file.te 4.15 KB
Newer Older
Stephen Smalley's avatar
Stephen Smalley committed
1 2 3 4 5 6
# Filesystem types
type labeledfs, fs_type;
type pipefs, fs_type;
type sockfs, fs_type;
type rootfs, fs_type;
type proc, fs_type;
7
type qtaguid_proc, fs_type, mlstrustedobject;
Robert Craig's avatar
Robert Craig committed
8
type proc_bluetooth_writable, fs_type;
Stephen Smalley's avatar
Stephen Smalley committed
9 10 11 12
type selinuxfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, mlstrustedobject;
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
13
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
14
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
15
type inotify, fs_type, mlstrustedobject;
16
type devpts, fs_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
17 18 19
type tmpfs, fs_type;
type shm, fs_type;
type mqueue, fs_type;
20 21
type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
22 23 24 25 26 27 28 29
type debugfs, fs_type, mlstrustedobject;

# File types
type unlabeled, file_type;
# Default type for anything under /system.
type system_file, file_type;
# Default type for anything under /data.
type system_data_file, file_type, data_file_type;
30 31
# /data/drm - DRM plugin data
type drm_data_file, file_type, data_file_type;
Stephen Smalley's avatar
Stephen Smalley committed
32
# /data/anr - ANR traces
33
type anr_data_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
34 35 36
# /data/tombstones - core dumps
type tombstone_data_file, file_type, data_file_type;
# /data/app - user-installed apps
37 38
type apk_data_file, file_type, data_file_type;
type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
39 40 41
# /data/app-private - forward-locked apps
type apk_private_data_file, file_type, data_file_type;
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
42 43 44 45 46 47 48 49 50 51 52 53 54 55
# /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
# /data/local - writable by shell
type shell_data_file, file_type, data_file_type;
# /data/gps
type gps_data_file, file_type, data_file_type;
# /data/misc subdirectories
type bluetooth_data_file, file_type, data_file_type;
type keystore_data_file, file_type, data_file_type;
type vpn_data_file, file_type, data_file_type;
type systemkeys_data_file, file_type, data_file_type;
type wifi_data_file, file_type, data_file_type;
type radio_data_file, file_type, data_file_type;
type nfc_data_file, file_type, data_file_type;
hqjiang's avatar
hqjiang committed
56
type camera_calibration_file, file_type, data_file_type;
Stephen Smalley's avatar
Stephen Smalley committed
57 58
# /data/data subdirectories - app sandboxes
type app_data_file, file_type, data_file_type;
59
type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
60 61
# Default type for anything under /cache
type cache_file, file_type, mlstrustedobject;
rpcraig's avatar
rpcraig committed
62 63 64
# Type for /cache/.*\.{data|restore} and default
# type for anything under /cache/backup
type cache_backup_file, file_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
65 66
# Default type for anything under /efs
type efs_file, file_type;
67
# Type for wallpaper file.
68
type wallpaper_file, file_type, mlstrustedobject;
69 70 71 72
# /mnt/asec
type asec_apk_file, file_type, data_file_type;
# /data/app-asec
type asec_image_file, file_type, data_file_type;
rpcraig's avatar
rpcraig committed
73 74
# /data/backup and /data/secure/backup
type backup_data_file, file_type, data_file_type, mlstrustedobject;
William Roberts's avatar
William Roberts committed
75 76
# For /data/security
type security_file, file_type;
77 78
# All devices have bluetooth efs files. But they
# vary per device, so this type is used in per
William Roberts's avatar
William Roberts committed
79
# device policy
80
type bluetooth_efs_file, file_type;
Geremy Condra's avatar
Geremy Condra committed
81 82
# Downloaded files
type download_file, file_type;
83 84
# /sys/devices/system/cpu
type sysfs_devices_system_cpu, file_type;
85

Stephen Smalley's avatar
Stephen Smalley committed
86
# Socket types
87
type adbd_socket, file_type;
Stephen Smalley's avatar
Stephen Smalley committed
88 89 90 91 92
type bluetooth_socket, file_type;
type dnsproxyd_socket, file_type, mlstrustedobject;
type gps_socket, file_type;
type installd_socket, file_type;
type keystore_socket, file_type;
93
type mdns_socket, file_type;
Stephen Smalley's avatar
Stephen Smalley committed
94 95 96
type netd_socket, file_type;
type property_socket, file_type;
type qemud_socket, file_type;
Robert Craig's avatar
Robert Craig committed
97
type racoon_socket, file_type;
Stephen Smalley's avatar
Stephen Smalley committed
98 99 100 101 102 103 104
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type;
type vold_socket, file_type;
type wpa_socket, file_type;
type zygote_socket, file_type;

105 106 107
# UART (for GPS) control proc file
type gps_control, file_type;

Stephen Smalley's avatar
Stephen Smalley committed
108 109 110 111 112 113
# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow sysfs_type sysfs:filesystem associate;
allow file_type labeledfs:filesystem associate;
allow file_type tmpfs:filesystem associate;
allow dev_type tmpfs:filesystem associate;