Lines Matching full:domain
4 allow domain init:process sigchld;
7 allow domain kernel:fd use;
8 allow domain tmpfs:file { read getattr };
11 allow domain tmpfs:dir r_dir_perms;
14 allow domain self:capability sys_nice;
16 # Intra-domain accesses.
17 allow domain self:process ~{ execstack execheap ptrace };
18 allow domain self:fd use;
19 allow domain self:dir r_dir_perms;
20 allow domain self:lnk_file r_file_perms;
21 allow domain self:{ fifo_file file } rw_file_perms;
22 allow domain self:{ unix_dgram_socket unix_stream_socket } *;
25 allow domain init:fd use;
26 allow domain system:fd use;
29 allow domain adbd:unix_stream_socket connectto;
30 allow domain adbd:fd use;
31 allow domain adbd:unix_stream_socket { getattr read write shutdown };
36 allow domain debuggerd:process sigchld;
37 allow domain debuggerd:unix_stream_socket connectto;
40 allow domain init:unix_stream_socket connectto;
43 allow domain rootfs:dir r_dir_perms;
44 allow domain rootfs:file r_file_perms;
45 allow domain rootfs:lnk_file { read getattr };
48 allow domain device:dir search;
49 allow domain dev_type:lnk_file read;
50 allow domain devpts:dir search;
51 allow domain device:file read;
52 allow domain socket_device:dir search;
53 allow domain owntty_device:chr_file rw_file_perms;
54 allow domain null_device:chr_file rw_file_perms;
55 allow domain zero_device:chr_file r_file_perms;
56 allow domain ashmem_device:chr_file rw_file_perms;
57 allow domain binder_device:chr_file rw_file_perms;
58 allow domain ptmx_device:chr_file rw_file_perms;
59 allow domain powervr_device:chr_file rw_file_perms;
60 allow domain log_device:dir search;
61 allow domain log_device:chr_file rw_file_perms;
62 allow domain nv_device:chr_file rw_file_perms;
63 allow domain alarm_device:chr_file r_file_perms;
64 allow domain urandom_device:chr_file r_file_perms;
65 allow domain random_device:chr_file r_file_perms;
66 allow domain properties_device:file r_file_perms;
69 allow domain fs_type:filesystem getattr;
70 allow domain fs_type:dir getattr;
73 allow domain system_file:dir r_dir_perms;
74 allow domain system_file:file r_file_perms;
75 allow domain system_file:file execute;
76 allow domain system_file:lnk_file read;
79 allow domain system_data_file:dir { search getattr };
80 allow domain system_data_file:file { getattr read };
81 allow domain system_data_file:lnk_file read;
84 allow domain apk_data_file:dir search;
85 allow domain apk_data_file:file r_file_perms;
88 allow domain dalvikcache_data_file:dir { search getattr };
89 allow domain dalvikcache_data_file:file r_file_perms;
92 allow domain cache_file:dir r_dir_perms;
93 allow domain cache_file:file { getattr read };
94 allow domain cache_file:lnk_file read;
97 allow domain cgroup:dir { search write };
98 allow domain cgroup:file w_file_perms;
101 allow domain ion_device:chr_file rw_file_perms;
106 allow domain sysfs:file rw_file_perms;
108 allow domain sysfs_writable:file rw_file_perms;
111 r_dir_file(domain, proc)
112 r_dir_file(domain, sysfs)
113 r_dir_file(domain, inotify)
114 r_dir_file(domain, cgroup)
117 allow domain debugfs:dir r_dir_perms;
118 allow domain debugfs:file w_file_perms;
121 allow domain security_file:dir { search getattr };
122 allow domain security_file:file getattr;
134 allow domain unlabeled:file { create_file_perms rwx_file_perms relabelfrom };
135 allow domain unlabeled:dir { create_dir_perms relabelfrom };
136 allow domain unlabeled:lnk_file { create_file_perms };
137 neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
144 neverallow { domain -init } kernel:security load_policy;
