Skip to content
Snippets Groups Projects
Normal view Permalink
file.te 2.83 KiB
Newer Older
  • Learn to ignore specific revisions
    • Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    1 2 3 4 5 6 7 8 9 10 
    # Filesystem types
type labeledfs, fs_type;
type pipefs, fs_type;
type sockfs, fs_type;
type rootfs, fs_type;
type proc, fs_type;
type selinuxfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, mlstrustedobject;
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
    Stephen Smalley's avatar
    Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton.  
    Stephen Smalley committed
    11 
    type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
    Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    12 13 14 15 16 17 18 19 20 21 22 23 24 25 
    type inotify, fs_type, mlstrustedobject;
type devpts, fs_type;
type tmpfs, fs_type;
type shm, fs_type;
type mqueue, fs_type;
type sdcard, fs_type, mlstrustedobject;
type debugfs, fs_type, mlstrustedobject;

# File types
type unlabeled, file_type;
# Default type for anything under /system.
type system_file, file_type;
# Default type for anything under /data.
type system_data_file, file_type, data_file_type;
    Stephen Smalley's avatar
    Policy changes to support running the latest CTS.  
    Stephen Smalley committed
    26 27 
    # /data/drm - DRM plugin data
type drm_data_file, file_type, data_file_type;
    Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    28 29 30 31 32 
    # /data/anr - ANR traces
type anr_data_file, file_type, data_file_type;
# /data/tombstones - core dumps
type tombstone_data_file, file_type, data_file_type;
# /data/app - user-installed apps
    Stephen Smalley's avatar
    Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files.  
    Stephen Smalley committed
    33 34 
    type apk_data_file, file_type, data_file_type;
type apk_tmp_file, file_type, data_file_type, mlstrustedobject;
    Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 
    # /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
# /data/local - writable by shell
type shell_data_file, file_type, data_file_type;
# /data/gps
type gps_data_file, file_type, data_file_type;
# /data/misc subdirectories
type bluetoothd_data_file, file_type, data_file_type;
type bluetooth_data_file, file_type, data_file_type;
type keystore_data_file, file_type, data_file_type;
type vpn_data_file, file_type, data_file_type;
type systemkeys_data_file, file_type, data_file_type;
type wifi_data_file, file_type, data_file_type;
type radio_data_file, file_type, data_file_type;
type nfc_data_file, file_type, data_file_type;
# /data/data subdirectories - app sandboxes
type app_data_file, file_type, data_file_type;
# Default type for anything under /cache
type cache_file, file_type, mlstrustedobject;
# Default type for anything under /efs
type efs_file, file_type;
    Stephen Smalley's avatar
    Introduce a separate wallpaper_file type for the wallpaper file.  
    Stephen Smalley committed
    56 57 
    # Type for wallpaper file.
type wallpaper_file, file_type;
    Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 
    
# Socket types
type bluetooth_socket, file_type;
type dbus_socket, file_type;
type dnsproxyd_socket, file_type, mlstrustedobject;
type gps_socket, file_type;
type installd_socket, file_type;
type keystore_socket, file_type;
type netd_socket, file_type;
type property_socket, file_type;
type qemud_socket, file_type;
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type;
type vold_socket, file_type;
type wpa_socket, file_type;
type zygote_socket, file_type;

# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow sysfs_type sysfs:filesystem associate;
allow file_type labeledfs:filesystem associate;
allow file_type tmpfs:filesystem associate;
allow dev_type tmpfs:filesystem associate;