1 ###################################### 2 # Attribute declarations 3 # 4 5 # All types used for devices. 6 # On change, update CHECK_FC_ASSERT_ATTRS 7 # in tools/checkfc.c 8 attribute dev_type; 9 10 # All types used for processes. 11 attribute domain; 12 13 # Temporary attribute used for migrating permissions out of domain. 14 # Motivation: Domain is overly permissive. Start removing permissions 15 # from domain and assign them to the domain_deprecated attribute. 16 # Domain_deprecated and domain can initially be assigned to all 17 # domains. The goal is to not assign domain_deprecated to new domains 18 # and to start removing domain_deprecated where it's not required or 19 # reassigning the appropriate permissions to the inheriting domain 20 # when necessary. 21 attribute domain_deprecated; 22 23 # All types used for filesystems. 24 # On change, update CHECK_FC_ASSERT_ATTRS 25 # definition in tools/checkfc.c. 26 attribute fs_type; 27 28 # All types used for context= mounts. 29 attribute contextmount_type; 30 31 # All types used for files that can exist on a labeled fs. 32 # Do not use for pseudo file types. 33 # On change, update CHECK_FC_ASSERT_ATTRS 34 # definition in tools/checkfc.c. 35 attribute file_type; 36 37 # All types used for domain entry points. 38 attribute exec_type; 39 40 # All types used for /data files. 41 attribute data_file_type; 42 43 # All types use for sysfs files. 44 attribute sysfs_type; 45 46 # All types use for debugfs files. 47 attribute debugfs_type; 48 49 # Attribute used for all sdcards 50 attribute sdcard_type; 51 52 # All types used for nodes/hosts. 53 attribute node_type; 54 55 # All types used for network interfaces. 56 attribute netif_type; 57 58 # All types used for network ports. 59 attribute port_type; 60 61 # All types used for property service 62 # On change, update CHECK_PC_ASSERT_ATTRS 63 # definition in tools/checkfc.c. 64 attribute property_type; 65 66 # All properties defined in core SELinux policy. Should not be 67 # used by device specific properties 68 attribute core_property_type; 69 70 # All properties used to configure log filtering. 71 attribute log_property_type; 72 73 # All service_manager types created by system_server 74 attribute system_server_service; 75 76 # services which should be available to all but isolated apps 77 attribute app_api_service; 78 79 # services which export only system_api 80 attribute system_api_service; 81 82 # All types used for services managed by service_manager. 83 # On change, update CHECK_SC_ASSERT_ATTRS 84 # definition in tools/checkfc.c. 85 attribute service_manager_type; 86 87 # All domains that can override MLS restrictions. 88 # i.e. processes that can read up and write down. 89 attribute mlstrustedsubject; 90 91 # All types that can override MLS restrictions. 92 # i.e. files that can be read by lower and written by higher 93 attribute mlstrustedobject; 94 95 # All domains used for apps. 96 attribute appdomain; 97 98 # All domains used for apps with network access. 99 attribute netdomain; 100 101 # All domains used for apps with bluetooth access. 102 attribute bluetoothdomain; 103 104 # All domains used for binder service domains. 105 attribute binderservicedomain; 106 107 # All domains that access the boot_control HAL. The permissions the HAL 108 # requires are specific to the implementation provided in each device, but 109 # common daemons need to be aware of those when calling into the HAL. 110 attribute boot_control_hal; 111
