app.te - OpenGrok cross reference for /system/sepolicy/app.te

Lines Matching refs:file
4 ### This file is the base policy for all zygote spawned apps.
15 # Receive and use open file descriptors inherited from zygote.
20 allow appdomain zygote_exec:file rx_file_perms;
23 allow appdomain zygote_tmpfs:file read;
30 allow appdomain cgroup:file rw_file_perms;
34 allow appdomain dalvikcache_data_file:file r_file_perms;
49   allow appdomain method_trace_data_file:file { create w_file_perms };
70 # App sandbox file accesses.
76 allow appdomain system_data_file:file { execute execute_no_trans open execmod };
83 allow appdomain keychain_data_file:file r_file_perms;
85 allow appdomain misc_user_data_file:file r_file_perms;
89 allow appdomain oemfs:file rx_file_perms;
92 allow appdomain shell_exec:file rx_file_perms;
93 allow appdomain system_file:file rx_file_perms;
94 allow appdomain toolbox_exec:file rx_file_perms;
100 allow appdomain dex2oat_exec:file rx_file_perms;
102 # Read/write wallpaper file (opened by system).
103 allow appdomain wallpaper_file:file { getattr read write };
106 allow appdomain ringtone_file:file { getattr read write };
109 allow appdomain shortcut_manager_icons:file { getattr read };
111 # Read icon file (opened by system).
112 allow appdomain icon_file:file { getattr read };
116 allow appdomain anr_data_file:file { open append };
122 allow appdomain shell_data_file:file { write getattr };
126 allow appdomain user_profile_data_file:file create_file_perms;
129 allow appdomain user_profile_foreign_dex_data_file:file create;
133 dontaudit appdomain user_profile_foreign_dex_data_file:file { open read };
135 # Send heap dumps to system_server via an already open file descriptor
140   allow appdomain heapdump_data_file:file append;
143 # Write to /proc/net/xt_qtaguid/ctrl file.
144 allow appdomain qtaguid_proc:file rw_file_perms;
168 allow appdomain backup_data_file:file { read write getattr };
169 allow appdomain cache_backup_file:file { read write getattr };
175 allow appdomain media_rw_data_file:file { read getattr };
178 allow appdomain radio_data_file:file { read write getattr };
189 allow appdomain fuse:file create_file_perms;
191 allow appdomain sdcardfs:file create_file_perms;
196 allow appdomain vfat:file rw_file_perms;
202 # and the file descriptor is passed to the right Activity via binder.
207 allow appdomain dalvikcache_data_file:file execute;
212 allow appdomain shared_relro_file:file r_file_perms;
216 allow appdomain apk_data_file:file { rx_file_perms execmod };
219 allow appdomain resourcecache_data_file:file r_file_perms;
241 allow appdomain app_fuse_file:file { getattr read append write };
249 allow appdomain runas_exec:file getattr;
334 neverallow appdomain { domain -appdomain }:file write;
358 neverallow appdomain exec_type:file
413 # Write to various pseudo file systems.
442 neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;