type gsi_data_file, file_type, data_file_type, core_data_file_type; 354 355# /data/data subdirectories - app sandboxes 356type app_data_file, file_type, data_file_type, core_data_file_type; 357# /data/data subdirectories - priv-app sandboxes 358type privapp_data_file, file_type, data_file_type, core_data_file_type; 359# /data/data subdirectory for system UID apps. 360type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 361# Compatibility with type name used in Android 4.3 and 4.4. 362# Default type for anything under /cache 363type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 364# Type for /cache/overlay /mnt/scratch/overlay 365type overlayfs_file, file_type, data_file_type, core_data_file_type; 366# Type for /cache/backup_stage/* (fd interchange with apps) 367type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 368# type for anything under /cache/backup (local transport storage) 369type cache_private_backup_file, file_type, data_file_type, core_data_file_type; 370# Type for anything under /cache/recovery 371type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 372# Default type for anything under /efs 373type efs_file, file_type; 374# Type for wallpaper file. 375type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 376# Type for shortcut manager icon file. 377type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; 378# Type for user icon file. 379type icon_file, file_type, data_file_type, core_data_file_type; 380# /mnt/asec 381type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 382# Elements of asec files (/mnt/asec) that are world readable 383type asec_public_file, file_type, data_file_type, core_data_file_type; 384# /data/app-asec 385type asec_image_file, file_type, data_file_type, core_data_file_type; 386# /data/backup and /data/secure/backup 387type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 388# All devices have bluetooth efs files. But they 389# vary per device, so this type is used in per 390# device policy 391type bluetooth_efs_file, file_type; 392# Type for fingerprint template file 393type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; 394# Type for _new_ fingerprint template file 395type fingerprint_vendor_data_file, file_type, data_file_type; 396# Type for appfuse file. 397type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 398# Type for face template file 399type face_vendor_data_file, file_type, data_file_type; 400# Type for iris template file 401type iris_vendor_data_file, file_type, data_file_type; 402 403# Socket types 404type adbd_socket, file_type, coredomain_socket; 405type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 406type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; 407type dumpstate_socket, file_type, coredomain_socket; 408type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; 409type lmkd_socket, file_type, coredomain_socket; 410type logd_socket, file_type, coredomain_socket, mlstrustedobject; 411type logdr_socket, file_type, coredomain_socket, mlstrustedobject; 412type logdw_socket, file_type, coredomain_socket, mlstrustedobject; 413type mdns_socket, file_type, coredomain_socket; 414type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; 415type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; 416type mtpd_socket, file_type, coredomain_socket; 417type property_socket, file_type, coredomain_socket, mlstrustedobject; 418type racoon_socket, file_type, coredomain_socket; 419type recovery_socket, file_type, coredomain_socket; 420type rild_socket, file_type; 421type rild_debug_socket, file_type; 422type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; 423type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 424type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 425type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; 426type tombstoned_java_trace_socket, file_type, mlstrustedobject; 427type tombstoned_intercept_socket, file_type, coredomain_socket; 428type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; 429type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; 430type uncrypt_socket, file_type, coredomain_socket; 431type wpa_socket, file_type, data_file_type, core_data_file_type; 432type zygote_socket, file_type, coredomain_socket; 433type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; 434# UART (for GPS) control proc file 435type gps_control, file_type; 436 437# PDX endpoint types 438type pdx_display_dir, pdx_endpoint_dir_type, file_type; 439type pdx_performance_dir, pdx_endpoint_dir_type, file_type; 440type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; 441 442pdx_service_socket_types(display_client, pdx_display_dir) 443pdx_service_socket_types(display_manager, pdx_display_dir) 444pdx_service_socket_types(display_screenshot, pdx_display_dir) 445pdx_service_socket_types(display_vsync, pdx_display_dir) 446pdx_service_socket_types(performance_client, pdx_performance_dir) 447pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) 448 449# file_contexts files 450type file_contexts_file, system_file_type, file_type; 451 452# mac_permissions file 453type mac_perms_file, system_file_type, file_type; 454 455# property_contexts file 456type property_contexts_file, system_file_type, file_type; 457 458# seapp_contexts file 459type seapp_contexts_file, system_file_type, file_type; 460 461# sepolicy files binary and others 462type sepolicy_file, system_file_type, file_type; 463 464# service_contexts file 465type service_contexts_file, system_file_type, file_type; 466 467# nonplat service_contexts file (only accessible on non full-treble devices) 468type nonplat_service_contexts_file, file_type; 469 470# hwservice_contexts file 471type hwservice_contexts_file, system_file_type, file_type; 472 473# vndservice_contexts file 474type vndservice_contexts_file, file_type; 475 476# Allow files to be created in their appropriate filesystems. 477allow fs_type self:filesystem associate; 478allow cgroup tmpfs:filesystem associate; 479allow cgroup_bpf tmpfs:filesystem associate; 480allow cgroup_rc_file tmpfs:filesystem associate; 481allow sysfs_type sysfs:filesystem associate; 482allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate; 483allow file_type labeledfs:filesystem associate; 484allow file_type tmpfs:filesystem associate; 485allow file_type rootfs:filesystem associate; 486allow dev_type tmpfs:filesystem associate; 487allow app_fuse_file app_fusefs:filesystem associate; 488allow postinstall_file self:filesystem associate; 489 490# asanwrapper (run a sanitized app_process, to be used with wrap properties) 491with_asan(`type asanwrapper_exec, exec_type, file_type;') 492 493# Deprecated in SDK version 28 494type audiohal_data_file, file_type, data_file_type, core_data_file_type; 495 496# It's a bug to assign the file_type attribute and fs_type attribute 497# to any type. Do not allow it. 498# 499# For example, the following is a bug: 500# type apk_data_file, file_type, data_file_type, fs_type; 501# Should be: 502# type apk_data_file, file_type, data_file_type; 503neverallow fs_type file_type:filesystem associate; 504