blob: b2730448507027bbd5e0e9334dd7ce27c6262cd7 [file] [log] [blame]
# dev nodes
/dev/btpower u:object_r:bt_device:s0
/dev/diag u:object_r:diag_device:s0
/dev/kgsl-3d0 u:object_r:gpu_device:s0
/dev/rtc0 u:object_r:rtc_device:s0
/dev/smd.* u:object_r:smd_device:s0
# TODO: does ttyMSM0 need to be more specific
/dev/ttyMSM0 u:object_r:tty_device:s0
/dev/ipa u:object_r:ipa_dev:s0
/dev/wwan_ioctl u:object_r:ipa_dev:s0
/dev/ipaNatTable u:object_r:ipa_dev:s0
/dev/rmnet_ctrl.* u:object_r:rmnet_device:s0
/dev/at_.* u:object_r:at_device:s0
/dev/video([0-9])+ u:object_r:video_device:s0
/dev/media([0-9])+ u:object_r:video_device:s0
/dev/v4l-subdev.* u:object_r:video_device:s0
/dev/qseecom u:object_r:tee_device:s0
/dev/qsee_ipc_irq_spss u:object_r:qsee_ipc_irq_spss_device:s0
/dev/seemplog u:object_r:seemplog_device:s0
/dev/spcom u:object_r:spcom_device:s0
/dev/jpeg[0-9]* u:object_r:video_device:s0
/dev/adsprpc-smd u:object_r:qdsp_device:s0
/dev/sdsprpc-smd u:object_r:dsp_device:s0
/dev/adsprpc-smd-secure u:object_r:qdsp_device:s0
/dev/wcd-dsp-glink u:object_r:audio_device:s0
/dev/wcd_dsp0_control u:object_r:audio_device:s0
/dev/wcd-spi-ac-client u:object_r:audio_device:s0
/dev/msm_.* u:object_r:audio_device:s0
/dev/avtimer u:object_r:avtimer_device:s0
/dev/subsys_.* u:object_r:ssr_device:s0
/dev/ramdump_.* u:object_r:ramdump_device:s0
/dev/sg[0-9]+ u:object_r:sg_device:s0
/dev/sensors u:object_r:sensors_device:s0
/dev/mnh_sm u:object_r:easel_device:s0
/dev/easelcomm-client u:object_r:easel_device:s0
/dev/pn81a u:object_r:secure_element_device:s0
# camera rainbow sensor
/dev/vd6281 u:object_r:camera_device:s0
# pcm device receiving rainbow sensor data
/dev/snd/pcmC0D27c u:object_r:camera_device:s0
/dev/snd/pcmC1D27c u:object_r:camera_device:s0
/dev/dri/card0 u:object_r:graphics_device:s0
/dev/dri/controlD64 u:object_r:graphics_device:s0
/dev/dri/renderD128 u:object_r:graphics_device:s0
# dev socket nodes
/dev/socket/chre u:object_r:chre_socket:s0
/dev/socket/msm_irqbalance u:object_r:irqbalance_socket:s0
/dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_nfc(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/qmux_radio(/.*)? u:object_r:qmuxd_socket:s0
/dev/socket/ims_qmid u:object_r:ims_socket:s0
/dev/socket/ims_datad u:object_r:ims_socket:s0
/dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0
/dev/socket/cnd u:object_r:cnd_socket:s0
/dev/socket/thermal-send-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-passive-client u:object_r:thermal_socket:s0
/dev/socket/netmgr(/.*)? u:object_r:netmgrd_socket:s0
/data/vendor/netmgr/recovery(/.*)? u:object_r:netmgr_recovery_data_file:s0
/dev/socket/location(/.*)? u:object_r:location_socket:s0
/dev/nq-nci u:object_r:nfc_device:s0
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
/dev/wlan u:object_r:wlan_device:s0
/dev/socket/diag_router u:object_r:diag_socket:s0
# Block device holding the GPT, where the A/B attributes are stored.
# For eMMC storage device.
/dev/block/mmcblk0 u:object_r:gpt_block_device:s0
# For UFS storage device.
/dev/block/sda u:object_r:gpt_block_device:s0
# Block devices for the drive that holds the xbl_a and xbl_b partitions.
/dev/block/sd[bc]1? u:object_r:xbl_block_device:s0
###################################
# ramdumpfs files
#
/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
# Block device for hal_bootctl
/dev/block/sde u:object_r:boot_block_device:s0
# Block device for ZRAM
/dev/block/zram0 u:object_r:swap_block_device:s0
# files in /vendor
/vendor/firmware(/.*)? u:object_r:vendor_firmware_file:s0
/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
/vendor/bin/hw/android\.hardware\.dumpstate@1\.[01]-service\.bonito u:object_r:hal_dumpstate_impl_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/thermal-engine u:object_r:thermal-engine_exec:s0
/vendor/bin/sensors\.qti u:object_r:sensors_exec:s0
/vendor/bin/ssr_setup u:object_r:ssr_setup_exec:s0
/vendor/bin/ssr_diag u:object_r:ssr_diag_exec:s0
/vendor/bin/pm-service u:object_r:per_mgr_exec:s0
/vendor/bin/pm-proxy u:object_r:per_proxy_exec:s0
/vendor/bin/qseecomd u:object_r:tee_exec:s0
/vendor/bin/subsystem_ramdump u:object_r:subsystem_ramdump_exec:s0
/vendor/bin/adsprpcd u:object_r:adsprpcd_exec:s0
/vendor/bin/cdsprpcd u:object_r:cdsprpcd_exec:s0
/vendor/bin/irsc_util u:object_r:irsc_util_exec:s0
/vendor/bin/rmt_storage u:object_r:rmt_storage_exec:s0
/vendor/bin/tftp_server u:object_r:rfs_access_exec:s0
/vendor/bin/cnss-daemon u:object_r:wcnss_service_exec:s0
/vendor/bin/cnss_diag u:object_r:wcnss_service_exec:s0
/vendor/bin/diag_mdlog u:object_r:qlogd_exec:s0
/vendor/bin/netmgrd u:object_r:netmgrd_exec:s0
/vendor/bin/port-bridge u:object_r:port-bridge_exec:s0
/vendor/bin/qti u:object_r:qti_exec:s0
/vendor/bin/ramdump u:object_r:ramdump_exec:s0
/vendor/bin/smlog_dump u:object_r:smlog_dump_exec:s0
/vendor/bin/loc_launcher u:object_r:location_exec:s0
/vendor/bin/lowi-server u:object_r:location_exec:s0
/vendor/bin/xtra-daemon u:object_r:location_exec:s0
/vendor/bin/pd-mapper u:object_r:pd_mapper_exec:s0
/vendor/bin/imsqmidaemon u:object_r:ims_exec:s0
/vendor/bin/imsdatadaemon u:object_r:ims_exec:s0
/vendor/bin/ims_rtp_daemon u:object_r:hal_imsrtp_exec:s0
/vendor/bin/ipacm u:object_r:hal_tetheroffload_default_exec:s0
/vendor/bin/ipacm-diag u:object_r:hal_tetheroffload_default_exec:s0
/vendor/bin/msm_irqbalance u:object_r:irqbalance_exec:s0
/vendor/bin/cnd u:object_r:cnd_exec:s0
/vendor/bin/easelmanagerd u:object_r:easel_exec:s0
/vendor/bin/hw/android\.hardware\.usb@1\.1-service\.bonito u:object_r:hal_usb_impl_exec:s0
/vendor/bin/chre u:object_r:chre_exec:s0
/vendor/bin/time_daemon u:object_r:time_daemon_exec:s0
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
/vendor/bin/imsrcsd u:object_r:hal_rcsservice_exec:s0
/vendor/bin/init\.edge_sense\.sh u:object_r:init-edge_sense-sh_exec:s0
/vendor/bin/init\.qcom\.devstart\.sh u:object_r:init-qcom-devstart-sh_exec:s0
/vendor/bin/init\.qcom\.ipastart\.sh u:object_r:init-qcom-ipastart-sh_exec:s0
/vendor/bin/init\.qcom\.wlan\.sh u:object_r:init-qcom-wlan-sh_exec:s0
/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
/vendor/etc/init\.insmod\.cfg u:object_r:init-insmod-sh_exec:s0
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
/vendor/bin/ftmdaemon u:object_r:ftmd_exec:s0
/vendor/bin/hw/qcrild u:object_r:rild_exec:s0
/vendor/bin/mm-pp-dpps u:object_r:mm-pp-daemon_exec:s0
/vendor/bin/grep u:object_r:vendor_grep_exec:s0
/vendor/bin/wifi_sniffer u:object_r:wifi_sniffer_exec:s0
/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine u:object_r:hal_drm_widevine_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
/vendor/bin/hw/android\.hardware\.gnss@1\.1-service-qti u:object_r:hal_gnss_qti_exec:s0
/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:hal_tui_comm_exec:s0
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox u:object_r:hal_neuralnetworks_paintbox_exec:s0
/vendor/bin/hw/android\.hardware\.health@2\.0-service\.bonito u:object_r:hal_health_default_exec:s0
/vendor/bin/hw/vendor\.qti\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
/vendor/bin/hw/hardware\.google\.media\.c2@1\.0-service-software u:object_r:mediacodec_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/vendor/bin/hw/vendor\.google\.wireless_charger@1\.0-service-vendor u:object_r:hal_wlc_exec:s0
###############################################
# same-process HAL files and their dependencies
#
/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgrallocutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgralloccore\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqservice\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libqdutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libadreno_utils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgsl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libEGL_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrmutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
# /vendor/app/TimeService/TimeService.apk
/vendor/lib(64)?/libTimeService\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libtime_genoff\.so u:object_r:same_process_hal_file:s0
# RenderScript dependencies.
# To test: run cts -m CtsRenderscriptTestCases
/vendor/lib(64)?/libRSDriver_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libCB\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libllvm-qgl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libbccQTI\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libllvm-qcom\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/librs_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/librs_adreno_sha1\.so u:object_r:same_process_hal_file:s0
# libGLESv2_adreno depends on this
/vendor/lib(64)?/libllvm-glnext\.so u:object_r:same_process_hal_file:s0
# Hexagon DSP-side executable needed for Halide operation
# This is labeled as same_process_hal_file as it needs to be read by apps
# (e.g. Google Camera App)
/vendor/lib/dsp/cdsp/fastrpc_shell_3 u:object_r:same_process_hal_file:s0
# Vendor libs that are exposed to apps (those listed in /vendor/etc/public.libraries.txt
# and their dependencies)
#
/vendor/lib(64)?/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libadsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libcdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libsdsprpc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libeaselmanager_client\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.google_paintbox@1\.0\.so u:object_r:same_process_hal_file:s0
# data files
/data/vendor/netmgr(/.*)? u:object_r:netmgr_data_file:s0
/data/vendor/location(/.*)? u:object_r:location_data_file:s0
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
/data/vendor/nfc(/.*)? u:object_r:nfc_vendor_data_file:s0
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/wifi/cnss_diag(/.*)? u:object_r:cnss_vendor_data_file:s0
/data/vendor/wifi/wlan_logs(/.*)? u:object_r:wifi_vendor_log_data_file:s0
/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
/data/vendor/ssrdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
/data/vendor/wifidump(/.*)? u:object_r:wifidump_vendor_data_file:s0
/data/vendor/modem_dump(/.*)? u:object_r:modem_dump_file:s0
/data/vendor/ipa(/.*)? u:object_r:ipa_vendor_data_file:s0
/data/vendor/sensors(/.*)? u:object_r:sensors_vendor_data_file:s0
/data/vendor/rfs/mpss(/.*)? u:object_r:mpss_rfs_data_file:s0
/data/vendor/tombstones/rfs(/.*)? u:object_r:rfs_tombstone_data_file:s0
/data/vendor/ssrlog(/.*)? u:object_r:ssr_log_file:s0
/data/vendor/secure_element(/.*)? u:object_r:secure_element_vendor_data_file:s0
/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0
/data/vendor/modem_fdr(/.*)? u:object_r:modem_fdr_file:s0
/data/vendor/connectivity(/.*)? u:object_r:cnd_data_file:s0
/data/vendor/misc/qsee(/.*)? u:object_r:data_qsee_file:s0
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
/data/vendor/tui(/.*)? u:object_r:vendor_tui_data_file:s0
/data/vendor/nnhal(/.*)? u:object_r:hal_neuralnetworks_data_file:s0
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
/data/vendor/time(/.*)? u:object_r:vendor_time_data_file:s0
# /
/tombstones u:object_r:rootfs:s0
# TODO: Remove them once no need to maintain the backward compatibility.
/dsp(/.*)? u:object_r:adsprpcd_file:s0
/vendor/dsp(/.*)? u:object_r:adsprpcd_file:s0
# files in firmware
/firmware u:object_r:rootfs:s0
/vendor/firmware_mnt(/.*)? u:object_r:vendor_firmware_file:s0
# TODO: Remove them once no need to maintain the backward compatibility. (b/111219177)
/persist u:object_r:rootfs:s0
/dsp u:object_r:rootfs:s0
# /persist
/mnt/vendor/persist(/.*)? u:object_r:persist_file:s0
/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
/mnt/vendor/persist/data(/.*)? u:object_r:persist_data_file:s0
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
/mnt/vendor/persist/drm(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0
/mnt/vendor/persist/hlos_rfs(/.*)? u:object_r:persist_rfs_file:s0
/mnt/vendor/persist/rfs(/.*)? u:object_r:persist_rfs_file:s0
/mnt/vendor/persist/sensors(/.*)? u:object_r:persist_sensors_file:s0
/mnt/vendor/persist/time(/.*)? u:object_r:persist_time_file:s0
# b/70518189 vDSO experiments
/sys/module/vdso/parameters u:object_r:sysfs_vdso:s0
# eSIM
/sys/firmware/devicetree/base/chosen/cdt/cdb2/esim u:object_r:sysfs_esim:s0
# vendor-provided system HAL
/system/bin/hw/hardware\.google\.pixelstats@1\.0-service u:object_r:pixelstats_system_exec:s0