file.te revision 529fcbe06506d62370525f04380ae41ae7fc7892
1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type; 7# Security-sensitive proc nodes that should not be writable to most. 8type proc_security, fs_type; 9# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 10type usermodehelper, fs_type, sysfs_type; 11type qtaguid_proc, fs_type, mlstrustedobject; 12type proc_bluetooth_writable, fs_type; 13type proc_net, fs_type; 14type selinuxfs, fs_type; 15type cgroup, fs_type, mlstrustedobject; 16type sysfs, fs_type, mlstrustedobject; 17type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; 18type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 19type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 20type sysfs_wake_lock, fs_type, sysfs_type; 21# /sys/devices/system/cpu 22type sysfs_devices_system_cpu, fs_type, sysfs_type; 23type inotify, fs_type, mlstrustedobject; 24type devpts, fs_type, mlstrustedobject; 25type tmpfs, fs_type; 26type shm, fs_type; 27type mqueue, fs_type; 28type sdcard_internal, sdcard_type, fs_type, mlstrustedobject; 29type sdcard_external, sdcard_type, fs_type, mlstrustedobject; 30type debugfs, fs_type, mlstrustedobject; 31 32# File types 33type unlabeled, file_type; 34# Default type for anything under /system. 35type system_file, file_type; 36# Default type for anything under /data. 37type system_data_file, file_type, data_file_type; 38# /data/drm - DRM plugin data 39type drm_data_file, file_type, data_file_type; 40# /data/anr - ANR traces 41type anr_data_file, file_type, data_file_type, mlstrustedobject; 42# /data/tombstones - core dumps 43type tombstone_data_file, file_type, data_file_type; 44# /data/app - user-installed apps 45type apk_data_file, file_type, data_file_type; 46type apk_tmp_file, file_type, data_file_type, mlstrustedobject; 47# /data/app-private - forward-locked apps 48type apk_private_data_file, file_type, data_file_type; 49type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; 50# /data/dalvik-cache 51type dalvikcache_data_file, file_type, data_file_type; 52# /data/local - writable by shell 53type shell_data_file, file_type, data_file_type; 54# /data/gps 55type gps_data_file, file_type, data_file_type; 56 57# /data/misc subdirectories 58type adb_keys_file, file_type, data_file_type; 59type audio_data_file, file_type, data_file_type; 60type bluetooth_data_file, file_type, data_file_type; 61type camera_data_file, file_type, data_file_type; 62type keystore_data_file, file_type, data_file_type; 63type media_data_file, file_type, data_file_type; 64type media_rw_data_file, file_type, data_file_type; 65type nfc_data_file, file_type, data_file_type; 66type radio_data_file, file_type, data_file_type; 67type systemkeys_data_file, file_type, data_file_type; 68type vpn_data_file, file_type, data_file_type; 69type wifi_data_file, file_type, data_file_type; 70type zoneinfo_data_file, file_type, data_file_type; 71 72# Compatibility with type names used in vanilla Android 4.3 and 4.4. 73typealias audio_data_file alias audio_firmware_file; 74typealias camera_data_file alias camera_calibration_file; 75# /data/data subdirectories - app sandboxes 76type app_data_file, file_type, data_file_type; 77type platform_app_data_file, file_type, data_file_type, mlstrustedobject; 78# Default type for anything under /cache 79type cache_file, file_type, mlstrustedobject; 80# Type for /cache/.*\.{data|restore} and default 81# type for anything under /cache/backup 82type cache_backup_file, file_type, mlstrustedobject; 83# Default type for anything under /efs 84type efs_file, file_type; 85# Type for wallpaper file. 86type wallpaper_file, file_type, mlstrustedobject; 87# /mnt/asec 88type asec_apk_file, file_type, data_file_type; 89# /data/app-asec 90type asec_image_file, file_type, data_file_type; 91# /data/backup and /data/secure/backup 92type backup_data_file, file_type, data_file_type, mlstrustedobject; 93# For /data/security 94type security_file, file_type; 95# All devices have bluetooth efs files. But they 96# vary per device, so this type is used in per 97# device policy 98type bluetooth_efs_file, file_type; 99# Downloaded files 100type download_file, file_type; 101 102# Socket types 103type adbd_socket, file_type; 104type bluetooth_socket, file_type; 105type dnsproxyd_socket, file_type, mlstrustedobject; 106type dumpstate_socket, file_type; 107type gps_socket, file_type; 108type installd_socket, file_type; 109type keystore_socket, file_type; 110type lmkd_socket, file_type; 111type mdns_socket, file_type; 112type netd_socket, file_type; 113type property_socket, file_type; 114type qemud_socket, file_type; 115type racoon_socket, file_type; 116type rild_socket, file_type; 117type rild_debug_socket, file_type; 118type system_wpa_socket, file_type; 119type system_ndebug_socket, file_type; 120type vold_socket, file_type; 121type wpa_socket, file_type; 122type zygote_socket, file_type; 123 124# UART (for GPS) control proc file 125type gps_control, file_type; 126 127# Allow files to be created in their appropriate filesystems. 128allow fs_type self:filesystem associate; 129allow sysfs_type sysfs:filesystem associate; 130allow file_type labeledfs:filesystem associate; 131allow file_type tmpfs:filesystem associate; 132allow file_type rootfs:filesystem associate; 133allow dev_type tmpfs:filesystem associate; 134