Lines Matching refs:vold
3767 # XXX Run /system/bin/vdc to connect to vold. Run in a separate domain?
3774 allow adbd vold:unix_stream_socket connectto;
4105 # Reads /proc/pid/cmdline of vold.
5081 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;
5084 neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt } self:capability { sys_rawio mknod };
5128 neverallow { domain -kernel -init -recovery -vold -uncrypt } block_device:blk_file { open read write };
5138 neverallow { domain -kernel -init -recovery -vold -zygote } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
5427 # The vdc command needs to talk to the vold socket.
5432 allow dumpstate vold:unix_stream_socket connectto;
8623 allow system_server vold:unix_stream_socket connectto;
9346 #line 1 "external/sepolicy/vold.te"
9348 type vold, domain;
9363 allow init vold:process transition;
9367 allow vold vold_exec:file { entrypoint read execute };
9371 allow vold init:process sigchld;
9375 dontaudit init vold:process noatsecure;
9379 allow init vold:process { siginh rlimitinh };
9385 type_transition init vold_exec:process vold;
9393 type_transition vold tmpfs:file vold_tmpfs;
9395 allow vold vold_tmpfs:file { read write };
9401 typeattribute vold mlstrustedsubject;
9402 allow vold system_file:file { getattr execute execute_no_trans };
9403 allow vold block_device:dir { create reparent rmdir setattr { { open getattr read search ioctl } { open search write add_name remove_name } } { getattr link unlink rename } };
9404 allow vold block_device:blk_file { create setattr { { getattr open read ioctl lock } { open append write } } { getattr link unlink rename } };
9405 allow vold device:dir write;
9406 allow vold devpts:chr_file { { getattr open read ioctl lock } { open append write } };
9407 allow vold rootfs:dir mounton;
9408 allow vold sdcard_type:dir mounton;
9409 allow vold sdcard_type:filesystem { mount remount unmount };
9410 allow vold sdcard_type:dir { create reparent rmdir setattr { { open getattr read search ioctl } { open search write add_name remove_name } } { getattr link unlink rename } };
9411 allow vold sdcard_type:file { create setattr { { getattr open read ioctl lock } { open append write } } { getattr link unlink rename } };
9412 allow vold tmpfs:filesystem { mount unmount };
9413 allow vold tmpfs:dir { create reparent rmdir setattr { { open getattr read search ioctl } { open search write add_name remove_name } } { getattr link unlink rename } };
9414 allow vold tmpfs:dir mounton;
9415 allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
9416 allow vold self:netlink_kobject_uevent_socket *;
9417 allow vold app_data_file:dir search;
9418 allow vold app_data_file:file { { getattr open read ioctl lock } { open append write } };
9419 allow vold loop_device:blk_file { { getattr open read ioctl lock } { open append write } };
9420 allow vold dm_device:chr_file { { getattr open read ioctl lock } { open append write } };
9421 # For vold Process::killProcessesWithOpenFiles function.
9422 allow vold domain:dir { open getattr read search ioctl };
9423 allow vold domain:{ file lnk_file } { getattr open read ioctl lock };
9424 allow vold domain:process { signal sigkill };
9425 allow vold self:capability { sys_ptrace kill };
9428 allow vold shell_exec:file { { getattr open read ioctl lock } { getattr execute execute_no_trans } };
9431 allow vold sysfs:file { { getattr open read ioctl lock } { open append write } };
9435 type_transition vold device:chr_file klog_device "__kmsg__";
9437 allow vold
9439 allow vold device:dir { write add_name remove_name };
9444 allow vold fscklogs:dir { { open getattr read search ioctl } { open search write add_name remove_name } };
9445 allow vold fscklogs:file { create setattr { { getattr open read ioctl lock } { open append write } } { getattr link unlink rename } };
9454 allow vold property_socket:sock_file write;
9456 allow vold init:unix_stream_socket connectto;
9461 allow vold labeledfs:filesystem { mount unmount remount };
9465 allow vold efs_file:file { { getattr open read ioctl lock } { open append write } };
9468 allow vold system_data_file:dir { create { { open getattr read search ioctl } { open search write add_name remove_name } } mounton };
9471 allow vold kernel:process setsched;
9474 allow vold vold_prop:property_service set;
9475 allow vold powerctl_prop:property_service set;
9476 allow vold ctl_default_prop:property_service set;
9479 allow vold asec_image_file:file { create setattr { { getattr open read ioctl lock } { open append write } } { getattr link unlink rename } };
9480 allow vold asec_image_file:dir { { open getattr read search ioctl } { open search write add_name remove_name } };
9483 allow vold security_file:dir { open getattr read search ioctl };
9485 allow vold security_file:file { getattr open read ioctl lock };
9487 allow vold security_file:lnk_file { getattr open read ioctl lock };
9489 allow vold selinuxfs:dir { open getattr read search ioctl };
9491 allow vold selinuxfs:file { getattr open read ioctl lock };
9493 allow vold rootfs:dir { open getattr read search ioctl };
9495 allow vold rootfs:file { getattr open read ioctl lock };
9500 typeattribute vold relabeltodomain;
9503 allow vold asec_apk_file:dir { { { open getattr read search ioctl } { open search write add_name remove_name } } setattr relabelfrom };
9504 allow vold asec_public_file:dir { relabelto setattr };
9505 allow vold asec_apk_file:file { { getattr open read ioctl lock } setattr relabelfrom };
9506 allow vold asec_public_file:file { relabelto setattr };
9509 allow vold sysfs_wake_lock:file { { getattr open read ioctl lock } { open append write } };
9510 allow vold self:capability2 block_suspend;
