Home | History | Annotate | Download | only in sepolicy

Lines Matching refs:appdomain

11 allow appdomain self:process execmem;
13 allow appdomain ashmem_device:chr_file execute;
16 allow appdomain zygote:fd use;
20 allow appdomain zygote_exec:file rx_file_perms;
23 allow appdomain zygote_tmpfs:file read;
26 allow appdomain zygote:process sigchld;
29 allow appdomain cgroup:dir { search write };
30 allow appdomain cgroup:file rw_file_perms;
33 allow appdomain dalvikcache_data_file:dir { search getattr };
34 allow appdomain dalvikcache_data_file:file r_file_perms;
37 allow appdomain rootfs:lnk_file r_file_perms;
38 allow appdomain tmpfs:lnk_file r_file_perms;
41 allow appdomain tmpfs:dir r_dir_perms;
45   allow appdomain zygote:fifo_file write;
48   allow appdomain method_trace_data_file:dir w_dir_perms;
49   allow appdomain method_trace_data_file:file { create w_file_perms };
53 allow appdomain shell:process sigchld;
54 allow appdomain adbd:process sigchld;
57 allow appdomain devpts:chr_file { getattr read write ioctl };
60 allow appdomain system_server:fifo_file rw_file_perms;
61 allow appdomain system_server:unix_stream_socket { read write setopt getattr getopt shutdown };
62 allow appdomain system_server:tcp_socket { read write getattr getopt shutdown };
65 allow appdomain appdomain:fifo_file rw_file_perms;
68 allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown };
71 allow { appdomain -isolated_app } app_data_file:dir create_dir_perms;
72 allow { appdomain -isolated_app } app_data_file:notdevfile_class_set create_file_perms;
75 allow appdomain system_data_file:dir r_dir_perms;
76 allow appdomain system_data_file:file { execute execute_no_trans open execmod };
79 allow appdomain mnt_expand_file:dir r_dir_perms;
82 allow appdomain keychain_data_file:dir r_dir_perms;
83 allow appdomain keychain_data_file:file r_file_perms;
84 allow appdomain misc_user_data_file:dir r_dir_perms;
85 allow appdomain misc_user_data_file:file r_file_perms;
88 allow appdomain oemfs:dir r_dir_perms;
89 allow appdomain oemfs:file rx_file_perms;
92 allow appdomain shell_exec:file rx_file_perms;
93 allow appdomain system_file:file rx_file_perms;
94 allow appdomain toolbox_exec:file rx_file_perms;
97 r_dir_file(appdomain, system_file)
100 allow appdomain dex2oat_exec:file rx_file_perms;
103 allow appdomain wallpaper_file:file { getattr read write };
106 allow appdomain ringtone_file:file { getattr read write };
109 allow appdomain shortcut_manager_icons:file { getattr read };
112 allow appdomain icon_file:file { getattr read };
115 allow appdomain anr_data_file:dir search;
116 allow appdomain anr_data_file:file { open append };
119 allow appdomain dumpstate:fd use;
120 allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown };
121 allow appdomain dumpstate:fifo_file { write getattr };
122 allow appdomain shell_data_file:file { write getattr };
125 allow appdomain user_profile_data_file:dir { search write add_name };
126 allow appdomain user_profile_data_file:file create_file_perms;
128 allow appdomain user_profile_foreign_dex_data_file:dir { search write add_name };
129 allow appdomain user_profile_foreign_dex_data_file:file create;
133 dontaudit appdomain user_profile_foreign_dex_data_file:file { open read };
140   allow appdomain heapdump_data_file:file append;
144 allow appdomain qtaguid_proc:file rw_file_perms;
147 allow appdomain qtaguid_device:chr_file r_file_perms;
151 allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms;
154 binder_use(appdomain)
156 binder_call(appdomain, binderservicedomain)
158 binder_call(appdomain, appdomain)
164 allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdown };
168 allow appdomain backup_data_file:file { read write getattr };
169 allow appdomain cache_backup_file:file { read write getattr };
170 allow appdomain cache_backup_file:dir getattr;
172 allow appdomain system_data_file:lnk_file getattr;
175 allow appdomain media_rw_data_file:file { read getattr };
178 allow appdomain radio_data_file:file { read write getattr };
182 allow appdomain storage_file:dir r_dir_perms;
183 allow appdomain storage_file:lnk_file r_file_perms;
184 allow appdomain mnt_user_file:dir r_dir_perms;
185 allow appdomain mnt_user_file:lnk_file r_file_perms;
188 allow appdomain fuse:dir create_dir_perms;
189 allow appdomain fuse:file create_file_perms;
190 allow appdomain sdcardfs:dir create_dir_perms;
191 allow appdomain sdcardfs:file create_file_perms;
195 allow appdomain vfat:dir r_dir_perms;
196 allow appdomain vfat:file rw_file_perms;
203 allow appdomain usb_device:chr_file { read write getattr ioctl };
204 allow appdomain usbaccessory_device:chr_file { read write getattr };
207 allow appdomain dalvikcache_data_file:file execute;
208 allow appdomain dalvikcache_data_file:lnk_file r_file_perms;
211 allow appdomain shared_relro_file:dir search;
212 allow appdomain shared_relro_file:file r_file_perms;
215 allow appdomain apk_data_file:dir r_dir_perms;
216 allow appdomain apk_data_file:file { rx_file_perms execmod };
219 allow appdomain resourcecache_data_file:file r_file_perms;
220 allow appdomain resourcecache_data_file:dir r_dir_perms;
223 read_logd(appdomain)
224 control_logd(appdomain)
226 allow appdomain zygote:unix_dgram_socket write;
228 allow { appdomain -isolated_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
230 use_keystore({ appdomain -isolated_app })
232 allow appdomain console_device:chr_file { read write };
235 allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
238 allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
241 allow appdomain app_fuse_file:file { getattr read append write };
249 allow appdomain runas_exec:file getattr;
254 selinux_check_access(appdomain)
255 selinux_check_context(appdomain)
259 allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
263 allow appdomain adbd:unix_stream_socket connectto;
264 allow appdomain adbd:fd use;
265 allow appdomain adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
267 allow appdomain cache_file:dir getattr;
277 neverallow { appdomain -bluetooth } self:capability *;
278 neverallow { appdomain -bluetooth } self:capability2 *;
281 neverallow appdomain dev_type:blk_file { read write };
284 neverallow appdomain {
297 neverallow { appdomain -nfc } nfc_device:chr_file
299 neverallow { appdomain -bluetooth } hci_attach_dev:chr_file
301 neverallow appdomain tee_device:chr_file { read write };
304 neverallow appdomain
318 neverallow appdomain domain:netlink_kobject_uevent_socket { write append };
321 neverallow appdomain socket_device:sock_file write;
324 neverallow appdomain adbd_socket:sock_file write;
325 neverallow appdomain installd_socket:sock_file write;
326 neverallow { appdomain -radio } rild_socket:sock_file write;
327 neverallow appdomain vold_socket:sock_file write;
328 neverallow appdomain zygote_socket:sock_file write;
331 neverallow appdomain { domain -appdomain }:process ptrace;
334 neverallow appdomain { domain -appdomain }:file write;
340 neverallow appdomain { domain -appdomain }:process
346 neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain }:process
350 neverallow appdomain rootfs:dir_file_class_set
354 neverallow appdomain system_file:dir_file_class_set
358 neverallow appdomain exec_type:file
365 neverallow appdomain system_data_file:dir_file_class_set
369 neverallow appdomain drm_data_file:dir_file_class_set
371 neverallow { appdomain -system_app }
374 neverallow { appdomain -platform_app }
377 neverallow { appdomain -platform_app }
380 neverallow { appdomain -platform_app }
383 neverallow { appdomain -platform_app }
386 neverallow { appdomain -shell }
389 neverallow { appdomain -bluetooth }
392 neverallow appdomain
395 neverallow appdomain
398 neverallow appdomain
401 neverallow appdomain
406 neverallow { appdomain -platform_app -priv_app }
410 neverallow appdomain efs_file:dir_file_class_set write;
411 neverallow { appdomain -shell } efs_file:dir_file_class_set read;
414 neverallow { appdomain -bluetooth -nfc }
416 neverallow appdomain
420 neverallow { appdomain -system_app }
422 neverallow { appdomain -system_app -shell }
427 neverallow appdomain fs_type:filesystem ~getattr;
430 neverallow appdomain {
442 neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;
443 neverallow appdomain user_profile_foreign_dex_data_file:dir { open getattr read ioctl remove_name };