vold.te - OpenGrok cross reference for /system/sepolicy/vold.te

Lines Matching refs:vold
2 type vold, domain, domain_deprecated;
5 init_daemon_domain(vold)
8 domain_auto_trans(vold, sgdisk_exec, sgdisk);
9 domain_auto_trans(vold, sdcardd_exec, sdcardd);
12 allow vold cache_file:dir r_dir_perms;
13 allow vold cache_file:file { getattr read };
14 allow vold cache_file:lnk_file r_file_perms;
17 r_dir_file(vold, proc)
18 r_dir_file(vold, proc_net)
19 r_dir_file(vold, sysfs)
20 r_dir_file(vold, rootfs)
24 domain_trans(vold, shell_exec, blkid);
25 domain_trans(vold, shell_exec, blkid_untrusted);
26 domain_trans(vold, fsck_exec, fsck);
27 domain_trans(vold, fsck_exec, fsck_untrusted);
30 allow vold self:process setexec;
33 allow vold shell_exec:file rx_file_perms;
35 typeattribute vold mlstrustedsubject;
36 allow vold self:process setfscreate;
37 allow vold system_file:file x_file_perms;
38 allow vold block_device:dir create_dir_perms;
39 allow vold device:dir write;
40 allow vold devpts:chr_file rw_file_perms;
41 allow vold rootfs:dir mounton;
42 allow vold sdcard_type:dir mounton; # TODO: deprecated in M
43 allow vold sdcard_type:filesystem { mount remount unmount }; # TODO: deprecated in M
44 allow vold sdcard_type:dir create_dir_perms; # TODO: deprecated in M
45 allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M
48 allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms;
49 allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms;
52 allow vold media_rw_data_file:dir create_dir_perms;
53 allow vold media_rw_data_file:file create_file_perms;
57 type_transition vold storage_file:dir storage_stub_file;
58 type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;
61 allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr …
62 allow vold sdcard_type:filesystem { mount unmount remount };
65 allow vold mnt_user_file:dir create_dir_perms;
66 allow vold mnt_user_file:lnk_file create_file_perms;
69 allow vold mnt_expand_file:dir { create_dir_perms mounton };
70 allow vold apk_data_file:dir { create getattr setattr };
71 allow vold shell_data_file:dir { create getattr setattr };
73 allow vold tmpfs:filesystem { mount unmount };
74 allow vold tmpfs:dir create_dir_perms;
75 allow vold tmpfs:dir mounton;
76 allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
77 allow vold self:netlink_kobject_uevent_socket create_socket_perms;
78 allow vold app_data_file:dir search;
79 allow vold app_data_file:file rw_file_perms;
80 allow vold loop_device:blk_file create_file_perms;
81 allow vold vold_device:blk_file create_file_perms;
82 allow vold dm_device:chr_file rw_file_perms;
83 allow vold dm_device:blk_file rw_file_perms;
84 # For vold Process::killProcessesWithOpenFiles function.
85 allow vold domain:dir r_dir_perms;
86 allow vold domain:{ file lnk_file } r_file_perms;
87 allow vold domain:process { signal sigkill };
88 allow vold self:capability { sys_ptrace kill };
91 allow vold sysfs:file rw_file_perms;
94 allow vold sysfs_usb:file w_file_perms;
96 allow vold kmsg_device:chr_file rw_file_perms;
99 allow vold fsck_exec:file { r_file_perms execute };
102 allow vold fscklogs:dir rw_dir_perms;
103 allow vold fscklogs:file create_file_perms;
110 allow vold labeledfs:filesystem { mount unmount remount };
114 allow vold efs_file:file rw_file_perms;
117 allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir };
120 allow vold kernel:process setsched;
123 set_prop(vold, vold_prop)
124 set_prop(vold, powerctl_prop)
125 set_prop(vold, ctl_fuse_prop)
126 set_prop(vold, restorecon_prop)
129 allow vold asec_image_file:file create_file_perms;
130 allow vold asec_image_file:dir rw_dir_perms;
131 security_access_policy(vold)
132 allow vold asec_apk_file:dir { create_dir_perms mounton relabelfrom relabelto };
133 allow vold asec_public_file:dir { relabelto setattr };
134 allow vold asec_apk_file:file { r_file_perms setattr relabelfrom relabelto };
135 allow vold asec_public_file:file { relabelto setattr };
137 allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
138 allow vold unlabeled:file { r_file_perms setattr relabelfrom };
141 wakelock_use(vold)
144 binder_use(vold)
145 binder_call(vold, healthd)
148 allow vold tee_device:chr_file rw_file_perms;
151 allow vold userdata_block_device:blk_file rw_file_perms;
154 allow vold metadata_block_device:blk_file rw_file_perms;
156 # Allow vold to manipulate /data/unencrypted
157 allow vold unencrypted_data_file:{ file } create_file_perms;
158 allow vold unencrypted_data_file:dir create_dir_perms;
161 allow vold proc_drop_caches:file w_file_perms;
163 # Give vold a place where only vold can store files; everyone else is off limits
164 allow vold vold_data_file:dir create_dir_perms;
165 allow vold vold_data_file:file create_file_perms;
168 allow vold init:key { write search setattr };
169 allow vold vold:key { write search setattr };
171 # vold temporarily changes its priority when running benchmarks
172 allow vold self:capability sys_nice;
174 # vold needs to chroot into app namespaces to remount when runtime permissions change
175 allow vold self:capability sys_chroot;
176 allow vold storage_file:dir mounton;
179 allow vold fuse_device:chr_file rw_file_perms;
180 allow vold fuse:filesystem { relabelfrom };
181 allow vold app_fusefs:filesystem { relabelfrom relabelto };
182 allow vold app_fusefs:filesystem { mount unmount };
185 allow vold sysfs_zram:dir r_dir_perms;
186 allow vold sysfs_zram_uevent:file rw_file_perms;
189 allow vold toolbox_exec:file rx_file_perms;
192 allow vold user_profile_data_file:dir create_dir_perms;
193 allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };
196 allow vold misc_block_device:blk_file w_file_perms;
198 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto…
199 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
200 neverallow { domain -vold -init } vold_data_file:dir *;
201 neverallow { domain -vold -init } vold_data_file:notdevfile_class_set *;
202 neverallow { domain -vold -init } restorecon_prop:property_service set;
204 neverallow vold fsck_exec:file execute_no_trans;