1# Filesystem types
2type labeledfs, fs_type;
3type pipefs, fs_type;
4type sockfs, fs_type;
5type rootfs, fs_type;
6type proc, fs_type;
7# Security-sensitive proc nodes that should not be writable to most.
8type proc_security, fs_type;
9# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
10type usermodehelper, fs_type, sysfs_type;
11type qtaguid_proc, fs_type, mlstrustedobject;
12type proc_bluetooth_writable, fs_type;
13type proc_cpuinfo, fs_type;
14type proc_net, fs_type;
15type proc_sysrq, fs_type;
16type selinuxfs, fs_type;
17type cgroup, fs_type, mlstrustedobject;
18type sysfs, fs_type, sysfs_type, mlstrustedobject;
19type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
20type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
21type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
22type sysfs_wake_lock, fs_type, sysfs_type;
23# /sys/devices/system/cpu
24type sysfs_devices_system_cpu, fs_type, sysfs_type;
25# /sys/module/lowmemorykiller
26type sysfs_lowmemorykiller, fs_type, sysfs_type;
27type inotify, fs_type, mlstrustedobject;
28type devpts, fs_type, mlstrustedobject;
29type tmpfs, fs_type;
30type shm, fs_type;
31type mqueue, fs_type;
32type fuse, sdcard_type, fs_type, mlstrustedobject;
33type vfat, sdcard_type, fs_type, mlstrustedobject;
34typealias fuse alias sdcard_internal;
35typealias vfat alias sdcard_external;
36type debugfs, fs_type, mlstrustedobject;
37type pstorefs, fs_type;
38type functionfs, fs_type;
39type oemfs, fs_type, contextmount_type;
40type usbfs, fs_type;
41
42# File types
43type unlabeled, file_type;
44# Default type for anything under /system.
45type system_file, file_type;
46# /cores for coredumps on userdebug / eng builds
47type coredump_file, file_type;
48# Default type for anything under /data.
49type system_data_file, file_type, data_file_type;
50# /data/.layout_version or other installd-created files that
51# are created in a system_data_file directory.
52type install_data_file, file_type, data_file_type;
53# /data/drm - DRM plugin data
54type drm_data_file, file_type, data_file_type;
55# /data/adb - adb debugging files
56type adb_data_file, file_type, data_file_type;
57# /data/anr - ANR traces
58type anr_data_file, file_type, data_file_type, mlstrustedobject;
59# /data/tombstones - core dumps
60type tombstone_data_file, file_type, data_file_type;
61# /data/app - user-installed apps
62type apk_data_file, file_type, data_file_type;
63type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
64# /data/app-private - forward-locked apps
65type apk_private_data_file, file_type, data_file_type;
66type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
67# /data/dalvik-cache
68type dalvikcache_data_file, file_type, data_file_type;
69# /data/dalvik-cache/profiles
70type dalvikcache_profiles_data_file, file_type, data_file_type;
71# /data/resource-cache
72type resourcecache_data_file, file_type, data_file_type;
73# /data/local - writable by shell
74type shell_data_file, file_type, data_file_type;
75# /data/gps
76type gps_data_file, file_type, data_file_type;
77# /data/property
78type property_data_file, file_type, data_file_type;
79
80# /data/misc subdirectories
81type adb_keys_file, file_type, data_file_type;
82type audio_data_file, file_type, data_file_type;
83type bluetooth_data_file, file_type, data_file_type;
84type camera_data_file, file_type, data_file_type;
85type keychain_data_file, file_type, data_file_type;
86type keystore_data_file, file_type, data_file_type;
87type media_data_file, file_type, data_file_type;
88type media_rw_data_file, file_type, data_file_type;
89type misc_user_data_file, file_type, data_file_type;
90type net_data_file, file_type, data_file_type;
91type nfc_data_file, file_type, data_file_type;
92type radio_data_file, file_type, data_file_type;
93type shared_relro_file, file_type, data_file_type;
94type systemkeys_data_file, file_type, data_file_type;
95type vpn_data_file, file_type, data_file_type;
96type wifi_data_file, file_type, data_file_type;
97type zoneinfo_data_file, file_type, data_file_type;
98
99# Compatibility with type names used in vanilla Android 4.3 and 4.4.
100typealias audio_data_file alias audio_firmware_file;
101# /data/data subdirectories - app sandboxes
102type app_data_file, file_type, data_file_type;
103# /data/data subdirectory for system UID apps.
104type system_app_data_file, file_type, data_file_type;
105# Compatibility with type name used in Android 4.3 and 4.4.
106typealias app_data_file alias platform_app_data_file;
107typealias app_data_file alias download_file;
108# Default type for anything under /cache
109type cache_file, file_type, mlstrustedobject;
110# Type for /cache/.*\.{data|restore} and default
111# type for anything under /cache/backup
112type cache_backup_file, file_type, mlstrustedobject;
113# Default type for anything under /efs
114type efs_file, file_type;
115# Type for wallpaper file.
116type wallpaper_file, file_type, mlstrustedobject;
117# /mnt/asec
118type asec_apk_file, file_type, data_file_type;
119# Elements of asec files (/mnt/asec) that are world readable
120type asec_public_file, file_type, data_file_type;
121# /data/app-asec
122type asec_image_file, file_type, data_file_type;
123# /data/backup and /data/secure/backup
124type backup_data_file, file_type, data_file_type, mlstrustedobject;
125# For /data/security
126type security_file, file_type;
127# All devices have bluetooth efs files. But they
128# vary per device, so this type is used in per
129# device policy
130type bluetooth_efs_file, file_type;
131
132# Socket types
133type adbd_socket, file_type;
134type bluetooth_socket, file_type;
135type dnsproxyd_socket, file_type, mlstrustedobject;
136type dumpstate_socket, file_type;
137type fwmarkd_socket, file_type, mlstrustedobject;
138type gps_socket, file_type;
139type installd_socket, file_type;
140type lmkd_socket, file_type;
141type logd_debug, file_type;
142type logd_socket, file_type;
143type logdr_socket, file_type;
144type logdw_socket, file_type;
145type mdns_socket, file_type;
146type mdnsd_socket, file_type;
147type mtpd_socket, file_type;
148type netd_socket, file_type;
149type property_socket, file_type;
150type racoon_socket, file_type;
151type rild_socket, file_type;
152type rild_debug_socket, file_type;
153type system_wpa_socket, file_type;
154type system_ndebug_socket, file_type;
155type vold_socket, file_type;
156type wpa_socket, file_type;
157type zygote_socket, file_type;
158
159# UART (for GPS) control proc file
160type gps_control, file_type;
161
162# Allow files to be created in their appropriate filesystems.
163allow fs_type self:filesystem associate;
164allow sysfs_type sysfs:filesystem associate;
165allow file_type labeledfs:filesystem associate;
166allow file_type tmpfs:filesystem associate;
167allow file_type rootfs:filesystem associate;
168allow dev_type tmpfs:filesystem associate;
169
170# It's a bug to assign the file_type attribute and fs_type attribute
171# to any type. Do not allow it.
172#
173# For example, the following is a bug:
174#   type apk_data_file, file_type, data_file_type, fs_type;
175# Should be:
176#   type apk_data_file, file_type, data_file_type;
177neverallow fs_type file_type:filesystem associate;
178