1 # Filesystem types 2 type labeledfs, fs_type; 3 type pipefs, fs_type; 4 type sockfs, fs_type; 5 type rootfs, fs_type; 6 type proc, fs_type; 7 # Security-sensitive proc nodes that should not be writable to most. 8 type proc_security, fs_type; 9 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 10 type usermodehelper, fs_type, sysfs_type; 11 type qtaguid_proc, fs_type, mlstrustedobject; 12 type proc_bluetooth_writable, fs_type; 13 type proc_cpuinfo, fs_type; 14 type proc_net, fs_type; 15 type proc_sysrq, fs_type; 16 type selinuxfs, fs_type; 17 type cgroup, fs_type, mlstrustedobject; 18 type sysfs, fs_type, sysfs_type, mlstrustedobject; 19 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; 20 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 21 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 22 type sysfs_wake_lock, fs_type, sysfs_type; 23 # /sys/devices/system/cpu 24 type sysfs_devices_system_cpu, fs_type, sysfs_type; 25 # /sys/module/lowmemorykiller 26 type sysfs_lowmemorykiller, fs_type, sysfs_type; 27 type inotify, fs_type, mlstrustedobject; 28 type devpts, fs_type, mlstrustedobject; 29 type tmpfs, fs_type; 30 type shm, fs_type; 31 type mqueue, fs_type; 32 type fuse, sdcard_type, fs_type, mlstrustedobject; 33 type vfat, sdcard_type, fs_type, mlstrustedobject; 34 typealias fuse alias sdcard_internal; 35 typealias vfat alias sdcard_external; 36 type debugfs, fs_type, mlstrustedobject; 37 type pstorefs, fs_type; 38 type functionfs, fs_type; 39 type oemfs, fs_type, contextmount_type; 40 type usbfs, fs_type; 41 42 # File types 43 type unlabeled, file_type; 44 # Default type for anything under /system. 45 type system_file, file_type; 46 # /cores for coredumps on userdebug / eng builds 47 type coredump_file, file_type; 48 # Default type for anything under /data. 49 type system_data_file, file_type, data_file_type; 50 # /data/.layout_version or other installd-created files that 51 # are created in a system_data_file directory. 52 type install_data_file, file_type, data_file_type; 53 # /data/drm - DRM plugin data 54 type drm_data_file, file_type, data_file_type; 55 # /data/adb - adb debugging files 56 type adb_data_file, file_type, data_file_type; 57 # /data/anr - ANR traces 58 type anr_data_file, file_type, data_file_type, mlstrustedobject; 59 # /data/tombstones - core dumps 60 type tombstone_data_file, file_type, data_file_type; 61 # /data/app - user-installed apps 62 type apk_data_file, file_type, data_file_type; 63 type apk_tmp_file, file_type, data_file_type, mlstrustedobject; 64 # /data/app-private - forward-locked apps 65 type apk_private_data_file, file_type, data_file_type; 66 type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; 67 # /data/dalvik-cache 68 type dalvikcache_data_file, file_type, data_file_type; 69 # /data/dalvik-cache/profiles 70 type dalvikcache_profiles_data_file, file_type, data_file_type; 71 # /data/resource-cache 72 type resourcecache_data_file, file_type, data_file_type; 73 # /data/local - writable by shell 74 type shell_data_file, file_type, data_file_type; 75 # /data/gps 76 type gps_data_file, file_type, data_file_type; 77 # /data/property 78 type property_data_file, file_type, data_file_type; 79 80 # /data/misc subdirectories 81 type adb_keys_file, file_type, data_file_type; 82 type audio_data_file, file_type, data_file_type; 83 type bluetooth_data_file, file_type, data_file_type; 84 type camera_data_file, file_type, data_file_type; 85 type keychain_data_file, file_type, data_file_type; 86 type keystore_data_file, file_type, data_file_type; 87 type media_data_file, file_type, data_file_type; 88 type media_rw_data_file, file_type, data_file_type; 89 type misc_user_data_file, file_type, data_file_type; 90 type net_data_file, file_type, data_file_type; 91 type nfc_data_file, file_type, data_file_type; 92 type radio_data_file, file_type, data_file_type; 93 type shared_relro_file, file_type, data_file_type; 94 type systemkeys_data_file, file_type, data_file_type; 95 type vpn_data_file, file_type, data_file_type; 96 type wifi_data_file, file_type, data_file_type; 97 type zoneinfo_data_file, file_type, data_file_type; 98 99 # Compatibility with type names used in vanilla Android 4.3 and 4.4. 100 typealias audio_data_file alias audio_firmware_file; 101 # /data/data subdirectories - app sandboxes 102 type app_data_file, file_type, data_file_type; 103 # /data/data subdirectory for system UID apps. 104 type system_app_data_file, file_type, data_file_type; 105 # Compatibility with type name used in Android 4.3 and 4.4. 106 typealias app_data_file alias platform_app_data_file; 107 typealias app_data_file alias download_file; 108 # Default type for anything under /cache 109 type cache_file, file_type, mlstrustedobject; 110 # Type for /cache/.*\.{data|restore} and default 111 # type for anything under /cache/backup 112 type cache_backup_file, file_type, mlstrustedobject; 113 # Default type for anything under /efs 114 type efs_file, file_type; 115 # Type for wallpaper file. 116 type wallpaper_file, file_type, mlstrustedobject; 117 # /mnt/asec 118 type asec_apk_file, file_type, data_file_type; 119 # Elements of asec files (/mnt/asec) that are world readable 120 type asec_public_file, file_type, data_file_type; 121 # /data/app-asec 122 type asec_image_file, file_type, data_file_type; 123 # /data/backup and /data/secure/backup 124 type backup_data_file, file_type, data_file_type, mlstrustedobject; 125 # For /data/security 126 type security_file, file_type; 127 # All devices have bluetooth efs files. But they 128 # vary per device, so this type is used in per 129 # device policy 130 type bluetooth_efs_file, file_type; 131 132 # Socket types 133 type adbd_socket, file_type; 134 type bluetooth_socket, file_type; 135 type dnsproxyd_socket, file_type, mlstrustedobject; 136 type dumpstate_socket, file_type; 137 type fwmarkd_socket, file_type, mlstrustedobject; 138 type gps_socket, file_type; 139 type installd_socket, file_type; 140 type lmkd_socket, file_type; 141 type logd_debug, file_type; 142 type logd_socket, file_type; 143 type logdr_socket, file_type; 144 type logdw_socket, file_type; 145 type mdns_socket, file_type; 146 type mdnsd_socket, file_type; 147 type mtpd_socket, file_type; 148 type netd_socket, file_type; 149 type property_socket, file_type; 150 type racoon_socket, file_type; 151 type rild_socket, file_type; 152 type rild_debug_socket, file_type; 153 type system_wpa_socket, file_type; 154 type system_ndebug_socket, file_type; 155 type vold_socket, file_type; 156 type wpa_socket, file_type; 157 type zygote_socket, file_type; 158 159 # UART (for GPS) control proc file 160 type gps_control, file_type; 161 162 # Allow files to be created in their appropriate filesystems. 163 allow fs_type self:filesystem associate; 164 allow sysfs_type sysfs:filesystem associate; 165 allow file_type labeledfs:filesystem associate; 166 allow file_type tmpfs:filesystem associate; 167 allow file_type rootfs:filesystem associate; 168 allow dev_type tmpfs:filesystem associate; 169 170 # It's a bug to assign the file_type attribute and fs_type attribute 171 # to any type. Do not allow it. 172 # 173 # For example, the following is a bug: 174 # type apk_data_file, file_type, data_file_type, fs_type; 175 # Should be: 176 # type apk_data_file, file_type, data_file_type; 177 neverallow fs_type file_type:filesystem associate; 178
