Home | History | Annotate | Download | only in public 
      1 ######################################
      2 # Attribute declarations
      3 #
      4 
      5 # All types used for devices.
      6 # On change, update CHECK_FC_ASSERT_ATTRS
      7 # in tools/checkfc.c
      8 attribute dev_type;
      9 
     10 # All types used for processes.
     11 attribute domain;
     12 
     13 # All types used for filesystems.
     14 # On change, update CHECK_FC_ASSERT_ATTRS
     15 # definition in tools/checkfc.c.
     16 attribute fs_type;
     17 
     18 # All types used for context= mounts.
     19 attribute contextmount_type;
     20 
     21 # All types used for files that can exist on a labeled fs.
     22 # Do not use for pseudo file types.
     23 # On change, update CHECK_FC_ASSERT_ATTRS
     24 # definition in tools/checkfc.c.
     25 attribute file_type;
     26 
     27 # All types used for domain entry points.
     28 attribute exec_type;
     29 
     30 # All types used for /data files.
     31 attribute data_file_type;
     32 # All types in /data, not in /data/vendor
     33 attribute core_data_file_type;
     34 # All types in /vendor
     35 attribute vendor_file_type;
     36 
     37 # All types use for sysfs files.
     38 attribute sysfs_type;
     39 
     40 # All types use for debugfs files.
     41 attribute debugfs_type;
     42 
     43 # Attribute used for all sdcards
     44 attribute sdcard_type;
     45 
     46 # All types used for nodes/hosts.
     47 attribute node_type;
     48 
     49 # All types used for network interfaces.
     50 attribute netif_type;
     51 
     52 # All types used for network ports.
     53 attribute port_type;
     54 
     55 # All types used for property service
     56 # On change, update CHECK_PC_ASSERT_ATTRS
     57 # definition in tools/checkfc.c.
     58 attribute property_type;
     59 
     60 # All properties defined in core SELinux policy. Should not be
     61 # used by device specific properties
     62 attribute core_property_type;
     63 
     64 # All properties used to configure log filtering.
     65 attribute log_property_type;
     66 
     67 # All service_manager types created by system_server
     68 attribute system_server_service;
     69 
     70 # services which should be available to all but isolated apps
     71 attribute app_api_service;
     72 
     73 # services which should be available to all ephemeral apps
     74 attribute ephemeral_app_api_service;
     75 
     76 # services which export only system_api
     77 attribute system_api_service;
     78 
     79 # All types used for services managed by servicemanager.
     80 # On change, update CHECK_SC_ASSERT_ATTRS
     81 # definition in tools/checkfc.c.
     82 attribute service_manager_type;
     83 
     84 # All types used for services managed by hwservicemanager
     85 attribute hwservice_manager_type;
     86 
     87 # All HwBinder services guaranteed to be passthrough. These services always run
     88 # in the process of their clients, and thus operate with the same access as
     89 # their clients.
     90 attribute same_process_hwservice;
     91 
     92 # All HwBinder services guaranteed to be offered only by core domain components
     93 attribute coredomain_hwservice;
     94 
     95 # All types used for services managed by vndservicemanager
     96 attribute vndservice_manager_type;
     97 
     98 
     99 # All domains that can override MLS restrictions.
    100 # i.e. processes that can read up and write down.
    101 attribute mlstrustedsubject;
    102 
    103 # All types that can override MLS restrictions.
    104 # i.e. files that can be read by lower and written by higher
    105 attribute mlstrustedobject;
    106 
    107 # All domains used for apps.
    108 attribute appdomain;
    109 
    110 # All third party apps.
    111 attribute untrusted_app_all;
    112 
    113 # All domains used for apps with network access.
    114 attribute netdomain;
    115 
    116 # All domains used for apps with bluetooth access.
    117 attribute bluetoothdomain;
    118 
    119 # All domains used for binder service domains.
    120 attribute binderservicedomain;
    121 
    122 # update_engine related domains that need to apply an update and run
    123 # postinstall. This includes the background daemon and the sideload tool from
    124 # recovery for A/B devices.
    125 attribute update_engine_common;
    126 
    127 # All core domains (as opposed to vendor/device-specific domains)
    128 attribute coredomain;
    129 
    130 # All socket devices owned by core domain components
    131 attribute coredomain_socket;
    132 
    133 # All vendor domains which violate the requirement of not using Binder
    134 # TODO(b/35870313): Remove this once there are no violations
    135 attribute binder_in_vendor_violators;
    136 
    137 # All vendor domains which violate the requirement of not using sockets for
    138 # communicating with core components
    139 # TODO(b/36577153): Remove this once there are no violations
    140 attribute socket_between_core_and_vendor_violators;
    141 
    142 # All vendor domains which violate the requirement of not executing
    143 # system processes
    144 # TODO(b/36463595)
    145 attribute vendor_executes_system_violators;
    146 
    147 # hwservices that are accessible from untrusted applications
    148 # WARNING: Use of this attribute should be avoided unless
    149 # absolutely necessary.  It is a temporary allowance to aid the
    150 # transition to treble and will be removed in a future platform
    151 # version, requiring all hwservices that are labeled with this
    152 # attribute to be submitted to AOSP in order to maintain their
    153 # app-visibility.
    154 attribute untrusted_app_visible_hwservice;
    155 
    156 # PDX services
    157 attribute pdx_endpoint_dir_type;
    158 attribute pdx_endpoint_socket_type;
    159 attribute pdx_channel_socket_type;
    160 
    161 pdx_service_attributes(display_client)
    162 pdx_service_attributes(display_manager)
    163 pdx_service_attributes(display_screenshot)
    164 pdx_service_attributes(display_vsync)
    165 pdx_service_attributes(performance_client)
    166 pdx_service_attributes(bufferhub_client)
    167 
    168 # All HAL servers
    169 attribute halserverdomain;
    170 # All HAL clients
    171 attribute halclientdomain;
    172 
    173 # HALs
    174 attribute hal_allocator;
    175 attribute hal_allocator_client;
    176 attribute hal_allocator_server;
    177 attribute hal_audio;
    178 attribute hal_audio_client;
    179 attribute hal_audio_server;
    180 attribute hal_bluetooth;
    181 attribute hal_bluetooth_client;
    182 attribute hal_bluetooth_server;
    183 attribute hal_bootctl;
    184 attribute hal_bootctl_client;
    185 attribute hal_bootctl_server;
    186 attribute hal_camera;
    187 attribute hal_camera_client;
    188 attribute hal_camera_server;
    189 attribute hal_configstore;
    190 attribute hal_configstore_client;
    191 attribute hal_configstore_server;
    192 attribute hal_contexthub;
    193 attribute hal_contexthub_client;
    194 attribute hal_contexthub_server;
    195 attribute hal_drm;
    196 attribute hal_drm_client;
    197 attribute hal_drm_server;
    198 attribute hal_dumpstate;
    199 attribute hal_dumpstate_client;
    200 attribute hal_dumpstate_server;
    201 attribute hal_fingerprint;
    202 attribute hal_fingerprint_client;
    203 attribute hal_fingerprint_server;
    204 attribute hal_gatekeeper;
    205 attribute hal_gatekeeper_client;
    206 attribute hal_gatekeeper_server;
    207 attribute hal_gnss;
    208 attribute hal_gnss_client;
    209 attribute hal_gnss_server;
    210 attribute hal_graphics_allocator;
    211 attribute hal_graphics_allocator_client;
    212 attribute hal_graphics_allocator_server;
    213 attribute hal_graphics_composer;
    214 attribute hal_graphics_composer_client;
    215 attribute hal_graphics_composer_server;
    216 attribute hal_health;
    217 attribute hal_health_client;
    218 attribute hal_health_server;
    219 attribute hal_ir;
    220 attribute hal_ir_client;
    221 attribute hal_ir_server;
    222 attribute hal_keymaster;
    223 attribute hal_keymaster_client;
    224 attribute hal_keymaster_server;
    225 attribute hal_light;
    226 attribute hal_light_client;
    227 attribute hal_light_server;
    228 attribute hal_memtrack;
    229 attribute hal_memtrack_client;
    230 attribute hal_memtrack_server;
    231 attribute hal_nfc;
    232 attribute hal_nfc_client;
    233 attribute hal_nfc_server;
    234 attribute hal_oemlock;
    235 attribute hal_oemlock_client;
    236 attribute hal_oemlock_server;
    237 attribute hal_power;
    238 attribute hal_power_client;
    239 attribute hal_power_server;
    240 attribute hal_sensors;
    241 attribute hal_sensors_client;
    242 attribute hal_sensors_server;
    243 attribute hal_telephony;
    244 attribute hal_telephony_client;
    245 attribute hal_telephony_server;
    246 attribute hal_tetheroffload;
    247 attribute hal_tetheroffload_client;
    248 attribute hal_tetheroffload_server;
    249 attribute hal_thermal;
    250 attribute hal_thermal_client;
    251 attribute hal_thermal_server;
    252 attribute hal_tv_cec;
    253 attribute hal_tv_cec_client;
    254 attribute hal_tv_cec_server;
    255 attribute hal_tv_input;
    256 attribute hal_tv_input_client;
    257 attribute hal_tv_input_server;
    258 attribute hal_usb;
    259 attribute hal_usb_client;
    260 attribute hal_usb_server;
    261 attribute hal_vibrator;
    262 attribute hal_vibrator_client;
    263 attribute hal_vibrator_server;
    264 attribute hal_vr;
    265 attribute hal_vr_client;
    266 attribute hal_vr_server;
    267 attribute hal_weaver;
    268 attribute hal_weaver_client;
    269 attribute hal_weaver_server;
    270 attribute hal_wifi;
    271 attribute hal_wifi_client;
    272 attribute hal_wifi_server;
    273 attribute hal_wifi_keystore;
    274 attribute hal_wifi_keystore_client;
    275 attribute hal_wifi_keystore_server;
    276 attribute hal_wifi_offload;
    277 attribute hal_wifi_offload_client;
    278 attribute hal_wifi_offload_server;
    279 attribute hal_wifi_supplicant;
    280 attribute hal_wifi_supplicant_client;
    281 attribute hal_wifi_supplicant_server;
    282 
    283 # HwBinder services offered across the core-vendor boundary
    284 #
    285 # We annotate server domains with x_server  to loosen the coupling between
    286 # system and vendor images. For example, it should be possible to move a service
    287 # from one core domain to another, without having to update the vendor image
    288 # which contains clients of this service.
    289 
    290 attribute display_service_server;
    291 attribute wifi_keystore_service_server;
    292