Lines Matching refs:domain

3613 attribute domain;
3680 type adbd, domain;
4106 allow appdomain domain:dir { open read search getattr };
4107 allow appdomain domain:{ file lnk_file } { open read getattr };
4137 allow appdomain domain:process getattr;
4222 neverallow { appdomain -unconfineddomain } { domain -appdomain }:process ptrace;
4225 neverallow { appdomain -unconfineddomain } { domain -appdomain }:file write;
4231 neverallow { appdomain -unconfineddomain } { domain -appdomain }:process
4336 type bluetooth, domain;
4429 type bootanim, domain;
4512 type clatd, domain;
4578 type debuggerd, domain;
4633 allow debuggerd domain:dir { open getattr read search ioctl };
4634 allow debuggerd domain:file { getattr open read ioctl lock };
4635 allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd }:process ptrace;
4663 allow debuggerd domain:process { sigstop signal };
4760 type dhcp, domain;
4856 type dnsmasq, domain;
4877 allow domain init:process sigchld;
4880 allow domain kernel:fd use;
4881 allow domain tmpfs:file { read getattr };
4884 allow domain tmpfs:dir { open getattr read search ioctl };
4887 allow domain self:process ~{ execmem execstack execheap ptrace };
4888 allow domain self:fd use;
4889 allow domain self:dir { open getattr read search ioctl };
4890 allow domain self:lnk_file { getattr open read ioctl lock };
4891 allow domain self:{ fifo_file file } { { getattr open read ioctl lock } { open append write } };
4892 allow domain self:{ unix_dgram_socket unix_stream_socket } *;
4895 allow domain init:fd use;
4896 allow domain system_server:fd use;
4900 allow domain adbd:unix_stream_socket connectto;
4901 allow domain adbd:fd use;
4902 allow domain adbd:unix_stream_socket { getattr getopt read write shutdown };
4910 allow domain debuggerd:process sigchld;
4911 allow domain debuggerd:unix_stream_socket connectto;
4914 allow domain rootfs:dir { open getattr read search ioctl };
4915 allow domain rootfs:file { getattr open read ioctl lock };
4916 allow domain rootfs:lnk_file { getattr open read ioctl lock };
4919 allow domain device:dir search;
4920 allow domain dev_type:lnk_file { getattr open read ioctl lock };
4921 allow domain devpts:dir search;
4922 allow domain device:file read;
4923 allow domain socket_device:dir search;
4924 allow domain owntty_device:chr_file { { getattr open read ioctl lock } { open append write } };
4925 allow domain null_device:chr_file { { getattr open read ioctl lock } { open append write } };
4926 allow domain zero_device:chr_file { getattr open read ioctl lock };
4927 allow domain ashmem_device:chr_file { { getattr open read ioctl lock } { open append write } };
4928 allow domain binder_device:chr_file { { getattr open read ioctl lock } { open append write } };
4929 allow domain ptmx_device:chr_file { { getattr open read ioctl lock } { open append write } };
4930 allow domain log_device:dir search;
4931 allow domain log_device:chr_file { { getattr open read ioctl lock } { open append write } };
4932 allow domain alarm_device:chr_file { getattr open read ioctl lock };
4933 allow domain urandom_device:chr_file { { getattr open read ioctl lock } { open append write } };
4934 allow domain random_device:chr_file { { getattr open read ioctl lock } { open append write } };
4935 allow domain properties_device:file { getattr open read ioctl lock };
4944 allow domain logdw_socket:sock_file write;
4946 allow domain logd:unix_dgram_socket sendto;
4953 allow domain fs_type:filesystem getattr;
4954 allow domain fs_type:dir getattr;
4957 allow domain system_file:dir { open getattr read search ioctl };
4958 allow domain system_file:file { getattr open read ioctl lock };
4959 allow domain system_file:file execute;
4960 allow domain system_file:lnk_file { getattr open read ioctl lock };
4963 allow domain system_data_file:dir { search getattr };
4964 allow domain system_data_file:file { getattr read };
4965 allow domain system_data_file:lnk_file { getattr open read ioctl lock };
4968 allow domain apk_data_file:dir { getattr search };
4969 allow domain apk_data_file:file { getattr open read ioctl lock };
4972 allow domain dalvikcache_data_file:dir { search getattr };
4973 allow domain dalvikcache_data_file:file { getattr open read ioctl lock };
4976 allow domain cache_file:dir { open getattr read search ioctl };
4977 allow domain cache_file:file { getattr read };
4978 allow domain cache_file:lnk_file { getattr open read ioctl lock };
4983 allow domain zoneinfo_data_file:dir { open getattr read search ioctl };
4985 allow domain zoneinfo_data_file:{ file lnk_file } { getattr open read ioctl lock };
4990 allow domain cgroup:dir { search write };
4991 allow domain cgroup:file { open append write };
4994 allow domain ion_device:chr_file { { getattr open read ioctl lock } { open append write } };
4999 allow domain proc:dir { open getattr read search ioctl };
5001 allow domain proc:{ file lnk_file } { getattr open read ioctl lock };
5006 allow domain sysfs:dir { open getattr read search ioctl };
5008 allow domain sysfs:{ file lnk_file } { getattr open read ioctl lock };
5013 allow domain sysfs_devices_system_cpu:dir { open getattr read search ioctl };
5015 allow domain sysfs_devices_system_cpu:{ file lnk_file } { getattr open read ioctl lock };
5020 allow domain inotify:dir { open getattr read search ioctl };
5022 allow domain inotify:{ file lnk_file } { getattr open read ioctl lock };
5027 allow domain cgroup:dir { open getattr read search ioctl };
5029 allow domain cgroup:{ file lnk_file } { getattr open read ioctl lock };
5034 allow domain proc_net:dir { open getattr read search ioctl };
5036 allow domain proc_net:{ file lnk_file } { getattr open read ioctl lock };
5041 allow domain debugfs:dir { open getattr read search ioctl };
5042 allow domain debugfs:file { open append write };
5047 allow domain selinuxfs:dir { open getattr read search ioctl };
5049 allow domain selinuxfs:file { getattr open read ioctl lock };
5054 allow domain security_file:dir { search getattr };
5055 allow domain security_file:file getattr;
5058 allow domain asec_public_file:file { getattr open read ioctl lock };
5059 allow domain { asec_public_file asec_apk_file }:dir { open getattr read search ioctl };
5071 allow domain unlabeled:{ file lnk_file sock_file fifo_file } { { create setattr { { getattr open re…
5072 allow domain unlabeled:dir { { create reparent rmdir setattr { { open getattr read search ioctl } {…
5073 neverallow { domain -relabeltodomain } *:{ dir { { chr_file blk_file } { file lnk_file sock_file fi…
5081 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;
5084 neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt } self:capa…
5087 neverallow domain self:capability2 mac_override;
5090 neverallow { domain -recovery } self:capability2 mac_admin;
5096 neverallow { domain -init } kernel:security load_policy;
5102 neverallow { domain -kernel } kernel:security { setenforce setcheckreqprot };
5105 neverallow { domain -init -system_server -ueventd -unconfineddomain } hw_random_device:chr_file *;
5108 neverallow domain { file_type -exec_type }:file entrypoint;
5111 neverallow { domain -kernel -ueventd -init } kmem_device:chr_file *;
5112 neverallow domain kmem_device:chr_file ~{ create relabelto unlink setattr };
5116 neverallow { domain -init } usermodehelper:file { append write };
5117 neverallow { domain -init } proc_security:file { append write };
5120 neverallow domain init:process ptrace;
5124 neverallow domain init:binder call;
5128 neverallow { domain -kernel -init -recovery -vold -uncrypt } block_device:blk_file { open read writ…
5133 neverallow { domain -unconfineddomain -ueventd } device:chr_file { open read write };
5138 neverallow { domain -kernel -init -recovery -vold -zygote } { fs_type -sdcard_type }:filesystem { m…
5141 type drmserver, domain;
5298 type dumpstate, domain;
5385 allow dumpstate domain:dir { open getattr read search ioctl };
5387 allow dumpstate domain:{ file lnk_file } { getattr open read ioctl lock };
5415 allow dumpstate domain:process getattr;
5668 type gpsd, domain;
5747 type hci_attach, domain;
5807 type healthd, domain;
5870 type hostapd, domain;
5899 type init_shell, domain, shelldomain;
5946 type init, domain;
5990 type inputflinger, domain;
6067 type installd, domain;
6187 type isolated_app, domain;
6220 type kernel, domain;
6255 type keystore, domain;
6332 type lmkd, domain;
6410 type logd, domain;
6468 allow logd domain:dir { open getattr read search ioctl };
6470 allow logd domain:{ file lnk_file } { getattr open read ioctl lock };
6486 neverallow logd domain:process ptrace;
6498 type media_app, domain;
6563 type mediaserver, domain;
6772 type mtp, domain;
6847 type netd, domain;
7111 neverallow netd { domain }:process ptrace;
7145 type nfc, domain;
7190 type platform_app, domain;
7273 type ppp, domain;
7345 type qemud, domain;
7404 type racoon, domain;
7512 type radio, domain;
7581 type recovery, domain;
7617 type release_app, domain;
7671 type rild, domain;
7790 type runas, domain, mlstrustedsubject;
7873 type sdcardd, domain;
7948 type servicemanager, domain;
8008 allow servicemanager domain:binder transfer;
8014 type shared_app, domain;
8136 type shell, domain, shelldomain, mlstrustedsubject;
8173 type surfaceflinger, domain;
8380 type system_app, domain;
8480 type system_server, domain, mlstrustedsubject;
8874 allow system_server domain:dir { open getattr read search ioctl };
8875 allow system_server domain:file { getattr open read ioctl lock };
8980 type tee, domain;
9042 type ueventd, domain;
9123 allow unconfineddomain domain:process ~{ execmem execstack execheap ptrace transition dyntransition…
9124 allow unconfineddomain domain:fd *;
9125 allow unconfineddomain domain:dir { open getattr read search ioctl };
9126 allow unconfineddomain domain:lnk_file { getattr open read ioctl lock };
9127 allow unconfineddomain domain:{ fifo_file file } { { getattr open read ioctl lock } { open append w…
9128 allow unconfineddomain domain:{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_soc…
9129 allow unconfineddomain domain:{ sem msgq shm ipc } *;
9130 allow unconfineddomain domain:key *;
9141 allow unconfineddomain domain:peer recv;
9142 allow unconfineddomain { domain -init }:binder { call transfer set_context_mgr };
9146 type uncrypt, domain;
9251 type untrusted_app, domain;
9348 type vold, domain;
9422 allow vold domain:dir { open getattr read search ioctl };
9423 allow vold domain:{ file lnk_file } { getattr open read ioctl lock };
9424 allow vold domain:process { signal sigkill };
9513 type watchdogd, domain;
9532 type wpa, domain;
9613 type zygote, domain;
9758 allow domain sysfs_writable:file { { getattr open read ioctl lock } { open append write } };
9764 role r types domain;