Lines Matching refs:neverallow
161 ### neverallow rules
165 neverallow priv_app domain:netlink_kobject_uevent_socket *;
168 neverallow priv_app domain:netlink_socket *;
172 neverallow priv_app debugfs:file read;
177 neverallow priv_app service_manager_type:service_manager add;
181 neverallow priv_app property_socket:sock_file write;
182 neverallow priv_app init:unix_stream_socket connectto;
183 neverallow priv_app property_type:property_service set;
188 # constraints. As there is no direct way to specify a neverallow
193 neverallow priv_app mlstrustedsubject:process fork;
201 neverallow priv_app file_type:file link;
205 neverallow priv_app trace_data_file:dir *;
206 neverallow priv_app trace_data_file:file { no_w_file_perms open };
