Lines Matching refs:neverallow
2 ### neverallow rules for untrusted app domains
6 neverallow { untrusted_app_all -untrusted_app -untrusted_app_25 } domain:process fork;
10 neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
13 neverallow all_untrusted_apps domain:netlink_socket *;
17 neverallow all_untrusted_apps debugfs_type:file read;
22 neverallow all_untrusted_apps service_manager_type:service_manager add;
25 neverallow all_untrusted_apps vndbinder_device:chr_file *;
26 neverallow all_untrusted_apps vndservice_manager_type:service_manager *;
30 neverallow all_untrusted_apps property_socket:sock_file write;
31 neverallow all_untrusted_apps init:unix_stream_socket connectto;
32 neverallow all_untrusted_apps property_type:property_service set;
37 # constraints. As there is no direct way to specify a neverallow
42 neverallow all_untrusted_apps mlstrustedsubject:process fork;
50 neverallow all_untrusted_apps file_type:file link;
53 neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
58 neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
59 neverallow all_untrusted_apps *:{
70 neverallow all_untrusted_apps { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
71 neverallow all_untrusted_apps { cache_file cache_recovery_file }:file ~{ read getattr };
78 neverallow all_untrusted_apps {
95 neverallow all_untrusted_apps fuse_device:chr_file *;
98 neverallow all_untrusted_apps tun_device:chr_file open;
101 neverallow all_untrusted_apps anr_data_file:file ~{ open append };
102 neverallow all_untrusted_apps anr_data_file:dir ~search;
106 neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
109 neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
112 neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
116 neverallow all_untrusted_apps system_file:file lock;
120 neverallow all_untrusted_apps *:hwservice_manager ~find;
148 neverallow all_untrusted_apps {
157 neverallow untrusted_app_visible_hwservice unlabeled:service_manager list; #TODO: b/62658302
159 neverallow all_untrusted_apps {
195 neverallow all_untrusted_apps {
208 neverallow all_untrusted_apps {
