file.te revision 9b3c3661ff6a6f82a24aada7c614a0e116547cef
1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type; 7# Security-sensitive proc nodes that should not be writable to most. 8type proc_security, fs_type; 9# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 10type usermodehelper, fs_type, sysfs_type; 11type qtaguid_proc, fs_type, mlstrustedobject; 12type proc_bluetooth_writable, fs_type; 13type proc_net, fs_type; 14type selinuxfs, fs_type; 15type cgroup, fs_type, mlstrustedobject; 16type sysfs, fs_type, mlstrustedobject; 17type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; 18type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 19type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 20type sysfs_wake_lock, fs_type, sysfs_type; 21# /sys/devices/system/cpu 22type sysfs_devices_system_cpu, fs_type, sysfs_type; 23type inotify, fs_type, mlstrustedobject; 24type devpts, fs_type, mlstrustedobject; 25type tmpfs, fs_type; 26type shm, fs_type; 27type mqueue, fs_type; 28type sdcard_internal, sdcard_type, fs_type, mlstrustedobject; 29type sdcard_external, sdcard_type, fs_type, mlstrustedobject; 30type debugfs, fs_type, mlstrustedobject; 31 32# File types 33type unlabeled, file_type; 34# Default type for anything under /system. 35type system_file, file_type; 36# Default type for anything under /data. 37type system_data_file, file_type, data_file_type; 38# /data/drm - DRM plugin data 39type drm_data_file, file_type, data_file_type; 40# /data/anr - ANR traces 41type anr_data_file, file_type, data_file_type, mlstrustedobject; 42# /data/tombstones - core dumps 43type tombstone_data_file, file_type, data_file_type; 44# /data/app - user-installed apps 45type apk_data_file, file_type, data_file_type; 46type apk_tmp_file, file_type, data_file_type, mlstrustedobject; 47# /data/app-private - forward-locked apps 48type apk_private_data_file, file_type, data_file_type; 49type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; 50# /data/dalvik-cache 51type dalvikcache_data_file, file_type, data_file_type; 52# /data/local - writable by shell 53type shell_data_file, file_type, data_file_type; 54# /data/gps 55type gps_data_file, file_type, data_file_type; 56 57# /data/misc subdirectories 58type adb_keys_file, file_type, data_file_type; 59type audio_data_file, file_type, data_file_type; 60type bluetooth_data_file, file_type, data_file_type; 61type camera_data_file, file_type, data_file_type; 62type keystore_data_file, file_type, data_file_type; 63type media_data_file, file_type, data_file_type; 64type media_rw_data_file, file_type, data_file_type; 65type nfc_data_file, file_type, data_file_type; 66type radio_data_file, file_type, data_file_type; 67type systemkeys_data_file, file_type, data_file_type; 68type vpn_data_file, file_type, data_file_type; 69type wifi_data_file, file_type, data_file_type; 70type zoneinfo_data_file, file_type, data_file_type; 71 72# Compatibility with type names used in vanilla Android 4.3 and 4.4. 73typealias audio_data_file alias audio_firmware_file; 74typealias camera_data_file alias camera_calibration_file; 75# /data/data subdirectories - app sandboxes 76type app_data_file, file_type, data_file_type; 77type platform_app_data_file, file_type, data_file_type, mlstrustedobject; 78# Default type for anything under /cache 79type cache_file, file_type, mlstrustedobject; 80# Type for /cache/.*\.{data|restore} and default 81# type for anything under /cache/backup 82type cache_backup_file, file_type, mlstrustedobject; 83# Default type for anything under /efs 84type efs_file, file_type; 85# Type for wallpaper file. 86type wallpaper_file, file_type, mlstrustedobject; 87# /mnt/asec 88type asec_apk_file, file_type, data_file_type; 89# /data/app-asec 90type asec_image_file, file_type, data_file_type; 91# /data/backup and /data/secure/backup 92type backup_data_file, file_type, data_file_type, mlstrustedobject; 93# For /data/security 94type security_file, file_type; 95# All devices have bluetooth efs files. But they 96# vary per device, so this type is used in per 97# device policy 98type bluetooth_efs_file, file_type; 99# Downloaded files 100type download_file, file_type; 101 102# Socket types 103type adbd_socket, file_type; 104type bluetooth_socket, file_type; 105type dnsproxyd_socket, file_type, mlstrustedobject; 106type dumpstate_socket, file_type; 107type gps_socket, file_type; 108type installd_socket, file_type; 109type keystore_socket, file_type; 110type lmkd_socket, file_type; 111type mdns_socket, file_type; 112type mdnsd_socket, file_type; 113type netd_socket, file_type; 114type property_socket, file_type; 115type qemud_socket, file_type; 116type racoon_socket, file_type; 117type rild_socket, file_type; 118type rild_debug_socket, file_type; 119type system_wpa_socket, file_type; 120type system_ndebug_socket, file_type; 121type vold_socket, file_type; 122type wpa_socket, file_type; 123type zygote_socket, file_type; 124 125# UART (for GPS) control proc file 126type gps_control, file_type; 127 128# Allow files to be created in their appropriate filesystems. 129allow fs_type self:filesystem associate; 130allow sysfs_type sysfs:filesystem associate; 131allow file_type labeledfs:filesystem associate; 132allow file_type tmpfs:filesystem associate; 133allow file_type rootfs:filesystem associate; 134allow dev_type tmpfs:filesystem associate; 135