Lines Matching refs:allow
13 # Allow the allocation and use of ptys
18 allow priv_app self:process ptrace;
22 allow priv_app app_data_file:file execute;
24 allow priv_app app_api_service:service_manager find;
25 allow priv_app audioserver_service:service_manager find;
26 allow priv_app cameraserver_service:service_manager find;
27 allow priv_app drmserver_service:service_manager find;
28 allow priv_app mediacodec_service:service_manager find;
29 allow priv_app mediadrmserver_service:service_manager find;
30 allow priv_app mediaextractor_service:service_manager find;
31 allow priv_app mediametrics_service:service_manager find;
32 allow priv_app mediaserver_service:service_manager find;
33 allow priv_app network_watchlist_service:service_manager find;
34 allow priv_app nfc_service:service_manager find;
35 allow priv_app oem_lock_service:service_manager find;
36 allow priv_app persistent_data_block_service:service_manager find;
37 allow priv_app radio_service:service_manager find;
38 allow priv_app recovery_service:service_manager find;
39 allow priv_app stats_service:service_manager find;
40 allow priv_app system_api_service:service_manager find;
43 allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
44 allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
45 # /cache is a symlink to /data/cache on some devices. Allow reading the link.
46 allow priv_app cache_file:lnk_file r_file_perms;
49 allow priv_app ota_package_file:dir rw_dir_perms;
50 allow priv_app ota_package_file:file create_file_perms;
53 allow priv_app media_rw_data_file:dir create_dir_perms;
54 allow priv_app media_rw_data_file:file create_file_perms;
58 allow priv_app shell_data_file:file r_file_perms;
59 allow priv_app shell_data_file:dir r_dir_perms;
61 # Allow traceur to pass file descriptors through a content provider to betterbug
62 allow priv_app trace_data_file:file { getattr read };
64 # Allow verifier to access staged apks.
65 allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
66 allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
68 # b/18504118: Allow reads from /data/anr/traces.txt
69 allow priv_app anr_data_file:file r_file_perms;
71 # Allow GMS core to access perfprofd output, which is stored
75 allow priv_app perfprofd_data_file:file r_file_perms;
76 allow priv_app perfprofd_data_file:dir r_dir_perms;
80 allow priv_app vold:fd use;
81 allow priv_app fuse_device:chr_file { read write };
84 allow priv_app {
88 allow priv_app sysfs_type:dir search;
96 # Allow GMS core to open kernel config for OTA matching through libvintf
97 allow priv_app config_gz:file { open read getattr };
102 # Allow GMS core to communicate with update_engine for A/B update.
104 allow priv_app update_engine_service:service_manager find;
106 # Allow GMS core to communicate with dumpsys storaged.
108 allow priv_app storaged_service:service_manager find;
110 # Allow GMS core to access system_update_service (e.g. to publish pending
112 allow priv_app system_update_service:service_manager find;
114 # Allow GMS core to communicate with statsd.
117 # Allow Phone to read/write cached ringtones (opened by system).
118 allow priv_app ringtone_file:file { getattr read write };
121 allow priv_app preloads_data_file:file r_file_perms;
122 allow priv_app preloads_data_file:dir r_dir_perms;
123 allow priv_app preloads_media_file:file r_file_perms;
124 allow priv_app preloads_media_file:dir r_dir_perms;
126 # Allow privileged apps (e.g. GMS core) to generate unique hardware IDs
127 allow priv_app keystore:keystore_key gen_unique_id;
129 # Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check
130 allow priv_app selinuxfs:file r_file_perms;
136 allow priv_app traced:fd use;
137 allow priv_app traced_tmpfs:file { read write getattr map };
155 # allow privileged apps to use UDP sockets provided by the system server but not
157 allow priv_app system_server:udp_socket {
174 # Do not allow privileged apps to register services.
179 # Do not allow privileged apps to connect to the property service
185 # Do not allow priv_app to be assigned mlstrustedsubject.
195 # Do not allow priv_app to hard link to any files.
