1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type; 7# Security-sensitive proc nodes that should not be writable to most. 8type proc_security, fs_type; 9# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 10type usermodehelper, fs_type, sysfs_type; 11type qtaguid_proc, fs_type, mlstrustedobject; 12type proc_bluetooth_writable, fs_type; 13type proc_cpuinfo, fs_type; 14type proc_net, fs_type; 15type proc_sysrq, fs_type; 16type selinuxfs, fs_type; 17type cgroup, fs_type, mlstrustedobject; 18type sysfs, fs_type, sysfs_type, mlstrustedobject; 19type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; 20type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 21type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 22type sysfs_wake_lock, fs_type, sysfs_type; 23# /sys/devices/system/cpu 24type sysfs_devices_system_cpu, fs_type, sysfs_type; 25# /sys/module/lowmemorykiller 26type sysfs_lowmemorykiller, fs_type, sysfs_type; 27type inotify, fs_type, mlstrustedobject; 28type devpts, fs_type, mlstrustedobject; 29type tmpfs, fs_type; 30type shm, fs_type; 31type mqueue, fs_type; 32type fuse, sdcard_type, fs_type, mlstrustedobject; 33type vfat, sdcard_type, fs_type, mlstrustedobject; 34typealias fuse alias sdcard_internal; 35typealias vfat alias sdcard_external; 36type debugfs, fs_type, mlstrustedobject; 37type pstorefs, fs_type; 38type functionfs, fs_type; 39type oemfs, fs_type, contextmount_type; 40type usbfs, fs_type; 41 42# File types 43type unlabeled, file_type; 44# Default type for anything under /system. 45type system_file, file_type; 46# Default type for anything under /data. 47type system_data_file, file_type, data_file_type; 48# /data/.layout_version or other installd-created files that 49# are created in a system_data_file directory. 50type install_data_file, file_type, data_file_type; 51# /data/drm - DRM plugin data 52type drm_data_file, file_type, data_file_type; 53# /data/anr - ANR traces 54type anr_data_file, file_type, data_file_type, mlstrustedobject; 55# /data/tombstones - core dumps 56type tombstone_data_file, file_type, data_file_type; 57# /data/app - user-installed apps 58type apk_data_file, file_type, data_file_type; 59type apk_tmp_file, file_type, data_file_type, mlstrustedobject; 60# /data/app-private - forward-locked apps 61type apk_private_data_file, file_type, data_file_type; 62type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; 63# /data/dalvik-cache 64type dalvikcache_data_file, file_type, data_file_type; 65# /data/dalvik-cache/profiles 66type dalvikcache_profiles_data_file, file_type, data_file_type; 67# /data/resource-cache 68type resourcecache_data_file, file_type, data_file_type; 69# /data/local - writable by shell 70type shell_data_file, file_type, data_file_type; 71# /data/gps 72type gps_data_file, file_type, data_file_type; 73# /data/property 74type property_data_file, file_type, data_file_type; 75 76# /data/misc subdirectories 77type adb_keys_file, file_type, data_file_type; 78type audio_data_file, file_type, data_file_type; 79type bluetooth_data_file, file_type, data_file_type; 80type camera_data_file, file_type, data_file_type; 81type keychain_data_file, file_type, data_file_type; 82type keystore_data_file, file_type, data_file_type; 83type media_data_file, file_type, data_file_type; 84type media_rw_data_file, file_type, data_file_type; 85type misc_user_data_file, file_type, data_file_type; 86type net_data_file, file_type, data_file_type; 87type nfc_data_file, file_type, data_file_type; 88type radio_data_file, file_type, data_file_type; 89type shared_relro_file, file_type, data_file_type; 90type systemkeys_data_file, file_type, data_file_type; 91type vpn_data_file, file_type, data_file_type; 92type wifi_data_file, file_type, data_file_type; 93type zoneinfo_data_file, file_type, data_file_type; 94 95# Compatibility with type names used in vanilla Android 4.3 and 4.4. 96typealias audio_data_file alias audio_firmware_file; 97# /data/data subdirectories - app sandboxes 98type app_data_file, file_type, data_file_type; 99# /data/data subdirectory for system UID apps. 100type system_app_data_file, file_type, data_file_type; 101# Compatibility with type name used in Android 4.3 and 4.4. 102typealias app_data_file alias platform_app_data_file; 103typealias app_data_file alias download_file; 104# Default type for anything under /cache 105type cache_file, file_type, mlstrustedobject; 106# Type for /cache/.*\.{data|restore} and default 107# type for anything under /cache/backup 108type cache_backup_file, file_type, mlstrustedobject; 109# Default type for anything under /efs 110type efs_file, file_type; 111# Type for wallpaper file. 112type wallpaper_file, file_type, mlstrustedobject; 113# /mnt/asec 114type asec_apk_file, file_type, data_file_type; 115# Elements of asec files (/mnt/asec) that are world readable 116type asec_public_file, file_type, data_file_type; 117# /data/app-asec 118type asec_image_file, file_type, data_file_type; 119# /data/backup and /data/secure/backup 120type backup_data_file, file_type, data_file_type, mlstrustedobject; 121# For /data/security 122type security_file, file_type; 123# All devices have bluetooth efs files. But they 124# vary per device, so this type is used in per 125# device policy 126type bluetooth_efs_file, file_type; 127 128# Socket types 129type adbd_socket, file_type; 130type bluetooth_socket, file_type; 131type dnsproxyd_socket, file_type, mlstrustedobject; 132type dumpstate_socket, file_type; 133type fwmarkd_socket, file_type, mlstrustedobject; 134type gps_socket, file_type; 135type installd_socket, file_type; 136type lmkd_socket, file_type; 137type logd_debug, file_type; 138type logd_socket, file_type; 139type logdr_socket, file_type; 140type logdw_socket, file_type; 141type mdns_socket, file_type; 142type mdnsd_socket, file_type; 143type mtpd_socket, file_type; 144type netd_socket, file_type; 145type property_socket, file_type; 146type racoon_socket, file_type; 147type rild_socket, file_type; 148type rild_debug_socket, file_type; 149type system_wpa_socket, file_type; 150type system_ndebug_socket, file_type; 151type vold_socket, file_type; 152type wpa_socket, file_type; 153type zygote_socket, file_type; 154 155# UART (for GPS) control proc file 156type gps_control, file_type; 157 158# Allow files to be created in their appropriate filesystems. 159allow fs_type self:filesystem associate; 160allow sysfs_type sysfs:filesystem associate; 161allow file_type labeledfs:filesystem associate; 162allow file_type tmpfs:filesystem associate; 163allow file_type rootfs:filesystem associate; 164allow dev_type tmpfs:filesystem associate; 165 166# It's a bug to assign the file_type attribute and fs_type attribute 167# to any type. Do not allow it. 168# 169# For example, the following is a bug: 170# type apk_data_file, file_type, data_file_type, fs_type; 171# Should be: 172# type apk_data_file, file_type, data_file_type; 173neverallow fs_type file_type:filesystem associate; 174