1###################################### 2# Attribute declarations 3# 4 5# All types used for devices. 6# On change, update CHECK_FC_ASSERT_ATTRS 7# in tools/checkfc.c 8attribute dev_type; 9 10# All types used for processes. 11attribute domain; 12 13# Temporary attribute used for migrating permissions out of domain. 14# Motivation: Domain is overly permissive. Start removing permissions 15# from domain and assign them to the domain_deprecated attribute. 16# Domain_deprecated and domain can initially be assigned to all 17# domains. The goal is to not assign domain_deprecated to new domains 18# and to start removing domain_deprecated where it's not required or 19# reassigning the appropriate permissions to the inheriting domain 20# when necessary. 21attribute domain_deprecated; 22 23# All types used for filesystems. 24# On change, update CHECK_FC_ASSERT_ATTRS 25# definition in tools/checkfc.c. 26attribute fs_type; 27 28# All types used for context= mounts. 29attribute contextmount_type; 30 31# All types used for files that can exist on a labeled fs. 32# Do not use for pseudo file types. 33# On change, update CHECK_FC_ASSERT_ATTRS 34# definition in tools/checkfc.c. 35attribute file_type; 36 37# All types used for domain entry points. 38attribute exec_type; 39 40# All types used for /data files. 41attribute data_file_type; 42 43# All types use for sysfs files. 44attribute sysfs_type; 45 46# All types use for debugfs files. 47attribute debugfs_type; 48 49# Attribute used for all sdcards 50attribute sdcard_type; 51 52# All types used for nodes/hosts. 53attribute node_type; 54 55# All types used for network interfaces. 56attribute netif_type; 57 58# All types used for network ports. 59attribute port_type; 60 61# All types used for property service 62# On change, update CHECK_PC_ASSERT_ATTRS 63# definition in tools/checkfc.c. 64attribute property_type; 65 66# All properties defined in core SELinux policy. Should not be 67# used by device specific properties 68attribute core_property_type; 69 70# All properties used to configure log filtering. 71attribute log_property_type; 72 73# All service_manager types created by system_server 74attribute system_server_service; 75 76# services which should be available to all but isolated apps 77attribute app_api_service; 78 79# services which export only system_api 80attribute system_api_service; 81 82# All types used for services managed by service_manager. 83# On change, update CHECK_SC_ASSERT_ATTRS 84# definition in tools/checkfc.c. 85attribute service_manager_type; 86 87# All domains that can override MLS restrictions. 88# i.e. processes that can read up and write down. 89attribute mlstrustedsubject; 90 91# All types that can override MLS restrictions. 92# i.e. files that can be read by lower and written by higher 93attribute mlstrustedobject; 94 95# All domains used for apps. 96attribute appdomain; 97 98# All domains used for apps with network access. 99attribute netdomain; 100 101# All domains used for apps with bluetooth access. 102attribute bluetoothdomain; 103 104# All domains used for binder service domains. 105attribute binderservicedomain; 106 107# All domains that access the boot_control HAL. The permissions the HAL 108# requires are specific to the implementation provided in each device, but 109# common daemons need to be aware of those when calling into the HAL. 110attribute boot_control_hal; 111