Lines Matching refs:to

15 # to their sandbox directory and then execute.
41 # TODO: narrow this to just MediaProvider
44 # Write to /cache.
48 # Access to /data/media.
57 # Allow verifier to access staged apks.
64 # Allow GMS core to access perfprofd output, which is stored
65 # in /data/misc/perfprofd/. GMS core will need to list all
66 # data stored in that directory to process them one by one.
72 # Allow GMS core to scan executables on the system partition
88 # Allow GMS core to communicate with update_engine for A/B update.
92 # Allow Phone to read/write cached ringtones (opened by system).
95 # Access to /data/preloads
110 # best practice to ensure these files aren't readable.
113 # Do not allow privileged apps to register services.
118 # Do not allow privileged apps to connect to the property service
124 # Do not allow priv_app to be assigned mlstrustedsubject.
127 # constraints.  As there is no direct way to specify a neverallow
130 # never be granted to any other domain within mlstrustedsubject)
131 # and priv_app is allowed fork permission to itself.
134 # Do not allow priv_app to hard link to any files.
135 # In particular, if priv_app links to other app data
136 # files, installd will not be able to guarantee the deletion
137 # of the linked to file. Hard links also contribute to security
138 # bugs, so we want to ensure priv_app never has this