1######################################
2# Attribute declarations
3#
4
5# All types used for devices.
6# On change, update CHECK_FC_ASSERT_ATTRS
7# in tools/checkfc.c
8attribute dev_type;
9
10# All types used for processes.
11attribute domain;
12
13# All types used for filesystems.
14# On change, update CHECK_FC_ASSERT_ATTRS
15# definition in tools/checkfc.c.
16attribute fs_type;
17
18# All types used for context= mounts.
19attribute contextmount_type;
20
21# All types used for files that can exist on a labeled fs.
22# Do not use for pseudo file types.
23# On change, update CHECK_FC_ASSERT_ATTRS
24# definition in tools/checkfc.c.
25attribute file_type;
26
27# All types used for domain entry points.
28attribute exec_type;
29
30# All types used for /data files.
31attribute data_file_type;
32expandattribute data_file_type false;
33# All types in /data, not in /data/vendor
34attribute core_data_file_type;
35expandattribute core_data_file_type false;
36# All types in /vendor
37attribute vendor_file_type;
38
39# All types used for procfs files.
40attribute proc_type;
41expandattribute proc_type false;
42
43# All types used for sysfs files.
44attribute sysfs_type;
45
46# All types use for debugfs files.
47attribute debugfs_type;
48
49# Attribute used for all sdcards
50attribute sdcard_type;
51
52# All types used for nodes/hosts.
53attribute node_type;
54
55# All types used for network interfaces.
56attribute netif_type;
57
58# All types used for network ports.
59attribute port_type;
60
61# All types used for property service
62# On change, update CHECK_PC_ASSERT_ATTRS
63# definition in tools/checkfc.c.
64attribute property_type;
65
66# All properties defined in core SELinux policy. Should not be
67# used by device specific properties
68attribute core_property_type;
69
70# All properties used to configure log filtering.
71attribute log_property_type;
72
73# All properties that are not specific to device but are added from
74# outside of AOSP. (e.g. OEM-specific properties)
75# These properties are not accessible from device-specific domains
76attribute extended_core_property_type;
77
78# All service_manager types created by system_server
79attribute system_server_service;
80
81# services which should be available to all but isolated apps
82attribute app_api_service;
83
84# services which should be available to all ephemeral apps
85attribute ephemeral_app_api_service;
86
87# services which export only system_api
88attribute system_api_service;
89
90# All types used for services managed by servicemanager.
91# On change, update CHECK_SC_ASSERT_ATTRS
92# definition in tools/checkfc.c.
93attribute service_manager_type;
94
95# All types used for services managed by hwservicemanager
96attribute hwservice_manager_type;
97
98# All HwBinder services guaranteed to be passthrough. These services always run
99# in the process of their clients, and thus operate with the same access as
100# their clients.
101attribute same_process_hwservice;
102
103# All HwBinder services guaranteed to be offered only by core domain components
104attribute coredomain_hwservice;
105
106# All types used for services managed by vndservicemanager
107attribute vndservice_manager_type;
108
109
110# All domains that can override MLS restrictions.
111# i.e. processes that can read up and write down.
112attribute mlstrustedsubject;
113
114# All types that can override MLS restrictions.
115# i.e. files that can be read by lower and written by higher
116attribute mlstrustedobject;
117
118# All domains used for apps.
119attribute appdomain;
120
121# All third party apps.
122attribute untrusted_app_all;
123
124# All domains used for apps with network access.
125attribute netdomain;
126
127# All domains used for apps with bluetooth access.
128attribute bluetoothdomain;
129
130# All domains used for binder service domains.
131attribute binderservicedomain;
132
133# update_engine related domains that need to apply an update and run
134# postinstall. This includes the background daemon and the sideload tool from
135# recovery for A/B devices.
136attribute update_engine_common;
137
138# All core domains (as opposed to vendor/device-specific domains)
139attribute coredomain;
140
141# All socket devices owned by core domain components
142attribute coredomain_socket;
143expandattribute coredomain_socket false;
144
145# All vendor domains which violate the requirement of not using Binder
146# TODO(b/35870313): Remove this once there are no violations
147attribute binder_in_vendor_violators;
148expandattribute binder_in_vendor_violators false;
149
150# All vendor domains which violate the requirement of not using sockets for
151# communicating with core components
152# TODO(b/36577153): Remove this once there are no violations
153attribute socket_between_core_and_vendor_violators;
154expandattribute socket_between_core_and_vendor_violators false;
155
156# All vendor domains which violate the requirement of not executing
157# system processes
158# TODO(b/36463595)
159attribute vendor_executes_system_violators;
160expandattribute vendor_executes_system_violators false;
161
162# All domains which violate the requirement of not sharing files by path
163# between between vendor and core domains.
164# TODO(b/34980020)
165attribute data_between_core_and_vendor_violators;
166expandattribute data_between_core_and_vendor_violators false;
167
168# All system domains which violate the requirement of not executing vendor
169# binaries/libraries.
170# TODO(b/62041836)
171attribute system_executes_vendor_violators;
172expandattribute system_executes_vendor_violators false;
173
174# All system domains which violate the requirement of not writing vendor
175# properties.
176# TODO(b/78598545): Remove this once there are no violations
177attribute system_writes_vendor_properties_violators;
178expandattribute system_writes_vendor_properties_violators false;
179
180# hwservices that are accessible from untrusted applications
181# WARNING: Use of this attribute should be avoided unless
182# absolutely necessary.  It is a temporary allowance to aid the
183# transition to treble and will be removed in a future platform
184# version, requiring all hwservices that are labeled with this
185# attribute to be submitted to AOSP in order to maintain their
186# app-visibility.
187attribute untrusted_app_visible_hwservice;
188expandattribute untrusted_app_visible_hwservice false;
189
190# halserver domains that are accessible to untrusted applications.  These
191# domains are typically those hosting  hwservices attributed by the
192# untrusted_app_visible_hwservice.
193# WARNING: Use of this attribute should be avoided unless absolutely necessary.
194# It is a temporary allowance to aid the transition to treble and will be
195# removed in the future platform version, requiring all halserver domains that
196# are labeled with this attribute to be submitted to AOSP in order to maintain
197# their app-visibility.
198attribute untrusted_app_visible_halserver;
199expandattribute untrusted_app_visible_halserver false;
200
201# PDX services
202attribute pdx_endpoint_dir_type;
203attribute pdx_endpoint_socket_type;
204expandattribute pdx_endpoint_socket_type false;
205attribute pdx_channel_socket_type;
206expandattribute pdx_channel_socket_type false;
207
208pdx_service_attributes(display_client)
209pdx_service_attributes(display_manager)
210pdx_service_attributes(display_screenshot)
211pdx_service_attributes(display_vsync)
212pdx_service_attributes(performance_client)
213pdx_service_attributes(bufferhub_client)
214
215# All HAL servers
216attribute halserverdomain;
217# All HAL clients
218attribute halclientdomain;
219expandattribute halclientdomain true;
220
221# Exempt for halserverdomain to access sockets. Only builds for automotive
222# device types are allowed to use this attribute (enforced by CTS).
223# Unlike phone, in a car many modules are external from Android perspective and
224# HALs should be able to communicate with those devices through sockets.
225attribute hal_automotive_socket_exemption;
226
227# TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
228# can be resolve.
229attribute hal_audio;
230attribute hal_audio_client;
231expandattribute hal_audio_client true;
232attribute hal_audio_server;
233expandattribute hal_audio_server false;
234
235attribute hal_bootctl;
236attribute hal_bootctl_client;
237expandattribute hal_bootctl_client true;
238attribute hal_bootctl_server;
239expandattribute hal_bootctl_server false;
240
241attribute hal_camera;
242attribute hal_camera_client;
243expandattribute hal_camera_client true;
244attribute hal_camera_server;
245expandattribute hal_camera_server false;
246
247attribute hal_drm;
248attribute hal_drm_client;
249expandattribute hal_drm_client true;
250attribute hal_drm_server;
251expandattribute hal_drm_server false;
252
253attribute hal_cas;
254attribute hal_cas_client;
255expandattribute hal_cas_client true;
256attribute hal_cas_server;
257expandattribute hal_cas_server false;
258
259# HALs
260hal_attribute(allocator);
261hal_attribute(audiocontrol);
262hal_attribute(authsecret);
263hal_attribute(bluetooth);
264hal_attribute(broadcastradio);
265hal_attribute(configstore);
266hal_attribute(confirmationui);
267hal_attribute(contexthub);
268hal_attribute(dumpstate);
269hal_attribute(evs);
270hal_attribute(fingerprint);
271hal_attribute(gatekeeper);
272hal_attribute(gnss);
273hal_attribute(graphics_allocator);
274hal_attribute(graphics_composer);
275hal_attribute(health);
276hal_attribute(ir);
277hal_attribute(keymaster);
278hal_attribute(light);
279hal_attribute(lowpan);
280hal_attribute(memtrack);
281hal_attribute(neuralnetworks);
282hal_attribute(nfc);
283hal_attribute(oemlock);
284hal_attribute(power);
285hal_attribute(secure_element);
286hal_attribute(sensors);
287hal_attribute(telephony);
288hal_attribute(tetheroffload);
289hal_attribute(thermal);
290hal_attribute(tv_cec);
291hal_attribute(tv_input);
292hal_attribute(usb);
293hal_attribute(usb_gadget);
294hal_attribute(vehicle);
295hal_attribute(vibrator);
296hal_attribute(vr);
297hal_attribute(weaver);
298hal_attribute(wifi);
299hal_attribute(wifi_hostapd);
300hal_attribute(wifi_offload);
301hal_attribute(wifi_supplicant);
302
303# HwBinder services offered across the core-vendor boundary
304#
305# We annotate server domains with x_server  to loosen the coupling between
306# system and vendor images. For example, it should be possible to move a service
307# from one core domain to another, without having to update the vendor image
308# which contains clients of this service.
309
310attribute display_service_server;
311attribute wifi_keystore_service_server;
312