file.te 2.7 KB
Newer Older
Stephen Smalley's avatar
Stephen Smalley committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
# Filesystem types
type labeledfs, fs_type;
type pipefs, fs_type;
type sockfs, fs_type;
type rootfs, fs_type;
type proc, fs_type;
type selinuxfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, mlstrustedobject;
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
type inotify, fs_type, mlstrustedobject;
type devpts, fs_type;
type tmpfs, fs_type;
type shm, fs_type;
type mqueue, fs_type;
type sdcard, fs_type, mlstrustedobject;
type debugfs, fs_type, mlstrustedobject;

# File types
type unlabeled, file_type;
# Default type for anything under /system.
type system_file, file_type;
# Default type for anything under /data.
type system_data_file, file_type, data_file_type;
25 26
# /data/drm - DRM plugin data
type drm_data_file, file_type, data_file_type;
Stephen Smalley's avatar
Stephen Smalley committed
27 28 29 30 31
# /data/anr - ANR traces
type anr_data_file, file_type, data_file_type;
# /data/tombstones - core dumps
type tombstone_data_file, file_type, data_file_type;
# /data/app - user-installed apps
32 33
type apk_data_file, file_type, data_file_type;
type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
Stephen Smalley's avatar
Stephen Smalley committed
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
# /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
# /data/local - writable by shell
type shell_data_file, file_type, data_file_type;
# /data/gps
type gps_data_file, file_type, data_file_type;
# /data/misc subdirectories
type bluetoothd_data_file, file_type, data_file_type;
type bluetooth_data_file, file_type, data_file_type;
type keystore_data_file, file_type, data_file_type;
type vpn_data_file, file_type, data_file_type;
type systemkeys_data_file, file_type, data_file_type;
type wifi_data_file, file_type, data_file_type;
type radio_data_file, file_type, data_file_type;
type nfc_data_file, file_type, data_file_type;
# /data/data subdirectories - app sandboxes
type app_data_file, file_type, data_file_type;
# Default type for anything under /cache
type cache_file, file_type, mlstrustedobject;
# Default type for anything under /efs
type efs_file, file_type;

# Socket types
type bluetooth_socket, file_type;
type dbus_socket, file_type;
type dnsproxyd_socket, file_type, mlstrustedobject;
type gps_socket, file_type;
type installd_socket, file_type;
type keystore_socket, file_type;
type netd_socket, file_type;
type property_socket, file_type;
type qemud_socket, file_type;
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type;
type vold_socket, file_type;
type wpa_socket, file_type;
type zygote_socket, file_type;

# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow sysfs_type sysfs:filesystem associate;
allow file_type labeledfs:filesystem associate;
allow file_type tmpfs:filesystem associate;
allow dev_type tmpfs:filesystem associate;