Lines Matching refs:appdomain
11 unix_socket_connect(appdomain, keystore, keystore)
14 allow appdomain zygote:fd use;
17 allow appdomain zygote_tmpfs:file read;
20 allow appdomain zygote:process sigchld;
23 allow appdomain system:fifo_file rw_file_perms;
24 allow appdomain system:unix_stream_socket { read write setopt };
25 binder_call(appdomain, system)
28 allow appdomain surfaceflinger:unix_stream_socket { read write setopt };
29 binder_call(appdomain, surfaceflinger)
32 allow appdomain app_data_file:dir create_dir_perms;
33 allow appdomain app_data_file:notdevfile_class_set create_file_perms;
37 allow appdomain platform_app_data_file:file { getattr read write };
40 allow appdomain system_data_file:dir r_dir_perms;
41 allow appdomain system_data_file:file { execute open };
44 allow appdomain shell_exec:file rx_file_perms;
45 allow appdomain system_file:file rx_file_perms;
48 allow appdomain wallpaper_file:file { read write };
51 allow appdomain anr_data_file:dir search;
52 allow appdomain anr_data_file:file { open append };
55 allow appdomain qtaguid_proc:file rw_file_perms;
58 allow appdomain qtaguid_device:chr_file r_file_perms;
61 binder_use(appdomain)
63 binder_call(appdomain, binderservicedomain)
65 binder_call(appdomain, appdomain)
67 # Appdomain interaction with isolated apps
68 r_dir_file(appdomain, isolated_app)
69 binder_call(appdomain, isolated_app)
75 allow appdomain isolated_app:unix_stream_socket { read write };
79 allow appdomain backup_data_file:file { read write };
80 allow appdomain cache_backup_file:file { read write };
82 allow appdomain system_data_file:lnk_file getattr;
85 allow appdomain download_file:file r_file_perms;
86 file_type_auto_trans(appdomain, download_file, download_file)
90 unix_socket_connect(appdomain, dnsproxyd, netd)
93 binder_call(appdomain, drmserver)
96 binder_call(appdomain, mediaserver)
99 allow appdomain port_type:tcp_socket name_connect;
102 allow appdomain self:netlink_route_socket {
117 allow appdomain self:rawip_socket create_socket_perms;
127 neverallow { appdomain -unconfineddomain } self:capability ~sys_nice;
128 neverallow { appdomain -unconfineddomain } self:capability2 *;
131 neverallow { appdomain -unconfineddomain } dev_type:blk_file { read write };
134 neverallow { appdomain -unconfineddomain } kmem_device:chr_file { read write };
138 neverallow { appdomain -unconfineddomain } kernel:security { setenforce setbool };
141 neverallow appdomain kernel:security load_policy;
144 neverallow { appdomain -unconfineddomain }
159 neverallow { appdomain -unconfineddomain } { domain -appdomain }:process ptrace;
162 neverallow { appdomain -unconfineddomain } ~appdomain:process { transition dyntransition };
165 neverallow { appdomain -unconfineddomain } system_file:dir_file_class_set write;
172 neverallow { appdomain -unconfineddomain -system_app } system_data_file:dir_file_class_set write;
